From nobody Wed May 15 18:48:37 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+80919+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+80919+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1632168402; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ZCsiArl6NwlJ3wSbAf8/4OUDRK5+fKB/WxoWPaGoHWSzLEdtXh1ywDcP8J75L1JuCEesg8/0YFcsNVJowpXAjpaViBXkbafTfQAAxGHJSyariWq9rBPbEJiqMK0kf0h6VlXyt7d2CsMGLodH7+HKFJYVF+6d6jDQvn0TlUgrBDo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1632168402;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=GbYovZrVwhdXhc7/oteskkdt33CYt8fpYvnpAaO0dX4=;
	b=n+ncQNimGGPI8YnKYbsu1rW0zen3EIsEld9Sd1oPdWdvDfBU8xga5H3q5OWfZkxDQ2UHbtmrjlVGR4YaXW1/4sakpO/fc0K28GSZOZO3m0szqBQ2hUxLdN3uj2c4Cq+dXHByFyQKDuDd8V7UBsWMrssHndLRDp0QePOegGeNXz0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+80919+1787277+3901457@groups.io;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1632168402422761.3829920275055;
 Mon, 20 Sep 2021 13:06:42 -0700 (PDT)
Return-Path: <bounce+27952+80919+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id XpSIYY1788612xAzLcPBUUKR;
 Mon, 20 Sep 2021 13:06:42 -0700
X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web08.345.1632168401330145408
 for <devel@edk2.groups.io>;
 Mon, 20 Sep 2021 13:06:41 -0700
X-Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 18KJJPZL004007;
	Mon, 20 Sep 2021 16:06:37 -0400
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3b5w4du7yv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 16:06:37 -0400
X-Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18KJsCi0029667;
	Mon, 20 Sep 2021 16:06:37 -0400
X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com
 [169.55.85.253])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3b5w4du7y8-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 16:06:37 -0400
X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18KJh6UE031986;
	Mon, 20 Sep 2021 20:06:35 GMT
X-Received: from b03cxnp08027.gho.boulder.ibm.com
 (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19])
	by ppma01wdc.us.ibm.com with ESMTP id 3b57r9yygw-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 20:06:35 +0000
X-Received: from b03ledav001.gho.boulder.ibm.com
 (b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 18KK6YrK18743844
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 20 Sep 2021 20:06:35 GMT
X-Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id D1A1F6E054;
	Mon, 20 Sep 2021 20:06:34 +0000 (GMT)
X-Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 57BC16E04E;
	Mon, 20 Sep 2021 20:06:34 +0000 (GMT)
X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Mon, 20 Sep 2021 20:06:34 +0000 (GMT)
From: "Stefan Berger" <stefanb@linux.ibm.com>
To: devel@edk2.groups.io
Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com,
        ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com,
        Stefan Berger <stefanb@linux.vnet.ibm.com>,
        Stefan Berger <stefanb@linux.ibm.com>
Subject: [edk2-devel] [PATCH v2 1/3] ArmVirtPkg/TPM: Add a NULL implementation
 of TpmPlatformHierarchyLib
Date: Mon, 20 Sep 2021 16:06:19 -0400
Message-Id: <20210920200621.2904010-2-stefanb@linux.ibm.com>
In-Reply-To: <20210920200621.2904010-1-stefanb@linux.ibm.com>
References: <20210920200621.2904010-1-stefanb@linux.ibm.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: 32R3M7gso-NsuXN4PJG3kIvOCAxEpCVF
X-Proofpoint-ORIG-GUID: BYNtsBjvD-V8Jca2La1uVUpjpkIc8kxU
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com
X-Gm-Message-State: CMfCVq29cYRyEx5qVLAPcKnex1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1632168402;
 bh=79ymYT3AI77I7qSFX5BvD09ZP7e3jmvu+11L5IhJwb8=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=MkKGiLnCyAs8x6KAuKfpk0UOvQ4Nb8Qnkb/6aRV6HlbHor33whTlSWfuAvUWyKXbrye
 r3+i16/7sZB1YFjxEJw/QljOjbS2db5Ah20vbOuWO7SIyKySjWBiFRiHtUrForNB3y/1N
 wB63pNiLzKUp411Kb03UyJ6g0P8gvg0E5N8=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1632168403585100002
Content-Type: text/plain; charset="utf-8"

From: Stefan Berger <stefanb@linux.vnet.ibm.com>

Add a NULL implementation of the library class TpmPlatformHierarchyLib.

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 .../PeiDxeTpmPlatformHierarchyLib.c           | 22 +++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
 SecurityPkg/SecurityPkg.dsc                   |  1 +
 3 files changed, 54 insertions(+)
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P=
eiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P=
eiDxeTpmPlatformHierarchyLib.inf

diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp=
mPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib=
Null/PeiDxeTpmPlatformHierarchyLib.c
new file mode 100644
index 0000000000..dfc8863830
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo=
rmHierarchyLib.c
@@ -0,0 +1,22 @@
+/** @file
+    Null TPM Platform Hierarchy configuration library.
+
+    This library provides stub functions for customizing the TPM's Platfor=
m Hierarchy.
+
+    Copyright (c) 2021, IBM Corporation.
+    SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+/**
+  A NULL implementation of ConfigureTpmPlatformHierarchy.
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+  )
+{
+  /* do nothing */
+}
diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp=
mPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyL=
ibNull/PeiDxeTpmPlatformHierarchyLib.inf
new file mode 100644
index 0000000000..bd2ca2b937
--- /dev/null
+++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo=
rmHierarchyLib.inf
@@ -0,0 +1,31 @@
+### @file
+#   NULL TPM Platform Hierarchy configuration library.
+#
+#   This library provides functions for customizing the TPM's Platform Hie=
rarchy
+#   Authorization Value (platformAuth) and Platform Hierarchy Authorization
+#   Policy (platformPolicy) can be defined through this function.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D PeiDxeTpmPlatformHierarchyLibNull
+  FILE_GUID                      =3D 8947A3F2-BfB4-45EF-968D-5C40C1CE6A58
+  MODULE_TYPE                    =3D PEIM
+  VERSION_STRING                 =3D 1.0
+  LIBRARY_CLASS                  =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV=
ER
+
+[LibraryClasses]
+  BaseLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[Sources]
+  PeiDxeTpmPlatformHierarchyLib.c
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index f1f678c492..37318c64c5 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -232,6 +232,7 @@
   SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf
=20
   SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHiera=
rchyLib.inf
+  SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformH=
ierarchyLib.inf
=20
   #
   # TCG Storage.
--=20
2.31.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80919): https://edk2.groups.io/g/devel/message/80919
Mute This Topic: https://groups.io/mt/85751022/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-


From nobody Wed May 15 18:48:37 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+80921+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+80921+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1632168403; cv=none;
	d=zohomail.com; s=zohoarc;
	b=JSzxjJQsGKu7u8IYJ1aHomCmW/tOmp//uhTWzuPFCvkXmXLUe0Ppwwqm8TV6ZVf7c29ZKSj4McXyY89h7q0rQVr5gyc2P27LbkQ8qcbK64Co8evgbEl82suK6fm3vKuEu0HDQ1vSIvv+vKrWpn6sa6NiWj2baVT0gzvMg5ILXsM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1632168403;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=+//QvpcHPsqmxQ+5p1yzmJmM/abR9syESI4CRGQNA/M=;
	b=EyLHSD0s83elL4UBIxIdJIBx/sEdIAb5D0xzaItVV9GuLDie4FcVogIuvOyH3n2K7XsJq+nOQoBTr4PcFxLrHWhJXFRDYi+QVBR5g5x8hPMaBkVaxDoD2P2DM/y6xxHmu3NqBJS182URo75YNvWzoEzzEQ5Dgc4pppBQe19Sy0s=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+80921+1787277+3901457@groups.io;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1632168403940532.0248424948016;
 Mon, 20 Sep 2021 13:06:43 -0700 (PDT)
Return-Path: <bounce+27952+80921+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 5jr3YY1788612x9ZTOFzGwQy;
 Mon, 20 Sep 2021 13:06:43 -0700
X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web09.337.1632168402808877110
 for <devel@edk2.groups.io>;
 Mon, 20 Sep 2021 13:06:43 -0700
X-Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 18KJFti9026303;
	Mon, 20 Sep 2021 16:06:39 -0400
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3b6unt16bw-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 16:06:39 -0400
X-Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18KK6c4Q017990;
	Mon, 20 Sep 2021 16:06:38 -0400
X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com
 [169.63.214.131])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3b6unt16be-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 16:06:38 -0400
X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1])
	by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18KJh8Nm031329;
	Mon, 20 Sep 2021 20:06:37 GMT
X-Received: from b03cxnp08028.gho.boulder.ibm.com
 (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20])
	by ppma01dal.us.ibm.com with ESMTP id 3b57rb1p0y-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 20:06:37 +0000
X-Received: from b03ledav001.gho.boulder.ibm.com
 (b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 18KK6Z2u31850800
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 20 Sep 2021 20:06:35 GMT
X-Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 7FD946E058;
	Mon, 20 Sep 2021 20:06:35 +0000 (GMT)
X-Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id F157A6E04E;
	Mon, 20 Sep 2021 20:06:34 +0000 (GMT)
X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Mon, 20 Sep 2021 20:06:34 +0000 (GMT)
From: "Stefan Berger" <stefanb@linux.ibm.com>
To: devel@edk2.groups.io
Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com,
        ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com,
        Stefan Berger <stefanb@linux.vnet.ibm.com>,
        Stefan Berger <stefanb@linux.ibm.com>
Subject: [edk2-devel] [PATCH v2 2/3] ArmVirtPkg: Reference new TPM classes in
 the build system for compilation
Date: Mon, 20 Sep 2021 16:06:20 -0400
Message-Id: <20210920200621.2904010-3-stefanb@linux.ibm.com>
In-Reply-To: <20210920200621.2904010-1-stefanb@linux.ibm.com>
References: <20210920200621.2904010-1-stefanb@linux.ibm.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: LE_tZRutkR1m25LAchWmq4KGXC78htJI
X-Proofpoint-ORIG-GUID: SrH_mKkulmu7RXSWF_UY4OlAKqtJm3Ni
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com
X-Gm-Message-State: 4Xr3qQmCOWrwK8IDmYgUNwqyx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1632168403;
 bh=aVfBGr2YByZqVABvjxp0mljOUEaMtZTx0J+LjsZZ9bs=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=vem7eXFVhhqH0775xLLaA0TGed8CJJhoIrT57ZpwTDCSSIcthEHkSO7mDyT5OWRZ/yI
 vGqGAlDFbr1KPZdWMCooaGA0AGsAxo66VRFdr/YIKIDz6rLTXRBwCDNO3HGCyz1nhS3vJ
 rMDKgf8Kmue6bY7BbEP69R6Jpo0T9zk0TEI=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1632168405885100002
Content-Type: text/plain; charset="utf-8"

From: Stefan Berger <stefanb@linux.vnet.ibm.com>

We just added the same functionality to the OvmfPkg. However, on x86, we
could use the notification mechanism around
gEfiDxeSmmReadyToLockProtocolGuid to indirectly invoke
ConfigureTpmPlatformHierarchy(). Since ARM does not have an SMM mode, we
have to use direct invocation of this function at the same place in
PlatformBootManagerBeforeConsole() as it is called on x86.

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
---
 ArmVirtPkg/ArmVirtCloudHv.dsc                                   | 1 +
 ArmVirtPkg/ArmVirtQemu.dsc                                      | 2 ++
 ArmVirtPkg/ArmVirtQemuKernel.dsc                                | 1 +
 ArmVirtPkg/ArmVirtXen.dsc                                       | 1 +
 .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf   | 1 +
 5 files changed, 6 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc
index f292ba6079..3475bb7f0d 100644
--- a/ArmVirtPkg/ArmVirtCloudHv.dsc
+++ b/ArmVirtPkg/ArmVirtCloudHv.dsc
@@ -55,6 +55,7 @@
   PciHostBridgeUtilityLib|ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLi=
b/ArmVirtPciHostBridgeUtilityLib.inf
=20
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi=
bNull/PeiDxeTpmPlatformHierarchyLib.inf
=20
 !include MdePkg/MdeLibs.dsc.inc
=20
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 97539edef7..35aea68e02 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -86,8 +86,10 @@
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT=
cg2PhysicalPresenceLib.inf
   TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi=
b/PeiDxeTpmPlatformHierarchyLib.inf
 !else
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi=
bNull/PeiDxeTpmPlatformHierarchyLib.inf
 !endif
=20
 [LibraryClasses.common.PEIM]
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne=
l.dsc
index 28064199c8..19c1908cd9 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -80,6 +80,7 @@
   PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridge=
Lib.inf
   PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostB=
ridgeUtilityLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi=
bNull/PeiDxeTpmPlatformHierarchyLib.inf
=20
 [LibraryClasses.common.DXE_DRIVER]
   ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor=
tStatusCodeLib.inf
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 2b07a5ba19..dbc40e854b 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -50,6 +50,7 @@
   PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBoo=
tManagerLib.inf
   CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize=
dDisplayLib.inf
   TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
+  TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi=
bNull/PeiDxeTpmPlatformHierarchyLib.inf
=20
 [LibraryClasses.common.UEFI_DRIVER]
   UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL=
ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i=
nf
index 11f52e019b..9f54224d3e 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -33,6 +33,7 @@
   MdeModulePkg/MdeModulePkg.dec
   MdePkg/MdePkg.dec
   OvmfPkg/OvmfPkg.dec
+  SecurityPkg/SecurityPkg.dec
   ShellPkg/ShellPkg.dec
=20
 [LibraryClasses]
--=20
2.31.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80921): https://edk2.groups.io/g/devel/message/80921
Mute This Topic: https://groups.io/mt/85751024/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-


From nobody Wed May 15 18:48:37 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+80920+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+80920+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1632168403; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Zotpl1K8A074UNXajl1P2TlQRoufJQAMMqNueasr2FZwhgImts465tA7vvSG0PdxtiWEOCDI5wVeKLw8bFJ6GMIBmBEAQHKCs2UItcoxE2y1l3OCXXtEyGEATiweAe/ZGYW2Ip3S/KZgpJ3YfMX8yAORQQpehBHk8rnlWUuDf84=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1632168403;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=i46wCIS/Pzsp/88SYlB8aETXYi44h4iyen+NaE2RLSs=;
	b=MT/Kd3ciBZpyvoRgeeipkpgt3K2LS8T4QT9pr94xPKfgAR8Wir+A5eES+w+W3AsduyJ7Vza0W6WIuYY33xjSK8g+vg6Qtd4MqqFgfXGwIZDU+5vzKiHm+wO+vii1LlvqYriHNyHPTkCrzDczEResLHS+A88FX43hsh5UEc1LqbA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+80920+1787277+3901457@groups.io;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1632168403212584.1454731916648;
 Mon, 20 Sep 2021 13:06:43 -0700 (PDT)
Return-Path: <bounce+27952+80920+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 5WPrYY1788612xQ89qXQOXVA;
 Mon, 20 Sep 2021 13:06:42 -0700
X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web11.359.1632168402180802824
 for <devel@edk2.groups.io>;
 Mon, 20 Sep 2021 13:06:42 -0700
X-Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 18KJJPuW004003;
	Mon, 20 Sep 2021 16:06:39 -0400
X-Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3b5w4du80e-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 16:06:38 -0400
X-Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18KJp82D012303;
	Mon, 20 Sep 2021 16:06:38 -0400
X-Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com
 [169.55.91.170])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3b5w4du7yw-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 16:06:38 -0400
X-Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1])
	by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18KJhD6Q020450;
	Mon, 20 Sep 2021 20:06:37 GMT
X-Received: from b03cxnp07027.gho.boulder.ibm.com
 (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
	by ppma02wdc.us.ibm.com with ESMTP id 3b57ra819g-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 20 Sep 2021 20:06:37 +0000
X-Received: from b03ledav001.gho.boulder.ibm.com
 (b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 18KK6avN36569516
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 20 Sep 2021 20:06:36 GMT
X-Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 23E286E05E;
	Mon, 20 Sep 2021 20:06:36 +0000 (GMT)
X-Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 95DA96E052;
	Mon, 20 Sep 2021 20:06:35 +0000 (GMT)
X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Mon, 20 Sep 2021 20:06:35 +0000 (GMT)
From: "Stefan Berger" <stefanb@linux.ibm.com>
To: devel@edk2.groups.io
Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com,
        ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com,
        Stefan Berger <stefanb@linux.vnet.ibm.com>,
        Stefan Berger <stefanb@linux.ibm.com>
Subject: [edk2-devel] [PATCH v2 3/3] ArmVirtPkg: Disable the TPM2 platform
 hierarchy
Date: Mon, 20 Sep 2021 16:06:21 -0400
Message-Id: <20210920200621.2904010-4-stefanb@linux.ibm.com>
In-Reply-To: <20210920200621.2904010-1-stefanb@linux.ibm.com>
References: <20210920200621.2904010-1-stefanb@linux.ibm.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: x3yis_B9slmQD_JuDLdhEjenfOgMFhx8
X-Proofpoint-ORIG-GUID: kpokBn5GIoOEeKI5wmRqzbMJ7StHMPHF
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com
X-Gm-Message-State: 0NPGjSyob7Cin5ziWgikrJuZx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1632168402;
 bh=ZdLSAImNzWJdU5eXzfz2h1WFVy5QRgSqRhbY8pPhAlc=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=RN9nPYGcBb0SzJg6zF65IlIeKch0E7Op8c0cuqwvZSK7yJkCe2QdBNXwwbijRMv+7EY
 ibuOIa1+lV7KpDloLqpD7JI4Uf54Z8GKnrx78qg4uDQ8aLyWqpMmIYFL4P7Eaq9aD5zSW
 erbw6VxYouykhOeWPCxXSA/XSMACpa3m1AI=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1632168403694100010
Content-Type: text/plain; charset="utf-8"

From: Stefan Berger <stefanb@linux.vnet.ibm.com>

Disable the TPM2 platform hierarchy by directly calling
ConfigureTpmPlatformHierarchy().

Per the TCG firmware specification "TCG PC Client Platform Firmware Profile
Specification" the TPM 2 platform hierarchy needs to be disabled or a
random password set and discarded before the firmware passes control to the
next stage bootloader or kernel.

Current specs are here:
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05=
_v23_pub.pdf

Section 11 states:
"Platform Firmware MUST protect access to the Platform Hierarchy
and prevent access to the platform hierarchy by non-manufacturer-
controlled components."

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
---
 ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c      | 6 ++++++
 .../PlatformBootManagerLib/PlatformBootManagerLib.inf       | 1 +
 2 files changed, 7 insertions(+)

diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVi=
rtPkg/Library/PlatformBootManagerLib/PlatformBm.c
index 69448ff65b..1848042f86 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
@@ -16,6 +16,7 @@
 #include <Library/PcdLib.h>
 #include <Library/PlatformBmPrintScLib.h>
 #include <Library/QemuBootOrderLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
 #include <Library/UefiBootManagerLib.h>
 #include <Protocol/DevicePath.h>
 #include <Protocol/FirmwareVolume2.h>
@@ -696,6 +697,11 @@ PlatformBootManagerBeforeConsole (
   //
   EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
=20
+  //
+  // Disable the TPM 2 platform hierarchy
+  //
+  ConfigureTpmPlatformHierarchy ();
+
   //
   // Dispatch deferred images after EndOfDxe event.
   //
diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL=
ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i=
nf
index 9f54224d3e..997eb1a442 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -48,6 +48,7 @@
   QemuBootOrderLib
   QemuLoadImageLib
   ReportStatusCodeLib
+  TpmPlatformHierarchyLib
   UefiBootManagerLib
   UefiBootServicesTableLib
   UefiLib
--=20
2.31.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80920): https://edk2.groups.io/g/devel/message/80920
Mute This Topic: https://groups.io/mt/85751023/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-