From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 9D991211BA459
 for <edk2-devel@lists.01.org>; Fri, 25 Jan 2019 11:30:45 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 09CD5C0BEAA6;
 Fri, 25 Jan 2019 19:30:45 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-125-233.rdu2.redhat.com
 [10.10.125.233])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 8E44E600D6;
 Fri, 25 Jan 2019 19:30:40 +0000 (UTC)
To: Stefan Berger <stefanb@linux.ibm.com>, edk2-devel@lists.01.org
Cc: chao.b.zhang@intel.com, jiewen.yao@intel.com, marcandre.lureau@redhat.com,
 "Jordan Justen (Intel address)" <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Anthony Perard <anthony.perard@citrix.com>,
 Julien Grall <julien.grall@linaro.org>
References: <20190125171247.1059745-1-stefanb@linux.ibm.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <12640142-e533-68b6-1207-1b30cd9d7158@redhat.com>
Date: Fri, 25 Jan 2019 20:30:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20190125171247.1059745-1-stefanb@linux.ibm.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.32]); Fri, 25 Jan 2019 19:30:45 +0000 (UTC)
Subject: Re: [PATCH] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2019 19:30:46 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

 Hi,

(1) when posting a patch, please CC all people marked with "M" for the
subject package in Maintainers.txt. And, if in doubt, please CC the "R"
people too.

Adding the others now.

(2) In [a] [b], you mentioned a need to repost, due to your email
address having changed. However, that posting, and this posting, seem to
come from the same email address, and to use the same S-o-b: "Stefan
Berger <stefanb@linux.ibm.com>".

[a] http://mid.mail-archive.com/d0222c94-4578-74bd-94ad-90d10911b534@linux.ibm.com
[b] https://lists.01.org/pipermail/edk2-devel/2019-January/035701.html

On 01/25/19 18:12, Stefan Berger wrote:
> This patch adds the TCG2 Configuration menu to the Device Manager
> menu.

OK.

> We can reuse all the code in the SecurityPkg and need to
> only add it to the build and flash config files.

(3) I disagree with this formulation.

Instead, we can apparently include the *sample* Tcg2ConfigDxe from
SecurityPkg as-is, without obvious adverse effects. I consider this an
experimental feature that's being enabled (not by default) in order to
support further R&D. The Tcg2ConfigDxe has not been trimmed / modified
for OVMF / QEMU specifics (unlike Tcg2ConfigPei in commit 6cf1880fb5b6).
That's why we are gating Tcg2ConfigDxe with TPM2_CONFIG_ENABLE, and not
enabling it simply as part of TPM2_ENABLE.

> The code is added to Ovfm by building with -DTPM2_ENABLE and
> -DTPM2_CONFIG_ENABLE.

(4) Typo, s/Ovfm/OVMF/. "OVMF" stands for Open Virtual Machine Firmware.

>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

(5) Before your S-o-b, please add:

"""
Contributed-under: TianoCore Contribution Agreement 1.1
"""

after reviewing "Contributions.txt" in the project root dir.

> ---
>  OvmfPkg/OvmfPkgIa32.dsc    | 3 +++
>  OvmfPkg/OvmfPkgIa32.fdf    | 4 ++++
>  OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
>  OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++
>  OvmfPkg/OvmfPkgX64.dsc     | 3 +++
>  OvmfPkg/OvmfPkgX64.fdf     | 4 ++++
>  6 files changed, 21 insertions(+)

(6) In all three DSC files, please DEFINE TPM2_CONFIG_ENABLE = FALSE as
well, just below TPM2_ENABLE.

>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index aee19b75d7..68e707e7e5 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -632,6 +632,9 @@
>        NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>        NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>    }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>
>    #

This looks good.

> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index e013099136..a46598f2c3 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -295,6 +295,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
>
>  INF MdeModulePkg/Logo/LogoDxe.inf
>
> +!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
> +

(7) In this file, we already have

"""
!if $(TPM2_ENABLE) == TRUE
INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!endif
"""

elsewhere. Can you please nest the addition in that scope?

Thanks,
Laszlo