[PATCH v3 0/8] Add support for TPM 1.2 Physical Presence Interface and Menu


Stefan Berger
 

This series adds support for the full TPM 1.2 Physical Presence Interface
(PPI) and activates the TPM 1.2 menu at the end. PPI is a prerequisite for
the menu to work.

The modifications to the original code are mostly due to the fact that we
are using a memory region for PPI in QEMU. I tried to keep them at a minimum.
For the PPI Flags I am using a EFI variable just like the original code does.
(SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c)

The PhysicalPresenceFlags variable is write-protected (since v3) by adding
an entry to AuthVariableLib.c. The consequence of locking the variable is
that the processing of the physical presence opcodes, and with that
write-access to that variable, had to be moved to before the end-of-DXE
because afterwards it cannot be changed anymore.

Regards,
Stefan

v3:
- Moved processing of physical presence opcodes to before end-of-DXE
- Write-protected PhysicalPresenceFlags variable by entry in AuthVariableLib.c

v2:
- Added patch that copies sources from SecurityPkg to OvmfPkg before changes
- Use CONSTRUCTOR from DxeTcgPhysicalPresenceLib.inf
- Other nits


Gerd Hoffmann (1):
OvmfPkg: add TPM 1.2 config menu

Stefan Berger (7):
OvmfPkg: Move processing of physical presence opcode before End-of-Dxe
OvmfPkg: Check for TPM 2 early to leave function early
SecurityPkg: Store physical presence code by submitting to PreOS func
SecurityPkg: Declare PhysicalPresenceFlags variable and its properties
OvmfPkg: Copy TPM 1.2 DxeTcgPhysicalPresenceLib.c from SecurityPkg
OvmfPkg: Enable physical presence interface for TPM 1.2
OvmfPkg: Enable TPM 1.2 Physical Presence Opcode processing

OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
.../PlatformBootManagerLib/BdsPlatform.c | 23 +-
.../PlatformBootManagerLib.inf | 1 +
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 20 +-
.../PlatformBootManagerLibGrub/BdsPlatform.c | 20 +-
.../DxeTcg2PhysicalPresenceLib.c | 36 +-
.../DxeTcgPhysicalPresenceLib.c | 22 +
.../DxeTcgPhysicalPresenceLib.inf | 27 +
.../DxeTcgPhysicalPresenceLib.c | 1448 +++++++++++++++++
.../DxeTcgPhysicalPresenceLib.inf | 64 +
.../DxeTcgPhysicalPresenceLib.uni | 22 +
.../PhysicalPresenceStrings.uni | 46 +
OvmfPkg/Microvm/MicrovmX64.dsc | 1 +
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 1 +
OvmfPkg/OvmfTpmDxe.fdf.inc | 1 +
OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +
OvmfPkg/OvmfXen.dsc | 1 +
.../Include/Library/TcgPhysicalPresenceLib.h | 39 +
.../AuthVariableLib/AuthServiceInternal.h | 1 +
.../Library/AuthVariableLib/AuthVariableLib.c | 11 +
.../AuthVariableLib/AuthVariableLib.inf | 4 +
.../DxeTcgPhysicalPresenceLib.c | 55 +
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf | 1 +
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c | 41 +-
24 files changed, 1819 insertions(+), 71 deletions(-)
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.c
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPhysicalPresenceLib.inf
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.c
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.inf
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/DxeTcgPhysicalPresenceLib.uni
create mode 100644 OvmfPkg/Library/TcgPhysicalPresenceLibQemu/PhysicalPresenceStrings.uni

--
2.31.1