From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81]) by mx.groups.io with SMTP id smtpd.web09.6295.1582714192024781345 for ; Wed, 26 Feb 2020 02:49:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MvdsQf75; spf=pass (domain: redhat.com, ip: 207.211.31.81, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582714191; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TdDZeI6MgtlDXIwrjCGS4bPm9mrv16nF3WcRgGtVAOY=; b=MvdsQf75ihFmfJbyXt7OMMMFUKXUBprvkTL8l5AmqSW9sh2+M6ybtkKbaAlhotZDdrIDHV 9oyTo3xDPwSD1twgisPKhxY5Evj1Y2/QztvI/icnb4Wq9Q5ggI+q0o/YeMSxa8yeLNNZdn /ilX05FM6NzICd0zvw5JWZDaBO2Wkrs= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-299-6JzxvNxTPzuLbtzhSmRfCg-1; Wed, 26 Feb 2020 05:49:44 -0500 X-MC-Unique: 6JzxvNxTPzuLbtzhSmRfCg-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 574B6800D48; Wed, 26 Feb 2020 10:49:43 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-185.ams2.redhat.com [10.36.116.185]) by smtp.corp.redhat.com (Postfix) with ESMTP id D283219C58; Wed, 26 Feb 2020 10:49:36 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2 5/5] ArmVirtPkg/ArmVirtQemu: add optional support for TPM2 measured boot From: "Laszlo Ersek" To: devel@edk2.groups.io, ard.biesheuvel@linaro.org Cc: eric.auger@redhat.com, philmd@redhat.com, marcandre.lureau@redhat.com, stefanb@linux.ibm.com, leif@nuviainc.com References: <20200225104449.22453-1-ard.biesheuvel@linaro.org> <20200225104449.22453-6-ard.biesheuvel@linaro.org> <660bb2b6-5870-68b7-4324-ec1a16b58c94@redhat.com> Message-ID: <3d3968a8-5b7b-8fc9-c6d1-10a9896ecd68@redhat.com> Date: Wed, 26 Feb 2020 11:49:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <660bb2b6-5870-68b7-4324-ec1a16b58c94@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable On 02/26/20 01:40, Laszlo Ersek wrote: > On 02/25/20 11:44, Ard Biesheuvel wrote: >> Duplicate the TPM2_ENABLE and TPM2_CONFIG_ENABLE build time flags that >> already exist in OvmfPkg, and wire them up in the .DSC and .FDF so >> that setting those flags produces a ArmVirtQemu build that implements >> measured boot using a TPM provided by QEMU and described in the device >> tree. >> >> Note that the TPM2 driver stack relies on a PEI phase being implemented, >> so there is no point in enabling this for ArmVirtQemuKernel or ArmVirtXe= n. >> >> Also note that, despite ArmVirtQemuKernel being unaffected by this patch= , >> ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc is being modified, for keeping the >> contexts of the referring !include directives simple. >> >> Signed-off-by: Ard Biesheuvel >> --- >> ArmVirtPkg/ArmVirtQemu.dsc | 75 ++++++++++++++++++++ >> ArmVirtPkg/ArmVirtQemu.fdf | 6 ++ >> ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 10 +++ >> 3 files changed, 91 insertions(+) >=20 > Under a similar, recent patch from Marc-Andr=E9 (which proposes enabling > TPM-1.2 in OvmfPkg), I asked Marc-Andr=E9 to build up the work in small > steps, practically mirroring the gradual TPM2.0 stuff from OvmfPkg: >=20 > * [edk2-devel] [PATCH v2 3/3] Ovmf: enable TPM 1.2 support >=20 > http://mid.mail-archive.com/bbf8cf87-9c90-5507-82b3-ae8534555a54@redhat.c= om >=20 > https://edk2.groups.io/g/devel/message/54473 >=20 > I'd like to be consistent as a review (and I indeed prefer that > approach), so I'd like to ask you for the same. Please see the approach here: [PATCH v3 0/6] Ovmf: enable TPM 1.2 https://edk2.groups.io/g/devel/message/54854 http://mid.mail-archive.com/20200226093459.1131530-1-marcandre.lureau@redha= t.com Thanks! Laszlo