On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
Allows to compile OVMF without HashInstanceLibSha1,
i.e. no SHA1 hash support in TPM/TCG modules.


Does that then mean that the SHA1 bank in a TPM 2 stays untouched, meaning the PCRs there won't get extended even though the bank is there and active?


   Stefan


Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
  OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 ++
  OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 ++
  OvmfPkg/OvmfTpmDefines.dsc.inc       | 1 +
  3 files changed, 5 insertions(+)

diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc 
b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
index 6806eb245e2b..1952a848b17c 100644
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -8,7 +8,9 @@
        
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
        NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
        
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+!if $(TPM2_SHA1_ENABLE) == TRUE
        NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+!endif
        NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
        NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
        NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc 
b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
index 94bc124f9b78..fbe905603312 100644
--- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
@@ -13,7 +13,9 @@
    SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
      <LibraryClasses>
        
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+!if $(TPM2_SHA1_ENABLE) == TRUE
        NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+!endif
        NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
        NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
        NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
index de55cbdcf852..7db7ad7e7934 100644
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -7,3 +7,4 @@
# has no effect unless TPM2_ENABLE == TRUE
    DEFINE TPM1_ENABLE             = TRUE
+  DEFINE TPM2_SHA1_ENABLE        = TRUE


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#82457): https://edk2.groups.io/g/devel/message/82457
Mute This Topic: https://groups.io/mt/86487987/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-


Reply via email to