OvmfPkg/IntelTdx: Enable vTPM in IntelTdxX64

sunceping · sunceping · commit 0ee9828d6d53 · 2023-08-25T01:02:02.000-04:00
In IntelTdxX64, vTPM needs to be detected at runtime,
that requires the vTPM featuer must be enabled by default.

Signed-off-by: Min Xu &lt;min.m.xu@intel.com&gt;
Signed-off-by: Ceping Sun &lt;cepingx.sun@intel.com&gt;
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -36,6 +36,12 @@
   #
   DEFINE BUILD_SHELL             = TRUE
 
+  #
+  # vTPM Should be enabled
+  #
+  DEFINE TPM2_ENABLE             = TRUE
+  DEFINE VTPM_ENABLE             = TRUE
+
   #
   # Device drivers
   #
@@ -90,6 +96,13 @@
   INTEL:*_*_*_CC_FLAGS = /D TDX_PEI_LESS_BOOT
   GCC:*_*_*_CC_FLAGS = -D TDX_PEI_LESS_BOOT
 
+  #
+  # Add VTPM_FEATURE_ENABLED
+  #
+  MSFT:*_*_*_CC_FLAGS = /D VTPM_FEATURE_ENABLED
+  INTEL:*_*_*_CC_FLAGS = /D VTPM_FEATURE_ENABLED
+  GCC:*_*_*_CC_FLAGS = -D VTPM_FEATURE_ENABLED
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
   XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
@@ -183,7 +196,7 @@
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
 
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibFull.inf
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -217,6 +230,7 @@
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
   TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLib.inf
   PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+  PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
 
 [LibraryClasses.common.SEC]
   TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf
@@ -526,6 +540,11 @@
 
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
+
+  # Support SHA256 SHA384 SHA512
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+
 ################################################################################
 #
 # Components Section - list of all EDK II Modules needed by this Platform.
@@ -541,7 +560,12 @@
     <LibraryClasses>
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
       NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
-      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+      BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+      MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/SecBaseMemEncryptTdxLib.inf
+      Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+      Tpm2DeviceLib|OvmfPkg/Tcg/Tpm2DeviceLibVTpmTd/Tpm2DeviceLibVTpmTdSec.inf
+      !include ../VmmSpdmLibs.dsc.inc
+      VmmSpdmVTpmCommunicatorLib|OvmfPkg/Library/VmmSpdmVTpm/VmmSpdmVTpmCommunicatorLibSecPei.inf
   }
 
   #
@@ -753,6 +777,11 @@
   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
   OvmfPkg/TdxDxe/TdxDxe.inf
+  OvmfPkg/Tcg/VmmSpdmTunnel/VmmSpdmTunnelDxe.inf {
+    <LibraryClasses>
+      !include ../VmmSpdmLibs.dsc.inc
+      VmmSpdmVTpmCommunicatorLib|OvmfPkg/Library/VmmSpdmVTpm/VmmSpdmVTpmCommunicatorLibDxe.inf
+  }
 
   #
   # Variable driver stack (non-SMM)
@@ -776,3 +805,21 @@
       HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   }
+
+  #
+  # TCG2 Measurement Protocol
+  #
+  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
+    <LibraryClasses>
+      Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+      Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
+      Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
+      NULL|OvmfPkg/Tcg/Tpm2DeviceLibVTpmTd/Tpm2InstanceLibVTpmTd.inf
+      !include ../VmmSpdmLibs.dsc.inc
+      HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
+  }
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -11,7 +11,7 @@
 ################################################################################
 
 [Defines]
-!include OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfPkgIntelDefines.fdf.inc
 
 #
 # Build the variable store and the firmware code as one unified flash device
@@ -173,6 +173,7 @@ APRIORI DXE {
   INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
   INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
   INF  OvmfPkg/TdxDxe/TdxDxe.inf
+  INF  OvmfPkg/Tcg/VmmSpdmTunnel/VmmSpdmTunnelDxe.inf
   INF  OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
 }
 
@@ -240,7 +241,8 @@ INF  MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
 INF  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
 
 INF  FatPkg/EnhancedFatDxe/Fat.inf
-INF OvmfPkg/TdxDxe/TdxDxe.inf
+INF  OvmfPkg/TdxDxe/TdxDxe.inf
+INF  OvmfPkg/Tcg/VmmSpdmTunnel/VmmSpdmTunnelDxe.inf
 
 INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
 
@@ -257,6 +259,11 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
 #
 INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
 
+#
+# EFI_TCG2_PROTOCOL
+#
+INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+
 ################################################################################
 
 [FV.NCCFV]
