On 7/27/21 12:25 PM, Yao, Jiewen wrote:
> Oops. Sorry for late response. The code is NOT in EDKII, but 
> EDKII-platform as example. 
> https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg 
> We allow a platform having its own implementation. That is why 
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> This message came from outside your organization.
> ZjQcmQRYFpfptBannerEnd
>
> Oops. Sorry for late response.
>
> The code is NOT in EDKII, but EDKII-platform as example. 
> https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg 
> <https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg>
>
> We allow a platform having its own implementation. That is why it is 
> NOT in EDKII.
>

How do edk2 and edk2-platform relate? Do we need to copy code form one 
to the other ?

    Stefan


> Thank you
>
> Yao Jiewen
>
> *From:* devel@edk2.groups.io <devel@edk2.groups.io> *On Behalf Of 
> *Bret Barkelew via groups.io
> *Sent:* Wednesday, July 28, 2021 12:11 AM
> *To:* devel@edk2.groups.io; stefanb@linux.ibm.com; Yao, Jiewen 
> <jiewen.yao@intel.com>; Jeremiah Cox <jerecox@microsoft.com>; Michael 
> Kubacki <Michael.Kubacki@microsoft.com>
> *Cc:* Marc-André Lureau <marcandre.lureau@redhat.com>
> *Subject:* Re: [EXTERNAL] [edk2-devel] Missing TPM 2 related call to 
> Tpm2HierarchyChangeAuth
>
> Adding @Jeremiah <mailto:jerecox@microsoft.com>…
>
> Jeremiah, weren’t you or @Michael 
> <mailto:Michael.Kubacki@microsoft.com> shopping this change to 
> MinPlatform?
>
> - Bret
>
> *From: *Stefan Berger via groups.io 
> <mailto:stefanb=linux.ibm.com@groups.io>
> *Sent: *Monday, July 26, 2021 7:48 AM
> *To: *Yao, Jiewen <mailto:jiewen.yao@intel.com>; devel@edk2.groups.io 
> <mailto:devel@edk2.groups.io>
> *Cc: *Marc-André Lureau <mailto:marcandre.lureau@redhat.com>
> *Subject: *[EXTERNAL] [edk2-devel] Missing TPM 2 related call to 
> Tpm2HierarchyChangeAuth
>
> Hello!
>
>    The TPM 2 code in EDK2 is missing an important call to
> Tpm2HierarchyChangeAuth for the platform hierarchy. We have to set the
> password of that hierarchy and discard the password. See also specs
> section 11:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrustedcomputinggroup.org%2Fwp-content%2Fuploads%2FTCG_PCClient_PFP_r1p05_v22_02dec2020.pdf&amp;data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cf2a2262eee2c44b3760c08d95044601a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629077356686202%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=N7VQIw87rHqUAFQ54TvhNwcsPFEwJzdZQ9JZrmX1S4E%3D&amp;reserved=0 
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrustedcomputinggroup.org%2Fwp-content%2Fuploads%2FTCG_PCClient_PFP_r1p05_v22_02dec2020.pdf&amp;data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cf2a2262eee2c44b3760c08d95044601a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629077356686202%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=N7VQIw87rHqUAFQ54TvhNwcsPFEwJzdZQ9JZrmX1S4E%3D&amp;reserved=0>
>
> "Platform Firmware MUST protect access to the Platform Hierarchy and
> prevent access to the platform hierarchy by
> non-manufacturer-controlled components.  "
>
> I was wondering where we could put that call so it's invoked after the
> user has possibly interacted with the menu and before passing control to
> the next stage such as boot loader.
>
> Regards,
>
>    Stefan
>
>
>
>
>
> 
>