SecurityPkg/Library: Tpm2DeviceSecLibFfa for PeilessSec

To support measurement and extend PCR in PeilessSec with
TPM device using FF-A over CRB, add Tpm2DeviceSecLibFfa for PeilessSec.

Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>

SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf

@@ -0,0 +1,51 @@
+## @file
+#  Provides function interfaces to communicate with TPM 2.0 device
+#
+#  This library helps to use TPM 2.0 device in library function API
+#  based on FF-A using Command Response Buffer (CRB).
+#
+# Copyright (c), Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = Tpm2DeviceSecLibFfa
+  FILE_GUID                      = d66e7482-615c-11f0-91d0-47f6d24396e9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = Tpm2DeviceLib|SEC
+  CONSTRUCTOR                    = Tpm2DeviceLibFfaConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = AARCH64
+#
+
+[Sources.common]
+  Tpm2DeviceLibFfa.c
+  Tpm2ServiceFfaRaw.c
+  Tpm2DeviceLibFfaBase.c
+  Tpm2Ptp.c
+  Tpm2DeviceLibFfa.h
+  Tpm2InfoSecFfa.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  TimerLib
+  BaseMemoryLib
+  IoLib
+  ArmFfaLib
+
+[Guids]
+  gTpm2ServiceFfaGuid
+
+[Pcd.common]
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress            ## CONSUMES

SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InfoSecFfa.c

@@ -0,0 +1,62 @@
+/** @file
+  This library provides an interfaces to access DynamicPcds used
+  in Tpm2DeviceLibFfa.
+
+  Copyright (c) 2025, Arm Ltd. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <Uefi/UefiBaseType.h>
+
+#include "Tpm2DeviceLibFfa.h"
+
+/**
+ This function validate TPM interface type for TPM service over FF-A.
+
+ @retval EFI_SUCCESS           TPM interface type is valid.
+
+ @retval EFI_UNSUPPORTED       TPM interface type is invalid.
+
+**/
+EFI_STATUS
+EFIAPI
+ValidateTpmInterfaceType (
+  VOID
+  )
+{
+  TPM2_PTP_INTERFACE_TYPE  TpmInterfaceType;
+
+  TpmInterfaceType = Tpm2GetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
+  if (TpmInterfaceType != Tpm2PtpInterfaceCrb) {
+    return EFI_UNSUPPORTED;
+  }
+
+  DEBUG ((DEBUG_INFO, "Setting Tpm Active Interface Type %d\n", TpmInterfaceType));
+
+  return EFI_SUCCESS;
+}
+
+/**
+  This function is used to get the TPM service partition id.
+
+  @param[out] PartitionId - Supplies the pointer to the TPM service partition id.
+
+  @retval EFI_SUCCESS           The TPM command was successfully sent to the TPM
+                                and the response was copied to the Output buffer.
+  @retval EFI_INVALID_PARAMETER The TPM command buffer is NULL or the TPM command
+                                buffer size is 0.
+  @retval EFI_DEVICE_ERROR      An error occurred in communication with the TPM.
+**/
+EFI_STATUS
+EFIAPI
+GetTpmServicePartitionId (
+  OUT UINT16  *PartitionId
+  )
+{
+  return FfaTpm2GetServicePartitionId (PartitionId);
+}

SecurityPkg/SecurityPkg.dsc

@@ -426,6 +426,7 @@
   SecurityPkg/Tcg/Tcg2StandaloneMmArm/Tcg2StandaloneMmArm.inf
   SecurityPkg/Tcg/Tcg2AcpiFfa/Tcg2AcpiFfa.inf
   SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceLibFfa.inf
+  SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2DeviceSecLibFfa.inf
   SecurityPkg/Library/Tpm2DeviceLibFfa/Tpm2InstanceLibFfa.inf
 
 [BuildOptions]