[FFA][TPM] Fix TPM2_ENABLE flag (#1101)

## Description This change updates the TPM flag to guard the firmware from communicating to TPM devices. This is needed so that it does not require all QEMU foundation to be updated. - [x] Impacts functionality? - [ ] Impacts security? - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested This is tested on QEMU SBSA platform. ## Integration Instructions N/A --------- Signed-off-by: kuqin12 <[email protected]>
microsoft · Jan 16, 2025 · 526cf8d · 526cf8d
1 parent 8f34b40
commit 526cf8d
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/Platforms/QemuSbsaPkg/MsSecurePartition/MsSecurePartition.c b/Platforms/QemuSbsaPkg/MsSecurePartition/MsSecurePartition.c
@@ -48,7 +48,11 @@ MsSecurePartitionHandleMessage (
   if (!CompareMem (&Request->ServiceGuid, &gEfiNotificationServiceFfaGuid, sizeof (EFI_GUID))) {
     NotificationServiceHandle (Request, Response);
   } else if (!CompareMem (&Request->ServiceGuid, &gEfiTpm2ServiceFfaGuid, sizeof (EFI_GUID))) {
+ #ifdef TPM2_ENABLE
     TpmServiceHandle (Request, Response);
+ #else
+    Response->Arg0 = EFI_UNSUPPORTED;
+ #endif
   } else if (!CompareMem (&Request->ServiceGuid, &gEfiTestServiceFfaGuid, sizeof (EFI_GUID))) {
     TestServiceHandle (Request, Response);
   } else {
@@ -77,7 +81,10 @@ MsSecurePartitionMain (
 
   // Initialize the services running in this secure partition
   NotificationServiceInit ();
+ #ifdef TPM2_ENABLE
   TpmServiceInit ();
+  #error "TPM2_ENABLE is defined"
+ #endif
   TestServiceInit ();
 
   DEBUG ((DEBUG_INFO, "MS-Services secure partition initialized and running!\n"));

diff --git a/Platforms/QemuSbsaPkg/MsSecurePartition/MsSecurePartition.inf b/Platforms/QemuSbsaPkg/MsSecurePartition/MsSecurePartition.inf
@@ -41,7 +41,6 @@
   IoLib
   NotificationServiceLib
   TestServiceLib
-  TpmServiceLib
 
 [Guids]
   gMmCoreDataHobGuid

diff --git a/Platforms/QemuSbsaPkg/QemuSbsaPkg.dsc b/Platforms/QemuSbsaPkg/QemuSbsaPkg.dsc
@@ -183,7 +183,6 @@
   # Secure Partition Services
   NotificationServiceLib|ArmPkg/Library/NotificationServiceLib/NotificationServiceLib.inf
   TestServiceLib|ArmPkg/Library/TestServiceLib/TestServiceLib.inf
-  TpmServiceLib|ArmPkg/Library/TpmServiceLib/TpmServiceLib.inf
 
   #
   # Uncomment (and comment out the next line) For RealView Debugger. The Standard IO window
@@ -1456,6 +1455,9 @@
       Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.inf
       Tpm2DebugLib|SecurityPkg/Library/Tpm2DebugLib/Tpm2DebugLibVerbose.inf
       TimerLib|ArmPkg/Library/ArmArchTimerLibEx/ArmArchTimerLibEx.inf
+!if $(TPM2_ENABLE) == TRUE
+      TpmServiceLib|ArmPkg/Library/TpmServiceLib/TpmServiceLib.inf
+!endif
     <PcdsFixedAtBuild>
       gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x60030000
       gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x60120000
@@ -1488,6 +1490,13 @@
   RVCT:*_*_*_CC_FLAGS = -DDISABLE_NEW_DEPRECATED_INTERFACES
   GCC:*_*_*_CC_FLAGS = -DDISABLE_NEW_DEPRECATED_INTERFACES
 
+!if $(TPM2_ENABLE) == TRUE
+  #
+  # Enable TPM2 support
+  #
+  GCC:*_*_*_CC_FLAGS = -DTPM2_ENABLE
+!endif
+
 [BuildOptions.common.EDKII.SEC,BuildOptions.common.EDKII.MM_CORE_STANDALONE]
   GCC:*_CLANGPDB_*_DLINK_FLAGS = /ALIGN:0x1000 /FILEALIGN:0x1000