Date
1 - 3 of 3
OvmfPkgX64.dsc - how to enable MOR and MORlock variables in firmware
Hi everyone,
I am attempting to boot built firmware images of OvmfPkgX64 using QEMU. The reason I am doing this is so that I can investigate MOR and MORlock UEFI variables, and for this to happen they need to be enabled and set in the firmware.
To start, I have built the firmware with the following flags enabled:
build -a X64 -p edk2/OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t GCCdm5 -n 56 -D SECURE_BOOT_ENABLE -D SMM_REQUIRE -D DEBUG_ON_SERIAL_PORT
I included SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf in OvmfPkgX64.dsc file, and I noticed that the build picks up this module.
When I boot the firmware with QEMU using this command:
qemu-system-x86_64 -machine q35,smm=on,accel=kvm -m 2048M -smp 1 \
-global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=OVMF_VARS.fd \
-global ICH9-LPC.disable_s3=1 \
--nographic
I am unable to see the TcgMor driver get loaded at any point, and the UEFI variables are not present when I run dmpstore -all.
I am stuck on trying to figure out what I am still missing. Is TPM 2.0 a requirement for a platform to create these MOR/MORlock variables in firmware? How does the
I am attempting to boot built firmware images of OvmfPkgX64 using QEMU. The reason I am doing this is so that I can investigate MOR and MORlock UEFI variables, and for this to happen they need to be enabled and set in the firmware.
To start, I have built the firmware with the following flags enabled:
build -a X64 -p edk2/OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t GCCdm5 -n 56 -D SECURE_BOOT_ENABLE -D SMM_REQUIRE -D DEBUG_ON_SERIAL_PORT
I included SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf in OvmfPkgX64.dsc file, and I noticed that the build picks up this module.
When I boot the firmware with QEMU using this command:
qemu-system-x86_64 -machine q35,smm=on,accel=kvm -m 2048M -smp 1 \
-global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=OVMF_VARS.fd \
-global ICH9-LPC.disable_s3=1 \
--nographic
I am unable to see the TcgMor driver get loaded at any point, and the UEFI variables are not present when I run dmpstore -all.
I am stuck on trying to figure out what I am still missing. Is TPM 2.0 a requirement for a platform to create these MOR/MORlock variables in firmware? How does the
Hi everyone,
I am attempting to boot firmware images of OvmfPkgX64 using QEMU. The reason I am doing this is so that I can investigate MOR and MORlock UEFI variables in the UEFI shell, and for this to happen they need to be enabled and set in the firmware.
To start, I have built the firmware with the following flags enabled:
build -a X64 -p edk2/OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t GCCdm5 -n 56 -D SECURE_BOOT_ENABLE -D SMM_REQUIRE -D DEBUG_ON_SERIAL_PORT
I included SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf in OvmfPkgX64.dsc file, and I noticed that the build picks up this module.
When I boot the firmware with QEMU using this command:
qemu-system-x86_64 -machine q35,smm=on,accel=kvm -m 2048M -smp 1 \
-global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=OVMF_VARS.fd \
-global ICH9-LPC.disable_s3=1 \
--nographic
I am unable to see the TcgMor driver get loaded at any point, and the UEFI variables are not present when I run dmpstore -all.
I am stuck on trying to figure out what I am still missing. Is TPM 2.0 a requirement for a platform to create these MOR/MORlock variables in firmware? How does the MorDriverEntryPoint get called?
I apologize for my lack of understanding, but I am still getting up to speed with edk2.
Thank you,
Abhi
I am attempting to boot firmware images of OvmfPkgX64 using QEMU. The reason I am doing this is so that I can investigate MOR and MORlock UEFI variables in the UEFI shell, and for this to happen they need to be enabled and set in the firmware.
To start, I have built the firmware with the following flags enabled:
build -a X64 -p edk2/OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t GCCdm5 -n 56 -D SECURE_BOOT_ENABLE -D SMM_REQUIRE -D DEBUG_ON_SERIAL_PORT
I included SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf in OvmfPkgX64.dsc file, and I noticed that the build picks up this module.
When I boot the firmware with QEMU using this command:
qemu-system-x86_64 -machine q35,smm=on,accel=kvm -m 2048M -smp 1 \
-global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=OVMF_VARS.fd \
-global ICH9-LPC.disable_s3=1 \
--nographic
I am unable to see the TcgMor driver get loaded at any point, and the UEFI variables are not present when I run dmpstore -all.
I am stuck on trying to figure out what I am still missing. Is TPM 2.0 a requirement for a platform to create these MOR/MORlock variables in firmware? How does the MorDriverEntryPoint get called?
I apologize for my lack of understanding, but I am still getting up to speed with edk2.
Thank you,
Abhi