ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI phase

Incorporate the PEI components and the associated library class
resolutions and PCD declarations to enable TPM2 support in the
PEI phase.

This patch ports (parts of) the following OvmfPkg commits to
ArmVirtQemu:
- 6cf1880fb5b6 ("OvmfPkg: add customized Tcg2ConfigPei clone",
                2018-03-09)
- 4672a4892867 ("OvmfPkg: include Tcg2Pei module", 2018-03-09)
- b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei
                and Tcg2Dxe", 2018-08-16)
- 5d3ef15da7c3 ("OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe",
                2019-07-19)

gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask defaults to 0x0 so
that the TPM init code adopts the currently active PCR banks as
the ones that are enabled by default.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d1757cdba6718b435a9f400b4f8e7f14484527fa..8950116dacab4a8a9acfb736a53b7998d4078901 100644 (file)
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -75,11 +75,17 @@
   PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf\r
   PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf\r
 \r
+!if $(TPM2_ENABLE) == TRUE\r
+  Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf\r
+!endif\r
+\r
 [LibraryClasses.common.PEIM]\r
   ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf\r
 \r
 !if $(TPM2_ENABLE) == TRUE\r
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf\r
   ResetSystemLib|MdeModulePkg/Library/PeiResetSystemLib/PeiResetSystemLib.inf\r
+  Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf\r
 !endif\r
 \r
 [LibraryClasses.common.DXE_DRIVER]\r
@@ -248,6 +254,10 @@
   # TPM2 support\r
   #\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0\r
+!if $(TPM2_ENABLE) == TRUE\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0\r
+!endif\r
 \r
 [PcdsDynamicHii]\r
   gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS\r
@@ -278,6 +288,16 @@
     <LibraryClasses>\r
       ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf\r
   }\r
+  OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {\r
+    <LibraryClasses>\r
+      HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf\r
+      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf\r
+  }\r
 !endif\r
 \r
   MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {\r

diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index f55918d26b06deeba9cc0f6e43dd375005f911d4..b5e2253295fe1665ca58e810fbf3525cf258588f 100644 (file)
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -115,6 +115,8 @@ READ_LOCK_STATUS   = TRUE
 \r
 !if $(TPM2_ENABLE) == TRUE\r
   INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf\r
+  INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf\r
+  INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf\r
 !endif\r
 \r
   FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {\r