1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH v4 0/3] ArmVirtPkg: Disable the TPM 2 platform hierarchy

Stefan Berger posted 3 patches 2 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/edk2 tags/patchew/20210924114221.3132368-1-stefanb@linux.ibm.com
ArmVirtPkg/ArmVirtCloudHv.dsc                 |  1 +
ArmVirtPkg/ArmVirtQemu.dsc                    |  2 ++
ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
ArmVirtPkg/ArmVirtXen.dsc                     |  1 +
.../PlatformBootManagerLib/PlatformBm.c       |  6 ++++
.../PlatformBootManagerLib.inf                |  2 ++
.../PeiDxeTpmPlatformHierarchyLib.c           | 22 +++++++++++++
.../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
SecurityPkg/SecurityPkg.dsc                   |  1 +
9 files changed, 67 insertions(+)
create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
[edk2-devel] [PATCH v4 0/3] ArmVirtPkg: Disable the TPM 2 platform hierarchy
Posted by Stefan Berger 2 years, 7 months ago 
This series of patches disables the TPM 2 platform hierarchy.
We just added the same functionality to the OvmfPkg. However, on x86, we
could use the notification mechanism around gEfiDxeSmmReadyToLockProtocolGuid
to indirectly invoke ConfigureTpmPlatformHierarchy(). Since ARM does not
have an SMM mode this series now use direct invocation of this function
at the same place in PlatformBootManagerBeforeConsole() as it is done
on x86.

Regards,
   Stefan

v4:
  - Added Sami's R-b tag to 1/3

v3:
  - Addressed Ard's comments on 1/3

v2:
  - Move Null implementation to SecurityPkg
  - Added suggested texts to commit messages and added Sami's R-b tags

Stefan Berger (3):
  ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib
  ArmVirtPkg: Reference new TPM classes in the build system for
    compilation
  ArmVirtPkg: Disable the TPM2 platform hierarchy

 ArmVirtPkg/ArmVirtCloudHv.dsc                 |  1 +
 ArmVirtPkg/ArmVirtQemu.dsc                    |  2 ++
 ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
 ArmVirtPkg/ArmVirtXen.dsc                     |  1 +
 .../PlatformBootManagerLib/PlatformBm.c       |  6 ++++
 .../PlatformBootManagerLib.inf                |  2 ++
 .../PeiDxeTpmPlatformHierarchyLib.c           | 22 +++++++++++++
 .../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
 SecurityPkg/SecurityPkg.dsc                   |  1 +
 9 files changed, 67 insertions(+)
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
 create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf

-- 
2.31.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81090): https://edk2.groups.io/g/devel/message/81090
Mute This Topic: https://groups.io/mt/85836857/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/3] ArmVirtPkg: Disable the TPM 2 platform hierarchy
Posted by Stefan Berger 2 years, 7 months ago 
Yao,

    I think this series has the needed R-b's and should be commit-able.

Cheers!

    Stefan


On 9/24/21 7:42 AM, Stefan Berger wrote:
> This series of patches disables the TPM 2 platform hierarchy.
> We just added the same functionality to the OvmfPkg. However, on x86, we
> could use the notification mechanism around gEfiDxeSmmReadyToLockProtocolGuid
> to indirectly invoke ConfigureTpmPlatformHierarchy(). Since ARM does not
> have an SMM mode this series now use direct invocation of this function
> at the same place in PlatformBootManagerBeforeConsole() as it is done
> on x86.
>
> Regards,
>     Stefan
>
> v4:
>    - Added Sami's R-b tag to 1/3
>
> v3:
>    - Addressed Ard's comments on 1/3
>
> v2:
>    - Move Null implementation to SecurityPkg
>    - Added suggested texts to commit messages and added Sami's R-b tags
>
> Stefan Berger (3):
>    ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib
>    ArmVirtPkg: Reference new TPM classes in the build system for
>      compilation
>    ArmVirtPkg: Disable the TPM2 platform hierarchy
>
>   ArmVirtPkg/ArmVirtCloudHv.dsc                 |  1 +
>   ArmVirtPkg/ArmVirtQemu.dsc                    |  2 ++
>   ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
>   ArmVirtPkg/ArmVirtXen.dsc                     |  1 +
>   .../PlatformBootManagerLib/PlatformBm.c       |  6 ++++
>   .../PlatformBootManagerLib.inf                |  2 ++
>   .../PeiDxeTpmPlatformHierarchyLib.c           | 22 +++++++++++++
>   .../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
>   SecurityPkg/SecurityPkg.dsc                   |  1 +
>   9 files changed, 67 insertions(+)
>   create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
>   create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81462): https://edk2.groups.io/g/devel/message/81462
Mute This Topic: https://groups.io/mt/85836857/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/3] ArmVirtPkg: Disable the TPM 2 platform hierarchy
Posted by Ard Biesheuvel 2 years, 6 months ago 
Merged as #2041

What is the status of the OVMF series with the same purpose?


On Mon, 4 Oct 2021 at 21:56, Stefan Berger <stefanb@linux.ibm.com> wrote:
>
> Yao,
>
>     I think this series has the needed R-b's and should be commit-able.
>
> Cheers!
>
>     Stefan
>
>
> On 9/24/21 7:42 AM, Stefan Berger wrote:
> > This series of patches disables the TPM 2 platform hierarchy.
> > We just added the same functionality to the OvmfPkg. However, on x86, we
> > could use the notification mechanism around gEfiDxeSmmReadyToLockProtocolGuid
> > to indirectly invoke ConfigureTpmPlatformHierarchy(). Since ARM does not
> > have an SMM mode this series now use direct invocation of this function
> > at the same place in PlatformBootManagerBeforeConsole() as it is done
> > on x86.
> >
> > Regards,
> >     Stefan
> >
> > v4:
> >    - Added Sami's R-b tag to 1/3
> >
> > v3:
> >    - Addressed Ard's comments on 1/3
> >
> > v2:
> >    - Move Null implementation to SecurityPkg
> >    - Added suggested texts to commit messages and added Sami's R-b tags
> >
> > Stefan Berger (3):
> >    ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib
> >    ArmVirtPkg: Reference new TPM classes in the build system for
> >      compilation
> >    ArmVirtPkg: Disable the TPM2 platform hierarchy
> >
> >   ArmVirtPkg/ArmVirtCloudHv.dsc                 |  1 +
> >   ArmVirtPkg/ArmVirtQemu.dsc                    |  2 ++
> >   ArmVirtPkg/ArmVirtQemuKernel.dsc              |  1 +
> >   ArmVirtPkg/ArmVirtXen.dsc                     |  1 +
> >   .../PlatformBootManagerLib/PlatformBm.c       |  6 ++++
> >   .../PlatformBootManagerLib.inf                |  2 ++
> >   .../PeiDxeTpmPlatformHierarchyLib.c           | 22 +++++++++++++
> >   .../PeiDxeTpmPlatformHierarchyLib.inf         | 31 +++++++++++++++++++
> >   SecurityPkg/SecurityPkg.dsc                   |  1 +
> >   9 files changed, 67 insertions(+)
> >   create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.c
> >   create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
> >
>
>
> 
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81505): https://edk2.groups.io/g/devel/message/81505
Mute This Topic: https://groups.io/mt/85836857/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.