From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80116+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80116+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539282; cv=none; d=zohomail.com; s=zohoarc; b=E1sg8dKV9hiV787k8ftpO7/00fSjWv9KB45SmaooZ5D72YFs3fHE4vO5GVJhwEH0jju7APP0Shz8Wyg0bypSGz5r5FUjyfudTZUFJhdJ6c1yxP/dlPy8DUj479jn8K3lNtfcQkIoJmhmPRKrDuyrItzIyv5tytk44GoIkniNSSY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539282; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=6lLj2JpSVIMyh5/QN2YBD1qL8B/Me7JZoE/j5pzvvPU=; b=EDhFyLRTnc7BVJYEBznok8soIduqdYNN2kJXefpUEdd4oIZDIxAAcJ1aJLGGrtJlkm/IJTCzBQCYN2XHDhqj0Yc+c9KFzxpyG7hmyQHf+zgNn6JbkQJKqiXBOQhIx4sJn+cT53+c3imRGl9leIxoozS3x5opNcMotnD0OnwKRps= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80116+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539282743314.45283716882625; Wed, 1 Sep 2021 16:34:42 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xNUIYY1788612xEFZJWs9gga; Wed, 01 Sep 2021 16:34:42 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web11.1372.1630527167836421211 for ; Wed, 01 Sep 2021 13:12:48 -0700 X-Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K9AiI044790; Wed, 1 Sep 2021 16:12:47 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3ateuqj41t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:46 -0400 X-Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181KAths055680; Wed, 1 Sep 2021 16:12:46 -0400 X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0b-001b2d01.pphosted.com with ESMTP id 3ateuqj41g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:46 -0400 X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181KCj17008049; Wed, 1 Sep 2021 20:12:45 GMT X-Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma01wdc.us.ibm.com with ESMTP id 3atdxcb5pt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:45 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KCiNc48497136 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:44 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 22DC4BE053; Wed, 1 Sep 2021 20:12:44 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 43DDEBE04F; Wed, 1 Sep 2021 20:12:43 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:43 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 1/8] SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms Date: Wed, 1 Sep 2021 16:12:31 -0400 Message-Id: <20210901201238.3152761-2-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: WMaj2u9KQVMQeMK6a7NI2jFollZWR7vo X-Proofpoint-GUID: 0A2FbIy1GT3oFGXQS-sCUhdKLPQO1OQf X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: rAP2CwowkfLWbSvaOq8tAcqSx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539282; bh=+246aeOBuGWWT2zjO8mzNzbb7G4danF4mhbn6Dm+TNQ=; h=Cc:Date:From:Reply-To:Subject:To; b=xRHA5t31OtPd9ZMtU6ou1EPCCRQconAMojwNPBHYpVb3h+fI6tdgNVzrPsA/yRCoO48 aX28GNSLkQbOVmZAQOPlaMPJ5DGvE6ra2wKIigIUj9MH20FAZJe/9NJhkIFUne6FcTF8N rLyrD10yyFEax5L6jZaVUcJUYsO+vKQtlvk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630539284439100010 Content-Type: text/plain; charset="utf-8" Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms. Signed-off-by: Stefan Berger --- .../Include/Library/TpmPlatformHierarchyLib.h | 27 ++ .../PeiDxeTpmPlatformHierarchyLib.c | 266 ++++++++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 45 +++ 3 files changed, 338 insertions(+) create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDx= eTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDx= eTpmPlatformHierarchyLib.inf diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/Securi= tyPkg/Include/Library/TpmPlatformHierarchyLib.h new file mode 100644 index 0000000000..a872fa09dc --- /dev/null +++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h @@ -0,0 +1,27 @@ +/** @file + TPM Platform Hierarchy configuration library. + + This library provides functions for customizing the TPM's Platform Hie= rarchy + Authorization Value (platformAuth) and Platform Hierarchy Authorization + Policy (platformPolicy) can be defined through this function. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_ +#define _TPM_PLATFORM_HIERARCHY_LIB_H_ + +/** + This service will perform the TPM Platform Hierarchy configuration at t= he SmmReadyToLock event. + +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + VOID + ); + +#endif diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/Pei= DxeTpmPlatformHierarchyLib.c new file mode 100644 index 0000000000..9812ab99ab --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c @@ -0,0 +1,266 @@ +/** @file + TPM Platform Hierarchy configuration library. + + This library provides functions for customizing the TPM's Platform Hie= rarchy + Authorization Value (platformAuth) and Platform Hierarchy Authorization + Policy (platformPolicy) can be defined through this function. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-g= uidance/ +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +// +// The authorization value may be no larger than the digest produced by th= e hash +// algorithm used for context integrity. +// +#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE + +UINT16 mAuthSize; + +/** + Generate high-quality entropy source through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy da= ta. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +RdRandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ) +{ + EFI_STATUS Status; + UINTN BlockCount; + UINT64 Seed[2]; + UINT8 *Ptr; + + Status =3D EFI_NOT_READY; + BlockCount =3D Length / 64; + Ptr =3D (UINT8 *)Entropy; + + // + // Generate high-quality seed for DRBG Entropy + // + while (BlockCount > 0) { + Status =3D GetRandomNumber128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, 64); + + BlockCount--; + Ptr =3D Ptr + 64; + } + + // + // Populate the remained data as request. + // + Status =3D GetRandomNumber128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, (Length % 64)); + + return Status; +} + +/** + This function returns the maximum size of TPM2B_AUTH; this structure is = used for an authorization value + and limits an authValue to being no larger than the largest digest produ= ced by a TPM. + + @param[out] AuthSize Tpm2 Auth size + + @retval EFI_SUCCESS Auth size returned. + @retval EFI_DEVICE_ERROR Can not return platform auth due to= device error. + +**/ +EFI_STATUS +EFIAPI +GetAuthSize ( + OUT UINT16 *AuthSize + ) +{ + EFI_STATUS Status; + TPML_PCR_SELECTION Pcrs; + UINTN Index; + UINT16 DigestSize; + + Status =3D EFI_SUCCESS; + + while (mAuthSize =3D=3D 0) { + + mAuthSize =3D SHA1_DIGEST_SIZE; + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); + Status =3D Tpm2GetCapabilityPcrs (&Pcrs); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); + break; + } + + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count)); + + for (Index =3D 0; Index < Pcrs.count; Index++) { + DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash)); + + switch (Pcrs.pcrSelections[Index].hash) { + case TPM_ALG_SHA1: + DigestSize =3D SHA1_DIGEST_SIZE; + break; + case TPM_ALG_SHA256: + DigestSize =3D SHA256_DIGEST_SIZE; + break; + case TPM_ALG_SHA384: + DigestSize =3D SHA384_DIGEST_SIZE; + break; + case TPM_ALG_SHA512: + DigestSize =3D SHA512_DIGEST_SIZE; + break; + case TPM_ALG_SM3_256: + DigestSize =3D SM3_256_DIGEST_SIZE; + break; + default: + DigestSize =3D SHA1_DIGEST_SIZE; + break; + } + + if (DigestSize > mAuthSize) { + mAuthSize =3D DigestSize; + } + } + break; + } + + *AuthSize =3D mAuthSize; + return Status; +} + +/** + Set PlatformAuth to random value. +**/ +VOID +RandomizePlatformAuth ( + VOID + ) +{ + EFI_STATUS Status; + UINT16 AuthSize; + UINT8 *Rand; + UINTN RandSize; + TPM2B_AUTH NewPlatformAuth; + + // + // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth= being null + // + + GetAuthSize (&AuthSize); + + ZeroMem (NewPlatformAuth.buffer, AuthSize); + NewPlatformAuth.size =3D AuthSize; + + // + // Allocate one buffer to store random data. + // + RandSize =3D MAX_NEW_AUTHORIZATION_SIZE; + Rand =3D AllocatePool (RandSize); + + RdRandGenerateEntropy (RandSize, Rand); + CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); + + FreePool (Rand); + + // + // Send Tpm2HierarchyChangeAuth command with the new Auth value + // + Status =3D Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformA= uth); + DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); + ZeroMem (NewPlatformAuth.buffer, AuthSize); + ZeroMem (Rand, RandSize); +} + +/** + Disable the TPM platform hierarchy. + + @retval EFI_SUCCESS The TPM was disabled successfully. + @retval Others An error occurred attempting to disable the = TPM platform hierarchy. + +**/ +EFI_STATUS +DisableTpmPlatformHierarchy ( + VOID + ) +{ + EFI_STATUS Status; + + // Make sure that we have use of the TPM. + Status =3D Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", gEfiC= allerBaseName, __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + return Status; + } + + // Let's do what we can to shut down the hierarchies. + + // Disable the PH NV. + // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TP= M parts have + // been known to store the EK cert in the PH NV. If we d= isable it, the + // EK cert will be unreadable. + + // Disable the PH. + Status =3D Tpm2HierarchyControl ( + TPM_RH_PLATFORM, // AuthHandle + NULL, // AuthSession + TPM_RH_PLATFORM, // Hierarchy + NO // State + ); + DEBUG ((DEBUG_VERBOSE, "%a:%a() - Disable PH =3D %r\n", gEfiCallerBaseN= ame, __FUNCTION__, Status)); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a:%a() - Disable PH Failed! %r\n", gEfiCallerB= aseName, __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + } + + return Status; +} + +/** + This service defines the configuration of the Platform Hierarchy Author= ization Value (platformAuth) + and Platform Hierarchy Authorization Policy (platformPolicy) + +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + ) +{ + if (PcdGetBool (PcdRandomizePlatformHierarchy)) { + // + // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAu= th being null + // + RandomizePlatformAuth (); + } else { + // + // Disable the hierarchy entirely (do not randomize it) + // + DisableTpmPlatformHierarchy (); + } +} diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P= eiDxeTpmPlatformHierarchyLib.inf new file mode 100644 index 0000000000..b7a7fb0a08 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf @@ -0,0 +1,45 @@ +### @file +# +# TPM Platform Hierarchy configuration library. +# +# This library provides functions for customizing the TPM's Platform Hie= rarchy +# Authorization Value (platformAuth) and Platform Hierarchy Authorization +# Policy (platformPolicy) can be defined through this function. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PeiDxeTpmPlatformHierarchyLib + FILE_GUID =3D 7794F92C-4E8E-4E57-9E4A-49A0764C7D73 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV= ER + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + PcdLib + RngLib + Tpm2CommandLib + Tpm2DeviceLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + MinPlatformPkg/MinPlatformPkg.dec + +[Sources] + PeiDxeTpmPlatformHierarchyLib.c + +[Pcd] + gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80116): https://edk2.groups.io/g/devel/message/80116 Mute This Topic: https://groups.io/mt/85316774/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80117+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80117+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539282; cv=none; d=zohomail.com; s=zohoarc; b=lq2dhRmPYBdXtQyhF4QQWW2yj2TMQKflOIbzQIv7pcar9bnhJnnEdqKxBOVTC/mzVuiJvImQuUzjC+VJLmq7ZCucWR8VYt0xB3w8H4TqIKCS522DEIDAqK4pDo4sKS8Si5FV2zldfGjfOvEpE6w5eeWFnPOsXnUihmUN/loyNb8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539282; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=duXeUXkWkeqW3qZVtURVsDHcv3Fii4F6XrZIcj79LMQ=; b=Y39tfRYlSARUnGt39KQD/MnFbHNhm1CzSijCmg8awwUNLYiKJrMENBOSaTE5+TiPXs8Kyf9k4JvwwbL3y2lwI6K2D3jdQGTVs8RUPyVTCe8dpdIppc6F1dsnvJitZSxyG9ZMM5r+GnTE2dG04bysAu/dQ1ZqN9rbyjt6yoKwG8c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80117+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539282943917.1634341331381; Wed, 1 Sep 2021 16:34:42 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id CNusYY1788612xaGmsSWAFxq; Wed, 01 Sep 2021 16:34:42 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.1390.1630527168840343627 for ; Wed, 01 Sep 2021 13:12:49 -0700 X-Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K98Rg121198; Wed, 1 Sep 2021 16:12:48 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atg7s06wg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:48 -0400 X-Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181K9JnN128522; Wed, 1 Sep 2021 16:12:47 -0400 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atg7s06w6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:47 -0400 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181KCkF9017568; Wed, 1 Sep 2021 20:12:46 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma03dal.us.ibm.com with ESMTP id 3atdxbkxas-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:46 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KCjJ819792386 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:45 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4ADBDBE056; Wed, 1 Sep 2021 20:12:45 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 57233BE05B; Wed, 1 Sep 2021 20:12:44 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:44 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 2/8] SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib Date: Wed, 1 Sep 2021 16:12:32 -0400 Message-Id: <20210901201238.3152761-3-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 01DLiiJO-o0RtPVL4NVNCCsfzyQ-gXif X-Proofpoint-ORIG-GUID: Xqdg5CitmCRkK-qW8vfWw3hg8XEOQOme Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: Mq8ofABfNYlT2W3nPoy8amM2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539282; bh=h0gBwjWHHnl7O6U+9Ye2hdabbiLRnSg1Q5EJSLAmi40=; h=Cc:Date:From:Reply-To:Subject:To; b=ndABPxJgeM4J6g3dx5IpB6VBMREthiGSI28IQiRmUpRZ74D+BC0klibB3qfixDEenMy od3lhfYjogZRej86dgMtM2N/fZdhjsDBH+X8NgMuGHFPVtAp5Yt2/y5bJdKPbZ2InN/Fh Kox0sQIJCbwiEN7r+Rgu3Xpwv7samB7CycE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630539284401100005 Content-Type: text/plain; charset="utf-8" Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c. Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.c | 23 +++++-------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/Pei= DxeTpmPlatformHierarchyLib.c index 9812ab99ab..d82a0ae1bd 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include @@ -27,7 +26,6 @@ // The authorization value may be no larger than the digest produced by th= e hash // algorithm used for context integrity. // -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE =20 UINT16 mAuthSize; =20 @@ -54,7 +52,7 @@ RdRandGenerateEntropy ( UINT8 *Ptr; =20 Status =3D EFI_NOT_READY; - BlockCount =3D Length / 64; + BlockCount =3D Length / sizeof(Seed); Ptr =3D (UINT8 *)Entropy; =20 // @@ -65,10 +63,10 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, 64); + CopyMem (Ptr, Seed, sizeof(Seed)); =20 BlockCount--; - Ptr =3D Ptr + 64; + Ptr =3D Ptr + sizeof(Seed); } =20 // @@ -78,7 +76,7 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, (Length % 64)); + CopyMem (Ptr, Seed, (Length % sizeof(Seed))); =20 return Status; } @@ -164,8 +162,6 @@ RandomizePlatformAuth ( { EFI_STATUS Status; UINT16 AuthSize; - UINT8 *Rand; - UINTN RandSize; TPM2B_AUTH NewPlatformAuth; =20 // @@ -174,19 +170,13 @@ RandomizePlatformAuth ( =20 GetAuthSize (&AuthSize); =20 - ZeroMem (NewPlatformAuth.buffer, AuthSize); NewPlatformAuth.size =3D AuthSize; =20 // - // Allocate one buffer to store random data. + // Create the random bytes in the destination buffer // - RandSize =3D MAX_NEW_AUTHORIZATION_SIZE; - Rand =3D AllocatePool (RandSize); - - RdRandGenerateEntropy (RandSize, Rand); - CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); =20 - FreePool (Rand); + RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer); =20 // // Send Tpm2HierarchyChangeAuth command with the new Auth value @@ -194,7 +184,6 @@ RandomizePlatformAuth ( Status =3D Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformA= uth); DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); ZeroMem (NewPlatformAuth.buffer, AuthSize); - ZeroMem (Rand, RandSize); } =20 /** --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80117): https://edk2.groups.io/g/devel/message/80117 Mute This Topic: https://groups.io/mt/85316775/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80118+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80118+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539284; cv=none; d=zohomail.com; s=zohoarc; b=WUX5R2wF7etzSpTyB9tIOdFnTvAXFVUUm/qp9eYrN40X8IvYvMwZgVG7E6JoN8M3YImQqO12rLKJ7J8wliFnVIEIzUnQQ/7irWSvqzfs9qg6yd9MPEYXAUqCvW142ZZs3zS4//RQwc+l9U+n7oBNq/hKxtkJp6KWTSWfT91LlUg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539284; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=M9pr/lgN05aeUyYEC9pqEMUiJhRq/xqtC0pFxDUzCUQ=; b=lAO3MW8OkJZXMC3IobymcapNTyQ1Rl1rfB6iztGr84v5s8J2T6I89UgcoOVRnXiUvgiSaMSFCxVpLoDvk/srcEOwfvKlc1K0+WCwas1+dIYrOGf43wvC87QrsBOfIKHKzOyHfPdeDZf/He0P0/c41qB7cSLM8xxO5uF63tCBSk8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80118+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539284007822.6052167733509; Wed, 1 Sep 2021 16:34:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Cwo0YY1788612xX23gxIcmRl; Wed, 01 Sep 2021 16:34:43 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.1391.1630527169756176661 for ; Wed, 01 Sep 2021 13:12:49 -0700 X-Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K9Bha020011; Wed, 1 Sep 2021 16:12:49 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ated2axxy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:49 -0400 X-Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181K99mX019293; Wed, 1 Sep 2021 16:12:48 -0400 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ated2axxg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:48 -0400 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181K8mj7019328; Wed, 1 Sep 2021 20:12:47 GMT X-Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma02dal.us.ibm.com with ESMTP id 3atdxcux7g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:47 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KCkR237749162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:46 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 75E98BE05D; Wed, 1 Sep 2021 20:12:46 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 829A3BE053; Wed, 1 Sep 2021 20:12:45 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:45 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 3/8] SecurityPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib Date: Wed, 1 Sep 2021 16:12:33 -0400 Message-Id: <20210901201238.3152761-4-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: BCasBl54NGw4eEt1rmjcga942fv0RRyK X-Proofpoint-ORIG-GUID: pilMZrEn9MDkUx8I6KDzEtn1LLTqK0e5 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: tsA3v3zbD621sqgHoAhhV2rrx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539283; bh=a+vCQiMToHOqoCUDCxrBC2JnSIO4nUKUCBkgBJfwKzc=; h=Cc:Date:From:Reply-To:Subject:To; b=jp29aP4z1CoLPLqwa0HG5RD2ZBHxhiQKitWj0aBFeThPunO7iMSodt5y2q3TDuv5zgk znOK+NG/kI7GjoHeMSEmXL74JZMx3ePdWJCo5gNPVXQXOAVgxN3bDLR+W0edj6/QPRvFs qWnpGVgNvGeLfgsIruUVv3iNnxtViCgIMlw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630539284435100009 Content-Type: text/plain; charset="utf-8" Add a NULL implementation of the library class TpmPlatformHierarchyLib Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.c | 19 ++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.inf diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib= Null/PeiDxeTpmPlatformHierarchyLib.c new file mode 100644 index 0000000000..b63729594f --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.c @@ -0,0 +1,19 @@ +/** @file + Null TPM Platform Hierarchy configuration library. + + This library provides stub functions for customizing the TPM's Platfor= m Hierarchy. + + Copyright (c) 2021, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + ) +{ + /* no nothing */ +} diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyL= ibNull/PeiDxeTpmPlatformHierarchyLib.inf new file mode 100644 index 0000000000..2a3597004e --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.inf @@ -0,0 +1,31 @@ +### @file +# +# TPM Platform Hierarchy configuration library. +# +# This library provides functions for customizing the TPM's Platform Hie= rarchy +# Authorization Value (platformAuth) and Platform Hierarchy Authorization +# Policy (platformPolicy) can be defined through this function. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PeiDxeTpmPlatformHierarchyLibNull + FILE_GUID =3D 7794F92C-4E8E-4E57-9E4A-49A0764C7D73 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV= ER + +[LibraryClasses] + BaseLib + +[Packages] + MdePkg/MdePkg.dec + +[Sources] + PeiDxeTpmPlatformHierarchyLib.c --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80118): https://edk2.groups.io/g/devel/message/80118 Mute This Topic: https://groups.io/mt/85316776/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80119+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80119+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539283; cv=none; d=zohomail.com; s=zohoarc; b=SaA7SJRbI3ztQ6yTm25+8WcwBTpFxXYYbezB2AsyrPhzVTXC58O7SMul2/lOcRIusgP6vOa7eoTt/KTSfqxl+W7YmuGN9Iyrv8BDQXLHLQt6SsQ1vuxKCvAIzNfWltsZB2OEPcmu9ReSmfByVaFeE00nPyfb97018jqVnwAB67o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539283; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=43x/ywKGpM7/scOVKmrhHZKP71HhzCX8qqvYLaCxIi4=; b=n4KoiG+csaCXeoLb7bEbIUqmFCC13q8hpijy/5uGJjBDnEYWb2jwMJj4BhBCfrfAoaTD4rV/HC5e38edHphYr1JdS/5M5SWwG+VXjUaY/5IxHVUtSHhlgIC3HEOmEXFtxST2CGZ57mIknuZFSiUpu78HaqwyupkZ2VgBBxoc1VM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80119+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539283774601.6939295588855; Wed, 1 Sep 2021 16:34:43 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id O2BtYY1788612xLxFgxpo8VR; Wed, 01 Sep 2021 16:34:43 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web09.1440.1630527171188694077 for ; Wed, 01 Sep 2021 13:12:51 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K99EC131147; Wed, 1 Sep 2021 16:12:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atewpt06w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:50 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181KB3fa143376; Wed, 1 Sep 2021 16:12:50 -0400 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atewpt06g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:50 -0400 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181KCjfn017538; Wed, 1 Sep 2021 20:12:49 GMT X-Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma03dal.us.ibm.com with ESMTP id 3atdxbkxbq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:49 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KClH448497110 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:47 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9C0B9BE054; Wed, 1 Sep 2021 20:12:47 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B0EE8BE05D; Wed, 1 Sep 2021 20:12:46 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:46 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 4/8] SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy Date: Wed, 1 Sep 2021 16:12:34 -0400 Message-Id: <20210901201238.3152761-5-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: jmIHtzZRIOTucuCYtqOw14sqMbtA1kng X-Proofpoint-GUID: dTezoFH-EFaWG3KMEXY1cHA2IS5wekCA Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: 5i8BUvePR4ZAq5OsRJl5NkWZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539283; bh=Q1oCf7nqnQtJyY5bzt1XbrzSwvBLOG+mvo09KvdsbdQ=; h=Cc:Date:From:Reply-To:Subject:To; b=X9Cdh+4ZKYfiGiHcgLY91UCcyjpii9/ATm+pTU/MRiE7fnyEWcZVsyHMaF7E60qADvF JNJh+rHGquOngTdLtUxM2aPGfN27XbGGeXulVvSip246pWYZNp8qGohcH7ZBY5jSWAV2I 6i6cza9P/wD4eeY+5OcGPJeOJQkSuoowPxQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630539284419100007 Content-Type: text/plain; charset="utf-8" Introduce the new PCD gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy. Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.inf | 3 +-- SecurityPkg/SecurityPkg.dec | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P= eiDxeTpmPlatformHierarchyLib.inf index b7a7fb0a08..1161d6fa1f 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf @@ -36,10 +36,9 @@ MdeModulePkg/MdeModulePkg.dec SecurityPkg/SecurityPkg.dec CryptoPkg/CryptoPkg.dec - MinPlatformPkg/MinPlatformPkg.dec =20 [Sources] PeiDxeTpmPlatformHierarchyLib.c =20 [Pcd] - gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy + gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d5ace6f654..2cb5bfa0ac 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -342,6 +342,12 @@ # @Prompt Physical presence of the platform operator. gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x0001= 0001 =20 + ## Indicates whether the TPM2 platform hierarchy will be disabled by usi= ng + # a random password or by disabling the hierarchy + # TRUE - A random password will be used + # FALSE - The hierarchy will be disabled + gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN= |0x00010024 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Indicates whether TPM physical presence is locked during platform ini= tialization. # Once it is locked, it can not be unlocked for TPM life time.

--=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80119): https://edk2.groups.io/g/devel/message/80119 Mute This Topic: https://groups.io/mt/85316777/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80120+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80120+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539284; cv=none; d=zohomail.com; s=zohoarc; b=Qeodsqp2O//Pl5r/3E+D/OPVrdzNaVr1gyS6+N5wfmAUuVzrtZUtl3FubVd3vAEuEDPO85KFOgRHL0U1rfgPJos6AEjyK7qSzhou1NRVDqD6rznhiU5V/+QM9L2n2z3ENyxhHbm0tqdoAav1ZHBlr8IiuzPQ1Jz2f5by0md3uOY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539284; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=dx9zBQ7jc9iZwoCWc2Y6gfvs9Abstta5B40YNt648W8=; b=nSc83Shxywm07ojFqeem2jsGELEYkFjgxuVXLfPs5avw3NMQzy0c1iXriBMQkiY9Y61onHtXR190w+R+UgPJVdnvQ9yBMPyJmpA/54bYIShPh8dnQEd3lVH0gLzb1AObAzu++bSxfEqy0BYiz46yvhQijzJK991xYrDjVTucMvo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80120+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539284404538.7868253276295; Wed, 1 Sep 2021 16:34:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8aLxYY1788612xFntPBHsgk8; Wed, 01 Sep 2021 16:34:44 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web08.1408.1630527171850107542 for ; Wed, 01 Sep 2021 13:12:51 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K99Bc131137; Wed, 1 Sep 2021 16:12:51 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atewpt07b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:51 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181K9hb3139539; Wed, 1 Sep 2021 16:12:51 -0400 X-Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atewpt06r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:50 -0400 X-Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181KCiDX024510; Wed, 1 Sep 2021 20:12:49 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma02wdc.us.ibm.com with ESMTP id 3atdxbk62e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:49 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KCmNG36241740 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:48 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B6022BE05D; Wed, 1 Sep 2021 20:12:48 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D2422BE04F; Wed, 1 Sep 2021 20:12:47 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 5/8] OvmfPkg: Reference new TPM classes in the build system for compilation Date: Wed, 1 Sep 2021 16:12:35 -0400 Message-Id: <20210901201238.3152761-6-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: UZQW1VJwKlHGVhz12gRy36YZkgHfU70_ X-Proofpoint-GUID: Rbw_Y48_AW2NJ9CMu-1Y2CG_ckAOXzdj Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: PI6BOKuWAtwKtrRfcLpeDfpkx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539284; bh=2ZqYMyOC2Y8y8QEoxpxQ90bMRBNjsBYDO/Bp2azmEoE=; h=Cc:Date:From:Reply-To:Subject:To; b=UiZlw/4AQzugNM/x1qDp3HNTnxZSwHxfVgn2WtTvab+VXBjkJO2GQdcls+2YfiuHYmg gbKUEruzSgU8OKy3+IRJSLGZB/LqDgKyMFE+mLE+P7cYaOZULdGLFKPYearupwalQEFVc kPHyHqwEeTDfGbi41/ms49GCF3AsR0X+xu8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630540188415100005 Content-Type: text/plain; charset="utf-8" Compile the added TPM related code now. Signed-off-by: Stefan Berger --- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++ OvmfPkg/Bhyve/BhyveX64.dsc | 1 + .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + OvmfPkg/OvmfPkgIa32.dsc | 3 +++ OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++ OvmfPkg/OvmfPkgX64.dsc | 3 +++ OvmfPkg/OvmfXen.dsc | 1 + 7 files changed, 15 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index e6cd10b759..6b582626ff 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -209,9 +209,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] @@ -836,6 +838,7 @@ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index d8fe607d1c..1b8ec23847 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -224,6 +224,7 @@ =20 Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.= inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c249a3cf1e..f2de7f5250 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -55,6 +55,7 @@ UefiLib PlatformBmPrintScLib Tcg2PhysicalPresenceLib + TpmPlatformHierarchyLib XenPlatformLib =20 [Pcd] diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d1d92c97ba..374a1ea652 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -235,9 +235,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] @@ -711,6 +713,7 @@ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index a467ab7090..7b7dffcd94 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -239,9 +239,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] @@ -1034,6 +1036,7 @@ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index e56b83d95e..34c6e833e4 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -239,9 +239,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] @@ -723,6 +725,7 @@ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 1a9c06c164..4541d1aaf8 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -216,6 +216,7 @@ =20 Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf RealTimeClockLib|OvmfPkg/Library/XenRealTimeClockLib/XenRealTimeClockLib= .inf TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf !ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE) --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80120): https://edk2.groups.io/g/devel/message/80120 Mute This Topic: https://groups.io/mt/85316778/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80121+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80121+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539284; cv=none; d=zohomail.com; s=zohoarc; b=N7lqc3WqPimo0r97EfB04wqVZidGH4kN7c4UwBXjY7KloaN6bBHQBevbN7qWG8+kROOhQMwC8zuZBhHIA0cQXejsVr1HSeUiXm++0gp83s4F+hyvJnJRVmh2TfBfvYAvDxl69F84MLXNKG+Bt1WH/hRMEI/OZmwQ7X3VxS6Vh3E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539284; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hZaBx0e9hO71SVbdr8Z6/Gtdpd+8adc0zpjbtdbL/i8=; b=VdznQ7JUiB/aoxnO65wHhEImcocPHG4pVHDtJp1KUxfx296X+iPsCSfLc4emFxN8St1GDiUNP4LT46zl7KG2t3eZo0FIip85JBD/cQnVJWJ+x7iVqrmlQ0fuKMJR4ctY0NhcpmosOdHm0VIGZxjqN40TpMXAMf5IMjU+uvciNWw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80121+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539284781463.5456421454886; Wed, 1 Sep 2021 16:34:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KgcCYY1788612xLS0iHj5TAi; Wed, 01 Sep 2021 16:34:44 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.1416.1630527174063973450 for ; Wed, 01 Sep 2021 13:12:54 -0700 X-Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K9AbT023451; Wed, 1 Sep 2021 16:12:52 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atfq7rtup-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:52 -0400 X-Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181K9PMr031553; Wed, 1 Sep 2021 16:12:52 -0400 X-Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atfq7rtud-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:52 -0400 X-Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181KChOF031226; Wed, 1 Sep 2021 20:12:51 GMT X-Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma04dal.us.ibm.com with ESMTP id 3atdxb3xyb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:51 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KCniE43254104 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:50 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D74ABBE05F; Wed, 1 Sep 2021 20:12:49 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EA291BE05D; Wed, 1 Sep 2021 20:12:48 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:48 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 6/8] OvmfPkg: Disable the TPM2 platform hierarchy Date: Wed, 1 Sep 2021 16:12:36 -0400 Message-Id: <20210901201238.3152761-7-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: WeJjNCeSQ_x_VP1aNNJHUvYl2mWHNboM X-Proofpoint-GUID: YVa7f85ChVR09ncy5RglPHWur6Z57QBy Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: AMluk9DDqFVdPy3Z19fG6MO4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539284; bh=gupL9pfmO62qHjwy7LakCwV3y9Q5kXru9SA2LlH9Zio=; h=Cc:Date:From:Reply-To:Subject:To; b=N9qwM/9KfTElmEic/rRMvM0SQbVQ8vL4Pf0D6j8bP0RIw3PIlD9HYyuYpmGqm64LN+k X3rrMhNbnUy/eM7YX/5TO1vG6GIi391UYMJJ/KcT3CWB2MgGjYW1UenWkJp8CgOv8kL5X ts0aI+YtMvL36ykUOrMGf2hHF+WTpXaefU0= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630540188367100002 Content-Type: text/plain; charset="utf-8" Use the newly added function to disable the TPM2 platform hierarchy. Signed-off-by: Stefan Berger --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++++++ OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c | 7 +++++++ OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c | 7 +++++++ 3 files changed, 20 insertions(+) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg= /Library/PlatformBootManagerLib/BdsPlatform.c index 71f63b2448..196d1c7200 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -11,6 +11,7 @@ #include #include #include +#include #include =20 =20 @@ -1516,6 +1517,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Process QEMU's -kernel command line option // diff --git a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c b/Ov= mfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c index eaade4adea..5197964adb 100644 --- a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c @@ -12,6 +12,8 @@ #include #include #include +#include + =20 #include =20 @@ -1450,6 +1452,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Perform some platform specific connect sequence // diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/Ovm= fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c index 7cceeea487..0d7fe69d3f 100644 --- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c @@ -12,6 +12,8 @@ #include #include #include +#include + =20 =20 // @@ -1315,6 +1317,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); =20 + // + // Disable the TPM 2 platform hierachy + // + ConfigureTpmPlatformHierarchy (); + // // Process QEMU's -kernel command line option // --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80121): https://edk2.groups.io/g/devel/message/80121 Mute This Topic: https://groups.io/mt/85316779/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80122+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80122+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539284; cv=none; d=zohomail.com; s=zohoarc; b=dICtwkSnCJIEbJLReL6ZANc40siTvXJRjj+Xe1ixkNOFtr7O9KYIOLlVoVBQv/OJzMooqiOXZXJiV1i7ohTPffXPOQ67XUHl2ngDJ8noE5wMMc+5vcWK2fuWVUF7ZvTL9UgRlfw+jLrg198yjBHdviNfoX1R2n/cNkSFa6Idt1g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539284; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9MTSt/bKwkr8aV4cliR4wdXBcUgoZVZ1kYo4rZKQcpw=; b=ZvgSiDPC0cIjDlVxWws8tECKiWakrzTC37a7oTPzZRSiaDgsxFNkV9SteKb0fQB4FiW6bD1YUwDXxYd8+NqADrzkj0atN+0nZHs/eHVEWwjJFeWMnVFRfpNAXgqkPRXEYUhxf37Pvh2N9nvJHE4Qkwd9bb281K62selBZiDHx0Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80122+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539284932959.7649694630754; Wed, 1 Sep 2021 16:34:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mXN5YY1788612x00JCTj2ElI; Wed, 01 Sep 2021 16:34:44 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.1441.1630527174363456767 for ; Wed, 01 Sep 2021 13:12:54 -0700 X-Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K98r7099290; Wed, 1 Sep 2021 16:12:53 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atg6107v6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:53 -0400 X-Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181K9aIR107418; Wed, 1 Sep 2021 16:12:52 -0400 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3atg6107uv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:52 -0400 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181KCn55030739; Wed, 1 Sep 2021 20:12:52 GMT X-Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma02dal.us.ibm.com with ESMTP id 3atdxcux94-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:52 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KCpgW43057620 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:51 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 02D4DBE05A; Wed, 1 Sep 2021 20:12:51 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 160F4BE056; Wed, 1 Sep 2021 20:12:50 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:49 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 7/8] ArmVirtPkg: Reference new TPM classes in the build system for compilation Date: Wed, 1 Sep 2021 16:12:37 -0400 Message-Id: <20210901201238.3152761-8-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: CberZ0ey3m88aGeFiGypohkn5w8MKVjl X-Proofpoint-GUID: dFlxGM52KYWIPU3GQPttinmCzCeRUabz Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: vnlrKz1RtKDDV5nxaQa9l0qBx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539284; bh=lsOU9PmsPEELABIGJCFIFFd8nOrWq2ZBgKrcwFwHOFw=; h=Cc:Date:From:Reply-To:Subject:To; b=eNyWLPtKxYyxTmfGDnVtqqyNvOep50Ej/rKrs7diS5JdtYJWCVorVlPXHXYuk4j41My ZzMSO7WAxwLCqbciHQQpZX9Wkc58XrZEyf6OKki+EZnNbwqRhmPvu0t7KoBjiEupBKPJe W0WEKwDa9bbiFw9u5jXYH4OhQockPs/yZGk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630540188374100004 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger --- ArmVirtPkg/ArmVirtCloudHv.dsc | 1 + ArmVirtPkg/ArmVirtQemu.dsc | 3 +++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + ArmVirtPkg/ArmVirtXen.dsc | 1 + .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 5 files changed, 7 insertions(+) diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc index f292ba6079..3475bb7f0d 100644 --- a/ArmVirtPkg/ArmVirtCloudHv.dsc +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc @@ -55,6 +55,7 @@ PciHostBridgeUtilityLib|ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLi= b/ArmVirtPciHostBridgeUtilityLib.inf =20 TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 !include MdePkg/MdeLibs.dsc.inc =20 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 97539edef7..cab29fda0d 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -86,8 +86,10 @@ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common.PEIM] @@ -523,6 +525,7 @@ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 28064199c8..19c1908cd9 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -80,6 +80,7 @@ PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridge= Lib.inf PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostB= ridgeUtilityLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc index 2b07a5ba19..dbc40e854b 100644 --- a/ArmVirtPkg/ArmVirtXen.dsc +++ b/ArmVirtPkg/ArmVirtXen.dsc @@ -50,6 +50,7 @@ PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBoo= tManagerLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 11f52e019b..9f54224d3e 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -33,6 +33,7 @@ MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec ShellPkg/ShellPkg.dec =20 [LibraryClasses] --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80122): https://edk2.groups.io/g/devel/message/80122 Mute This Topic: https://groups.io/mt/85316780/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 04:25:47 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80123+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80123+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1630539285; cv=none; d=zohomail.com; s=zohoarc; b=Snw5fXwVCCNRCIJolxfCNmZwmDmLntPYwyVyqR8AiDROF9O79T6GB9UXwwYH0E++aKkY1ONkVHAvPyzvrwzkiKTByFuCiDJOJgRC6+asqQr32+PvoO3Wm4z5XMKqWbwSgS2vBYpnLnyEr5zrhqDS3SxiTd3X3edkx9GXZ6XSaNY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630539285; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=orwKMzG2tUxJjZBfXPeFEVlp3fDwxureyXHUFRVIKDA=; b=S1YSzJ4rSGEZSB/wobWE2JOPrFis8XAwKqOPmpEqjQSqIjJWNlaNmGvNiuCeNbYxw4qq+qKdiuiMkXYN5y/sx4cWVaeuCR+MP0mpp/uo6UyHI8TPDSyvMrtiw1h7TQ09d7PLBkwK89bSTsHHpvDyxIuW7LoqjFG2MJs9nBOeC9Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80123+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1630539285613101.63752836403421; Wed, 1 Sep 2021 16:34:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 5xpbYY1788612xkxPE0pHoFd; Wed, 01 Sep 2021 16:34:45 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.1442.1630527175540259263 for ; Wed, 01 Sep 2021 13:12:55 -0700 X-Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 181K9A37044789; Wed, 1 Sep 2021 16:12:54 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3ateuqj44a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:54 -0400 X-Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 181KARFg053982; Wed, 1 Sep 2021 16:12:54 -0400 X-Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0b-001b2d01.pphosted.com with ESMTP id 3ateuqj441-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 16:12:54 -0400 X-Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 181KCnYC017646; Wed, 1 Sep 2021 20:12:53 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma05wdc.us.ibm.com with ESMTP id 3atdxd359f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Sep 2021 20:12:53 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 181KCqf917039748 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Sep 2021 20:12:52 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 23E26BE054; Wed, 1 Sep 2021 20:12:52 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3B5CFBE05A; Wed, 1 Sep 2021 20:12:51 +0000 (GMT) X-Received: from sbct-2.. (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Sep 2021 20:12:51 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v5 8/8] ArmVirtPkg: Disable the TPM2 platform hierarchy Date: Wed, 1 Sep 2021 16:12:38 -0400 Message-Id: <20210901201238.3152761-9-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> References: <20210901201238.3152761-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: z06Lpj1_6umuikTux2AuVTsxywTlgJQ- X-Proofpoint-GUID: NvYNegR9NROUayhVPexB3NMXdhn-PQP6 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: 7VO4jaJ4PsFaOu37tIIwEdHOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1630539285; bh=fM2xFyPl4A7yI9BAcBqWJmRL6dbM/IykT1Ybp/q7eqQ=; h=Cc:Date:From:Reply-To:Subject:To; b=psCdKdx5xhHOEWjJ/ZqBBXWz9kOnxYI1GDyxObs1hHhxSH9u1/TpuEOeswBhbDPs5PN xKO/2ER53oWpjoSdVZNa+aIFSgs0Oxk/Y6BMVqPq17TVIaaNwVKF1UDv09CbcOkj+um4g LetbeAjMQpPQg0ReYTFdGcKD1Wu7ztEQPxg= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1630539286562100030 Content-Type: text/plain; charset="utf-8" Use the newly added function to disable the TPM2 platform hierarchy. Signed-off-by: Stefan Berger --- ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++++++ .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 2 files changed, 7 insertions(+) diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVi= rtPkg/Library/PlatformBootManagerLib/PlatformBm.c index 69448ff65b..456f9fb4cb 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -832,6 +833,11 @@ PlatformBootManagerAfterConsole ( EfiBootManagerConnectAll (); } =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Enumerate all possible boot options, then filter and reorder them bas= ed on // the QEMU configuration. diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 9f54224d3e..997eb1a442 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -48,6 +48,7 @@ QemuBootOrderLib QemuLoadImageLib ReportStatusCodeLib + TpmPlatformHierarchyLib UefiBootManagerLib UefiBootServicesTableLib UefiLib --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80123): https://edk2.groups.io/g/devel/message/80123 Mute This Topic: https://groups.io/mt/85316781/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-