ArmVirtPkg: Disable the TPM2 platform hierarchy
Disable the TPM2 platform hierarchy by directly calling ConfigureTpmPlatformHierarchy(). Per the TCG firmware specification "TCG PC Client Platform Firmware Profile Specification" the TPM 2 platform hierarchy needs to be disabled or a random password set and discarded before the firmware passes control to the next stage bootloader or kernel. Current specs are here: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf Section 11 states: "Platform Firmware MUST protect access to the Platform Hierarchy and prevent access to the platform hierarchy by non-manufacturer- controlled components." Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3510 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
This commit is contained in:
Stefan Berger
committed by
mergify[bot]
mergify[bot]
parent
b3685956d2
commit
c806b76865
@@ -48,6 +48,7 @@
|
||||
QemuBootOrderLib
|
||||
QemuLoadImageLib
|
||||
ReportStatusCodeLib
|
||||
TpmPlatformHierarchyLib
|
||||
UefiBootManagerLib
|
||||
UefiBootServicesTableLib
|
||||
UefiLib
|
||||
|
||||
Reference in New Issue
Block a user