summaryrefslogtreecommitdiffstats
path: root/OvmfPkg/Tcg
Commit message (Collapse)AuthorAgeFilesLines
* OvmfPkg/TdTcg2Dxe: Fix the SeparatorEvent issue in RTMRsMin M Xu2024-08-271-3/+9
| | | | | | | | | | | | | | | | | | | | According to the TCG EFI platform specification, the firmware must measure the EV_SEPARATOR event into PCRs 0-7. As PCR[1] and PCR[7] map to RTMR[0], and PCRs [2-6] map to RTMR[1], it is necessary to measure one EV_SEPARATOR event into RTMR[0] and another one into RTMR[1]. An issue is found in TdTcg2Dxe that 2 EV_SEPARATOR events are measured to RTMR[0] but no EV_SEPARATOR event is measured to RTMR[1]. This patch fixes the above issue. Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Qinkun Bao <qinkun@google.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* OvmfPkg: refine TdTcg2DxeMike Maslenkin2024-06-212-5/+1
| | | | | | | This patch removes unused references to ResetNotification code. ACPI table generation refined by removing excessive CopyMem() call. Signed-off-by: Mike Maslenkin <mike.maslenkin@gmail.com>
* OvmfPkg: Add sp800155Event3 supportDionna Glaze2024-05-071-5/+10
| | | | | | | | | | | | The signatures for event2 or event3 are now valid TCG SP800155 event types. Fixes uncrustify formatting. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
* OvmfPkg/TdTcg2Dxe: Add TdTcg2DxeMin M Xu2024-04-173-0/+3029
| | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752 This library is the one of SecurityPkg/Tcg/TdTcg2Dxe. It is designed for Intel TDX enlightened OVMF. So moving it from SecurityPkg to OvmfPkg. To prevent breaking the build, the moving is splitted into 2 patch. SecurityPkg/Tcg/TdTcg2Dxe will be deleted in the next patch. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* OvmfPkg: Update code to be more C11 compliant by using __func__Rebecca Cran2023-04-102-7/+7
| | | | | | | | | | | | | __FUNCTION__ is a pre-standard extension that gcc and Visual C++ among others support, while __func__ was standardized in C99. Since it's more standard, replace __FUNCTION__ with __func__ throughout OvmfPkg. Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
* OvmfPkg: create Tcg12ConfigPei.infGerd Hoffmann2021-12-152-10/+57
| | | | | | | | | | | | | | | | Split Tcg2ConfigPei.inf into two variants: Tcg12ConfigPei.inf with TPM 1.2 support included and Tcg2ConfigPei.inf supporting TPM 2.0 only. This allows x86 builds to choose whenever TPM 1.2 support should be included or not by picking the one or the other inf file. Switch x86 builds to Tcg12ConfigPei.inf, so they continue to have TPM 1.2 support. No functional change. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com>
* OvmfPkg: Apply uncrustify changesMichael Kubacki2021-12-073-19/+25
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the OvmfPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Andrew Fish <afish@apple.com>
* OvmfPkg/TpmMmioSevDecryptPei: use MemEncryptSevClearMmioPageEncMask()Brijesh Singh2021-05-291-3/+2
| | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 Use the MemEncryptSevClearMmioPageEncMask() to clear memory encryption mask for the Mmio address range. Cc: James Bottomley <jejb@linux.ibm.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Erdem Aktas <erdemaktas@google.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Message-Id: <20210519181949.6574-13-brijesh.singh@amd.com>
* OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64Lendacky, Thomas2021-04-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 The OVMF Tcg2Config PEIM adds the gOvmfTpmMmioAccessiblePpiGuid as a Depex for IA32 and X64 builds so that the MMIO range is properly mapped as unencrypted for an SEV-ES guest before the Tcg2Config PEIM is loaded. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Message-Id: <d6538e6c557173d260e272a0e5659683175e2e06.1619716333.git.thomas.lendacky@amd.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/TpmMmioSevDecryptPei: Mark TPM MMIO range as unencrypted for SEV-ESLendacky, Thomas2021-04-302-0/+127
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3345 During PEI, the MMIO range for the TPM is marked as encrypted when running as an SEV guest. While this isn't an issue for an SEV guest because of the way the nested page fault is handled, it does result in an SEV-ES guest terminating because of a mitigation check in the #VC handler to prevent MMIO to an encrypted address. For an SEV-ES guest, this range must be marked as unencrypted. Create a new x86 PEIM for TPM support that will map the TPM MMIO range as unencrypted when SEV-ES is active. The gOvmfTpmMmioAccessiblePpiGuid PPI will be unconditionally installed before exiting. The PEIM will exit with the EFI_ABORTED status so that the PEIM does not stay resident. This new PEIM will depend on the installation of the permanent PEI RAM, by PlatformPei, so that in case page table splitting is required during the clearing of the encryption bit, the new page table(s) will be allocated from permanent PEI RAM. Update all OVMF Ia32 and X64 build packages to include this new PEIM. Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Message-Id: <42794cec1f9d5bc24cbfb9dcdbe5e281ef259ef5.1619716333.git.thomas.lendacky@amd.com> [lersek@redhat.com: refresh subject line] Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/Tcg2ConfigPei: restrict BaseLib class dependency to IA32 and X64Laszlo Ersek2020-06-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | BaseLib interfaces (namely, SwapBytesXx()) are only used in "Tpm12Support.c", which is IA32/X64-only. Therefore the BaseLib class dependency should also be restricted to IA32 & X64, in the INF file. The "#include <Library/BaseLib.h>" directive is already present in "Tpm12Support.c" only. (The BaseLib dependency should have been restricted to IA32 and X64 together with the Tpm12DeviceLib dependency, as part of commit 74f90d38c446, "OvmfPkg/Tcg2ConfigPei: skip TPM-1.2 detection when building for ARM/AARCH64", 2020-05-21.) This is a trivial cleanup; functionally a no-op. Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Stefan Berger <stefanb@linux.ibm.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2752 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200603170413.23936-3-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* OvmfPkg/Tcg2ConfigPei: generalize TPM2-only file-top commentsLaszlo Ersek2020-06-092-2/+2
| | | | | | | | | | | | | | | | | | | | The leading comments in "Tcg2ConfigPei.inf" and "Tcg2ConfigPeim.c" say, "In OvmfPkg, the module only performs TPM2 hardware detection". The statement hasn't been correct since commit 89236992913f ("OvmfPkg: detect TPM 1.2 in Tcg2ConfigPei", 2020-03-04). Replace "TPM2" with "TPM" (without stating a version) in those file-top comments. Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Stefan Berger <stefanb@linux.ibm.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2752 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200603170413.23936-2-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* OvmfPkg/Tcg2ConfigPei: skip TPM-1.2 detection when building for ARM/AARCH64Laszlo Ersek2020-05-213-2/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dating back to commits f5cb3767038e and ddd34a818315d, the "ArmVirtPkg/ArmVirtQemu.dsc" platform includes the "OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf" module when the TPM2_ENABLE build flag is defined. This was regressed in commit 89236992913f, which added a Tpm12DeviceLib dependency to Tcg2ConfigPei. "ArmVirtQemu.dsc" does not resolve that class to any instance, so now we get a build failure: > build.py... > ArmVirtPkg/ArmVirtQemu.dsc(...): error 4000: Instance of library class > [Tpm12DeviceLib] is not found > in [OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf] [AARCH64] > consumed by module [OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf] The TPM-1.2 code in OvmfPkg/Tcg2ConfigPei is limited to a special use case (a kind of physical TPM-1.2 assignment), and that has never applied to "ArmVirtQemu.dsc". Short-circuit the TPM-1.2 detection in the ARM/AARCH64 builds of OvmfPkg/Tcg2ConfigPei, removing the Tpm12DeviceLib dependency. Functionally, this patch is a no-op on IA32 / X64. Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Simon Hardy <simon.hardy@itdev.co.uk> Cc: Stefan Berger <stefanb@linux.ibm.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2728 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200520225841.17793-4-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
* OvmfPkg/Tcg2ConfigPei: factor out InternalTpm12Detect()Laszlo Ersek2020-05-214-42/+115
| | | | | | | | | | | | | | | | | | | | | | | | | | | Move the calls to the Tpm12RequestUseTpm() and Tpm12SubmitCommand() Tpm12DeviceLib functions to a separate C file, so that we can override these actions in a subsequent patch. This code movement requires moving the TPM_RSP_GET_TICKS / TestTpm12() helper structure / function too. While at it, give the TestTpm12() function @retval / @return documentation, plus wrap an overlong line in it. Functionally, this patch is a no-op. Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Simon Hardy <simon.hardy@itdev.co.uk> Cc: Stefan Berger <stefanb@linux.ibm.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2728 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200520225841.17793-3-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
* OvmfPkg/Tcg2ConfigPei: clean up some lib class dependenciesLaszlo Ersek2020-05-212-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 89236992913f introduced an explicit Tpm12CommandLib dependency to Tcg2ConfigPei. In reality this lib class is not consumed by Tcg2ConfigPei at all (such a dependency is not even inherited from other lib instances). Simplify the module by dropping the superfluous dependency. (The Tpm12CommandLib class resolution that was also added in commit 89236992913f is not useless, at the platform build level: it is consumed by TcgPei and TcgDxe. Meaning that said Tpm12CommandLib resolution should have likely been a part of the subsequent patch in the original series, namely commit 6be54f15a0c9.) Commit 89236992913f also introduced SwapBytesXx() calls. Those functions are provided by BaseLib. Spell out the BaseLib dependency. Functionally, this patch is a no-op. Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Simon Hardy <simon.hardy@itdev.co.uk> Cc: Stefan Berger <stefanb@linux.ibm.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2728 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200520225841.17793-2-lersek@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
* OvmfPkg: detect TPM 1.2 in Tcg2ConfigPeiMarc-André Lureau2020-03-042-15/+70
| | | | | | | | | | | | | | | | Complement commit 6cf1880fb5b ("OvmfPkg: add customized Tcg2ConfigPei clone", 2018-03-09) by detecting TPM 1.2 devices. Since Tpm12RequestUseTpm() returns success on any TPM interface, (including FIFO & CRB which are TPM 2.0), try to send a GetTicks TPM 1.2 command to probe the version. In case of failure, fallback on TPM 2.0 path. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Message-Id: <20200226152433.1295789-3-marcandre.lureau@redhat.com> Tested-by: Simon Hardy <simon.hardy@itdev.co.uk>
* OvmfPkg/Tcg2ConfigPei: introduce a signalling PPI to depex onArd Biesheuvel2020-03-041-1/+5
| | | | | | | | | | | On ARM systems, the TPM does not live at a fixed address, and so we need the platform to discover it first. So introduce a PPI that signals that the TPM address has been discovered and recorded in the appropriate PCD, and make Tcg2ConfigPei depex on it when built for ARM or AARCH64. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2560 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg: Replace BSD License with BSD+Patent LicenseMichael D Kinney2019-04-092-14/+2
| | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* OvmfPkg/Tcg2ConfigPei: trivial coding style updatesLaszlo Ersek2018-03-102-35/+40
| | | | | | | | | | | | | | | | | | | | | | | - the @file comment block should match between INF and main C file - rewrap / refill columns to 79 characters - insert space before opening paren - prefix and suffix //-style comment block with empty // lines - fix indentation of arguments in multi-line function call - general tab spacing (indent step) is 2 in edk2, unlike QEMU's 4 No functional changes. Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
* OvmfPkg: add customized Tcg2ConfigPei cloneMarc-André Lureau2018-03-092-0/+137
The Tcg2ConfigPei module informs the firmware globally about the TPM device type, by setting the PcdTpmInstanceGuid PCD to the appropriate GUID value. The original module under SecurityPkg can perform device detection, or read a cached value from a non-volatile UEFI variable. OvmfPkg's clone of the module only performs the TPM2 hardware detection. This is what the module does: - Check the QEMU hardware for TPM2 availability only - If found, set the dynamic PCD "PcdTpmInstanceGuid" to &gEfiTpmDeviceInstanceTpm20DtpmGuid. This is what informs the rest of the firmware about the TPM type. - Install the gEfiTpmDeviceSelectedGuid PPI. This action permits the PEI_CORE to dispatch the Tcg2Pei module, which consumes the above PCD. In effect, the gEfiTpmDeviceSelectedGuid PPI serializes the setting and the consumption of the "TPM type" PCD. - If no TPM2 was found, install gPeiTpmInitializationDonePpiGuid. (Normally this is performed by Tcg2Pei, but Tcg2Pei doesn't do it if no TPM2 is available. So in that case our Tcg2ConfigPei must do it.) Cc: Laszlo Ersek <lersek@redhat.com> Cc: Stefan Berger <stefanb@linux.vnet.ibm.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>