Proxmox-Port/edk2
1
0
Fork 0
mirror of https://github.com/tianocore/edk2.git synced 2025-08-26 13:14:41 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
dependabot/github_actions/actions/checkout-5
edk2/SecurityPkg/SecurityPkg.ci.yaml
Oliver Steffen e868ece3c7 SecurityPkg/Tpm2DeviceLibDTpm: Add TPM2 lib supporting SVSM vTPM 
SEV-SNP provides a feature known as VM Privilege Level (VMPL), which
allows for services to be run in the guest at different privilege
levels. By running at VMPL0 (most privileged VM level), the SVSM can be
used to provide privileged services, e.g. a virtual TPM, for the guest
rather than trust such services from the hypervisor.

This patch adds a DTpm driver to communicate with a virtual TPM running
in the SVSM. The driver follows the vTPM protocol documented in the SVSM
specification.

SVSM vTPM functionality is available as new device and instance
libraries, which can be consumed optionally, keeping changes to the
regular TPM implementation minimal.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Co-authored-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
2025-03-16 20:21:44 +01:00

135 lines
4.3 KiB
YAML
Raw Permalink Blame History

## @file
# CI configuration for SecurityPkg
#
# Copyright (c) Microsoft Corporation
# Copyright (c) 2020 - 2024, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
{
"PrEval": {
"DscPath": "SecurityPkg.dsc",
},
"LicenseCheck": {
"IgnoreFiles": [
"DeviceSecurity/SpdmLib/Include",
]
},
"EccCheck": {
## Exception sample looks like below:
## "ExceptionList": [
## "<ErrorID>", "<KeyWord>"
## ]
"ExceptionList": [
"8005", "gRT",
"8001", "DxeTpm2MeasureBootLibUnitTestMain",
"8001", "DxeTpmMeasureBootLibUnitTestMain"
],
## Both file path and directory path are accepted.
"IgnoreFiles": [
"Library/TcgStorageCoreLib/TcgStorageUtil.c",
"Library/TcgStorageCoreLib/TcgStorageCore.c",
"Library/Tpm2CommandLib/Tpm2NVStorage.c",
"DeviceSecurity/SpdmLib/Include",
"DeviceSecurity/SpdmLib/libspdm",
"DeviceSecurity/OsStub"
]
},
"CompilerPlugin": {
"DscPath": "SecurityPkg.dsc"
},
## options defined .pytool/Plugin/HostUnitTestCompilerPlugin
"HostUnitTestCompilerPlugin": {
"DscPath": "Test/SecurityPkgHostTest.dsc"
},
"CharEncodingCheck": {
"IgnoreFiles": []
},
"DependencyCheck": {
"AcceptableDependencies": [
"MdePkg/MdePkg.dec",
"MdeModulePkg/MdeModulePkg.dec",
"UefiCpuPkg/UefiCpuPkg.dec",
"UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec",
"SecurityPkg/SecurityPkg.dec",
"StandaloneMmPkg/StandaloneMmPkg.dec",
"CryptoPkg/CryptoPkg.dec"
],
# For host based unit tests
"AcceptableDependencies-HOST_APPLICATION":[],
# For UEFI shell based apps
"AcceptableDependencies-UEFI_APPLICATION":[],
"IgnoreInf": []
},
"DscCompleteCheck": {
"DscPath": "SecurityPkg.dsc",
"IgnoreInf": []
},
## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck
"HostUnitTestDscCompleteCheck": {
"IgnoreInf": [""],
"DscPath": "Test/SecurityPkgHostTest.dsc"
},
"GuidCheck": {
"IgnoreGuidName": [],
"IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"],
"IgnoreFoldersAndFiles": [],
"IgnoreDuplicates": [
"Tpm2InstanceLibDTpm=gEfiTpmDeviceInstanceTpm20DtpmGuid", # by design
]
},
"LibraryClassCheck": {
"IgnoreHeaderFile": [
"DeviceSecurity/SpdmLib/Include/library",
"DeviceSecurity/SpdmLib/libspdm/include/library",
],
"skip": True
},
## options defined ci/Plugin/SpellCheck
"SpellCheck": {
"AuditOnly": True, # Fails test but run in AuditOnly mode to collect log
"ExtendWords": [ # words to extend to the dictionary for this package
"shortformed", # tpm acpi
"autodetect",
"blocksid",
"comid",
"cpinsidpin", #OpalSScV2
"ecdsa", # TPM
"ecschnorr", # TPM
"eisaid", # ACPI
"harddisk",
"hashall",
"hashto",
"kek's",
"lfanew", # PE/COFF
"pcrindex",
"pkglength",
"ppuser",
"preos",
"stclear",
"toctou",
"tpm's",
"tpmcmdbuflength",
"tpmcommlib",
"tpmnvvaluelength",
"wrlocked",
"xored"
],
"IgnoreStandardPaths": [], # Standard Plugin defined paths that should be ignore
"AdditionalIncludePaths": [] # Additional paths to spell check (wildcards supported)
},
"Defines": {
"BLD_*_CONTINUOUS_INTEGRATION": "TRUE",
},
"DebugMacroCheck": {
"StringSubstitutions": {
# SecurityPkg/IntelTdx/TdTcg2Dxe/TdTcg2Dxe.c
# Reason: Acknowledging use of two format specifiers in string with one argument
# Replace ternary operator in debug string with single specifier
'Index == COLUME_SIZE/2 ? " | %02x" : " %02x"': "%d"
}
}
}
Reference in New Issue View Git Blame Copy Permalink