From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::52e; helo=mail-pg1-x52e.google.com; envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B7FFE210EB12E for ; Fri, 10 Aug 2018 01:49:56 -0700 (PDT) Received: by mail-pg1-x52e.google.com with SMTP id a11-v6so4089214pgw.6 for ; Fri, 10 Aug 2018 01:49:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:date:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=oH/EAfNyE3VTA0EahtA1IYo3KskBVL2HHgecR/+JLuE=; b=V57rfKdwc90l/zMo46lrBGTfIQMgWkaR2bgSIpjLXPl3X108g1tAZ53VwmV1DJFmmj 2WgYfXgbmercQ0ykS6c1/raB8uf+IorCTMaZ9yI2d8H+WNxBOmmx6mX+TRKK8nHGXBh4 puuKGRG4Gtb3Oo6lno5qzy/Gcp0lUKkqEHVvo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=oH/EAfNyE3VTA0EahtA1IYo3KskBVL2HHgecR/+JLuE=; b=r/CA5Al390eHNj64Nvh87SEMJezEN/tuZbn2sWr6HROQej2tennafg6Py7WvBLHsgI mo1SPSw8QxNaC4XS/XPoNOXcsWurCa63Al1aJCDvs6SFB92HWGxX8mV9+i+qGLzd6WIR i1tSGJb8/MVbskqyIIDjrDQthdyv3VXPjZX33Emf2r7tT/nTJnByZum5Ax6qwOvlH6VU zVX33ITMpGyP6hIVtzAVuj2otabi08jQigKv/lqi8/LT3sceeQqf+ZhcUyaBVoTxUOws x8miMy9QLRB1iR3IyaVqKkWzjd0sShAVsON7/iFme051NkTuyC5M4rBaw47m4DI+U8Vs 0TAQ== X-Gm-Message-State: AOUpUlGalKzEfxRHW5D4RWTQ4bfag1W9SN8zmuIpbuORBu+2sP9rLtQ2 j63lyZ1Pt2NV25N096m9QuI3N4zymskEvyyE X-Google-Smtp-Source: AA+uWPyTXCCRmOxobBWlhnoFjuRP4IFJHTp5K5gyYmi5M3n7b1y+/WM4XDMIsw5a2TJpQdV6GFFE/A== X-Received: by 2002:a62:90d4:: with SMTP id q81-v6mr6182543pfk.37.1533890996080; Fri, 10 Aug 2018 01:49:56 -0700 (PDT) Received: from ecs-e536.expressvpn ([45.62.52.63]) by smtp.gmail.com with ESMTPSA id 87-v6sm18104509pfn.103.2018.08.10.01.49.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Aug 2018 01:49:55 -0700 (PDT) From: heyi.guo@linaro.org X-Google-Original-From: g00179230@ecs-e536.expressvpn Date: Fri, 10 Aug 2018 16:49:50 +0800 To: edk2-devel@lists.01.org Cc: Chao Zhang , Jiewen Yao Message-ID: <20180810084950.GA32368@ecs-e536.expressvpn> MIME-Version: 1.0 User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Question about SecurityPkg/DxeTcg2PhysicalPresenceLib X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2018 08:49:56 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi folks, The function Tcg2PhysicalPresenceLibProcessRequest in DxeTcg2PhysicalPresenceLib requires to be invoked after console is ready, and in the function it will call VariableLockProtocol->RequestToLock(), while variable RequestToLock() requires to be called before "End Of Dxe" event, or else it will return ACCESS_DENIED. However, in PI spec 1.6, section 5.1.2.1 "End of DXE Event", it says "Prior to connecting consoles, the platform should signal the event 'End of DXE'". So there seems to be contradiction between these implementations and PI spec. If we follow below work flow: End of DXE -> connect console -> Tcg2PhysicalPresenceLibProcessRequest() -> Variable RequestToLock() -> we will get ACCESS_DENIED. Please advise, Thanks, Heyi