Rename TPM_ENABLE to TPM2_ENABLE so naming is in line with the
ArmVirtPkg config option name.
Add separate TPM1_ENABLE option for TPM 1.2 support.
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
Tested-by: Stefan Berger <stef...@linux.ibm.com>
---
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++-
OvmfPkg/OvmfTpmDefines.dsc.inc | 5 ++++-
OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +-
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++-
OvmfPkg/OvmfTpmDxe.fdf.inc | 4 +++-
OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++-
OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
OvmfPkg/PlatformCI/ReadMe.md | 2 +-
14 files changed, 41 insertions(+), 18 deletions(-)
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
index e025d85a5878..75ae09571e8c 100644
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
@@ -15,10 +15,12 @@
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!if $(TPM1_ENABLE) == TRUE
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
+!endif
SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
<LibraryClasses>
TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
index 87d491da5047..fa486eed82d2 100644
--- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
@@ -2,10 +2,14 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+!if $(TPM1_ENABLE) == TRUE
OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!else
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+!endif
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
index 5df4a331fb99..a65564d8d9d2 100644
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
@@ -2,4 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
- DEFINE TPM_ENABLE = FALSE
+ DEFINE TPM2_ENABLE = FALSE
+
+ # has no effect unless TPM2_ENABLE == TRUE
+ DEFINE TPM1_ENABLE = TRUE
diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
index 50100f2c0371..418747b13487 100644
--- a/OvmfPkg/OvmfTpmLibs.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
+!endif
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
index 67d5027abaea..1d66cdac778c 100644
--- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
@@ -2,7 +2,9 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
+!endif
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
!endif
diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
index 4e84e3dcaaeb..03caccd7c688 100644
--- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
+++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+!if $(TPM1_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+!endif
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
!endif
diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
index 0e7f83c04bd7..0d55d6273702 100644
--- a/OvmfPkg/OvmfTpmPcds.dsc.inc
+++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
@@ -2,6 +2,6 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
!endif
diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
index 2e02a5b4cb90..e84225323519 100644
--- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
+++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
@@ -2,7 +2,7 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
!endif
diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
index 4bd4066843ef..e9ab2fca7bc7 100644
--- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
+++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
@@ -2,7 +2,9 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+!endif
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
index 32eef246387a..7fc2bf8590a4 100644
--- a/OvmfPkg/OvmfTpmDxe.fdf.inc
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
@@ -2,8 +2,10 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
+!if $(TPM1_ENABLE) == TRUE
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+!endif
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
index 709a608cc3bd..9f8b9bdd5bed 100644
--- a/OvmfPkg/OvmfTpmPei.fdf.inc
+++ b/OvmfPkg/OvmfTpmPei.fdf.inc
@@ -2,10 +2,14 @@
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
-!if $(TPM_ENABLE) == TRUE
+!if $(TPM2_ENABLE) == TRUE
INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
+!if $(TPM1_ENABLE) == TRUE
INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!else
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
+!endif
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
!endif
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
index a908a5fe919a..3fed8e0d06e7 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
@@ -95,21 +95,21 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_NOOPT:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "NOOPT"
Run.Flags: $(run_flags)
Run: $(should_run)
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
index 09f9851312a2..68b5d951e908 100644
--- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
@@ -94,14 +94,14 @@ jobs:
OVMF_IA32X64_FULL_DEBUG:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "DEBUG"
Run.Flags: $(run_flags)
Run: $(should_run)
OVMF_IA32X64_FULL_RELEASE:
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
Build.Arch: "IA32,X64"
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
Build.Target: "RELEASE"
Run.Flags: $(run_flags)
Run: $(should_run)
@@ -112,7 +112,7 @@ jobs:
# OVMF_IA32X64_FULL_NOOPT:
# Build.File: "$(package)/PlatformCI/PlatformBuild.py"
# Build.Arch: "IA32,X64"
- # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
+ # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1
BLD_*_TPM2_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1
BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
# Build.Target: "NOOPT"
# Run.Flags: $(run_flags)
# Run: $(should_run)
diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md
index 44aa7c4a9db2..1216dee126f1 100644
--- a/OvmfPkg/PlatformCI/ReadMe.md
+++ b/OvmfPkg/PlatformCI/ReadMe.md
@@ -14,7 +14,7 @@ supported and are described below.
| IA32 | IA32 | OvmfPkgIa32.dsc | None
|
| X64 | X64 | OvmfPkgIa64.dsc | None
|
| IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None
|
-| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc |
SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 NETWORK_TLS_ENABLE=1
NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
+| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc |
SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM1_ENABLE=1 TPM2_ENABLE=1
NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
## EDK2 Developer environment
--
2.33.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#84899): https://edk2.groups.io/g/devel/message/84899
Mute This Topic: https://groups.io/mt/87742055/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
