From 1f425925b734951f53785aca1a763517db3e4591 Mon Sep 17 00:00:00 2001
From: Artur Kowalski <artur.kowalski@3mdeb.com>
Date: Tue, 27 Aug 2024 14:55:05 +0200
Subject: [PATCH 1/3] OvmfPkg: DxeTcg2PhysicalPresenceLib: fix changing of PCR
 banks

Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction writes to TPM2
physical presence PPI provided by coreboot (a memory region preserved
across reboots). CPU caches must be explicitly flushed prior to platform
reboot or request written to PPI will be lost.

Signed-off-by: Artur Kowalski <artur.kowalski@3mdeb.com>
---
 .../Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c    | 2 ++
 .../Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf  | 1 +
 2 files changed, 3 insertions(+)

diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c
index 5e8bf3a0b9..421eb9a77f 100644
--- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c
+++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c
@@ -32,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/UefiLib.h>
 #include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/CacheMaintenanceLib.h>
 
 #include <Library/Tcg2PhysicalPresenceLib.h>
 
@@ -902,6 +903,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
 
   mPpi->Request = OperationRequest;
   mPpi->RequestParameter = RequestParameter;
+  WriteBackDataCache();
 
   return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
 }
diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
index de39ef056a..26b715df37 100644
--- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
+++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.inf
@@ -62,6 +62,7 @@
   UefiLib
   UefiRuntimeServicesTableLib
   Tcg2PhysicalPresencePlatformLib
+  CacheMaintenanceLib
 
 [Protocols]
   gEfiTcg2ProtocolGuid                 ## SOMETIMES_CONSUMES

From 2dfe3b29e4df555de5db3fdc7c547d533bfeb8e4 Mon Sep 17 00:00:00 2001
From: Artur Kowalski <artur.kowalski@3mdeb.com>
Date: Tue, 10 Sep 2024 11:09:47 +0200
Subject: [PATCH 2/3] OvmfPkg: DxeTcg2PhysicalPresenceLib: fix bootloop

Flush cache not only when placing request in PPI, but also after
clearing old request from PPI.

Signed-off-by: Artur Kowalski <artur.kowalski@3mdeb.com>
---
 .../DxeTcg2PhysicalPresenceLib.c                            | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c
index 421eb9a77f..709dd11a6d 100644
--- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c
+++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c
@@ -733,6 +733,8 @@ Tcg2ExecutePendingTpmRequest (
     mPpi->LastRequest = mPpi->Request;
     mPpi->Request = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
     mPpi->RequestParameter = 0;
+
+    WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI));
     return;
   }
 
@@ -763,6 +765,7 @@ Tcg2ExecutePendingTpmRequest (
   mPpi->RequestParameter = 0;
 
   if (mPpi->Response == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
+    WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI));
     return;
   }
 
@@ -791,6 +794,7 @@ Tcg2ExecutePendingTpmRequest (
   }
 
   Print (L"Rebooting system to make TPM2 settings in effect\n");
+  WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI));
   gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
   ASSERT (FALSE);
 }
@@ -903,7 +907,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
 
   mPpi->Request = OperationRequest;
   mPpi->RequestParameter = RequestParameter;
-  WriteBackDataCache();
+  WriteBackDataCacheRange((VOID*)mPpi, sizeof(QEMU_TPM_PPI));
 
   return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
 }

From 250710a33772c74376a321471704ddaf09e70d3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= <michal.zygowski@3mdeb.com>
Date: Mon, 16 Sep 2024 12:32:18 +0200
Subject: [PATCH 3/3] .github/workflows/build.yml: Bump upload-artifacts to v4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 97ab29877f..efb3ad7dcc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -75,7 +75,7 @@ jobs:
         fi
 
     - name: Upload Artifacts
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v4
       with:
         name: ovmf-artifacts  # Name for the artifact
         path: |