On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
Allows to compile OVMF without HashInstanceLibSha1,
i.e. no SHA1 hash support in TPM/TCG modules.
Does that then mean that the SHA1 bank in a TPM 2 stays untouched,
meaning the PCRs there won't get extended even though the bank is there
and active?
Stefan
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 ++
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 ++
OvmfPkg/OvmfTpmDefines.dsc.inc | 1 +
3 files changed, 5 insertions(+)
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
index 6806eb245e2b..1952a848b17c 100644
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -8,7 +8,9 @@
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+!if $(TPM2_SHA1_ENABLE) == TRUE
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+!endif
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
index 94bc124f9b78..fbe905603312 100644
--- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
@@ -13,7 +13,9 @@
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+!if $(TPM2_SHA1_ENABLE) == TRUE
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+!endif
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
index de55cbdcf852..7db7ad7e7934 100644
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -7,3 +7,4 @@
# has no effect unless TPM2_ENABLE == TRUE
DEFINE TPM1_ENABLE = TRUE
+ DEFINE TPM2_SHA1_ENABLE = TRUE
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82457): https://edk2.groups.io/g/devel/message/82457
Mute This Topic: https://groups.io/mt/86487987/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-