From f4e7aa05a3fe348dda4c1f491a48789ef5b7e4d1 Mon Sep 17 00:00:00 2001 From: Tim He Date: Fri, 8 May 2015 03:13:37 +0000 Subject: Sync the branch changes to trunk. Support fTPM feature, and update the BiosID to 0.80. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Tim He git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17362 6f19259b-4bc3-4df7-8a09-765794883524 --- Vlv2TbltDevicePkg/BiosIdD.env | 2 +- Vlv2TbltDevicePkg/BiosIdR.env | 2 +- Vlv2TbltDevicePkg/BiosIdx64D.env | 2 +- Vlv2TbltDevicePkg/BiosIdx64R.env | 2 +- Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h | 4 +- .../DxeTrEEPhysicalPresenceLibNull.c | 242 +++++++++++++++++++++ .../DxeTrEEPhysicalPresenceLibNull.inf | 46 ++++ .../Library/PlatformBdsLib/BdsPlatform.c | 20 +- .../Library/PlatformBdsLib/PlatformBdsLib.inf | 2 +- .../Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c | 123 +++++++++++ .../Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf | 67 ++++++ .../Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c | 151 +++++++++++++ .../Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf | 66 ++++++ Vlv2TbltDevicePkg/PlatformPei/Platform.c | 70 ++++++ Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf | 1 + Vlv2TbltDevicePkg/PlatformPkg.fdf | 23 +- Vlv2TbltDevicePkg/PlatformPkgConfig.dsc | 3 +- Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 23 +- Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 88 +++++++- Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 85 +++++++- Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 84 ++++++- Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi | 17 +- 22 files changed, 1088 insertions(+), 35 deletions(-) create mode 100644 Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c create mode 100644 Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf create mode 100644 Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c create mode 100644 Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf create mode 100644 Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c create mode 100644 Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf (limited to 'Vlv2TbltDevicePkg') diff --git a/Vlv2TbltDevicePkg/BiosIdD.env b/Vlv2TbltDevicePkg/BiosIdD.env index bc6656c2bc..406bed27a2 100644 --- a/Vlv2TbltDevicePkg/BiosIdD.env +++ b/Vlv2TbltDevicePkg/BiosIdD.env @@ -26,5 +26,5 @@ OEM_ID = I32 BUILD_TYPE = D BOARD_ID = BLAKCRB -VERSION_MAJOR = 0079 +VERSION_MAJOR = 0080 VERSION_MINOR = 01 diff --git a/Vlv2TbltDevicePkg/BiosIdR.env b/Vlv2TbltDevicePkg/BiosIdR.env index 0709ac7862..092423d032 100644 --- a/Vlv2TbltDevicePkg/BiosIdR.env +++ b/Vlv2TbltDevicePkg/BiosIdR.env @@ -26,5 +26,5 @@ OEM_ID = I32 BUILD_TYPE = R BOARD_ID = BLAKCRB -VERSION_MAJOR = 0079 +VERSION_MAJOR = 0080 VERSION_MINOR = 01 diff --git a/Vlv2TbltDevicePkg/BiosIdx64D.env b/Vlv2TbltDevicePkg/BiosIdx64D.env index 5ed4b87456..289441ed66 100644 --- a/Vlv2TbltDevicePkg/BiosIdx64D.env +++ b/Vlv2TbltDevicePkg/BiosIdx64D.env @@ -25,6 +25,6 @@ BOARD_REV = 1 OEM_ID = X64 BUILD_TYPE = D -VERSION_MAJOR = 0079 +VERSION_MAJOR = 0080 VERSION_MINOR = 01 BOARD_ID = BBAYCRB diff --git a/Vlv2TbltDevicePkg/BiosIdx64R.env b/Vlv2TbltDevicePkg/BiosIdx64R.env index 21af131b0d..92bd556ded 100644 --- a/Vlv2TbltDevicePkg/BiosIdx64R.env +++ b/Vlv2TbltDevicePkg/BiosIdx64R.env @@ -25,6 +25,6 @@ BOARD_REV = 1 OEM_ID = X64 BUILD_TYPE = R -VERSION_MAJOR = 0079 +VERSION_MAJOR = 0080 VERSION_MINOR = 01 BOARD_ID = BBAYCRB diff --git a/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h b/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h index eb0a1760b0..6b9b83066e 100644 --- a/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h +++ b/Vlv2TbltDevicePkg/Include/Guid/SetupVariable.h @@ -1,6 +1,6 @@ /*++ - Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under @@ -1110,7 +1110,7 @@ typedef struct { UINT8 GfxBoost; UINT8 IgdThermal; UINT8 SEC00; - UINT8 SEC01; + UINT8 fTPM; UINT8 SEC02; UINT8 SEC03; UINT8 MeasuredBootEnable; diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c new file mode 100644 index 0000000000..9aebf528fb --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.c @@ -0,0 +1,242 @@ +/** @file + Execute pending TPM2 requests from OS or BIOS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + TrEEExecutePendingTpmRequest() will receive untrusted input and do validation. + +Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +/** + Get string by string id from HII Interface. + + @param[in] Id String ID. + + @retval CHAR16 * String from ID. + @retval NULL If error occurs. + +**/ +CHAR16 * +TrEEPhysicalPresenceGetStringById ( + IN EFI_STRING_ID Id + ) +{ + return NULL; +} + +/** + Send ClearControl and Clear command to TPM. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_TIMEOUT The register can't run into the expected status in time. + @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. + @retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +TpmCommandClear ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ) +{ + return EFI_SUCCESS; +} + +/** + Execute physical presence operation requested by the OS. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] CommandCode Physical presence operation value. + @param[in, out] PpiFlags The physical presence interface flags. + + @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation. + @retval TREE_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + receiving response from TPM. + @retval Others Return code from the TPM device after command execution. +**/ +UINT32 +TrEEExecutePhysicalPresence ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 CommandCode, + IN OUT EFI_TREE_PHYSICAL_PRESENCE_FLAGS *PpiFlags + ) +{ + return 0; +} + + +/** + Read the specified key for user confirmation. + + @param[in] CautionKey If true, F12 is used as confirm key; + If false, F10 is used as confirm key. + + @retval TRUE User confirmed the changes by input. + @retval FALSE User discarded the changes. +**/ +BOOLEAN +TrEEReadUserKey ( + IN BOOLEAN CautionKey + ) +{ + return FALSE; +} + +/** + The constructor function register UNI strings into imageHandle. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +EFIAPI +TrEEPhysicalPresenceLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return EFI_SUCCESS; +} + +/** + Display the confirm text and get user confirmation. + + @param[in] TpmPpCommand The requested TPM physical presence command. + + @retval TRUE The user has confirmed the changes. + @retval FALSE The user doesn't confirm the changes. +**/ +BOOLEAN +TrEEUserConfirm ( + IN UINT32 TpmPpCommand + ) +{ + return FALSE; +} + +/** + Check if there is a valid physical presence command request. Also updates parameter value + to whether the requested physical presence command already confirmed by user + + @param[in] TcgPpData EFI TrEE Physical Presence request data. + @param[in] Flags The physical presence interface flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm, or already confirmed + in last boot cycle by user. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. + +**/ +BOOLEAN +TrEEHaveValidTpmRequest ( + IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags, + OUT BOOLEAN *RequestConfirmed + ) +{ + return TRUE; +} + + +/** + Check and execute the requested physical presence command. + + Caution: This function may receive untrusted input. + TcgPpData variable is external input, so this function will validate + its data structure to be valid value. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] TcgPpData Point to the physical presence NV variable. + @param[in] Flags The physical presence interface flags. +**/ +VOID +TrEEExecutePendingTpmRequest ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN EFI_TREE_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_TREE_PHYSICAL_PRESENCE_FLAGS Flags + ) +{ + return; +} + +/** + Check and execute the pending TPM request. + + The TPM request may come from OS or BIOS. This API will display request information and wait + for user confirmation if TPM request exists. The TPM request will be sent to TPM device after + the TPM request is confirmed, and one or more reset may be required to make TPM request to + take effect. + + This API should be invoked after console in and console out are all ready as they are required + to display request information and get user input to confirm the request. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. +**/ +VOID +EFIAPI +TrEEPhysicalPresenceLibProcessRequest ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ) +{ + return; +} + +/** + Check if the pending TPM request needs user input to confirm. + + The TPM request may come from OS. This API will check if TPM request exists and need user + input to confirmation. + + @retval TRUE TPM needs input to confirm user physical presence. + @retval FALSE TPM doesn't need input to confirm user physical presence. + +**/ +BOOLEAN +EFIAPI +TrEEPhysicalPresenceLibNeedUserConfirm( + VOID + ) +{ + + return FALSE; +} + diff --git a/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf new file mode 100644 index 0000000000..64c17c63d1 --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf @@ -0,0 +1,46 @@ +## @file +# Null instance of DxeTrEEPhysicalPresenceLib +# +# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials are licensed and made available under +# the terms and conditions of the BSD License that accompanies this distribution. +# The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# +# + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeTrEEPhysicalPresenceLib + FILE_GUID = B41B3DB3-ACC5-4fcd-9992-891F3F9C0DA5 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = TrEEPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + DxeTrEEPhysicalPresenceLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + + +[Protocols] + + +[Guids] + diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c index 903b46d583..ad16267eca 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c @@ -1,6 +1,6 @@ /** @file - Copyright (c) 2004 - 2014, Intel Corporation. All rights reserved.
+ Copyright (c) 2004 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. @@ -1763,10 +1763,12 @@ PlatformBdsPolicyBehavior ( } -#ifdef TPM_ENABLED - TcgPhysicalPresenceLibProcessRequest(); -#endif - + #ifdef TPM_ENABLED + TcgPhysicalPresenceLibProcessRequest(); + #endif + #ifdef FTPM_ENABLE + TrEEPhysicalPresenceLibProcessRequest(NULL); + #endif // // Close boot script and install ready to lock // @@ -1951,10 +1953,12 @@ FULL_CONFIGURATION: PlatformBdsConnectSequence (); } } -#ifdef TPM_ENABLED + #ifdef TPM_ENABLED TcgPhysicalPresenceLibProcessRequest(); -#endif - + #endif + #ifdef FTPM_ENABLE + TrEEPhysicalPresenceLibProcessRequest(NULL); + #endif // // Close boot script and install ready to lock // diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf index da268b2a54..45578e8df4 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf @@ -68,7 +68,7 @@ PrintLib BaseCryptLib # TcgPhysicalPresenceLib -# TrEEPhysicalPresenceLib + TrEEPhysicalPresenceLib FileHandleLib S3BootScriptLib SerialPortLib diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c new file mode 100644 index 0000000000..ac8ae51edb --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.c @@ -0,0 +1,123 @@ +/*++ + +Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved + + This program and the accompanying materials are licensed and made available under + the terms and conditions of the BSD License that accompanies this distribution. + The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +--*/ + +#include +#include +#include +#include +//#include + + +PTT_PASS_THRU_PROTOCOL *mPttPassThruProtocol; + + +/** + The constructor function caches the pointer to PEI services. + + The constructor function caches the pointer to PEI services. + It will always return EFI_SUCCESS. + + @param FfsHeader Pointer to FFS header the loaded driver. + @param PeiServices Pointer to the PEI services. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ + +EFI_STATUS +EFIAPI +Tpm2DeviceLibConstructor ( + VOID + ) +{ + EFI_STATUS Status = EFI_SUCCESS; + + Status = gBS->LocateProtocol (&gPttPassThruProtocolGuid, NULL, (VOID **) &mPttPassThruProtocol); + + return Status; +} + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + EFI_STATUS Status; + + Status = mPttPassThruProtocol->Tpm2SubmitCommand ( + mPttPassThruProtocol, + InputParameterBlockSize, + InputParameterBlock, + OutputParameterBlockSize, + OutputParameterBlock + ); + + return Status; +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ) +{ + EFI_STATUS Status; + + Status = mPttPassThruProtocol->Tpm2RequestUseTpm (mPttPassThruProtocol); + + return Status; +} + +/** + This service register TPM2 device. + + @Param Tpm2Device TPM2 device + + @retval EFI_SUCCESS This TPM2 device is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this TPM2 device. + @retval EFI_ALREADY_STARTED System already register this TPM2 device. +**/ +EFI_STATUS +EFIAPI +Tpm2RegisterTpm2DeviceLib ( + IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device + ) +{ + return EFI_UNSUPPORTED; +} + + diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf new file mode 100644 index 0000000000..aa76ad0e79 --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf @@ -0,0 +1,67 @@ +#/** @file +# +# +# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials are licensed and made available under +# the terms and conditions of the BSD License that accompanies this distribution. +# The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# +# +# +#**/ + + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibSeC + FILE_GUID = 294B196A-A3CC-4a43-857F-EEC26147857B + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib | DXE_DRIVER DXE_SMM_DRIVER + CONSTRUCTOR = Tpm2DeviceLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources.common] + Tpm2DeviceLibSeC.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec + SecurityPkg/SecurityPkg.dec + Vlv2TbltDevicePkg/PlatformPkg.dec + +[LibraryClasses] + BaseLib + PcdLib + UefiBootServicesTableLib + + +[Guids] + gEfiVLVTokenSpaceGuid + +[Pcd] + gEfiVLVTokenSpaceGuid.PcdMeasuredBootEnable + gEfiVLVTokenSpaceGuid.PcdFTPMErrorOccur + gEfiVLVTokenSpaceGuid.PcdFTPMCommand + gEfiVLVTokenSpaceGuid.PcdFTPMResponse + gEfiVLVTokenSpaceGuid.PcdFTPMNotRespond + gEfiVLVTokenSpaceGuid.PcdFTPMStatus + +[Protocols] + gPttPassThruProtocolGuid + +[Depex] + gPttPassThruProtocolGuid + diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c new file mode 100644 index 0000000000..7386ea4646 --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.c @@ -0,0 +1,151 @@ +/*++ + +Copyright (c) 1999 - 2015, Intel Corporation. All rights reserved + + This program and the accompanying materials are licensed and made available under + the terms and conditions of the BSD License that accompanies this distribution. + The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + +--*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + + + + + + +PTT_PASS_THRU_PPI *SecPttPassThruPpi = NULL; + +/** + The constructor function caches the pointer to PEI services. + + The constructor function caches the pointer to PEI services. + It will always return EFI_SUCCESS. + + @param FfsHeader Pointer to FFS header the loaded driver. + @param PeiServices Pointer to the PEI services. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +Tpm2DeviceLibConstructor ( + VOID + ) +{ + EFI_STATUS Status = EFI_SUCCESS; + + Status = PeiServicesLocatePpi (&gPttPassThruPpiGuid, 0, NULL, (VOID **) &SecPttPassThruPpi); + if (EFI_ERROR (Status)) { + // Locate the PPI failed + SecPttPassThruPpi = NULL; + } + return Status; +} + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + EFI_STATUS Status = EFI_SUCCESS; + + if(NULL == InputParameterBlock || NULL == OutputParameterBlock || 0 == InputParameterBlockSize) { + DEBUG ((EFI_D_ERROR, "Buffer == NULL or InputParameterBlockSize == 0\n")); + Status = EFI_INVALID_PARAMETER; + return Status; + } + + if (NULL == SecPttPassThruPpi) { + // Don't locate PPI by calling Tpm2DeviceLibConstructor() function?? + Status = EFI_DEVICE_ERROR; + return Status; + } + + Status = SecPttPassThruPpi->Tpm2SubmitCommand ( + SecPttPassThruPpi, + InputParameterBlockSize, + InputParameterBlock, + OutputParameterBlockSize, + OutputParameterBlock + ); + + return Status; +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ) +{ + EFI_STATUS Status = EFI_SUCCESS; + + if (NULL == SecPttPassThruPpi) { + // Don't locate PPI by calling Tpm2DeviceLibConstructor() function?? + Status = EFI_DEVICE_ERROR; + return Status; + } + + Status = SecPttPassThruPpi->Tpm2RequestUseTpm (SecPttPassThruPpi); + + return Status; +} + +/** + This service register TPM2 device. + + @Param Tpm2Device TPM2 device + + @retval EFI_SUCCESS This TPM2 device is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this TPM2 device. + @retval EFI_ALREADY_STARTED System already register this TPM2 device. +**/ +EFI_STATUS +EFIAPI +Tpm2RegisterTpm2DeviceLib ( + IN PTT_TPM2_DEVICE_INTERFACE *Tpm2Device + ) +{ + return EFI_UNSUPPORTED; +} + + diff --git a/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf new file mode 100644 index 0000000000..7171a580f5 --- /dev/null +++ b/Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf @@ -0,0 +1,66 @@ +#/** @file +# +# +# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials are licensed and made available under +# the terms and conditions of the BSD License that accompanies this distribution. +# The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# +# +# +#**/ + + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibSeC + FILE_GUID = 1EEA2BFE-01CB-40cc-A34E-CB224C800AA2 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib | PEI_DRIVER PEIM + CONSTRUCTOR = Tpm2DeviceLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources.common] + Tpm2DeviceLibSeC.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + Vlv2DeviceRefCodePkg/Vlv2DeviceRefCodePkg.dec + SecurityPkg/SecurityPkg.dec + Vlv2TbltDevicePkg/PlatformPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + IoLib + PciLib + TimerLib + PcdLib + PeiServicesLib + PeimEntryPoint + + +[Guids] + +[Ppis] + gPttPassThruPpiGuid + +[Depex] + gPttPassThruPpiGuid + + diff --git a/Vlv2TbltDevicePkg/PlatformPei/Platform.c b/Vlv2TbltDevicePkg/PlatformPei/Platform.c index 1dab9ca851..899b4a9791 100644 --- a/Vlv2TbltDevicePkg/PlatformPei/Platform.c +++ b/Vlv2TbltDevicePkg/PlatformPei/Platform.c @@ -28,6 +28,7 @@ Module Name: #include #include #include +#include // // Start::Alpine Valley platform @@ -190,6 +191,67 @@ PeiSmbusExec ( UINT8 *Buffer ); + +EFI_STATUS +FtpmPolicyInit ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN SYSTEM_CONFIGURATION *pSystemConfiguration + ) +{ + EFI_STATUS Status; + EFI_PEI_PPI_DESCRIPTOR *mFtpmPolicyPpiDesc; + SEC_FTPM_POLICY_PPI *mFtpmPolicyPpi; + + + DEBUG((EFI_D_INFO, "FtpmPolicyInit Entry \n")); + + if (NULL == PeiServices || NULL == pSystemConfiguration) { + DEBUG((EFI_D_ERROR, "Input error. \n")); + return EFI_INVALID_PARAMETER; + } + + Status = (*PeiServices)->AllocatePool( + PeiServices, + sizeof (EFI_PEI_PPI_DESCRIPTOR), + (void **)&mFtpmPolicyPpiDesc + ); + ASSERT_EFI_ERROR (Status); + + Status = (*PeiServices)->AllocatePool( + PeiServices, + sizeof (SEC_FTPM_POLICY_PPI), + (void **)&mFtpmPolicyPpi + ); + ASSERT_EFI_ERROR (Status); + + // + // Initialize PPI + // + (*PeiServices)->SetMem ((VOID *)mFtpmPolicyPpi, sizeof (SEC_FTPM_POLICY_PPI), 0); + mFtpmPolicyPpiDesc->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; + mFtpmPolicyPpiDesc->Guid = &gSeCfTPMPolicyPpiGuid; + mFtpmPolicyPpiDesc->Ppi = mFtpmPolicyPpi; + + + DEBUG((EFI_D_INFO, "pSystemConfiguration->fTPM = 0x%x \n", pSystemConfiguration->fTPM)); + if(pSystemConfiguration->fTPM == 1) { + mFtpmPolicyPpi->fTPMEnable = TRUE; + } else { + mFtpmPolicyPpi->fTPMEnable = FALSE; + } + + Status = (*PeiServices)->InstallPpi( + PeiServices, + mFtpmPolicyPpiDesc + ); + ASSERT_EFI_ERROR (Status); + + DEBUG((EFI_D_INFO, "FtpmPolicyInit done \n")); + + return EFI_SUCCESS; +} + + /** This routine attempts to acquire the SMBus @@ -697,6 +759,14 @@ PeiInitPlatform ( ); +#ifdef FTPM_ENABLE + Status = FtpmPolicyInit(PeiServices, &SystemConfiguration); + if (EFI_ERROR (Status)) { + DEBUG((EFI_D_ERROR, "fTPM init failed.\n")); + } +#endif + + // // Set the new boot mode for MRC // diff --git a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf index af8bb19083..9c1cd08db5 100644 --- a/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf +++ b/Vlv2TbltDevicePkg/PlatformPei/PlatformPei.inf @@ -107,6 +107,7 @@ gPeiMfgMemoryTestPpiGuid gPeiSha256HashPpiGuid gVlvMmioPolicyPpiGuid + gSeCfTPMPolicyPpiGuid [Guids] gEfiSetupVariableGuid diff --git a/Vlv2TbltDevicePkg/PlatformPkg.fdf b/Vlv2TbltDevicePkg/PlatformPkg.fdf index afe35f8a8b..877ea27a74 100644 --- a/Vlv2TbltDevicePkg/PlatformPkg.fdf +++ b/Vlv2TbltDevicePkg/PlatformPkg.fdf @@ -1,7 +1,7 @@ #/** @file # FDF file of Platform. # -# Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.
# # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution. @@ -294,6 +294,9 @@ INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf !endif +!if $(FTPM_ENABLE) == TRUE +INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config +!endif INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf !if $(ACPI50_ENABLE) == TRUE @@ -349,6 +352,10 @@ INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf !endif +!if $(FTPM_ENABLE) == TRUE +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf +!endif + !if $(SOURCE_DEBUG_ENABLE) == TRUE INF SourceLevelDebugPkg/DebugAgentPei/DebugAgentPei.inf !endif @@ -497,11 +504,24 @@ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET INF IntelFrameworkModulePkg/Universal/LegacyRegionDxe/LegacyRegionDxe.inf INF Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInitDxe.inf !endif +!if $(MINNOW2_FSP_BUILD) == FALSE + !if $(SEC_ENABLE) == TRUE + INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf + INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf + !endif +!endif !if $(TPM_ENABLED) == TRUE INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf !endif +!if $(FTPM_ENABLE) == TRUE +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf +INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf +INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf +!endif # # EDK II Related Platform codes @@ -1010,6 +1030,7 @@ FV = BiosUpdate FILE SMM = $(NAMED_GUID) { SMM_DEPEX SMM_DEPEX |.depex PE32 PE32 |.efi + RAW BIN Optional |.aml UI STRING="$(MODULE_NAME)" Optional VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) } diff --git a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc index ec24fed407..db50b9322a 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgConfig.dsc @@ -1,7 +1,7 @@ #/** @file # platform configuration file. # -# Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.
# # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution. @@ -43,6 +43,7 @@ DEFINE CLKGEN_CONFIG_EXTRA_ENABLE=TRUE # DEFINE USE_HPET_TIMER = FALSE + # # Feature selection # diff --git a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf index 7d281ea0a7..43cdb121ef 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf +++ b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf @@ -1,7 +1,7 @@ #/** @file # FDF file of Platform. # -# Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.
# # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License that accompanies this distribution. @@ -252,6 +252,9 @@ INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf !endif +!if $(FTPM_ENABLE) == TRUE +INF SecurityPkg/Tcg/TrEEPei/TrEEPei.inf #use PCD config +!endif INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf !if $(ACPI50_ENABLE) == TRUE @@ -307,6 +310,10 @@ INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf !endif +!if $(FTPM_ENABLE) == TRUE +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf +!endif + !if $(SOURCE_DEBUG_ENABLE) == TRUE INF SourceLevelDebugPkg/DebugAgentPei/DebugAgentPei.inf !endif @@ -455,11 +462,24 @@ INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET INF IntelFrameworkModulePkg/Universal/LegacyRegionDxe/LegacyRegionDxe.inf INF Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInitDxe.inf !endif +!if $(MINNOW2_FSP_BUILD) == FALSE + !if $(SEC_ENABLE) == TRUE + INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf + INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf + !endif +!endif !if $(TPM_ENABLED) == TRUE INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF RuleOverride = DRIVER_ACPITABLE SecurityPkg/Tcg/TcgSmm/TcgSmm.inf !endif +!if $(FTPM_ENABLE) == TRUE +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf +INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf +INF SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf +!endif # # EDK II Related Platform codes @@ -968,6 +988,7 @@ FV = BiosUpdate FILE SMM = $(NAMED_GUID) { SMM_DEPEX SMM_DEPEX |.depex PE32 PE32 |.efi + RAW BIN Optional |.aml UI STRING="$(MODULE_NAME)" Optional VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) } diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc index 29ac7c1b0b..40b17d1e1a 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc @@ -77,6 +77,9 @@ DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000 + DEFINE SEC_ENABLE = FALSE + DEFINE SEC_DEBUG_INFO_ENABLE = FALSE + DEFINE FTPM_ENABLE = FALSE ################################################################################ # @@ -266,9 +269,18 @@ ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - +!if $(FTPM_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +!endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf +!if $(FTPM_ENABLE) == TRUE + TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf +!endif + + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf !if $(MINNOW2_FSP_BUILD) == TRUE FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf @@ -319,8 +331,9 @@ !if $(MINNOW2_FSP_BUILD) == TRUE PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf !endif - - +!if $(FTPM_ENABLE) == TRUE + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf +!endif [LibraryClasses.X64] # @@ -584,7 +597,7 @@ [PcdsFixedAtBuild.common] !if $(MINNOW2_FSP_BUILD) == TRUE -# $(FLASH_REGION_VLVMICROCODE_BASE) +# $(FLASH_REGION_VLVMICROCODE_BASE) gFspWrapperTokenSpaceGuid.PcdCpuMicrocodePatchAddress|0xFFD00000 # $(FLASH_REGION_VLVMICROCODE_SIZE) gFspWrapperTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize|0x00030000 @@ -595,7 +608,6 @@ gFspWrapperTokenSpaceGuid.PcdFlashCodeCacheSize|0x00800000 # $(FLASH_REGION_FSPBIN_BASE) gFspWrapperTokenSpaceGuid.PcdFlashFvFspBase|0xFFDB0000 - !endif !if $(PERFORMANCE_ENABLE) == TRUE @@ -811,6 +823,9 @@ !if $(TPM_ENABLED) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13} !endif + !if $(FTPM_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13} + !endif ## This PCD defines the video horizontal resolution. # This PCD could be set to 0 then video resolution could be at highest resolution. @@ -902,12 +917,20 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf { gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 + + !if $(FTPM_ENABLE)==TRUE + *_*_IA32_CC_FLAGS = /D FTPM_ENABLE + !endif } !if $(RC_BINARY_RELEASE) == TRUE $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf !endif +!if $(FTPM_ENABLE) == TRUE +$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf +!endif + !if $(RC_BINARY_RELEASE) == TRUE $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf { @@ -929,6 +952,9 @@ } !endif +!if $(FTPM_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf @@ -989,6 +1015,17 @@ !endif MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf +!if $(FTPM_ENABLE) == TRUE + SecurityPkg/Tcg/TrEEPei/TrEEPei.inf { + + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 + + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf + } +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { @@ -1083,6 +1120,9 @@ !endif !if $(TPM_ENABLED) == TRUE NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +!endif +!if $(FTPM_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf !endif } $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf @@ -1097,6 +1137,11 @@ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf + !if $(FTPM_ENABLE) == TRUE + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf + !else + TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf + !endif } $(PLATFORM_PACKAGE)/UiApp/UiApp.inf @@ -1200,6 +1245,32 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf +!if $(SEC_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf { +!if $(SEC_DEBUG_INFO_ENABLE) == TRUE + + *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=1 +!else + + *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=0 +!endif + } + + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf +!endif + +!if $(FTPM_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf + SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf + SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{ + + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf + } + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { @@ -1494,6 +1565,11 @@ DEFINE X64_BUILD_ENABLE = !endif +!if $(FTPM_ENABLE) == TRUE + DEFINE DSC_FTPM_BUILD_OPTIONS = -DFTPM_ENABLE +!else + DEFINE DSC_FTPM_BUILD_OPTIONS = +!endif !if $(TPM_ENABLED) == TRUE DEFINE DSC_TPM_BUILD_OPTIONS = -DTPM_ENABLED !else @@ -1501,7 +1577,7 @@ !endif - DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS) + DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS) !if $(PERFORMANCE_ENABLE) == TRUE DEFINE PDB_BUILD_OPTION = /Zi !endif diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc index 333b800e4e..795c17629e 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc @@ -77,6 +77,9 @@ DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000 + DEFINE SEC_ENABLE = TRUE + DEFINE SEC_DEBUG_INFO_ENABLE = TRUE + DEFINE FTPM_ENABLE = TRUE ################################################################################ # @@ -266,9 +269,18 @@ ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - +!if $(FTPM_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +!endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf +!if $(FTPM_ENABLE) == TRUE + TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf +!endif + + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf !if $(MINNOW2_FSP_BUILD) == TRUE FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf @@ -319,8 +331,9 @@ !if $(MINNOW2_FSP_BUILD) == TRUE PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf !endif - - +!if $(FTPM_ENABLE) == TRUE + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf +!endif [LibraryClasses.IA32] # @@ -810,6 +823,9 @@ !if $(TPM_ENABLED) == TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13} !endif + !if $(FTPM_ENABLE) == TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x7b, 0x3a, 0xcd, 0x72, 0xA5, 0xFE, 0x5e, 0x4f, 0x91, 0x65, 0x4d, 0xd1, 0x21, 0x87, 0xbb, 0x13} + !endif ## This PCD defines the video horizontal resolution. # This PCD could be set to 0 then video resolution could be at highest resolution. @@ -898,12 +914,20 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf { gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 + + !if $(FTPM_ENABLE)==TRUE + *_*_IA32_CC_FLAGS = /D FTPM_ENABLE + !endif } !if $(RC_BINARY_RELEASE) == TRUE $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf !endif +!if $(FTPM_ENABLE) == TRUE +$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf +!endif + !if $(RC_BINARY_RELEASE) == TRUE $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf { @@ -925,6 +949,9 @@ } !endif +!if $(FTPM_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf @@ -985,6 +1012,17 @@ !endif MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf +!if $(FTPM_ENABLE) == TRUE + SecurityPkg/Tcg/TrEEPei/TrEEPei.inf { + + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 + + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf + } +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { @@ -1078,6 +1116,9 @@ !endif !if $(TPM_ENABLED) == TRUE NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +!endif +!if $(FTPM_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf !endif } $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf @@ -1092,6 +1133,11 @@ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf + !if $(FTPM_ENABLE) == TRUE + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf + !else + TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf + !endif } $(PLATFORM_PACKAGE)/UiApp/UiApp.inf @@ -1195,6 +1241,32 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf +!if $(SEC_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf { +!if $(SEC_DEBUG_INFO_ENABLE) == TRUE + + *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=1 +!else + + *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=0 +!endif + } + + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf +!endif + +!if $(FTPM_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf + SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf + SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{ + + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf + } + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { @@ -1483,6 +1555,11 @@ DEFINE X64_BUILD_ENABLE = !endif +!if $(FTPM_ENABLE) == TRUE + DEFINE DSC_FTPM_BUILD_OPTIONS = /DFTPM_ENABLE +!else + DEFINE DSC_FTPM_BUILD_OPTIONS = +!endif !if $(TPM_ENABLED) == TRUE DEFINE DSC_TPM_BUILD_OPTIONS = /DTPM_ENABLED !else @@ -1490,7 +1567,7 @@ !endif - DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS) + DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS) !if $(PERFORMANCE_ENABLE) == TRUE DEFINE PDB_BUILD_OPTION = /Zi !endif diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc index f49195b4c0..44239d64e1 100644 --- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc +++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc @@ -76,7 +76,10 @@ !endif DEFINE PLATFORM_PCIEXPRESS_BASE = 0E0000000 - + + DEFINE SEC_ENABLE = FALSE + DEFINE SEC_DEBUG_INFO_ENABLE = FALSE + DEFINE FTPM_ENABLE = FALSE ################################################################################ # @@ -266,9 +269,18 @@ ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf - +!if $(FTPM_ENABLE) == TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf +!endif TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf +!if $(FTPM_ENABLE) == TRUE + TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf +!endif + + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf !if $(MINNOW2_FSP_BUILD) == TRUE FspApiLib|IntelFspWrapperPkg/Library/BaseFspApiLib/BaseFspApiLib.inf @@ -319,8 +331,9 @@ !if $(MINNOW2_FSP_BUILD) == TRUE PlatformFspLib|Vlv2TbltDevicePkg/Library/PlatformFspLib/PlatformFspLib.inf !endif - - +!if $(FTPM_ENABLE) == TRUE + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCPei/Tpm2DeviceLibSeC.inf +!endif [LibraryClasses.X64] # @@ -898,12 +911,20 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/MemoryInit.inf { gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 + + !if $(FTPM_ENABLE)==TRUE + *_*_IA32_CC_FLAGS = /D FTPM_ENABLE + !endif } !if $(RC_BINARY_RELEASE) == TRUE $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/SeCUma.inf !endif +!if $(FTPM_ENABLE) == TRUE +$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/fTPMInitPeim.inf +!endif + !if $(RC_BINARY_RELEASE) == TRUE $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf { @@ -925,6 +946,9 @@ } !endif +!if $(FTPM_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/Tpm2DeviceSeCPei.inf +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf @@ -985,6 +1009,17 @@ !endif MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf +!if $(FTPM_ENABLE) == TRUE + SecurityPkg/Tcg/TrEEPei/TrEEPei.inf { + + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80000046 + + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + NULL|SecurityPkg/Library\HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf + } +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { @@ -1078,6 +1113,9 @@ !endif !if $(TPM_ENABLED) == TRUE NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +!endif +!if $(FTPM_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf !endif } $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/MpCpu.inf @@ -1092,6 +1130,11 @@ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf + !if $(FTPM_ENABLE) == TRUE + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf + !else + TrEEPhysicalPresenceLib|$(PLATFORM_PACKAGE)/Library/DxeTrEEPhysicalPresenceLibNull/DxeTrEEPhysicalPresenceLibNull.inf + !endif } $(PLATFORM_PACKAGE)/UiApp/UiApp.inf @@ -1195,6 +1238,32 @@ $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Dptf.inf $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PnpDxe.inf +!if $(SEC_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/HeciDrv.inf { +!if $(SEC_DEBUG_INFO_ENABLE) == TRUE + + *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=1 +!else + + *_*_X64_CC_FLAGS = /DSEC_DEBUG_INFO=0 +!endif + } + + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/SeCPolicyInitDxe.inf +!endif + +!if $(FTPM_ENABLE) == TRUE + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/Tpm2DeviceSeCDxe.inf + SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf + SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf{ + + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + PcdLib|MdePkg/Library\DxePcdLib/DxePcdLib.inf + Tpm2DeviceLib|Vlv2TbltDevicePkg/Library/Tpm2DeviceLibSeCDxe/Tpm2DeviceLibSeC.inf + } + $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/FtpmSmm.inf +!endif !if $(TPM_ENABLED) == TRUE SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf { @@ -1483,6 +1552,11 @@ DEFINE X64_BUILD_ENABLE = !endif +!if $(FTPM_ENABLE) == TRUE + DEFINE DSC_FTPM_BUILD_OPTIONS = /DFTPM_ENABLE +!else + DEFINE DSC_FTPM_BUILD_OPTIONS = +!endif !if $(TPM_ENABLED) == TRUE DEFINE DSC_TPM_BUILD_OPTIONS = /DTPM_ENABLED !else @@ -1490,7 +1564,7 @@ !endif - DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS) + DEFINE EDK_EDKII_DSC_FEATURE_BUILD_OPTIONS = $(MINNOW2_FSP_OPTION) $(MINNOW2_BUILD_OPTION) $(ENBDT_PF_ENABLE) $(EXTERNAL_VGA_BUILD_OPTION) $(PCIE_ENUM_WA_BUILD_OPTION) $(X0_WA_ENABLE_BUILD_OPTION) $(A0_WA_ENABLE_BUILD_OPTION) $(MICROCODE_FREE_BUILD_OPTIONS) $(SIMICS_BUILD_OPTIONS) $(HYBRID_BUILD_OPTIONS) $(COMPACT_BUILD_OPTIONS) $(VP_BUILD_OPTIONS) $(SYSCTL_ID_BUILD_OPTION) $(CLKGEN_CONFIG_EXTRA_BUILD_OPTION) $(SYSCTL_X0_CONVERT_BOARD_OPTION) $(ENBDT_S3_SUPPORT_OPTIONS) $(SATA_SUPPORT_BUILD_OPTION) $(PCIESC_SUPPORT_BUILD_OPTION) $(DSC_FTPM_BUILD_OPTIONS) $(DSC_FTPM_ERROR_WR_BUILD_OPTIONS) $(DSC_TPM_BUILD_OPTIONS) $(DSC_BYTI_SECURE_BOOT_BUILD_OPTIONS) !if $(PERFORMANCE_ENABLE) == TRUE DEFINE PDB_BUILD_OPTION = /Zi !endif diff --git a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi index f4922ff0b6..52470edf6b 100644 --- a/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi +++ b/Vlv2TbltDevicePkg/PlatformSetupDxe/Security.vfi @@ -37,19 +37,32 @@ form formid = SECURITY_CONFIGURATION_FORM_ID, //TPM related // subtitle text = STRING_TOKEN(STR_TPM_CONFIGURATION_PROMPT); +grayoutif ideqval Setup.ETpm== 0x1; + oneof varid = Setup.fTPM, + prompt = STRING_TOKEN(STR_PTT_PROMPT), + help = STRING_TOKEN(STR_PTT_HELP), + option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + endoneof; +endif; + +grayoutif ideqval Setup.fTPM == 0x1; oneof varid = Setup.ETpm, prompt = STRING_TOKEN(STR_TPM_PROMPT), help = STRING_TOKEN(STR_TPM_HELP), - option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; - option text = STRING_TOKEN(STR_DISABLE), value= 0, flags= RESET_REQUIRED; + option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISABLE), value= 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; endoneof; +endif; +suppressif ideqval Setup.fTPM == 0; oneof varid = Setup.MeasuredBootEnable, prompt = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_PROMPT), help = STRING_TOKEN(STR_MEASURED_BOOT_ENABLE_HELP), option text = STRING_TOKEN(STR_DISABLE), value = 0, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_ENABLE), value = 1, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; endoneof; +endif; subtitle text = STRING_TOKEN(STR_NULL_STRING); -- cgit v1.2.3