[v4] ArmVirtPkg: implement measured boot for ArmVirtQemu

[edk2-devel] [PATCH v4 00/11] ArmVirtPkg: implement measured boot for ArmVirtQemu

Posted by Ard Biesheuvel 4 years, 1 month ago

Wire up the various existing pieces so that we can implement measured
boot on ArmVirtQemu based on the TPM support in QEMU, just like it has
been implemented for x86 in OvmfPkg.

The main difference is that on ARM, we first need to discover the TPM base
address from the device tree provided by QEMU, as well as the PSCI method
used to perform a cold reset.

Changes since v3:
- add Laszlo's ack to patches #3, #5, #6, #10 and #11
- incorporate Laszlo's review feedback, including splitting off #7 and #8
  from patch #9

Changes since v2:
- add Laszlo's ack to patches #2 and #4
- add PcdTpm2SupportEnabled PCD declarations to all individual platforms in
  ArmVirtPkg, even though only ArmVirtQemu really needs it
- split patch #5 into several patches

Changes since v1:
- use a separate ResetSystemLib instance based on on-demand parsing of the
  DT, and expose it via the ResetSystem PPI to other client PEIMs
- add Laszlo's ack to #1
- incorporate Laszlo's review feedback across the board

Code can also be found at:
https://github.com/ardbiesheuvel/edk2/tree/armvirt-tpm

Cc: lersek@redhat.com
Cc: eric.auger@redhat.com
Cc: philmd@redhat.com
Cc: marcandre.lureau@redhat.com
Cc: stefanb@linux.ibm.com
Cc: leif@nuviainc.com

Ard Biesheuvel (11):
  OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex on
  ArmVirtPkg/PlatformPeiLib: make PcdLib dependency explicit in .INF
  ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT
  ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib
  ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2 support
  ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase
  ArmVirtPkg; avoid DxeTpmMeasurementLib in shared .DSC
  ArmVirtPkg: unshare TpmMeasurementLib resolution between platforms
  ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2 support module
  ArmVirtPkg/ArmVirtQemu: enable the TPM2 configuration module
  ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot

 ArmVirtPkg/ArmVirt.dsc.inc                                                       |   2 -
 ArmVirtPkg/ArmVirtPkg.dec                                                        |   6 +
 ArmVirtPkg/ArmVirtQemu.dsc                                                       |  76 +++++++
 ArmVirtPkg/ArmVirtQemu.fdf                                                       |   6 +
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc                                             |  10 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc                                                 |   7 +
 ArmVirtPkg/ArmVirtXen.dsc                                                        |   7 +
 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c   | 232 ++++++++++++++++++++
 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf |  39 ++++
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c                               | 101 ++++++++-
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf                             |  20 +-
 OvmfPkg/OvmfPkg.dec                                                              |   5 +
 OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf                                         |   6 +-
 13 files changed, 500 insertions(+), 17 deletions(-)
 create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.c
 create mode 100644 ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf

-- 
2.20.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#55004): https://edk2.groups.io/g/devel/message/55004
Mute This Topic: https://groups.io/mt/71587883/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 00/11] ArmVirtPkg: implement measured boot for ArmVirtQemu

Posted by Laszlo Ersek 4 years, 1 month ago

On 02/27/20 15:40, Ard Biesheuvel wrote:
> Wire up the various existing pieces so that we can implement measured
> boot on ArmVirtQemu based on the TPM support in QEMU, just like it has
> been implemented for x86 in OvmfPkg.
> 
> The main difference is that on ARM, we first need to discover the TPM base
> address from the device tree provided by QEMU, as well as the PSCI method
> used to perform a cold reset.
> 
> Changes since v3:
> - add Laszlo's ack to patches #3, #5, #6, #10 and #11
> - incorporate Laszlo's review feedback, including splitting off #7 and #8
>   from patch #9

Before you merge this set after edk2-stable202002 is tagged, please add
the following line to each commit message in the series:

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560

Thanks!
Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#55035): https://edk2.groups.io/g/devel/message/55035
Mute This Topic: https://groups.io/mt/71587883/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 00/11] ArmVirtPkg: implement measured boot for ArmVirtQemu

Posted by Ard Biesheuvel 4 years, 1 month ago

On Thu, 27 Feb 2020 at 19:14, Laszlo Ersek <lersek@redhat.com> wrote:
>
> On 02/27/20 15:40, Ard Biesheuvel wrote:
> > Wire up the various existing pieces so that we can implement measured
> > boot on ArmVirtQemu based on the TPM support in QEMU, just like it has
> > been implemented for x86 in OvmfPkg.
> >
> > The main difference is that on ARM, we first need to discover the TPM base
> > address from the device tree provided by QEMU, as well as the PSCI method
> > used to perform a cold reset.
> >
> > Changes since v3:
> > - add Laszlo's ack to patches #3, #5, #6, #10 and #11
> > - incorporate Laszlo's review feedback, including splitting off #7 and #8
> >   from patch #9
>
> Before you merge this set after edk2-stable202002 is tagged, please add
> the following line to each commit message in the series:
>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
>

Will do, thanks for the reminder.

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#55036): https://edk2.groups.io/g/devel/message/55036
Mute This Topic: https://groups.io/mt/71587883/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v4 00/11] ArmVirtPkg: implement measured boot for ArmVirtQemu

Posted by Ard Biesheuvel 4 years, 1 month ago

On Thu, 27 Feb 2020 at 15:40, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
> Wire up the various existing pieces so that we can implement measured
> boot on ArmVirtQemu based on the TPM support in QEMU, just like it has
> been implemented for x86 in OvmfPkg.
>
> The main difference is that on ARM, we first need to discover the TPM base
> address from the device tree provided by QEMU, as well as the PSCI method
> used to perform a cold reset.
>
> Changes since v3:
> - add Laszlo's ack to patches #3, #5, #6, #10 and #11
> - incorporate Laszlo's review feedback, including splitting off #7 and #8
>   from patch #9
>
> Changes since v2:
> - add Laszlo's ack to patches #2 and #4
> - add PcdTpm2SupportEnabled PCD declarations to all individual platforms in
>   ArmVirtPkg, even though only ArmVirtQemu really needs it
> - split patch #5 into several patches
>
> Changes since v1:
> - use a separate ResetSystemLib instance based on on-demand parsing of the
>   DT, and expose it via the ResetSystem PPI to other client PEIMs
> - add Laszlo's ack to #1
> - incorporate Laszlo's review feedback across the board
>
> Code can also be found at:
> https://github.com/ardbiesheuvel/edk2/tree/armvirt-tpm
>
> Cc: lersek@redhat.com
> Cc: eric.auger@redhat.com
> Cc: philmd@redhat.com
> Cc: marcandre.lureau@redhat.com
> Cc: stefanb@linux.ibm.com
> Cc: leif@nuviainc.com
>
> Ard Biesheuvel (11):
>   OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex on
>   ArmVirtPkg/PlatformPeiLib: make PcdLib dependency explicit in .INF
>   ArmVirtPkg/PlatformPeiLib: discover the TPM base address from the DT
>   ArmVirtPkg: implement ArmVirtPsciResetSystemPeiLib
>   ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2 support
>   ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase
>   ArmVirtPkg; avoid DxeTpmMeasurementLib in shared .DSC
>   ArmVirtPkg: unshare TpmMeasurementLib resolution between platforms
>   ArmVirtPkg/ArmVirtQemu: enable the DXE phase TPM2 support module
>   ArmVirtPkg/ArmVirtQemu: enable the TPM2 configuration module
>   ArmVirtPkg/ArmVirtQemu: enable TPM2 based measured boot
>

Replied to the wrong cover letter before.

*This* version is now merged as edk2-stable202002..0980779a9ddc


Thanks all.

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#55374): https://edk2.groups.io/g/devel/message/55374
Mute This Topic: https://groups.io/mt/71587883/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-