088600e053
- edk2-OvmfPkg-remove-unused-TPM-options-from-MicrovmX64.ds.patch [bz#1935497] - edk2-OvmfPkg-move-tcg-configuration-to-dsc-and-fdf-includ.patch [bz#1935497] - edk2-OvmfPkg-drop-TPM_CONFIG_ENABLE.patch [bz#1935497] - edk2-OvmfPkg-create-Tcg12ConfigPei.inf.patch [bz#1935497] - edk2-OvmfPkg-rework-TPM-configuration.patch [bz#1935497] - edk2-spec-adapt-specfile-to-build-option-changes-disable-.patch [bz#1935497] - Resolves: bz#1935497 (edk2 implements and/or uses the deprecated MD5 and SHA-1 algorithms by default)
152 lines
8.5 KiB
Diff
152 lines
8.5 KiB
Diff
From 505473655db4b91e4a0ac732069968f9eddabc51 Mon Sep 17 00:00:00 2001
|
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
Date: Wed, 15 Dec 2021 12:39:18 +0100
|
|
Subject: [PATCH 3/6] OvmfPkg: drop TPM_CONFIG_ENABLE
|
|
|
|
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
|
|
RH-MergeRequest: 9: backport tpm build updates, disable tpm 1.2 support
|
|
RH-Commit: [3/6] be335526f74358d4af21fbd35cc7008b227ebb23 (kraxel/centos-edk2)
|
|
RH-Bugzilla: 1935497
|
|
RH-Acked-by: Oliver Steffen <None>
|
|
|
|
Drop TPM_CONFIG_ENABLE config option. Including TPM support in the
|
|
build without also including the TPM configuration menu is not useful.
|
|
|
|
Suggested-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
(cherry picked from commit 5711ff4d0b56ff4c58dc7a780e706bc58aed2253)
|
|
---
|
|
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 --
|
|
OvmfPkg/OvmfTpmDefines.dsc.inc | 1 -
|
|
OvmfPkg/OvmfTpmDxe.fdf.inc | 2 --
|
|
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +-
|
|
OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++---
|
|
OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++---
|
|
OvmfPkg/PlatformCI/ReadMe.md | 2 +-
|
|
7 files changed, 8 insertions(+), 13 deletions(-)
|
|
|
|
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
index d5c2586118..e025d85a58 100644
|
|
--- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
@@ -14,9 +14,7 @@
|
|
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
}
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
|
|
<LibraryClasses>
|
|
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
index 51da7508b3..5df4a331fb 100644
|
|
--- a/OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
@@ -3,4 +3,3 @@
|
|
##
|
|
|
|
DEFINE TPM_ENABLE = FALSE
|
|
- DEFINE TPM_CONFIG_ENABLE = FALSE
|
|
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
index 9dcdaaf01c..32eef24638 100644
|
|
--- a/OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
@@ -6,7 +6,5 @@
|
|
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
|
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
|
INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
!endif
|
|
-!endif
|
|
diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
index 164bc9c7fc..2e02a5b4cb 100644
|
|
--- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
+++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
@@ -2,7 +2,7 @@
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
##
|
|
|
|
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
|
|
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
|
|
!endif
|
|
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
|
|
index 7117b86b81..1774423580 100644
|
|
--- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
|
|
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml
|
|
@@ -95,21 +95,21 @@ jobs:
|
|
OVMF_IA32X64_FULL_DEBUG:
|
|
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
|
|
Build.Arch: "IA32,X64"
|
|
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
Build.Target: "DEBUG"
|
|
Run.Flags: $(run_flags)
|
|
Run: $(should_run)
|
|
OVMF_IA32X64_FULL_RELEASE:
|
|
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
|
|
Build.Arch: "IA32,X64"
|
|
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
Build.Target: "RELEASE"
|
|
Run.Flags: $(run_flags)
|
|
Run: $(should_run)
|
|
OVMF_IA32X64_FULL_NOOPT:
|
|
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
|
|
Build.Arch: "IA32,X64"
|
|
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
Build.Target: "NOOPT"
|
|
Run.Flags: $(run_flags)
|
|
Run: $(should_run)
|
|
diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
|
|
index 2e07a3d889..09f9851312 100644
|
|
--- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
|
|
+++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml
|
|
@@ -94,14 +94,14 @@ jobs:
|
|
OVMF_IA32X64_FULL_DEBUG:
|
|
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
|
|
Build.Arch: "IA32,X64"
|
|
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
Build.Target: "DEBUG"
|
|
Run.Flags: $(run_flags)
|
|
Run: $(should_run)
|
|
OVMF_IA32X64_FULL_RELEASE:
|
|
Build.File: "$(package)/PlatformCI/PlatformBuild.py"
|
|
Build.Arch: "IA32,X64"
|
|
- Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
+ Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
Build.Target: "RELEASE"
|
|
Run.Flags: $(run_flags)
|
|
Run: $(should_run)
|
|
@@ -112,7 +112,7 @@ jobs:
|
|
# OVMF_IA32X64_FULL_NOOPT:
|
|
# Build.File: "$(package)/PlatformCI/PlatformBuild.py"
|
|
# Build.Arch: "IA32,X64"
|
|
- # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_TPM_CONFIG_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
+ # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=1 BLD_*_SMM_REQUIRE=1 BLD_*_TPM_ENABLE=1 BLD_*_NETWORK_TLS_ENABLE=1 BLD_*_NETWORK_IP6_ENABLE=1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=1"
|
|
# Build.Target: "NOOPT"
|
|
# Run.Flags: $(run_flags)
|
|
# Run: $(should_run)
|
|
diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md
|
|
index 2ce9007dbe..44aa7c4a9d 100644
|
|
--- a/OvmfPkg/PlatformCI/ReadMe.md
|
|
+++ b/OvmfPkg/PlatformCI/ReadMe.md
|
|
@@ -14,7 +14,7 @@ supported and are described below.
|
|
| IA32 | IA32 | OvmfPkgIa32.dsc | None |
|
|
| X64 | X64 | OvmfPkgIa64.dsc | None |
|
|
| IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | None |
|
|
-| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 TPM_CONFIG_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
|
|
+| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SECURE_BOOT_ENABLE=1 SMM_REQUIRE=1 TPM_ENABLE=1 NETWORK_TLS_ENABLE=1 NETWORK_IP6_ENABLE=1 NETWORK_HTTP_BOOT_ENABLE=1 |
|
|
|
|
## EDK2 Developer environment
|
|
|
|
--
|
|
2.27.0
|
|
|