From nobody Sun May 19 06:05:02 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+81091+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81091+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1632483763; cv=none; d=zohomail.com; s=zohoarc; b=VXsk3dg+0SN6cFvV9goWDMUIvJoMkFX2VExdsoh5pvHRCKSG/vnTSCuebKkXUFzrFowgUkG1QC5OsZlJQFJw2XqDEjI5DfwE4r69n997sMFAvAJEoaj9UMSkvF8h98o9OglJUPvAulZ8REVHdfn6BuRUGREF3nPcJohErtsffCk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632483763; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=GASDAddBk2gW4fVei/jWTZrQ/fV9+Jj8G8GEtgTnAO8=; b=F5BBagILwydrzIGqwljrd7gbYoVnsgsXcf8mTSfFtSMUheOmSW4lTjppY1NOMLvDaA7uVIa6IvDLwcNl0nLsKiALlpjVALyqY2WBG8DGffmygWFtYDxQdzARNs0Vu2PJlu92s+hOKv2GfRCut0PoqYxgV8vHQA9fZoHmjKOWUUU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81091+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1632483763332377.46570840428103; Fri, 24 Sep 2021 04:42:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id qgigYY1788612xVXelBFd1Pt; Fri, 24 Sep 2021 04:42:43 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.6919.1632483761645719045 for ; Fri, 24 Sep 2021 04:42:41 -0700 X-Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18OA1MO2015277; Fri, 24 Sep 2021 07:42:37 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b9chxt2dj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 07:42:37 -0400 X-Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18OBVbN0015012; Fri, 24 Sep 2021 07:42:36 -0400 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b9chxt2d9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 07:42:36 -0400 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18OBfoOE023695; Fri, 24 Sep 2021 11:42:35 GMT X-Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma02dal.us.ibm.com with ESMTP id 3b93g5vhd9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 11:42:35 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18OBgY2T51380680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 24 Sep 2021 11:42:34 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4DA89136060; Fri, 24 Sep 2021 11:42:34 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B75A4136063; Fri, 24 Sep 2021 11:42:33 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 24 Sep 2021 11:42:33 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v4 1/3] ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib Date: Fri, 24 Sep 2021 07:42:19 -0400 Message-Id: <20210924114221.3132368-2-stefanb@linux.ibm.com> In-Reply-To: <20210924114221.3132368-1-stefanb@linux.ibm.com> References: <20210924114221.3132368-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: JndyraugUsb0dyzPpqKrOIbNTdhjq9ac X-Proofpoint-GUID: NscwexF-jWaKolULFAYf-m3TRakLDR-C X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com X-Gm-Message-State: GXPVWhHYcB8KlFwHdH9Clu7mx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1632483763; bh=T5rz8tSOpih6K48opAkaclPZnVWbGFrzXJKmFnk+XjI=; h=Cc:Date:From:Reply-To:Subject:To; b=Yyctsmtnu7WlQZJukZY7YvxjPWlXESlnb6dFq7lepdJlMQFnovpiYRSnGOPmbQ5ykcX oEYpDsibf3rvcE5jLeR2zDlr4U8pgDuiTlcurdQLovnySHjcQ2QIttBuIjzBgURR4N+JK DRZFnq6mcIa8sQ80XEUS0RjUHIAxgICUQ30= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1632483764464100003 Content-Type: text/plain; charset="utf-8" From: Stefan Berger Add a NULL implementation of the library class TpmPlatformHierarchyLib. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510 Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Stefan Berger Reviewed-by: Sami Mujawar --- .../PeiDxeTpmPlatformHierarchyLib.c | 22 +++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++++++++++++++++++ SecurityPkg/SecurityPkg.dsc | 1 + 3 files changed, 54 insertions(+) create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.inf diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib= Null/PeiDxeTpmPlatformHierarchyLib.c new file mode 100644 index 0000000000..dfc8863830 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.c @@ -0,0 +1,22 @@ +/** @file + Null TPM Platform Hierarchy configuration library. + + This library provides stub functions for customizing the TPM's Platfor= m Hierarchy. + + Copyright (c) 2021, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +/** + A NULL implementation of ConfigureTpmPlatformHierarchy. +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + ) +{ + /* do nothing */ +} diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyL= ibNull/PeiDxeTpmPlatformHierarchyLib.inf new file mode 100644 index 0000000000..1b1e9ad592 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.inf @@ -0,0 +1,31 @@ +### @file +# NULL TPM Platform Hierarchy configuration library. +# +# This library provides functions for customizing the TPM's Platform Hie= rarchy +# Authorization Value (platformAuth) and Platform Hierarchy Authorization +# Policy (platformPolicy) can be defined through this function. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 1.27 + BASE_NAME =3D BasePlatform + FILE_GUID =3D 8947A3F2-BfB4-45EF-968D-5C40C1CE6A58 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV= ER + +[LibraryClasses] + BaseLib + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Sources] + PeiDxeTpmPlatformHierarchyLib.c diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index f1f678c492..37318c64c5 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -232,6 +232,7 @@ SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf =20 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHiera= rchyLib.inf + SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformH= ierarchyLib.inf =20 # # TCG Storage. --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#81091): https://edk2.groups.io/g/devel/message/81091 Mute This Topic: https://groups.io/mt/85836858/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 06:05:02 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+81089+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81089+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1632483763; cv=none; d=zohomail.com; s=zohoarc; b=fKftpRDr7sq7GJ0QsD+sVyMKXr4T3X38ekUdK6u93RFOzKCL3YGdlTN42cx286yZUi+BF3qdrS1AcNrDL56LgT20rAhDN++54vKkAr8duw+TfZWeP/v3cbMxJiz7+iQI0J449KWXW+ayzvwnYaI4Hx3UjHfUrESQYOSCl3O4rls= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632483763; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=U8Tf1s/j75v+nTN6cMIVkWpwQ1piRl9UrI8q9YYnA3k=; b=FkNpiPfnpgTZHgtv28YF9dPI7lJBg8rc7Y8Q6DQ0IQz4hIAtnAqErlJnuBceYxmxvQgtkHrUD8cdUGmKW1KK1NySoC8AYycIchYW+9lP5Z/iqm5eWq0UOsBHbPi0AqCxJ4HWc3y5iIsCjjBlgMvhZFok5xUe/dDQgNpJEGYTvyY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81089+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 163248376392969.33018591481778; Fri, 24 Sep 2021 04:42:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mDlgYY1788612xD2wdK44vt9; Fri, 24 Sep 2021 04:42:43 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web08.7073.1632483761129318378 for ; Fri, 24 Sep 2021 04:42:41 -0700 X-Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18OBTdJa018412; Fri, 24 Sep 2021 07:42:38 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b9duq0a09-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 07:42:37 -0400 X-Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18OBVpYg029133; Fri, 24 Sep 2021 07:42:37 -0400 X-Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b9duq09yw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 07:42:37 -0400 X-Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18OBfuL2021719; Fri, 24 Sep 2021 11:42:36 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma05wdc.us.ibm.com with ESMTP id 3b93g7a1gc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 11:42:35 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18OBgZKb37290352 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 24 Sep 2021 11:42:35 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E8A5A136065; Fri, 24 Sep 2021 11:42:34 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 63F9A136063; Fri, 24 Sep 2021 11:42:34 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 24 Sep 2021 11:42:34 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v4 2/3] ArmVirtPkg: Reference new TPM classes in the build system for compilation Date: Fri, 24 Sep 2021 07:42:20 -0400 Message-Id: <20210924114221.3132368-3-stefanb@linux.ibm.com> In-Reply-To: <20210924114221.3132368-1-stefanb@linux.ibm.com> References: <20210924114221.3132368-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 1Ak085rAVnhKL3z_TanlhiYpSPMdZwm7 X-Proofpoint-GUID: tcO6OruGoVGNmeAWLIxNC7IvbEgkq0Fq X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com X-Gm-Message-State: ZRSM73CiqNtH2VLE31Hlo84Gx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1632483763; bh=n+M4FIqtYtH83ORDNT9ja0jttaAKuvPUyYiXSloMDXk=; h=Cc:Date:From:Reply-To:Subject:To; b=XKBvPILaq+LRcAb1fEaOpez9TEvuLsfiQcpG567WNVvVyQKhn6x2+42MGbbt+xm9hwH d2KabGGtHecgxZzMjsCLKfaM4EOIdG+B3Y1DevsMKMKQEaUX9tUCAe9VlX6uzLJP5NMem Tg1SjhpRt5wPkJXV+MQjCLtIElAeeiWBaGw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1632483764484100005 Content-Type: text/plain; charset="utf-8" From: Stefan Berger We just added the same functionality to the OvmfPkg. However, on x86, we could use the notification mechanism around gEfiDxeSmmReadyToLockProtocolGuid to indirectly invoke ConfigureTpmPlatformHierarchy(). Since ARM does not have an SMM mode, we have to use direct invocation of this function at the same place in PlatformBootManagerBeforeConsole() as it is called on x86. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510 Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Stefan Berger Reviewed-by: Sami Mujawar --- ArmVirtPkg/ArmVirtCloudHv.dsc | 1 + ArmVirtPkg/ArmVirtQemu.dsc | 2 ++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + ArmVirtPkg/ArmVirtXen.dsc | 1 + .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 5 files changed, 6 insertions(+) diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc index f292ba6079..3475bb7f0d 100644 --- a/ArmVirtPkg/ArmVirtCloudHv.dsc +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc @@ -55,6 +55,7 @@ PciHostBridgeUtilityLib|ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLi= b/ArmVirtPciHostBridgeUtilityLib.inf =20 TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 !include MdePkg/MdeLibs.dsc.inc =20 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 97539edef7..35aea68e02 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -86,8 +86,10 @@ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common.PEIM] diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 28064199c8..19c1908cd9 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -80,6 +80,7 @@ PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridge= Lib.inf PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostB= ridgeUtilityLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc index 2b07a5ba19..dbc40e854b 100644 --- a/ArmVirtPkg/ArmVirtXen.dsc +++ b/ArmVirtPkg/ArmVirtXen.dsc @@ -50,6 +50,7 @@ PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBoo= tManagerLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 11f52e019b..9f54224d3e 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -33,6 +33,7 @@ MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec ShellPkg/ShellPkg.dec =20 [LibraryClasses] --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#81089): https://edk2.groups.io/g/devel/message/81089 Mute This Topic: https://groups.io/mt/85836856/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 06:05:02 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+81092+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81092+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1632483764; cv=none; d=zohomail.com; s=zohoarc; b=GxTxq7dhEhgcZNCgNqMvNOorzEyKtrZwX01pTDr8LgW/et3APlZPKEqn3WjcWPrboxCCRuGaURDkDWEuEnYU3Mg8gpkYq1YLzkl5kujdj1Ahtd4IX2rkIjgjK5Iv9DMwnZQrLn17ruCfMm4kEf4OxHmUJHdlGAeHeS3lIAiaBWQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632483764; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=W8B/PlnPFl5knAENM+RIv8u4hrC5xKdz1zHdkt68z3Q=; b=hI79qOZ4PooY7oCPnwfQ65I9Qj3lcx98hrzCa/3FWWpyX7QGKQVnzs0xuNIlxjdoENWDNhDrJfFM2k/FwtFrU+pcA+ZzasLtZ+OoWeLBYkARw2+T6GBGw1rPZu+ES5STe51ue5pFX+/iuNWz4Qnj2qOS2MJhYVO6Nz8yYZxu6ys= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+81092+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1632483764767329.59761376253994; Fri, 24 Sep 2021 04:42:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IdQtYY1788612xbyfIlTujaI; Fri, 24 Sep 2021 04:42:44 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.7021.1632483762623712873 for ; Fri, 24 Sep 2021 04:42:42 -0700 X-Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18OAGWV1024785; Fri, 24 Sep 2021 07:42:38 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b97eb157q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 07:42:38 -0400 X-Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18OAQNWA013896; Fri, 24 Sep 2021 07:42:38 -0400 X-Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b97eb157a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 07:42:37 -0400 X-Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18OBfvfi021739; Fri, 24 Sep 2021 11:42:36 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma05wdc.us.ibm.com with ESMTP id 3b93g7a1gj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 24 Sep 2021 11:42:36 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18OBgZoC31392194 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 24 Sep 2021 11:42:35 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9E39B136060; Fri, 24 Sep 2021 11:42:35 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0B75F13604F; Fri, 24 Sep 2021 11:42:35 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 24 Sep 2021 11:42:34 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v4 3/3] ArmVirtPkg: Disable the TPM2 platform hierarchy Date: Fri, 24 Sep 2021 07:42:21 -0400 Message-Id: <20210924114221.3132368-4-stefanb@linux.ibm.com> In-Reply-To: <20210924114221.3132368-1-stefanb@linux.ibm.com> References: <20210924114221.3132368-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 70No49KaHAKBvN4xs1Z5Rk3iYXKvCZi_ X-Proofpoint-ORIG-GUID: 0PUnlRMXzfRtafZRUhwf0TfXvMMclWvU X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com X-Gm-Message-State: C6HNVXgKQuHs6jNsyUfeqsZcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1632483764; bh=fIP5Nzjftl8KFBCYXgPBQiXKxaUTengWTggc/yq7hZM=; h=Cc:Date:From:Reply-To:Subject:To; b=CwabYzseM+Pk0qNiGAxpHJHkQL5AT/y5xak2SNKUzUTVkFLvZFb7bwngcM02OAXjj3u 0hItwr2aWDjh17mKuLWt/l0lOKdSwpZTsXmBEW20wPQkq9FNjUALP8TsWX5ydyvwwPraz xsuDFFKXlHfecxmW8M6PV8BCgk3U5Uvwi8g= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1632483766512100012 Content-Type: text/plain; charset="utf-8" From: Stefan Berger Disable the TPM2 platform hierarchy by directly calling ConfigureTpmPlatformHierarchy(). Per the TCG firmware specification "TCG PC Client Platform Firmware Profile Specification" the TPM 2 platform hierarchy needs to be disabled or a random password set and discarded before the firmware passes control to the next stage bootloader or kernel. Current specs are here: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05= _v23_pub.pdf Section 11 states: "Platform Firmware MUST protect access to the Platform Hierarchy and prevent access to the platform hierarchy by non-manufacturer- controlled components." Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510 Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Stefan Berger Reviewed-by: Sami Mujawar --- ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++++++ .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 2 files changed, 7 insertions(+) diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVi= rtPkg/Library/PlatformBootManagerLib/PlatformBm.c index 69448ff65b..1848042f86 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -696,6 +697,11 @@ PlatformBootManagerBeforeConsole ( // EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid); =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Dispatch deferred images after EndOfDxe event. // diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 9f54224d3e..997eb1a442 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -48,6 +48,7 @@ QemuBootOrderLib QemuLoadImageLib ReportStatusCodeLib + TpmPlatformHierarchyLib UefiBootManagerLib UefiBootServicesTableLib UefiLib --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#81092): https://edk2.groups.io/g/devel/message/81092 Mute This Topic: https://groups.io/mt/85836860/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-