[v2] OvmfPkg: Disable the TPM 2 platform hierarchy

[edk2-devel] [PATCH v2 0/3] OvmfPkg: Disable the TPM 2 platform hierarchy

Stefan Berger posted 3 patches 2 years, 7 months ago

Diff against v1 v2 v3

Only 0 patches received!

There is a newer version of this series

ArmVirtPkg/ArmVirtCloudHv.dsc                 |  1 +
ArmVirtPkg/ArmVirtQemu.dsc                    |  2 ++
ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
ArmVirtPkg/ArmVirtXen.dsc                     |  1 +
.../PlatformBootManagerLib/PlatformBm.c       |  6 ++++
.../PlatformBootManagerLib.inf                |  2 ++
.../PeiDxeTpmPlatformHierarchyLib.c           | 22 +++++++++++++
.../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
SecurityPkg/SecurityPkg.dsc                   |  1 +
9 files changed, 67 insertions(+)
create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf

Expand all Fold all

[edk2-devel] [PATCH v2 0/3] OvmfPkg: Disable the TPM 2 platform hierarchy

Posted by Stefan Berger 2 years, 7 months ago

This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may require
interaction with the user, we also move PlatformInitializeConsole 
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.

Regards,
   Stefan

v2:
  - Move Null implementation to SecurityPkg
  - Added suggested texts to commit messages and added Sami's R-b tags

Stefan Berger (3):
  ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib
  ArmVirtPkg: Reference new TPM classes in the build system for
    compilation
  ArmVirtPkg: Disable the TPM2 platform hierarchy

 ArmVirtPkg/ArmVirtCloudHv.dsc                 |  1 +
 ArmVirtPkg/ArmVirtQemu.dsc                    |  2 ++
 ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
 ArmVirtPkg/ArmVirtXen.dsc                     |  1 +
 .../PlatformBootManagerLib/PlatformBm.c       |  6 ++++
 .../PlatformBootManagerLib.inf                |  2 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 22 +++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
 SecurityPkg/SecurityPkg.dsc                   |  1 +
 9 files changed, 67 insertions(+)
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf

-- 
2.31.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80917): https://edk2.groups.io/g/devel/message/80917
Mute This Topic: https://groups.io/mt/85750964/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-