QuarkPlatformPkg: Add MEASURED_BOOT_ENABLE feature

Add MEASURED_BOOT_ENABLE flag
Add TPM_12_HARDWARE flag
Add TrEEConfigPei to detect TPM 1.2 hardware device
Use Tpm12DeviceLib instance for Atmel I2C TPM
Use Tpm12DeviceLib instance for Infineon I2C TPM
Add TcgPei and TcgDxe modules for TPM 1.2 support
Clean up TpmMeasurementLib mappings

Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19732 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/QuarkPlatformPkg/Quark.dsc b/QuarkPlatformPkg/Quark.dsc
index d2d0842f1b4cdcb0b80122bc879eeb102c5795f6..be6b83d22db33684b911f692eb236ed48bd447ec 100644 (file)
--- a/QuarkPlatformPkg/Quark.dsc
+++ b/QuarkPlatformPkg/Quark.dsc
@@ -34,11 +34,21 @@
   #\r
   # Platform On/Off features are defined here\r
   #\r
   #\r
   # Platform On/Off features are defined here\r
   #\r

-  DEFINE GALILEO             = GEN2\r
-  DEFINE SECURE_BOOT_ENABLE  = FALSE\r
-  DEFINE SOURCE_DEBUG_ENABLE = FALSE\r
-  DEFINE PERFORMANCE_ENABLE  = FALSE\r
-  DEFINE LOGGING             = FALSE\r
+  DEFINE SECURE_BOOT_ENABLE   = FALSE\r
+  DEFINE MEASURED_BOOT_ENABLE = FALSE\r
+  DEFINE SOURCE_DEBUG_ENABLE  = FALSE\r
+  DEFINE PERFORMANCE_ENABLE   = FALSE\r
+  DEFINE LOGGING              = FALSE\r
+\r
+  #\r
+  # Galileo board.  Options are [GEN1, GEN2]\r
+  #\r
+  DEFINE GALILEO              = GEN2\r
+\r
+  #\r
+  # TPM 1.2 Hardware.  Options are [NONE, LPC, ATMEL_I2C, INFINEON_I2C]\r
+  #\r
+  DEFINE TPM_12_HARDWARE      = NONE\r

 \r
   !if $(TARGET) == "DEBUG"\r
     DEFINE LOGGING = TRUE\r
 \r
   !if $(TARGET) == "DEBUG"\r
     DEFINE LOGGING = TRUE\r


@@ -148,17 +158,36 @@
 !else\r
   PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf\r
 !endif\r
 !else\r
   PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf\r
 !endif\r

-!if $(SECURE_BOOT_ENABLE)\r
+\r
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)\r
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf\r

   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r

+!endif\r
+\r
+!if $(SECURE_BOOT_ENABLE)\r

   PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf\r
   PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf\r

-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf\r
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
-  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf\r

   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf\r
 !else\r
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf\r
 !else\r

-  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf\r

   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf\r
 !endif\r
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf\r
 !endif\r

+\r
+!if $(MEASURED_BOOT_ENABLE)\r
+  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf\r
+  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf\r
+!if $(TPM_12_HARDWARE) == LPC\r
+  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf\r
+!endif\r
+!if $(TPM_12_HARDWARE) == ATMEL_I2C\r
+  Tpm12DeviceLib|QuarkPlatformPkg/Library/Tpm12DeviceLibAtmelI2c/Tpm12DeviceLibAtmelI2c.inf\r
+!endif\r
+!if $(TPM_12_HARDWARE) == INFINEON_I2C\r
+  Tpm12DeviceLib|QuarkPlatformPkg/Library/Tpm12DeviceLibInfineonI2c/Tpm12DeviceLibInfineonI2c.inf\r
+!endif\r
+!else\r
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf\r
+!endif\r
+\r

   FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf\r
 \r
   #\r
   FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf\r
 \r
   #\r


@@ -218,7 +247,7 @@
   TimerLib|PcAtChipsetPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf\r
   PlatformHelperLib|QuarkPlatformPkg/Library/PlatformHelperLib/PeiPlatformHelperLib.inf\r
   CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf\r
   TimerLib|PcAtChipsetPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf\r
   PlatformHelperLib|QuarkPlatformPkg/Library/PlatformHelperLib/PeiPlatformHelperLib.inf\r
   CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf\r

-!if $(SECURE_BOOT_ENABLE)\r
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)\r

   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
 !endif\r
 !if $(PERFORMANCE_ENABLE)\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
 !endif\r
 !if $(PERFORMANCE_ENABLE)\r


@@ -241,7 +270,7 @@
   PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf\r
   CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf\r
   SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf\r
   PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf\r
   CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf\r
   SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf\r

-!if $(SECURE_BOOT_ENABLE)\r
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)\r

   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf\r
 !endif\r
 !if $(PERFORMANCE_ENABLE)\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf\r
 !endif\r
 !if $(PERFORMANCE_ENABLE)\r


@@ -254,7 +283,7 @@
   MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf\r
   PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf\r
   SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf\r
   MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf\r
   PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf\r
   SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf\r

-!if $(SECURE_BOOT_ENABLE)\r
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)\r

   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf\r
 !endif\r
 !if $(PERFORMANCE_ENABLE)\r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf\r
 !endif\r
 !if $(PERFORMANCE_ENABLE)\r


@@ -265,7 +294,7 @@
   ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf\r
   QNCAccessLib|QuarkSocPkg/QuarkNorthCluster/Library/QNCAccessLib/RuntimeQNCAccessLib.inf\r
   PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf\r
   ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf\r
   QNCAccessLib|QuarkSocPkg/QuarkNorthCluster/Library/QNCAccessLib/RuntimeQNCAccessLib.inf\r
   PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf\r

-!if $(SECURE_BOOT_ENABLE)\r
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)\r

   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
 !endif\r
 \r
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
 !endif\r
 \r


@@ -417,6 +446,16 @@
   gQuarkPlatformTokenSpaceGuid.PcdUserIsPhysicallyPresent|FALSE\r
   gQuarkPlatformTokenSpaceGuid.PcdSpiFlashDeviceSize|0\r
 \r
   gQuarkPlatformTokenSpaceGuid.PcdUserIsPhysicallyPresent|FALSE\r
   gQuarkPlatformTokenSpaceGuid.PcdSpiFlashDeviceSize|0\r
 \r

+!if $(MEASURED_BOOT_ENABLE)\r
+  #\r
+  # TPM1.2      { 0x8b01e5b6, 0x4f19, 0x46e8, { 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc } }\r
+  # TPM2.0 DTPM { 0x286bf25a, 0xc2c3, 0x408c, { 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17 } }\r
+  #\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1\r
+!endif\r
+\r

 [PcdsDynamicExVpd]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor|*|32|L"EDK II"\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareRevision|*|0x01000400\r
 [PcdsDynamicExVpd]\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor|*|32|L"EDK II"\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareRevision|*|0x01000400\r


@@ -541,6 +580,14 @@
   QuarkSocPkg/QuarkNorthCluster/Smm/Pei/SmmControlPei/SmmControlPei.inf\r
   UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf\r
 \r
   QuarkSocPkg/QuarkNorthCluster/Smm/Pei/SmmControlPei/SmmControlPei.inf\r
   UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf\r
 \r

+  #\r
+  # Trusted Platform Module\r
+  #\r
+!if $(MEASURED_BOOT_ENABLE)\r
+  SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf\r
+  SecurityPkg/Tcg/TcgPei/TcgPei.inf\r
+!endif\r
+\r

   #\r
   # Recovery\r
   #\r
   #\r
   # Recovery\r
   #\r


@@ -792,6 +839,13 @@
   IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf\r
   IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/UpdateDriverDxe.inf\r
 \r
   IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf\r
   IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/UpdateDriverDxe.inf\r
 \r

+  #\r
+  # Trusted Platform Module\r
+  #\r
+!if $(MEASURED_BOOT_ENABLE)\r
+  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf\r
+!endif\r
+\r

   #\r
   # Performance Application\r
   #\r
   #\r
   # Performance Application\r
   #\r

diff --git a/QuarkPlatformPkg/Quark.fdf b/QuarkPlatformPkg/Quark.fdf
index 0da973a16e86e91a179ecd8012e71452b054a190..c196d21274d189596e30d8b304d754be176e5487 100644 (file)
--- a/QuarkPlatformPkg/Quark.fdf
+++ b/QuarkPlatformPkg/Quark.fdf
@@ -2,7 +2,7 @@
 # FDF file of Clanton Peak CRB platform with 32-bit DXE\r
 #\r
 # This package provides QuarkNcSocId platform specific modules.\r
 # FDF file of Clanton Peak CRB platform with 32-bit DXE\r
 #\r
 # This package provides QuarkNcSocId platform specific modules.\r

-# Copyright (c) 2013 - 2015 Intel Corporation.\r
+# Copyright (c) 2013 - 2016 Intel Corporation.\r

 #\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 #\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r


@@ -342,6 +342,10 @@ INF  MdeModulePkg/Universal/PcatSingleSegmentPciCfg2Pei/PcatSingleSegmentPciCfg2
 INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf\r
 INF  UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf\r
 INF  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf\r
 INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf\r
 INF  UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf\r
 INF  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf\r

+!if $(MEASURED_BOOT_ENABLE)\r
+INF  SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf\r
+INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf\r
+!endif\r

 \r
 FILE FV_IMAGE = 1E9D7604-EF45-46a0-BD8A-71AC78C17AC1 {\r
   SECTION PEI_DEPEX_EXP = {gEfiPeiMemoryDiscoveredPpiGuid AND gEfiPeiBootInRecoveryModePpiGuid}\r
 \r
 FILE FV_IMAGE = 1E9D7604-EF45-46a0-BD8A-71AC78C17AC1 {\r
   SECTION PEI_DEPEX_EXP = {gEfiPeiMemoryDiscoveredPpiGuid AND gEfiPeiBootInRecoveryModePpiGuid}\r


@@ -566,6 +570,13 @@ INF  MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
 INF  FatPkg/EnhancedFatDxe/Fat.inf\r
 !endif\r
 \r
 INF  FatPkg/EnhancedFatDxe/Fat.inf\r
 !endif\r
 \r

+#\r
+# Trusted Platform Module\r
+#\r
+!if $(MEASURED_BOOT_ENABLE)\r
+INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf\r
+!endif\r
+\r

 ################################################################################\r
 #\r
 # FV Section\r
 ################################################################################\r
 #\r
 # FV Section\r