Use the newly added function to disable the TPM2 platform hierarchy. Do this after handling physical presence interface opcodes because the TPM 2 commands they produce may require access to the platform hierarchy.
Signed-off-by: Stefan Berger <[email protected]> --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 6 ++++++ OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c | 6 ++++++ OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 71f63b2448..196d1c7200 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -11,6 +11,7 @@ #include <Protocol/FirmwareVolume2.h> #include <Library/PlatformBmPrintScLib.h> #include <Library/Tcg2PhysicalPresenceLib.h> +#include <Library/TpmPlatformHierarchyLib.h> #include <Library/XenPlatformLib.h> @@ -1516,6 +1517,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Process QEMU's -kernel command line option // diff --git a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c index eaade4adea..46174b93f4 100644 --- a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c @@ -12,6 +12,7 @@ #include <Protocol/FirmwareVolume2.h> #include <Library/PlatformBmPrintScLib.h> #include <Library/Tcg2PhysicalPresenceLib.h> +#include <Library/TpmPlatformHierarchyLib.h> #include <Protocol/BlockIo.h> @@ -1450,6 +1451,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Perform some platform specific connect sequence // diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c index 7cceeea487..22af934118 100644 --- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c @@ -12,6 +12,7 @@ #include <Protocol/FirmwareVolume2.h> #include <Library/PlatformBmPrintScLib.h> #include <Library/Tcg2PhysicalPresenceLib.h> +#include <Library/TpmPlatformHierarchyLib.h> // @@ -1315,6 +1316,11 @@ PlatformBootManagerAfterConsole ( // Tcg2PhysicalPresenceLibProcessRequest (NULL); + // + // Disable the TPM 2 platform hierarchy + // + ConfigureTpmPlatformHierarchy (); + // // Process QEMU's -kernel command line option // -- 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80358): https://edk2.groups.io/g/devel/message/80358 Mute This Topic: https://groups.io/mt/85459205/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
