From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from m4a0072g.houston.softwaregrp.com (m4a0072g.houston.softwaregrp.com [15.124.2.130])
 by mx.groups.io with SMTP id smtpd.web11.31911.1578880566456898742
 for <devel@edk2.groups.io>;
 Sun, 12 Jan 2020 17:56:14 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: suse.com, ip: 15.124.2.130, mailfrom: glin@suse.com)
Received: FROM m4a0072g.houston.softwaregrp.com (15.120.17.147) BY m4a0072g.houston.softwaregrp.com WITH ESMTP;
 Mon, 13 Jan 2020 01:54:56 +0000
Received: from M4W0334.microfocus.com (2002:f78:1192::f78:1192) by
 M4W0335.microfocus.com (2002:f78:1193::f78:1193) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1591.10; Mon, 13 Jan 2020 01:55:42 +0000
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (15.124.8.13) by
 M4W0334.microfocus.com (15.120.17.146) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1591.10 via Frontend Transport; Mon, 13 Jan 2020 01:55:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=JtvgFsFk7USYe8Bvel7kcfokJjN6tOc9Z78RDi5KJpmtwgCLvmBuKgKmID1Tp8PbGoNNV2J7NrjVjCDm3VHHL/mfnUlSLtfOyqde2tpZ9SFN7pqOval1v2R+PMUgd1V3DVTx6/MVe5GmIk3xYwf+3XFJDCsB8CdFWJk0i569qTCAeQvDRhlMd7hARvnBetygoTW0kNi6DK8ZVW1M1Z2vOX82VMpo2lzvJD9Z+wSdrx/0wNCQmbF3mshribs220wlLJuG7mEHk6z86ajQpVrzaRhSDofxRTwl7t8WAgcQKxihekg5K5Y03hyjzTEuPbtuVr5XvwagoeGuYDhC7n5p3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=gWYZ6xlUufc2WhnLnol9UqKySFehPEgg0peYZB7T9d0=;
 b=dxjZHkw7+ZJTwTWKBHE9yOtR26OFmXZm+uVnwZlhq/i0n85BlRAXp8LiqU+U8G+W8Dww6aceTODyZm1c0U6bYYMNTg0P5yU41XjwUNDcqTEqwm09OPx4gRuydI4+do6sCUC9uKDlpeAdSXGHhZCNGseTStEnbsIOmaZ6Ajk+0IvuXeskB31551WQITWBYD1upaH/y+AXiBKYoIf+pZxLSljcJaL3t4Uy8kREhbTj2XRquEbRp6GMbiFL639MAUkHm/u/fMEKlssChMTVbe/WBNBibSftZ5lvZZJx07pj7px6FBpQRCE0OM2GtmATfpPdL5AzVJy06H/20z63d+jKWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com;
 dkim=pass header.d=suse.com; arc=none
Received: from DM6PR18MB3258.namprd18.prod.outlook.com (10.255.175.31) by
 DM6PR18MB2748.namprd18.prod.outlook.com (20.179.48.225) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2623.13; Mon, 13 Jan 2020 01:55:41 +0000
Received: from DM6PR18MB3258.namprd18.prod.outlook.com
 ([fe80::386b:b2:de3f:151a]) by DM6PR18MB3258.namprd18.prod.outlook.com
 ([fe80::386b:b2:de3f:151a%6]) with mapi id 15.20.2623.015; Mon, 13 Jan 2020
 01:55:41 +0000
Received: from GaryWorkstation (60.251.47.115) by LO2P123CA0060.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.9 via Frontend Transport; Mon, 13 Jan 2020 01:55:38 +0000
From: "Gary Lin" <glin@suse.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "jiewen.yao@intel.com"
	<jiewen.yao@intel.com>
CC: Laszlo Ersek <lersek@redhat.com>, Ard Biesheuvel
	<ard.biesheuvel@linaro.org>, =?iso-8859-1?Q?Marc-Andr=E9_Lureau?=
	<marcandre.lureau@redhat.com>
Subject: Re: [edk2-devel] [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional support for TPM2 measured boot
Thread-Topic: [edk2-devel] [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional
 support for TPM2 measured boot
Thread-Index: AQHVxT+aVt3Qd4XtTkaYZNAObESrrKffd7cAgAFZbYCAAAjbgIAAqXoAgADNcoCAAL9WAIAEzk+A
Date: Mon, 13 Jan 2020 01:55:41 +0000
Message-ID: <20200113015529.GE15544@GaryWorkstation>
References: <20200107094800.4488-1-ard.biesheuvel@linaro.org>
 <20200107094800.4488-5-ard.biesheuvel@linaro.org>
 <27a930b2-bbf8-a1d2-075f-6f33ce03b460@redhat.com>
 <CAKv+Gu-0sv7To4TCDcoC24EkJ-rGDGwOvyKry_mRPBda7LTvzQ@mail.gmail.com>
 <6408f5c9-1759-5cd8-c570-5422fcff25e5@redhat.com>
 <74D8A39837DF1E4DA445A8C0B3885C503F8D6F2F@shsmsx102.ccr.corp.intel.com>
 <b79484cf-47e5-1166-3ca2-2a3d4f116720@redhat.com>
 <74D8A39837DF1E4DA445A8C0B3885C503F8D90BB@shsmsx102.ccr.corp.intel.com>
In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F8D90BB@shsmsx102.ccr.corp.intel.com>
Accept-Language: zh-TW, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-clientproxiedby: LO2P123CA0060.GBRP123.PROD.OUTLOOK.COM
 (2603:10a6:600:1::24) To DM6PR18MB3258.namprd18.prod.outlook.com
 (2603:10b6:5:1cd::31)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=GLin@suse.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [60.251.47.115]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 53cb6ab3-b1dc-4a3c-e38c-08d797cbb1c9
x-ms-traffictypediagnostic: DM6PR18MB2748:
x-microsoft-antispam-prvs: <DM6PR18MB2748F24F222F11288D0A8C55A9350@DM6PR18MB2748.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 028166BF91
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(4636009)(366004)(376002)(136003)(396003)(39860400002)(346002)(189003)(199004)(19627235002)(55236004)(8936002)(86362001)(186003)(1076003)(54906003)(110136005)(16526019)(71200400001)(956004)(64756008)(66556008)(66476007)(66946007)(6666004)(52116002)(26005)(6496006)(53546011)(66446008)(5660300002)(478600001)(55016002)(9686003)(33716001)(966005)(316002)(33656002)(2906002)(4326008)(8676002)(81156014)(81166006);DIR:OUT;SFP:1102;SCL:1;SRVR:DM6PR18MB2748;H:DM6PR18MB3258.namprd18.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
received-spf: None (protection.outlook.com: suse.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: A853RQcnw6N+lALLvDx4cj/CYOBebDW7cVaNnoTFwxvD39F788qMHlgdYi946kjyfhRz4JphohfVq4Q67FAdeL45U1iBLn2odP+nG2kSvSWoE8XRC/wO5DMPcCyAbjR4bwNpuyUEK3gXzlmcbMHdaeN5ohRh4JhA1cv4HWdZPXP+n77EFE8TaAsbMc8MosjzaOFCOtoprDwiomylYzgS+Swr4pPoPEdnw1nrkaEDoju0xNsODQOQllbdvGa+Lh7cTYkKbr6+NYOI6yUGYP2dk9uMHYb5mj2GIeKqrAxzzASzeHNvVsgvYDczf502/ccK9D+oHJ38IQaoT2KbhvIIjIUSrAVLuvwtZZuocEy1PuvBz64rt42rFaRxGxY0Rq2fKzg7N91OeQ/DM9IOOPK5PStZ5lir9GnccRV+fKO2X0DWurd3nvJ0axRN5BdkTi+d/jdDovAIffQQiL1Z295kmTNbUP3hkUHpubhe6IyKWlM=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 53cb6ab3-b1dc-4a3c-e38c-08d797cbb1c9
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jan 2020 01:55:41.5706
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 856b813c-16e5-49a5-85ec-6f081e13b527
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l+Sqz1NPIugHAXsxx8mmnVPRgiOaaFG3sCS30Xz6BHO3KgmVxHBeLZs7Z4QPvdP5
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR18MB2748
Return-Path: GLin@suse.com
X-OriginatorOrg: suse.com
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <A79658AD0CA9954DBD7602912A9A6430@namprd18.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 10, 2020 at 12:32:02AM +0000, Yao, Jiewen wrote:
> Hi Marc-Andr=E9=20
> Would you please share some information on how to use vTPM with QEMU?
>=20
> I saw https://github.com/stefanberger/qemu-tpm
>=20
> But I am not sure if that has been integrated to official QEMU release?
>=20
Actually the TPM document can be found in the qemu package:
https://github.com/qemu/qemu/blob/master/docs/specs/tpm.txt

I also maintained a wiki page for openSUSE:
https://en.opensuse.org/Software_TPM_Emulator_For_QEMU

Hope this helps.

Cheers,

Gary Lin

> > -----Original Message-----
> > From: Laszlo Ersek <lersek@redhat.com>
> > Sent: Thursday, January 9, 2020 9:07 PM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; Ard Biesheuvel
> > <ard.biesheuvel@linaro.org>
> > Cc: edk2-devel-groups-io <devel@edk2.groups.io>; Marc-Andr=E9 Lureau
> > <marcandre.lureau@redhat.com>
> > Subject: Re: [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional support =
for
> > TPM2 measured boot
> >=20
> > On 01/09/20 01:51, Yao, Jiewen wrote:
> > > Hi
> > > Comment for the warning:
> > >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xC)
> > >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xD)
> > >
> > > The reason is that: The DSC added all HASH algorithm to the TCG2 dri=
ver.
> > (SHA1/SHA256/SHA384/SHA512/SM3).
> > > But the current TPM hardware device does not support SHA384 (0xC) an=
d
> > SHA512 (0xD).
> > >
> > > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> > >     <LibraryClasses>
> > >
> > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR=
out
> > erPei.inf
> > >       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSh=
a1.inf
> > >
> > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.i=
nf
> > >
> > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.i=
nf
> > >
> > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.i=
nf
> > >       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3=
.inf
> > >   }
> > >
> > >
> > > It is warning because the Firmware Image *may* want to support anoth=
er
> > TPM2 which has such capability.
> > > It just means the *current* TPM2 does not support this hash.
> > > The platform owner may decide to clean up the warning by remove the
> > SHA384/SHA512 null lib instance
> > > support for current TPM2, or leave them as is for another TPM2.
> >=20
> > Thank you for the explanation!
> >=20
> > > BTW: Is there any document on how to enable TPM2 on QEMU ?
> > > I would like to have a try. :-)
> >=20
> > Please ask Marc-Andr=E9 (already CC'd) about vTPM usage with QEMU;
> > unfortunately, I don't know.
> >=20
> > Thanks!
> > Laszlo
>=20
>=20
>=20
>=20