QuarkPlatformPkg: Add MEASURED_BOOT_ENABLE feature

Add MEASURED_BOOT_ENABLE flag Add TPM_12_HARDWARE flag Add TrEEConfigPei to detect TPM 1.2 hardware device Use Tpm12DeviceLib instance for Atmel I2C TPM Use Tpm12DeviceLib instance for Infineon I2C TPM Add TcgPei and TcgDxe modules for TPM 1.2 support Clean up TpmMeasurementLib mappings Cc: Kelly Steele <kelly.steele@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Kelly Steele <kelly.steele@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19732 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-21 19:30:43 +00:00 · 2016-01-21 19:30:43 +00:00 · 6ceeb1e23b
parent 957649a77d
commit 6ceeb1e23b
2 changed files with 81 additions and 16 deletions
--- a/QuarkPlatformPkg/Quark.dsc
+++ b/QuarkPlatformPkg/Quark.dsc
@ -34,11 +34,21 @@
  #
  # Platform On/Off features are defined here
  #
-  DEFINE GALILEO             = GEN2
-  DEFINE SECURE_BOOT_ENABLE  = FALSE
-  DEFINE SOURCE_DEBUG_ENABLE = FALSE
-  DEFINE PERFORMANCE_ENABLE  = FALSE
-  DEFINE LOGGING             = FALSE
+  DEFINE SECURE_BOOT_ENABLE   = FALSE
+  DEFINE MEASURED_BOOT_ENABLE = FALSE
+  DEFINE SOURCE_DEBUG_ENABLE  = FALSE
+  DEFINE PERFORMANCE_ENABLE   = FALSE
+  DEFINE LOGGING              = FALSE
+
+  #
+  # Galileo board.  Options are [GEN1, GEN2]
+  #
+  DEFINE GALILEO              = GEN2
+
+  #
+  # TPM 1.2 Hardware.  Options are [NONE, LPC, ATMEL_I2C, INFINEON_I2C]
+  #
+  DEFINE TPM_12_HARDWARE      = NONE

  !if $(TARGET) == "DEBUG"
    DEFINE LOGGING = TRUE
@ -148,17 +158,36 @@
 !else
  PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
 !endif
-!if $(SECURE_BOOT_ENABLE)
-  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-  PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!endif
+
+!if $(SECURE_BOOT_ENABLE)
+  PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
  AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 !else
-  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
  AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
 !endif
+
+!if $(MEASURED_BOOT_ENABLE)
+  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+  Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
+!if $(TPM_12_HARDWARE) == LPC
+  Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
+!endif
+!if $(TPM_12_HARDWARE) == ATMEL_I2C
+  Tpm12DeviceLib|QuarkPlatformPkg/Library/Tpm12DeviceLibAtmelI2c/Tpm12DeviceLibAtmelI2c.inf
+!endif
+!if $(TPM_12_HARDWARE) == INFINEON_I2C
+  Tpm12DeviceLib|QuarkPlatformPkg/Library/Tpm12DeviceLibInfineonI2c/Tpm12DeviceLibInfineonI2c.inf
+!endif
+!else
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+!endif
+
  FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf

  #
@ -218,7 +247,7 @@
  TimerLib|PcAtChipsetPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf
  PlatformHelperLib|QuarkPlatformPkg/Library/PlatformHelperLib/PeiPlatformHelperLib.inf
  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
-!if $(SECURE_BOOT_ENABLE)
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
 !endif
 !if $(PERFORMANCE_ENABLE)
@ -241,7 +270,7 @@
  PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
  CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
  SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
-!if $(SECURE_BOOT_ENABLE)
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
 !endif
 !if $(PERFORMANCE_ENABLE)
@ -254,7 +283,7 @@
  MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
  PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
  SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
-!if $(SECURE_BOOT_ENABLE)
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
 !endif
 !if $(PERFORMANCE_ENABLE)
@ -265,7 +294,7 @@
  ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
  QNCAccessLib|QuarkSocPkg/QuarkNorthCluster/Library/QNCAccessLib/RuntimeQNCAccessLib.inf
  PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
-!if $(SECURE_BOOT_ENABLE)
+!if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
 !endif

@ -417,6 +446,16 @@
  gQuarkPlatformTokenSpaceGuid.PcdUserIsPhysicallyPresent|FALSE
  gQuarkPlatformTokenSpaceGuid.PcdSpiFlashDeviceSize|0

+!if $(MEASURED_BOOT_ENABLE)
+  #
+  # TPM1.2      { 0x8b01e5b6, 0x4f19, 0x46e8, { 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc } }
+  # TPM2.0 DTPM { 0x286bf25a, 0xc2c3, 0x408c, { 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17 } }
+  #
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1
+!endif
+
 [PcdsDynamicExVpd]
  gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor|*|32|L"EDK II"
  gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareRevision|*|0x01000400
@ -541,6 +580,14 @@
  QuarkSocPkg/QuarkNorthCluster/Smm/Pei/SmmControlPei/SmmControlPei.inf
  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf

+  #
+  # Trusted Platform Module
+  #
+!if $(MEASURED_BOOT_ENABLE)
+  SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+  SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!endif
+
  #
  # Recovery
  #
@ -792,6 +839,13 @@
  IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf
  IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/UpdateDriverDxe.inf

+  #
+  # Trusted Platform Module
+  #
+!if $(MEASURED_BOOT_ENABLE)
+  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+!endif
+
  #
  # Performance Application
  #
--- a/QuarkPlatformPkg/Quark.fdf
+++ b/QuarkPlatformPkg/Quark.fdf
@ -2,7 +2,7 @@
 # FDF file of Clanton Peak CRB platform with 32-bit DXE
 #
 # This package provides QuarkNcSocId platform specific modules.
-# Copyright (c) 2013 - 2015 Intel Corporation.
+# Copyright (c) 2013 - 2016 Intel Corporation.
 #
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
@ -342,6 +342,10 @@ INF  MdeModulePkg/Universal/PcatSingleSegmentPciCfg2Pei/PcatSingleSegmentPciCfg2
 INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 INF  UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
 INF  UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
+!if $(MEASURED_BOOT_ENABLE)
+INF  SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
+INF  SecurityPkg/Tcg/TcgPei/TcgPei.inf
+!endif

 FILE FV_IMAGE = 1E9D7604-EF45-46a0-BD8A-71AC78C17AC1 {
  SECTION PEI_DEPEX_EXP = {gEfiPeiMemoryDiscoveredPpiGuid AND gEfiPeiBootInRecoveryModePpiGuid}
@ -566,6 +570,13 @@ INF  MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
 INF  FatPkg/EnhancedFatDxe/Fat.inf
 !endif

+#
+# Trusted Platform Module
+#
+!if $(MEASURED_BOOT_ENABLE)
+INF  SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+!endif
+
 ################################################################################
 #
 # FV Section