[edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add TPM platform hier disable support


Michael Kubacki
 

From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D3411

This patch series adds support in TpmPlatformHierarchyLib to either
randomize the platform auth (current behavior) or disable the
platform auth (new behavior) based on a new PCD introduced to
MinPlatformPkg: PcdRandomizePlatformHierarchy.

Some platforms that would like to adopt MinPlatformPkg prefer to
disable the platform hierarchy as opposed to the randomization
approach.

Minor changes are included to eliminate code duplication in impacted
code.

V2 changes:
1. Update code that randomizes the platform auth in Tcg2PlatformPei
to use the TpmPlatformHierarchyLib interface for platform
hierarchy configuration.
2. Remove pre-existing redundant code in Tcg2PlatformPei.
3. Add a PCD to allow the platform integrator to choose how to
configure the TPM platform hierarchy.
=20
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeremiah Cox <jerecox@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC
MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support
MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support

Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPl=
atformHierarchyLib.c =3D> PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatform=
HierarchyLib.c} | 72 +++++++++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c =
=
| 130 +-------------------
Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h =
=
| 4 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec =
=
| 1 +
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc =
=
| 4 +-
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPl=
atformHierarchyLib.inf =3D> PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatfo=
rmHierarchyLib.inf} | 22 ++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf =
=
| 2 +
7 files changed, 85 insertions(+), 150 deletions(-)
rename Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLi=
b/TpmPlatformHierarchyLib.c =3D> PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmP=
latformHierarchyLib.c} (70%)
rename Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLi=
b/TpmPlatformHierarchyLib.inf =3D> PeiDxeTpmPlatformHierarchyLib/PeiDxeTp=
mPlatformHierarchyLib.inf} (66%)

--=20
2.28.0.windows.1


Michael Kubacki
 

It's been a week and I haven't seen any feedback. Please review when possible.

Thanks,
Michael

On 6/7/2021 12:05 PM, Michael Kubacki wrote:
From: Michael Kubacki <michael.kubacki@microsoft.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3411
This patch series adds support in TpmPlatformHierarchyLib to either
randomize the platform auth (current behavior) or disable the
platform auth (new behavior) based on a new PCD introduced to
MinPlatformPkg: PcdRandomizePlatformHierarchy.
Some platforms that would like to adopt MinPlatformPkg prefer to
disable the platform hierarchy as opposed to the randomization
approach.
Minor changes are included to eliminate code duplication in impacted
code.
V2 changes:
1. Update code that randomizes the platform auth in Tcg2PlatformPei
to use the TpmPlatformHierarchyLib interface for platform
hierarchy configuration.
2. Remove pre-existing redundant code in Tcg2PlatformPei.
3. Add a PCD to allow the platform integrator to choose how to
configure the TPM platform hierarchy.
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeremiah Cox <jerecox@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Michael Kubacki (4):
MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC
MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support
MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.c => PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} | 72 +++++++++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 130 +-------------------
Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h | 4 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec | 1 +
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | 4 +-
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf => PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} | 22 ++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 2 +
7 files changed, 85 insertions(+), 150 deletions(-)
rename Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.c => PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} (70%)
rename Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf => PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} (66%)


Yao, Jiewen
 

Thank you, Michael.

Acked-by: Jiewen Yao <Jiewen.yao@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
Kubacki
Sent: Wednesday, June 16, 2021 4:57 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add
TPM platform hier disable support

It's been a week and I haven't seen any feedback. Please review when
possible.

Thanks,
Michael

On 6/7/2021 12:05 PM, Michael Kubacki wrote:
From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3411

This patch series adds support in TpmPlatformHierarchyLib to either
randomize the platform auth (current behavior) or disable the
platform auth (new behavior) based on a new PCD introduced to
MinPlatformPkg: PcdRandomizePlatformHierarchy.

Some platforms that would like to adopt MinPlatformPkg prefer to
disable the platform hierarchy as opposed to the randomization
approach.

Minor changes are included to eliminate code duplication in impacted
code.

V2 changes:
1. Update code that randomizes the platform auth in Tcg2PlatformPei
to use the TpmPlatformHierarchyLib interface for platform
hierarchy configuration.
2. Remove pre-existing redundant code in Tcg2PlatformPei.
3. Add a PCD to allow the platform integrator to choose how to
configure the TPM platform hierarchy.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeremiah Cox <jerecox@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC
MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support
MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support

Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} | 72
+++++++++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
| 130 +-------------------
Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
| 4 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
| 1 +
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
| 4 +-
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} | 22 ++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
| 2 +
7 files changed, 85 insertions(+), 150 deletions(-)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} (70%)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} (66%)



Michael Kubacki
 

MinPlatformPkg maintainers, can we please get this in soon if there's no concern?

Thanks,
Michael

On 6/15/2021 8:41 PM, Yao, Jiewen wrote:
Thank you, Michael.
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
Kubacki
Sent: Wednesday, June 16, 2021 4:57 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add
TPM platform hier disable support

It's been a week and I haven't seen any feedback. Please review when
possible.

Thanks,
Michael

On 6/7/2021 12:05 PM, Michael Kubacki wrote:
From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3411

This patch series adds support in TpmPlatformHierarchyLib to either
randomize the platform auth (current behavior) or disable the
platform auth (new behavior) based on a new PCD introduced to
MinPlatformPkg: PcdRandomizePlatformHierarchy.

Some platforms that would like to adopt MinPlatformPkg prefer to
disable the platform hierarchy as opposed to the randomization
approach.

Minor changes are included to eliminate code duplication in impacted
code.

V2 changes:
1. Update code that randomizes the platform auth in Tcg2PlatformPei
to use the TpmPlatformHierarchyLib interface for platform
hierarchy configuration.
2. Remove pre-existing redundant code in Tcg2PlatformPei.
3. Add a PCD to allow the platform integrator to choose how to
configure the TPM platform hierarchy.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeremiah Cox <jerecox@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC
MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support
MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support

Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} | 72
+++++++++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
| 130 +-------------------
Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
| 4 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
| 1 +
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
| 4 +-
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} | 22 ++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
| 2 +
7 files changed, 85 insertions(+), 150 deletions(-)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} (70%)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} (66%)



Yao, Jiewen
 

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, June 16, 2021 8:41 AM
To: devel@edk2.groups.io; mikuback@linux.microsoft.com
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add
TPM platform hier disable support

Thank you, Michael.

Acked-by: Jiewen Yao <Jiewen.yao@intel.com>


-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
Kubacki
Sent: Wednesday, June 16, 2021 4:57 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg:
Add
TPM platform hier disable support

It's been a week and I haven't seen any feedback. Please review when
possible.

Thanks,
Michael

On 6/7/2021 12:05 PM, Michael Kubacki wrote:
From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3411

This patch series adds support in TpmPlatformHierarchyLib to either
randomize the platform auth (current behavior) or disable the
platform auth (new behavior) based on a new PCD introduced to
MinPlatformPkg: PcdRandomizePlatformHierarchy.

Some platforms that would like to adopt MinPlatformPkg prefer to
disable the platform hierarchy as opposed to the randomization
approach.

Minor changes are included to eliminate code duplication in impacted
code.

V2 changes:
1. Update code that randomizes the platform auth in Tcg2PlatformPei
to use the TpmPlatformHierarchyLib interface for platform
hierarchy configuration.
2. Remove pre-existing redundant code in Tcg2PlatformPei.
3. Add a PCD to allow the platform integrator to choose how to
configure the TPM platform hierarchy.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeremiah Cox <jerecox@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC
MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support
MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support

Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} | 72
+++++++++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
| 130 +-------------------
Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
| 4 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
| 1 +
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
| 4 +-
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} | 22
++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
| 2 +
7 files changed, 85 insertions(+), 150 deletions(-)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} (70%)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} (66%)






Michael D Kinney
 

Acked-by: Michael D Kinney <michael.d.kinney@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 14, 2021 8:14 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; mikuback@linux.microsoft.com
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Liming Gao
<gaoliming@byosoft.com.cn>; Dong, Eric <eric.dong@intel.com>; Jeremiah Cox <jerecox@microsoft.com>; Yao, Jiewen
<jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add TPM platform hier disable support

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, June 16, 2021 8:41 AM
To: devel@edk2.groups.io; mikuback@linux.microsoft.com
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add
TPM platform hier disable support

Thank you, Michael.

Acked-by: Jiewen Yao <Jiewen.yao@intel.com>


-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
Kubacki
Sent: Wednesday, June 16, 2021 4:57 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg:
Add
TPM platform hier disable support

It's been a week and I haven't seen any feedback. Please review when
possible.

Thanks,
Michael

On 6/7/2021 12:05 PM, Michael Kubacki wrote:
From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3411

This patch series adds support in TpmPlatformHierarchyLib to either
randomize the platform auth (current behavior) or disable the
platform auth (new behavior) based on a new PCD introduced to
MinPlatformPkg: PcdRandomizePlatformHierarchy.

Some platforms that would like to adopt MinPlatformPkg prefer to
disable the platform hierarchy as opposed to the randomization
approach.

Minor changes are included to eliminate code duplication in impacted
code.

V2 changes:
1. Update code that randomizes the platform auth in Tcg2PlatformPei
to use the TpmPlatformHierarchyLib interface for platform
hierarchy configuration.
2. Remove pre-existing redundant code in Tcg2PlatformPei.
3. Add a PCD to allow the platform integrator to choose how to
configure the TPM platform hierarchy.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeremiah Cox <jerecox@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC
MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support
MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support

Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} | 72
+++++++++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
| 130 +-------------------
Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
| 4 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
| 1 +
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
| 4 +-
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} | 22
++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
| 2 +
7 files changed, 85 insertions(+), 150 deletions(-)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} (70%)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} (66%)









Michael D Kinney
 

pushed:

e235a2ee42..bfabeef4c9

Mike

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com>
Sent: Wednesday, July 14, 2021 8:28 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; mikuback@linux.microsoft.com; Kinney, Michael D
<michael.d.kinney@intel.com>
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Liming Gao
<gaoliming@byosoft.com.cn>; Dong, Eric <eric.dong@intel.com>; Jeremiah Cox <jerecox@microsoft.com>
Subject: RE: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add TPM platform hier disable support

Acked-by: Michael D Kinney <michael.d.kinney@intel.com>


-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 14, 2021 8:14 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; mikuback@linux.microsoft.com
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Liming Gao
<gaoliming@byosoft.com.cn>; Dong, Eric <eric.dong@intel.com>; Jeremiah Cox <jerecox@microsoft.com>; Yao, Jiewen
<jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add TPM platform hier disable support

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, June 16, 2021 8:41 AM
To: devel@edk2.groups.io; mikuback@linux.microsoft.com
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add
TPM platform hier disable support

Thank you, Michael.

Acked-by: Jiewen Yao <Jiewen.yao@intel.com>


-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
Kubacki
Sent: Wednesday, June 16, 2021 4:57 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
<nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
Jeremiah Cox <jerecox@microsoft.com>
Subject: Re: [edk2-devel] [edk2-platforms][PATCH v2 0/4] MinPlatformPkg:
Add
TPM platform hier disable support

It's been a week and I haven't seen any feedback. Please review when
possible.

Thanks,
Michael

On 6/7/2021 12:05 PM, Michael Kubacki wrote:
From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3411

This patch series adds support in TpmPlatformHierarchyLib to either
randomize the platform auth (current behavior) or disable the
platform auth (new behavior) based on a new PCD introduced to
MinPlatformPkg: PcdRandomizePlatformHierarchy.

Some platforms that would like to adopt MinPlatformPkg prefer to
disable the platform hierarchy as opposed to the randomization
approach.

Minor changes are included to eliminate code duplication in impacted
code.

V2 changes:
1. Update code that randomizes the platform auth in Tcg2PlatformPei
to use the TpmPlatformHierarchyLib interface for platform
hierarchy configuration.
2. Remove pre-existing redundant code in Tcg2PlatformPei.
3. Add a PCD to allow the platform integrator to choose how to
configure the TPM platform hierarchy.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jeremiah Cox <jerecox@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC
MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support
MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support

Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} | 72
+++++++++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
| 130 +-------------------
Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
| 4 +-
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
| 1 +
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
| 4 +-
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} | 22
++--
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
| 2 +
7 files changed, 85 insertions(+), 150 deletions(-)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.c =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c} (70%)
rename
Platform/Intel/MinPlatformPkg/Tcg/Library/{TpmPlatformHierarchyLib/TpmPlat
formHierarchyLib.inf =>
PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf} (66%)