I did take a look and it surprises me that we have 2 logs for TPM 1.2 and TPM 2 each plus the ACPI one. There are setup functions for TPM 1.2 and TPM 2 each: ./SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c:1546:S

The ACPI one is for SeaBIOS. I am also not familiar with the origin of the EDK2 code as to why it was done this way. Maybe typical builds for EDK2 don't include TPM 1.2 and TPM 2 and OVMF is an outlie

v2 had lost the cc: list for some reason. I opened this PR: https://github.com/tianocore/edk2/pull/2319 Stefan

For GPU passthrough support we have to initialize the console after EfiBootManagerDispatchDeferredImages() has loaded ROMs, so call it after this. This was the calling order before the TCG physical pr

For GPU passthrough support we have to initialize the console after EfiBootManagerDispatchDeferredImages() has loaded ROMs, so call it after this. This was the calling order before the TCG physical pr

For GPU passthrough support we have to initialize the console after EfiBootManagerDispatchDeferredImages() has loaded ROMs. This was the calling order before the TCG physical presence support moved it

Modify SavePpRequest to look like its TPM 2 equivalent SaveTcg2PpRequest and have it submit the physical presence opcode to the PreOS function so that we can choose our own method for how to store it.

TPM 1.2 and TPM 2 share QEMU's PPI memory/device and for the TPM 2 code not to initilize over the TPM 1.2 initilization, leave the init function early without touching that memory. Cc: Gerd Hoffmann <

Declare the TPM 1.2 PhysicalPresenceFlags variable and its properties. The effect of its properties is that once PhysicalPresenceFlags is defined it cannot be deleted from Linux: cd /sys/firmware/efi/

Enable the processing of the TPM 1.2 physical presence opcodes. This needs to be done before End-of-Dxe since otherwise the creation of the variables doesn't work. Signed-off-by: Stefan Berger <stefan

From: Gerd Hoffmann <kraxel@...> When building OVMF with TPM 1.2 support enabled also include the configuration menu. Suggested-by: Stefan Berger <stefanb@...> Signed-off-by: Gerd Hof

Enable the physical presence interface for TPM 1.2. It is required for the TPM 1.2 menu to work. The changes to DxeTcgPhysicalPresenceLib.c are due to the device we are using in QEMU for presenting th

Copy the TPM 1.2 physical presence interface support from SecurityPkg DxeTcgPhysicalPresenceLib.c along with its .inf and .uni files into OvmfPkg. Fix EFI_F_INFO and EFI_D_ERROR to meet code standards

This series adds support for the full TPM 1.2 Physical Presence Interface (PPI) and activates the TPM 1.2 menu at the end. PPI is a prerequisite for the menu to work. The modifications to the original

For variable creation and locking to work later on we need to move the processing of the TPM physical presence opcode to before End-of-Dxe. Signed-off-by: Stefan Berger <stefanb@...> --- ...

It seems that the following makes this a read-only variable for root on Linux as well. It doesn't make it appear with 'dmpstrore -b'. Is this now the correct solution? diff --git a/SecurityPkg/Library

That change by an attacker could presumably only be done via UEFI shell/command line? How do I display the variables? I tried with 'dmpstore PhysicalPresenceFlags' (TPM 1.2) or 'dumpstore Tcg2Physical

Fixed in v3 for microvm and Xen and Bhyve also. You happen to know about the variable lock issue? Why does the variable need to be locked? Thank you. Stefan

Copy the TPM 1.2 physical presence interface support from SecurityPkg DxeTcgPhysicalPresenceLib.c along with its .inf and .uni files into OvmfPkg. Fix EFI_F_INFO and EFI_D_ERROR to meet code standards

This series adds support for the full TPM 1.2 Physical Presence Interface (PPI) and activates the TPM 1.2 menu at the end. PPI is a prerequisite for the menu to work. The modifications to the original