QuarkPlatformPkg: Add MEASURED_BOOT_ENABLE feature

Add MEASURED_BOOT_ENABLE flag
Add TPM_12_HARDWARE flag
Add TrEEConfigPei to detect TPM 1.2 hardware device
Use Tpm12DeviceLib instance for Atmel I2C TPM
Use Tpm12DeviceLib instance for Infineon I2C TPM
Add TcgPei and TcgDxe modules for TPM 1.2 support
Clean up TpmMeasurementLib mappings

Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Kelly Steele <kelly.steele@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19732 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Michael Kinney 2016-01-21 19:30:43 +00:00 committed by mdkinney
parent 957649a77d
commit 6ceeb1e23b
2 changed files with 81 additions and 16 deletions

View File

@ -34,11 +34,21 @@
# #
# Platform On/Off features are defined here # Platform On/Off features are defined here
# #
DEFINE GALILEO = GEN2 DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE MEASURED_BOOT_ENABLE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE
DEFINE PERFORMANCE_ENABLE = FALSE DEFINE PERFORMANCE_ENABLE = FALSE
DEFINE LOGGING = FALSE DEFINE LOGGING = FALSE
#
# Galileo board. Options are [GEN1, GEN2]
#
DEFINE GALILEO = GEN2
#
# TPM 1.2 Hardware. Options are [NONE, LPC, ATMEL_I2C, INFINEON_I2C]
#
DEFINE TPM_12_HARDWARE = NONE
!if $(TARGET) == "DEBUG" !if $(TARGET) == "DEBUG"
DEFINE LOGGING = TRUE DEFINE LOGGING = TRUE
@ -148,17 +158,36 @@
!else !else
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
!endif !endif
!if $(SECURE_BOOT_ENABLE)
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf !if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
!endif
!if $(SECURE_BOOT_ENABLE)
PlatformSecureLib|QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
!else !else
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif !endif
!if $(MEASURED_BOOT_ENABLE)
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
!if $(TPM_12_HARDWARE) == LPC
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
!endif
!if $(TPM_12_HARDWARE) == ATMEL_I2C
Tpm12DeviceLib|QuarkPlatformPkg/Library/Tpm12DeviceLibAtmelI2c/Tpm12DeviceLibAtmelI2c.inf
!endif
!if $(TPM_12_HARDWARE) == INFINEON_I2C
Tpm12DeviceLib|QuarkPlatformPkg/Library/Tpm12DeviceLibInfineonI2c/Tpm12DeviceLibInfineonI2c.inf
!endif
!else
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
!endif
FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
# #
@ -218,7 +247,7 @@
TimerLib|PcAtChipsetPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf TimerLib|PcAtChipsetPkg/Library/AcpiTimerLib/BaseAcpiTimerLib.inf
PlatformHelperLib|QuarkPlatformPkg/Library/PlatformHelperLib/PeiPlatformHelperLib.inf PlatformHelperLib|QuarkPlatformPkg/Library/PlatformHelperLib/PeiPlatformHelperLib.inf
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
!if $(SECURE_BOOT_ENABLE) !if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
!endif !endif
!if $(PERFORMANCE_ENABLE) !if $(PERFORMANCE_ENABLE)
@ -241,7 +270,7 @@
PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf
SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
!if $(SECURE_BOOT_ENABLE) !if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
!endif !endif
!if $(PERFORMANCE_ENABLE) !if $(PERFORMANCE_ENABLE)
@ -254,7 +283,7 @@
MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf
!if $(SECURE_BOOT_ENABLE) !if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
!endif !endif
!if $(PERFORMANCE_ENABLE) !if $(PERFORMANCE_ENABLE)
@ -265,7 +294,7 @@
ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf
QNCAccessLib|QuarkSocPkg/QuarkNorthCluster/Library/QNCAccessLib/RuntimeQNCAccessLib.inf QNCAccessLib|QuarkSocPkg/QuarkNorthCluster/Library/QNCAccessLib/RuntimeQNCAccessLib.inf
PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
!if $(SECURE_BOOT_ENABLE) !if $(SECURE_BOOT_ENABLE) || $(MEASURED_BOOT_ENABLE)
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
!endif !endif
@ -417,6 +446,16 @@
gQuarkPlatformTokenSpaceGuid.PcdUserIsPhysicallyPresent|FALSE gQuarkPlatformTokenSpaceGuid.PcdUserIsPhysicallyPresent|FALSE
gQuarkPlatformTokenSpaceGuid.PcdSpiFlashDeviceSize|0 gQuarkPlatformTokenSpaceGuid.PcdSpiFlashDeviceSize|0
!if $(MEASURED_BOOT_ENABLE)
#
# TPM1.2 { 0x8b01e5b6, 0x4f19, 0x46e8, { 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc } }
# TPM2.0 DTPM { 0x286bf25a, 0xc2c3, 0x408c, { 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17 } }
#
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc}
gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1
gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1
!endif
[PcdsDynamicExVpd] [PcdsDynamicExVpd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor|*|32|L"EDK II" gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVendor|*|32|L"EDK II"
gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareRevision|*|0x01000400 gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareRevision|*|0x01000400
@ -541,6 +580,14 @@
QuarkSocPkg/QuarkNorthCluster/Smm/Pei/SmmControlPei/SmmControlPei.inf QuarkSocPkg/QuarkNorthCluster/Smm/Pei/SmmControlPei/SmmControlPei.inf
UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
#
# Trusted Platform Module
#
!if $(MEASURED_BOOT_ENABLE)
SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
SecurityPkg/Tcg/TcgPei/TcgPei.inf
!endif
# #
# Recovery # Recovery
# #
@ -792,6 +839,13 @@
IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDxe.inf
IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/UpdateDriverDxe.inf IntelFrameworkModulePkg/Universal/FirmwareVolume/UpdateDriverDxe/UpdateDriverDxe.inf
#
# Trusted Platform Module
#
!if $(MEASURED_BOOT_ENABLE)
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
!endif
# #
# Performance Application # Performance Application
# #

View File

@ -2,7 +2,7 @@
# FDF file of Clanton Peak CRB platform with 32-bit DXE # FDF file of Clanton Peak CRB platform with 32-bit DXE
# #
# This package provides QuarkNcSocId platform specific modules. # This package provides QuarkNcSocId platform specific modules.
# Copyright (c) 2013 - 2015 Intel Corporation. # Copyright (c) 2013 - 2016 Intel Corporation.
# #
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
@ -342,6 +342,10 @@ INF MdeModulePkg/Universal/PcatSingleSegmentPciCfg2Pei/PcatSingleSegmentPciCfg2
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
INF UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf INF UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf
!if $(MEASURED_BOOT_ENABLE)
INF SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
!endif
FILE FV_IMAGE = 1E9D7604-EF45-46a0-BD8A-71AC78C17AC1 { FILE FV_IMAGE = 1E9D7604-EF45-46a0-BD8A-71AC78C17AC1 {
SECTION PEI_DEPEX_EXP = {gEfiPeiMemoryDiscoveredPpiGuid AND gEfiPeiBootInRecoveryModePpiGuid} SECTION PEI_DEPEX_EXP = {gEfiPeiMemoryDiscoveredPpiGuid AND gEfiPeiBootInRecoveryModePpiGuid}
@ -566,6 +570,13 @@ INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf INF FatPkg/EnhancedFatDxe/Fat.inf
!endif !endif
#
# Trusted Platform Module
#
!if $(MEASURED_BOOT_ENABLE)
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
!endif
################################################################################ ################################################################################
# #
# FV Section # FV Section