diff options
| -rw-r--r-- | OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc | 10 | ||||
| -rw-r--r-- | OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc | 8 | ||||
| -rw-r--r-- | OvmfPkg/OvmfPkgX64.dsc | 12 | ||||
| -rw-r--r-- | OvmfPkg/OvmfPkgX64.fdf | 7 |
4 files changed, 36 insertions, 1 deletions
diff --git a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc index cd1a899d68..b97244695b 100644 --- a/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc @@ -10,9 +10,17 @@ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
- TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
!else
Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
+!endif
+
+!if $(TPM2_ENABLE) == TRUE || $(CC_MEASUREMENT_ENABLE) == TRUE
+ #
+ # DxeTpmMeasurementLib supports measurement functions for both TPM and Confidential Computing.
+ # It should be controlled by TPM2_ENABLE and CC_MEASUREMENT_ENABLE.
+ #
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+!else
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
!endif
diff --git a/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc index e9ab2fca7b..89455feca4 100644 --- a/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc @@ -6,5 +6,13 @@ !if $(TPM1_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
!endif
+!endif
+
+!if $(TPM2_ENABLE) == TRUE || $(CC_MEASUREMENT_ENABLE) == TRUE
+ #
+ # DxeTpm2MeasureBootLib provides security service of TPM2 measure boot and
+ # Confidential Computing (CC) measure boot. It should be controlled by
+ # TPM2_ENABLE and CC_MEASUREMENT_ENABLE
+ #
NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index a13299c18c..8f9355f544 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -32,6 +32,7 @@ DEFINE SECURE_BOOT_ENABLE = FALSE
DEFINE SMM_REQUIRE = FALSE
DEFINE SOURCE_DEBUG_ENABLE = FALSE
+ DEFINE CC_MEASUREMENT_ENABLE = FALSE
!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc
@@ -1105,6 +1106,17 @@ !endif
#
+ # Cc Measurement Protocol for Td guest
+ #
+!if $(CC_MEASUREMENT_ENABLE) == TRUE
+ SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf {
+ <LibraryClasses>
+ HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
+ NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
+ }
+!endif
+
+ #
# TPM support
#
!include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 8c02dfe11e..16666ba244 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -403,6 +403,13 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf !endif
#
+# EFI_CC_MEASUREMENT_PROTOCOL
+#
+!if $(CC_MEASUREMENT_ENABLE) == TRUE
+INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
+!endif
+
+#
# TPM support
#
!include OvmfPkg/OvmfTpmDxe.fdf.inc
|