From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web11.8099.1578574050489821124 for ; Thu, 09 Jan 2020 04:47:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GG/TIRkz; spf=pass (domain: redhat.com, ip: 207.211.31.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1578574049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QduEm+zqUG9fn5aDdWE48B/LsEPgAmjp8maE1boM5zc=; b=GG/TIRkz4uqKRkUp2BlatFe5gvNloaPGGUK+4Y5d0cCfzVtZQf1Xd7meF4wjhr9QLSuEht PuKLCyLUvYoH/L6wA2KnGGYeu60kidf65wmKST0QaizeRWnIsDq9RMQgv9NpIu8dwuAg8G MqK5u+aCgtIaTdh9105m3tIghOTHPkQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-353-IT39PdWrOxGPv1I5cm04lA-1; Thu, 09 Jan 2020 07:47:28 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 096F6800D4C; Thu, 9 Jan 2020 12:47:27 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.36.118.145]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0493D9A84; Thu, 9 Jan 2020 12:47:23 +0000 (UTC) Subject: Re: [PATCH 2/2] OvmfPkg: use HII type PCDs for TPM2 config related variables To: Ard Biesheuvel , devel@edk2.groups.io Cc: philmd@redhat.com References: <20200108143843.4198-1-ard.biesheuvel@linaro.org> <20200108143843.4198-3-ard.biesheuvel@linaro.org> From: "Laszlo Ersek" Message-ID: <0088ad9f-d965-36ac-71d4-bd4b892dde1e@redhat.com> Date: Thu, 9 Jan 2020 13:47:22 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20200108143843.4198-3-ard.biesheuvel@linaro.org> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-MC-Unique: IT39PdWrOxGPv1I5cm04lA-1 X-Mimecast-Spam-Score: 0 Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 01/08/20 15:38, Ard Biesheuvel wrote: > The HII pages that are part of Tcg2ConfigDxe expect the following PCDs > to be of dynamic HII type, so declare them as such. > > gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev > > Currently, the TPM2 ACPI table is not produced, since we do not > incorporate the Tcg2Smm module, which implements the SMI based > physical presence interface exposed to the OS. > > Signed-off-by: Ard Biesheuvel > --- > OvmfPkg/OvmfPkgIa32.dsc | 6 ++++++ > OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++++++ > OvmfPkg/OvmfPkgX64.dsc | 6 ++++++ > 3 files changed, 18 insertions(+) > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index f9e0b4b5bc54..408da4cc19ac 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -575,6 +575,12 @@ [PcdsDynamicDefault] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > !endif > > +[PcdsDynamicHii] > +!if $(TPM2_CONFIG_ENABLE) == TRUE > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > +!endif > + > ################################################################################ > # > # Components Section - list of all EDK II Modules needed by this Platform. > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index ee83bbaa5379..1ec94010c215 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -587,6 +587,12 @@ [PcdsDynamicDefault] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > !endif > > +[PcdsDynamicHii] > +!if $(TPM2_CONFIG_ENABLE) == TRUE > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > +!endif > + > ################################################################################ > # > # Components Section - list of all EDK II Modules needed by this Platform. > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 2b6106ff313f..058ab00e69c6 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -586,6 +586,12 @@ [PcdsDynamicDefault] > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} > !endif > > +[PcdsDynamicHii] > +!if $(TPM2_CONFIG_ENABLE) == TRUE > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS > + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS > +!endif > + > ################################################################################ > # > # Components Section - list of all EDK II Modules needed by this Platform. > Please restrict the conditions as follows (in order to match the condition that ultimately arises for the rest of the TPM2_CONFIG_ENABLE stuff): !if $(TPM2_ENABLE) == TRUE && $(TPM2_CONFIG_ENABLE) == TRUE With that: Reviewed-by: Laszlo Ersek Thank you! Laszlo