From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.32020.1635168080448083062 for ; Mon, 25 Oct 2021 06:21:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=JX4Z3IV5; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: stefanb@linux.ibm.com) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19PCMC1G019413; Mon, 25 Oct 2021 13:21:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=v2G/gzfuTUzEsDUIdiHRu+uVA5DPJhZtDOlhx+OtR+A=; b=JX4Z3IV5wzMb62WdFX2ZVPNKpnksogHd2e05KLSDUMnkoXak8fr+nmNv9xtJTfwhm4tX aPh11YbD1Ma1EqCDOQES90JH7eHRBTl+jBqtT+Uz8KEKynLQ+ALGHCP5s3XSe0jE7w3+ 6PHx6tXU9A2zxiBzeFH9i8TmuPLuR9qR32CoBUQYjxPLp0hM5TlFBtEC+TW1aGwGfK5F 8jsY4X4PPFTb5Nr+NGdxxxuSGrtThtunfNnzzdF6gLRUlsvS5yPD2RpsXGMC8FXM8N+/ AOJvjUmpWRV2nu0hanI/R1RsxGvdEeRiBOqUr0BL9vGawpX020AWqv4y5Gp43tqlnM8W Ag== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3bwt23wgy6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Oct 2021 13:21:18 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19PCV9GU026975; Mon, 25 Oct 2021 13:21:17 GMT Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com with ESMTP id 3bwt23wgxv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Oct 2021 13:21:17 +0000 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19PDD5Zq007887; Mon, 25 Oct 2021 13:21:16 GMT Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma02dal.us.ibm.com with ESMTP id 3bva1am23m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Oct 2021 13:21:16 +0000 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 19PDLFMQ46137782 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 25 Oct 2021 13:21:15 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 523C5BE04F; Mon, 25 Oct 2021 13:21:15 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 95A02BE053; Mon, 25 Oct 2021 13:21:12 +0000 (GMT) Received: from [9.47.158.152] (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 25 Oct 2021 13:21:12 +0000 (GMT) Subject: Re: [PATCH v2 1/5] OvmfPkg: move tcg configuration to dsc and fdf include files To: Gerd Hoffmann , devel@edk2.groups.io Cc: =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= , Jordan Justen , Min Xu , Brijesh Singh , Jiewen Yao , James Bottomley , Erdem Aktas , Tom Lendacky , Ard Biesheuvel References: <20211025121512.120926-1-kraxel@redhat.com> <20211025121512.120926-2-kraxel@redhat.com> From: "Stefan Berger" Message-ID: Date: Mon, 25 Oct 2021 09:21:11 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20211025121512.120926-2-kraxel@redhat.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: dX8r3vWGMXI7t8oxrlj-1OdoMpBHBF5Y X-Proofpoint-ORIG-GUID: ymvDhSQ19S8N4A0Dqfx_tKZ-NKrYG5uV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-25_05,2021-10-25_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 suspectscore=0 lowpriorityscore=0 bulkscore=0 phishscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=999 adultscore=0 impostorscore=0 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110250081 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US On 10/25/21 8:15 AM, Gerd Hoffmann wrote: > With this in place the tpm configuration is not duplicated for each of > our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is > easier to keep them all in sync when updating the tpm configuration. > > No functional change. > > Signed-off-by: Gerd Hoffmann Reviewed-by: Stefan Berger > --- > OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++ > OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++ > OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++ > OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++ > OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++ > OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++ > OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++ > OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++ > OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++ > OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++----------------------- > OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------ > OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++----------------------- > OvmfPkg/OvmfPkgX64.dsc | 85 ++++----------------------- > OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +----- > OvmfPkg/OvmfPkgIa32.fdf | 17 +----- > OvmfPkg/OvmfPkgIa32X64.fdf | 17 +----- > OvmfPkg/OvmfPkgX64.fdf | 17 +----- > OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++ > OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++ > 19 files changed, 185 insertions(+), 359 deletions(-) > create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc > create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc > create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc > > diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > new file mode 100644 > index 000000000000..d5c2586118f1 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > @@ -0,0 +1,28 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > + > + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > + } > +!if $(TPM_CONFIG_ENABLE) == TRUE > + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > +!endif > + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > + > + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > + } > + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > + > + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > + } > +!endif > diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > new file mode 100644 > index 000000000000..99fa7c13b3e7 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc > @@ -0,0 +1,22 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > + SecurityPkg/Tcg/TcgPei/TcgPei.inf > + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > + > + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > + } > + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > + > + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > + } > +!endif > diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc > new file mode 100644 > index 000000000000..51da7508b307 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc > @@ -0,0 +1,6 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > + DEFINE TPM_ENABLE = FALSE > + DEFINE TPM_CONFIG_ENABLE = FALSE > diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc > new file mode 100644 > index 000000000000..50100f2c0371 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc > @@ -0,0 +1,14 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > +!else > + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > +!endif > diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > new file mode 100644 > index 000000000000..67d5027abaea > --- /dev/null > +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc > @@ -0,0 +1,8 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > +!endif > diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > new file mode 100644 > index 000000000000..4e84e3dcaaeb > --- /dev/null > +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc > @@ -0,0 +1,9 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > +!endif > diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc > new file mode 100644 > index 000000000000..0e7f83c04bd7 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc > @@ -0,0 +1,7 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > +!endif > diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > new file mode 100644 > index 000000000000..164bc9c7fca0 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc > @@ -0,0 +1,8 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > +!endif > diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > new file mode 100644 > index 000000000000..4bd4066843ef > --- /dev/null > +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc > @@ -0,0 +1,8 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > +!endif > diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc > index 5ee54451169b..d145b491fb44 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.dsc > +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc > @@ -32,8 +32,8 @@ [Defines] > # -D FLAG=VALUE > # > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > + > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > > # > # Shell can be useful for debugging but should not be enabled for production > @@ -203,16 +203,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -575,15 +560,10 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -624,24 +604,7 @@ [Components] > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > OvmfPkg/AmdSev/SecretPei/SecretPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > # > # DXE Phase modules > @@ -663,10 +626,7 @@ [Components] > > MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > -!endif > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > } > > MdeModulePkg/Universal/EbcDxe/EbcDxe.inf > @@ -836,27 +796,4 @@ [Components] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 6a5be97c059d..462c1b970ed8 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -32,10 +32,10 @@ [Defines] > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE > > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > + > # > # Network definition > # > @@ -229,16 +229,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -642,19 +627,14 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > # IPv4 and IPv6 PXE Boot support. > gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 > gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -704,24 +684,7 @@ [Components] > !endif > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > # > # DXE Phase modules > @@ -746,10 +709,7 @@ [Components] > !if $(SECURE_BOOT_ENABLE) == TRUE > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > !endif > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > -!endif > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > } > > MdeModulePkg/Universal/EbcDxe/EbcDxe.inf > @@ -1019,31 +979,5 @@ [Components] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > > -!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE > - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf > -!endif > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 71227d1b709a..3908acbc9c78 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -32,8 +32,8 @@ [Defines] > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > + > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > > # > # Network definition > @@ -233,16 +233,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -654,9 +639,7 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > [PcdsDynamicDefault.X64] > # IPv4 and IPv6 PXE Boot support. > @@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64] > gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -717,24 +697,7 @@ [Components.IA32] > !endif > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > [Components.X64] > # > @@ -760,10 +723,7 @@ [Components.X64] > !if $(SECURE_BOOT_ENABLE) == TRUE > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > !endif > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > -!endif > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > } > > MdeModulePkg/Universal/EbcDxe/EbcDxe.inf > @@ -1034,27 +994,4 @@ [Components.X64] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 52f7598cf1c7..6114a4d61ab7 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -32,8 +32,8 @@ [Defines] > DEFINE SECURE_BOOT_ENABLE = FALSE > DEFINE SMM_REQUIRE = FALSE > DEFINE SOURCE_DEBUG_ENABLE = FALSE > - DEFINE TPM_ENABLE = FALSE > - DEFINE TPM_CONFIG_ENABLE = FALSE > + > +!include OvmfPkg/OvmfTpmDefines.dsc.inc > > # > # Network definition > @@ -233,16 +233,7 @@ [LibraryClasses] > SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf > > -!if $(TPM_ENABLE) == TRUE > - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf > - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf > - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf > - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > -!else > - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > -!endif > +!include OvmfPkg/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM] > PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > > -!if $(TPM_ENABLE) == TRUE > - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > -!endif > +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc > > MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf > > @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER] > MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf > QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf > QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf > -!if $(TPM_ENABLE) == TRUE > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf > -!endif > + > +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc > > [LibraryClasses.common.UEFI_APPLICATION] > PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf > @@ -654,19 +639,14 @@ [PcdsDynamicDefault] > > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > -!if $(TPM_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > -!endif > +!include OvmfPkg/OvmfTpmPcds.dsc.inc > > # IPv4 and IPv6 PXE Boot support. > gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 > gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 > > [PcdsDynamicHii] > -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE > - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > -!endif > +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc > > ################################################################################ > # > @@ -716,24 +696,7 @@ [Components] > !endif > UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > - SecurityPkg/Tcg/TcgPei/TcgPei.inf > - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > - > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc > > # > # DXE Phase modules > @@ -757,10 +720,7 @@ [Components] > > !if $(SECURE_BOOT_ENABLE) == TRUE > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > -!endif > -!if $(TPM_ENABLE) == TRUE > - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf > - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc > !endif > } > > @@ -1032,27 +992,4 @@ [Components] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > - > - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf > - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > - } > -!if $(TPM_CONFIG_ENABLE) == TRUE > - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { > - > - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf > - } > - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { > - > - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf > - } > -!endif > +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc > diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf > index 56626098862c..b9017f490458 100644 > --- a/OvmfPkg/AmdSev/AmdSevX64.fdf > +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf > @@ -156,13 +156,7 @@ [FV.PEIFV] > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -318,14 +312,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > ################################################################################ > > diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf > index 775ea2d71098..24e4366c172d 100644 > --- a/OvmfPkg/OvmfPkgIa32.fdf > +++ b/OvmfPkg/OvmfPkgIa32.fdf > @@ -161,13 +161,7 @@ [FV.PEIFV] > !endif > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -361,14 +355,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE > INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf > diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf > index 9d8695922f97..734df36602bd 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.fdf > +++ b/OvmfPkg/OvmfPkgIa32X64.fdf > @@ -164,13 +164,7 @@ [FV.PEIFV] > !endif > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -371,14 +365,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > ################################################################################ > > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > index b6cc3cabdd69..b8d074c6e496 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -180,13 +180,7 @@ [FV.PEIFV] > !endif > INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf > > -!if $(TPM_ENABLE) == TRUE > -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > -!endif > +!include OvmfPkg/OvmfTpmPei.fdf.inc > > ################################################################################ > > @@ -387,14 +381,7 @@ [FV.DXEFV] > # > # TPM support > # > -!if $(TPM_ENABLE) == TRUE > -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > -!if $(TPM_CONFIG_ENABLE) == TRUE > -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > -!endif > -!endif > +!include OvmfPkg/OvmfTpmDxe.fdf.inc > > ################################################################################ > > diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc > new file mode 100644 > index 000000000000..9dcdaaf01c39 > --- /dev/null > +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc > @@ -0,0 +1,12 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > +!if $(TPM_CONFIG_ENABLE) == TRUE > +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > +!endif > +!endif > diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc > new file mode 100644 > index 000000000000..9aefd73d219c > --- /dev/null > +++ b/OvmfPkg/OvmfTpmPei.fdf.inc > @@ -0,0 +1,11 @@ > +## > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +## > + > +!if $(TPM_ENABLE) == TRUE > +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf > +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf > +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf > +!endif