From 806d668dee96ddbb81737675b9f074e04334fb13 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Wed, 26 Feb 2020 20:05:11 +0100 Subject: [PATCH 08/13] ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase Incorporate the PEI components and the associated library class resolutions and PCD declarations to enable TPM2 support in the PEI phase. This patch ports (parts of) the following OvmfPkg commits to ArmVirtQemu: - 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone", 2018-03-09) - 4672a4892867 ("OvmfPkg: include Tcg2Pei module", 2018-03-09) - b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe", 2018-08-16) - 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe", 2019-07-19) gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask defaults to 0x0 so that the TPM init code adopts the currently active PCR banks as the ones that are enabled by default. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek Signed-off-by: jiangfangjie --- ArmVirtPkg/ArmVirtQemu.dsc | 20 ++++++++++++++++++++ ArmVirtPkg/ArmVirtQemu.fdf | 2 ++ 2 files changed, 22 insertions(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc index 3bbc79c..44138e5 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc @@ -75,11 +75,17 @@ PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf +!if $(TPM2_ENABLE) == TRUE + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf +!endif + [LibraryClasses.common.PEIM] ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf !if $(TPM2_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif [LibraryClasses.common.DXE_DRIVER] @@ -248,6 +254,10 @@ # TPM2 support # gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 +!if $(TPM2_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0 +!endif [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS @@ -278,6 +288,16 @@ ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf } + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } !endif MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf index 69fa501..8488300 100644 --- a/ArmVirtPkg/ArmVirtQemu.fdf +++ b/ArmVirtPkg/ArmVirtQemu.fdf @@ -115,6 +115,8 @@ READ_LOCK_STATUS = TRUE !if $(TPM2_ENABLE) == TRUE INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf + INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { -- 2.18.2