From nobody Sat May 18 05:53:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80984+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80984+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1632328319; cv=none; d=zohomail.com; s=zohoarc; b=mgm0T/ATCdbpsrWOBcDPR2Fu4b0wCVD7oJIlW4GsrjBBx+TbM+r3ONn4d/lQqL43q+/UFlFWqQOYasc2ylu+nOdey5zi3UCyZPGK9xfLaNe4fKO2XsTDCsRFge1GM3wtuRQFQbGiaMfjmkoAnfQTVGhWNkTM30DkDse9EiYMk90= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632328319; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=T4WQo+Q1RSnrQEcCPQ+sbvgyCc+T7eJ9X7EwlPsp0/4=; b=Jsd5qlWZa+6ZtOqITNL0HWXQJqcClnf7b33HA5zrqT5twRoqlsTBKIdSLSufpeRDcf+ncmTurEAgDOCmWchkCq/3MZH4aURiFHy+SAmIWht5CWlrJ64pIGgzq/gMzAtygjPcYtOPILlFiVMYaQZa/lg/Xhe5p1pCl6dO/NtDvuc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80984+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1632328319718878.9198485354106; Wed, 22 Sep 2021 09:31:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fE4FYY1788612xbBK9kdKuTa; Wed, 22 Sep 2021 09:31:59 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web08.2898.1632328318546243264 for ; Wed, 22 Sep 2021 09:31:58 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18MG2csM009332; Wed, 22 Sep 2021 12:31:55 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b82312ba3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:55 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18MCxgNB001136; Wed, 22 Sep 2021 12:31:54 -0400 X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b82312b9n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:54 -0400 X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18MGRsRN029058; Wed, 22 Sep 2021 16:31:53 GMT X-Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma01wdc.us.ibm.com with ESMTP id 3b7q6paanw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 16:31:53 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18MGVqZw49611160 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 16:31:52 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 33AA0BE061; Wed, 22 Sep 2021 16:31:52 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 213A5BE058; Wed, 22 Sep 2021 16:31:51 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 16:31:51 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v3 1/3] ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib Date: Wed, 22 Sep 2021 12:31:41 -0400 Message-Id: <20210922163143.3069058-2-stefanb@linux.ibm.com> In-Reply-To: <20210922163143.3069058-1-stefanb@linux.ibm.com> References: <20210922163143.3069058-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 0LWa_lDlnMbzkomhUSXMO9-yfoPNGPH4 X-Proofpoint-ORIG-GUID: M6u41PHlfXkZbyJEXlZdYH7ue9NRhnUy X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com X-Gm-Message-State: AkRWqpo6ScvI8xP3VQBFSsLfx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1632328319; bh=XUzmCEqz6wkCTQyZ4Zfo9JTUV2z7ubCVpjZvcUb2dvw=; h=Cc:Date:From:Reply-To:Subject:To; b=F1Wdp/TFN9zGtwkLhIiQD5Wtum5BBjHuCwSPXBMbiySTXxixdp5EebRl2ZZ7YOI9HG7 +G709BQT2mW8PnIXnC7jfFTGc791v1T2njIdPzRyIX4TFc1vcFGQYvUVeOs1Wk47vLTl/ qhnlIJvPhGkorVlNs6dobzpcv4sbuE4xmA8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1632329223628100001 Content-Type: text/plain; charset="utf-8" From: Stefan Berger Add a NULL implementation of the library class TpmPlatformHierarchyLib. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510 Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Stefan Berger Reviewed-by: Sami Mujawar --- .../PeiDxeTpmPlatformHierarchyLib.c | 22 +++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 31 +++++++++++++++++++ SecurityPkg/SecurityPkg.dsc | 1 + 3 files changed, 54 insertions(+) create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/P= eiDxeTpmPlatformHierarchyLib.inf diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib= Null/PeiDxeTpmPlatformHierarchyLib.c new file mode 100644 index 0000000000..dfc8863830 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.c @@ -0,0 +1,22 @@ +/** @file + Null TPM Platform Hierarchy configuration library. + + This library provides stub functions for customizing the TPM's Platfor= m Hierarchy. + + Copyright (c) 2021, IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +/** + A NULL implementation of ConfigureTpmPlatformHierarchy. +**/ +VOID +EFIAPI +ConfigureTpmPlatformHierarchy ( + ) +{ + /* do nothing */ +} diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTp= mPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyL= ibNull/PeiDxeTpmPlatformHierarchyLib.inf new file mode 100644 index 0000000000..1b1e9ad592 --- /dev/null +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatfo= rmHierarchyLib.inf @@ -0,0 +1,31 @@ +### @file +# NULL TPM Platform Hierarchy configuration library. +# +# This library provides functions for customizing the TPM's Platform Hie= rarchy +# Authorization Value (platformAuth) and Platform Hierarchy Authorization +# Policy (platformPolicy) can be defined through this function. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +### + +[Defines] + INF_VERSION =3D 1.27 + BASE_NAME =3D BasePlatform + FILE_GUID =3D 8947A3F2-BfB4-45EF-968D-5C40C1CE6A58 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D TpmPlatformHierarchyLib|PEIM DXE_DRIV= ER + +[LibraryClasses] + BaseLib + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Sources] + PeiDxeTpmPlatformHierarchyLib.c diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index f1f678c492..37318c64c5 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -232,6 +232,7 @@ SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf =20 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHiera= rchyLib.inf + SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformH= ierarchyLib.inf =20 # # TCG Storage. --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80984): https://edk2.groups.io/g/devel/message/80984 Mute This Topic: https://groups.io/mt/85794143/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 05:53:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80985+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80985+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1632328320; cv=none; d=zohomail.com; s=zohoarc; b=OcmWAlc22wJ1ThAHCuEx/2r+2k9fSijTQZBFTTq8e4Dgy3HO/gEvgoKMsUrcBK/E4DSv9m0GlM6fAfIVMXMZJabZkGI6fXKqrHq+bPTEyaPhg7275EFyiFyAIxIlmJvyR9J3bk8svyqqwfDi7OxYsTAJmb30tDhgGuD6oY+A4GM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632328320; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9XgzhFpCreBxlhD685Fqk8vxPLyhgoIAwqhMUKkCprY=; b=EnAY+rkNyggN4S28GtMFEYLYZNw71HGQRrAM2sh43A5Hk/XpHBiQBJ5vtHtmKklESt9d7DwvWC9E0UumBNxwJ94QgobInw6SbAjrpyAs758uleovzCn9UEWQCr1RJTDCX2ADKDt4bnwSq4oCP+kjqCrEqJ3TY6UYgG/YYPZOMh8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80985+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1632328320176978.4483740131684; Wed, 22 Sep 2021 09:32:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xtduYY1788612x1K9dnDmsog; Wed, 22 Sep 2021 09:31:59 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web10.2855.1632328318776302838 for ; Wed, 22 Sep 2021 09:31:59 -0700 X-Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18MFM32J006499; Wed, 22 Sep 2021 12:31:56 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b872fssxr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:55 -0400 X-Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18MG0BBL003205; Wed, 22 Sep 2021 12:31:55 -0400 X-Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com with ESMTP id 3b872fssxh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:55 -0400 X-Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18MGRawu013170; Wed, 22 Sep 2021 16:31:54 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma02dal.us.ibm.com with ESMTP id 3b7q6jet1e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 16:31:54 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18MGVrra24117706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 16:31:53 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4A07EBE06F; Wed, 22 Sep 2021 16:31:53 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5E506BE051; Wed, 22 Sep 2021 16:31:52 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 16:31:52 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v3 2/3] ArmVirtPkg: Reference new TPM classes in the build system for compilation Date: Wed, 22 Sep 2021 12:31:42 -0400 Message-Id: <20210922163143.3069058-3-stefanb@linux.ibm.com> In-Reply-To: <20210922163143.3069058-1-stefanb@linux.ibm.com> References: <20210922163143.3069058-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: Ej2n0nmPToywwIaIJJUNp5RPjM2t4dqu X-Proofpoint-GUID: ry_tUsQcj1vlzhZQL58QILdU-nhKesib X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com X-Gm-Message-State: IbmLcJ7ftwk87NeliSf0xiuZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1632328319; bh=ypD71l8MTdO4O3i5zzQmyNHdBLekdCudShlUbYX6DhU=; h=Cc:Date:From:Reply-To:Subject:To; b=ecRxbDH+WJVa4vrJbtSVABE97oe0szJWCKxejxsiLxrQVa3F6KVk/C4M7wcZ4PCzlNX hbxV/aQyROCK8bHXSmObSblFLvfDSi5DNe6gAjlRtQu4+ji24hXi+TqQrACYNXFMNG/mR 8wUinZAJKo+T1EzFGqhiSIn2E7leN0sZzOA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1632328321290100003 Content-Type: text/plain; charset="utf-8" From: Stefan Berger We just added the same functionality to the OvmfPkg. However, on x86, we could use the notification mechanism around gEfiDxeSmmReadyToLockProtocolGuid to indirectly invoke ConfigureTpmPlatformHierarchy(). Since ARM does not have an SMM mode, we have to use direct invocation of this function at the same place in PlatformBootManagerBeforeConsole() as it is called on x86. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510 Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Stefan Berger Reviewed-by: Sami Mujawar --- ArmVirtPkg/ArmVirtCloudHv.dsc | 1 + ArmVirtPkg/ArmVirtQemu.dsc | 2 ++ ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + ArmVirtPkg/ArmVirtXen.dsc | 1 + .../Library/PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 5 files changed, 6 insertions(+) diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc index f292ba6079..3475bb7f0d 100644 --- a/ArmVirtPkg/ArmVirtCloudHv.dsc +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc @@ -55,6 +55,7 @@ PciHostBridgeUtilityLib|ArmVirtPkg/Library/ArmVirtPciHostBridgeUtilityLi= b/ArmVirtPciHostBridgeUtilityLib.inf =20 TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 !include MdePkg/MdeLibs.dsc.inc =20 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 97539edef7..35aea68e02 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -86,8 +86,10 @@ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= b/PeiDxeTpmPlatformHierarchyLib.inf !else TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf !endif =20 [LibraryClasses.common.PEIM] diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKerne= l.dsc index 28064199c8..19c1908cd9 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc @@ -80,6 +80,7 @@ PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridge= Lib.inf PciHostBridgeUtilityLib|OvmfPkg/Library/PciHostBridgeUtilityLib/PciHostB= ridgeUtilityLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.DXE_DRIVER] ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeRepor= tStatusCodeLib.inf diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc index 2b07a5ba19..dbc40e854b 100644 --- a/ArmVirtPkg/ArmVirtXen.dsc +++ b/ArmVirtPkg/ArmVirtXen.dsc @@ -50,6 +50,7 @@ PlatformBootManagerLib|ArmPkg/Library/PlatformBootManagerLib/PlatformBoo= tManagerLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize= dDisplayLib.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLi= bNull/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.UEFI_DRIVER] UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 11f52e019b..9f54224d3e 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -33,6 +33,7 @@ MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec + SecurityPkg/SecurityPkg.dec ShellPkg/ShellPkg.dec =20 [LibraryClasses] --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80985): https://edk2.groups.io/g/devel/message/80985 Mute This Topic: https://groups.io/mt/85794144/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat May 18 05:53:15 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+80986+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80986+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1632328322; cv=none; d=zohomail.com; s=zohoarc; b=n3FQRf50l7hwc6IAOl1Ul2ipI9sS83Y3mpP2bNBABcJsnGAj3FWgl7cRhNYV5IEjUcb2uZxFJqNIxUDE5souQj6nsDnEr6l6GwruTExQtHrwHhZIXu2oCJCHXrfO4mfxC89Zm8T4XHsBSeEJ9spjqJYGm9G/6UG9TBwr3pvivK8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632328322; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=gcMN+OIhYuH52IE8zH+YE5E4CCxfWOJbgCfxgTy/umI=; b=S5Xatpm+QF75auMz86IIgXd5vvF9uPWvM52TfVMAfhJqIM4RyDen49KeM4BNaa3r9ZF1XAyh9py4dudN1vFm7lMb/H8U97meAQIYqTA9jTLIW8wS9rgRwPeMmTcFR03NQfkRvvFn0Ldf/QrmOFfnBh7PCKGq3vpyTjPe55hkr/A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+80986+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1632328322054665.8274893092068; Wed, 22 Sep 2021 09:32:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id B4vNYY1788612xnfN4IlC40D; Wed, 22 Sep 2021 09:32:01 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.2817.1632328320987245851 for ; Wed, 22 Sep 2021 09:32:01 -0700 X-Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18MET318015599; Wed, 22 Sep 2021 12:31:57 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b84j8pdp9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:57 -0400 X-Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 18MEb4ID005787; Wed, 22 Sep 2021 12:31:56 -0400 X-Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 3b84j8pdnx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 12:31:56 -0400 X-Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 18MGSAkO013770; Wed, 22 Sep 2021 16:31:55 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma02wdc.us.ibm.com with ESMTP id 3b7q6tja3a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Sep 2021 16:31:55 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 18MGVsEA3211830 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Sep 2021 16:31:54 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 52C70BE059; Wed, 22 Sep 2021 16:31:54 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7DCBFBE056; Wed, 22 Sep 2021 16:31:53 +0000 (GMT) X-Received: from sbct-2.pok.ibm.com (unknown [9.47.158.152]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 22 Sep 2021 16:31:53 +0000 (GMT) From: "Stefan Berger" To: devel@edk2.groups.io Cc: marcandre.lureau@redhat.com, kraxel@redhat.com, jiewen.yao@intel.com, ardb+tianocore@kernel.org, leif@nuviainc.com, sami.mujawar@arm.com, Stefan Berger , Stefan Berger Subject: [edk2-devel] [PATCH v3 3/3] ArmVirtPkg: Disable the TPM2 platform hierarchy Date: Wed, 22 Sep 2021 12:31:43 -0400 Message-Id: <20210922163143.3069058-4-stefanb@linux.ibm.com> In-Reply-To: <20210922163143.3069058-1-stefanb@linux.ibm.com> References: <20210922163143.3069058-1-stefanb@linux.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-GUID: _-KoKbjN2jfeNHtyDqAtbpRz50vReNJZ X-Proofpoint-ORIG-GUID: e4_57moeR8XR25KjOB3vA6Tx10eXNog8 X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,stefanb@linux.ibm.com X-Gm-Message-State: OsTWErlwWpn9avfur8tM2EQcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1632328321; bh=p9uds2n5xOP2WAxbIWdmgj1koeqrP1L7DKqU3lnABP0=; h=Cc:Date:From:Reply-To:Subject:To; b=qrADBoQy6Z2fsxyep32SeaqPejVBt8ySnFykzMvXoAW/URzUDq7UxaDN+YKexkFDXK2 VxWFUwVfrqPy5Z7ncw7cfO7YEd9jdF03Y4+s37X0t7KwVx00X4sYum9dMyUxuWesQYyIn CxhDaWFw3TZ40pXzOv65PadKmkdcpIdXmAo= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1632328322350100009 Content-Type: text/plain; charset="utf-8" From: Stefan Berger Disable the TPM2 platform hierarchy by directly calling ConfigureTpmPlatformHierarchy(). Per the TCG firmware specification "TCG PC Client Platform Firmware Profile Specification" the TPM 2 platform hierarchy needs to be disabled or a random password set and discarded before the firmware passes control to the next stage bootloader or kernel. Current specs are here: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05= _v23_pub.pdf Section 11 states: "Platform Firmware MUST protect access to the Platform Hierarchy and prevent access to the platform hierarchy by non-manufacturer- controlled components." Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510 Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Signed-off-by: Stefan Berger Reviewed-by: Sami Mujawar --- ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c | 6 ++++++ .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 1 + 2 files changed, 7 insertions(+) diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVi= rtPkg/Library/PlatformBootManagerLib/PlatformBm.c index 69448ff65b..1848042f86 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -696,6 +697,11 @@ PlatformBootManagerBeforeConsole ( // EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid); =20 + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Dispatch deferred images after EndOfDxe event. // diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerL= ib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.i= nf index 9f54224d3e..997eb1a442 100644 --- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf @@ -48,6 +48,7 @@ QemuBootOrderLib QemuLoadImageLib ReportStatusCodeLib + TpmPlatformHierarchyLib UefiBootManagerLib UefiBootServicesTableLib UefiLib --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80986): https://edk2.groups.io/g/devel/message/80986 Mute This Topic: https://groups.io/mt/85794145/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-