994 lines
40 KiB
Diff
994 lines
40 KiB
Diff
From 02544e617ce4dfffff15dab47463484ccdc9a51f Mon Sep 17 00:00:00 2001
|
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
Date: Wed, 15 Dec 2021 12:39:17 +0100
|
|
Subject: [PATCH 2/6] OvmfPkg: move tcg configuration to dsc and fdf include
|
|
files
|
|
|
|
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
|
|
RH-MergeRequest: 9: backport tpm build updates, disable tpm 1.2 support
|
|
RH-Commit: [2/6] d811b2cf266baa0fa3f958af0b80bb208f3fe27c (kraxel/centos-edk2)
|
|
RH-Bugzilla: 1935497
|
|
RH-Acked-by: Oliver Steffen <None>
|
|
|
|
With this in place the tpm configuration is not duplicated for each of
|
|
our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is
|
|
easier to keep them all in sync when updating the tpm configuration.
|
|
|
|
No functional change.
|
|
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
(cherry picked from commit b47575801e1903e8b316d01840572ce2681cf2c6)
|
|
|
|
[ kraxel: solve conflict in OvmfPkg/AmdSev/AmdSevX64.dsc ]
|
|
---
|
|
OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++-----------------------
|
|
OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +-----
|
|
OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------
|
|
OvmfPkg/OvmfPkgIa32.fdf | 17 +-----
|
|
OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++-----------------------
|
|
OvmfPkg/OvmfPkgIa32X64.fdf | 17 +-----
|
|
OvmfPkg/OvmfPkgX64.dsc | 85 ++++-----------------------
|
|
OvmfPkg/OvmfPkgX64.fdf | 17 +-----
|
|
OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++
|
|
OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++
|
|
OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++
|
|
OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++
|
|
OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++
|
|
OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++
|
|
OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++
|
|
OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++
|
|
OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++
|
|
OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++
|
|
OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++
|
|
19 files changed, 185 insertions(+), 359 deletions(-)
|
|
create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc
|
|
create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc
|
|
|
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
index 88b65b9f59..8610602ddb 100644
|
|
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
@@ -32,8 +32,8 @@
|
|
# -D FLAG=VALUE
|
|
#
|
|
DEFINE SOURCE_DEBUG_ENABLE = FALSE
|
|
- DEFINE TPM_ENABLE = FALSE
|
|
- DEFINE TPM_CONFIG_ENABLE = FALSE
|
|
+
|
|
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
|
|
#
|
|
# Shell can be useful for debugging but should not be enabled for production
|
|
@@ -203,16 +203,7 @@
|
|
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
|
|
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
|
|
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
|
|
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
|
|
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
|
|
-!else
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
|
|
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
|
|
|
|
[LibraryClasses.common]
|
|
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
|
@@ -286,11 +277,7 @@
|
|
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
|
|
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
|
|
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
|
|
|
|
@@ -371,10 +358,8 @@
|
|
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
|
|
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
|
|
QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
|
-!endif
|
|
+
|
|
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
|
|
|
|
[LibraryClasses.common.UEFI_APPLICATION]
|
|
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
|
|
@@ -576,15 +561,10 @@
|
|
|
|
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
|
|
|
|
[PcdsDynamicHii]
|
|
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
|
|
################################################################################
|
|
#
|
|
@@ -625,24 +605,7 @@
|
|
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
OvmfPkg/AmdSev/SecretPei/SecretPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
|
|
- <LibraryClasses>
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
|
|
|
|
#
|
|
# DXE Phase modules
|
|
@@ -664,10 +627,7 @@
|
|
|
|
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
|
|
<LibraryClasses>
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
|
|
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
|
|
}
|
|
|
|
OvmfPkg/8259InterruptControllerDxe/8259.inf
|
|
@@ -830,27 +790,4 @@
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
index 325570c5a3..3f2329dab4 100644
|
|
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
@@ -156,13 +156,7 @@ INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
|
|
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPei.fdf.inc
|
|
|
|
################################################################################
|
|
|
|
@@ -311,14 +305,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
|
|
################################################################################
|
|
|
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
|
index fa42d919be..904176ccfc 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
|
@@ -32,10 +32,10 @@
|
|
DEFINE SECURE_BOOT_ENABLE = FALSE
|
|
DEFINE SMM_REQUIRE = FALSE
|
|
DEFINE SOURCE_DEBUG_ENABLE = FALSE
|
|
- DEFINE TPM_ENABLE = FALSE
|
|
- DEFINE TPM_CONFIG_ENABLE = FALSE
|
|
DEFINE LOAD_X64_ON_IA32_ENABLE = FALSE
|
|
|
|
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
+
|
|
#
|
|
# Network definition
|
|
#
|
|
@@ -229,16 +229,7 @@
|
|
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
|
|
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
|
|
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
|
|
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
|
|
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
|
|
-!else
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
|
|
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
|
|
|
|
[LibraryClasses.common]
|
|
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
|
@@ -309,11 +300,7 @@
|
|
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
|
|
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
|
|
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
|
|
|
|
@@ -401,10 +388,8 @@
|
|
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
|
|
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
|
|
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
|
-!endif
|
|
+
|
|
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
|
|
|
|
[LibraryClasses.common.UEFI_APPLICATION]
|
|
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
|
|
@@ -643,19 +628,14 @@
|
|
|
|
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
|
|
|
|
# IPv4 and IPv6 PXE Boot support.
|
|
gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
|
|
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
|
|
|
|
[PcdsDynamicHii]
|
|
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
|
|
################################################################################
|
|
#
|
|
@@ -705,24 +685,7 @@
|
|
!endif
|
|
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
|
|
- <LibraryClasses>
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
|
|
|
|
#
|
|
# DXE Phase modules
|
|
@@ -747,10 +710,7 @@
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
|
!endif
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
|
|
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
|
|
}
|
|
|
|
OvmfPkg/8259InterruptControllerDxe/8259.inf
|
|
@@ -1004,31 +964,5 @@
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
|
|
-!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
|
|
- OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
|
|
-!endif
|
|
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
|
index 51433836d6..8ba9ffc83e 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
|
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
|
@@ -161,13 +161,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
|
|
!endif
|
|
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPei.fdf.inc
|
|
|
|
################################################################################
|
|
|
|
@@ -353,14 +347,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
|
|
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
|
|
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
|
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
|
index ef962565f8..aebd8980e4 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
|
@@ -32,8 +32,8 @@
|
|
DEFINE SECURE_BOOT_ENABLE = FALSE
|
|
DEFINE SMM_REQUIRE = FALSE
|
|
DEFINE SOURCE_DEBUG_ENABLE = FALSE
|
|
- DEFINE TPM_ENABLE = FALSE
|
|
- DEFINE TPM_CONFIG_ENABLE = FALSE
|
|
+
|
|
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
|
|
#
|
|
# Network definition
|
|
@@ -233,16 +233,7 @@
|
|
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
|
|
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
|
|
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
|
|
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
|
|
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
|
|
-!else
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
|
|
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
|
|
|
|
[LibraryClasses.common]
|
|
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
|
@@ -313,11 +304,7 @@
|
|
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
|
|
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
|
|
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
|
|
|
|
@@ -405,10 +392,8 @@
|
|
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
|
|
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
|
|
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
|
-!endif
|
|
+
|
|
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
|
|
|
|
[LibraryClasses.common.UEFI_APPLICATION]
|
|
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
|
|
@@ -655,9 +640,7 @@
|
|
|
|
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
|
|
|
|
[PcdsDynamicDefault.X64]
|
|
# IPv4 and IPv6 PXE Boot support.
|
|
@@ -665,10 +648,7 @@
|
|
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
|
|
|
|
[PcdsDynamicHii]
|
|
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
|
|
################################################################################
|
|
#
|
|
@@ -718,24 +698,7 @@
|
|
!endif
|
|
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
|
|
- <LibraryClasses>
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
|
|
|
|
[Components.X64]
|
|
#
|
|
@@ -761,10 +724,7 @@
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
|
!endif
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
|
|
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
|
|
}
|
|
|
|
OvmfPkg/8259InterruptControllerDxe/8259.inf
|
|
@@ -1019,27 +979,4 @@
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
index a50f80e1e9..65d2600016 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
@@ -164,13 +164,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
|
|
!endif
|
|
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPei.fdf.inc
|
|
|
|
################################################################################
|
|
|
|
@@ -363,14 +357,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
|
|
################################################################################
|
|
|
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
|
index ba9f9833b0..e85ac3d682 100644
|
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
|
@@ -32,8 +32,8 @@
|
|
DEFINE SECURE_BOOT_ENABLE = FALSE
|
|
DEFINE SMM_REQUIRE = FALSE
|
|
DEFINE SOURCE_DEBUG_ENABLE = FALSE
|
|
- DEFINE TPM_ENABLE = FALSE
|
|
- DEFINE TPM_CONFIG_ENABLE = FALSE
|
|
+
|
|
+!include OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
|
|
#
|
|
# Network definition
|
|
@@ -233,16 +233,7 @@
|
|
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
|
|
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
|
|
- Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
|
|
- Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
|
|
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
|
|
-!else
|
|
- Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
|
|
- TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibs.dsc.inc
|
|
|
|
[LibraryClasses.common]
|
|
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
|
@@ -315,11 +306,7 @@
|
|
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
|
|
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc
|
|
|
|
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
|
|
|
|
@@ -407,10 +394,8 @@
|
|
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
|
|
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
|
|
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
|
-!endif
|
|
+
|
|
+!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc
|
|
|
|
[LibraryClasses.common.UEFI_APPLICATION]
|
|
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
|
|
@@ -655,19 +640,14 @@
|
|
|
|
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcds.dsc.inc
|
|
|
|
# IPv4 and IPv6 PXE Boot support.
|
|
gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
|
|
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
|
|
|
|
[PcdsDynamicHii]
|
|
-!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
|
|
- gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
|
|
################################################################################
|
|
#
|
|
@@ -717,24 +697,7 @@
|
|
!endif
|
|
UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
|
|
- <LibraryClasses>
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc
|
|
|
|
#
|
|
# DXE Phase modules
|
|
@@ -758,10 +721,7 @@
|
|
<LibraryClasses>
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
|
|
-!endif
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
|
|
- NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
|
|
+!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc
|
|
!endif
|
|
}
|
|
|
|
@@ -1017,27 +977,4 @@
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
|
|
- HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
- NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
- }
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
|
|
- <LibraryClasses>
|
|
- Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
- }
|
|
- SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
|
|
- <LibraryClasses>
|
|
- TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
- }
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
|
index dd1c6eded9..e5cbae2073 100644
|
|
--- a/OvmfPkg/OvmfPkgX64.fdf
|
|
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
|
@@ -180,13 +180,7 @@ INF OvmfPkg/SmmAccess/SmmAccessPei.inf
|
|
!endif
|
|
INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf
|
|
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
-INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
-INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmPei.fdf.inc
|
|
|
|
################################################################################
|
|
|
|
@@ -379,14 +373,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
#
|
|
# TPM support
|
|
#
|
|
-!if $(TPM_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
|
-INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
|
-!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
-INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
-!endif
|
|
-!endif
|
|
+!include OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
|
|
################################################################################
|
|
|
|
diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..d5c2586118
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc
|
|
@@ -0,0 +1,28 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
|
|
+ <LibraryClasses>
|
|
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
|
|
+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
|
|
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
+ }
|
|
+!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
+ SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
+!endif
|
|
+ SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
|
|
+ <LibraryClasses>
|
|
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
+ }
|
|
+ SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {
|
|
+ <LibraryClasses>
|
|
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
+ }
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..99fa7c13b3
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc
|
|
@@ -0,0 +1,22 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+ OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
+ OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
+ SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
+ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
|
|
+ <LibraryClasses>
|
|
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
|
|
+ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
|
|
+ }
|
|
+ SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {
|
|
+ <LibraryClasses>
|
|
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
|
|
+ }
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..51da7508b3
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmDefines.dsc.inc
|
|
@@ -0,0 +1,6 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+ DEFINE TPM_ENABLE = FALSE
|
|
+ DEFINE TPM_CONFIG_ENABLE = FALSE
|
|
diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
new file mode 100644
|
|
index 0000000000..9dcdaaf01c
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmDxe.fdf.inc
|
|
@@ -0,0 +1,12 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
|
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
|
+INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
|
+!if $(TPM_CONFIG_ENABLE) == TRUE
|
|
+INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
|
+!endif
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..50100f2c03
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmLibs.dsc.inc
|
|
@@ -0,0 +1,14 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+ Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
|
|
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
|
|
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
|
|
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
|
|
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
|
|
+!else
|
|
+ Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
|
|
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..67d5027aba
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc
|
|
@@ -0,0 +1,8 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
|
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..4e84e3dcaa
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc
|
|
@@ -0,0 +1,9 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
|
|
+ Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
|
|
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..0e7f83c04b
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmPcds.dsc.inc
|
|
@@ -0,0 +1,7 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..164bc9c7fc
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc
|
|
@@ -0,0 +1,8 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE && $(TPM_CONFIG_ENABLE) == TRUE
|
|
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
|
|
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc
|
|
new file mode 100644
|
|
index 0000000000..9aefd73d21
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmPei.fdf.inc
|
|
@@ -0,0 +1,11 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf
|
|
+INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
|
|
+INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
|
|
+INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
|
|
+INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
|
|
+!endif
|
|
diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..4bd4066843
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc
|
|
@@ -0,0 +1,8 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+!if $(TPM_ENABLE) == TRUE
|
|
+ NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
|
|
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
|
|
+!endif
|
|
--
|
|
2.27.0
|
|
|