[edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy
Stefan Berger
stefanb at linux.vnet.ibm.com
Thu Sep 9 17:35:29 UTC 2021
This series imports code from the edk2-platforms project related to
disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
aspects of the following bugs:
https://bugzilla.tianocore.org/show_bug.cgi?id=3510
https://bugzilla.tianocore.org/show_bug.cgi?id=3499
I have patched the .dsc files and successfully test-built with most of
them. Some I could not build because they failed for other reasons
unrelated to this series.
I tested the changes with QEMU on x86 following the build of
OvmfPkgX64.dsc.
Neither one of the following commands should work anymore on first
try when run on Linux:
With IBM tss2 tools:
tsshierarchychangeauth -hi p -pwdn newpass
With Intel tss2 tools:
tpm2_changeauth -c platform newpass
Regards,
Stefan
v7:
- Ditched ARM support in this series
- Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
and revised most of the patches
v6:
- Removed unnecessary entries in .dsc files
- Added support for S3 resume failure case
- Assigned unique FILE_GUID to NULL implementation
v5:
- Modified patch 1 copies the code from edk2-platforms
- Modified patch 2 fixes bugs in the code
- Modified patch 4 introduces required PCD
v4:
- Fixed and simplified code imported from edk2-platforms
v3:
- Referencing Null implementation on Bhyve and Xen platforms
- Add support in Arm
Stefan Berger (9):
SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
edk2-platforms
SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
OvmfPkg: Reference new Tcg2PlatformPei in the build system
OvmfPkg/AmdSev/AmdSevX64.dsc | 8 +
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +
OvmfPkg/OvmfPkgIa32.dsc | 8 +
OvmfPkg/OvmfPkgIa32.fdf | 2 +
OvmfPkg/OvmfPkgIa32X64.dsc | 8 +
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +
OvmfPkg/OvmfPkgX64.dsc | 8 +
OvmfPkg/OvmfPkgX64.fdf | 2 +
.../Include/Library/TpmPlatformHierarchyLib.h | 27 ++
.../PeiDxeTpmPlatformHierarchyLib.c | 255 ++++++++++++++++++
.../PeiDxeTpmPlatformHierarchyLib.inf | 44 +++
SecurityPkg/SecurityPkg.dec | 6 +
.../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 85 ++++++
.../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 43 +++
.../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 107 ++++++++
.../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 51 ++++
16 files changed, 658 insertions(+)
create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80453): https://edk2.groups.io/g/devel/message/80453
Mute This Topic: https://groups.io/mt/85498425/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list