Hi Ben,
Changing gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid do the trick! Now
when I boot my system I can see the PCRs 0 to 9 populated.
I have some questions regarding the values I see in the PCRs (different
versions of coreboot+tianocore populate the PCRs0-7 with the same values)
but I'll ask in the UEFI/EDKII mailing list.
Attached are the changes I've imported into the tianocore master branch to
make it works, if someone else wants to play with it...
Thanks for your help!
Jorge
________________________________
De: You, Benjamin <benjamin....@intel.com>
Enviado: sábado, 22 de septiembre de 2018 5:33:30
Para: Jorge Fernandez Monteagudo; coreboot@coreboot.org
Asunto: RE: [coreboot] Tianocore and TPM
Hi Jorge,
Could you please try setting gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid
to the expected value (0x286bf ...) in your .dsc file? Since there has been a
change of the Tmp2IntanceLib, this GUID setting has to be changed accordingly.
Since these are generic UEFI / EDKII questions and not Coreboot payload
specific, could you please try posting further questions to the EDKII mailing
list (https://lists.01.org/mailman/listinfo/edk2-devel)? -- there are much more
EDKII expertise there.
Thanks,
- ben
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Friday, September 21, 2018 10:04 PM
To: You, Benjamin <benjamin....@intel.com>; coreboot@coreboot.org
Subject: Re: [coreboot] Tianocore and TPM
Hi Benjamin,
Enabling debug messages I've found something:
Loading driver FDFF263D-5F68-4591-87BA-B768F445A9AF
InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B 8F3EE7C0
PDB =
/mnt/develop/bettong/coreboot/master/coreboot_tiano_master/payloads/external/tianocore/tianocore/Build/CorebootPayloadPkgX64/DEBUG_COREBOOT/X64/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe/DEBUG/Tcg2Dxe.dll
Loading driver at 0x0008F3D2000 EntryPoint=0x0008F3D2240 Tcg2Dxe.efi
InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 8F3EEA18
ProtectUefiImageCommon - 0x8F3EE7C0
- 0x000000008F3D2000 - 0x000000000000D800
PROGRESS CODE: V03040002 I0
WARNING: Tpm2RegisterTpm2DeviceLib - does not support
286BF25A-C2C3-408C-B3B4-25E6758B7317 registration
TPM2 not detected!
Error: Image at 0008F3D2000 start failed: Unsupported
PDB =
/mnt/develop/bettong/coreboot/master/coreboot_tiano_master/payloads/external/tianocore/tianocore/Build/CorebootPayloadPkgX64/DEBUG_COREBOOT/X64/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe/DEBUG/Tcg2Dxe.dll
PROGRESS CODE: V03040003 I0
I'll try to find more info about this warning and I'll try to see the code
where the TPM2 is detected in the edk2-staging branch
________________________________________
De: coreboot <coreboot-boun...@coreboot.org> en nombre de Jorge Fernandez
Monteagudo <jorg...@cirsa.com>
Enviado: viernes, 21 de septiembre de 2018 13:01:23
Para: You, Benjamin; coreboot@coreboot.org
Asunto: Re: [coreboot] Tianocore and TPM
Hi,
I'll try modifying the Setup/Miscs/Setup.ini from
CustomizationSample/Boards/Qemu to enable ftpm
and generate an external payload but when boot with this coreboot.rom flashed I
only get a black
screen once the tianocore is executed with the next traces:
BS: BS_PAYLOAD_LOAD times (us): entry 0 run 101395 exit 0
Jumping to boot code at 006009a0(8fe0f000)
CPU0: stack: 8ff20000 - 8ff21000, lowest used address 8ff205e0, stack used:
2592 bytes
PROGRESS CODE: V03020003 I0
PROGRESS CODE: V03020002 I0
PROGRESS CODE: V03020003 I0
PROGRESS CODE: V03020002 I0
PROGRESS CODE: V03020003 I0
PROGRESS CODE: V03021001 I0
PROGRESS CODE: V03040003 I0
PROGRESS CODE: V03040002 I0
PROGRESS CODE: V03040003 I0
PROGRESS CODE: V03040002 I0
I've tried mixing the dsc, dec and fdf files from the edk2-staging and the
CorebootPayloadPkg ones but
no TPM menu in the device manager menu is shown. I'm using
NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
instead of
NULL|UefiPayloadPkg/Library/Tpm2InstanceLib/Tpm2InstanceLib.inf
Is it correct? Or I have to integrate this library in the CorebootPayloadPkg?
Now I'm trying with the tianocore master version instead of the stable one.
Do you know if there is a TPM menu shown in the device manager menu once is
detected? How the TPM2 is detected?
Do you have a "generic" CustomizationSample/Board?
I think it's more complicated that I expected!
Any hint is welcome!
Jorge
________________________________________
De: coreboot <coreboot-boun...@coreboot.org> en nombre de Jorge Fernandez
Monteagudo <jorg...@cirsa.com>
Enviado: jueves, 20 de septiembre de 2018 10:31:20
Para: You, Benjamin; coreboot@coreboot.org
Asunto: Re: [coreboot] Tianocore and TPM
Hi Ben,
Adding the 'generic' board it's an interesting option as a starting point to
develop/porting to new boards.
I'll try your suggestion to incorporate the changes from dsc and fdf files to
my current working Tianocore coreboot payload.
I'll report back the results!
Thanks!
Jorge
________________________________________
De: You, Benjamin <benjamin....@intel.com>
Enviado: jueves, 20 de septiembre de 2018 10:21:55
Para: Jorge Fernandez Monteagudo; coreboot@coreboot.org
Asunto: RE: [coreboot] Tianocore and TPM
Hi Jorge,
You could use UEFI Payload's .dsc and .fdf files as a reference and modify the
TianoCore CorebootPayload's .dsc and .fdf files accordingly for those TPM
related modules.
UEFI Payload is under development (in staging area) and hasn't reached the
quality standard required by EDKII master.
On CustomizationSample/Boards, yes it is required. However, a board's content
may be trivial (as in the Qemu folder). Per your suggestion, probably we can
add a board named "generic" that has all the minimalized settings so user won't
have to create a new one if the "generic" one meets the needs.
Thanks!
- ben
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Thursday, September 20, 2018 3:24 PM
To: You, Benjamin <benjamin....@intel.com>; coreboot@coreboot.org
Subject: Re: Tianocore and TPM
Hi Ben!
Thanks for the info! I have one question. Have I to implement a
CustomizationSample/Boards for my board? With the current
tianocore payload I don't have to implement nothing to have a working UEFI...
Thanks!
Jorge
________________________________________
De: You, Benjamin <benjamin....@intel.com>
Enviado: jueves, 20 de septiembre de 2018 3:42:33
Para: Jorge Fernandez Monteagudo; coreboot@coreboot.org
Asunto: RE: Tianocore and TPM
Hi,
Another note is on the use of
NULL|UefiPayloadPkg/Library/Tpm2InstanceLib/Tpm2InstanceLib.inf. This lib is
not fully populated right now.
Please consider using
NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf depending on
your needs.
Thanks,
- ben
From: coreboot [mailto:coreboot-boun...@coreboot.org] On Behalf Of You, Benjamin
Sent: Thursday, September 20, 2018 8:44 AM
To: Jorge Fernandez Monteagudo <jorg...@cirsa.com>; coreboot@coreboot.org
Subject: Re: [coreboot] Tianocore and TPM
Hi Jorge,
The staging UEFI Payload project
(https://github.com/tianocore/edk2-staging/tree/UEFIPayload) has TPM support
(although turned off by default, and using "FTPM" as the name (which needs to
be fixed)).
Please have a look at UefiPayloadPkgIA32X64.dsc for the components under tag
"$(FTPM_ENABLE)". These components mainly do the measuring of firmware
components and log the results.
Also there is parsing logic in Library/PlatformInfoParseLib/ParseLib.c that
parses TPM info in ACPI table passed from Coreboot. (This logic hasn't been
sufficiently verified as this is still a "staging" project).
You might have a try. Please let us know if you see any bugs / problems in
these. You might also use the EDKII mailing list for discussing issues with the
UEFI Payload.
Thanks,
- ben
From: coreboot [mailto:coreboot-boun...@coreboot.org] On Behalf Of Jorge
Fernandez Monteagudo
Sent: Wednesday, September 19, 2018 5:24 PM
To: coreboot@coreboot.org
Subject: [coreboot] Tianocore and TPM
Hi all!
I'm trying to enable the TPM2 support in the tianocore payload. The TPM2 device
is working, because I've enabled the DEBUG_TPM and coreboot reports is up. I
guess that I have to modify the 'CorebootPayloadPkgIa32X64.dsc' file to enable
the TPM support but there are so many dependencies. Anybody has a working
tianocore payload with TPM?
Thanks!
diff --git a/CorebootModulePkg/CorebootModulePkg.dec b/CorebootModulePkg/CorebootModulePkg.dec
index 20932a1..7372773 100644
--- a/CorebootModulePkg/CorebootModulePkg.dec
+++ b/CorebootModulePkg/CorebootModulePkg.dec
@@ -35,6 +35,8 @@
gUefiFrameBufferInfoGuid = {0xdc2cd8bd, 0x402c, 0x4dc4, {0x9b, 0xe0, 0xc, 0x43, 0x2b, 0x7, 0xfa, 0x34}}
gEfiPciExpressBaseAddressGuid = {0x3677d529, 0x326f, 0x4603, {0xa9, 0x26, 0xea, 0xac, 0xe0, 0x1d, 0xcb, 0xb0 }}
gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}}
+ gPayloadTpm2DeviceInstanceGuid = { 0x8fe03b09, 0xcc66, 0x4797, { 0xba, 0x99, 0xfb, 0x92, 0x35, 0xb9, 0x80, 0x52 } }
+ gUefiTpmInfoGuid = { 0x3BC812AA, 0xB998, 0x4B05, { 0xA0, 0xDF, 0xE5, 0x34, 0xED, 0x08, 0xEE, 0xBB}}
## Include/Guid/PciOptionRomTable.h
gEfiPciOptionRomTableGuid = { 0x7462660F, 0x1CBD, 0x48DA, { 0xAD, 0x11, 0x91, 0x71, 0x79, 0x13, 0x83, 0x1C }}
diff --git a/CorebootPayloadPkg/CorebootPayloadPkg.fdf b/CorebootPayloadPkg/CorebootPayloadPkg.fdf
index 0961e96..76e4e78 100644
--- a/CorebootPayloadPkg/CorebootPayloadPkg.fdf
+++ b/CorebootPayloadPkg/CorebootPayloadPkg.fdf
@@ -128,13 +128,26 @@ INF MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
INF DuetPkg/PciRootBridgeNoEnumerationDxe/PciRootBridgeNoEnumeration.inf
INF DuetPkg/PciBusNoEnumerationDxe/PciBusNoEnumeration.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
#
# ISA Support
#
INF MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
-INF PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf
-INF IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf
-INF IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf
+INF PcAtChipsetPkg/IsaAcpiDxe/IsaAcpi.inf
+INF IntelFrameworkModulePkg/Bus/Isa/IsaBusDxe/IsaBusDxe.inf
+INF IntelFrameworkModulePkg/Bus/Isa/Ps2KeyboardDxe/Ps2keyboardDxe.inf
+
+!if $(FTPM_ENABLE) == TRUE
+ INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+# INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+## INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+## INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+## INF RuleOverride = DRIVER_ACPITABLE UefiPayloadPkg/Drivers/Tcg2Smm/Tcg2Smm.inf
+## INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+!endif
#
# Console Support
diff --git a/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc b/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc
index 5470c11..dd6ff0b 100644
--- a/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc
+++ b/CorebootPayloadPkg/CorebootPayloadPkgIa32X64.dsc
@@ -32,6 +32,7 @@
DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
+ DEFINE FTPM_ENABLE = TRUE
#
# CPU options
@@ -165,6 +166,8 @@
UefiUsbLib|MdePkg/Library/UefiUsbLib/UefiUsbLib.inf
UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf
OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+ BmpSupportLib|MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf
GenericBdsLib|IntelFrameworkModulePkg/Library/GenericBdsLib/GenericBdsLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
SecurityManagementLib|MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
@@ -188,6 +191,16 @@
IoApicLib|PcAtChipsetPkg/Library/BaseIoApicLib/BaseIoApicLib.inf
CbPlatformSupportLib|CorebootModulePkg/Library/CbPlatformSupportLibNull/CbPlatformSupportLibNull.inf
+!if $(FTPM_ENABLE) == TRUE
+ TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+ Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
+!endif
+
#
# Misc
#
@@ -205,6 +218,25 @@
LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
+ #
+ #API
+ #
+ FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+!if $(FTPM_ENABLE) == FALSE
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!endif
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+!else
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+!endif
+
[LibraryClasses.IA32.SEC]
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -251,6 +283,9 @@
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
[LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION]
PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
@@ -258,6 +293,33 @@
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+[LibraryClasses.common.SMM_CORE]
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+ SmmServicesTableLib|MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf
+ ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+ MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
+ SmmCorePlatformHookLib|MdeModulePkg/Library/SmmCorePlatformHookLibNull/SmmCorePlatformHookLibNull.inf
+ SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
+
+[LibraryClasses.common.DXE_SMM_DRIVER]
+ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
+ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+ ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
+ MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
+ SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
+ SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ SmmCpuPlatformHookLib|UefiCpuPkg/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf
+ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
+ SmmCpuFeaturesLib|UefiCpuPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+!endif
+!if $(FTPM_ENABLE) == TRUE
+ Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+!endif
+
################################################################################
#
# Pcd Section - list of all EDK II PCD Entries defined by this Platform.
@@ -284,6 +346,14 @@
!if $(SOURCE_DEBUG_ENABLE)
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
!endif
+!if $(FTPM_ENABLE) == TRUE
+ # Set it to false to avoid reset at memory mapping difference when enable TPM
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
+!endif
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+!endif
[PcdsPatchableInModule.common]
gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7
@@ -358,6 +428,15 @@
## The PCD is used to specify the video vertical resolution of text setup.
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|0
+ # 286BF25A-C2C3-408C-B3B4-25E6758B7317
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x5A, 0xF2, 0x6B, 0x28, 0xC3, 0xC2, 0x8C, 0x40, 0xB3, 0xB4, 0x25, 0xE6, 0x75, 0x8B, 0x73, 0x17}
+ #gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid |{0x66, 0x6f, 0xd6, 0x93, 0xda, 0x55, 0x03, 0x4f, 0x9b, 0x5f, 0x32, 0xcf, 0x9e, 0x54, 0x3b, 0x3a}
+
+ # (BIT0 - SHA1. BIT1 - SHA256)
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x00000003
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|0x00000003
+
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform.
@@ -399,7 +478,16 @@
#
# Components that produce the architectural protocols
#
- MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+ MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
+ <LibraryClasses>
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+ !endif
+ !if $(FTPM_ENABLE) == TRUE
+ NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
+ !endif
+ }
+
UefiCpuPkg/CpuDxe/CpuDxe.inf
IntelFrameworkModulePkg/Universal/BdsDxe/BdsDxe.inf {
@@ -441,6 +529,10 @@
CorebootModulePkg/CbSupportDxe/CbSupportDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
#
# SMBIOS Support
#
@@ -457,6 +549,20 @@
DuetPkg/PciRootBridgeNoEnumerationDxe/PciRootBridgeNoEnumeration.inf
DuetPkg/PciBusNoEnumerationDxe/PciBusNoEnumeration.inf
+!if $(FTPM_ENABLE) == TRUE
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+# SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
+ <LibraryClasses>
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+ NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+ }
+!endif
+
#
# SCSI/ATA/IDE/DISK Support
#
--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
