From nobody Sun May 19 20:13:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54780+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54780+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1582627507; cv=none; d=zohomail.com; s=zohoarc; b=gg9eIrMjFKCC9Y7NTFwsN0B0pFAbmmqN87BmkMyL/wbEZX1sJ4EvWFYht/jdjaTLhLaQO92CpCwfLN3OClmrtfjGBowZbP3/48utxV5UaG/w+o5OW+oCMohPVjPcXlEFKoaQre/nnI9Z9o8El1lkcmGNqHgFB5HSDLzPUHdbEGU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582627507; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=Jr3MXPWMD6fJC1P+iGAFxUQRmXphdTE8vWte3du7SjM=; b=be3E/zcNull2vT53kVCEYOdTYjKfFE25qKeYlXGs2RN8YmdUGGj5A5qUyt5Lx0EQvDiwURtJWfF5+zxv5Ju0bX1xPllvFxIUesMPj/eHnJKY24LpgGfC4v6VoyrRhQXNvJoCiMnfGqxo30amvvjjqGCkG+g/blHVJU1VvGcuVtk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54780+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582627507725352.0948332334235; Tue, 25 Feb 2020 02:45:07 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id fomsYY1788612xztUrXOfS1v; Tue, 25 Feb 2020 02:45:06 -0800 X-Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by mx.groups.io with SMTP id smtpd.web11.2255.1582627505979969979 for ; Tue, 25 Feb 2020 02:45:06 -0800 X-Received: by mail-wm1-f68.google.com with SMTP id m3so2439622wmi.0 for ; Tue, 25 Feb 2020 02:45:05 -0800 (PST) X-Gm-Message-State: Xjxf4ho79ZsaynXnUNuw8JY9x1787277AA= X-Google-Smtp-Source: APXvYqzJehEpgLdIDCqM4WDC2kjMzpyKpS6gSazcFAajnQv6WX2OG2/vBBhij3NWZjwxkUuanqw7ZA== X-Received: by 2002:a05:600c:2942:: with SMTP id n2mr4475858wmd.87.1582627504256; Tue, 25 Feb 2020 02:45:04 -0800 (PST) X-Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id g14sm13218913wrv.58.2020.02.25.02.45.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2020 02:45:03 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [edk2-devel] [PATCH v2 1/5] OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex on Date: Tue, 25 Feb 2020 11:44:45 +0100 Message-Id: <20200225104449.22453-2-ard.biesheuvel@linaro.org> In-Reply-To: <20200225104449.22453-1-ard.biesheuvel@linaro.org> References: <20200225104449.22453-1-ard.biesheuvel@linaro.org> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582627506; bh=82pRcPWN6PZFuiA3/TvreXsch69twub2x19XyvBWeVY=; h=Cc:Date:From:Reply-To:Subject:To; b=uMAlOA7M18JJ9k6k7L7sOGKIxP9G+4sUXHmE22BbDV3cEBaOETvlyhh36jjb5GuCon7 Uh9IL02aEJ8m6VIqsL8/TAGgg6MIWhkjFlOMEkBxgo8NAarYlVtW9x4uaA4KExZfptx0B jaKzTUZ/0hYgSPujSBM3g+stMON2dKPk6K4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" On ARM systems, the TPM does not live at a fixed address, and so we need the platform to discover it first. So introduce a PPI that signals that the TPM address has been discovered and recorded in the appropriate PCD, and make Tcg2ConfigPei depex on it when built for ARM or AARCH64. Reviewed-by: Laszlo Ersek Signed-off-by: Ard Biesheuvel --- OvmfPkg/OvmfPkg.dec | 5 +++++ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 4c5b6511cb97..30faecb7a5c8 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -87,6 +87,11 @@ [Guids] gEfiLegacyBiosGuid =3D {0x2E3044AC, 0x879F, 0x490F, {0x= 97, 0x60, 0xBB, 0xDF, 0xAF, 0x69, 0x5F, 0x50}} gEfiLegacyDevOrderVariableGuid =3D {0xa56074db, 0x65fe, 0x45f7, {0x= bd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}} =20 +[Ppis] + # PPI whose presence in the PPI database signals that the TPM base addre= ss + # has been discovered and recorded + gOvmfTpmDiscoveredPpiGuid =3D {0xb9a61ad0, 0x2802, 0x41f3, {0x= b5, 0x13, 0x96, 0x51, 0xce, 0x6b, 0xd5, 0x75}} + [Protocols] gVirtioDeviceProtocolGuid =3D {0xfa920010, 0x6785, 0x4941, {0x= b6, 0xec, 0x49, 0x8c, 0x57, 0x9f, 0x16, 0x0a}} gXenBusProtocolGuid =3D {0x3d3ca290, 0xb9a5, 0x11e3, {0x= b7, 0x5d, 0xb8, 0xac, 0x6f, 0x7d, 0x65, 0xe6}} diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index e34cd6210611..55684ba045b3 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -25,6 +25,7 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec SecurityPkg/SecurityPkg.dec =20 [LibraryClasses] @@ -43,5 +44,8 @@ [Ppis] [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PROD= UCES =20 -[Depex] +[Depex.IA32, Depex.X64] TRUE + +[Depex.ARM, Depex.AARCH64] + gOvmfTpmDiscoveredPpiGuid --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54780): https://edk2.groups.io/g/devel/message/54780 Mute This Topic: https://groups.io/mt/71530901/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 20:13:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54781+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54781+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1582627509; cv=none; d=zohomail.com; s=zohoarc; b=FNz0N7A7COE9MNmgkPO2ocVpYygwKihZUdMAaq6NOiTp6I/HzOrECMlcpDhE70da9ZDJRHuY4iVmNRjWnnRp1NmlrU6+XCegfZBBK0HiwKcSaS7k27z5O7wmiZ0N4WJDg2H3LOqNnqnIoe3v5qQnykhS3NfEBE/PalJzS8CzX20= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582627509; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=bAPaUiJMYBo9Y/2UBqVhSSmVmshlWVLLeESPvDxjQhc=; b=lCcrCx6xcRZldRad4d4F51qdpA57+2vDwDuci3k+C68qU0F4dwhNWitqYNHZo2EW3yvkW0GHI/wyuvltreR46IurtEu/YekN/8GFW097n0K88FcVACNW8pTWDEa2VkKLenVMyZfBGn6N2MAmbJL2fuPSixK6l0n4c7zfSebfitM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54781+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582627509369371.44626599661103; Tue, 25 Feb 2020 02:45:09 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 6HAJYY1788612xV8yekrTiJ2; Tue, 25 Feb 2020 02:45:08 -0800 X-Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by mx.groups.io with SMTP id smtpd.web10.2241.1582627507505913796 for ; Tue, 25 Feb 2020 02:45:07 -0800 X-Received: by mail-wm1-f65.google.com with SMTP id c84so2611091wme.4 for ; Tue, 25 Feb 2020 02:45:07 -0800 (PST) X-Gm-Message-State: YDjQCqZlsmjXclXwKx9AnJzhx1787277AA= X-Google-Smtp-Source: APXvYqzY94EeuFAnvhKOJSOK/M13e1XUU3DIm2vbZh1bu0ceAZDJqWhqopjTo0Gqb/Fav2rKbxjfOQ== X-Received: by 2002:a1c:9646:: with SMTP id y67mr4512951wmd.42.1582627505843; Tue, 25 Feb 2020 02:45:05 -0800 (PST) X-Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id g14sm13218913wrv.58.2020.02.25.02.45.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2020 02:45:04 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [edk2-devel] [PATCH v2 2/5] ArmVirtPkg/PlatformPeiLib: make PcdLib dependency explicit in .INF Date: Tue, 25 Feb 2020 11:44:46 +0100 Message-Id: <20200225104449.22453-3-ard.biesheuvel@linaro.org> In-Reply-To: <20200225104449.22453-1-ard.biesheuvel@linaro.org> References: <20200225104449.22453-1-ard.biesheuvel@linaro.org> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582627508; bh=vcRIdYpP+ChJhnUHA26zkebnnZZ/jS130ayVS+EbQ+Y=; h=Cc:Date:From:Reply-To:Subject:To; b=B3NfeyL4PTbslIOcth8a4STw4b1ennC0YqW9mbLNAOJQbwPM+CogW5AUMgchxnOD9sq aLIo+u8buw3582dJ6U4FkCOMrMCEaOZU92f/vzDz7cMfuV7+SnWvF0FWkxqhQBR0DmnOT 4bBqoZNh5F9edclEgYTTfNWd1ufEnHZuVeI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" We currently include PcdLib.h in PlatformPeiLib, without declaring this dependency in its .INF description. Since all the PCDs we use resolve to fixed type in practice, this does not really matter at the moment, but since we will be adding dynamic PCD references in a subsequent patch, let's make the PcdLib dependency explicit, so that its dispatch is guaranteed to be ordered correctly with respect to the provider of the dynamic PCD PPI. Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 1 + 1 file changed, 1 insertion(+) diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirt= Pkg/Library/PlatformPeiLib/PlatformPeiLib.inf index 46db117ac28e..5428040f121d 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf @@ -29,6 +29,7 @@ [LibraryClasses] DebugLib HobLib FdtLib + PcdLib =20 [FixedPcd] gArmTokenSpaceGuid.PcdFvSize --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54781): https://edk2.groups.io/g/devel/message/54781 Mute This Topic: https://groups.io/mt/71530902/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 20:13:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54782+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54782+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1582627511; cv=none; d=zohomail.com; s=zohoarc; b=a/RPALOSeV7UAcBy5vVigm+Eppcbxi4TlUaEVMk6IprrjcdAEqL4fh2DZBTRbE7ztvkbMgTbPFZAimVAORGGkrjdiWkACBwH8TEm//SrtFj3KTV+AmIr0CsFwgDB1xpoCMuv7NJQ4HocD5IIrb3fQdjkenIR9ydG1v1uGJp1s7s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582627511; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=fostPbKA6Inflvz/B+L4ro9TEHTAscBFz5BWhF1MmTU=; b=mQ/GaUIjFN44BsJgTsgIWTUUjQm/biJMnPBeI3Y/Rk+fGNBHhq173CS/mFuJNL+MPDVy472ipZKDxWp7w+snF5RYCP459sucfo3z5vjoSWpqubZrKr0+n0lrIf7X17YQ6I/wNQBk+pizPenrZEf7PzushTLp3LYi+YM365lVdHc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54782+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582627511168861.812521760555; Tue, 25 Feb 2020 02:45:11 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id UucKYY1788612xufepueb0QL; Tue, 25 Feb 2020 02:45:09 -0800 X-Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by mx.groups.io with SMTP id smtpd.web09.2209.1582627509050142365 for ; Tue, 25 Feb 2020 02:45:09 -0800 X-Received: by mail-wm1-f66.google.com with SMTP id p9so2472907wmc.2 for ; Tue, 25 Feb 2020 02:45:08 -0800 (PST) X-Gm-Message-State: UqJW9K7p93oLzmFCzwpCDB82x1787277AA= X-Google-Smtp-Source: APXvYqyl8Ytt32yGRBVz8ei6yBQ+L8+nfsP3vQuOiEyw5peqephCpzJnR50PlTwP5qfqexCRCpbTsQ== X-Received: by 2002:a1c:5441:: with SMTP id p1mr4810530wmi.161.1582627507037; Tue, 25 Feb 2020 02:45:07 -0800 (PST) X-Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id g14sm13218913wrv.58.2020.02.25.02.45.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2020 02:45:06 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [edk2-devel] [PATCH v2 3/5] ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT Date: Tue, 25 Feb 2020 11:44:47 +0100 Message-Id: <20200225104449.22453-4-ard.biesheuvel@linaro.org> In-Reply-To: <20200225104449.22453-1-ard.biesheuvel@linaro.org> References: <20200225104449.22453-1-ard.biesheuvel@linaro.org> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582627509; bh=gUYtGJYkZuqY2BYGN3qGvSzR7XEqG9H/iQxaJzkpHsQ=; h=Cc:Date:From:Reply-To:Subject:To; b=F8q3okQeJ3usXZzN81L0mtiDh4YMbsy6U2e0N0vajo5ZSFkHuirwRhyIbt9fTl5pgkI kze58SJpLhcxmcbxJAzVmdL5l2gOnsQd1sswuyMiezyA74xlRsTJZ5DKNTwCy4sa7LfpX 6IbbW/Noyu/iwMrD8IVKCBgNG72ZTWWJCEs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Introduce a boolean PCD that tells us whether TPM support is enabled in the build, and if it is, record the TPM base address in the existing routine that traverses the device tree in the platform PEIM. If a TPM is found, install the gOvmfTpmDiscoveredPpiGuid signalling PPI that will unlock the dispatch of OvmfPkg's Tcg2ConfigPei. If TPM2 support is enabled in the build but no TPM2 device is found, install the gPeiTpmInitializationDonePpiGuid PPI, which is normally installed by Tcg2ConfigPei if no TPM2 is found, but in our case Tcg2ConfigPei will never run so let's do it here instead. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 6 ++ ArmVirtPkg/ArmVirtPkg.dec | 6 ++ ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 101 +++++++++++++++= +++-- ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 19 +++- 4 files changed, 118 insertions(+), 14 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 10037c938eb8..abb253fdf76a 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -366,6 +366,12 @@ [PcdsFixedAtBuild.common] # gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC0000000= 00007FD1 =20 +[PcdsPatchableInModule] + # we need a default resolution for this PCD that supports PcdSet64(), + # even though any actual calls will be compiled out on builds that have + # gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled =3D=3D FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 + [Components.common] # # Ramdisk support diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec index a019cc269d10..08ddd68a863e 100644 --- a/ArmVirtPkg/ArmVirtPkg.dec +++ b/ArmVirtPkg/ArmVirtPkg.dec @@ -36,6 +36,12 @@ [Guids.common] [Protocols] gFdtClientProtocolGuid =3D { 0xE11FACA0, 0x4710, 0x4C8E, { 0xA7, 0xA2, 0= x01, 0xBA, 0xA2, 0x59, 0x1B, 0x4C } } =20 +[PcdsFeatureFlag] + # + # Feature Flag PCD that defines whether TPM2 support is enabled + # + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004 + [PcdsFixedAtBuild, PcdsPatchableInModule] # # This is the physical address where the device tree is expected to be s= tored diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPk= g/Library/PlatformPeiLib/PlatformPeiLib.c index 0a1469550db0..8b5b3dd5dc1c 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c @@ -1,7 +1,7 @@ /** @file * * Copyright (c) 2011-2014, ARM Limited. All rights reserved. -* Copyright (c) 2014, Linaro Limited. All rights reserved. +* Copyright (c) 2014-2020, Linaro Limited. All rights reserved. * * SPDX-License-Identifier: BSD-2-Clause-Patent * @@ -13,11 +13,24 @@ #include #include #include +#include #include =20 #include #include =20 +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2DiscoveredPpi =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gOvmfTpmDiscoveredPpiGuid, + NULL +}; + +STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpm2InitializationDonePpi =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + EFI_STATUS EFIAPI PlatformPeim ( @@ -31,14 +44,18 @@ PlatformPeim ( UINT64 *FdtHobData; UINT64 *UartHobData; INT32 Node, Prev; + INT32 Parent, Depth; CONST CHAR8 *Compatible; CONST CHAR8 *CompItem; CONST CHAR8 *NodeStatus; INT32 Len; + INT32 RangesLen; INT32 StatusLen; CONST UINT64 *RegProp; + CONST UINT32 *RangesProp; UINT64 UartBase; - + UINT64 TpmBase; + EFI_STATUS Status; =20 Base =3D (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddress); ASSERT (Base !=3D NULL); @@ -58,18 +75,18 @@ PlatformPeim ( ASSERT (UartHobData !=3D NULL); *UartHobData =3D 0; =20 - // - // Look for a UART node - // - for (Prev =3D 0;; Prev =3D Node) { - Node =3D fdt_next_node (Base, Prev, NULL); + TpmBase =3D 0; + + for (Prev =3D Depth =3D 0;; Prev =3D Node) { + Node =3D fdt_next_node (Base, Prev, &Depth); if (Node < 0) { break; } =20 - // - // Check for UART node - // + if (Depth =3D=3D 1) { + Parent =3D Node; + } + Compatible =3D fdt_getprop (Base, Node, "compatible", &Len); =20 // @@ -93,10 +110,74 @@ PlatformPeim ( =20 *UartHobData =3D UartBase; break; + } else if (FeaturePcdGet (PcdTpm2SupportEnabled) && + AsciiStrCmp (CompItem, "tcg,tpm-tis-mmio") =3D=3D 0) { + + RegProp =3D fdt_getprop (Base, Node, "reg", &Len); + ASSERT (Len =3D=3D 8 || Len =3D=3D 16); + if (Len =3D=3D 8) { + TpmBase =3D fdt32_to_cpu (RegProp[0]); + } else if (Len =3D=3D 16) { + TpmBase =3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RegProp)); + } + + if (Depth > 1) { + // + // QEMU/mach-virt may put the TPM on the platform bus, in which = case + // we have to take its 'ranges' property into account to transla= te the + // MMIO address. This consists of a + // tuple, where the child base and the size use the same number = of + // cells as the 'reg' property above, and the parent base uses 2= cells + // + RangesProp =3D fdt_getprop (Base, Parent, "ranges", &RangesLen); + ASSERT (RangesProp !=3D NULL); + + // + // a plain 'ranges' attribute without a value implies a 1:1 mapp= ing + // + if (RangesLen !=3D 0) { + // + // assume a single translated range with 2 cells for the paren= t base + // + if (RangesLen !=3D Len + 2 * sizeof (UINT32)) { + DEBUG ((DEBUG_WARN, + "%a: 'ranges' property has unexpected size %d\n", + __FUNCTION__, RangesLen)); + break; + } + + if (Len =3D=3D 8) { + TpmBase -=3D fdt32_to_cpu (RangesProp[0]); + } else { + TpmBase -=3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)Ranges= Prop)); + } + + // + // advance RangesProp to the parent bus address + // + RangesProp =3D (UINT32 *)((UINT8 *)RangesProp + Len / 2); + TpmBase +=3D fdt64_to_cpu (ReadUnaligned64 ((UINT64 *)RangesPr= op)); + } + } + break; } } } =20 + if (FeaturePcdGet (PcdTpm2SupportEnabled)) { + if (TpmBase !=3D 0) { + DEBUG ((DEBUG_INFO, "%a: TPM @ 0x%lx\n", __FUNCTION__, TpmBase)); + + Status =3D (EFI_STATUS)PcdSet64S (PcdTpmBaseAddress, TpmBase); + ASSERT_EFI_ERROR (Status); + + Status =3D PeiServicesInstallPpi (&mTpm2DiscoveredPpi); + } else { + Status =3D PeiServicesInstallPpi (&mTpm2InitializationDonePpi); + } + ASSERT_EFI_ERROR (Status); + } + BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize)); =20 return EFI_SUCCESS; diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirt= Pkg/Library/PlatformPeiLib/PlatformPeiLib.inf index 5428040f121d..3f97ef080520 100644 --- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf @@ -1,7 +1,7 @@ #/** @file # # Copyright (c) 2011-2015, ARM Limited. All rights reserved. -# Copyright (c) 2014, Linaro Limited. All rights reserved. +# Copyright (c) 2014-2020, Linaro Limited. All rights reserved. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -11,7 +11,7 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D PlatformPeiLib FILE_GUID =3D 59C11815-F8DA-4F49-B4FB-EC1E41ED1F06 - MODULE_TYPE =3D SEC + MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D PlatformPeiLib =20 @@ -21,15 +21,21 @@ [Sources] [Packages] ArmPkg/ArmPkg.dec ArmVirtPkg/ArmVirtPkg.dec - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec EmbeddedPkg/EmbeddedPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec + +[FeaturePcd] + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled =20 [LibraryClasses] DebugLib HobLib FdtLib PcdLib + PeiServicesLib =20 [FixedPcd] gArmTokenSpaceGuid.PcdFvSize @@ -38,6 +44,11 @@ [FixedPcd] [Pcd] gArmTokenSpaceGuid.PcdFvBaseAddress gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRO= DUCES + +[Ppis] + gOvmfTpmDiscoveredPpiGuid ## SOMETIMES_PRO= DUCES + gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRO= DUCES =20 [Guids] gEarlyPL011BaseAddressGuid --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54782): https://edk2.groups.io/g/devel/message/54782 Mute This Topic: https://groups.io/mt/71530903/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 20:13:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54783+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54783+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1582627511; cv=none; d=zohomail.com; s=zohoarc; b=Qc4qXikCyI7msiRR6T8FAqQuxetY53SoK3w0WGrXkIcdQd5AhMwU7ixeV0GqvTyTurnEWTfPX1RxKDAh+DMSjDZiT3wxN+RrJuIGm3OeSKWfke05M9L76vTYvpbboen2tMcvKNreaK/roEKS8r6SXtoZ8kKXTRKrzUepl7uiewQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582627511; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=+UViZ0VmNkfFIqEbeX12iRqwIV271JqyhE3COQcde1g=; b=ZHOS9pCw6J9bi6oMSBqKDTlYIv5kpDgI7FM5TfSccVEZhxTHRAiSPxYo78gXPQnv44KEeOyVXeqBqP3MBkibpvbviAC4fTGxIhlEQb9UzRrjQAYepJ61IkvbBPalwPkkMhAJqluZqTgwUcWKaa/EWl1HzC87OUVA3KaFLgbMcm0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54783+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582627511681479.87878991789444; Tue, 25 Feb 2020 02:45:11 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id mf97YY1788612xKKiisttatB; Tue, 25 Feb 2020 02:45:10 -0800 X-Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by mx.groups.io with SMTP id smtpd.web11.2256.1582627509937133881 for ; Tue, 25 Feb 2020 02:45:10 -0800 X-Received: by mail-wm1-f68.google.com with SMTP id a6so2625551wme.2 for ; Tue, 25 Feb 2020 02:45:09 -0800 (PST) X-Gm-Message-State: VsR7SxBVj378J4kVlpAk4Y96x1787277AA= X-Google-Smtp-Source: APXvYqxKb6NJiqc/3NFpURthF7X5/zLySX1vbfIAKdhiurpeLaaCKhFWjI9VEDz5GUPVPiZ+WJN0rw== X-Received: by 2002:a1c:de55:: with SMTP id v82mr4568303wmg.48.1582627508093; Tue, 25 Feb 2020 02:45:08 -0800 (PST) X-Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id g14sm13218913wrv.58.2020.02.25.02.45.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2020 02:45:07 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [edk2-devel] [PATCH v2 4/5] ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib Date: Tue, 25 Feb 2020 11:44:48 +0100 Message-Id: <20200225104449.22453-5-ard.biesheuvel@linaro.org> In-Reply-To: <20200225104449.22453-1-ard.biesheuvel@linaro.org> References: <20200225104449.22453-1-ard.biesheuvel@linaro.org> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582627510; bh=b0GFQ2dwJWjdIJDFTkzUJEOOWtLv4Ib4qFj863ZdMno=; h=Cc:Date:From:Reply-To:Subject:To; b=Uj4u8cuq+CgocPFb6oPthf9qd5JDObILUaOzV11EO0loRuzPLYKiGF2OVmRrt6yPtsz mfT10abI5QUQ6NRkZfT4b8joRzOIlN1GqbCveKvnNgO5U481RvRifgPwy1PBIqk7m2Ns2 fz70m2flGUQU0uLtzO1q9KygUYnITg3Uad8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Implement a ArmVirtPkg specific version of the PSCI ResetSystemLib that is usable in the PEI phase, as the existing one relies on the FDT client protocol, making it unsuitable. Note that accessing the device tree passed by QEMU via its initial base address is guaranteed to be safe at any time during the PEI phase, so we can defer discovery of the PSCI method until the time the reset library is actually invoked (which is rarely) Signed-off-by: Ard Biesheuvel Acked-by: Laszlo Ersek --- ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiL= ib.c | 232 ++++++++++++++++++++ ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiL= ib.inf | 39 ++++ 2 files changed, 271 insertions(+) diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciRes= etSystemPeiLib.c b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtP= sciResetSystemPeiLib.c new file mode 100644 index 000000000000..394a04e3c384 --- /dev/null +++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSyste= mPeiLib.c @@ -0,0 +1,232 @@ +/** @file + Reset System lib using PSCI hypervisor or secure monitor calls + + Copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
+ Copyright (c) 2013, ARM Ltd. All rights reserved.
+ Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.
+ Copyright (c) 2019, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +typedef enum { + PsciMethodUnknown, + PsciMethodSmc, + PsciMethodHvc, +} PSCI_METHOD; + +STATIC +PSCI_METHOD +DiscoverPsciMethod ( + VOID + ) +{ + VOID *DeviceTreeBase; + INT32 Node, Prev; + INT32 Len; + CONST CHAR8 *Compatible; + CONST CHAR8 *CompatibleItem; + CONST VOID *Prop; + + DeviceTreeBase =3D (VOID*)(UINTN)PcdGet64 (PcdDeviceTreeInitialBaseAddre= ss); + ASSERT (fdt_check_header (DeviceTreeBase) =3D=3D 0); + + // + // Enumerate all FDT nodes looking for the PSCI node and capture the met= hod + // + for (Prev =3D 0;; Prev =3D Node) { + Node =3D fdt_next_node (DeviceTreeBase, Prev, NULL); + if (Node < 0) { + break; + } + + Compatible =3D fdt_getprop (DeviceTreeBase, Node, "compatible", &Len); + if (Compatible =3D=3D NULL) { + continue; + } + + // + // Iterate over the NULL-separated items in the compatible string + // + for (CompatibleItem =3D Compatible; CompatibleItem < Compatible + Len; + CompatibleItem +=3D 1 + AsciiStrLen (CompatibleItem)) { + + if (AsciiStrCmp (CompatibleItem, "arm,psci-0.2") !=3D 0) { + continue; + } + + Prop =3D fdt_getprop (DeviceTreeBase, Node, "method", NULL); + if (!Prop) { + DEBUG ((DEBUG_ERROR, "%a: Missing PSCI method property\n", + __FUNCTION__)); + return PsciMethodUnknown; + } + + if (AsciiStrnCmp (Prop, "hvc", 3) =3D=3D 0) { + return PsciMethodHvc; + } else if (AsciiStrnCmp (Prop, "smc", 3) =3D=3D 0) { + return PsciMethodSmc; + } else { + DEBUG ((DEBUG_ERROR, "%a: Unknown PSCI method \"%a\"\n", __FUNCTIO= N__, + Prop)); + return PsciMethodUnknown; + } + } + } + return PsciMethodUnknown; +} + +STATIC +VOID +PerformPsciAction ( + IN UINTN Arg0 + ) +{ + ARM_SMC_ARGS ArmSmcArgs; + ARM_HVC_ARGS ArmHvcArgs; + + ArmSmcArgs.Arg0 =3D Arg0; + ArmHvcArgs.Arg0 =3D Arg0; + + switch (DiscoverPsciMethod ()) { + case PsciMethodHvc: + ArmCallHvc (&ArmHvcArgs); + break; + + case PsciMethodSmc: + ArmCallSmc (&ArmSmcArgs); + break; + + default: + DEBUG ((DEBUG_ERROR, "%a: no PSCI method defined\n", __FUNCTION__)); + ASSERT (FALSE); + } +} + +/** + This function causes a system-wide reset (cold reset), in which + all circuitry within the system returns to its initial state. This type = of reset + is asynchronous to system operation and operates without regard to + cycle boundaries. + + If this function returns, it means that the system does not support cold= reset. +**/ +VOID +EFIAPI +ResetCold ( + VOID + ) +{ + // Send a PSCI 0.2 SYSTEM_RESET command + PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_RESET); +} + +/** + This function causes a system-wide initialization (warm reset), in which= all processors + are set to their initial state. Pending cycles are not corrupted. + + If this function returns, it means that the system does not support warm= reset. +**/ +VOID +EFIAPI +ResetWarm ( + VOID + ) +{ + // Map a warm reset into a cold reset + ResetCold (); +} + +/** + This function causes the system to enter a power state equivalent + to the ACPI G2/S5 or G3 states. + + If this function returns, it means that the system does not support shut= down reset. +**/ +VOID +EFIAPI +ResetShutdown ( + VOID + ) +{ + // Send a PSCI 0.2 SYSTEM_OFF command + PerformPsciAction (ARM_SMC_ID_PSCI_SYSTEM_OFF); +} + +/** + This function causes a systemwide reset. The exact type of the reset is + defined by the EFI_GUID that follows the Null-terminated Unicode string = passed + into ResetData. If the platform does not recognize the EFI_GUID in Reset= Data + the platform must pick a supported reset type to perform.The platform may + optionally log the parameters from any non-normal reset that occurs. + + @param[in] DataSize The size, in bytes, of ResetData. + @param[in] ResetData The data buffer starts with a Null-terminated str= ing, + followed by the EFI_GUID. +**/ +VOID +EFIAPI +ResetPlatformSpecific ( + IN UINTN DataSize, + IN VOID *ResetData + ) +{ + // Map the platform specific reset as reboot + ResetCold (); +} + +/** + The ResetSystem function resets the entire platform. + + @param[in] ResetType The type of reset to perform. + @param[in] ResetStatus The status code for the reset. + @param[in] DataSize The size, in bytes, of ResetData. + @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm,= or EfiResetShutdown + the data buffer starts with a Null-terminated = string, optionally + followed by additional binary data. The string= is a description + that the caller may use to further indicate th= e reason for the + system reset. +**/ +VOID +EFIAPI +ResetSystem ( + IN EFI_RESET_TYPE ResetType, + IN EFI_STATUS ResetStatus, + IN UINTN DataSize, + IN VOID *ResetData OPTIONAL + ) +{ + switch (ResetType) { + case EfiResetWarm: + ResetWarm (); + break; + + case EfiResetCold: + ResetCold (); + break; + + case EfiResetShutdown: + ResetShutdown (); + return; + + case EfiResetPlatformSpecific: + ResetPlatformSpecific (DataSize, ResetData); + return; + + default: + return; + } +} diff --git a/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciRes= etSystemPeiLib.inf b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVir= tPsciResetSystemPeiLib.inf new file mode 100644 index 000000000000..3a65706e8dc6 --- /dev/null +++ b/ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSyste= mPeiLib.inf @@ -0,0 +1,39 @@ +#/** @file +# Reset System lib using PSCI hypervisor or secure monitor calls +# +# Copyright (c) 2008, Apple Inc. All rights reserved.
+# Copyright (c) 2014-2020, Linaro Ltd. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +#**/ + +[Defines] + INF_VERSION =3D 1.27 + BASE_NAME =3D ArmVirtPsciResetSystemPeiLib + FILE_GUID =3D 551cfb98-c185-41a3-86bf-8cdb7e2a530c + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D ResetSystemLib|PEIM + +[Sources] + ArmVirtPsciResetSystemPeiLib.c + +[Packages] + ArmPkg/ArmPkg.dec + ArmVirtPkg/ArmVirtPkg.dec + EmbeddedPkg/EmbeddedPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + ArmSmcLib + ArmHvcLib + BaseLib + DebugLib + FdtLib + HobLib + +[Pcd] + gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54783): https://edk2.groups.io/g/devel/message/54783 Mute This Topic: https://groups.io/mt/71530904/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 19 20:13:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+54784+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54784+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1582627513; cv=none; d=zohomail.com; s=zohoarc; b=nMUq6Cg2TGVacSIUXBtUWVRFXBSi/PMbxYDR9QSXRy7RqZ593oEXJb6qBNsgmMZSvWWwydTAPV+//yr2L5fM/xQOJ7GMrpWVJZ1t84YI4euSdc/naPIRq/+SyfComxcKCgqht8vytcQx9c+Y4B2ElPQOE/YnlzBTfLWjrsSFjo0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1582627513; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To; bh=7jUEx16rF+FXFDZsXaDTts1KZXwVBCvuW0Ce6K3BZVY=; b=FVJi7AHzwEc+JZiM34Lf35SpcLQlqU2E28pq6owHpFkg0NC/Nn7yPD9jjQuKNME2r0Wn0gGEvfHWFjHqNaAsI2K2UGdoFJagpnLgx+gEnjTc4Eq4EOnPwDuLU2nBiP9RMFxurWapN4s3YqxV8JKZanw1/OgD6ZL8/zAvbojdAng= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+54784+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1582627513100851.6575734123422; Tue, 25 Feb 2020 02:45:13 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id kKVXYY1788612xH1YdwaZiJ3; Tue, 25 Feb 2020 02:45:12 -0800 X-Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.web11.2257.1582627511279247632 for ; Tue, 25 Feb 2020 02:45:11 -0800 X-Received: by mail-wr1-f49.google.com with SMTP id w12so14134409wrt.2 for ; Tue, 25 Feb 2020 02:45:11 -0800 (PST) X-Gm-Message-State: 9Zyu3QbT1LIfnXSuGvv5XL4Px1787277AA= X-Google-Smtp-Source: APXvYqx10oazA5MIF6gMFkhcgHYMRPA1yr9h2zxgdGg45+gz75ySkUJIKBzdj0iBs9R8dBSO9I/tyw== X-Received: by 2002:a05:6000:ca:: with SMTP id q10mr10777830wrx.78.1582627509538; Tue, 25 Feb 2020 02:45:09 -0800 (PST) X-Received: from e123331-lin.home ([2a01:cb1d:112:6f00:816e:ff0d:fb69:f613]) by smtp.gmail.com with ESMTPSA id g14sm13218913wrv.58.2020.02.25.02.45.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Feb 2020 02:45:08 -0800 (PST) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , lersek@redhat.com, eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com Subject: [edk2-devel] [PATCH v2 5/5] ArmVirtPkg/ArmVirtQemu: add optional support for TPM2 measured boot Date: Tue, 25 Feb 2020 11:44:49 +0100 Message-Id: <20200225104449.22453-6-ard.biesheuvel@linaro.org> In-Reply-To: <20200225104449.22453-1-ard.biesheuvel@linaro.org> References: <20200225104449.22453-1-ard.biesheuvel@linaro.org> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ard.biesheuvel@linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1582627512; bh=zlhVIHyEKpeOGuqNUeZ4z2HJ+/eQjejQM8O6bB5MQ/I=; h=Cc:Date:From:Reply-To:Subject:To; b=v3e6qZUXRJPNKcOeFflc5oOpSe7lN5/D01zWvsEVAKPe4VdxgTPiSSnTatuLZK43Us0 +XXVkmPhh8rykktBpc7SVAO4x0Og+5TBSE3VfGTCX9X3K6Vh4K5KyKhS6DTVmVzkpZZNl NeDmvCXIMmJXDc+j/viBk+6tbP9IgTBxod8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Duplicate the TPM2_ENABLE and TPM2_CONFIG_ENABLE build time flags that already exist in OvmfPkg, and wire them up in the .DSC and .FDF so that setting those flags produces a ArmVirtQemu build that implements measured boot using a TPM provided by QEMU and described in the device tree. Note that the TPM2 driver stack relies on a PEI phase being implemented, so there is no point in enabling this for ArmVirtQemuKernel or ArmVirtXen. Also note that, despite ArmVirtQemuKernel being unaffected by this patch, ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc is being modified, for keeping the contexts of the referring !include directives simple. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirtQemu.dsc | 75 ++++++++++++++++++++ ArmVirtPkg/ArmVirtQemu.fdf | 6 ++ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 10 +++ 3 files changed, 91 insertions(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 7ae6702ac1f0..e8ea711e1a17 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -29,6 +29,8 @@ [Defines] # DEFINE TTY_TERMINAL =3D FALSE DEFINE SECURE_BOOT_ENABLE =3D FALSE + DEFINE TPM2_ENABLE =3D FALSE + DEFINE TPM2_CONFIG_ENABLE =3D FALSE =20 # # Network definition @@ -74,12 +76,32 @@ [LibraryClasses.common] PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.i= nf PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridge= Lib.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf +!endif + [LibraryClasses.common.PEIM] ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoP= eiLib.inf + ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.= inf + +!if $(TPM2_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif =20 [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif + [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf =20 @@ -100,6 +122,8 @@ [PcdsFeatureFlag.common] =20 gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE =20 + gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) + [PcdsFixedAtBuild.common] !if $(ARCH) =3D=3D AARCH64 gArmTokenSpaceGuid.PcdVFPEnabled|1 @@ -237,9 +261,20 @@ [PcdsDynamicDefault.common] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0 +!endif + [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGui= d|0x0|FALSE|NV,BS =20 +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS +!endif + ##########################################################################= ###### # # Components Section - list of all EDK II Modules needed by this Platform @@ -261,6 +296,23 @@ [Components.common] =20 MdeModulePkg/Universal/Variable/Pei/VariablePei.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf { + + ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVi= rtPsciResetSystemPeiLib.inf + } + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!endif + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompre= ssLib.inf @@ -295,6 +347,9 @@ [Components.common] MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf +!if $(TPM2_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf +!endif } SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf @@ -430,6 +485,26 @@ [Components.common] MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf =20 + # + # TPM2 support + # +!if $(TPM2_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif + # # ACPI Support # diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf index 2c8936a1ae15..b5e2253295fe 100644 --- a/ArmVirtPkg/ArmVirtQemu.fdf +++ b/ArmVirtPkg/ArmVirtQemu.fdf @@ -113,6 +113,12 @@ [FV.FVMAIN_COMPACT] INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf =20 +!if $(TPM2_ENABLE) =3D=3D TRUE + INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf + INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +!endif + FILE FV_IMAGE =3D 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { SECTION GUIDED EE4E5898-3914-4259-9D6E-DC7BD79403CF PROCESSING_REQUIRE= D =3D TRUE { SECTION FV_IMAGE =3D FVMAIN diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuF= vMain.fdf.inc index 31f615a9d0f9..d481e4b2b8fb 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc @@ -182,3 +182,13 @@ [FV.FvMain] # Ramdisk support # INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf + + # + # TPM2 support + # +!if $(TPM2_ENABLE) =3D=3D TRUE + INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE + INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#54784): https://edk2.groups.io/g/devel/message/54784 Mute This Topic: https://groups.io/mt/71530906/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-