From nobody Sat Apr 20 00:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52973+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52973+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1578390488; cv=none; d=zohomail.com; s=zohoarc; b=ebbgxVBcHrDGkjtHQmgkEbav177A8ps2HbAemQgKuBdaB6YnDGJlX7B8p7LgNWP22EzVAP6221pkHSc78HEExkLcVCqbNht2ZNXwNHleILHlKunE6jDPZnUZKGf9nJ9eib00VFAEMJi0PF6XGdcmMOzBfJJ0TJJimDvs1TarFrI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578390488; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=jAOn5GiTD0N2849VEzi0Zy3yQ6ahLraALopFi2GG/Vo=; b=hRUzSFLrqxGmlldDRPRc4kooReo08lyFpkSiIFxz3bH3oc9F3fITjqwErjGdBKb0efupFoaVKJN5PU+W6zCeXkPGFHqO6mOgRuXx80y1rDgV4vVZ/5bcfjxpzoTKlRPA+yOEOcKtOz2HS6S/MUg5zl4y4tx3xyE4Vl4eiOC9kVQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52973+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1578390488755788.1785041268542; Tue, 7 Jan 2020 01:48:08 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id v0gaYY1788612xajbUFp07Tu; Tue, 07 Jan 2020 01:48:07 -0800 X-Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.web09.3648.1578390487093651689 for ; Tue, 07 Jan 2020 01:48:07 -0800 X-Received: by mail-wm1-f66.google.com with SMTP id 20so18578798wmj.4 for ; Tue, 07 Jan 2020 01:48:06 -0800 (PST) X-Gm-Message-State: 84mCMpvcg7WVcaVv4htkPd3bx1787277AA= X-Google-Smtp-Source: APXvYqyBQJkcBAcL5nubEIq7Lu6jM1gpWWbAPVfU1JyPlibBAFNESRmM8SHt1fhUbr/dk2Ra47vlKQ== X-Received: by 2002:a05:600c:21ce:: with SMTP id x14mr37306533wmj.120.1578390485436; Tue, 07 Jan 2020 01:48:05 -0800 (PST) X-Received: from localhost.localdomain ([2a01:cb1d:112:6f00:cc7e:d2b6:8b0c:cb36]) by smtp.gmail.com with ESMTPSA id u1sm25870210wmc.5.2020.01.07.01.48.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2020 01:48:04 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: lersek@redhat.com, Ard Biesheuvel Subject: [edk2-devel] [PATCH 1/4] OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex on Date: Tue, 7 Jan 2020 10:47:57 +0100 Message-Id: <20200107094800.4488-2-ard.biesheuvel@linaro.org> In-Reply-To: <20200107094800.4488-1-ard.biesheuvel@linaro.org> References: <20200107094800.4488-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1578390487; bh=eRWFHd3nn8vZa3oFyAcr1vuwxi+11BQaE+Vzg3GYmBg=; h=Cc:Date:From:Reply-To:Subject:To; b=UtHZK9c4y0xqdLEBqHYF6Td8MSoW71db0pQO2JV2V2AaBkt3xlhjgd3SMfrSJ/AiI/l IXI6aUTg9g4PmT46FULEqS1PIzpXR1gNigDnTTFJGs1RVWsAMC4DG7YzB13b/RNq/84Cm L5j95N5mjBy8UWQ6NebFTkgR9kGeMszPvS8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" On ARM systems, the TPM does not live at a fixed address, and so we need the platform to discover it first. So introduce a PPI that signals that the TPM address has been discovered and recorded in the appropriate PCD, and make Tcg2ConfigPei depex on it when built for ARM or AARCH64. Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- OvmfPkg/OvmfPkg.dec | 4 ++++ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index d5fee805ef4a..10a2b714c1b4 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -101,6 +101,10 @@ [Protocols] gEfiLegacyInterruptProtocolGuid =3D {0x31ce593d, 0x108a, 0x485d, {0x= ad, 0xb2, 0x78, 0xf2, 0x1f, 0x29, 0x66, 0xbe}} gEfiVgaMiniPortProtocolGuid =3D {0xc7735a2f, 0x88f5, 0x4882, {0x= ae, 0x63, 0xfa, 0xac, 0x8c, 0x8b, 0x86, 0xb3}} =20 +[Ppis] + # PPI whose presence in the PPI database signals that the TPM base addre= ss has been discovered and recorded + gOvmfTpmDiscoveredPpiGuid =3D {0xb9a61ad0, 0x2802, 0x41f3, {0x= b5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}} + [PcdsFixedAtBuild] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|0x0|UINT32|0 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize|0x0|UINT32|1 diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index e34cd6210611..55684ba045b3 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -25,6 +25,7 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec SecurityPkg/SecurityPkg.dec =20 [LibraryClasses] @@ -43,5 +44,8 @@ [Ppis] [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PROD= UCES =20 -[Depex] +[Depex.IA32, Depex.X64] TRUE + +[Depex.ARM, Depex.AARCH64] + gOvmfTpmDiscoveredPpiGuid --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52973): https://edk2.groups.io/g/devel/message/52973 Mute This Topic: https://groups.io/mt/69499019/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 00:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52974+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52974+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1578390490; cv=none; d=zohomail.com; s=zohoarc; b=hFnYEE+DKGYEbn4AFZQgzEE7azTW4NyjyZnqWpuNScxak8INnkgQslG6OihZ1oqAO9BB7UazKx/GbE7yfSypBSVkDZ/trU0iQfE/Dc44lQXeIRmrRKHiTHJ0RA6kKwUwXhU0LG+684p27sh32Gobo6gR/4l4BjW/OLn48Jww9Jc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578390490; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=17CSAYFLqSfxtvjaNHSCB0U/zHUu6g4PtK9w0RKPivU=; b=fRI2e/xPyXy1ugLF+nsj0FyNyulbsVl3vFZ3v/YtKtza7XUbRVyTZcm9OdVgq4wP4OEJ02YJe4CLga1WA0CfFsgWF+XlrYy32dT6HVD6NmTnQX+86TPqBlh0gksWHZmBBaukpSY5sDg+YZzBV4r3oJ41VN+IcrNOqKjEwh3Hb3s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52974+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1578390490374576.7317668554847; Tue, 7 Jan 2020 01:48:10 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id X7SaYY1788612xhsAnTcuPoC; Tue, 07 Jan 2020 01:48:10 -0800 X-Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.web10.3753.1578390488749953863 for ; Tue, 07 Jan 2020 01:48:09 -0800 X-Received: by mail-wm1-f66.google.com with SMTP id u2so18602504wmc.3 for ; Tue, 07 Jan 2020 01:48:08 -0800 (PST) X-Gm-Message-State: 1F6kzeePEnQEUZcqKyYU5Galx1787277AA= X-Google-Smtp-Source: APXvYqwYVM4qg5i5RQt5ui3qhsFiF6wv3bCD7Yir36iPDTLkptLGpMhsgnVvii1pexlawiSsZNr/xw== X-Received: by 2002:a1c:4b0a:: with SMTP id y10mr40806171wma.78.1578390486766; Tue, 07 Jan 2020 01:48:06 -0800 (PST) X-Received: from localhost.localdomain ([2a01:cb1d:112:6f00:cc7e:d2b6:8b0c:cb36]) by smtp.gmail.com with ESMTPSA id u1sm25870210wmc.5.2020.01.07.01.48.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2020 01:48:05 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: lersek@redhat.com, Ard Biesheuvel Subject: [edk2-devel] [PATCH 2/4] ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT Date: Tue, 7 Jan 2020 10:47:58 +0100 Message-Id: <20200107094800.4488-3-ard.biesheuvel@linaro.org> In-Reply-To: <20200107094800.4488-1-ard.biesheuvel@linaro.org> References: <20200107094800.4488-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1578390490; bh=YXJ51GyDOJp2aFSJCqQe2WPgt5yVXvf6dbs6EO4EeTw=; h=Cc:Date:From:Reply-To:Subject:To; b=ZyFIU2t9+s5R7M6xIXirOUUsgp9UmZAfCk0jqj9ccFwA4FTEtG7SGBk5/Ut+UbooJ3g wBfifOmYMhTjSe4gA5yroPwwORWT2bIssRKLnU723g96SHcRW0mk+QVs7dSH/RmMK/NPZ vhb4fmq6pDOAwuhjSxEFXRWyd+iSymWCkSU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Introduce a boolean PCD that tells us whether TPM support is enabled in the build, and if it is, record the TPM base address in the existing routine that traverses the device tree in the platform PEIM. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirtPkg.dec | 5 ++ ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 12 ++- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 82 ++++++++++++++++= +--- 3 files changed, 87 insertions(+), 12 deletions(-) diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec index a019cc269d10..ed5114887489 100644 --- a/ArmVirtPkg/ArmVirtPkg.dec +++ b/ArmVirtPkg/ArmVirtPkg.dec @@ -58,6 +58,11 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x65, 0x60, 0xA6, 0xDF= , 0x19, 0xB4, 0xD3, 0x11, 0x9A, 0x2D, 0x00, 0x90, 0x27, 0x3F, 0xC1, 0x4D}|V= OID*|0x00000007 =20 + # + # Boolean PCD that defines whether TPM2 support is enabled + # + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004 + [PcdsDynamic] # # Whether to force disable ACPI, regardless of the fw_cfg settings diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirt= Pkg/Library/PlatformPeiLib/PlatformPeiLib.inf index 46db117ac28e..c41ee22c9767 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf @@ -21,22 +21,30 @@ [Sources] [Packages] ArmPkg/ArmPkg.dec ArmVirtPkg/ArmVirtPkg.dec - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec EmbeddedPkg/EmbeddedPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec =20 [LibraryClasses] DebugLib HobLib FdtLib + PeiServicesLib =20 [FixedPcd] gArmTokenSpaceGuid.PcdFvSize gArmVirtTokenSpaceGuid.PcdDeviceTreeAllocationPadding + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled =20 [Pcd] gArmTokenSpaceGuid.PcdFvBaseAddress gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRO= DUCES + +[Ppis] + gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRO= DUCES =20 [Guids] gEarlyPL011BaseAddressGuid diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPk= g/Library/PlatformPeiLib/PlatformPeiLib.c index 0a1469550db0..249e45c04624 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c @@ -1,7 +1,7 @@ /** @file * * Copyright (c) 2011-2014, ARM Limited. All rights reserved. -* Copyright (c) 2014, Linaro Limited. All rights reserved. +* Copyright (c) 2014-2020, Linaro Limited. All rights reserved. * * SPDX-License-Identifier: BSD-2-Clause-Patent * @@ -13,11 +13,18 @@ #include #include #include +#include #include =20 #include #include =20 +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gOvmfTpmDiscoveredPpiGuid, + NULL +}; + EFI_STATUS EFIAPI PlatformPeim ( @@ -31,13 +38,18 @@ PlatformPeim ( UINT64 *FdtHobData; UINT64 *UartHobData; INT32 Node, Prev; + INT32 Parent, Depth; CONST CHAR8 *Compatible; CONST CHAR8 *CompItem; CONST CHAR8 *NodeStatus; INT32 Len; + INT32 RangesLen; INT32 StatusLen; CONST UINT64 *RegProp; + CONST UINT32 *RangesProp; UINT64 UartBase; + UINT64 TpmBase; + EFI_STATUS Status; =20 =20 Base =3D (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress); @@ -58,18 +70,16 @@ PlatformPeim ( ASSERT (UartHobData !=3D NULL); *UartHobData =3D 0; =20 - // - // Look for a UART node - // - for (Prev =3D 0;; Prev =3D Node) { - Node =3D fdt_next_node (Base, Prev, NULL); + for (Prev =3D Depth =3D 0;; Prev =3D Node) { + Node =3D fdt_next_node (Base, Prev, &Depth); if (Node < 0) { break; } =20 - // - // Check for UART node - // + if (Depth =3D=3D 1) { + Parent =3D Node; + } + Compatible =3D fdt_getprop (Base, Node, "compatible", &Len); =20 // @@ -89,10 +99,62 @@ PlatformPeim ( =20 UartBase =3D fdt64_to_cpu (ReadUnaligned64 (RegProp)); =20 - DEBUG ((EFI_D_INFO, "%a: PL011 UART @ 0x%lx\n", __FUNCTION__, Uart= Base)); + DEBUG ((DEBUG_INFO, "%a: PL011 UART @ 0x%lx\n", __FUNCTION__, Uart= Base)); =20 *UartHobData =3D UartBase; break; + } else if (FixedPcdGetBool (PcdTpm2SupportEnabled) && + AsciiStrCmp (CompItem, "tcg,tpm-tis-mmio") =3D=3D 0) { + + RegProp =3D fdt_getprop (Base, Node, "reg", &Len); + ASSERT (Len =3D=3D 8 || Len =3D=3D 16); + if (Len =3D=3D 8) { + TpmBase =3D fdt32_to_cpu (RegProp[0]); + } else if (Len =3D=3D 16) { + TpmBase =3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RegProp)); + } + + if (Depth > 1) { + // + // QEMU/mach-virt may put the TPM on the platform bus, in which = case + // we have to take its 'ranges' property into account to transla= te the + // MMIO address. This consists of a + // tuple, where the child base and the size use the same number = of + // cells as the 'reg' property above, and the parent base uses 2= cells + // + RangesProp =3D fdt_getprop (Base, Parent, "ranges", &RangesLen); + ASSERT (RangesProp !=3D NULL); + + // a plain 'ranges' attribute without a value implies a 1:1 mapp= ing + if (RangesLen !=3D 0) { + // assume a single translated range with 2 cells for the paren= t base + if (RangesLen !=3D Len + 2 * sizeof (UINT32)) { + DEBUG ((DEBUG_WARN, + "%a: 'ranges' property has unexpected size %d\n", + __FUNCTION__, RangesLen)); + break; + } + + if (Len =3D=3D 8) { + TpmBase -=3D fdt32_to_cpu (RangesProp[0]); + } else { + TpmBase -=3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)Ranges= Prop)); + } + + // advance RangesProp to the parent bus address + RangesProp =3D (UINT32 *)((UINT8 *)RangesProp + Len / 2); + TpmBase +=3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesPr= op)); + } + } + + DEBUG ((DEBUG_INFO, "%a: TPM @ 0x%lx\n", __FUNCTION__, TpmBase)); + + Status =3D PcdSet64S (PcdTpmBaseAddress, TpmBase); + ASSERT_RETURN_ERROR (Status); + + Status =3D PeiServicesInstallPpi (&mTpm2DiscoveredPpi); + ASSERT_EFI_ERROR (Status); + break; } } } --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52974): https://edk2.groups.io/g/devel/message/52974 Mute This Topic: https://groups.io/mt/69499021/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 00:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52975+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52975+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1578390490; cv=none; d=zohomail.com; s=zohoarc; b=kRSaGF0oGyfbWuaJE0sJGix/FiKecgAcGd9UkAhfIK8dLp8W0/0cj6NzkZvCzsVKfZ+tTywm/jlMM8zR1wnZr5KsgZUbZ3pZMC/1ys5uYfn1Cd4A8yIsvMlJ15LM7SRsKx5Ryq4z+Q164LKcZPb3blUEHwGpqgoIIJJhy1cWzjc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578390490; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=G7DiTaflymxtI3QLDKfUXXmHzOVekMWZzKrY8wE9NKU=; b=DOuOMkVIweFGMOu0O6g4RDzlhOmzs66fUWhe5Nmji02v361hqD+Nc83waQHzh68C+wzNvSeWxo4A2iQqLECvFAR1Fy0RgZiwotVkoYNRArop8qj/y3ZPh62pnbHBCk+QTmAsGe1WhRCcLa0rWUwgBQEqbUw5WMDldMLd5k6GX6A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52975+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 157839049062728.104237348874904; Tue, 7 Jan 2020 01:48:10 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id pSpsYY1788612xH3baOVZuDC; Tue, 07 Jan 2020 01:48:10 -0800 X-Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by mx.groups.io with SMTP id smtpd.web10.3754.1578390489481954515 for ; Tue, 07 Jan 2020 01:48:09 -0800 X-Received: by mail-wr1-f65.google.com with SMTP id c14so53130377wrn.7 for ; Tue, 07 Jan 2020 01:48:09 -0800 (PST) X-Gm-Message-State: lMuFKU8XubsW27dh0tgLQ9xXx1787277AA= X-Google-Smtp-Source: APXvYqzaJmEALjiQPLxFUCwQPCHIV/k8yeC/BQXEgFHrj9GrlT6xPQRwvf1GvxOxoLpj46RHumvENQ== X-Received: by 2002:adf:ebd0:: with SMTP id v16mr3931545wrn.146.1578390487704; Tue, 07 Jan 2020 01:48:07 -0800 (PST) X-Received: from localhost.localdomain ([2a01:cb1d:112:6f00:cc7e:d2b6:8b0c:cb36]) by smtp.gmail.com with ESMTPSA id u1sm25870210wmc.5.2020.01.07.01.48.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2020 01:48:06 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: lersek@redhat.com, Ard Biesheuvel Subject: [edk2-devel] [PATCH 3/4] ArmVirtPkg/PlatformPeiLib: implement Reset2 PPI based on PSCI Date: Tue, 7 Jan 2020 10:47:59 +0100 Message-Id: <20200107094800.4488-4-ard.biesheuvel@linaro.org> In-Reply-To: <20200107094800.4488-1-ard.biesheuvel@linaro.org> References: <20200107094800.4488-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1578390490; bh=UcxMo2ijo0+FD9qTTWAzmUhozX6VPkAzi64iboBs3fc=; h=Cc:Date:From:Reply-To:Subject:To; b=ZYm4imNuj7LOGBX5tCkIm3++SGZRPTKZlZH1Wxe11PmM/yh0dcBDMw2RKzN3r1Ne4P+ RTzbHjbCgaj5QyPoHW/XH/CxCSmzVoX3FoP4H9ZCOcZpIcC1MOAPcWbURQV8cR0hCyOgE JKgT3ap5puUi+mXQjMFq7bHrc28e0YFVufs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Extend the existing DT traversal routine in PlatformPeiLib with discovery of the PSCI method, and expose an implementation of the Reset2 PPI based on the method found. This satisfies a dependency of Tcg2Pei, which needs to reset the platform in some cases. Since there are no other uses for system reset in PEI on ArmVirtQemu, simply expose the PPI directly rather than using the generic ResetSystemPei and the associated plumbing. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 3 + ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 123 +++++++++++++++= +++++ 2 files changed, 126 insertions(+) diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirt= Pkg/Library/PlatformPeiLib/PlatformPeiLib.inf index c41ee22c9767..72ed2413a768 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf @@ -28,6 +28,8 @@ [Packages] SecurityPkg/SecurityPkg.dec =20 [LibraryClasses] + ArmSmcLib + ArmHvcLib DebugLib HobLib FdtLib @@ -44,6 +46,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRO= DUCES =20 [Ppis] + gEfiPeiReset2PpiGuid ## SOMETIMES_PRO= DUCES gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRO= DUCES =20 [Guids] diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPk= g/Library/PlatformPeiLib/PlatformPeiLib.c index 249e45c04624..7af351eda003 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c @@ -9,6 +9,8 @@ =20 #include =20 +#include +#include #include #include #include @@ -16,15 +18,113 @@ #include #include =20 +#include + #include #include =20 +#include + STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi =3D { EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, &gOvmfTpmDiscoveredPpiGuid, NULL }; =20 +/** + The ResetSystem function resets the entire platform. + + @param[in] ResetType The type of reset to perform. + @param[in] ResetStatus The status code for the reset. + @param[in] DataSize The size, in bytes, of ResetData. + @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm,= or + EfiResetShutdown the data buffer starts with a + Null-terminated string, optionally followed by + additional binary data. The string is a descri= ption + that the caller may use to further indicate the + reason for the system reset. +**/ +STATIC +VOID +EFIAPI +ResetSystemHvc ( + IN EFI_RESET_TYPE ResetType, + IN EFI_STATUS ResetStatus, + IN UINTN DataSize, + IN VOID *ResetData OPTIONAL + ) +{ + ARM_HVC_ARGS ArmHvcArgs; + + switch (ResetType) { + case EfiResetWarm: + case EfiResetCold: + case EfiResetPlatformSpecific: + // Send a PSCI 0.2 SYSTEM_RESET command + ArmHvcArgs.Arg0 =3D ARM_SMC_ID_PSCI_SYSTEM_RESET; + break; + + case EfiResetShutdown: + // Send a PSCI 0.2 SYSTEM_OFF command + ArmHvcArgs.Arg0 =3D ARM_SMC_ID_PSCI_SYSTEM_OFF; + break; + + default: + ASSERT (FALSE); + return; + } + ArmCallHvc (&ArmHvcArgs); +} + +STATIC +VOID +EFIAPI +ResetSystemSmc ( + IN EFI_RESET_TYPE ResetType, + IN EFI_STATUS ResetStatus, + IN UINTN DataSize, + IN VOID *ResetData OPTIONAL + ) +{ + ARM_SMC_ARGS ArmSmcArgs; + + switch (ResetType) { + case EfiResetWarm: + case EfiResetCold: + case EfiResetPlatformSpecific: + // Send a PSCI 0.2 SYSTEM_RESET command + ArmSmcArgs.Arg0 =3D ARM_SMC_ID_PSCI_SYSTEM_RESET; + break; + + case EfiResetShutdown: + // Send a PSCI 0.2 SYSTEM_OFF command + ArmSmcArgs.Arg0 =3D ARM_SMC_ID_PSCI_SYSTEM_OFF; + break; + + default: + ASSERT (FALSE); + return; + } + ArmCallSmc (&ArmSmcArgs); +} + +STATIC CONST EFI_PEI_RESET2_PPI mPpiReset[] =3D { + { ResetSystemHvc }, + { ResetSystemSmc }, +}; + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mPlatformHvcResetPpi =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEfiPeiReset2PpiGuid, + (EFI_PEI_RESET2_PPI *)&mPpiReset[0] +}; + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mPlatformSmcResetPpi =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEfiPeiReset2PpiGuid, + (EFI_PEI_RESET2_PPI *)&mPpiReset[1] +}; + EFI_STATUS EFIAPI PlatformPeim ( @@ -47,6 +147,7 @@ PlatformPeim ( INT32 StatusLen; CONST UINT64 *RegProp; CONST UINT32 *RangesProp; + CONST VOID *MethodProp; UINT64 UartBase; UINT64 TpmBase; EFI_STATUS Status; @@ -155,6 +256,28 @@ PlatformPeim ( Status =3D PeiServicesInstallPpi (&mTpm2DiscoveredPpi); ASSERT_EFI_ERROR (Status); break; + } else if (AsciiStrCmp (CompItem, "arm,psci-0.2") =3D=3D 0) { + MethodProp =3D fdt_getprop (Base, Node, "method", &Len); + if (MethodProp =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "%a: Missing PSCI method property\n", + __FUNCTION__)); + break; + } + + if (AsciiStrnCmp (MethodProp, "hvc", 3) =3D=3D 0) { + Status =3D PeiServicesInstallPpi (&mPlatformHvcResetPpi); + ASSERT_EFI_ERROR (Status); + } else if (AsciiStrnCmp (MethodProp, "smc", 3) =3D=3D 0) { + Status =3D PeiServicesInstallPpi (&mPlatformSmcResetPpi); + ASSERT_EFI_ERROR (Status); + } else { + DEBUG ((DEBUG_ERROR, "%a: Unknown PSCI method \"%a\"\n", __FUNCT= ION__, + MethodProp)); + break; + } + DEBUG ((DEBUG_INFO, "%a: Detected PSCI method \"%a\"\n", __FUNCTIO= N__, + MethodProp)); + break; } } } --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52975): https://edk2.groups.io/g/devel/message/52975 Mute This Topic: https://groups.io/mt/69499022/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 00:42:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52976+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52976+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1578390491; cv=none; d=zohomail.com; s=zohoarc; b=DTq6iCluHvEFH4rdSyyMiF2v4X13YM5KaP7RvlIwLoItPrgdzx79StI8hzhRCKsaAsUMKWQ6wNIRJBZjEJPVPs46Z+0Obr/0ttHNRTIQ5t3j3uneWdI+56bs45Ovbgb1GTSPAwE+fZdhuYIS1RPgMABqvcdJGuUp7xhakWK+6gA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578390491; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=AT78Tj0kgbMEJaVbTRtz4j7a4ztLg8o2VmMEjvq0bMo=; b=TtwplMOCd9MqvC2HaJUKs45IgOoD/X6FD0Ktv2IVtr43TiUXpXJuUMhSi+5r391ojSsk5/Kid0XTxCeSOm2gDZxIhFjUvPz+H1kx5dLQkur5Lj/Y+gL/mGir8Xf4zro+9LPbNLTu9phXLFN5F+YhmewfChzXhXuHWfoXJt4nbos= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52976+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1578390491977655.1204032700881; Tue, 7 Jan 2020 01:48:11 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id DISPYY1788612xiSkfnKow2b; Tue, 07 Jan 2020 01:48:11 -0800 X-Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) by mx.groups.io with SMTP id smtpd.web12.3609.1578390490842357567 for ; Tue, 07 Jan 2020 01:48:11 -0800 X-Received: by mail-wr1-f66.google.com with SMTP id z7so53062931wrl.13 for ; Tue, 07 Jan 2020 01:48:10 -0800 (PST) X-Gm-Message-State: 5o1dQcRVrTLZxXoZvR6dZHA1x1787277AA= X-Google-Smtp-Source: APXvYqyTUI0Jfa9toOU8v6jx+qSiF/btFWdER52yzB3c6O4cFgkvqiQI63KWIWwR+2lbHXLDXzCEMg== X-Received: by 2002:a5d:50ce:: with SMTP id f14mr107877790wrt.254.1578390489014; Tue, 07 Jan 2020 01:48:09 -0800 (PST) X-Received: from localhost.localdomain ([2a01:cb1d:112:6f00:cc7e:d2b6:8b0c:cb36]) by smtp.gmail.com with ESMTPSA id u1sm25870210wmc.5.2020.01.07.01.48.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jan 2020 01:48:07 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: lersek@redhat.com, Ard Biesheuvel Subject: [edk2-devel] [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional support for TPM2 measured boot Date: Tue, 7 Jan 2020 10:48:00 +0100 Message-Id: <20200107094800.4488-5-ard.biesheuvel@linaro.org> In-Reply-To: <20200107094800.4488-1-ard.biesheuvel@linaro.org> References: <20200107094800.4488-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1578390491; bh=NjlwZCUEhZxZDqFDA4PlDJfffkd5scCcteUzjjM5uBg=; h=Cc:Date:From:Reply-To:Subject:To; b=nc06lPchOuYmJyJA61m+xXPkNGr+jMin6n/AdyJn4c3LrIjnYheO9vFB7Ou7so9h4BW 0waxVsYWCgH3f/p6P5LHmR0n84WzwXod4ZJ0ONTHuULcbXdJZp31QF5vByUNWjipSoa7E AIoQW8Hwx/iq352BtvzxhnxQ72Vm3sw8uaw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Duplicate the TPM2_ENABLE and TPM2_CONFIG_ENABLE build time flags that already exist in OvmfPkg, and wire them up in the .DSC and .FDF so that setting those flags produces a ArmVirtQemu build that implements measured boot using a TPM provided by QEMU and described in the device tree. Note that the TPM2 driver stack relies on a PEI phase being implemented, so there is no point in enabling this for ArmVirtQemuKernel or ArmVirtXen. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirtQemu.dsc | 71 ++++++++++++++++++++ ArmVirtPkg/ArmVirtQemu.fdf | 5 ++ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 10 +++ 3 files changed, 86 insertions(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 7ae6702ac1f0..0a37f613ae23 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -29,6 +29,8 @@ [Defines] # DEFINE TTY_TERMINAL =3D FALSE DEFINE SECURE_BOOT_ENABLE =3D FALSE + DEFINE TPM2_ENABLE =3D FALSE + DEFINE TPM2_CONFIG_ENABLE =3D FALSE =20 # # Network definition @@ -74,12 +76,32 @@ [LibraryClasses.common] PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridge= Lib.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf +!endif + [LibraryClasses.common.PEIM] ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoP= eiLib.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.= inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif + [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif + [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf =20 @@ -177,6 +199,8 @@ [PcdsFixedAtBuild.common] =20 gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|3 =20 + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) + [PcdsFixedAtBuild.AARCH64] # Clearing BIT0 in this PCD prevents installing a 32-bit SMBIOS entry po= int, # if the entry point version is >=3D 3.0. AARCH64 OSes cannot assume the @@ -237,9 +261,26 @@ [PcdsDynamicDefault.common] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3 + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3 +!endif + [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGui= d|0x0|FALSE|NV,BS =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS +!endif + ##########################################################################= ###### # # Components Section - list of all EDK II Modules needed by this Platform @@ -295,6 +336,9 @@ [Components.common] MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!if $(TPM2_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf +!endif } SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf @@ -430,6 +474,33 @@ [Components.common] MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!endif + # # ACPI Support # diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf index 2c8936a1ae15..d866e62c529b 100644 --- a/ArmVirtPkg/ArmVirtQemu.fdf +++ b/ArmVirtPkg/ArmVirtQemu.fdf @@ -113,6 +113,11 @@ [FV.FVMAIN_COMPACT] INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +!endif + FILE FV_IMAGE =3D 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRE= D =3D TRUE { SECTION FV_IMAGE =3D FVMAIN diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuF= vMain.fdf.inc index 31f615a9d0f9..d481e4b2b8fb 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc @@ -182,3 +182,13 @@ [FV.FvMain] # Ramdisk support # INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf + + # + # TPM2 support + # +!if $(TPM2_ENABLE) =3D=3D TRUE + INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE + INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52976): https://edk2.groups.io/g/devel/message/52976 Mute This Topic: https://groups.io/mt/69499023/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-