diff --git a/MsvmPkg/AziHsmDxe/AziHsmDxe.c b/MsvmPkg/AziHsmDxe/AziHsmDxe.c index 0939828..2281297 100644 --- a/MsvmPkg/AziHsmDxe/AziHsmDxe.c +++ b/MsvmPkg/AziHsmDxe/AziHsmDxe.c @@ -15,6 +15,7 @@ #include "AziHsmAdmin.h" #include +#include #include #include @@ -1147,6 +1148,14 @@ AziHsmDriverEntry ( AZIHSM_BUFFER TpmDerivedSecretBlob; AZIHSM_BUFFER SealedSecretBlob; + // + // Check if AziHsm is enabled via PCD + // + if (!PcdGetBool (PcdAziHsmEnabled)) { + DEBUG ((DEBUG_INFO, "AziHsm: Driver disabled via PcdAziHsmEnabled\n")); + return EFI_SUCCESS; + } + ZeroMem (&TpmDerivedSecret, sizeof (TpmDerivedSecret)); ZeroMem (&TpmDerivedSecretBlob, sizeof (TpmDerivedSecretBlob)); ZeroMem (&SealedSecretBlob, sizeof (SealedSecretBlob)); diff --git a/MsvmPkg/AziHsmDxe/AziHsmDxe.inf b/MsvmPkg/AziHsmDxe/AziHsmDxe.inf index 1ec7a72..f2c4666 100644 --- a/MsvmPkg/AziHsmDxe/AziHsmDxe.inf +++ b/MsvmPkg/AziHsmDxe/AziHsmDxe.inf @@ -64,6 +64,7 @@ BaseLib DebugLib MemoryAllocationLib + PcdLib TpmMeasurementLib UefiDriverEntryPoint UefiBootServicesTableLib @@ -83,8 +84,12 @@ gMsvmUnableToBootEventGuid [Pcd] + gMsvmPkgTokenSpaceGuid.PcdAziHsmEnabled gMsvmPkgTokenSpaceGuid.PcdIsolationSharedGpaBoundary gMsvmPkgTokenSpaceGuid.PcdIsolationSharedGpaCanonicalizationBitmask [UserExtensions.TianoCore."ExtraFiles"] AziHsmDxe.uni + +[Depex] + gEfiTcg2ProtocolGuid diff --git a/MsvmPkg/Include/BiosInterface.h b/MsvmPkg/Include/BiosInterface.h index 6253bea..01efb49 100644 --- a/MsvmPkg/Include/BiosInterface.h +++ b/MsvmPkg/Include/BiosInterface.h @@ -789,7 +789,8 @@ typedef struct _UEFI_CONFIG_FLAGS UINT64 CxlMemoryEnabled : 1; UINT64 MtrrsInitializedAtLoad : 1; UINT64 HvSintEnabled : 1; - UINT64 Reserved:34; + UINT64 AziHsmEnabled : 1; + UINT64 Reserved:33; } Flags; } UEFI_CONFIG_FLAGS; diff --git a/MsvmPkg/MsvmPkg.dec b/MsvmPkg/MsvmPkg.dec index b99bd37..237f2ae 100644 --- a/MsvmPkg/MsvmPkg.dec +++ b/MsvmPkg/MsvmPkg.dec @@ -303,6 +303,7 @@ gMsvmPkgTokenSpaceGuid.PcdMtrrsInitializedAtLoad|FALSE|BOOLEAN|0x6067 gMsvmPkgTokenSpaceGuid.PcdNvmeNamespaceFilter|FALSE|BOOLEAN|0x6068 gMsvmPkgTokenSpaceGuid.PcdHvSintEnabled|FALSE|BOOLEAN|0x6069 + gMsvmPkgTokenSpaceGuid.PcdAziHsmEnabled|FALSE|BOOLEAN|0x6072 # UEFI_CONFIG_PROCESSOR_INFORMATION gMsvmPkgTokenSpaceGuid.PcdProcessorCount|0x0|UINT32|0x6032 diff --git a/MsvmPkg/MsvmPkgAARCH64.dsc b/MsvmPkg/MsvmPkgAARCH64.dsc index fcf152a..0140c79 100644 --- a/MsvmPkg/MsvmPkgAARCH64.dsc +++ b/MsvmPkg/MsvmPkgAARCH64.dsc @@ -675,6 +675,7 @@ gMsvmPkgTokenSpaceGuid.PcdHostEmulatorsWhenHardwareIsolated|FALSE gMsvmPkgTokenSpaceGuid.PcdTpmLocalityRegsEnabled|FALSE gMsvmPkgTokenSpaceGuid.PcdHvSintEnabled|FALSE + gMsvmPkgTokenSpaceGuid.PcdAziHsmEnabled|FALSE # UEFI_CONFIG_PROCESSOR_INFORMATION gMsvmPkgTokenSpaceGuid.PcdProcessorCount|0x0 diff --git a/MsvmPkg/MsvmPkgX64.dsc b/MsvmPkg/MsvmPkgX64.dsc index 86938e3..26cc229 100644 --- a/MsvmPkg/MsvmPkgX64.dsc +++ b/MsvmPkg/MsvmPkgX64.dsc @@ -673,7 +673,7 @@ gMsvmPkgTokenSpaceGuid.PcdWatchdogEnabled|FALSE gMsvmPkgTokenSpaceGuid.PcdHostEmulatorsWhenHardwareIsolated|FALSE gMsvmPkgTokenSpaceGuid.PcdTpmLocalityRegsEnabled|FALSE - + gMsvmPkgTokenSpaceGuid.PcdAziHsmEnabled|FALSE # UEFI_CONFIG_PROCESSOR_INFORMATION gMsvmPkgTokenSpaceGuid.PcdProcessorCount|0x0 diff --git a/MsvmPkg/PlatformPei/Config.c b/MsvmPkg/PlatformPei/Config.c index 326f4dc..75da9e1 100644 --- a/MsvmPkg/PlatformPei/Config.c +++ b/MsvmPkg/PlatformPei/Config.c @@ -732,6 +732,7 @@ DebugDumpUefiConfigStruct( DEBUG((DEBUG_VERBOSE, "\tTpmLocalityRegsEnabled: %u\n", flags->Flags.TpmLocalityRegsEnabled)); DEBUG((DEBUG_VERBOSE, "\tMtrrsInitializedAtLoad: %u\n", flags->Flags.MtrrsInitializedAtLoad)); DEBUG((DEBUG_VERBOSE, "\tHvSintEnabled: %u\n", flags->Flags.HvSintEnabled)); + DEBUG((DEBUG_VERBOSE, "\tAziHsmEnabled: %u\n", flags->Flags.AziHsmEnabled)); break; case UefiConfigProcessorInformation: @@ -899,6 +900,7 @@ ConfigSetUefiConfigFlags( PEI_FAIL_FAST_IF_FAILED(PcdSetBoolS(PcdTpmLocalityRegsEnabled, (UINT8) ConfigFlags->Flags.TpmLocalityRegsEnabled)); PEI_FAIL_FAST_IF_FAILED(PcdSetBoolS(PcdMtrrsInitializedAtLoad, (UINT8) ConfigFlags->Flags.MtrrsInitializedAtLoad)); PEI_FAIL_FAST_IF_FAILED(PcdSetBoolS(PcdHvSintEnabled, (UINT8) ConfigFlags->Flags.HvSintEnabled)); + PEI_FAIL_FAST_IF_FAILED(PcdSetBoolS(PcdAziHsmEnabled, (UINT8) ConfigFlags->Flags.AziHsmEnabled)); // // If memory protections are enabled, configure the value into the HOB. diff --git a/MsvmPkg/PlatformPei/PlatformPei.inf b/MsvmPkg/PlatformPei/PlatformPei.inf index 6987260..1fd34dc 100644 --- a/MsvmPkg/PlatformPei/PlatformPei.inf +++ b/MsvmPkg/PlatformPei/PlatformPei.inf @@ -194,6 +194,7 @@ gMsvmPkgTokenSpaceGuid.PcdMtrrsInitializedAtLoad gMsvmPkgTokenSpaceGuid.PcdNvmeNamespaceFilter gMsvmPkgTokenSpaceGuid.PcdHvSintEnabled + gMsvmPkgTokenSpaceGuid.PcdAziHsmEnabled [Pcd.AArch64] gMsvmPkgTokenSpaceGuid.PcdSystemMemoryBaseAddress