From nobody Mon Feb  9 07:22:48 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+80360+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+80360+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1631109184; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HzWrHASe7Akz/gO2eYKJPq+FleJdCCPQnjjBb8rLcdYeNNWbbhvlcXQisTGrrWqtkKw7PX0JOkYPdT0n+LMPEd3krvMGv/DJtbnZjnuGycc11Cg/JHvsgqoBo0tuG89x/EbKT0XpPG/ocGY/1vyfjAJeOObIFj2gYiJQEBRxutE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1631109184;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=zHo1wcUg811a2dwH1sBjIsO4BiOAvS3zbhO+tCsoazs=;
	b=moIMVXf2sng+ueV5LoFWoR3UhVMz+dUg3YAE0Pafreb0IVHPFzjjkgWeixPDgL5ANd/0ckXHt4m4Koppo50DhnhEqmjh58fMCWp3hWfo0dkArk47u1NYere5NiYn9BjGscISwawcr8Cj1poRD6OYQMkPr3y9xwAqea/QMbb7qj0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+80360+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1631109184006819.0859870322223;
 Wed, 8 Sep 2021 06:53:04 -0700 (PDT)
Return-Path: <bounce+27952+80360+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id m087YY1788612xV738kn11cb;
 Wed, 08 Sep 2021 06:53:03 -0700
X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web11.10768.1631105211657169063
 for <devel@edk2.groups.io>;
 Wed, 08 Sep 2021 05:46:51 -0700
X-Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
 188CXq5q145220;
	Wed, 8 Sep 2021 08:46:50 -0400
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3axhcer3hk-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 08 Sep 2021 08:46:50 -0400
X-Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 188CYLZh146608;
	Wed, 8 Sep 2021 08:46:50 -0400
X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com
 [169.63.214.131])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3axhcer3h7-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 08 Sep 2021 08:46:50 -0400
X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1])
	by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 188Cg4ro013839;
	Wed, 8 Sep 2021 12:46:49 GMT
X-Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com
 [9.57.198.24])
	by ppma01dal.us.ibm.com with ESMTP id 3axcnq64p7-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Wed, 08 Sep 2021 12:46:49 +0000
X-Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com
 [9.57.199.109])
	by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 188CkmVK44761348
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Wed, 8 Sep 2021 12:46:48 GMT
X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 138E611206E;
	Wed,  8 Sep 2021 12:46:48 +0000 (GMT)
X-Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 0EFB8112069;
	Wed,  8 Sep 2021 12:46:48 +0000 (GMT)
X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152])
	by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  8 Sep 2021 12:46:48 +0000 (GMT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: devel@edk2.groups.io
Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com,
        kraxel@redhat.com, jiewen.yao@intel.com,
        Stefan Berger <stefanb@linux.vnet.ibm.com>,
        Stefan Berger <stefanb@linux.ibm.com>
Subject: [edk2-devel] [PATCH v6 7/9] SecurityPkg: Disable TPM platform
 hierarchy if TPM resume fails (S3 resume)
Date: Wed,  8 Sep 2021 08:46:42 -0400
Message-Id: <20210908124644.816856-8-stefanb@linux.vnet.ibm.com>
In-Reply-To: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com>
References: <20210908124644.816856-1-stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: nnHwymOlbSdhfg62uSYL4RXj3zlKXZnC
X-Proofpoint-ORIG-GUID: hS_CCiCiHFMfRQMZWeVXf9EsiPMx2Feb
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com
X-Gm-Message-State: IIE9wXArSSQPi2fS6i04z5ePx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1631109183;
 bh=UUlTLD4WycUweaaLHET0Qo++ZGFKoIDAw28Trap7Ggs=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=c/kM+p1bPDfHIuJW4Y0UgHq9o8SguQjHz+tGYDDdxK265dFerZrFMdPWqrKsBmp3Rf6
 uyXUrQ0xYTzJ+zfVzs/laiQyrKjJkIgjaWJLlrgxTccd9n+b4rx/A1oaIs6zffT/V+Out
 kfEL6qYUfpNhNfaNnCEcBf17vXjFAN2ufTA=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1631109185077100025
Content-Type: text/plain; charset="utf-8"

If Tpm2Startup(TPM_SU_STATE) fails, call ConfigureTPMPlatformHierarchy()
to disable the platform hierarchy.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c   | 2 ++
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 +
 2 files changed, 3 insertions(+)

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc=
g2Pei.c
index 93a8803ff6..63323b9509 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -30,6 +30,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/PeimEntryPoint.h>
 #include <Library/Tpm2CommandLib.h>
 #include <Library/Tpm2DeviceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
 #include <Library/HashLib.h>
 #include <Library/HobLib.h>
 #include <Library/PcdLib.h>
@@ -1050,6 +1051,7 @@ PeimEntryMA (
           if (!EFI_ERROR(Status)) {
             S3ErrorReport =3D TRUE;
           }
+          ConfigureTpmPlatformHierarchy ();
         }
       } else {
         Status =3D Tpm2Startup (TPM_SU_CLEAR);
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/=
Tcg2Pei.inf
index 06c26a2904..2f4988eb6b 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -55,6 +55,7 @@
   ReportStatusCodeLib
   ResetSystemLib
   PrintLib
+  TpmPlatformHierarchyLib
=20
 [Guids]
   gTcgEventEntryHobGuid                                                ## =
PRODUCES               ## HOB
--=20
2.31.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80360): https://edk2.groups.io/g/devel/message/80360
Mute This Topic: https://groups.io/mt/85459207/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-