Closes#677
## Description
This feature enables experimentation with controlling the TPM
measurements made by firmware. It allows a developer to craft
a TPM event log and have the replayed during boot. It is disabled
by default.
General feature information is available in its readme:
https://github.com/microsoft/mu_plus/blob/HEAD/TpmTestingPkg/TpmReplayPei/Readme.md
It is currently only planned to be used QemuQ35Pkg. It could be
enabled in QemuSbsaPkg in the future if there is interest.
Details about the feature in the context of QEMU, are described in
`Platforms/Docs/Q35/Features/feature_tpm_replay.md` in this change.
- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [x] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
- Input YAML to binary
- Input JSON to binary
- Input binary to YAML
- Replay events on QEMU Q35 to PCRs
- Verify event log in OS against the input file
## Integration Instructions
See `feature_tpm_replay.md`.
Enable the feature in `QemuQ35Pkg` in the DSC file:
```ini
DEFINE TPM_REPLAY_ENABLED = TRUE
```
Or, as a `stuart_build` argument:
```bash
> stuart_build -c Platforms/QemuQ35Pkg/PlatformBuild.py --flashrom TOOL_CHAIN_TAG=GCC5 BLD_*_TPM_ENABLE=TRUE \
BLD_*_TPM_ENABLE=TRUE TPM_DEV=/tmp/mytpm1/swtpm-sock
```
Then, follow instructions to create the TPM Replay
event log and load it.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
0ff647967c