This series imports code from the edk2-platforms project related to disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf aspects of the following bugs:
https://bugzilla.tianocore.org/show_bug.cgi?id=3510 https://bugzilla.tianocore.org/show_bug.cgi?id=3499 I have patched the .dsc files and successfully test-built with most of them. Some I could not build because they failed for other reasons unrelated to this series. I tested the changes with QEMU on x86 following the build of OvmfPkgX64.dsc. Neither one of the following commands should work anymore on first try when run on Linux: With IBM tss2 tools: tsshierarchychangeauth -hi p -pwdn newpass With Intel tss2 tools: tpm2_changeauth -c platform newpass Regards, Stefan v7: - Ditched ARM support in this series - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now and revised most of the patches v6: - Removed unnecessary entries in .dsc files - Added support for S3 resume failure case - Assigned unique FILE_GUID to NULL implementation v5: - Modified patch 1 copies the code from edk2-platforms - Modified patch 2 fixes bugs in the code - Modified patch 4 introduces required PCD v4: - Fixed and simplified code imported from edk2-platforms v3: - Referencing Null implementation on Bhyve and Xen platforms - Add support in Arm Stefan Berger (9): SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms SecurityPkg/Tcg: Make Tcg2PlatformPei buildable OvmfPkg: Reference new Tcg2PlatformPei in the build system OvmfPkg/AmdSev/AmdSevX64.dsc | 8 + OvmfPkg/AmdSev/AmdSevX64.fdf | 2 + OvmfPkg/OvmfPkgIa32.dsc | 8 + OvmfPkg/OvmfPkgIa32.fdf | 2 + OvmfPkg/OvmfPkgIa32X64.dsc | 8 + OvmfPkg/OvmfPkgIa32X64.fdf | 2 + OvmfPkg/OvmfPkgX64.dsc | 8 + OvmfPkg/OvmfPkgX64.fdf | 2 + .../Include/Library/TpmPlatformHierarchyLib.h | 27 ++ .../PeiDxeTpmPlatformHierarchyLib.c | 255 ++++++++++++++++++ .../PeiDxeTpmPlatformHierarchyLib.inf | 44 +++ SecurityPkg/SecurityPkg.dec | 6 + .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 85 ++++++ .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 43 +++ .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 107 ++++++++ .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 51 ++++ 16 files changed, 658 insertions(+) create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c create mode 100644 SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80453): https://edk2.groups.io/g/devel/message/80453 Mute This Topic: https://groups.io/mt/85498425/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
