From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: devel@edk2.groups.io, "James Bottomley" <jejb@linux.ibm.com>,
"Min Xu" <min.m.xu@intel.com>,
"Jordan Justen" <jordan.l.justen@intel.com>,
"Erdem Aktas" <erdemaktas@google.com>,
"Ard Biesheuvel" <ardb+tianocore@kernel.org>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Jiewen Yao" <jiewen.yao@intel.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Brijesh Singh" <brijesh.singh@amd.com>
Subject: Re: [PATCH 3/4] OvmfPkg: rework TPM configuration
Date: Fri, 22 Oct 2021 08:30:41 +0200 [thread overview]
Message-ID: <20211022063041.3yr4rzxy6mt3ifeo@sirius.home.kraxel.org> (raw)
In-Reply-To: <1f8cc7bb-64ee-df01-142e-aba039bd59e0@linux.ibm.com>
On Thu, Oct 21, 2021 at 11:44:54AM -0400, Stefan Berger wrote:
>
> On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
> > Rename TPM_ENABLE to TPM2_ENABLE and TPM_CONFIG_ENABLE to
> > TPM2_CONFIG_ENABLE so they are in line with the ArmVirtPkg
> > config option names.
> >
> > Add separate TPM1_ENABLE option for TPM 1.2 support.
>
>
> I tested this on Fedora and attached a TPM 1.2 to the VM after a build
> **without** TPM1_ENABLE. When I run this here inside the VM
>
> cat /sys/devices/pnp0/00\:04/prcs
>
> I get measurements in PCRs 0-9 hinting that the TPM 1.2 support isn't
> entirely disabled but somehow it's still measuring into those
> firmware-related PCRs. It is due to this here:
>
> + # has no effect unless TPM2_ENABLE == TRUE
> + DEFINE TPM1_ENABLE = TRUE
>
>
> If you set this to FALSE then it removes TPM 1.2 support if TPM1_ENABLE is
> not passed.
Yes, that is intentional. By default (when you don't explicitly set
TPM1_ENABLE) behavior doesn't change and TPM 1.2 support continues to
be available like it is the case without this series applied.
When you think it is better to flip the default instead of being
conservative I happily change it in v2.
take care,
Gerd
next prev parent reply other threads:[~2021-10-22 6:30 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-21 12:19 [PATCH 0/4] OvmfPkg: rework TPM configuration Gerd Hoffmann
2021-10-21 12:20 ` [PATCH 1/4] OvmfPkg: move tcg configuration to dsc and fdf include files Gerd Hoffmann
2021-10-21 14:12 ` [edk2-devel] " Stefan Berger
2021-10-21 12:20 ` [PATCH 2/4] OvmfPkg: create Tcg2ConfigPeiCompat12.inf Gerd Hoffmann
2021-10-21 14:46 ` [edk2-devel] " Stefan Berger
2021-10-22 6:31 ` Gerd Hoffmann
2021-10-22 13:29 ` Stefan Berger
2021-10-21 12:20 ` [PATCH 3/4] OvmfPkg: rework TPM configuration Gerd Hoffmann
2021-10-21 15:44 ` Stefan Berger
2021-10-22 6:30 ` Gerd Hoffmann [this message]
2021-10-21 12:20 ` [PATCH 4/4] OvmfPkg: add TPM2_SHA1_ENABLE build option Gerd Hoffmann
2021-10-21 13:24 ` Stefan Berger
2021-10-22 6:39 ` Gerd Hoffmann
2021-10-22 10:50 ` Stefan Berger
2021-10-22 11:37 ` Gerd Hoffmann
2021-10-22 11:49 ` James Bottomley
2021-10-22 11:57 ` Stefan Berger
2021-10-22 12:40 ` James Bottomley
2021-10-22 13:13 ` Stefan Berger
2021-10-22 14:17 ` James Bottomley
2021-10-22 14:52 ` [edk2-devel] " Stefan Berger
2021-10-22 15:01 ` James Bottomley
2021-10-22 15:48 ` Stefan Berger
2021-10-22 16:50 ` James Bottomley
2021-10-21 16:13 ` [PATCH 0/4] OvmfPkg: rework TPM configuration Stefan Berger
2021-10-22 7:01 ` Gerd Hoffmann
2021-10-22 10:46 ` [edk2-devel] " Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211022063041.3yr4rzxy6mt3ifeo@sirius.home.kraxel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox