OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------ OvmfPkg/OvmfPkgIa32.fdf | 10 +++-- OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------ OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++-- OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------ OvmfPkg/OvmfPkgX64.fdf | 10 +++-- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++- SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++ .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++---- 10 files changed, 141 insertions(+), 56 deletions(-)
From: Marc-André Lureau <marcandre.lureau@redhat.com> Hi, The following patches add basic TPM 1.2 support for Ovmf/QEMU. I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 passthrough, and emulated CRB/TPM 2.0. (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE) Marc-André Lureau (3): Ovmf: rename TPM2 config prefix to TPM SecurityPkg: export Tpm12GetPtpInterfaceType() Ovmf: enable TPM 1.2 support OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------ OvmfPkg/OvmfPkgIa32.fdf | 10 +++-- OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------ OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++-- OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------ OvmfPkg/OvmfPkgX64.fdf | 10 +++-- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++- SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++ .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++---- 10 files changed, 141 insertions(+), 56 deletions(-) -- 2.25.0.rc2.1.g09a9a1a997 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54362): https://edk2.groups.io/g/devel/message/54362 Mute This Topic: https://groups.io/mt/71240877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Lureau I don’t think we should expose the TPM Interface type via TpmCommandLib. That is the TPM device implementation. The TPM device might use TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM implementation type. To distinguish TPM2.0 or TPM1.2, the standard way is to send startup command. Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > marcandre.lureau@redhat.com > Sent: Thursday, February 13, 2020 9:12 PM > To: edk2-devel@lists.01.org; devel@edk2.groups.io > Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk; > Marc-André Lureau <marcandre.lureau@redhat.com> > Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 > > From: Marc-André Lureau <marcandre.lureau@redhat.com> > > Hi, > > The following patches add basic TPM 1.2 support for Ovmf/QEMU. > > I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 > passthrough, and emulated CRB/TPM 2.0. > (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE) > > Marc-André Lureau (3): > Ovmf: rename TPM2 config prefix to TPM > SecurityPkg: export Tpm12GetPtpInterfaceType() > Ovmf: enable TPM 1.2 support > > OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------ > OvmfPkg/OvmfPkgIa32.fdf | 10 +++-- > OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------ > OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++-- > OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------ > OvmfPkg/OvmfPkgX64.fdf | 10 +++-- > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++ > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++- > SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++ > .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++---- > 10 files changed, 141 insertions(+), 56 deletions(-) > > -- > 2.25.0.rc2.1.g09a9a1a997 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54363): https://edk2.groups.io/g/devel/message/54363 Mute This Topic: https://groups.io/mt/71240877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Yao On Thu, Feb 13, 2020 at 2:51 PM Yao, Jiewen <jiewen.yao@intel.com> wrote: > > Hi Lureau > I don’t think we should expose the TPM Interface type via TpmCommandLib. > > That is the TPM device implementation. The TPM device might use TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM implementation type. > > To distinguish TPM2.0 or TPM1.2, the standard way is to send startup command. Thanks for the feedback, unfortunately I don't know how to achieve this for both tpm/vtpm (uninitialized) & passthrough (initialized). If the device is uninitialized, sending Tpm12Startup (TPM_ST_CLEAR) to detect 1.2 in Tcg2ConfigPeimEntryPoint will work, but then Tpm12Startup () in TcgPei:PeimEntryMA will later fail. If the device is initialized/passthrough, sending Tpm12Startup (TPM_ST_CLEAR) will fail, so it could send Tpm12Startup (TPM_ST_STATE) instead. But that will fail to detect uninitialized 1.2 device. I am stuck, any help welcome! thanks > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > > marcandre.lureau@redhat.com > > Sent: Thursday, February 13, 2020 9:12 PM > > To: edk2-devel@lists.01.org; devel@edk2.groups.io > > Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk; > > Marc-André Lureau <marcandre.lureau@redhat.com> > > Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 > > > > From: Marc-André Lureau <marcandre.lureau@redhat.com> > > > > Hi, > > > > The following patches add basic TPM 1.2 support for Ovmf/QEMU. > > > > I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 > > passthrough, and emulated CRB/TPM 2.0. > > (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE) > > > > Marc-André Lureau (3): > > Ovmf: rename TPM2 config prefix to TPM > > SecurityPkg: export Tpm12GetPtpInterfaceType() > > Ovmf: enable TPM 1.2 support > > > > OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------ > > OvmfPkg/OvmfPkgIa32.fdf | 10 +++-- > > OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------ > > OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++-- > > OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------ > > OvmfPkg/OvmfPkgX64.fdf | 10 +++-- > > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++ > > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++- > > SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++ > > .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++---- > > 10 files changed, 141 insertions(+), 56 deletions(-) > > > > -- > > 2.25.0.rc2.1.g09a9a1a997 > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54501): https://edk2.groups.io/g/devel/message/54501 Mute This Topic: https://groups.io/mt/71240877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
For tpm/vtpm (uninitialized), I think you can set PcdTpmInitializationPolicy to 0 in the TPM detection module. As such, the TCG PEI will skip Startup() command. Please refer to SecurityPkg\Tcg\Tcg2Config\TpmDetection.c. I am not clear about the passthrough mode. Which module initializes the TPM ? Can we let this module pass some information ? Thank you Yao Jiewen > -----Original Message----- > From: Marc-André Lureau <marcandre.lureau@redhat.com> > Sent: Saturday, February 15, 2020 7:34 PM > To: edk2-devel-groups-io <devel@edk2.groups.io>; Yao, Jiewen > <jiewen.yao@intel.com> > Cc: edk2-devel@lists.01.org; stefanb@linux.ibm.com; lersek@redhat.com; > simon.hardy@itdev.co.uk > Subject: Re: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 > > Hi Yao > > On Thu, Feb 13, 2020 at 2:51 PM Yao, Jiewen <jiewen.yao@intel.com> wrote: > > > > Hi Lureau > > I don’t think we should expose the TPM Interface type via TpmCommandLib. > > > > That is the TPM device implementation. The TPM device might use > TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM > implementation type. > > > > To distinguish TPM2.0 or TPM1.2, the standard way is to send startup > command. > > Thanks for the feedback, unfortunately I don't know how to achieve > this for both tpm/vtpm (uninitialized) & passthrough (initialized). > > If the device is uninitialized, sending Tpm12Startup (TPM_ST_CLEAR) to > detect 1.2 in Tcg2ConfigPeimEntryPoint will work, but then > Tpm12Startup () in TcgPei:PeimEntryMA will later fail. > > If the device is initialized/passthrough, sending Tpm12Startup > (TPM_ST_CLEAR) will fail, so it could send Tpm12Startup (TPM_ST_STATE) > instead. But that will fail to detect uninitialized 1.2 device. > > I am stuck, any help welcome! > > thanks > > > > > Thank you > > Yao Jiewen > > > > > > > -----Original Message----- > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > > > marcandre.lureau@redhat.com > > > Sent: Thursday, February 13, 2020 9:12 PM > > > To: edk2-devel@lists.01.org; devel@edk2.groups.io > > > Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk; > > > Marc-André Lureau <marcandre.lureau@redhat.com> > > > Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 > > > > > > From: Marc-André Lureau <marcandre.lureau@redhat.com> > > > > > > Hi, > > > > > > The following patches add basic TPM 1.2 support for Ovmf/QEMU. > > > > > > I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 > > > passthrough, and emulated CRB/TPM 2.0. > > > (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE) > > > > > > Marc-André Lureau (3): > > > Ovmf: rename TPM2 config prefix to TPM > > > SecurityPkg: export Tpm12GetPtpInterfaceType() > > > Ovmf: enable TPM 1.2 support > > > > > > OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------ > > > OvmfPkg/OvmfPkgIa32.fdf | 10 +++-- > > > OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------ > > > OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++-- > > > OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------ > > > OvmfPkg/OvmfPkgX64.fdf | 10 +++-- > > > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++ > > > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++- > > > SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++ > > > .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++---- > > > 10 files changed, 141 insertions(+), 56 deletions(-) > > > > > > -- > > > 2.25.0.rc2.1.g09a9a1a997 > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54500): https://edk2.groups.io/g/devel/message/54500 Mute This Topic: https://groups.io/mt/71240877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 2/15/20 6:33 AM, Marc-André Lureau wrote: > Hi Yao > > On Thu, Feb 13, 2020 at 2:51 PM Yao, Jiewen <jiewen.yao@intel.com> wrote: >> Hi Lureau >> I don’t think we should expose the TPM Interface type via TpmCommandLib. >> >> That is the TPM device implementation. The TPM device might use TIS/FIFO/CRB, but there might be also other type such as I2C, or fTPM implementation type. >> >> To distinguish TPM2.0 or TPM1.2, the standard way is to send startup command. > Thanks for the feedback, unfortunately I don't know how to achieve > this for both tpm/vtpm (uninitialized) & passthrough (initialized). > > If the device is uninitialized, sending Tpm12Startup (TPM_ST_CLEAR) to > detect 1.2 in Tcg2ConfigPeimEntryPoint will work, but then > Tpm12Startup () in TcgPei:PeimEntryMA will later fail. > > If the device is initialized/passthrough, sending Tpm12Startup > (TPM_ST_CLEAR) will fail, so it could send Tpm12Startup (TPM_ST_STATE) > instead. But that will fail to detect uninitialized 1.2 device. > > I am stuck, any help welcome! You should be able to do this in the same way as we do it in QEMU: https://github.com/qemu/qemu/blob/master/hw/tpm/tpm_util.c#L190 Send a command (non-TPM_Startup) to it and inspect the TAG in the header. Stefan > > thanks > >> Thank you >> Yao Jiewen >> >> >>> -----Original Message----- >>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of >>> marcandre.lureau@redhat.com >>> Sent: Thursday, February 13, 2020 9:12 PM >>> To: edk2-devel@lists.01.org; devel@edk2.groups.io >>> Cc: stefanb@linux.ibm.com; lersek@redhat.com; simon.hardy@itdev.co.uk; >>> Marc-André Lureau <marcandre.lureau@redhat.com> >>> Subject: [edk2-devel] [PATCH v2 0/3] Ovmf: enable TPM 1.2 >>> >>> From: Marc-André Lureau <marcandre.lureau@redhat.com> >>> >>> Hi, >>> >>> The following patches add basic TPM 1.2 support for Ovmf/QEMU. >>> >>> I tested successfully Win10 with TIS/TPM 1.2 & CRB/TPM 2.0 >>> passthrough, and emulated CRB/TPM 2.0. >>> (fwiw, I haven't tried to enable TPM_CONFIG_ENABLE) >>> >>> Marc-André Lureau (3): >>> Ovmf: rename TPM2 config prefix to TPM >>> SecurityPkg: export Tpm12GetPtpInterfaceType() >>> Ovmf: enable TPM 1.2 support >>> >>> OvmfPkg/OvmfPkgIa32.dsc | 39 +++++++++++++------ >>> OvmfPkg/OvmfPkgIa32.fdf | 10 +++-- >>> OvmfPkg/OvmfPkgIa32X64.dsc | 39 +++++++++++++------ >>> OvmfPkg/OvmfPkgIa32X64.fdf | 10 +++-- >>> OvmfPkg/OvmfPkgX64.dsc | 39 +++++++++++++------ >>> OvmfPkg/OvmfPkgX64.fdf | 10 +++-- >>> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 3 ++ >>> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 17 +++++++- >>> SecurityPkg/Include/Library/Tpm12DeviceLib.h | 13 +++++++ >>> .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 17 ++++---- >>> 10 files changed, 141 insertions(+), 56 deletions(-) >>> >>> -- >>> 2.25.0.rc2.1.g09a9a1a997 >>> >>> >>> >> >> >> > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54518): https://edk2.groups.io/g/devel/message/54518 Mute This Topic: https://groups.io/mt/71240877/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.