Rename TPM_ENABLE to TPM2_ENABLE and TPM_CONFIG_ENABLE to
TPM2_CONFIG_ENABLE so they are in line with the ArmVirtPkg
config option names.
Add separate TPM1_ENABLE option for TPM 1.2 support.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 6 ++++--
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++-
OvmfPkg/OvmfTpmDefines.dsc.inc | 7 +++++--
OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +-
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmDxe.fdf.inc | 6 ++++--
OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++-
OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
OvmfPkg/PlatformCI/ReadMe.md | 2 +-
14 files changed, 44 insertions(+), 21 deletions(-)
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
index d5c2586118f1..6806eb245e2b 100644
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -14,13 +14,15 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
-!if $(TPM_CONFIG_ENABLE) == TRUE
+!if $(TPM2_CONFIG_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
+!if $(TPM1_ENABLE) == TRUE
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
+!endif
SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
<LibraryClasses>
TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
index b5dc20c4858c..94bc124f9b78 100644
--- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
@@ -2,10 +2,14 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+!if $(TPM1_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!else
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+!endif
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
index 51da7508b307..de55cbdcf852 100644
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -2,5 +2,8 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
- DEFINE TPM_ENABLE = FALSE
- DEFINE TPM_CONFIG_ENABLE = FALSE
+ DEFINE TPM2_ENABLE = FALSE
+ DEFINE TPM2_CONFIG_ENABLE = FALSE
+
+ # has no effect unless TPM2_ENABLE == TRUE
+ DEFINE TPM1_ENABLE = TRUE
diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
index 50100f2c0371..418747b13487 100644
--- a/OvmfPkg/OvmfTpmLibs.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
+!endif
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
index 67d5027abaea..1d66cdac778c 100644
--- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
@@ -2,7 +2,9 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
+!endif
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
index 4e84e3dcaaeb..03caccd7c688 100644
--- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+!if $(TPM1_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+!endif
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
index 0e7f83c04bd7..0d55d6273702 100644
--- a/OvmfPkg/OvmfTpmPcds.dsc.inc
+++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
@@ -2,6 +2,6 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
index 164bc9c7fca0..a0aa81aedf3a 100644
--- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
+++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
index 4bd4066843ef..e9ab2fca7bc7 100644
--- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
+++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
@@ -2,7 +2,9 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
index 9dcdaaf01c39..fa749726789a 100644
--- a/OvmfPkg/OvmfTpmDxe.fdf.inc
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
@@ -2,11 +2,13 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+!endif
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
-!if $(TPM_CONFIG_ENABLE) == TRUE
+!if $(TPM2_CONFIG_ENABLE) == TRUE
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
!endif
diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
index 6380d7660d40..a4f0f80715d4 100644
--- a/OvmfPkg/OvmfTpmPei.fdf.inc
+++ b/OvmfPkg/OvmfTpmPei.fdf.inc
@@ -2,10 +2,14 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+!if $(TPM1_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!else
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+!endif
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
!endif
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
index 7117b86b8177..4a3c08029a5b 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
@@ -95,21 +95,21 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_NOOPT:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "NOOPT"
Run.Flags: $(run_flags)
Run: $(should_run)
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
index 2e07a3d8893a..0e6f54c57cce 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
@@ -94,14 +94,14 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
@@ -112,7 +112,7 @@ jobs:
# OVMF_IA32X64_FULL_NOOPT:
# Build.File: "$(package)/PlatformCI/PlatformBuild.py"
# Build.Arch: "IA32,X64"
- # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
# Build.Target: "NOOPT"
# Run.Flags: $(run_flags)
# Run: $(should_run)
diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md
index 2ce9007dbeaa..4b3ebe022dad 100644
--- a/OvmfPkg/PlatformCI/ReadMe.md
+++ b/OvmfPkg/PlatformCI/ReadMe.md
@@ -14,7 +14,7 @@ supported and are described below.
| IA32 | IA32 | OvmfPkgIa32.dsc | None |
| X64 | X64 | OvmfPkgIa64.dsc | None |
| IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None |
-| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
+| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM1_ENABLE=1 TPM2_ENABLE=1 TPM2_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
## EDK2 Developer environment
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82455): https://edk2.groups.io/g/devel/message/82455
Mute This Topic: https://groups.io/mt/86487986/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
> Rename TPM_ENABLE to TPM2_ENABLE and TPM_CONFIG_ENABLE to
> TPM2_CONFIG_ENABLE so they are in line with the ArmVirtPkg
> config option names.
>
> Add separate TPM1_ENABLE option for TPM 1.2 support.
I tested this on Fedora and attached a TPM 1.2 to the VM after a build
**without** TPM1_ENABLE. When I run this here inside the VM
cat /sys/devices/pnp0/00\:04/prcs
I get measurements in PCRs 0-9 hinting that the TPM 1.2 support isn't
entirely disabled but somehow it's still measuring into those
firmware-related PCRs. It is due to this here:
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
index 51da7508b307..de55cbdcf852 100644
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -2,5 +2,8 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
- DEFINE TPM_ENABLE = FALSE
- DEFINE TPM_CONFIG_ENABLE = FALSE
+ DEFINE TPM2_ENABLE = FALSE
+ DEFINE TPM2_CONFIG_ENABLE = FALSE
+
+ # has no effect unless TPM2_ENABLE == TRUE
+ DEFINE TPM1_ENABLE = TRUE
If you set this to FALSE then it removes TPM 1.2 support if TPM1_ENABLE
is not passed.
Stefan
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
> OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 6 ++++--
> OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++-
> OvmfPkg/OvmfTpmDefines.dsc.inc | 7 +++++--
> OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +-
> OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
> OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++-
> OvmfPkg/OvmfTpmDxe.fdf.inc | 6 ++++--
> OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++-
> OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
> OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
> OvmfPkg/PlatformCI/ReadMe.md | 2 +-
> 14 files changed, 44 insertions(+), 21 deletions(-)
>
> diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> index d5c2586118f1..6806eb245e2b 100644
> --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
> @@ -2,7 +2,7 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
> <LibraryClasses>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
> @@ -14,13 +14,15 @@
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> }
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> !endif
> +!if $(TPM1_ENABLE) == TRUE
> SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
> <LibraryClasses>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> }
> +!endif
> SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
> <LibraryClasses>
> TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
> diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> index b5dc20c4858c..94bc124f9b78 100644
> --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
> @@ -2,10 +2,14 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> +!if $(TPM1_ENABLE) == TRUE
> OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf
> SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +!else
> + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +!endif
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> <LibraryClasses>
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
> diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
> index 51da7508b307..de55cbdcf852 100644
> --- a/OvmfPkg/OvmfTpmDefines.dsc.inc
> +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
> @@ -2,5 +2,8 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> - DEFINE TPM_ENABLE = FALSE
> - DEFINE TPM_CONFIG_ENABLE = FALSE
> + DEFINE TPM2_ENABLE = FALSE
> + DEFINE TPM2_CONFIG_ENABLE = FALSE
> +
> + # has no effect unless TPM2_ENABLE == TRUE
> + DEFINE TPM1_ENABLE = TRUE
> diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
> index 50100f2c0371..418747b13487 100644
> --- a/OvmfPkg/OvmfTpmLibs.dsc.inc
> +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
> @@ -2,8 +2,10 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
> +!endif
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
> Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
> diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> index 67d5027abaea..1d66cdac778c 100644
> --- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
> @@ -2,7 +2,9 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
> +!endif
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
> !endif
> diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> index 4e84e3dcaaeb..03caccd7c688 100644
> --- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
> @@ -2,8 +2,10 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> +!if $(TPM1_ENABLE) == TRUE
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
> +!endif
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
> !endif
> diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
> index 0e7f83c04bd7..0d55d6273702 100644
> --- a/OvmfPkg/OvmfTpmPcds.dsc.inc
> +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
> @@ -2,6 +2,6 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
> !endif
> diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> index 164bc9c7fca0..a0aa81aedf3a 100644
> --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
> @@ -2,7 +2,7 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE
> gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
> gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
> !endif
> diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> index 4bd4066843ef..e9ab2fca7bc7 100644
> --- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
> @@ -2,7 +2,9 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
> +!endif
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
> index 9dcdaaf01c39..fa749726789a 100644
> --- a/OvmfPkg/OvmfTpmDxe.fdf.inc
> +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
> @@ -2,11 +2,13 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> +!if $(TPM1_ENABLE) == TRUE
> INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
> +!endif
> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> -!if $(TPM_CONFIG_ENABLE) == TRUE
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> !endif
> !endif
> diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
> index 6380d7660d40..a4f0f80715d4 100644
> --- a/OvmfPkg/OvmfTpmPei.fdf.inc
> +++ b/OvmfPkg/OvmfTpmPei.fdf.inc
> @@ -2,10 +2,14 @@
> # SPDX-License-Identifier: BSD-2-Clause-Patent
> ##
>
> -!if $(TPM_ENABLE) == TRUE
> +!if $(TPM2_ENABLE) == TRUE
> INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
> +!if $(TPM1_ENABLE) == TRUE
> INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf
> INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +!else
> +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
> +!endif
> INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> !endif
> diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> index 7117b86b8177..4a3c08029a5b 100644
> --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
> @@ -95,21 +95,21 @@ jobs:
> OVMF_IA32X64_FULL_DEBUG:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "DEBUG"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_RELEASE:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "RELEASE"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_NOOPT:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "NOOPT"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> index 2e07a3d8893a..0e6f54c57cce 100644
> --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
> @@ -94,14 +94,14 @@ jobs:
> OVMF_IA32X64_FULL_DEBUG:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "DEBUG"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> OVMF_IA32X64_FULL_RELEASE:
> Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> Build.Arch: "IA32,X64"
> - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> Build.Target: "RELEASE"
> Run.Flags: $(run_flags)
> Run: $(should_run)
> @@ -112,7 +112,7 @@ jobs:
> # OVMF_IA32X64_FULL_NOOPT:
> # Build.File: "$(package)/PlatformCI/PlatformBuild.py"
> # Build.Arch: "IA32,X64"
> - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM2_ENABLE=1 BLD_*_TPM2_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
> # Build.Target: "NOOPT"
> # Run.Flags: $(run_flags)
> # Run: $(should_run)
> diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md
> index 2ce9007dbeaa..4b3ebe022dad 100644
> --- a/OvmfPkg/PlatformCI/ReadMe.md
> +++ b/OvmfPkg/PlatformCI/ReadMe.md
> @@ -14,7 +14,7 @@ supported and are described below.
> | IA32 | IA32 | OvmfPkgIa32.dsc | None |
> | X64 | X64 | OvmfPkgIa64.dsc | None |
> | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None |
> -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
> +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM1_ENABLE=1 TPM2_ENABLE=1 TPM2_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
>
> ## EDK2 Developer environment
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82461): https://edk2.groups.io/g/devel/message/82461
Mute This Topic: https://groups.io/mt/86487986/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Thu, Oct 21, 2021 at 11:44:54AM -0400, Stefan Berger wrote: > > On 10/21/21 8:20 AM, Gerd Hoffmann wrote: > > Rename TPM_ENABLE to TPM2_ENABLE and TPM_CONFIG_ENABLE to > > TPM2_CONFIG_ENABLE so they are in line with the ArmVirtPkg > > config option names. > > > > Add separate TPM1_ENABLE option for TPM 1.2 support. > > > I tested this on Fedora and attached a TPM 1.2 to the VM after a build > **without** TPM1_ENABLE. When I run this here inside the VM > > cat /sys/devices/pnp0/00\:04/prcs > > I get measurements in PCRs 0-9 hinting that the TPM 1.2 support isn't > entirely disabled but somehow it's still measuring into those > firmware-related PCRs. It is due to this here: > > + # has no effect unless TPM2_ENABLE == TRUE > + DEFINE TPM1_ENABLE = TRUE > > > If you set this to FALSE then it removes TPM 1.2 support if TPM1_ENABLE is > not passed. Yes, that is intentional. By default (when you don't explicitly set TPM1_ENABLE) behavior doesn't change and TPM 1.2 support continues to be available like it is the case without this series applied. When you think it is better to flip the default instead of being conservative I happily change it in v2. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82507): https://edk2.groups.io/g/devel/message/82507 Mute This Topic: https://groups.io/mt/86487986/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.