DEFINE HTTP_BOOT_ENABLE = FALSE\r
DEFINE SMM_REQUIRE = FALSE\r
DEFINE TLS_ENABLE = FALSE\r
+ DEFINE TPM2_ENABLE = FALSE\r
\r
#\r
# Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
+!endif\r
+\r
[LibraryClasses.common]\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
\r
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf\r
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
+!endif\r
+\r
[LibraryClasses.common.DXE_CORE]\r
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf\r
DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf\r
\r
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}\r
+!endif\r
+\r
################################################################################\r
#\r
# Components Section - list of all EDK II Modules needed by this Platform.\r
!endif\r
UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+!endif\r
+\r
#\r
# DXE Phase modules\r
#\r
!endif\r
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+!endif\r
+\r
################################################################################\r
\r
[FV.DXEFV]\r
DEFINE HTTP_BOOT_ENABLE = FALSE\r
DEFINE SMM_REQUIRE = FALSE\r
DEFINE TLS_ENABLE = FALSE\r
+ DEFINE TPM2_ENABLE = FALSE\r
\r
#\r
# Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
+!endif\r
+\r
[LibraryClasses.common]\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
\r
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf\r
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
+!endif\r
+\r
[LibraryClasses.common.DXE_CORE]\r
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf\r
DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf\r
\r
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}\r
+!endif\r
+\r
################################################################################\r
#\r
# Components Section - list of all EDK II Modules needed by this Platform.\r
!endif\r
UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+!endif\r
+\r
[Components.X64]\r
#\r
# DXE Phase modules\r
!endif\r
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+!endif\r
+\r
################################################################################\r
\r
[FV.DXEFV]\r
DEFINE HTTP_BOOT_ENABLE = FALSE\r
DEFINE SMM_REQUIRE = FALSE\r
DEFINE TLS_ENABLE = FALSE\r
+ DEFINE TPM2_ENABLE = FALSE\r
\r
#\r
# Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to\r
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf\r
XenHypercallLib|OvmfPkg/Library/XenHypercallLib/XenHypercallLib.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
+!endif\r
+\r
[LibraryClasses.common]\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
\r
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf\r
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
+!endif\r
+\r
[LibraryClasses.common.DXE_CORE]\r
HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf\r
DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf\r
\r
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}\r
+!endif\r
+\r
################################################################################\r
#\r
# Components Section - list of all EDK II Modules needed by this Platform.\r
!endif\r
UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+!endif\r
+\r
#\r
# DXE Phase modules\r
#\r
!endif\r
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf\r
\r
+!if $(TPM2_ENABLE) == TRUE\r
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+!endif\r
+\r
################################################################################\r
\r
[FV.DXEFV]\r
--- /dev/null
+## @file\r
+# Set TPM device type\r
+#\r
+# In SecurityPkg, this module initializes the TPM device type based on\r
+# a UEFI variable and/or hardware detection. In OvmfPkg, the module\r
+# only performs TPM2 hardware detection.\r
+#\r
+# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (C) 2018, Red Hat, Inc.\r
+#\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = Tcg2ConfigPei\r
+ FILE_GUID = BF7F2B0C-9F2F-4889-AB5C-12460022BE87\r
+ MODULE_TYPE = PEIM\r
+ VERSION_STRING = 1.0\r
+ ENTRY_POINT = Tcg2ConfigPeimEntryPoint\r
+\r
+[Sources]\r
+ Tcg2ConfigPeim.c\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+ SecurityPkg/SecurityPkg.dec\r
+\r
+[LibraryClasses]\r
+ PeimEntryPoint\r
+ DebugLib\r
+ PeiServicesLib\r
+ Tpm2DeviceLib\r
+\r
+[Guids]\r
+ gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID\r
+ gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES\r
+\r
+[Ppis]\r
+ gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES\r
+\r
+[Pcd]\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES\r
+\r
+[Depex]\r
+ TRUE\r
--- /dev/null
+/** @file\r
+ The module entry point for Tcg2 configuration module.\r
+\r
+Copyright (c) 2018, Red Hat, Inc.\r
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+\r
+#include <PiPei.h>\r
+\r
+#include <Guid/TpmInstance.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/PeiServicesLib.h>\r
+#include <Library/Tpm2DeviceLib.h>\r
+#include <Ppi/TpmInitialized.h>\r
+\r
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmSelectedPpi = {\r
+ (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
+ &gEfiTpmDeviceSelectedGuid,\r
+ NULL\r
+};\r
+\r
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {\r
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
+ &gPeiTpmInitializationDonePpiGuid,\r
+ NULL\r
+};\r
+\r
+/**\r
+ The entry point for Tcg2 configuration driver.\r
+\r
+ @param FileHandle Handle of the file being invoked.\r
+ @param PeiServices Describes the list of possible PEI Services.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Tcg2ConfigPeimEntryPoint (\r
+ IN EFI_PEI_FILE_HANDLE FileHandle,\r
+ IN CONST EFI_PEI_SERVICES **PeiServices\r
+ )\r
+{\r
+ UINTN Size;\r
+ EFI_STATUS Status;\r
+\r
+ DEBUG ((DEBUG_INFO, "%a\n", __FUNCTION__));\r
+\r
+ Status = Tpm2RequestUseTpm ();\r
+ if (!EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_INFO, "%a: TPM2 detected\n", __FUNCTION__));\r
+ Size = sizeof(gEfiTpmDeviceInstanceTpm20DtpmGuid);\r
+ Status = PcdSetPtrS (\r
+ PcdTpmInstanceGuid,\r
+ &Size,\r
+ &gEfiTpmDeviceInstanceTpm20DtpmGuid\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+ } else {\r
+ DEBUG ((DEBUG_INFO, "%a: no TPM2 detected\n", __FUNCTION__));\r
+ // If no TPM2 was detected, we still need to install\r
+ // TpmInitializationDonePpi. Namely, Tcg2Pei will exit early upon\r
+ // seeing the default (all-bits-zero) contents of\r
+ // PcdTpmInstanceGuid, thus we have to install the PPI in its place,\r
+ // in order to unblock any dependent PEIMs.\r
+ Status = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);\r
+ ASSERT_EFI_ERROR (Status);\r
+ }\r
+\r
+ //\r
+ // Selection done\r
+ //\r
+ Status = PeiServicesInstallPpi (&mTpmSelectedPpi);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ return Status;\r
+}\r