From: Leif Lindholm <leif.lindholm@linaro.org>
To: Laszlo Ersek <lersek@redhat.com>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>,
edk2-devel@lists.01.org, Andrew Fish <afish@apple.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Yao Jiewen <jiewen.yao@intel.com>
Subject: Re: [Patch] SecurityPkg: Fix TPM device compatibility issue
Date: Fri, 9 Nov 2018 11:13:10 +0000 [thread overview]
Message-ID: <20181109111310.p62gik7hcfncdnlp@bivouac.eciton.net> (raw)
In-Reply-To: <6fc3b257-156a-21bf-ef1c-c4f04edf914d@redhat.com>
On Fri, Nov 09, 2018 at 09:04:46AM +0100, Laszlo Ersek wrote:
> On 11/09/18 07:02, Zhang, Chao B wrote:
> > Issue Statement:
> > TPM InterfaceId cache feature is introduced by f15cb995bb3880b77e15afe6facd3da05e599a17. It follows TCG PTP spec 1.3
> > to improve TPM transmission performance and also addresses defects in some TPM2.0 devices. But some other TPM devices like
> > NTC1310 SPI TPM is found function abnormally with this feature, causing extra device compatibility issue.
> >
> > Solution:
> > Add a policy indicator in PcdActiveTpmInterfaceType to disable TPM interface ID cache to support those existing TPM devices
> >
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
> > Cc: Andrew Fish <afish@apple.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Leif Lindholm <leif.lindholm@linaro.org>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Yao Jiewen <jiewen.yao@intel.com>
> > ---
> > SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c | 23 +++++++++++-
> > SecurityPkg/SecurityPkg.dec | 3 +-
> > SecurityPkg/SecurityPkg.uni | 3 +-
> > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 49 +++++++++++++++++++++++++
> > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 42 +++++++++++++++++++++
> > 5 files changed, 117 insertions(+), 3 deletions(-)
>
> I'll let others review this patch for technical merit.
>
> However, I'm really undecided whether this patch qualifies for being
> pushed during the hard feature freeze. Comments welcome.
Unless the current behaviour causes an absolutely horrendous security
hole, I don't see how this qualifies for pushing during hard freeze.
According to its description, this is about supporting (non-compliant)
devices that have never worked with EDK2. And the support it updates
went in on 25 June. So there does not appear to be any urgency.
Once it does go in, I would also appreciate some simplification via
macros to cut down some of those very long lines, but then I'm not the
maintainer of this package.
Regards,
Leif
next prev parent reply other threads:[~2018-11-09 11:13 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-09 6:02 [Patch] SecurityPkg: Fix TPM device compatibility issue Zhang, Chao B
2018-11-09 8:04 ` Laszlo Ersek
2018-11-09 11:13 ` Leif Lindholm [this message]
2018-11-09 14:46 ` Zhang, Chao B
2018-11-09 15:55 ` Leif Lindholm
2018-11-09 16:23 ` Laszlo Ersek
2018-11-09 16:21 ` Laszlo Ersek
2018-11-09 17:22 ` Kinney, Michael D
2018-11-10 3:26 ` Ni, Ruiyu
2018-11-09 14:40 ` Zhang, Chao B
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181109111310.p62gik7hcfncdnlp@bivouac.eciton.net \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox