From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1520438276606932.9308217575036; Wed, 7 Mar 2018 07:57:56 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E758E22135D29; Wed, 7 Mar 2018 07:51:39 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BBFB821ED1C62 for ; Wed, 7 Mar 2018 07:51:38 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0B91F406E88B; Wed, 7 Mar 2018 15:57:53 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id A5899215CDA7; Wed, 7 Mar 2018 15:57:52 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:39 +0100 Message-Id: <20180307155746.18526-2-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 07 Mar 2018 15:57:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 07 Mar 2018 15:57:53 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 1/8] SecurityPkg: also clear HashInterfaceHob.SupportedHashMask X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, Star Zeng , lersek@redhat.com, Chao Zhang Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau Commit 4cc2b63bd829426b05bad0d8952f1855a10d6ed7 fixed an out of bounds ZeroMem() call. However, as Laszlo Ersek pointed out, the intent was to clear all but the Identifier (to revert the effect of RegisterHashInterfaceLib()). For that, it should clear the SupportedHashMask too. Cc: Jiewen Yao Cc: Chao Zhang Cc: Star Zeng Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Chao Zhang Reviewed-by: Laszlo Ersek Reviewed-by: Star Zeng --- .../Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c | 1 + 1 file changed, 1 insertion(+) diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR= outerPei.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR= outerPei.c index 361a4f6508a0..bf6e1336ee76 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPe= i.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPe= i.c @@ -426,6 +426,7 @@ HashLibBaseCryptoRouterPeiConstructor ( // ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->H= ashInterface)); HashInterfaceHob->HashInterfaceCount =3D 0; + HashInterfaceHob->SupportedHashMask =3D 0; } =20 // --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1520438280642122.5697475473795; Wed, 7 Mar 2018 07:58:00 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id BEDEB22135D36; Wed, 7 Mar 2018 07:51:42 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BD77921E082A2 for ; Wed, 7 Mar 2018 07:51:39 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 68C314073187; Wed, 7 Mar 2018 15:57:54 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1BDDB215CDA7; Wed, 7 Mar 2018 15:57:53 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:40 +0100 Message-Id: <20180307155746.18526-3-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 07 Mar 2018 15:57:54 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Wed, 07 Mar 2018 15:57:54 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 2/8] SecurityPkg/Tcg2Pei: drop PeiReadOnlyVariable from Depex X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, lersek@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau The module doesn't use read-only variable. Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Laszlo Ersek Reviewed-by: jiewen.yao@intel.com --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 - 1 file changed, 1 deletion(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index bc910c3baf97..a4aae1488ff8 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -91,7 +91,6 @@ [Pcd] =20 [Depex] gEfiPeiMasterBootModePpiGuid AND - gEfiPeiReadOnlyVariable2PpiGuid AND gEfiTpmDeviceSelectedGuid =20 [UserExtensions.TianoCore."ExtraFiles"] --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 152043828332864.82921641663904; Wed, 7 Mar 2018 07:58:03 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 57AFA22135D3A; Wed, 7 Mar 2018 07:51:44 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5A08D21E08289 for ; Wed, 7 Mar 2018 07:51:41 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E9BE0BD95; Wed, 7 Mar 2018 15:57:55 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7EF277C4A; Wed, 7 Mar 2018 15:57:55 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:41 +0100 Message-Id: <20180307155746.18526-4-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Mar 2018 15:57:56 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Mar 2018 15:57:56 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 3/8] MdeModulePkg: fix REGISITER -> REGISTER X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, lersek@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Laszlo Ersek Reviewed-by: Star Zeng --- MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 18 +++++++++--------- MdeModulePkg/Core/Pei/Image/Image.c | 4 ++-- MdeModulePkg/Core/Pei/PeiMain.h | 2 +- MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/C= ore/Pei/Dispatcher/Dispatcher.c index 79f2e5cebcbe..027176d872c7 100644 --- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c @@ -970,7 +970,7 @@ PeiDispatcher ( if ((Private->PeiMemoryInstalled) && (Private->HobList.HandoffInformatio= nTable->BootMode !=3D BOOT_ON_S3_RESUME || PcdGetBool (PcdShadowPeimOnS3Boo= t))) { // // Once real memory is available, shadow the RegisterForShadow modules= . And meanwhile - // update the modules' status from PEIM_STATE_REGISITER_FOR_SHADOW to = PEIM_STATE_DONE. + // update the modules' status from PEIM_STATE_REGISTER_FOR_SHADOW to P= EIM_STATE_DONE. // SaveCurrentPeimCount =3D Private->CurrentPeimCount; SaveCurrentFvCount =3D Private->CurrentPeimFvCount; @@ -978,7 +978,7 @@ PeiDispatcher ( =20 for (Index1 =3D 0; Index1 <=3D SaveCurrentFvCount; Index1++) { for (Index2 =3D 0; (Index2 < PcdGet32 (PcdPeiCoreMaxPeimPerFv)) && (= Private->Fv[Index1].FvFileHandles[Index2] !=3D NULL); Index2++) { - if (Private->Fv[Index1].PeimState[Index2] =3D=3D PEIM_STATE_REGISI= TER_FOR_SHADOW) { + if (Private->Fv[Index1].PeimState[Index2] =3D=3D PEIM_STATE_REGIST= ER_FOR_SHADOW) { PeimFileHandle =3D Private->Fv[Index1].FvFileHandles[Index2]; Private->CurrentFileHandle =3D PeimFileHandle; Private->CurrentPeimFvCount =3D Index1; @@ -986,13 +986,13 @@ PeiDispatcher ( Status =3D PeiLoadImage ( (CONST EFI_PEI_SERVICES **) &Private->Ps, PeimFileHandle, - PEIM_STATE_REGISITER_FOR_SHADOW, + PEIM_STATE_REGISTER_FOR_SHADOW, &EntryPoint, &AuthenticationState ); if (Status =3D=3D EFI_SUCCESS) { // - // PEIM_STATE_REGISITER_FOR_SHADOW move to PEIM_STATE_DONE + // PEIM_STATE_REGISTER_FOR_SHADOW move to PEIM_STATE_DONE // Private->Fv[Index1].PeimState[Index2]++; // @@ -1165,7 +1165,7 @@ PeiDispatcher ( // PeiCheckAndSwitchStack (SecCoreData, Private); =20 - if ((Private->PeiMemoryInstalled) && (Private->Fv[FvCount].Pei= mState[PeimCount] =3D=3D PEIM_STATE_REGISITER_FOR_SHADOW) && \ + if ((Private->PeiMemoryInstalled) && (Private->Fv[FvCount].Pei= mState[PeimCount] =3D=3D PEIM_STATE_REGISTER_FOR_SHADOW) && \ (Private->HobList.HandoffInformationTable->BootMode !=3D B= OOT_ON_S3_RESUME || PcdGetBool (PcdShadowPeimOnS3Boot))) { // // If memory is available we shadow images by default for pe= rformance reasons. @@ -1179,7 +1179,7 @@ PeiDispatcher ( Status =3D PeiLoadImage ( PeiServices, PeimFileHandle, - PEIM_STATE_REGISITER_FOR_SHADOW, + PEIM_STATE_REGISTER_FOR_SHADOW, &EntryPoint, &AuthenticationState ); @@ -1192,7 +1192,7 @@ PeiDispatcher ( //PERF_END (PeiServices, L"PEIM", PeimFileHandle, 0); =20 // - // PEIM_STATE_REGISITER_FOR_SHADOW move to PEIM_STATE_DONE + // PEIM_STATE_REGISTER_FOR_SHADOW move to PEIM_STATE_DONE // Private->Fv[FvCount].PeimState[PeimCount]++; =20 @@ -1356,14 +1356,14 @@ PeiRegisterForShadow ( return EFI_NOT_FOUND; } =20 - if (Private->Fv[Private->CurrentPeimFvCount].PeimState[Private->CurrentP= eimCount] >=3D PEIM_STATE_REGISITER_FOR_SHADOW) { + if (Private->Fv[Private->CurrentPeimFvCount].PeimState[Private->CurrentP= eimCount] >=3D PEIM_STATE_REGISTER_FOR_SHADOW) { // // If the PEIM has already entered the PEIM_STATE_REGISTER_FOR_SHADOW = or PEIM_STATE_DONE then it's already been started // return EFI_ALREADY_STARTED; } =20 - Private->Fv[Private->CurrentPeimFvCount].PeimState[Private->CurrentPeimC= ount] =3D PEIM_STATE_REGISITER_FOR_SHADOW; + Private->Fv[Private->CurrentPeimFvCount].PeimState[Private->CurrentPeimC= ount] =3D PEIM_STATE_REGISTER_FOR_SHADOW; =20 return EFI_SUCCESS; } diff --git a/MdeModulePkg/Core/Pei/Image/Image.c b/MdeModulePkg/Core/Pei/Im= age/Image.c index f41d3acac77e..f07f48823117 100644 --- a/MdeModulePkg/Core/Pei/Image/Image.c +++ b/MdeModulePkg/Core/Pei/Image/Image.c @@ -387,7 +387,7 @@ LoadAndRelocatePeCoffImage ( } IsRegisterForShadow =3D FALSE; if ((Private->CurrentFileHandle =3D=3D FileHandle)=20 - && (Private->Fv[Private->CurrentPeimFvCount].PeimState[Private->Curren= tPeimCount] =3D=3D PEIM_STATE_REGISITER_FOR_SHADOW)) { + && (Private->Fv[Private->CurrentPeimFvCount].PeimState[Private->Curren= tPeimCount] =3D=3D PEIM_STATE_REGISTER_FOR_SHADOW)) { IsRegisterForShadow =3D TRUE; } =20 @@ -876,7 +876,7 @@ PeiLoadImage ( // // The shadowed PEIM must be relocatable. // - if (PeimState =3D=3D PEIM_STATE_REGISITER_FOR_SHADOW) { + if (PeimState =3D=3D PEIM_STATE_REGISTER_FOR_SHADOW) { IsStrip =3D RelocationIsStrip ((VOID *) (UINTN) ImageAddress); ASSERT (!IsStrip); if (IsStrip) { diff --git a/MdeModulePkg/Core/Pei/PeiMain.h b/MdeModulePkg/Core/Pei/PeiMai= n.h index fef3753e4b3b..a1cdbc15d98a 100644 --- a/MdeModulePkg/Core/Pei/PeiMain.h +++ b/MdeModulePkg/Core/Pei/PeiMain.h @@ -104,7 +104,7 @@ typedef struct { // #define PEIM_STATE_NOT_DISPATCHED 0x00 #define PEIM_STATE_DISPATCHED 0x01 -#define PEIM_STATE_REGISITER_FOR_SHADOW 0x02 +#define PEIM_STATE_REGISTER_FOR_SHADOW 0x02 #define PEIM_STATE_DONE 0x03 =20 typedef struct { diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c b/MdeModulePkg/Core/Pe= i/PeiMain/PeiMain.c index 3cd61906c3df..775bf18ce938 100644 --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c @@ -104,7 +104,7 @@ ShadowPeiCore ( Status =3D PeiLoadImage ( GetPeiServicesTablePointer (), *((EFI_PEI_FILE_HANDLE*)&PeiCoreFileHandle), - PEIM_STATE_REGISITER_FOR_SHADOW, + PEIM_STATE_REGISTER_FOR_SHADOW, &EntryPoint, &AuthenticationState ); --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1520438285960918.1685732982061; Wed, 7 Mar 2018 07:58:05 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id C24BE22135D3E; Wed, 7 Mar 2018 07:51:44 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id AC74021E08289 for ; Wed, 7 Mar 2018 07:51:42 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 57C73BD9F; Wed, 7 Mar 2018 15:57:57 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 074B62026980; Wed, 7 Mar 2018 15:57:56 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:42 +0100 Message-Id: <20180307155746.18526-5-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Mar 2018 15:57:57 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Mar 2018 15:57:57 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 4/8] ovmf: simplify SecurityStubDxe.inf inclusion X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, lersek@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau SecurityStubDxe.inf should be included unconditionally. Cc: Laszlo Ersek Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Marc-Andr=C3=A9 Lureau Reviewed-by: Laszlo Ersek --- OvmfPkg/OvmfPkgIa32.dsc | 6 ++---- OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++---- OvmfPkg/OvmfPkgX64.dsc | 6 ++---- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index fbe0f790e431..5bd3f4f977df 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -611,14 +611,12 @@ [Components] =20 MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf !endif + } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index fb10e0b0f2e4..7dded86c4940 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -620,14 +620,12 @@ [Components.X64] =20 MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf !endif + } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index a31551f5ae24..a8e89276c0b2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -618,14 +618,12 @@ [Components] =20 MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf =20 -!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { +!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf - } -!else - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf !endif + } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf PcAtChipsetPkg/8259InterruptControllerDxe/8259.inf --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 152043828857485.62237825794034; Wed, 7 Mar 2018 07:58:08 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 2B7FD22135D48; Wed, 7 Mar 2018 07:51:47 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 656C522135D3C for ; Wed, 7 Mar 2018 07:51:44 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1338B406E88B; Wed, 7 Mar 2018 15:57:59 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6DF1E215CDA7; Wed, 7 Mar 2018 15:57:58 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:43 +0100 Message-Id: <20180307155746.18526-6-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 07 Mar 2018 15:57:59 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 07 Mar 2018 15:57:59 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 5/8] ovmf: add OvmfPkg Tcg2ConfigPei module X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, lersek@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau The Tcg2ConfigPei module informs the firmware globally about the TPM device type, by setting the PcdTpmInstanceGuid PCD to the appropriate GUID value. The original module under SecurityPkg can perform device detection, or read a cached value from a non-volatile UEFI variable. OvmfPkg's clone of the module only performs the TPM2 hardware detection. This is what the module does: - Check the QEMU hardware for TPM2 availability only - If found, set the dynamic PCD "PcdTpmInstanceGuid" to &gEfiTpmDeviceInstanceTpm20DtpmGuid. This is what informs the rest of the firmware about the TPM type. - Install the gEfiTpmDeviceSelectedGuid PPI. This action permits the PEI_CORE to dispatch the Tcg2Pei module, which consumes the above PCD. In effect, the gEfiTpmDeviceSelectedGuid PPI serializes the setting and the consumption of the "TPM type" PCD. - If no TPM2 was found, install gPeiTpmInitializationDonePpiGuid. (Normally this is performed by Tcg2Pei, but Tcg2Pei doesn't do it if no TPM2 is available. So in that case our Tcg2ConfigPei must do it.) Cc: Laszlo Ersek Cc: Stefan Berger Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-Andr=C3=A9 Lureau --- OvmfPkg/OvmfPkgX64.dsc | 17 ++++ OvmfPkg/OvmfPkgX64.fdf | 4 + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 57 +++++++++++ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 124 +++++++++++++++++++++++ OvmfPkg/Tcg/Tcg2Config/TpmDetection.c | 46 +++++++++ 5 files changed, 248 insertions(+) create mode 100644 OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf create mode 100644 OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c create mode 100644 OvmfPkg/Tcg/Tcg2Config/TpmDetection.c diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index a8e89276c0b2..64bd6b6a9f08 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -39,6 +39,7 @@ [Defines] DEFINE HTTP_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE TLS_ENABLE =3D FALSE + DEFINE TPM2_ENABLE =3D FALSE =20 # # Flash size selection. Setting FD_SIZE_IN_KB on the command line direct= ly to @@ -208,6 +209,10 @@ [LibraryClasses] OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf +!endif + [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf =20 @@ -272,6 +277,10 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 +!if $(TPM2_ENABLE) + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif + [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf @@ -554,6 +563,10 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +!endif + ##########################################################################= ###### # # Components Section - list of all EDK II Modules needed by this Platform. @@ -600,6 +613,10 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif + # # DXE Phase modules # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 2fc17810eb23..dbafada5226b 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -165,6 +165,10 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif + ##########################################################################= ###### =20 [FV.DXEFV] diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf new file mode 100644 index 000000000000..201e4f24d5f4 --- /dev/null +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -0,0 +1,57 @@ +## @file +# Set TPM device type +# +# This module initializes TPM device type based on variable and detection. +# This OvmfPkg of SecurityPkg only does TPM2 detection. +# +# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+# Copyright (C) 2018, Red Hat, Inc. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BS= D License +# which accompanies this distribution. The full text of the license may be= found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D Tcg2ConfigPei + FILE_GUID =3D BF7F2B0C-9F2F-4889-AB5C-12460022BE87 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D Tcg2ConfigPeimEntryPoint + +[Sources] + Tcg2ConfigPeim.c + TpmDetection.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + PeimEntryPoint + DebugLib + Tpm2DeviceLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"TCG2_CONFIGURATION" + ## SOMETIMES_CONSUMES ## Variable:L"TCG2_DEVICE_DETECTION" + gTcg2ConfigFormSetGuid + gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID #= Used as a PPI GUID + gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID #= TPM device identifier + +[Ppis] + gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PROD= UCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection ## CONS= UMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOME= TIMES_CONSUMES + +[Depex] + gEfiPeiMasterBootModePpiGuid diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/OvmfPkg/Tcg/Tcg2Conf= ig/Tcg2ConfigPeim.c new file mode 100644 index 000000000000..31f27968401b --- /dev/null +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -0,0 +1,124 @@ +/** @file + The module entry point for Tcg2 configuration module. + +Copyright (c) 2018, Red Hat, Inc. +Copyright (c) 2015, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + + +#include + +#include +#include +#include +#include +#include + +TPM_INSTANCE_ID mTpmInstanceId[] =3D TPM_INSTANCE_ID_LIST; + +CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi =3D { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiTpmDeviceSelectedGuid, + NULL +}; + +EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + +/** + This routine check both SetupVariable and real TPM device, and return fi= nal TpmDevice configuration. + + @param SetupTpmDevice TpmDevice configuration in setup driver + + @return TpmDevice configuration +**/ +UINT8 +DetectTpmDevice ( + IN UINT8 SetupTpmDevice + ); + +/** + The entry point for Tcg2 configuration driver. + + @param FileHandle Handle of the file being invoked. + @param PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCES Convert variable to PCD successfully. + @retval Others Fail to convert variable to PCD. +**/ +EFI_STATUS +EFIAPI +Tcg2ConfigPeimEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + UINTN Size; + EFI_STATUS Status; + EFI_STATUS Status2; + TCG2_CONFIGURATION Tcg2Configuration; + UINTN Index; + UINT8 TpmDevice; + + Tcg2Configuration.TpmDevice =3D TPM_DEVICE_2_0_DTPM; + + DEBUG ((EFI_D_INFO, "OvmfPkg Tcg2ConfigPeimEntryPoint")); + + if (PcdGetBool (PcdTpmAutoDetection)) { + TpmDevice =3D DetectTpmDevice (Tcg2Configuration.TpmDevice); + DEBUG ((EFI_D_INFO, "TpmDevice final: %x\n", TpmDevice)); + if (TpmDevice !=3D TPM_DEVICE_NULL) { + Tcg2Configuration.TpmDevice =3D TpmDevice; + } + } else { + TpmDevice =3D Tcg2Configuration.TpmDevice; + } + + // + // Convert variable to PCD. + // This is work-around because there is no gurantee DynamicHiiPcd can re= turn correct value in DXE phase. + // Using DynamicPcd instead. + // + // NOTE: Tcg2Configuration variable contains the desired TpmDevice type, + // while PcdTpmInstanceGuid PCD contains the real detected TpmDevice type + // + for (Index =3D 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0= ]); Index++) { + if (TpmDevice =3D=3D mTpmInstanceId[Index].TpmDevice) { + Size =3D sizeof(mTpmInstanceId[Index].TpmInstanceGuid); + Status =3D PcdSetPtrS (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[In= dex].TpmInstanceGuid); + ASSERT_EFI_ERROR (Status); + DEBUG ((EFI_D_INFO, "TpmDevice PCD: %g\n", &mTpmInstanceId[Index].Tp= mInstanceGuid)); + break; + } + } + + // + // Selection done + // + Status =3D PeiServicesInstallPpi (&gTpmSelectedPpi); + ASSERT_EFI_ERROR (Status); + + // + // Even if no TPM is selected or detected, we still need intall TpmIniti= alizationDonePpi. + // Because TcgPei or Tcg2Pei will not run, but we still need a way to no= tify other driver. + // Other driver can know TPM initialization state by TpmInitializedPpi. + // + if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNo= neGuid)) { + Status2 =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); + ASSERT_EFI_ERROR (Status2); + } + + return Status; +} diff --git a/OvmfPkg/Tcg/Tcg2Config/TpmDetection.c b/OvmfPkg/Tcg/Tcg2Config= /TpmDetection.c new file mode 100644 index 000000000000..df222cbff13d --- /dev/null +++ b/OvmfPkg/Tcg/Tcg2Config/TpmDetection.c @@ -0,0 +1,46 @@ +/** @file + TPM2.0 auto detection. + +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (C) 2018, Red Hat, Inc. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD = License +which accompanies this distribution. The full text of the license may be = found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ + + +#include + +#include +#include +#include + +/** + This routine check both SetupVariable and real TPM device, and return fi= nal TpmDevice configuration. + + @param SetupTpmDevice TpmDevice configuration in setup driver + + @return TpmDevice configuration +**/ +UINT8 +DetectTpmDevice ( + IN UINT8 SetupTpmDevice + ) +{ + EFI_STATUS Status; + + DEBUG ((EFI_D_INFO, "DetectTpmDevice:\n")); + + Status =3D Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + return TPM_DEVICE_NULL; + } + + return TPM_DEVICE_2_0_DTPM; +} --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1520438291202478.12467923867644; Wed, 7 Mar 2018 07:58:11 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 9BF1F22135D31; Wed, 7 Mar 2018 07:51:47 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2085B22135D45 for ; Wed, 7 Mar 2018 07:51:46 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BAD09406E8BD; Wed, 7 Mar 2018 15:58:00 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6F73D215CDA7; Wed, 7 Mar 2018 15:58:00 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:44 +0100 Message-Id: <20180307155746.18526-7-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 07 Mar 2018 15:58:00 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Wed, 07 Mar 2018 15:58:00 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 6/8] ovmf: link with Tcg2Pei module X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, lersek@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau This module will initialize TPM device, measure reported FVs and BIOS version. We keep both SHA-1 and SHA-256 for the TCG 1.2 log format compatibility, but the SHA-256 measurements and TCG 2 log format are now recommended. Cc: Laszlo Ersek Cc: Stefan Berger Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-Andr=C3=A9 Lureau --- OvmfPkg/OvmfPkgX64.dsc | 7 +++++++ OvmfPkg/OvmfPkgX64.fdf | 1 + 2 files changed, 8 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 64bd6b6a9f08..3fa1a31f4c37 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -278,6 +278,8 @@ [LibraryClasses.common.PEIM] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 !if $(TPM2_ENABLE) + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRou= terPei.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif =20 @@ -615,6 +617,11 @@ [Components] =20 !if $(TPM2_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + } !endif =20 # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index dbafada5226b..c0173e7adf5f 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -167,6 +167,7 @@ [FV.PEIFV] =20 !if $(TPM2_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif =20 ##########################################################################= ###### --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 152043829373051.64844634086569; Wed, 7 Mar 2018 07:58:13 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0AAFD22135D58; Wed, 7 Mar 2018 07:51:49 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D61A122135D58 for ; Wed, 7 Mar 2018 07:51:47 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7C00440252F0; Wed, 7 Mar 2018 15:58:02 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id DB0342024CAB; Wed, 7 Mar 2018 15:58:01 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:45 +0100 Message-Id: <20180307155746.18526-8-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 07 Mar 2018 15:58:02 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 07 Mar 2018 15:58:02 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 7/8] ovmf: link with Tcg2Dxe module X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, lersek@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau This module measures and log the boot environment. It also produces the Tcg2 protocol, which allows for example to read the log from OS. The linux kernel doesn't yet read the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, which is required for crypto-agile log. In fact, only upcoming 4.16 adds support EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: [ 0.000000] efi: EFI v2.70 by EDK II [ 0.000000] efi: SMBIOS=3D0x3fa1f000 ACPI=3D0x3fbb6000 ACPI 2.0=3D0x3= fbb6014 MEMATTR=3D0x3e7d4318 TPMEventLog=3D0x3db21018 $ python chipsec_util.py tpm parse_log binary_bios_measurements [CHIPSEC] Version 1.3.5.dev2 [CHIPSEC] API mode: using OS native API (not using CHIPSEC kernel module) [CHIPSEC] Executing command 'tpm' with args ['parse_log', '/tmp/binary_bios= _measurements'] PCR: 0 type: EV_S_CRTM_VERSION size: 0x2 digest: 1489f923c4d= ca729178b3e3233458550d8dddf29 + version: PCR: 0 type: EV_EFI_PLATFORM_FIRMWARE_BLOB size: 0x10 digest: fd39ced7c0= d2a61f6830c78c7625f94826b05bcc + base: 0x820000 length: 0xe0000 PCR: 0 type: EV_EFI_PLATFORM_FIRMWARE_BLOB size: 0x10 digest: 39ebc6783b= 72bc1e73c7d5bcfeb5f54a3f105d4c + base: 0x900000 length: 0xa00000 PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x35 digest: 57cd4dc194= 42475aa82743484f3b1caa88e142b8 PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x24 digest: 9b1387306e= bb7ff8e795e7be77563666bbf4516e PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x26 digest: 9afa86c507= 419b8570c62167cb9486d9fc809758 PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x24 digest: 5bf8faa078= d40ffbd03317c93398b01229a0e1e0 PCR: 7 type: EV_EFI_VARIABLE_DRIVER_CONFIG size: 0x26 digest: 734424c9fe= 8fc71716c42096f4b74c88733b175e PCR: 7 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e74= 50a285173431b3e52c5c25299e473 PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x3e digest: 252f8ebb85= 340290b64f4b06a001742be8e5cab6 PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x6e digest: 22a4f6ee9a= f6dba01d3528deb64b74b582fc182b PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x80 digest: b7811d5bf3= 0a7efd4e385c6179fe10d9290bb9e8 PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x84 digest: 425e502c24= fc924e231e0a62327b6b7d1f704573 PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x9a digest: 0b5d2c98ac= 5de6148a4a1490ff9d5df69039f04e PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0xbd digest: 20bd5f4022= 71d57a88ea314fe35c1705956b1f74 PCR: 1 type: EV_EFI_VARIABLE_BOOT size: 0x88 digest: df5d6605cb= 8f4366d745a8464cfb26c1efdc305c PCR: 4 type: EV_EFI_ACTION size: 0x28 digest: cd0fdb4531= a6ec41be2753ba042637d6e5f7f256 PCR: 0 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e74= 50a285173431b3e52c5c25299e473 PCR: 1 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e74= 50a285173431b3e52c5c25299e473 PCR: 2 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e74= 50a285173431b3e52c5c25299e473 PCR: 3 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e74= 50a285173431b3e52c5c25299e473 PCR: 4 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e74= 50a285173431b3e52c5c25299e473 PCR: 5 type: EV_SEPARATOR size: 0x4 digest: 9069ca78e74= 50a285173431b3e52c5c25299e473 $ tpm2_pcrlist sha1 : 0 : 35bd1786b6909daad610d7598b1d620352d33b8a 1 : ec0511e860206e0af13c31da2f9e943fb6ca353d 2 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 3 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 4 : 45a323382bd933f08e7f0e256bc8249e4095b1ec 5 : d16d7e629fd8d08ca256f9ad3a3a1587c9e6cc1b 6 : b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236 7 : 518bd167271fbb64589c61e43d8c0165861431d8 8 : 0000000000000000000000000000000000000000 9 : 0000000000000000000000000000000000000000 10 : 0000000000000000000000000000000000000000 11 : 0000000000000000000000000000000000000000 12 : 0000000000000000000000000000000000000000 13 : 0000000000000000000000000000000000000000 14 : 0000000000000000000000000000000000000000 15 : 0000000000000000000000000000000000000000 16 : 0000000000000000000000000000000000000000 17 : ffffffffffffffffffffffffffffffffffffffff 18 : ffffffffffffffffffffffffffffffffffffffff 19 : ffffffffffffffffffffffffffffffffffffffff 20 : ffffffffffffffffffffffffffffffffffffffff 21 : ffffffffffffffffffffffffffffffffffffffff 22 : ffffffffffffffffffffffffffffffffffffffff 23 : 0000000000000000000000000000000000000000 sha256 : 0 : 9ae903dbae3357ac00d223660bac19ea5c021499a56201104332ab966631ce2c 1 : acc611d90245cf04e77b0ca94901f90e7fa54770f0426f53c3049b532243d1b8 2 : 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 3 : 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 4 : 7a94ffe8a7729a566d3d3c577fcb4b6b1e671f31540375f80eae6382ab785e35 5 : a5ceb755d043f32431d63e39f5161464620a3437280494b5850dc1b47cc074e0 6 : 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 7 : 65caf8dd1e0ea7a6347b635d2b379c93b9a1351edc2afc3ecda700e534eb3068 8 : 0000000000000000000000000000000000000000000000000000000000000000 9 : 0000000000000000000000000000000000000000000000000000000000000000 10 : 0000000000000000000000000000000000000000000000000000000000000000 11 : 0000000000000000000000000000000000000000000000000000000000000000 12 : 0000000000000000000000000000000000000000000000000000000000000000 13 : 0000000000000000000000000000000000000000000000000000000000000000 14 : 0000000000000000000000000000000000000000000000000000000000000000 15 : 0000000000000000000000000000000000000000000000000000000000000000 16 : 0000000000000000000000000000000000000000000000000000000000000000 17 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 18 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 19 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 20 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 21 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 22 : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 23 : 0000000000000000000000000000000000000000000000000000000000000000 sha384 : The PhysicalPresenceLib is required, it sets some variables, but the firmware doesn't act on it yet. Laszlo Ersek explained on the list why Tpm2DeviceLib has to be resolved differently for DXE_DRIVER modules in general and for "Tcg2Dxe.inf" specifically: * We have a library class called Tpm2DeviceLib -- this is basically the set of APIs declared in "SecurityPkg/Include/Library/Tpm2DeviceLib.h". Its leading comment says "This library abstract how to access TPM2 hardware device". There are two *sets* of APIs in "Tpm2DeviceLib.h": (a) functions that deal with the TPM2 device: - Tpm2RequestUseTpm(), - Tpm2SubmitCommand() This set of APIs is supposed to be used by clients that *consume* the TPM2 device abstraction. (b) the function Tpm2RegisterTpm2DeviceLib(), which is supposed to be used by *providers* of various TPM2 device abstractions. * Then, we have two implementations (instances) of the Tpm2DeviceLib clas= s: (1) SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf (2) SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf (1) The first library instance ("Tpm2DeviceLibTcg2.inf") implements the APIs listed under (a), and it does not implement (b) -- see EFI_UNSUPPORTED. In other words, this lib instance is strictly meant for drivers that *consume* the TPM2 device abstraction. And, the (a) group of APIs is implemented by forwarding the requests to the TCG2 protocol. The idea here is that all the drivers that consume the TPM2 abstraction do not have to be statically linked with a large TPM2 device library instance; instead they are only linked (statically) with this "thin" library instance, and all the actual work is delegated to whichever driver that provides the singleton TCG2 protocol. (2) The second library instance ("Tpm2DeviceLibRouterDxe.inf") is meant for the driver that offers (produces) the TCG2 protocol. This lib instance implements both (a) and (b) API groups. * Here's how things fit together: (i) The "SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf" library instance (which has no lib class) is linked into "Tcg2Dxe.inf" via NULL class resolution. This simply means that before the "Tcg2Dxe.inf" entry point function is entered, the constructor function of "Tpm2InstanceLibDTpm.inf" will be called. (ii) This Tpm2InstanceLibDTpmConstructor() function calls API (b), and registers its own actual TPM2 command implementation with the "Tpm2DeviceLibRouter" library instance (also linked into the Tcg2Dxe driver). This provides the back-end for the API set (a). TCG2 protocol provider (Tcg2Dxe.inf driver) launches | v NULL class: Tpm2InstanceLibDTpm instance construction | v Tpm2DeviceLib class: Tpm2DeviceLibRouter instance backend registration for API set (a) (iii) The Tcg2Dxe driver exposes the TCG2 protocol. (iv) A TPM2 consumer calls API set (a) via lib instance (1). Such calls land in Tcg2Dxe, via the protocol. (v) Tcg2Dxe serves the protocol request by forwarding it to API set (a) from lib instance (2). (vi) Those functions call the "backend" functions registered by Tpm2DeviceLibDTpm in step (ii). TPM 2 consumer driver | v Tpm2DeviceLib class: Tpm2DeviceLibTcg2 instance | v TCG2 protocol interface | v TCG2 protocol provider: Tcg2Dxe.inf driver | v Tpm2DeviceLib class: Tpm2DeviceLibRouter instance | v NULL class: Tpm2InstanceLibDTpm instance (via earlier registration) | v TPM2 chip (actual hardware) * So that is the "router" pattern in edk2. Namely, - Consumers of an abstraction use a thin library instance. - The thin library instance calls a firmware-global (singleton) service, i.e. a PPI (in the PEI phase) or protocol (in the DXE phase). - The PEIM providing the PPI, or the DXE driver providing the protocol, don't themselves implement the actual service either. Instead they offer a "registration" service too, and they only connect the incoming "consumer" calls to the earlier registered back-end(s). - The "registration service", for back-ends to use, may take various forms. It can be exposed globally to the rest of the firmware, as another member function of the PPI / protocol structure. Then backends can be provided by separate PEIMs / DXE drivers. Or else, the registration service can be exposed as just another library API. In this case, the backends are provided as NULL class library instances, and a platform DSC file links them into the PEIM / DXE driver via NULL class resolutions. The backend lib instances call the registration service in their own respective constructor functions. Cc: Laszlo Ersek Cc: Stefan Berger Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-Andr=C3=A9 Lureau --- OvmfPkg/OvmfPkgX64.dsc | 16 ++++++++++++++++ OvmfPkg/OvmfPkgX64.fdf | 4 ++++ 2 files changed, 20 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3fa1a31f4c37..7753852144fb 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -211,6 +211,8 @@ [LibraryClasses] =20 !if $(TPM2_ENABLE) =3D=3D TRUE Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/D= xeTcg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf !endif =20 [LibraryClasses.common] @@ -362,6 +364,10 @@ [LibraryClasses.common.DXE_DRIVER] PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf +!if $(TPM2_ENABLE) + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRou= terDxe.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -642,6 +648,16 @@ [Components] =20 MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + } +!endif + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index c0173e7adf5f..1a46104fc63d 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -392,6 +392,10 @@ [FV.DXEFV] INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf !endif =20 +!if $(TPM2_ENABLE) =3D=3D TRUE +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +!endif + ##########################################################################= ###### =20 [FV.FVMAIN_COMPACT] --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Fri May 3 01:37:18 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1520438299246436.46689722133806; Wed, 7 Mar 2018 07:58:19 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6E6A32235229E; Wed, 7 Mar 2018 07:51:51 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6FDE022135D45 for ; Wed, 7 Mar 2018 07:51:49 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1B48BEBFEC; Wed, 7 Mar 2018 15:58:04 +0000 (UTC) Received: from localhost (ovpn-112-24.ams2.redhat.com [10.36.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id C28982023227; Wed, 7 Mar 2018 15:58:03 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=marcandre.lureau@redhat.com; receiver=edk2-devel@lists.01.org From: marcandre.lureau@redhat.com To: edk2-devel@lists.01.org Date: Wed, 7 Mar 2018 16:57:46 +0100 Message-Id: <20180307155746.18526-9-marcandre.lureau@redhat.com> In-Reply-To: <20180307155746.18526-1-marcandre.lureau@redhat.com> References: <20180307155746.18526-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Mar 2018 15:58:04 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 07 Mar 2018 15:58:04 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'marcandre.lureau@redhat.com' RCPT:'' Subject: [edk2] [PATCH v2 8/8] ovmf: add DxeTpm2MeasureBootLib X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com, jiewen.yao@intel.com, lersek@redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 From: Marc-Andr=C3=A9 Lureau The library registers a security management handler, to measure images that are not measure in PEI phase. This seems to work for example with the qemu PXE rom: Loading driver at 0x0003E6C2000 EntryPoint=3D0x0003E6C9076 8086100e.efi And the following binary_bios_measurements log entry seems to be added: PCR: 2 type: EV_EFI_BOOT_SERVICES_DRIVER size: 0x4e digest: 70a22475e9= f18806d2ed9193b48d80d26779d9a4 Cc: Laszlo Ersek Cc: Stefan Berger Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-Andr=C3=A9 Lureau --- OvmfPkg/OvmfPkgX64.dsc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 7753852144fb..9db1712e3623 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -662,6 +662,9 @@ [Components] !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!endif +!if $(TPM2_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf !endif } =20 --=20 2.16.2.346.g9779355e34 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel