Re: Question about SecurityPkg/DxeTcg2PhysicalPresenceLib

[heyi.guo@linaro.org]

Hi Jiewen,

I searched the code in EDK2, and found there is another implementation of
DxeTcg2PhysicalPresenceLib for OVMF: the function Tcg2PhysicalPresenceLibProcessRequest()
is called in PlatformBootManagerAfterConsole() on OVMF, and it doesn't invoke
VariableLockProtocol->RequestToLock() in Tcg2PhysicalPresenceLibProcessRequest().

Is this also an reference solution? Does it have any drawback comparing with the
implementation in SecurityPkg?

Thanks,

Heyi


On Mon, Aug 13, 2018 at 01:10:57AM +0000, Yao, Jiewen wrote:
> The code in SecurityPkg\Library\DxeTcg2PhysicalPresenceLib can be treated as the example for the platform with trusted console.
> 
> If a platform does not have a trusted graphic console, the platform may implement another DxeTcg2PhysicalPresenceLib instance to get user confirmation. For example, use the serial port, special hot key, etc.
> 
> Thank you
> Yao Jiewen
> 
> > -----Original Message-----
> > From: heyi.guo@linaro.org [mailto:heyi.guo@linaro.org]
> > Sent: Monday, August 13, 2018 9:07 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>
> > Cc: heyi.guo@linaro.org; edk2-devel@lists.01.org; Zhang, Chao B
> > <chao.b.zhang@intel.com>
> > Subject: Re: Question about SecurityPkg/DxeTcg2PhysicalPresenceLib
> > 
> > Is there any work around if we don't have such trusted console on available
> > hardware platforms? Is there any example implementation which we can refer
> > to?
> > 
> > Thanks,
> > 
> > Heyi
> > 
> > On Fri, Aug 10, 2018 at 09:12:46AM +0000, Yao, Jiewen wrote:
> > > by design a platform need define a trusted console and only connect this
> > trusted console before endofdxe
> > >
> > > thank you!
> > > Yao, Jiewen
> > >
> > >
> > > > 在 2018年8月10日，下午4:50，"heyi.guo@linaro.org"
> > <heyi.guo@linaro.org> 写道：
> > > >
> > > > Hi folks,
> > > >
> > > > The function Tcg2PhysicalPresenceLibProcessRequest in
> > DxeTcg2PhysicalPresenceLib
> > > > requires to be invoked after console is ready, and in the function it will call
> > > > VariableLockProtocol->RequestToLock(), while variable RequestToLock()
> > requires
> > > > to be called before "End Of Dxe" event, or else it will return
> > ACCESS_DENIED.
> > > >
> > > > However, in PI spec 1.6, section 5.1.2.1 "End of DXE Event", it says "Prior to
> > > > connecting consoles, the platform should signal the event 'End of DXE'". So
> > > > there seems to be contradiction between these implementations and PI
> > spec.
> > > >
> > > > If we follow below work flow:
> > > > End of DXE -> connect console -> Tcg2PhysicalPresenceLibProcessRequest()
> > ->
> > > > Variable RequestToLock() -> we will get ACCESS_DENIED.
> > > >
> > > > Please advise,
> > > >
> > > > Thanks,
> > > >
> > > > Heyi