From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80569+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80569+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551369; cv=none; d=zohomail.com; s=zohoarc; b=JQqXpTNZXkOZQw3bPWb+jQuqcbg52FKPAds80YNpVoTOeOa9LagF5kp/Rz2X9QHjh1PdoTTx6iK2Nua3DEPGmt7eGcczoJ6LKd+Aiu6VfKFLKEt51hRrt+AILD2zRR0cnYsVYxTmAEHdjRLb9Xu9Bumktydy3iFdDZ9tW2E3WWQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551369; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=BG2z/6iZz1c7bI16aPysT0Gp/x0n7Kb94qimrZWneGM=; b=GRn2TNNtdd/fcmnesTEzKDt9lnxI6dbHomFf7bysI3iFN5y1FBGfJvLu/AhFnmvGaQgclgT6mLlIZ5kYT6g5tKZeY2LBVn5ZM1gxXHcm+TOJrsoV22WQUkxBMfqdLwQM27wd+f2XSynXj28ekXU8fC7UaddQsPHfiMrppgQ1YwI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80569+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551369975219.26113979857303; Mon, 13 Sep 2021 09:42:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 60P8YY1788612xKpOFHUuKgA; Mon, 13 Sep 2021 09:42:49 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.30405.1631542875774346172 for ; Mon, 13 Sep 2021 07:21:16 -0700 X-Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DE6kDg018655; Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b2476y2uh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DCpvwc028894; Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b2476y2u2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDfc8007890; Mon, 13 Sep 2021 14:21:12 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma01dal.us.ibm.com with ESMTP id 3b0m3bt6q5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:12 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELBSx18415936 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:11 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DFDDF13604F; Mon, 13 Sep 2021 14:21:10 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6F9CC13605D; Mon, 13 Sep 2021 14:21:10 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:10 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 01/10] SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms Date: Mon, 13 Sep 2021 10:20:57 -0400 Message-Id: <20210913142106.2526997-2-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 5WQEx6cJAsf2W4RlAUh4ZLtX8kEOzqYI X-Proofpoint-ORIG-GUID: aHbzISgteiiCBu3VE7hrO0VVtv73cL_P X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: cabHQ64YSO1M2QoboJGoRkSjx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551369; bh=djhaDuRz9c/InfsKCTw+UsXZJb6eXsza6bchL+vPdp8=; h=Cc:Date:From:Reply-To:Subject:To; b=l8So/cdlfbGxGHLfZdODNh7V2mHlOhvFPyTPWIxvS6km8s07XM4JKdo3BeiAwMi1YWp uVa/QmPMD/+QPxhCh+NtXm1SoTCI3BkkEaBydgW3qTzPf4sS4HMSmItFaHB93TTdCLyh/ /hJPRyoBzPpx0Iidn7Qq9pupLm+HoyYEhko= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551370325100015 Content-Type: text/plain; charset="utf-8" Import PeiDxeTpmPlatformHierarchyLib from edk2-platforms without any modifications. Signed-off-by: Stefan Berger --- .../Include/Library/TpmPlatformHierarchyLib.h | 27 ++ .../PeiDxeTpmPlatformHierarchyLib.c | 266 ++++++++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 45 +++ 3 files changed, 338 insertions(+) create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDx= eTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDx= eTpmPlatformHierarchyLib.inf diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/Securi= tyPkg/Include/Library/TpmPlatformHierarchyLib.h new file mode 100644 index 0000000000..a872fa09dc --- /dev/null +++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h @@ -0,0 +1,27 @@ +/** @file + TPM Platform Hierarchy configuration library. + + This library provides functions for customizing the TPM's Platform Hie= rarchy + Authorization Value (platformAuth) and Platform Hierarchy Authorization + Policy (platformPolicy) can be defined through this function. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_ +#define _TPM_PLATFORM_HIERARCHY_LIB_H_ + +/** + This service will perform the TPM Platform Hierarchy configuration at t= he SmmReadyToLock event. + +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + VOID + ); + +#endif diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/Pei= DxeTpmPlatformHierarchyLib.c new file mode 100644 index 0000000000..9812ab99ab --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c @@ -0,0 +1,266 @@ +/** @file + TPM Platform Hierarchy configuration library. + + This library provides functions for customizing the TPM's Platform Hie= rarchy + Authorization Value (platformAuth) and Platform Hierarchy Authorization + Policy (platformPolicy) can be defined through this function. + + Copyright (c) 2019, Intel Corporation. All rights reserved.
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-g= uidance/ +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +// +// The authorization value may be no larger than the digest produced by th= e hash +// algorithm used for context integrity. +// +#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE + +UINT16 mAuthSize; + +/** + Generate high-quality entropy source through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy da= ta. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +RdRandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ) +{ + EFI_STATUS Status; + UINTN BlockCount; + UINT64 Seed[2]; + UINT8 *Ptr; + + Status =3D EFI_NOT_READY; + BlockCount =3D Length / 64; + Ptr =3D (UINT8 *)Entropy; + + // + // Generate high-quality seed for DRBG Entropy + // + while (BlockCount > 0) { + Status =3D GetRandomNumber128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, 64); + + BlockCount--; + Ptr =3D Ptr + 64; + } + + // + // Populate the remained data as request. + // + Status =3D GetRandomNumber128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, (Length % 64)); + + return Status; +} + +/** + This function returns the maximum size of TPM2B_AUTH; this structure is = used for an authorization value + and limits an authValue to being no larger than the largest digest produ= ced by a TPM. + + @param[out] AuthSize Tpm2 Auth size + + @retval EFI_SUCCESS Auth size returned. + @retval EFI_DEVICE_ERROR Can not return platform auth due to= device error. + +**/ +EFI_STATUS +EFIAPI +GetAuthSize ( + OUT UINT16 *AuthSize + ) +{ + EFI_STATUS Status; + TPML_PCR_SELECTION Pcrs; + UINTN Index; + UINT16 DigestSize; + + Status =3D EFI_SUCCESS; + + while (mAuthSize =3D=3D 0) { + + mAuthSize =3D SHA1_DIGEST_SIZE; + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); + Status =3D Tpm2GetCapabilityPcrs (&Pcrs); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); + break; + } + + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count)); + + for (Index =3D 0; Index < Pcrs.count; Index++) { + DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash)); + + switch (Pcrs.pcrSelections[Index].hash) { + case TPM_ALG_SHA1: + DigestSize =3D SHA1_DIGEST_SIZE; + break; + case TPM_ALG_SHA256: + DigestSize =3D SHA256_DIGEST_SIZE; + break; + case TPM_ALG_SHA384: + DigestSize =3D SHA384_DIGEST_SIZE; + break; + case TPM_ALG_SHA512: + DigestSize =3D SHA512_DIGEST_SIZE; + break; + case TPM_ALG_SM3_256: + DigestSize =3D SM3_256_DIGEST_SIZE; + break; + default: + DigestSize =3D SHA1_DIGEST_SIZE; + break; + } + + if (DigestSize > mAuthSize) { + mAuthSize =3D DigestSize; + } + } + break; + } + + *AuthSize =3D mAuthSize; + return Status; +} + +/** + Set PlatformAuth to random value. +**/ +VOID +RandomizePlatformAuth ( + VOID + ) +{ + EFI_STATUS Status; + UINT16 AuthSize; + UINT8 *Rand; + UINTN RandSize; + TPM2B_AUTH NewPlatformAuth; + + // + // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth= being null + // + + GetAuthSize (&AuthSize); + + ZeroMem (NewPlatformAuth.buffer, AuthSize); + NewPlatformAuth.size =3D AuthSize; + + // + // Allocate one buffer to store random data. + // + RandSize =3D MAX_NEW_AUTHORIZATION_SIZE; + Rand =3D AllocatePool (RandSize); + + RdRandGenerateEntropy (RandSize, Rand); + CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); + + FreePool (Rand); + + // + // Send Tpm2HierarchyChangeAuth command with the new Auth value + // + Status =3D Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformA= uth); + DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); + ZeroMem (NewPlatformAuth.buffer, AuthSize); + ZeroMem (Rand, RandSize); +} + +/** + Disable the TPM platform hierarchy. + + @retval EFI_SUCCESS The TPM was disabled successfully. + @retval Others An error occurred attempting to disable the = TPM platform hierarchy. + +**/ +EFI_STATUS +DisableTpmPlatformHierarchy ( + VOID + ) +{ + EFI_STATUS Status; + + // Make sure that we have use of the TPM. + Status =3D Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a:%a() - Tpm2RequestUseTpm Failed! %r\n", gEfiC= allerBaseName, __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + return Status; + } + + // Let's do what we can to shut down the hierarchies. + + // Disable the PH NV. + // IMPORTANT NOTE: We *should* be able to disable the PH NV here, but TP= M parts have + // been known to store the EK cert in the PH NV. If we d= isable it, the + // EK cert will be unreadable. + + // Disable the PH. + Status =3D Tpm2HierarchyControl ( + TPM_RH_PLATFORM, // AuthHandle + NULL, // AuthSession + TPM_RH_PLATFORM, // Hierarchy + NO // State + ); + DEBUG ((DEBUG_VERBOSE, "%a:%a() - Disable PH =3D %r\n", gEfiCallerBaseN= ame, __FUNCTION__, Status)); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a:%a() - Disable PH Failed! %r\n", gEfiCallerB= aseName, __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + } + + return Status; +} + +/** + This service defines the configuration of the Platform Hierarchy Author= ization Value (platformAuth) + and Platform Hierarchy Authorization Policy (platformPolicy) + +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + ) +{ + if (PcdGetBool (PcdRandomizePlatformHierarchy)) { + // + // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAu= th being null + // + RandomizePlatformAuth (); + } else { + // + // Disable the hierarchy entirely (do not randomize it) + // + DisableTpmPlatformHierarchy (); + } +} diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P= eiDxeTpmPlatformHierarchyLib.inf new file mode 100644 index 0000000000..b7a7fb0a08 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf @@ -0,0 +1,45 @@ +### @file +# +# TPM Platform Hierarchy configuration library. +# +# This library provides functions for customizing the TPM's Platform Hie= rarchy +# Authorization Value (platformAuth) and Platform Hierarchy Authorization +# Policy (platformPolicy) can be defined through this function. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PeiDxeTpmPlatformHierarchyLib + FILE_GUID =3D 7794F92C-4E8E-4E57-9E4A-49A0764C7D73 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV= ER + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + PcdLib + RngLib + Tpm2CommandLib + Tpm2DeviceLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + MinPlatformPkg/MinPlatformPkg.dec + +[Sources] + PeiDxeTpmPlatformHierarchyLib.c + +[Pcd] + gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80569): https://edk2.groups.io/g/devel/message/80569 Mute This Topic: https://groups.io/mt/85580077/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80570+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80570+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551370; cv=none; d=zohomail.com; s=zohoarc; b=jS2b7spZB9cgz52q8k3Wug0vTqMJatcs5NWVkZqHotDcBxRmOeVP0UB9jUKUTKo3v95rEUWGNNeorne2/xePEgYwE9A2S1L/agatSr9gwr21XRuBjlqZYgBMLq148wIrHAD4zF/ZRiAAgeg6lWxo5/zET6N/OnIDtQ9NnDZlEao= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551370; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=tzRwBmqwmlqZTXY2R4uacB50EAl28MpzbMPeRB9LWoY=; b=gwJJph8YiWbj1jLrqznGvU1VPvRzaIo5OJmI/6WbLBHOZgjZn3w+qqNv850+0a2Re1ANOXVbFqMxrNZgVUKn7re6xsQ2ePVaA9hwCI/GDHm4G88b6PnFt7NlRtIFjgqofMuOhx0LU2Zuk8EaXgbw4IXP+jLOE0GoLB+GmIYFaXg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80570+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551370404670.2505506958558; Mon, 13 Sep 2021 09:42:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id aMJLYY1788612xY8BcmHaeV6; Mon, 13 Sep 2021 09:42:50 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.30221.1631542875686592521 for ; Mon, 13 Sep 2021 07:21:16 -0700 X-Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DD6q60002753; Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232sh2yv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DBcfDv006531; Mon, 13 Sep 2021 10:21:13 -0400 X-Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232sh2y8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:13 -0400 X-Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDJft020563; Mon, 13 Sep 2021 14:21:12 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma04wdc.us.ibm.com with ESMTP id 3b0m3aa17v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:12 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELBX418874946 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:11 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7C9D7136071; Mon, 13 Sep 2021 14:21:11 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0C5A213605D; Mon, 13 Sep 2021 14:21:11 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:10 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 02/10] SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib Date: Mon, 13 Sep 2021 10:20:58 -0400 Message-Id: <20210913142106.2526997-3-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 3zid00-x7wysr4X3C5Iz0HOr1WOvFigI X-Proofpoint-GUID: ZO7iGrp58hY9Dp34lxiEpT8Z0gdM3vZz Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: y4Wp5Ls88j3WhvRbfr1qYmZvx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551370; bh=lK5KaNuEY1AUX65fEQa+NkicTP4qkQSFKisa0Gv49Sc=; h=Cc:Date:From:Reply-To:Subject:To; b=T+opPEXAg20rPnqdtNryTsVFDwcF0WzixGOfThGEnvA5QirJhfYmTqdeMNCdLS9Y1Yj ETglkimB+1iiDr7LbOrawqxH2aLVKnBZRnzyy/dP1eWoG1KJPqi+F2Gen410np9eelksK pAskHTKrHteeRef5+L24w57Hcc2uALysF30= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551372241100019 Content-Type: text/plain; charset="utf-8" Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c. Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.c | 23 +++++-------------- .../PeiDxeTpmPlatformHierarchyLib.inf | 5 ++-- 2 files changed, 8 insertions(+), 20 deletions(-) diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/Pei= DxeTpmPlatformHierarchyLib.c index 9812ab99ab..d82a0ae1bd 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include @@ -27,7 +26,6 @@ // The authorization value may be no larger than the digest produced by th= e hash // algorithm used for context integrity. // -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE =20 UINT16 mAuthSize; =20 @@ -54,7 +52,7 @@ RdRandGenerateEntropy ( UINT8 *Ptr; =20 Status =3D EFI_NOT_READY; - BlockCount =3D Length / 64; + BlockCount =3D Length / sizeof(Seed); Ptr =3D (UINT8 *)Entropy; =20 // @@ -65,10 +63,10 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, 64); + CopyMem (Ptr, Seed, sizeof(Seed)); =20 BlockCount--; - Ptr =3D Ptr + 64; + Ptr =3D Ptr + sizeof(Seed); } =20 // @@ -78,7 +76,7 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, (Length % 64)); + CopyMem (Ptr, Seed, (Length % sizeof(Seed))); =20 return Status; } @@ -164,8 +162,6 @@ RandomizePlatformAuth ( { EFI_STATUS Status; UINT16 AuthSize; - UINT8 *Rand; - UINTN RandSize; TPM2B_AUTH NewPlatformAuth; =20 // @@ -174,19 +170,13 @@ RandomizePlatformAuth ( =20 GetAuthSize (&AuthSize); =20 - ZeroMem (NewPlatformAuth.buffer, AuthSize); NewPlatformAuth.size =3D AuthSize; =20 // - // Allocate one buffer to store random data. + // Create the random bytes in the destination buffer // - RandSize =3D MAX_NEW_AUTHORIZATION_SIZE; - Rand =3D AllocatePool (RandSize); - - RdRandGenerateEntropy (RandSize, Rand); - CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); =20 - FreePool (Rand); + RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer); =20 // // Send Tpm2HierarchyChangeAuth command with the new Auth value @@ -194,7 +184,6 @@ RandomizePlatformAuth ( Status =3D Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformA= uth); DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); ZeroMem (NewPlatformAuth.buffer, AuthSize); - ZeroMem (Rand, RandSize); } =20 /** diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P= eiDxeTpmPlatformHierarchyLib.inf index b7a7fb0a08..7bf666794f 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf @@ -1,6 +1,5 @@ -### @file -# -# TPM Platform Hierarchy configuration library. +## @file +# TPM Platform Hierarchy configuration library. # # This library provides functions for customizing the TPM's Platform Hie= rarchy # Authorization Value (platformAuth) and Platform Hierarchy Authorization --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80570): https://edk2.groups.io/g/devel/message/80570 Mute This Topic: https://groups.io/mt/85580079/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80568+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80568+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551368; cv=none; d=zohomail.com; s=zohoarc; b=ENQjbDx3MzPqC21utLj6Ww6X9FpVwvkYpyVjCkySdzG7TzDV8hruAXXvvtBLxpiKGvY+h8kuEoUjp5Sw070uRZXwn+blQ5L8iIkM+ay0PgkNkfvkM3P1JsbkclA6HOvR3Xp1oO9IXdSBi8OS8ikAYTHowj9TJZmH70lxK4bWQSk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551368; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=G46lXmvIVLMXVgFuQgJr1z6Nz8ItM8MiHlIFDm0sF1k=; b=cJ4LR4hyABpWM+4jutQSKMft3r213oh+/yRMZM4mDtlSC9/GirzE8Ihy803NdeQinlCV5hd0HPg/yrX2RuYOOKi73wBtdWZ3kHJsFXdQozFI9WQX5d4pP6HXu4J1yefeqLZY5XF661gYynIVcbAZSmIiXiaIiGct1XnM8BmWCfk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80568+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 163155136831412.349623094385947; Mon, 13 Sep 2021 09:42:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id PPPJYY1788612xBUPlpQlmGf; Mon, 13 Sep 2021 09:42:48 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.30260.1631542875870151941 for ; Mon, 13 Sep 2021 07:21:16 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DD5kxl018915; Mon, 13 Sep 2021 10:21:15 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah77m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:15 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DDtkl7011623; Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah770-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:14 -0400 X-Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDgOT009406; Mon, 13 Sep 2021 14:21:13 GMT X-Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma02wdc.us.ibm.com with ESMTP id 3b0m3aa10r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:13 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELCh825952668 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:12 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 188D513604F; Mon, 13 Sep 2021 14:21:12 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9BB91136055; Mon, 13 Sep 2021 14:21:11 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:11 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 03/10] SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms Date: Mon, 13 Sep 2021 10:20:59 -0400 Message-Id: <20210913142106.2526997-4-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: fQq66BRZFZbdUzxZQXTa19fh087KoK9b X-Proofpoint-ORIG-GUID: noENRjMCWGj-k8QaqXO2LBnpj0m5_w-o Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: OH7Ha0jYQM41hQaR27DdSJLPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551368; bh=1EyvirbDm6Qc53DQiuDpg3bhOqXeOjRBDxE10gUNk0U=; h=Cc:Date:From:Reply-To:Subject:To; b=AauOzUNWjNewXMa4ec3fiFI3vkxaYmo0rqcjOx5FtBJlfRDKBAYeRFr/EOzEIlE0xHf ctebglr+f47SX2IvzirIoGE3Ppak8v7Qqd6T3BSAMEyWgR9cDz9by9BtCvhBsb0g/xkA1 Yp8zzvhShTdcikarsoznDE61V8MT2MNjmos= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551370096100004 Content-Type: text/plain; charset="utf-8" Import Tcg2PlatformDxe from edk2-platforms without any modifications. Signed-off-by: Stefan Berger --- .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 85 +++++++++++++++++++ .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 44 ++++++++++ 2 files changed, 129 insertions(+) create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c b/SecurityPk= g/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c new file mode 100644 index 0000000000..150cf748ff --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c @@ -0,0 +1,85 @@ +/** @file + Platform specific TPM2 component for configuring the Platform Hierarchy. + + Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include + +/** + This callback function will run at the SmmReadyToLock event. + + Configuration of the TPM's Platform Hierarchy Authorization Value (plat= formAuth) + and Platform Hierarchy Authorization Policy (platformPolicy) can be def= ined through this function. + + @param Event Pointer to this event + @param Context Event hanlder private data + **/ +VOID +EFIAPI +SmmReadyToLockEventCallBack ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + VOID *Interface; + + // + // Try to locate it because EfiCreateProtocolNotifyEvent will trigger it= once when registration. + // Just return if it is not found. + // + Status =3D gBS->LocateProtocol ( + &gEfiDxeSmmReadyToLockProtocolGuid, + NULL, + &Interface + ); + if (EFI_ERROR (Status)) { + return ; + } + + ConfigureTpmPlatformHierarchy (); + + gBS->CloseEvent (Event); +} + +/** + The driver's entry point. Will register a function for callback during = SmmReadyToLock event to + configure the TPM's platform authorization. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry poi= nt. +**/ +EFI_STATUS +EFIAPI +Tcg2PlatformDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + VOID *Registration; + EFI_EVENT Event; + + Event =3D EfiCreateProtocolNotifyEvent ( + &gEfiDxeSmmReadyToLockProtocolGuid, + TPL_CALLBACK, + SmmReadyToLockEventCallBack, + NULL, + &Registration + ); + + ASSERT (Event !=3D NULL); + + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf b/Security= Pkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf new file mode 100644 index 0000000000..af29c1cd98 --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf @@ -0,0 +1,44 @@ +### @file +# Platform specific TPM2 component. +# +# Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 0x00010017 + BASE_NAME =3D Tcg2PlatformDxe + FILE_GUID =3D 5CAB08D5-AD8F-4d8b-B828-D17A8D9FE977 + VERSION_STRING =3D 1.0 + MODULE_TYPE =3D DXE_DRIVER + ENTRY_POINT =3D Tcg2PlatformDxeEntryPoint +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 IPF +# + +[LibraryClasses] + BaseLib + UefiBootServicesTableLib + UefiDriverEntryPoint + DebugLib + UefiLib + TpmPlatformHierarchyLib + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + MinPlatformPkg/MinPlatformPkg.dec + SecurityPkg/SecurityPkg.dec + +[Sources] + Tcg2PlatformDxe.c + +[Protocols] + gEfiDxeSmmReadyToLockProtocolGuid ## SOMETIMES_CONSUMES ## N= OTIFY + +[Depex] + gEfiTcg2ProtocolGuid --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80568): https://edk2.groups.io/g/devel/message/80568 Mute This Topic: https://groups.io/mt/85580076/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80571+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80571+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551371; cv=none; d=zohomail.com; s=zohoarc; b=Us8Myq9LqMMdKXsFn7+3hcaDXZxtLl4G7jFuEn+w35l95AFyIJY0id2DqU1p8Cpz25J/mYYRlyKHc/7qdDSmvFbEy8rfsHMAirBc4ExyVilSZ2QKokiC6nIVPSbG3CBtSegCOrnyZL87qkyuKq4VOxd66NJzzhaiWI5TGIaP8zc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551371; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=dbd/DFp3yt7aqi2sP0ergI7mibQWpTpX56+Xnz42CKc=; b=ZKSru5/8NA4x+qe9xEbwkcU1uCiRJtb0AL7YujkO3tu1SXFRxWitUVP9VxGKKhKqLtCJKxiESxpTElfvnecY36bCRheWRG7e8LtE34MOq+xr638MPoxmhVOBlzN0hU8FsRsGmYku+weFwAC5wE+HM6KmHZg0j4RsGoR8sQfICiQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80571+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551371696649.5259777537203; Mon, 13 Sep 2021 09:42:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id PuRRYY1788612xWqgtv3d85d; Mon, 13 Sep 2021 09:42:51 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.30261.1631542876475329798 for ; Mon, 13 Sep 2021 07:21:16 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DD7LxN018795; Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah77w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DDtklA011623; Mon, 13 Sep 2021 10:21:15 -0400 X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah775-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:15 -0400 X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDjCi003172; Mon, 13 Sep 2021 14:21:13 GMT X-Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma01wdc.us.ibm.com with ESMTP id 3b0m38t3pn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:13 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELCFx21561668 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:12 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A864213606E; Mon, 13 Sep 2021 14:21:12 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3735F136055; Mon, 13 Sep 2021 14:21:12 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:12 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 04/10] SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues Date: Mon, 13 Sep 2021 10:21:00 -0400 Message-Id: <20210913142106.2526997-5-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: GT8V-jyjo2DJwp1nGxPc-FAHJjT78Vxc X-Proofpoint-ORIG-GUID: g3xMu1VS5i2AV2GJVNBQ23roCcMVhdtL Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: UvJBXeupYVSmpM1qwrp5HyfHx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551371; bh=ylKGQKqmNmqxrsWopU/mooplu/B7FRfdeN6Y11Rqqww=; h=Cc:Date:From:Reply-To:Subject:To; b=rG7UpFkYFb4jvUxjJ/znWeHXJCDhGP4+rGuLBtLQZqagQnInbeahStVhOFZ/8Vt05tO IxFgZCtNU3h9vqWmTDOKWLjGqs/Gzd4Px+efD0GLvrC9MgOjBrGDMg/F3bGnRODJcVQAk tHUt4OgOld/HxmG8LQxCkkkgCMALDIhuw5I= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551372488100029 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger --- SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h | 4 ++-- .../PeiDxeTpmPlatformHierarchyLib.c | 2 +- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 3 +-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h b/Securi= tyPkg/Include/Library/TpmPlatformHierarchyLib.h index a872fa09dc..8d61a4867b 100644 --- a/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h +++ b/SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h @@ -11,8 +11,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 -#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_ -#define _TPM_PLATFORM_HIERARCHY_LIB_H_ +#ifndef TPM_PLATFORM_HIERARCHY_LIB_H_ +#define TPM_PLATFORM_HIERARCHY_LIB_H_ =20 /** This service will perform the TPM Platform Hierarchy configuration at t= he SmmReadyToLock event. diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/Pei= DxeTpmPlatformHierarchyLib.c index d82a0ae1bd..0bb04a20fc 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.c @@ -233,7 +233,7 @@ DisableTpmPlatformHierarchy ( =20 /** This service defines the configuration of the Platform Hierarchy Author= ization Value (platformAuth) - and Platform Hierarchy Authorization Policy (platformPolicy) + and Platform Hierarchy Authorization Policy (platformPolicy). =20 **/ VOID diff --git a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf b/Security= Pkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf index af29c1cd98..635302fe6f 100644 --- a/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +++ b/SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf @@ -1,4 +1,4 @@ -### @file +## @file # Platform specific TPM2 component. # # Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.
@@ -31,7 +31,6 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec - MinPlatformPkg/MinPlatformPkg.dec SecurityPkg/SecurityPkg.dec =20 [Sources] --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80571): https://edk2.groups.io/g/devel/message/80571 Mute This Topic: https://groups.io/mt/85580080/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80572+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80572+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551370; cv=none; d=zohomail.com; s=zohoarc; b=JwQGmv1wLRirasbGJnwcHVRKM9gGPszTe4fTUjBRa6kV85lSymWXSaBf6s0jqDXmwUxJtz10DtpJL3JPHeEtTiSgekKuHGlhp/Crmsc6PCnYQne65D40NoMezVAa/a6Rp5dqLho+F1J1rU+nJqR2Q0pi/z3V7OdpiD8ECxR5sbw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551370; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=0Qz/38OdO7BrLMzBP7pWaUbU7Zlw0AQcPD5fCiopeLo=; b=JgPtQwwG2d5csI7IZR5s+FJ5ry6eO2f7xMup0k85pX4YG1frqv34J/XZMWz+///D8VrwpS98xLIW2xa1bFWefeIzBE3DDhcLV/FwiKQLJR9cL/85wLgYmrUOWi27Lqo4JOP7QPCTTylHvnBBOxMqprAaq1H+HPLdz+cvwXy/E40= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80572+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551370977937.7992770300235; Mon, 13 Sep 2021 09:42:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xKvnYY1788612xFitLp189IN; Mon, 13 Sep 2021 09:42:50 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web08.30451.1631542877241733538 for ; Mon, 13 Sep 2021 07:21:17 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DD0Uji018963; Mon, 13 Sep 2021 10:21:17 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah78n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DDAuZd032091; Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah77j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDxHd022896; Mon, 13 Sep 2021 14:21:14 GMT X-Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma04dal.us.ibm.com with ESMTP id 3b0m39t83j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:14 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELD0l18416000 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:13 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 44AFA13605E; Mon, 13 Sep 2021 14:21:13 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C79C7136072; Mon, 13 Sep 2021 14:21:12 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:12 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 05/10] SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy Date: Mon, 13 Sep 2021 10:21:01 -0400 Message-Id: <20210913142106.2526997-6-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: YWgZFF4LigQFRXfy1O1ic2gIZIrdadD4 X-Proofpoint-ORIG-GUID: cYDw8kgEzbV_Yj-u4eFLvD4SRdVnSDsq Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: CTr2p8KkdQN2fxbDntHNmJnGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551370; bh=UJoXvT0ZSf8g1G2glkS7Cd7vVee/ihCYvUdxczUjYbw=; h=Cc:Date:From:Reply-To:Subject:To; b=xWLkjZjNJlPHkQ0VHv/GsPja5zD2SOEcntwSF9juzJjbRSk5Ffd7+iB1C4ZAEuuuLyM 26bNpvQw90jKYgewj9rrm+9QJktSgGLCM94KAsB8WY7zbz4OMRu8EmC9XF3A4u6YoHBdF 0Q+64JVcn6+l+W/9bpyfa7Hz9eV1GqJBclQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551372316100022 Content-Type: text/plain; charset="utf-8" Introduce the new PCD gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy. We need it for TpmPlatformHierarchyLib. Signed-off-by: Stefan Berger --- .../PeiDxeTpmPlatformHierarchyLib.inf | 3 +-- SecurityPkg/SecurityPkg.dec | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPla= tformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/P= eiDxeTpmPlatformHierarchyLib.inf index 7bf666794f..efe560e7ff 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHi= erarchyLib.inf @@ -35,10 +35,9 @@ MdeModulePkg/MdeModulePkg.dec SecurityPkg/SecurityPkg.dec CryptoPkg/CryptoPkg.dec - MinPlatformPkg/MinPlatformPkg.dec =20 [Sources] PeiDxeTpmPlatformHierarchyLib.c =20 [Pcd] - gMinPlatformPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy + gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d5ace6f654..2cb5bfa0ac 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -342,6 +342,12 @@ # @Prompt Physical presence of the platform operator. gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x0001= 0001 =20 + ## Indicates whether the TPM2 platform hierarchy will be disabled by usi= ng + # a random password or by disabling the hierarchy + # TRUE - A random password will be used + # FALSE - The hierarchy will be disabled + gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy|TRUE|BOOLEAN= |0x00010024 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Indicates whether TPM physical presence is locked during platform ini= tialization. # Once it is locked, it can not be unlocked for TPM life time.

--=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80572): https://edk2.groups.io/g/devel/message/80572 Mute This Topic: https://groups.io/mt/85580081/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80573+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80573+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551374; cv=none; d=zohomail.com; s=zohoarc; b=hk+36I7qvlHokGQ0fzKFlIxvbT0AAn5w56bKo6lmXgeoh9H49ursC6XKuJD2zI3Ltxj3Tk8DTPIRG9PhEywDjDkfe45kXdolneNUDydi3ZokPQG58qTuw44kMr2zSwdb29JWUM5zMntlGJ8XCISBH5fRNKiFkpIr/2KC33X8IxU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551374; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=uwZVMV16jHMtpi//qPj5oxU4IeVueW/iB69HiTI53w0=; b=doLFq2iBmzRG/4yTX4fkbiIZz5kQMXq5Wc6jx8Ep1KaQcSh8Pz/TQSuoVFn+BtQLANjQZliPClmIqWVnKsFIQH1k5Dt70Fxwmy3yelLVVqSW0jOJ+EMYLipyhcSp+B2V4ncImm6qckWIJ7ogiZE06gP+tLcCB2FjiUzB7JRc5qQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80573+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 163155137461189.1596943136949; Mon, 13 Sep 2021 09:42:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Rl68YY1788612xKtxmlghtab; Mon, 13 Sep 2021 09:42:54 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web09.30222.1631542877659136858 for ; Mon, 13 Sep 2021 07:21:17 -0700 X-Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DCYNHD007966; Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b24fvefj6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DDXm52018917; Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b24fvefhr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDxai022925; Mon, 13 Sep 2021 14:21:15 GMT X-Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma04dal.us.ibm.com with ESMTP id 3b0m39t84a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:15 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELEeX31588680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:14 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DF66D136061; Mon, 13 Sep 2021 14:21:13 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 652E7136069; Mon, 13 Sep 2021 14:21:13 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:13 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 06/10] OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation Date: Mon, 13 Sep 2021 10:21:02 -0400 Message-Id: <20210913142106.2526997-7-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Xj7snPUlQGuxJHuJdguz5Mm4MWfRKHaF X-Proofpoint-ORIG-GUID: kKIDMJhXepHtoCGqR9paAXHde6om7r5i Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: gLtBxI86Mosk32g6C8rbkjvAx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551374; bh=Pva7fQG4JFHa42+FglXU2rgiO3lGbv63knHRKX45AVM=; h=Cc:Date:From:Reply-To:Subject:To; b=r3wFpzmzDoWrZxGIqnzogbJkAr32bIOkjEnkiV4wVCeyQi93yA2ilmf2MU9OwhUhhrX d9kWOaYSfErqN6tDVBxA7Le1fApfmroKFkcwhP4xBfIx6EjxtClW0WWyIYKbYOthsZwXc QNwkGFTxeubul13IHSX2rvZXQVv5efPcDU4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551376879100001 Content-Type: text/plain; charset="utf-8" Compile the Tcg2PlatformDxe related code now. Signed-off-by: Stefan Berger --- OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/OvmfPkgIa32.dsc | 4 ++++ OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++ OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 4 ++++ OvmfPkg/OvmfPkgX64.fdf | 1 + 8 files changed, 20 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index e6cd10b759..3079f4b503 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -851,4 +851,8 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 0a89749700..a9f675303f 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -313,6 +313,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl= eRuntimeDxe.inf !if $(TPM_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf !if $(TPM_CONFIG_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d1d92c97ba..923a012f0c 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -1034,6 +1034,10 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif =20 !if $(LOAD_X64_ON_IA32_ENABLE) =3D=3D TRUE diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 04b41445ca..bb3b53626e 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -363,6 +363,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl= eRuntimeDxe.inf !if $(TPM_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf !if $(TPM_CONFIG_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index a467ab7090..b907b36973 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -1049,4 +1049,8 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 02fd8f0c41..030638ae78 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -370,6 +370,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl= eRuntimeDxe.inf !if $(TPM_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf !if $(TPM_CONFIG_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index e56b83d95e..8aca437a9b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -1047,4 +1047,8 @@ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 23936242e7..888363ff9d 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -389,6 +389,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl= eRuntimeDxe.inf !if $(TPM_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf !if $(TPM_CONFIG_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80573): https://edk2.groups.io/g/devel/message/80573 Mute This Topic: https://groups.io/mt/85580082/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80574+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80574+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551372; cv=none; d=zohomail.com; s=zohoarc; b=B3hPphksEwiN3LWvsSe8XRizYUITtBSr1qLCsoQ21z1fVGmnptwdNPNjxwKF6wXdMdOpszmKr3u5F1N/LHz43ZcEuBvP5JI6D6aSevkxvUX1cK8eB09nugYgrbBhK/H7Vbuw0MLODq2sDOQBPxyW1xoCnLTLh6ygtfM0rJ/3Fjc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551372; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=byjcEwdzBrQbn/a4QHyrWcB6m/Hp846hdHiHoSmIO3Y=; b=UTIskoNPIftR4Eim1aE4+qXtCO/+O7x6h1O+K5hzokbZrca2T4kDoXqXkFLfO8/mbc9uB4Xmpoqd0U/fYvTTzxjmlC9Ln0Ox8UF1NgPUtdSlclAFkVQ0k2lk6lj2LRgJWOndBV+FXUfHea0fQ48VWTqd/WGMNw3B6WBlUGU4skc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80574+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551372126718.1397489081971; Mon, 13 Sep 2021 09:42:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id DIN7YY1788612xpEWk8K0ZKE; Mon, 13 Sep 2021 09:42:51 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.30409.1631542878629486183 for ; Mon, 13 Sep 2021 07:21:18 -0700 X-Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DD5PhO033085; Mon, 13 Sep 2021 10:21:17 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232j0u5p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:17 -0400 X-Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DBkeDO022617; Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232j0u5a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:16 -0400 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDi2v018642; Mon, 13 Sep 2021 14:21:16 GMT X-Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma03dal.us.ibm.com with ESMTP id 3b0m3a29jk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:15 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELEI125559356 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:14 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7199B13605E; Mon, 13 Sep 2021 14:21:14 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0163F13604F; Mon, 13 Sep 2021 14:21:14 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:13 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 07/10] SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms Date: Mon, 13 Sep 2021 10:21:03 -0400 Message-Id: <20210913142106.2526997-8-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: LZTpqLcyYjLXqtdyRcuUQoxeNi-16hE_ X-Proofpoint-ORIG-GUID: bjErFKD88OrG4wCs6xi328oeD418lNMR Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: 8bu4bL0UwXiJna8ixAEYcDxex1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551371; bh=+We5BLW2dgbh40ng2IMtffx2Ny7xwRddgCbX1veNBBc=; h=Cc:Date:From:Reply-To:Subject:To; b=ldEmHK8yMafNrkfOX+eQhsy9aWUCF5TiTaPU1XV4S3zghQ/qhRIxTos4UMicsDdvgH/ /J9k8MdbCP0MIj0XGDcZBoMd0X2H9POjd0ibAH/KinnZplhcaW1XUqFlgifOrBbQZ9nMH Pjfylena0Sf/crIk619i6txB1/G0CvsIWyY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551372537100032 Content-Type: text/plain; charset="utf-8" Import Tcg2PlatformPei from edk2-platforms without any modifications. Signed-off-by: Stefan Berger --- .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 107 ++++++++++++++++++ .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 52 +++++++++ 2 files changed, 159 insertions(+) create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/SecurityPk= g/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c new file mode 100644 index 0000000000..66ec75ad0e --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c @@ -0,0 +1,107 @@ +/** @file + +Copyright (c) 2017, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE + +/** + This function handles PlatformInit task at the end of PEI + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification = event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this fu= nction. + + @retval EFI_SUCCESS The function completes successfully + @retval others +**/ +EFI_STATUS +EFIAPI +PlatformInitEndOfPei ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + VOID *TcgEventLog; + + // + // Try to get TcgEventLog in S3 to see if S3 error is reported. + // + TcgEventLog =3D GetFirstGuidHob(&gTcgEventEntryHobGuid); + if (TcgEventLog =3D=3D NULL) { + TcgEventLog =3D GetFirstGuidHob(&gTcgEvent2EntryHobGuid); + } + + if (TcgEventLog =3D=3D NULL) { + // + // no S3 error reported + // + return EFI_SUCCESS; + } + + // + // If there is S3 error on TPM_SU_STATE and success on TPM_SU_CLEAR, + // configure the TPM Platform Hierarchy. + // + ConfigureTpmPlatformHierarchy (); + + return EFI_SUCCESS; +} + +static EFI_PEI_NOTIFY_DESCRIPTOR mEndOfPeiNotifyList =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEfiEndOfPeiSignalPpiGuid, + (EFI_PEIM_NOTIFY_ENTRY_POINT)PlatformInitEndOfPei +}; + +/** + Main entry + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Pointer to PEI Services table. + + @retval EFI_SUCCESS Install function successfully. + +**/ +EFI_STATUS +EFIAPI +Tcg2PlatformPeiEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; + + Status =3D PeiServicesGetBootMode (&BootMode); + ASSERT_EFI_ERROR(Status); + + if (BootMode !=3D BOOT_ON_S3_RESUME) { + return EFI_SUCCESS; + } + + // + // Performing PlatformInitEndOfPei after EndOfPei PPI produced + // + Status =3D PeiServicesNotifyPpi (&mEndOfPeiNotifyList); + + return Status; +} diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/Security= Pkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf new file mode 100644 index 0000000000..579f09b940 --- /dev/null +++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf @@ -0,0 +1,52 @@ +### @file +# +# Copyright (c) 2017, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 0x00010017 + BASE_NAME =3D Tcg2PlatformPei + FILE_GUID =3D 47727552-A54B-4A84-8CC1-BFF23E239636 + VERSION_STRING =3D 1.0 + MODULE_TYPE =3D PEIM + ENTRY_POINT =3D Tcg2PlatformPeiEntryPoint + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC +# + +[LibraryClasses] + PcdLib + BaseMemoryLib + MemoryAllocationLib + PeiServicesLib + PeimEntryPoint + DebugLib + Tpm2DeviceLib + Tpm2CommandLib + TpmPlatformHierarchyLib + RngLib + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + MinPlatformPkg/MinPlatformPkg.dec + +[Sources] + Tcg2PlatformPei.c + +[Guids] + gTcgEventEntryHobGuid + gTcgEvent2EntryHobGuid + +[Ppis] + gEfiEndOfPeiSignalPpiGuid + +[Depex] + gEfiTpmDeviceSelectedGuid + --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80574): https://edk2.groups.io/g/devel/message/80574 Mute This Topic: https://groups.io/mt/85580083/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80575+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80575+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551372; cv=none; d=zohomail.com; s=zohoarc; b=ET8g4qCEmYJAHAJazVNb7BL4EeEIBDVM28DFs28BG8PS5SNhdZ8/OOfIb/hXYi1DJ6JnjDOEpnMGiBrp23my7to1/ayfLHTgRV/hK7LRuWdUnDliq23KB3DMKnx2JZaOZuIdMAjskgVCOtYzmXfzgAUe4xSoYA/k5P12paI7bLA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551372; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=CQJglH9aV7AFTebIZ4Iv3bG+jgCuaohG1QE8Cp+2R+E=; b=OG9chy6LHM+R/Rr7jhdP0g/RSoSl5j+WgcyztpS5UZv+hmjOSeQt8DqhetE/lvSTiBq+yB9ew9D9T/XPAMa9KMgCN9J4R6iqspXAx/GymlkbmjeUIxRZYIDB10b5eDUCikshF5b7dAeWqPfw8T0BAjCWHuWcBk7y6ZptAVpd+xM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80575+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551372543107.22489682037497; Mon, 13 Sep 2021 09:42:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 3ugJYY1788612xn49nsA3NVR; Mon, 13 Sep 2021 09:42:52 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.30410.1631542878749239350 for ; Mon, 13 Sep 2021 07:21:19 -0700 X-Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DDh0GO026126; Mon, 13 Sep 2021 10:21:18 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b232urv5k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:17 -0400 X-Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DCxSY9003338; Mon, 13 Sep 2021 10:21:17 -0400 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b232urv56-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:17 -0400 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDht2018625; Mon, 13 Sep 2021 14:21:16 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma03dal.us.ibm.com with ESMTP id 3b0m3a29jq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:16 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELFsp18940162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:15 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0D7B8136076; Mon, 13 Sep 2021 14:21:15 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9146113604F; Mon, 13 Sep 2021 14:21:14 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:14 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 08/10] SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues Date: Mon, 13 Sep 2021 10:21:04 -0400 Message-Id: <20210913142106.2526997-9-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: NE2K9sv-cEGduMYlM1ffuLdC5k7Wy35J X-Proofpoint-GUID: lGCbCTUZBwMA0xHADqgVP46VYO6zFB04 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: B3AQhiAxxi2087kvbYxJhyiWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551372; bh=+lL6+/28meKoxYXD6Jqz8FTfB0KtHHbWIWUs1rfL23Q=; h=Cc:Date:From:Reply-To:Subject:To; b=tB0Y5R1qI5xTwoNM7JQGL4ing/6lesxkBZzd0pWKc66xsseRSR2EW5r2xWQapCZepZi PSC/ZF8E0zgYPznpGHF9eMKjDCgJ1tMoUVKLXOjcOXBoIQKMGe9fqDVO0/tBQ94Tkpqcs rPPt8TqZmzyhQhfFZogs4s3qfIyYYI6wQo8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551374516100039 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger --- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 11 ++++++----- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/SecurityPk= g/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c index 66ec75ad0e..21d2c1433d 100644 --- a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c +++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c @@ -1,4 +1,5 @@ /** @file + Configure TPM 2 platform hierarchy on TPM state resume failure on S3 res= ume =20 Copyright (c) 2017, Intel Corporation. All rights reserved.
Copyright (c) Microsoft Corporation.
@@ -24,12 +25,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /** This function handles PlatformInit task at the end of PEI =20 - @param[in] PeiServices Pointer to PEI Services Table. - @param[in] NotifyDesc Pointer to the descriptor for the Notification = event that - caused this function to execute. - @param[in] Ppi Pointer to the PPI data associated with this fu= nction. + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDescriptor Pointer to the descriptor for the Notific= ation event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with t= his function. =20 - @retval EFI_SUCCESS The function completes successfully + @retval EFI_SUCCESS The function completes successfully @retval others **/ EFI_STATUS diff --git a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/Security= Pkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf index 579f09b940..6f57de025b 100644 --- a/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf +++ b/SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf @@ -1,4 +1,5 @@ -### @file +## @file +# Configure TPM 2 platform hierarchy on TPM state resume failure on S3 res= ume # # Copyright (c) 2017, Intel Corporation. All rights reserved.
# @@ -35,7 +36,6 @@ [Packages] MdePkg/MdePkg.dec SecurityPkg/SecurityPkg.dec - MinPlatformPkg/MinPlatformPkg.dec =20 [Sources] Tcg2PlatformPei.c --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80575): https://edk2.groups.io/g/devel/message/80575 Mute This Topic: https://groups.io/mt/85580084/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80577+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80577+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551373; cv=none; d=zohomail.com; s=zohoarc; b=as5eyHenfxbzPbol6MZFN3awWnMJoRHXWy/ngN/2lEfSAUKJZ3nEPIKT7YQzep5uoFr1oFChaNZ/3T1b4rLaI0sx1jCVckM0W//vjbqWvXWbuk31a4sDWoTUNutnODKYQAFCYbBSUsOyzEkr+HFGP9XdTZUgXfpQ9uunYm3xGhE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551373; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/7nZlW0FhLQAoRjOyVpCcbPMH51mWizbai+CzmT5xww=; b=SD2pTr/3VhWfRb6CVtcri+6gjem44PBeWFcwWs66faoS4TCHCyWXvt9MjWzCGd3qfwIbLCF6yB2LOea5gm+ZfPHCWeSW26QGkLU9VsUGT9c5apvrAVJrNDwYBW0GgJLJspEbK/TRjyKvrZY6Vuw6I/D2wp43htl+pwpT7Ey1rYI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80577+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551373281306.8785895817832; Mon, 13 Sep 2021 09:42:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id EP2lYY1788612xDhsqTQjiKu; Mon, 13 Sep 2021 09:42:53 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.30413.1631542880189667914 for ; Mon, 13 Sep 2021 07:21:20 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DChbmV018732; Mon, 13 Sep 2021 10:21:20 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah79x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:19 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DDiOv8022007; Mon, 13 Sep 2021 10:21:19 -0400 X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b232ah79e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:19 -0400 X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDfou007892; Mon, 13 Sep 2021 14:21:18 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma01dal.us.ibm.com with ESMTP id 3b0m3bt6t1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:18 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELFxg22675816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:15 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A6D6A13604F; Mon, 13 Sep 2021 14:21:15 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2E110136072; Mon, 13 Sep 2021 14:21:15 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:15 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 09/10] OvmfPkg: Reference new Tcg2PlatformPei in the build system Date: Mon, 13 Sep 2021 10:21:05 -0400 Message-Id: <20210913142106.2526997-10-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: UCae0WeIVtP0bOmtVYPDZd4XyFBVaIrF X-Proofpoint-ORIG-GUID: kHDkenzJslymBPt6vQvUJyNYxFnXRYT6 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: wWzkhbDSUeKghYX7GogbQUcGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551373; bh=jdAH2qRPpAo+lBFbwLJWLHrk4XMb5EuIHjttN18+frA=; h=Cc:Date:From:Reply-To:Subject:To; b=Y1n4zpnKTBVT1bZBgCbxZutfQT1WuIqK6nAtFaUumB/9Bzvu5NmLCp0VVovHMeT3BDL Zy7ymRti/lr/lAxEwjG2opg01e5FFCaSnHOKYg8nZGx0jwbsu+GIThwPFtCNnVHtUbOkJ H2biHoEwioyZXijN4v6ax3eAWXKVUjWv0sw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551374724100045 Content-Type: text/plain; charset="utf-8" Compile the Tcg2PlatformPei related code now to support TPM 2 platform hierachy disablement if the TPM state cannot be resumed upon S3 resume. Signed-off-by: Stefan Berger --- OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + OvmfPkg/OvmfPkgIa32.dsc | 4 ++++ OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++ OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 4 ++++ OvmfPkg/OvmfPkgX64.fdf | 1 + 8 files changed, 20 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 3079f4b503..5ee5445116 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -637,6 +637,10 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif =20 # diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index a9f675303f..542722ac6b 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -154,6 +154,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt= Pei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf !endif =20 ##########################################################################= ###### diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 923a012f0c..6a5be97c05 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -717,6 +717,10 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif =20 # diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index bb3b53626e..775ea2d710 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -166,6 +166,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt= Pei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf !endif =20 ##########################################################################= ###### diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index b907b36973..71227d1b70 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -730,6 +730,10 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif =20 [Components.X64] diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 030638ae78..245ca94044 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -166,6 +166,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt= Pei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf !endif =20 ##########################################################################= ###### diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 8aca437a9b..52f7598cf1 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -729,6 +729,10 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } !endif =20 # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 888363ff9d..b6cc3cabdd 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -185,6 +185,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt= Pei.inf INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf !endif =20 ##########################################################################= ###### --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80577): https://edk2.groups.io/g/devel/message/80577 Mute This Topic: https://groups.io/mt/85580086/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Feb 8 12:55:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80576+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80576+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1631551372; cv=none; d=zohomail.com; s=zohoarc; b=UTiGJtPT1Yt8IgtIshHUIK2urZxtPsGFYxiBhw10I2CM6K6ymEkwje8bbJOArsVt3+0YFJ8kWy+1ZoWjs/PqDdkXMdMPVRruigtYq0zRvQvEdIO1sSe5u9XGdbOENXg/kyDWi12OVupw2WBL/CR6xdjsTkYDQmcOyTQOGy5mKik= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1631551372; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=VwGMKMJso+M/mQ9JgnLe6aorXK9lgnFS/lVROUk3P4w=; b=DEQsb++WgKX9rNvti0QyYWuQsu7bkdBg9wcXJmjs8dAxLlNitiZSfe2dfOZYQ7XqY7G4u1E+dm1a6URkU3KebKGBuYn35w70CtrK4plUWeTcIaZt3O6CFJ5WfQQpqNvmhqn+yfEKbzQByLXsfgkN62L5sCzyrjGaDi+64jgmRPA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80576+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1631551372911189.14669524576584; Mon, 13 Sep 2021 09:42:52 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jMJgYY1788612xmhgfTA9XJF; Mon, 13 Sep 2021 09:42:52 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.30411.1631542879368907554 for ; Mon, 13 Sep 2021 07:21:19 -0700 X-Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 18DDWHOj032625; Mon, 13 Sep 2021 10:21:19 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b23hw072f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:19 -0400 X-Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18DC7BHK028267; Mon, 13 Sep 2021 10:21:18 -0400 X-Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b23hw071w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 10:21:18 -0400 X-Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18DEDJRW016159; Mon, 13 Sep 2021 14:21:17 GMT X-Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma05wdc.us.ibm.com with ESMTP id 3b0m3a2182-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Sep 2021 14:21:17 +0000 X-Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18DELGQD46924222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 13 Sep 2021 14:21:16 GMT X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3EF03136055; Mon, 13 Sep 2021 14:21:16 +0000 (GMT) X-Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BC78A136059; Mon, 13 Sep 2021 14:21:15 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 13 Sep 2021 14:21:15 +0000 (GMT) From: Stefan Berger To: devel@edk2.groups.io Cc: mhaeuser@posteo.de, spbrogan@outlook.com, marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v8 10/10] SecurityPkg: Add references to header and inf files to SecurityPkg Date: Mon, 13 Sep 2021 10:21:06 -0400 Message-Id: <20210913142106.2526997-11-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 7yNSoOqLyA4mYKqrW1bG-KKWfULpOW-i X-Proofpoint-GUID: vtVQf4MS0wSCGT0ZKvtsjTOEDA1a9Nqm Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.vnet.ibm.com X-Gm-Message-State: oUe83ypUdaE6kqgxgLkgHrvkx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1631551372; bh=cO+WoNwM5szfSCss245mLbyNkBxTsDz1Z1R1f1URP/0=; h=Cc:Date:From:Reply-To:Subject:To; b=POlbv3YTHps0CYlpnF0nFI5BKIzUwFKmCrjPFvk8LKy0hquzegyGZeoPvXwGpZcurg6 DEN98tOPu9V5vCes/Qnh0DA67jopSgjsFQzW4SFJULKWJB+HlLlx0YoYpBem8AdoqcyyO Vzyj4HwvRslgcCp5KuqtBC3SbJRCnbBXK9E= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1631551374672100042 Content-Type: text/plain; charset="utf-8" Signed-off-by: Stefan Berger --- SecurityPkg/SecurityPkg.dec | 4 ++++ SecurityPkg/SecurityPkg.dsc | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 2cb5bfa0ac..9f7a032d60 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -68,6 +68,10 @@ # Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h =20 + ## @libraryclass Handle TPM 2.0 platform hierarchy configuration + # + TpmPlatformHierarchyLib|Include/Library/TpmPlatformHierarchyLib.h + ## @libraryclass Provides interfaces about TCG storage generic command. # TcgStorageCoreLib|Include/Library/TcgStorageCoreLib.h diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 64157e20f9..f1f678c492 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -231,6 +231,8 @@ =20 SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf =20 + SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHiera= rchyLib.inf + # # TCG Storage. # @@ -310,6 +312,11 @@ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } =20 + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf @@ -326,6 +333,11 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg= 2.inf } =20 + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } + # # Hash2 # --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80576): https://edk2.groups.io/g/devel/message/80576 Mute This Topic: https://groups.io/mt/85580085/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-