From nobody Sun Apr 28 04:56:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+82452+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82452+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1634818837; cv=none; d=zohomail.com; s=zohoarc; b=YFWZFwbzpXpInNuLCRFXmTYLLZQj3Vb28MwI0p7bxdvIMVcpJFLYXwFOFj9qApTj4EqaQLFcxl11QGeQ1e2ZhUfHvPZKY/bacKYLFejJrIpaIS54gwdsyuXqhNfr0ErqzYpeUdrdhOpMTG3f53+9hkUeFpWXBj7xUEWYIk+5KyI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1634818837; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=j6251c8XnQRMwrtaGJXDHaJU0r1Aab9+AdWJr2cNTM0=; b=B7Z1i+KbvPHe5SNZZS/Trc/JozAiCHpI+Z/X4K/KNT8a+IpcQZHHsMMbo4fXZ5Z6zzdozSMlm7TEoZeQ2+OCdzB6RNJdFslC95AGTjp34LMA3hHu7eKrPkkKPWKg8OZamiQIrGVNPuR8K14cHsfIf4uZ62HZHKwZ/ZZfF1V9UIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82452+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1634818837848195.12331288262828; Thu, 21 Oct 2021 05:20:37 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id sPl5YY1788612xKumVfXnp8G; Thu, 21 Oct 2021 05:20:37 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.8575.1634818836146381807 for ; Thu, 21 Oct 2021 05:20:36 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-374-Xu0EhYO-PH2clVo5TNZKyA-1; Thu, 21 Oct 2021 08:20:32 -0400 X-MC-Unique: Xu0EhYO-PH2clVo5TNZKyA-1 X-Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8A1DD1966326; Thu, 21 Oct 2021 12:20:30 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 50784100164A; Thu, 21 Oct 2021 12:20:05 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C06AD18007A6; Thu, 21 Oct 2021 14:20:03 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Gerd Hoffmann , James Bottomley , Min Xu , Jordan Justen , Erdem Aktas , Stefan Berger , Ard Biesheuvel , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Jiewen Yao , Tom Lendacky , Brijesh Singh Subject: [edk2-devel] [PATCH 1/4] OvmfPkg: move tcg configuration to dsc and fdf include files Date: Thu, 21 Oct 2021 14:20:00 +0200 Message-Id: <20211021122003.2008499-2-kraxel@redhat.com> In-Reply-To: <20211021122003.2008499-1-kraxel@redhat.com> References: <20211021122003.2008499-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: Je25uvYZx5QRR7NGpWPJ17x8x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1634818837; bh=tQhtM9Mq+Z/fOSF5mjyFtbUp9JE+Med5w9RXv+jIb7g=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=xCsGD0J/QegOJPZQ+TRcNEkqIWXLcIJS8V3oIq7sJj1AIp9PRBSgAvOxv7lULoeDMbE MCKd8gmHwNVntPBjEfEx+ut3g+yZLRAetBqMdl7l7cS1Zw0Wzm5y/ncbTexIZc6XMTcPr k7fGFjtFduF+Ix8Tpba7KcYSU5AvaqajtA4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1634818839080100001 Content-Type: text/plain; charset="utf-8" With this in place the tpm configuration is not duplicated for each of our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is easier to keep them all in sync when updating the tpm configuration. No functional change. Signed-off-by: Gerd Hoffmann Tested-by: Stefan Berger --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++ OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++ OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++ OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++ OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++ OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++ OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++ OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------ OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgX64.dsc | 85 ++++----------------------- OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +----- OvmfPkg/OvmfPkgIa32.fdf | 17 +----- OvmfPkg/OvmfPkgIa32X64.fdf | 17 +----- OvmfPkg/OvmfPkgX64.fdf | 17 +----- OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++ OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++ 19 files changed, 185 insertions(+), 359 deletions(-) create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsDxe.dsc.inc new file mode 100644 index 000000000000..d5c2586118f1 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -0,0 +1,28 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf + } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsPei.dsc.inc new file mode 100644 index 000000000000..99fa7c13b3e7 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -0,0 +1,22 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc new file mode 100644 index 000000000000..51da7508b307 --- /dev/null +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -0,0 +1,6 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE TPM_ENABLE =3D FALSE + DEFINE TPM_CONFIG_ENABLE =3D FALSE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc new file mode 100644 index 000000000000..50100f2c0371 --- /dev/null +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -0,0 +1,14 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc new file mode 100644 index 000000000000..67d5027abaea --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.= inc new file mode 100644 index 000000000000..4e84e3dcaaeb --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -0,0 +1,9 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc new file mode 100644 index 000000000000..0e7f83c04bd7 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +!endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc new file mode 100644 index 000000000000..164bc9c7fca0 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS +!endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityS= tub.dsc.inc new file mode 100644 index 000000000000..4bd4066843ef --- /dev/null +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf +!endif diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 5ee54451169b..d145b491fb44 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -32,8 +32,8 @@ [Defines] # -D FLAG=3DVALUE # DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc =20 # # Shell can be useful for debugging but should not be enabled for produc= tion @@ -203,16 +203,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad= ImageLib.inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -575,15 +560,10 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -624,24 +604,7 @@ [Components] UefiCpuPkg/CpuMpPei/CpuMpPei.inf OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 # # DXE Phase modules @@ -663,10 +626,7 @@ [Components] =20 MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -836,27 +796,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 6a5be97c059d..462c1b970ed8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -32,10 +32,10 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE DEFINE LOAD_X64_ON_IA32_ENABLE =3D FALSE =20 +!include OvmfPkg/OvmfTpmDefines.dsc.inc + # # Network definition # @@ -229,16 +229,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -309,11 +300,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -401,10 +388,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -642,19 +627,14 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -704,24 +684,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 # # DXE Phase modules @@ -746,10 +709,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf !endif -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1019,31 +979,5 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc =20 -!if $(LOAD_X64_ON_IA32_ENABLE) =3D=3D TRUE - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -!endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 71227d1b709a..3908acbc9c78 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc =20 # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -313,11 +304,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -405,10 +392,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,9 +639,7 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 [PcdsDynamicDefault.X64] # IPv4 and IPv6 PXE Boot support. @@ -664,10 +647,7 @@ [PcdsDynamicDefault.X64] gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -717,24 +697,7 @@ [Components.IA32] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 [Components.X64] # @@ -760,10 +723,7 @@ [Components.X64] !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf !endif -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1034,27 +994,4 @@ [Components.X64] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 52f7598cf1c7..6114a4d61ab7 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc =20 # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -654,19 +639,14 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -716,24 +696,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 # # DXE Phase modules @@ -757,10 +720,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf -!endif -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc !endif } =20 @@ -1032,27 +992,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 56626098862c..b9017f490458 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -156,13 +156,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -318,14 +312,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 ##########################################################################= ###### =20 diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 775ea2d71098..24e4366c172d 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -161,13 +161,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -361,14 +355,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 !if $(LOAD_X64_ON_IA32_ENABLE) =3D=3D TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 9d8695922f97..734df36602bd 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -164,13 +164,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -371,14 +365,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 ##########################################################################= ###### =20 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index b6cc3cabdd69..b8d074c6e496 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -180,13 +180,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -387,14 +381,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 ##########################################################################= ###### =20 diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc new file mode 100644 index 000000000000..9dcdaaf01c39 --- /dev/null +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -0,0 +1,12 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc new file mode 100644 index 000000000000..9aefd73d219c --- /dev/null +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -0,0 +1,11 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf +!endif --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82452): https://edk2.groups.io/g/devel/message/82452 Mute This Topic: https://groups.io/mt/86487980/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 04:56:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+82454+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82454+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1634818862; cv=none; d=zohomail.com; s=zohoarc; b=nVcPCUPyIuTCHoonzUU8+Xf3m/dZkr2fQ9urGdB6I/CaMgQL5cB+Y1tjkHJuxgca2ue1HPeGONHeGccCO0IsaUGuNRYEFNIi3/WU6lvqY4xs+jjgirLD/NsN7SAcuEEGY4j7VqArHPUUSjuNCwuifGlgOjhzfSmNBpamJwME/oE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1634818862; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=j13Q7oetrSwzKNtDpaZ0UldtGWamVcwO1Y7z+G+i3pk=; b=AJ/I/9vRM0DjTjtmMNRFBMrEcQRf5+mz+q/qOq997WjonV81OCeW8OO6X60hCAFyrjQf8HeDLYnQizvRWMIETbwNSGWwLC0VmQHPkE0EpVsjErZ4+AzB7YtUzNkDtW7HxNYWnozZzpnAoQxtbnTTPGjxtNLXoQRvysHmGvsVdQs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82454+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1634818862168257.3585191364044; Thu, 21 Oct 2021 05:21:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id WYuxYY1788612xgmjZIvtvhW; Thu, 21 Oct 2021 05:21:01 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.8584.1634818861111240016 for ; Thu, 21 Oct 2021 05:21:01 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-492-OnmGiNaWPTi4HrevIK0y7w-1; Thu, 21 Oct 2021 08:20:57 -0400 X-MC-Unique: OnmGiNaWPTi4HrevIK0y7w-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 96A2810168C7; Thu, 21 Oct 2021 12:20:55 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 26B9757CA4; Thu, 21 Oct 2021 12:20:32 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C2DAC180090A; Thu, 21 Oct 2021 14:20:03 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Gerd Hoffmann , James Bottomley , Min Xu , Jordan Justen , Erdem Aktas , Stefan Berger , Ard Biesheuvel , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Jiewen Yao , Tom Lendacky , Brijesh Singh Subject: [edk2-devel] [PATCH 2/4] OvmfPkg: create Tcg2ConfigPeiCompat12.inf Date: Thu, 21 Oct 2021 14:20:01 +0200 Message-Id: <20211021122003.2008499-3-kraxel@redhat.com> In-Reply-To: <20211021122003.2008499-1-kraxel@redhat.com> References: <20211021122003.2008499-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: BtfyjPQjuqwcgih6vj2oH0kDx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1634818861; bh=GXFOBmRTzelUGPhU5G6QAJ1DkUrvLLhS3EIH0b9/MQU=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=mJ+fFcKDYYs3M369J6WfUIsC/GGLcwyGmBlpA8CYtHdtE7jfBbFuFLMGoTei2EBvpR0 Mhs2zdS1xYHqKgQioBnWLITJ0xq57X4Js1x8BI6imYPeY7C4snu56d9a6YNeLjBsPNdSH +sCOEsKXBhBEQweWitMYIpVshOpNFUXWsxc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1634818864260100001 Content-Type: text/plain; charset="utf-8" Split Tcg2ConfigPei.inf into two variants: Tcg2ConfigPeiCompat12.inf with TPM 1.2 backward compatibility included and Tcg2ConfigPei.inf supporting TPM 2.0 only. This allows x86 builds to choose whenever TPM 1.2 support should be included or not by picking the one or the other inf file. Switch x86 builds to Tcg2ConfigPeiCompat12.inf, so they continue to have TPM 1.2 support. No functional change. Signed-off-by: Gerd Hoffmann Tested-by: Stefan Berger --- OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 +- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 9 --------- .../{Tcg2ConfigPei.inf =3D> Tcg2ConfigPeiCompat12.inf} | 9 +-------- OvmfPkg/OvmfTpmPei.fdf.inc | 2 +- 4 files changed, 3 insertions(+), 19 deletions(-) copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf =3D> Tcg2ConfigPeiCompat12.= inf} (84%) diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsPei.dsc.inc index 99fa7c13b3e7..b5dc20c4858c 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -4,7 +4,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index 39d1deeed16b..bf8b12da8195 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -22,11 +22,6 @@ [Defines] [Sources] Tcg2ConfigPeim.c Tpm12Support.h - -[Sources.IA32, Sources.X64] - Tpm12Support.c - -[Sources.ARM, Sources.AARCH64] Tpm12SupportNull.c =20 [Packages] @@ -41,10 +36,6 @@ [LibraryClasses] PeiServicesLib Tpm2DeviceLib =20 -[LibraryClasses.IA32, LibraryClasses.X64] - BaseLib - Tpm12DeviceLib - [Guids] gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI = GUID gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPeiCompat12.inf similarity index 84% copy from OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf copy to OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf index 39d1deeed16b..919006f35cf1 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf @@ -14,7 +14,7 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D Tcg2ConfigPei - FILE_GUID =3D BF7F2B0C-9F2F-4889-AB5C-12460022BE87 + FILE_GUID =3D 8AD3148F-945F-46B4-8ACD-71469EA73945 MODULE_TYPE =3D PEIM VERSION_STRING =3D 1.0 ENTRY_POINT =3D Tcg2ConfigPeimEntryPoint @@ -22,13 +22,8 @@ [Defines] [Sources] Tcg2ConfigPeim.c Tpm12Support.h - -[Sources.IA32, Sources.X64] Tpm12Support.c =20 -[Sources.ARM, Sources.AARCH64] - Tpm12SupportNull.c - [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec @@ -40,8 +35,6 @@ [LibraryClasses] DebugLib PeiServicesLib Tpm2DeviceLib - -[LibraryClasses.IA32, LibraryClasses.X64] BaseLib Tpm12DeviceLib =20 diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc index 9aefd73d219c..6380d7660d40 100644 --- a/OvmfPkg/OvmfTpmPei.fdf.inc +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -4,7 +4,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82454): https://edk2.groups.io/g/devel/message/82454 Mute This Topic: https://groups.io/mt/86487985/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 04:56:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+82455+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82455+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1634818862; cv=none; d=zohomail.com; s=zohoarc; b=Fcpy4NeiFt74yGfKQ8BvqriNYaTspR6jyQfXZIyOZc2uYHFbXvVq3o77E3KvLeDzPElhe39Bssi4N9mJxNIJyrW0G9VUtAxcqXigH/HP/yww3eVBipSAjtpAYYvCC31ozJ/Ie/L462O3hP9JbREdMZo+53Oi595QwLnu4lI/CMM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1634818862; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=PizkOO+P1+qiGUPQbMKI6CPJn+MBxJR6s+AbKuS+SwQ=; b=mn83BNESgjEt1+RERuy6pRco0WrB8O+e3O5kX5dhowL98QDLEQ0bySIZ5eb90soCiXFEFxlnDd9PGEsXrMJ1cI3Y2SexEnPjZfaOSt7GhRG8wp1OAI5zhHfo4FOQo07MQKhbDLW8bZpdyub+sakjkyIup8+r3u8HSfYVH+DbUXI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82455+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1634818862731746.2607729316426; Thu, 21 Oct 2021 05:21:02 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1JTTYY1788612xvQ5BCL0hWZ; Thu, 21 Oct 2021 05:21:02 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.8633.1634818861459980168 for ; Thu, 21 Oct 2021 05:21:01 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-102-13kmvTd1OqWoz0U7Dd_E5A-1; Thu, 21 Oct 2021 08:20:57 -0400 X-MC-Unique: 13kmvTd1OqWoz0U7Dd_E5A-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C94B56A2A0; Thu, 21 Oct 2021 12:20:55 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4F966652AC; Thu, 21 Oct 2021 12:20:51 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C611E180090B; Thu, 21 Oct 2021 14:20:03 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Gerd Hoffmann , James Bottomley , Min Xu , Jordan Justen , Erdem Aktas , Stefan Berger , Ard Biesheuvel , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Jiewen Yao , Tom Lendacky , Brijesh Singh Subject: [edk2-devel] [PATCH 3/4] OvmfPkg: rework TPM configuration Date: Thu, 21 Oct 2021 14:20:02 +0200 Message-Id: <20211021122003.2008499-4-kraxel@redhat.com> In-Reply-To: <20211021122003.2008499-1-kraxel@redhat.com> References: <20211021122003.2008499-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: 96oRxOmjlexVzS7mWqDOqStox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1634818862; bh=7H8LNedRgC9ksmsLfftVf7UcMIhEemsNfjjAfRz6Z5o=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=FTq0LmMQunXtNXifLtkOgP0by2+EoBdffsSSuLwPm3BkFBkRG2WTenODMxwtPsmJ9kx 1wjbgTQ/U18Lij+Om0UXhmE6k44490AlFYKWRvPR2DaL9EXTp/4kas+/gmqL2yeWPTd+x 2Ftx45REzWoknpVlZVN4SjTYZ2HqlFHmDhg= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1634818864331100003 Content-Type: text/plain; charset="utf-8" Rename TPM_ENABLE to TPM2_ENABLE and TPM_CONFIG_ENABLE to TPM2_CONFIG_ENABLE so they are in line with the ArmVirtPkg config option names. Add separate TPM1_ENABLE option for TPM 1.2 support. Signed-off-by: Gerd Hoffmann --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 6 ++++-- OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++- OvmfPkg/OvmfTpmDefines.dsc.inc | 7 +++++-- OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++- OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++- OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++- OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +- OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++- OvmfPkg/OvmfTpmDxe.fdf.inc | 6 ++++-- OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++- OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- OvmfPkg/PlatformCI/ReadMe.md | 2 +- 14 files changed, 44 insertions(+), 21 deletions(-) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsDxe.dsc.inc index d5c2586118f1..6806eb245e2b 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf @@ -14,13 +14,15 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif +!if $(TPM1_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf } +!endif SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsPei.dsc.inc index b5dc20c4858c..94bc124f9b78 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -2,10 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +!if $(TPM1_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf +!else + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index 51da7508b307..de55cbdcf852 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -2,5 +2,8 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + DEFINE TPM2_ENABLE =3D FALSE + DEFINE TPM2_CONFIG_ENABLE =3D FALSE + + # has no effect unless TPM2_ENABLE =3D=3D TRUE + DEFINE TPM1_ENABLE =3D TRUE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc index 50100f2c0371..418747b13487 100644 --- a/OvmfPkg/OvmfTpmLibs.dsc.inc +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf +!endif Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc index 67d5027abaea..1d66cdac778c 100644 --- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -2,7 +2,9 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf +!endif Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf !endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.= inc index 4e84e3dcaaeb..03caccd7c688 100644 --- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +!if $(TPM1_ENABLE) =3D=3D TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf +!endif Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc index 0e7f83c04bd7..0d55d6273702 100644 --- a/OvmfPkg/OvmfTpmPcds.dsc.inc +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -2,6 +2,6 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} !endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc index 164bc9c7fca0..a0aa81aedf3a 100644 --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE && $(TPM2_CONFIG_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS !endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityS= tub.dsc.inc index 4bd4066843ef..e9ab2fca7bc7 100644 --- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -2,7 +2,9 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf +!endif NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf !endif diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 9dcdaaf01c39..fa749726789a 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -2,11 +2,13 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +!endif INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE +!if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif !endif diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc index 6380d7660d40..a4f0f80715d4 100644 --- a/OvmfPkg/OvmfTpmPei.fdf.inc +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -2,10 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +!if $(TPM1_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeiCompat12.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +!else +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf !endif diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/P= latformCI/.azurepipelines/Ubuntu-GCC5.yml index 7117b86b8177..4a3c08029a5b 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml @@ -95,21 +95,21 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_E= NABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_E= NABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_NOOPT: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_E= NABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "NOOPT" Run.Flags: $(run_flags) Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPk= g/PlatformCI/.azurepipelines/Windows-VS2019.yml index 2e07a3d8893a..0e6f54c57cce 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml @@ -94,14 +94,14 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_E= NABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_E= NABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) @@ -112,7 +112,7 @@ jobs: # OVMF_IA32X64_FULL_NOOPT: # Build.File: "$(package)/PlatformCI/PlatformBuild.py" # Build.Arch: "IA32,X64" - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_TPM2_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_= ENABLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" # Build.Target: "NOOPT" # Run.Flags: $(run_flags) # Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md index 2ce9007dbeaa..4b3ebe022dad 100644 --- a/OvmfPkg/PlatformCI/ReadMe.md +++ b/OvmfPkg/PlatformCI/ReadMe.md @@ -14,7 +14,7 @@ supported and are described below. | IA32 | IA32 | OvmfPkgIa32.dsc | Non= e | | X64 | X64 | OvmfPkgIa64.dsc | Non= e | | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | Non= e | -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SEC= URE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM_ENABLE=3D1 TPM_CONFIG_ENABLE=3D1 NE= TWORK_TLS_ENABLE=3D1 NETWORK_IP6_ENABLE=3D1 NETWORK_HTTP_BOOT_ENABLE=3D1 | +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SEC= URE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM1_ENABLE=3D1 TPM2_ENABLE=3D1 TPM2_CO= NFIG_ENABLE=3D1 NETWORK_TLS_ENABLE=3D1 NETWORK_IP6_ENABLE=3D1 NETWORK_HTTP_= BOOT_ENABLE=3D1 | =20 ## EDK2 Developer environment =20 --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82455): https://edk2.groups.io/g/devel/message/82455 Mute This Topic: https://groups.io/mt/86487986/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 04:56:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+82456+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82456+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1634818863; cv=none; d=zohomail.com; s=zohoarc; b=iRx2IfoZIgdQzl4+v7Wct3qRzHMtp0cCQp8Rj7ASP3FStzWn2nmVwN0DMxhXmSv1h8EvHgjZ0K8HopA6rApIt74JU4Z56/r1etBRSj0nZ8C9HVaU984jlAZN2FozbKdtFrQuieV8cZrdweign83dzSzPUZZeYxpnaGnMQpmsOws= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1634818863; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=W6252KFtpS1PojdAzYBnX8O55+LsZyYcMq2KvVM7FvI=; b=TvQak89hTJOU1TTMFQjowYJI2JQ+A8X2+JCFmRNvMzZbP2mfZQtab1WH6dLX4Ud/Smdp8wmsEQDRCX2zL4sZ2TXe12ovHEIYYw396x/QIw4FDz4bs5SHBexPJb9QtuRlP31upfGbJVd3UIRRXRsPD3jO3YTuztVP+TVgZFCkc5Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+82456+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1634818863724382.3218109169526; Thu, 21 Oct 2021 05:21:03 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GKuHYY1788612xFDFcg6gK4U; Thu, 21 Oct 2021 05:21:03 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.8635.1634818862768969827 for ; Thu, 21 Oct 2021 05:21:03 -0700 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-552-g7WXsgPtM96JEgxtgBNSrQ-1; Thu, 21 Oct 2021 08:20:59 -0400 X-MC-Unique: g7WXsgPtM96JEgxtgBNSrQ-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7ECF71966320; Thu, 21 Oct 2021 12:20:57 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4126860657; Thu, 21 Oct 2021 12:20:57 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C8D6D180090F; Thu, 21 Oct 2021 14:20:03 +0200 (CEST) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Gerd Hoffmann , James Bottomley , Min Xu , Jordan Justen , Erdem Aktas , Stefan Berger , Ard Biesheuvel , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Jiewen Yao , Tom Lendacky , Brijesh Singh Subject: [edk2-devel] [PATCH 4/4] OvmfPkg: add TPM2_SHA1_ENABLE build option Date: Thu, 21 Oct 2021 14:20:03 +0200 Message-Id: <20211021122003.2008499-5-kraxel@redhat.com> In-Reply-To: <20211021122003.2008499-1-kraxel@redhat.com> References: <20211021122003.2008499-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: 9z9JrNgx1kBbKWb4MfM4kgJ0x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1634818863; bh=gAGgd1NpmRgKIDQ7HotnJmka8T0ra/mDnGRK/IAEbd4=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=rET/QbtiKk6rXd1mfNpRUnLFXo8/btp60FSoX4CSC7lnDG02trOjMvnAPD2S0V8nhrj YDjizZAruJy33JQ1ZZmynQVIFkKepqaiSxD4qZuIya/A5081hlapkQ1TBOtI4dPa3W3sX 0hrgIU62z5Iz5sZ1Ndl7znF3DxO7l+CyfdM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1634818864471100009 Content-Type: text/plain; charset="utf-8" Allows to compile OVMF without HashInstanceLibSha1, i.e. no SHA1 hash support in TPM/TCG modules. Signed-off-by: Gerd Hoffmann --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 ++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 ++ OvmfPkg/OvmfTpmDefines.dsc.inc | 1 + 3 files changed, 5 insertions(+) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsDxe.dsc.inc index 6806eb245e2b..1952a848b17c 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -8,7 +8,9 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf +!if $(TPM2_SHA1_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf +!endif NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsPei.dsc.inc index 94bc124f9b78..fbe905603312 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -13,7 +13,9 @@ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf +!if $(TPM2_SHA1_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf +!endif NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index de55cbdcf852..7db7ad7e7934 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -7,3 +7,4 @@ =20 # has no effect unless TPM2_ENABLE =3D=3D TRUE DEFINE TPM1_ENABLE =3D TRUE + DEFINE TPM2_SHA1_ENABLE =3D TRUE --=20 2.31.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82456): https://edk2.groups.io/g/devel/message/82456 Mute This Topic: https://groups.io/mt/86487987/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-