From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80357+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80357+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109183; cv=none; d=zohomail.com; s=zohoarc; b=PsDU3euxr3F/aAPiYQDa7lydLR6mH/tN9gAmWJhRz6L59VF5Ou4I4ZoWqKtDuM1wdujy3YMQ9xtTkJTZvIPiBiKexig3QLtAPip1bkqXGhfcf3XfsG31GwhzuHjTWH6LI7qiJSWgV1zJG8r/sBmFE5cloRH31asHVPDHkNwsDk0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109183; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KOtpZPbCzUVGNeEFayO0Y0lhuH4aaTgrLA7e7PcLSIc=; b=XVGwHkbBLo1fORRc5pPIcjxOGtQa88sjN+PvNq90UblbVhxkhBNciKx2wnOjRjuU1ZPve8byIXPnRC8xpGHIFTMp7x4AqmrMb+JQXlUAcWcvGM0qurR4PAfZGDNxju1xktrbfhI003NUh/wmmI6RVbXyG53XM9LjnqL55WS+44w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80357+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109183638199.4513536807791; Wed, 8 Sep 2021 06:53:03 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id B3oiYY1788612xu6xdEiZb2O; Wed, 08 Sep 2021 06:53:03 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.10880.1631105210907117609 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CYW6r148572; Wed, 8 Sep 2021 08:46:49 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3axw7u8aee-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:49 -0400 X-Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CYrch149992; Wed, 8 Sep 2021 08:46:49 -0400 X-Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0b-001b2d01.pphosted.com with ESMTP id 3axw7u8ae2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:49 -0400 X-Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188CfJfm022079; Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma04wdc.us.ibm.com with ESMTP id 3axcnq9th5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:48 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188CklZJ12452200 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:47 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 81BCD11206B; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6E37D11206D; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 1/9] SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms Date: Wed, 8 Sep 2021 08:46:36 -0400 Message-Id: <20210908124644.816856-2-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: fPDAXGnLRy4Cw7B3fy4aW_YsmWjbyS8h X-Proofpoint-GUID: Jh72j93AypRqA0I6EbopDyKAB9hat4lf X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: O3uwSdKXJF3nRKBeVq9PXqoCx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109183; bh=YlASFJpaXmyQsmaOKPzislPZlLUeCnmx27GoqPQ3e6k=; h=Cc:Date:From:Reply-To:Subject:To; b=SyfsA7r9CJGydU5sJSZmlx95osNbdFfyM7tuuddcm3gUb2Eutyn7wI2xw9/tZocBJ4t l3xSbyJU5MK0pCiW3XpL9NBC2hFu7gw2lvihiyYSFq/c7H4mNMS8ni5d74LpIg/SWFxAD /O0K76/XQa5pKd6cIR8QYMxWmLM24FO82gQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109185013100024 Content-Type: text/plain; charset="utf-8" Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms. Signed-off-by: Stefan Berger --- .../Include/Library/TpmPlatformHierarchyLib.h | 27 ++ .../PeiDxeTpmPlatformHierarchyLib.c | 266 ++++++++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 45 +++ 3 files changed, 338 insertions(+) create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDx= eTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDx= eTpmPlatformHierarchyLib.inf diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/Securi= tyPkg/Include/Library/TpmPlatformHierarchyLib.h new file mode 100644 index 0000000000..a872fa09dc --- /dev/null +++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h @@ -0,0 +1,27 @@ +/** @file + TPM Platform Hierarchy configuration library. + + This library provides functions for customizing the TPM's Platform Hie= rarchy + Authorization Value (platformAuth) and Platform Hierarchy Authorization + Policy (platformPolicy) can be defined through this function. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_ +#define _TPM_PLATFORM_HIERARCHY_LIB_H_ + +/** + This service will perform the TPM Platform Hierarchy configuration at t= he SmmReadyToLock event. + +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + VOID + ); + +#endif diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/Pei= DxeTpmPlatformHierarchyLib.c new file mode 100644 index 0000000000..9812ab99ab --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c @@ -0,0 +1,266 @@ +/** @file + TPM Platform Hierarchy configuration library. + + This library provides functions for customizing the TPM's Platform Hie= rarchy + Authorization Value (platformAuth) and Platform Hierarchy Authorization + Policy (platformPolicy) can be defined through this function. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-g= uidance/ +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +// +// The authorization value may be no larger than the digest produced by th= e hash +// algorithm used for context integrity. +// +#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE + +UINT16 mAuthSize; + +/** + Generate high-quality entropy source through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy da= ta. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +RdRandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ) +{ + EFI_STATUS Status; + UINTN BlockCount; + UINT64 Seed[2]; + UINT8 *Ptr; + + Status =3D EFI_NOT_READY; + BlockCount =3D Length / 64; + Ptr =3D (UINT8 *)Entropy; + + // + // Generate high-quality seed for DRBG Entropy + // + while (BlockCount > 0) { + Status =3D GetRandomNumber128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, 64); + + BlockCount--; + Ptr =3D Ptr + 64; + } + + // + // Populate the remained data as request. + // + Status =3D GetRandomNumber128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, (Length % 64)); + + return Status; +} + +/** + This function returns the maximum size of TPM2B_AUTH; this structure is = used for an authorization value + and limits an authValue to being no larger than the largest digest produ= ced by a TPM. + + @param[out] AuthSize Tpm2 Auth size + + @retval EFI_SUCCESS Auth size returned. + @retval EFI_DEVICE_ERROR Can not return platform auth due to= device error. + +**/ +EFI_STATUS +EFIAPI +GetAuthSize ( + OUT UINT16 *AuthSize + ) +{ + EFI_STATUS Status; + TPML_PCR_SELECTION Pcrs; + UINTN Index; + UINT16 DigestSize; + + Status =3D EFI_SUCCESS; + + while (mAuthSize =3D=3D 0) { + + mAuthSize =3D SHA1_DIGEST_SIZE; + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); + Status =3D Tpm2GetCapabilityPcrs (&Pcrs); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); + break; + } + + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count)); + + for (Index =3D 0; Index < Pcrs.count; Index++) { + DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash)); + + switch (Pcrs.pcrSelections[Index].hash) { + case TPM_ALG_SHA1: + DigestSize =3D SHA1_DIGEST_SIZE; + break; + case TPM_ALG_SHA256: + DigestSize =3D SHA256_DIGEST_SIZE; + break; + case TPM_ALG_SHA384: + DigestSize =3D SHA384_DIGEST_SIZE; + break; + case TPM_ALG_SHA512: + DigestSize =3D SHA512_DIGEST_SIZE; + break; + case TPM_ALG_SM3_256: + DigestSize =3D SM3_256_DIGEST_SIZE; + break; + default: + DigestSize =3D SHA1_DIGEST_SIZE; + break; + } + + if (DigestSize > mAuthSize) { + mAuthSize =3D DigestSize; + } + } + break; + } + + *AuthSize =3D mAuthSize; + return Status; +} + +/** + Set PlatformAuth to random value. +**/ +VOID +RandomizePlatformAuth ( + VOID + ) +{ + EFI_STATUS Status; + UINT16 AuthSize; + UINT8 *Rand; + UINTN RandSize; + TPM2B_AUTH NewPlatformAuth; + + // + // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth= being null + // + + GetAuthSize (&AuthSize); + + ZeroMem (NewPlatformAuth.buffer, AuthSize); + NewPlatformAuth.size =3D AuthSize; + + // + // Allocate one buffer to store random data. + // + RandSize =3D MAX_NEW_AUTHORIZATION_SIZE; + Rand =3D AllocatePool (RandSize); + + RdRandGenerateEntropy (RandSize, Rand); + CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); + + FreePool (Rand); + + // + // Send Tpm2HierarchyChangeAuth command with the new Auth value + // + Status =3D Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformA= uth); + DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); + ZeroMem (NewPlatformAuth.buffer, AuthSize); + ZeroMem (Rand, RandSize); +} + +/** + Disable the TPM platform hierarchy. + + @retval EFI_SUCCESS The TPM was disabled successfully. + @retval Others An error occurred attempting to disable the = TPM platform hierarchy. + +**/ +EFI_STATUS +DisableTpmPlatformHierarchy ( + VOID + ) +{ + EFI_STATUS Status; + + // Make sure that we have use of the TPM. + Status =3D Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", gEfiC= allerBaseName, __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + return Status; + } + + // Let's do what we can to shut down the hierarchies. + + // Disable the PH NV. + // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TP= M parts have + // been known to store the EK cert in the PH NV. If we d= isable it, the + // EK cert will be unreadable. + + // Disable the PH. + Status =3D Tpm2HierarchyControl ( + TPM_RH_PLATFORM, // AuthHandle + NULL, // AuthSession + TPM_RH_PLATFORM, // Hierarchy + NO // State + ); + DEBUG ((DEBUG_VERBOSE, "%a:%a() - Disable PH =3D %r\n", gEfiCallerBaseN= ame, __FUNCTION__, Status)); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a:%a() - Disable PH Failed! %r\n", gEfiCallerB= aseName, __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + } + + return Status; +} + +/** + This service defines the configuration of the Platform Hierarchy Author= ization Value (platformAuth) + and Platform Hierarchy Authorization Policy (platformPolicy) + +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + ) +{ + if (PcdGetBool (PcdRandomizePlatformHierarchy)) { + // + // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAu= th being null + // + RandomizePlatformAuth (); + } else { + // + // Disable the hierarchy entirely (do not randomize it) + // + DisableTpmPlatformHierarchy (); + } +} diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P= eiDxeTpmPlatformHierarchyLib.inf new file mode 100644 index 0000000000..b7a7fb0a08 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf @@ -0,0 +1,45 @@ +### @file +# +# TPM Platform Hierarchy configuration library. +# +# This library provides functions for customizing the TPM's Platform Hie= rarchy +# Authorization Value (platformAuth) and Platform Hierarchy Authorization +# Policy (platformPolicy) can be defined through this function. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PeiDxeTpmPlatformHierarchyLib + FILE_GUID =3D 7794F92C-4E8E-4E57-9E4A-49A0764C7D73 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV= ER + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + PcdLib + RngLib + Tpm2CommandLib + Tpm2DeviceLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + MinPlatformPkg/MinPlatformPkg.dec + +[Sources] + PeiDxeTpmPlatformHierarchyLib.c + +[Pcd] + gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80357): https://edk2.groups.io/g/devel/message/80357 Mute This Topic: https://groups.io/mt/85459204/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80362+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80362+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109187; cv=none; d=zohomail.com; s=zohoarc; b=bBDMIDNyU5EaV+MK2inWR9ow28OVztIiCLeJUQg/zQxuqm+uSFbPuccLO2TYWstzTI/3t89OhA/aenQqNr9nIDDuqvunzXNCJArzgGjXyu/3j75j1Fnqc8R+GW45ySclmHEAxAzL+abpuRdAOVmixARK52u29HRqsgUTa9JWkTY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109187; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=U2gr3pNkPjY+IqMyvQq97l6JrRKa2zktwXorrp4fnuQ=; b=kvXEtkNkm6nnJtlSUrsA84CmayUi/yu0hABfHHR+VHSylq3CinJZoQ56UtrJtlVDJl3ri2XIYZAZIqqCnw8oTWQEKFbVl2BHGGIFNMzi6VaBHNanXaDUF6IMIb922A5kAh5oNcve3HlYr/1cpcWTW946u1pFuedWE1vXQKE4kNA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80362+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109187650589.4929189217605; Wed, 8 Sep 2021 06:53:07 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id STSdYY1788612xnhwMS81w3g; Wed, 08 Sep 2021 06:53:07 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.10935.1631105210829056545 for ; Wed, 08 Sep 2021 05:46:50 -0700 X-Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CjmoN147544; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axwf4g0n5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CkSp5153546; Wed, 8 Sep 2021 08:46:49 -0400 X-Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axwf4g0mc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:49 -0400 X-Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188CgGY1014201; Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma02wdc.us.ibm.com with ESMTP id 3axcnnhtst-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:48 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188Ckl4Q43647344 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:47 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 94905112075; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8CD76112076; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 2/9] SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib Date: Wed, 8 Sep 2021 08:46:37 -0400 Message-Id: <20210908124644.816856-3-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: PUmtCHqLYxuzrEfhH-CDCD7np29T-YJ3 X-Proofpoint-ORIG-GUID: bv-9enDIi6laiHxwxP5EUhEIkS-GLryl Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: g1n54UVQ66DOwVr46dL1zBK6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109187; bh=8q3Tm8yehiqHbNDB3a4GOShEl68IwJyrFAOH4dRO9Dw=; h=Cc:Date:From:Reply-To:Subject:To; b=R/Ksx/fv9mgMBgKL53hTXsEvIzqE445pf04SnQQXm09d8u9eKvsOa8KlBLYMWmrCkrJ eEUAES1SnX6fZQCUzPVRSLuQmyJe2lLWvEQOYNv5Nj/x81w+foX1XP7YWjtWjhkgDQMJl ooncZLv+whPudgC5O4vn/jeFm84OTrYgLwU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109189946100002 Content-Type: text/plain; charset="utf-8" Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c. Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.c | 23 +++++-------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/Pei= DxeTpmPlatformHierarchyLib.c index 9812ab99ab..d82a0ae1bd 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include @@ -27,7 +26,6 @@ // The authorization value may be no larger than the digest produced by th= e hash // algorithm used for context integrity. // -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE =20 UINT16 mAuthSize; =20 @@ -54,7 +52,7 @@ RdRandGenerateEntropy ( UINT8 *Ptr; =20 Status =3D EFI_NOT_READY; - BlockCount =3D Length / 64; + BlockCount =3D Length / sizeof(Seed); Ptr =3D (UINT8 *)Entropy; =20 // @@ -65,10 +63,10 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, 64); + CopyMem (Ptr, Seed, sizeof(Seed)); =20 BlockCount--; - Ptr =3D Ptr + 64; + Ptr =3D Ptr + sizeof(Seed); } =20 // @@ -78,7 +76,7 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, (Length % 64)); + CopyMem (Ptr, Seed, (Length % sizeof(Seed))); =20 return Status; } @@ -164,8 +162,6 @@ RandomizePlatformAuth ( { EFI_STATUS Status; UINT16 AuthSize; - UINT8 *Rand; - UINTN RandSize; TPM2B_AUTH NewPlatformAuth; =20 // @@ -174,19 +170,13 @@ RandomizePlatformAuth ( =20 GetAuthSize (&AuthSize); =20 - ZeroMem (NewPlatformAuth.buffer, AuthSize); NewPlatformAuth.size =3D AuthSize; =20 // - // Allocate one buffer to store random data. + // Create the random bytes in the destination buffer // - RandSize =3D MAX_NEW_AUTHORIZATION_SIZE; - Rand =3D AllocatePool (RandSize); - - RdRandGenerateEntropy (RandSize, Rand); - CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); =20 - FreePool (Rand); + RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer); =20 // // Send Tpm2HierarchyChangeAuth command with the new Auth value @@ -194,7 +184,6 @@ RandomizePlatformAuth ( Status =3D Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformA= uth); DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); ZeroMem (NewPlatformAuth.buffer, AuthSize); - ZeroMem (Rand, RandSize); } =20 /** --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80362): https://edk2.groups.io/g/devel/message/80362 Mute This Topic: https://groups.io/mt/85459219/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80355+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80355+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109181; cv=none; d=zohomail.com; s=zohoarc; b=T7nt+MVI0PIKsnSD+pGHYqlh1EF0F5PJyqd79cfAZZJQ7mIgFPjTLc3AFTKL8gi0dxPFyZJ0AAR/5DTyvuJ2728PkrlYz+a8E6ElxutQJ5tdWE4EzDs0smA1Y8zgoS9KNW7zjuGvd6TNkpW/EJUTD1SQ4breU7Ni21XR907S4Fo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109181; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ONHIHLkavSym0qNjtLQm6bqlwATSupCkY9k5BGESO1M=; b=F//gwYFBgJSzrOi7srAprli6ZBKXOKS27O87cweRaIB7yKZR92V5ka61xcku5wxDZu4qHRQzhMYFXVQxNxMuWt6uQAerITTsFGbHVOuiyCr0sUOuK+aCny5cPzCwKUV+H2VhP2nPqgkzEiih33TNAtlf6IIVVEwneO/xbKBibp8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80355+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109181491146.91735622793703; Wed, 8 Sep 2021 06:53:01 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id cKE1YY1788612xZa9d7lqf2E; Wed, 08 Sep 2021 06:53:01 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web09.10686.1631105210826681340 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CY0MK054470; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axp74tk7b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CaDFG068788; Wed, 8 Sep 2021 08:46:49 -0400 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axp74tk6r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:49 -0400 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188Cg0nb002200; Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma02dal.us.ibm.com with ESMTP id 3axcnhx50e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:48 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188CklAo43647346 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:47 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AD0DC112062; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9E6B3112067; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 3/9] SecurityPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib Date: Wed, 8 Sep 2021 08:46:38 -0400 Message-Id: <20210908124644.816856-4-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 3qd_zgUAYrHRpLbXs1xmePV76AS27rGk X-Proofpoint-ORIG-GUID: hHFbG55S8RX0FH3WS6mCUUQif_Zg1e_j Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: gELkr7cUPdtY32OXZ8eNOFOcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109181; bh=BQ9deOme5IIa19l3X16Ci6r8sScf539YVXgAKqYCeVo=; h=Cc:Date:From:Reply-To:Subject:To; b=Jx9XJ6xZyVP6W0X5AZ5+oNio7WESYEMJvyYMztTQuRwteh16B1yrJwCFF7kQVGIIKIF rY4wq0NNRpdvNeqIYOQGzM37UZABHcTx4rBF5s+9inxyfwOOnlk393K+yGEN6+EtRIj33 PSU5abZLsyvIXZDRrrqVdc3RV2Hix61NcMw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109183461100007 Content-Type: text/plain; charset="utf-8" Add a NULL implementation of the library class TpmPlatformHierarchyLib Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.c | 19 ++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.inf diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib= Null/PeiDxeTpmPlatformHierarchyLib.c new file mode 100644 index 0000000000..b63729594f --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.c @@ -0,0 +1,19 @@ +/** @file + Null TPM Platform Hierarchy configuration library. + + This library provides stub functions for customizing the TPM's Platfor= m Hierarchy. + + Copyright (c) 2021, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + ) +{ + /* no nothing */ +} diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyL= ibNull/PeiDxeTpmPlatformHierarchyLib.inf new file mode 100644 index 0000000000..0440eb6c39 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.inf @@ -0,0 +1,31 @@ +### @file +# +# TPM Platform Hierarchy configuration library. +# +# This library provides functions for customizing the TPM's Platform Hie= rarchy +# Authorization Value (platformAuth) and Platform Hierarchy Authorization +# Policy (platformPolicy) can be defined through this function. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PeiDxeTpmPlatformHierarchyLibNull + FILE_GUID =3D 8947A3F2-BfB4-45EF-968D-5C40C1CE6A58 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV= ER + +[LibraryClasses] + BaseLib + +[Packages] + MdePkg/MdePkg.dec + +[Sources] + PeiDxeTpmPlatformHierarchyLib.c --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80355): https://edk2.groups.io/g/devel/message/80355 Mute This Topic: https://groups.io/mt/85459201/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80356+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80356+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109181; cv=none; d=zohomail.com; s=zohoarc; b=NIjmNA/JorgsqSKoVgpVnGYnM+0ZwyZZ/6ezzihv4vG7EHOq2ix9MS3z0NXSdhNtVy9HEnG0SYRNTs3eUZ3hcWH0NW2C0qyHkO4Av9mvwBsDQwHUCGemUoMfPnl4NT3ZcI+9VxJd953ghnXZFveeMUTnqXQEw87NXytYTZJil/k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109181; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=eXDrxzLafOZl2zI7pePtcDHYZ382v1MvbiHQL1Rb1iY=; b=UrPQwaRJESpeh77594yI5jDHR/vJ69Zg1OMu/b8G5s/j8nEBH11jX9S/8sYi3YtrxJm3cx0IC86eg8s8EyI09QiTuQwMnOLpF+vhqIuxHglImRVqMQeX9Efdh5FNmSRRyq6uTmtyNFkH5bcUzVh6E04GOz3iDcFjoWwlPAwjiKQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80356+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109181962414.5880740765399; Wed, 8 Sep 2021 06:53:01 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id z3arYY1788612x0CvGQsIgWr; Wed, 08 Sep 2021 06:53:01 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.10881.1631105211043172230 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CY1jX054541; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axp74tk7e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CcKTZ083140; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axp74tk6w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:49 -0400 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188Cg0Q8002192; Wed, 8 Sep 2021 12:46:49 GMT X-Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma02dal.us.ibm.com with ESMTP id 3axcnhx50f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:49 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188Ckl1d38732182 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:47 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C586F112067; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B7331112076; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 4/9] SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy Date: Wed, 8 Sep 2021 08:46:39 -0400 Message-Id: <20210908124644.816856-5-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: PscMotXsEDOni_k1_5gzEUu3DUK96KXE X-Proofpoint-ORIG-GUID: yJOZaXHfOKhcufFjG50Dx8Yqjxb5xpi6 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: x0Xi6m6QhxQwRfmCn5tPtksux1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109181; bh=Cpna0KHbB+cfLEJjs8ZNOWQCJsDDgFJ3A7JidxwqhaY=; h=Cc:Date:From:Reply-To:Subject:To; b=ObyUvvqQ3mO75/GTnNwrguSBNaXMmtrOf/YgwIj3qtkpM/7IqVDN13TVHyv61KD/zEc nPRs6Klz+MVUBynRulgnVlvmIBWQXqPMEIJ5Fh7v5z11cXH8rw3T0VrV/oFybzn7WvaVh ze21jPKdHZcUxe9UTIQLk65n7E4zipOCbgI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109183632100011 Content-Type: text/plain; charset="utf-8" Introduce the new PCD gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy. Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.inf | 3 +-- SecurityPkg/SecurityPkg.dec | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P= eiDxeTpmPlatformHierarchyLib.inf index b7a7fb0a08..1161d6fa1f 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf @@ -36,10 +36,9 @@ MdeModulePkg/MdeModulePkg.dec SecurityPkg/SecurityPkg.dec CryptoPkg/CryptoPkg.dec - MinPlatformPkg/MinPlatformPkg.dec =20 [Sources] PeiDxeTpmPlatformHierarchyLib.c =20 [Pcd] - gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy + gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d5ace6f654..2cb5bfa0ac 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -342,6 +342,12 @@ # @Prompt Physical presence of the platform operator. gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x0001= 0001 =20 + ## Indicates whether the TPM2 platform hierarchy will be disabled by usi= ng + # a random password or by disabling the hierarchy + # TRUE - A random password will be used + # FALSE - The hierarchy will be disabled + gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN= |0x00010024 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Indicates whether TPM physical presence is locked during platform ini= tialization. # Once it is locked, it can not be unlocked for TPM life time.

--=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80356): https://edk2.groups.io/g/devel/message/80356 Mute This Topic: https://groups.io/mt/85459203/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80354+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80354+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109180; cv=none; d=zohomail.com; s=zohoarc; b=X2wys+gfQkSIA2/T9IJwlNCkUi5smi6gd1eC/3qZ9lOe633L+0fZCctQnKnbZnnuVxSk/2AHI9y5EOwNy3gfkZbpyUZBQl1caGFm5vadt/1wv/gN8CwHPTeBGzvolWmNG/rz3Ssi92w+vKgudfkb5vTnAVz2g6KqbrL0Q2bo/vU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109180; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=veFHmO+3z1m2ElzSbmeO4i1TjEmRcoVa6tuV/YMcPBk=; b=IdRP3Rdqe+uo9tZoI+30TNiK2RdjndUQrCFnnehUwjx63xbidjN8C9Z4OOxRIzAPP2r7/4ObjJohIgrjXXaLQgo99m5acWPvJXYQsukxYW6GxY6fviHKmLSCWuGbG8jMu2iSMg9VVezTJeH3M0bmFX9WTGUgPNRMl6q3z5TpCIE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80354+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109180872890.3437901762153; Wed, 8 Sep 2021 06:53:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id MG4tYY1788612xMUPRzJbbMH; Wed, 08 Sep 2021 06:53:00 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.10936.1631105211037982016 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CjZDq145115; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axwf4g0nc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188Ckorb155237; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axwf4g0mr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188CfNwV022193; Wed, 8 Sep 2021 12:46:49 GMT X-Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by ppma04wdc.us.ibm.com with ESMTP id 3axcnq9th9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:48 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188Ckm2544761346 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DF569112062; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D07AD112061; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 5/9] OvmfPkg: Reference new TPM classes in the build system for compilation Date: Wed, 8 Sep 2021 08:46:40 -0400 Message-Id: <20210908124644.816856-6-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Q5qWCatH5iW1p0h5NxhFegbwrLtvI8gw X-Proofpoint-ORIG-GUID: RstJbfQVTPhWIaFeoRU9vHoWbCiGrx7c Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: QCyYeDbAimCqClolhbUNK0x7x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109180; bh=6aZSRx9nF1nk6IU86s1tLo+8hUF21HLBdVHoptc0r68=; h=Cc:Date:From:Reply-To:Subject:To; b=f+n9h+RZGmlvci3ceZT6sXrLU2/vqGDsoEHYft2Y6w83Shk+3LoeXumGEbcTciFdk/u D5c+4xhJurQvTX2A6VE0soZ5oTM+xpVhk4X6sK+bXjVSCLvUlsLXxCBpBhjv2hmXDITTB 1ycmdw/oUe5tg0N4sRIxj97vcEBtLTmwYiQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109181477100002 Content-Type: text/plain; charset="utf-8" Compile the added TPM related code now. Signed-off-by: Stefan Berger --- OvmfPkg/AmdSev/AmdSevX64.dsc | 2 ++ OvmfPkg/Bhyve/BhyveX64.dsc | 1 + .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + OvmfPkg/OvmfPkgIa32.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfXen.dsc | 1 + 7 files changed, 11 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index e6cd10b759..dbac2ceac0 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -209,9 +209,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index d8fe607d1c..1b8ec23847 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -224,6 +224,7 @@ =20 Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.= inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf index c249a3cf1e..f2de7f5250 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -55,6 +55,7 @@ UefiLib PlatformBmPrintScLib Tcg2PhysicalPresenceLib + TpmPlatformHierarchyLib XenPlatformLib =20 [Pcd] diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d1d92c97ba..72f3d4632a 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -235,9 +235,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index a467ab7090..d9a077f674 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -239,9 +239,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index e56b83d95e..fe3094da30 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -239,9 +239,11 @@ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common] diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 1a9c06c164..4541d1aaf8 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -216,6 +216,7 @@ =20 Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf RealTimeClockLib|OvmfPkg/Library/XenRealTimeClockLib/XenRealTimeClockLib= .inf TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf !ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE) --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80354): https://edk2.groups.io/g/devel/message/80354 Mute This Topic: https://groups.io/mt/85459200/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80358+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80358+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109183; cv=none; d=zohomail.com; s=zohoarc; b=E7pslS7qbWrcZNdGJ3m9S+RnYJouJX85K3isUiRGcIQiZr24cRAG9LhC5mlHgAUWK7pOwcALvdCKcBz1lOc70Xorce+6L9SF9ZYe0rJSByopxw5/ry3ORtr/0j/qHVWzQsLjaN92HwainA9/eU3wK0+dPbMZYcrJxyqGybgSz10= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109183; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=W9/HnwU9VrsZwuW6EdX4U8rq+4R+CJIEszQ4Mi1VwOc=; b=c6T5QjAgZYDpyFmUoJBLzorSlOXPmmcIuoV+I0J/gVPi/+uaEKAghj4kbTiju86Gg2Yjkik4Vx+fa9wCa2338Uqg1fCgjC8j+G2riJkKzAr5/8ZLrQovqfKNsbqCuoNrTzA2mPF3KqqcTIcX/JqU77c+lHSQ6yGuURE5VoOnfVg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80358+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 163110918324595.31694485343576; Wed, 8 Sep 2021 06:53:03 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id pjAEYY1788612xh72ssk6jHF; Wed, 08 Sep 2021 06:53:02 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.10937.1631105211233073782 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CXZPd179993; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3axrubq8qa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CZ1mI186304; Wed, 8 Sep 2021 08:46:49 -0400 X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0b-001b2d01.pphosted.com with ESMTP id 3axrubq8px-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:49 -0400 X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188CfxaF018379; Wed, 8 Sep 2021 12:46:49 GMT X-Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by ppma01wdc.us.ibm.com with ESMTP id 3axcnn1sy6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:49 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188Ckmop44237214 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 053F2112061; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E9E7E112065; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:47 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 6/9] OvmfPkg: Disable the TPM2 platform hierarchy Date: Wed, 8 Sep 2021 08:46:41 -0400 Message-Id: <20210908124644.816856-7-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ga4kAZTHLcvpQlveq2laS0vdO5_zxPCk X-Proofpoint-GUID: -bFQeck0NXk17qkVbTazhUw8PsZQY9Sf Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: oY7RZB0gbFA1srJjvjLzivYNx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109182; bh=SLCYMtfqAwLv7grvi1uXzgW3dqUHN0NDFKUPcu56CzQ=; h=Cc:Date:From:Reply-To:Subject:To; b=ciphC8f/mBk4y2EkN/YNjIXv30LR9O5664oSBQxEyKcgVXdMCirsmmd4zM+WzNNUnUr 1TH4fLYx7i2iDZIzdsAnql88IgRVCQ/uOtgr/AhXdZVHrx/vEe5aLXro2ltYZt39/B2t3 429IbtWyzt9aFtjNFmwRndyceVXauh6eV04= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109184761100020 Content-Type: text/plain; charset="utf-8" Use the newly added function to disable the TPM2 platform hierarchy. Do this after handling physical presence interface opcodes because the TPM 2 commands they produce may require access to the platform hierarchy. Signed-off-by: Stefan Berger --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++++++ OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c | 6 ++++++ OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg= /Library/PlatformBootManagerLib/BdsPlatform.c index 71f63b2448..196d1c7200 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -11,6 +11,7 @@ #include #include #include +#include #include =20 =20 @@ -1516,6 +1517,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Process QEMU's -kernel command line option // diff --git a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c b/Ov= mfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c index eaade4adea..46174b93f4 100644 --- a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c @@ -12,6 +12,7 @@ #include #include #include +#include =20 #include =20 @@ -1450,6 +1451,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Perform some platform specific connect sequence // diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/Ovm= fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c index 7cceeea487..22af934118 100644 --- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c @@ -12,6 +12,7 @@ #include #include #include +#include =20 =20 // @@ -1315,6 +1316,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Process QEMU's -kernel command line option // --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80358): https://edk2.groups.io/g/devel/message/80358 Mute This Topic: https://groups.io/mt/85459205/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80360+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80360+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109184; cv=none; d=zohomail.com; s=zohoarc; b=HzWrHASe7Akz/gO2eYKJPq+FleJdCCPQnjjBb8rLcdYeNNWbbhvlcXQisTGrrWqtkKw7PX0JOkYPdT0n+LMPEd3krvMGv/DJtbnZjnuGycc11Cg/JHvsgqoBo0tuG89x/EbKT0XpPG/ocGY/1vyfjAJeOObIFj2gYiJQEBRxutE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109184; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=zHo1wcUg811a2dwH1sBjIsO4BiOAvS3zbhO+tCsoazs=; b=moIMVXf2sng+ueV5LoFWoR3UhVMz+dUg3YAE0Pafreb0IVHPFzjjkgWeixPDgL5ANd/0ckXHt4m4Koppo50DhnhEqmjh58fMCWp3hWfo0dkArk47u1NYere5NiYn9BjGscISwawcr8Cj1poRD6OYQMkPr3y9xwAqea/QMbb7qj0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80360+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109184006819.0859870322223; Wed, 8 Sep 2021 06:53:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id m087YY1788612xV738kn11cb; Wed, 08 Sep 2021 06:53:03 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web11.10768.1631105211657169063 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CXq5q145220; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3axhcer3hk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CYLZh146608; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0b-001b2d01.pphosted.com with ESMTP id 3axhcer3h7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188Cg4ro013839; Wed, 8 Sep 2021 12:46:49 GMT X-Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by ppma01dal.us.ibm.com with ESMTP id 3axcnq64p7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:49 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188CkmVK44761348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 138E611206E; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0EFB8112069; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 7/9] SecurityPkg: Disable TPM platform hierarchy if TPM resume fails (S3 resume) Date: Wed, 8 Sep 2021 08:46:42 -0400 Message-Id: <20210908124644.816856-8-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: nnHwymOlbSdhfg62uSYL4RXj3zlKXZnC X-Proofpoint-ORIG-GUID: hS_CCiCiHFMfRQMZWeVXf9EsiPMx2Feb Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: IIE9wXArSSQPi2fS6i04z5ePx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109183; bh=UUlTLD4WycUweaaLHET0Qo++ZGFKoIDAw28Trap7Ggs=; h=Cc:Date:From:Reply-To:Subject:To; b=c/kM+p1bPDfHIuJW4Y0UgHq9o8SguQjHz+tGYDDdxK265dFerZrFMdPWqrKsBmp3Rf6 uyXUrQ0xYTzJ+zfVzs/laiQyrKjJkIgjaWJLlrgxTccd9n+b4rx/A1oaIs6zffT/V+Out kfEL6qYUfpNhNfaNnCEcBf17vXjFAN2ufTA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109185077100025 Content-Type: text/plain; charset="utf-8" If Tpm2Startup(TPM_SU_STATE) fails, call ConfigureTPMPlatformHierarchy() to disable the platform hierarchy. Signed-off-by: Stefan Berger --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 2 ++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + 2 files changed, 3 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 93a8803ff6..63323b9509 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include #include @@ -1050,6 +1051,7 @@ PeimEntryMA ( if (!EFI_ERROR(Status)) { S3ErrorReport =3D TRUE; } + ConfigureTpmPlatformHierarchy (); } } else { Status =3D Tpm2Startup (TPM_SU_CLEAR); diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index 06c26a2904..2f4988eb6b 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -55,6 +55,7 @@ ReportStatusCodeLib ResetSystemLib PrintLib + TpmPlatformHierarchyLib =20 [Guids] gTcgEventEntryHobGuid ## = PRODUCES ## HOB --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80360): https://edk2.groups.io/g/devel/message/80360 Mute This Topic: https://groups.io/mt/85459207/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80361+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80361+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109184; cv=none; d=zohomail.com; s=zohoarc; b=JrjskILmV9rS458YQoZVcs0PK8odOhheYKJKy+xfkonUcXg10Xt7rzdXNymXKw5bDYov0or9WLQkfy0kVxwU2B0SjgGFlDG2ufHegMMnmT1S/Zub0olO1Hz/SK6sBricZ5AZ9sdHZNJS0OGr/ElkJud/UAoic9uxFtqKvlhAf/Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109184; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=IpgcHf92Xh1AA9nB6urS4J131OwaUMBa3xEz6HlPHlU=; b=BZa6zROVapsN/m/cOLBmPobpQwyHRbMtj7G7zCMli5zEQT+sgJc7Yp/ok1BA0I0s8YzByioWuR05CPbWi79Cq72M2/jBVGt+aY/3dIfbNRzV/gDNMY95kvuAGfCSJxc9Yo4UNSgNZ6cIfQgj1iqU5MfRMYVcmTu4Lrcwm5bB/fc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80361+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109184445346.90294318538145; Wed, 8 Sep 2021 06:53:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id gfybYY1788612xWF2Iueo5ve; Wed, 08 Sep 2021 06:53:04 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web08.10961.1631105211656481691 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CX275165092; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axqhes9gd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CXwL4168207; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axqhes9fy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:49 -0400 X-Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188CfJxN022087; Wed, 8 Sep 2021 12:46:49 GMT X-Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by ppma04wdc.us.ibm.com with ESMTP id 3axcnq9thd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:49 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188CkmKl35062200 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 22C32112062; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1E849112072; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 8/9] ArmVirtPkg: Reference new TPM classes in the build system for compilation Date: Wed, 8 Sep 2021 08:46:43 -0400 Message-Id: <20210908124644.816856-9-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ewChh1fjZBxs6ZC4BHqI7DxJDxr66kjg X-Proofpoint-GUID: UzRZKJ5THwiVO_9BaQV4Pbegto9f8LQ1 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: A3KASkvN0bsqc5N805IYgoH3x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109184; bh=6xGwZKNSOGEwGNUVP2s9n8EnebMj3Tm/NGdi8/ipI1U=; h=Cc:Date:From:Reply-To:Subject:To; b=s3fwKZnkq7n4vMaVANZDm07PznwOLBEO2ltXd2KaktbchTVrmnDH7WJZ9pRAGPtM0l6 /OAnGwFgNCjbf415fNmzYle/9ZQMfcMEfQtnwpIWiBvwuWb2laBMHiY7MOuK1n4KH6XSq P53QNpJ9HtEL07dvO0Dmr3a29xeDUwoSn7I= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109185311100031 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger --- ArmVirtPkg/ArmVirtCloudHv.dsc | 1 + ArmVirtPkg/ArmVirtQemu.dsc | 2 ++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + ArmVirtPkg/ArmVirtXen.dsc | 1 + .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 5 files changed, 6 insertions(+) diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc index f292ba6079..3475bb7f0d 100644 --- a/ArmVirtPkg/ArmVirtCloudHv.dsc +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc @@ -55,6 +55,7 @@ PciHostBridgeUtilityLib|ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLi= b/ArmVirtPciHostBridgeUtilityLib.inf =20 TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 !include MdePkg/MdeLibs.dsc.inc =20 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 97539edef7..35aea68e02 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -86,8 +86,10 @@ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common.PEIM] diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 28064199c8..19c1908cd9 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -80,6 +80,7 @@ PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridge= Lib.inf PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostB= ridgeUtilityLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc index 2b07a5ba19..dbc40e854b 100644 --- a/ArmVirtPkg/ArmVirtXen.dsc +++ b/ArmVirtPkg/ArmVirtXen.dsc @@ -50,6 +50,7 @@ PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBoo= tManagerLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 11f52e019b..9f54224d3e 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -33,6 +33,7 @@ MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec ShellPkg/ShellPkg.dec =20 [LibraryClasses] --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80361): https://edk2.groups.io/g/devel/message/80361 Mute This Topic: https://groups.io/mt/85459208/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 02:50:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80359+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80359+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631109182; cv=none; d=zohomail.com; s=zohoarc; b=LU3I1w2LuR9POO8Ctr3wUveIUtAcxivqowXv4b3E40uQgsaCJXp4HbWw6XGJqWAMCIBntDKU7385VIYjum7p+dACP4Cyyan+a7/isgZQSIbyQUqC2dxsvinRJMgK5R8Bjg8aI+JBRVVLya7PeoWqvPiSvTP3czrB1+DjTlDtKbc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631109182; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2C81l3sqgy9iEnXfhptO7HafETD+qkGnNw3k4YxRrN8=; b=SXLwHprMRXgAT2HuS5Idf7AosQOsoidR5ttHpmr+bohblP+mX0NPw4LmfCx8WE0P5DOv5GKv3cb6vs1UUHNIXsoaksqJysmcB7IMB35i/PtyTUqn2vojg5QEkc6XwcNsm3Y5P155H9P76Akizt0mEZpgc9auBPSzj2L9rA2lTh4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80359+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631109182841804.7891847467589; Wed, 8 Sep 2021 06:53:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id J6x0YY1788612xsWa2vdcinz; Wed, 08 Sep 2021 06:53:02 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.10767.1631105211476724833 for ; Wed, 08 Sep 2021 05:46:51 -0700 X-Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 188CXhVr145609; Wed, 8 Sep 2021 08:46:51 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axmeq4xus-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:51 -0400 X-Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CYSha001217; Wed, 8 Sep 2021 08:46:50 -0400 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 3axmeq4xue-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 08:46:50 -0400 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188Cg0Q9002192; Wed, 8 Sep 2021 12:46:49 GMT X-Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by ppma02dal.us.ibm.com with ESMTP id 3axcnhx50j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 12:46:49 +0000 X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 188Ckm9x38142302 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 8 Sep 2021 12:46:48 GMT X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3C2E8112064; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2D59F112069; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 8 Sep 2021 12:46:48 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v6 9/9] ArmVirtPkg: Disable the TPM2 platform hierarchy Date: Wed, 8 Sep 2021 08:46:44 -0400 Message-Id: <20210908124644.816856-10-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: oydIZJ5p41mzhn8kQEb6FTv4ke3tWv6b X-Proofpoint-ORIG-GUID: vv5FMu6JruoZTmySLvNFIr5B1SRuvuhr Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: SWcmfEeBKmEXJFvl8naYRg4Tx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631109182; bh=GmrNZCZsMvK/JKT6XTsQ3OE3v11W0t14M6vOPvHodE0=; h=Cc:Date:From:Reply-To:Subject:To; b=FqVItT5jm4+mdzzweoVVGSyzcoy2XxmwhYhw1q65DJxPghGVcuejrr8RWqq9Ii2nXzp Re4GkygeswQjWH7Gm4W3HiHrw7ZP7nryF9DVr6bgYLr3qw4dKK6Vk+biEuxpCcuHJl/Un AKh8UfoNVEYqjdUQW/p1KABBOcMg8PJDvjI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631109183766100016 Content-Type: text/plain; charset="utf-8" Use the newly added function to disable the TPM2 platform hierarchy. Signed-off-by: Stefan Berger --- ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++++++ .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 2 files changed, 7 insertions(+) diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVi= rtPkg/Library/PlatformBootManagerLib/PlatformBm.c index 69448ff65b..456f9fb4cb 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -832,6 +833,11 @@ PlatformBootManagerAfterConsole ( EfiBootManagerConnectAll (); } =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Enumerate all possible boot options, then filter and reorder them bas= ed on // the QEMU configuration. diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 9f54224d3e..997eb1a442 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -48,6 +48,7 @@ QemuBootOrderLib QemuLoadImageLib ReportStatusCodeLib + TpmPlatformHierarchyLib UefiBootManagerLib UefiBootServicesTableLib UefiLib --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80359): https://edk2.groups.io/g/devel/message/80359 Mute This Topic: https://groups.io/mt/85459206/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-