[PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy


Stefan Berger
 

This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may require
interaction with the user, we also move PlatformInitializeConsole
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.

Regards,
Stefan

v2:
- 1/4: Added missing link library
- 2/4: Modified other BdsPlatform.c files as well
- Added Yao's comments to 1/2 and 2/2

Stefan Berger (4):
OvmfPkg/TPM PPI: Connect default consoles for user interaction
OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
OvmfPkg: Reference new Tcg2PlatformPei in the build system

OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++-------
.../DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
13 files changed, 75 insertions(+), 22 deletions(-)

--
2.31.1


Yao, Jiewen
 

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

I will wait for a week, to see if there is any feedback from AMD or Bhyve reviewer.

Thank you
Yao Jiewen

-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Tuesday, September 14, 2021 10:18 PM
To: devel@edk2.groups.io
Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
<jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy

This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may
require
interaction with the user, we also move PlatformInitializeConsole
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.

Regards,
Stefan

v2:
- 1/4: Added missing link library
- 2/4: Modified other BdsPlatform.c files as well
- Added Yao's comments to 1/2 and 2/2

Stefan Berger (4):
OvmfPkg/TPM PPI: Connect default consoles for user interaction
OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
OvmfPkg: Reference new Tcg2PlatformPei in the build system

OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++-------
.../DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
13 files changed, 75 insertions(+), 22 deletions(-)

--
2.31.1


Stefan Berger
 

On 9/14/21 6:26 PM, Yao, Jiewen wrote:
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

I will wait for a week, to see if there is any feedback from AMD or Bhyve reviewer.
I can repost as v3 with your Reviewed-by's cc'ing them.


    Stefan



Thank you
Yao Jiewen


-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Tuesday, September 14, 2021 10:18 PM
To: devel@edk2.groups.io
Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
<jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy

This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may
require
interaction with the user, we also move PlatformInitializeConsole
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.

Regards,
Stefan

v2:
- 1/4: Added missing link library
- 2/4: Modified other BdsPlatform.c files as well
- Added Yao's comments to 1/2 and 2/2

Stefan Berger (4):
OvmfPkg/TPM PPI: Connect default consoles for user interaction
OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
OvmfPkg: Reference new Tcg2PlatformPei in the build system

OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++-------
.../DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
13 files changed, 75 insertions(+), 22 deletions(-)

--
2.31.1