sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

UefiPayloadPkg: Add TPM support

Browse Source 
* Add support for TPM1.2 and TPM2.

This adds measured boot support and will be extended with Secureboot.

Signed-off-by: Christian Walter <christian.walter@9elements.com>
This commit is contained in:
Christian Walter
2020-05-25 09:27:49 +02:00
committed by Tim Crawford
parent 7f99fae217
commit 25af751320
2 changed files with 46 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
UefiPayloadPkg/UefiPayloadPkg.dsc
View File

@ -105,6 +105,7 @@
# Security options: # Security options:
# #
DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE TPM_ENABLE = FALSE
[BuildOptions] [BuildOptions]
*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
@ -252,7 +253,7 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
@ -265,6 +266,16 @@
[LibraryClasses.common] [LibraryClasses.common]
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
!if $(TPM_ENABLE) == TRUE
Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
!else
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
!endif
[LibraryClasses.common.SEC] [LibraryClasses.common.SEC]
HobLib|UefiPayloadPkg/Library/PayloadEntryHobLib/HobLib.inf HobLib|UefiPayloadPkg/Library/PayloadEntryHobLib/HobLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@ -293,6 +304,7 @@
!else !else
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif !endif
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
[LibraryClasses.common.DXE_DRIVER] [LibraryClasses.common.DXE_DRIVER]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@ -316,6 +328,7 @@
!else !else
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif !endif
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
[LibraryClasses.common.DXE_RUNTIME_DRIVER] [LibraryClasses.common.DXE_RUNTIME_DRIVER]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@ -465,6 +478,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|TRUE
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|0
################################################################################ ################################################################################
# #
@ -648,6 +662,28 @@
# #
UefiPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf UefiPayloadPkg/BlSMMStoreDxe/BlSMMStoreDxe.inf
!if $(TPM_ENABLE) == TRUE
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
}
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
}
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf {
<LibraryClasses>
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
}
!endif
#------------------------------ #------------------------------
# Build the shell # Build the shell
#------------------------------ #------------------------------

9
UefiPayloadPkg/UefiPayloadPkg.fdf
View File

@ -211,6 +211,15 @@ INF MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHcDxe.inf
INF MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf INF MdeModulePkg/Bus/Sd/EmmcDxe/EmmcDxe.inf
INF MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf INF MdeModulePkg/Bus/Sd/SdDxe/SdDxe.inf
#
# TPM support
#
!if $(TPM_ENABLE) == TRUE
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
!endif
# #
# Usb Support # Usb Support
# #