From 505473655db4b91e4a0ac732069968f9eddabc51 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Wed, 15 Dec 2021 12:39:18 +0100 Subject: [PATCH 3/6] OvmfPkg: drop TPM_CONFIG_ENABLE RH-Author: Gerd Hoffmann RH-MergeRequest: 9: backport tpm build updates, disable tpm 1.2 support RH-Commit: [3/6] be335526f74358d4af21fbd35cc7008b227ebb23 (kraxel/centos-edk2) RH-Bugzilla: 1935497 RH-Acked-by: Oliver Steffen Drop TPM_CONFIG_ENABLE config option. Including TPM support in the build without also including the TPM configuration menu is not useful. Suggested-by: Stefan Berger Signed-off-by: Gerd Hoffmann Tested-by: Stefan Berger (cherry picked from commit 5711ff4d0b56ff4c58dc7a780e706bc58aed2253) --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 -- OvmfPkg/OvmfTpmDefines.dsc.inc | 1 - OvmfPkg/OvmfTpmDxe.fdf.inc | 2 -- OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- OvmfPkg/PlatformCI/ReadMe.md | 2 +- 7 files changed, 8 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc index d5c2586118..e025d85a58 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -14,9 +14,7 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } -!if $(TPM_CONFIG_ENABLE) == TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index 51da7508b3..5df4a331fb 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -3,4 +3,3 @@ ## DEFINE TPM_ENABLE = FALSE - DEFINE TPM_CONFIG_ENABLE = FALSE diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 9dcdaaf01c..32eef24638 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -6,7 +6,5 @@ INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) == TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif -!endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc index 164bc9c7fc..2e02a5b4cb 100644 --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## -!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE +!if $(TPM_ENABLE) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS !endif diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml index 7117b86b81..1774423580 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml @@ -95,21 +95,21 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_NOOPT: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "NOOPT" Run.Flags: $(run_flags) Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml index 2e07a3d889..09f9851312 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml @@ -94,14 +94,14 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) @@ -112,7 +112,7 @@ jobs: # OVMF_IA32X64_FULL_NOOPT: # Build.File: "$(package)/PlatformCI/PlatformBuild.py" # Build.Arch: "IA32,X64" - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1" # Build.Target: "NOOPT" # Run.Flags: $(run_flags) # Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md index 2ce9007dbe..44aa7c4a9d 100644 --- a/OvmfPkg/PlatformCI/ReadMe.md +++ b/OvmfPkg/PlatformCI/ReadMe.md @@ -14,7 +14,7 @@ supported and are described below. | IA32 | IA32 | OvmfPkgIa32.dsc | None | | X64 | X64 | OvmfPkgIa64.dsc | None | | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None | -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 | ## EDK2 Developer environment -- 2.27.0