On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
Allows to compile OVMF without HashInstanceLibSha1, i.e. no SHA1 hash support in TPM/TCG modules.
Does that then mean that the SHA1 bank in a TPM 2 stays untouched, meaning the PCRs there won't get extended even though the bank is there and active?
Stefan
Signed-off-by: Gerd Hoffmann <kra...@redhat.com> --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 ++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 ++ OvmfPkg/OvmfTpmDefines.dsc.inc | 1 + 3 files changed, 5 insertions(+) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc index 6806eb245e2b..1952a848b17c 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -8,7 +8,9 @@ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf +!if $(TPM2_SHA1_ENABLE) == TRUE NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf +!endif NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc index 94bc124f9b78..fbe905603312 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -13,7 +13,9 @@ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { <LibraryClasses> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf +!if $(TPM2_SHA1_ENABLE) == TRUE NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf +!endif NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index de55cbdcf852..7db7ad7e7934 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -7,3 +7,4 @@# has no effect unless TPM2_ENABLE == TRUEDEFINE TPM1_ENABLE = TRUE + DEFINE TPM2_SHA1_ENABLE = TRUE
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#82457): https://edk2.groups.io/g/devel/message/82457 Mute This Topic: https://groups.io/mt/86487987/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
