From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3F33321959CB2 for ; Tue, 14 Aug 2018 09:37:55 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A19C08197039; Tue, 14 Aug 2018 16:37:54 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-27.rdu2.redhat.com [10.10.120.27]) by smtp.corp.redhat.com (Postfix) with ESMTP id 91ADE1C733; Tue, 14 Aug 2018 16:37:51 +0000 (UTC) To: Gary Lin , edk2-devel@lists.01.org Cc: Ard Biesheuvel , Jordan Justen , =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= References: <20180814073628.20448-1-glin@suse.com> From: Laszlo Ersek Message-ID: <7757580c-0799-105c-401a-5b140082a905@redhat.com> Date: Tue, 14 Aug 2018 18:37:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180814073628.20448-1-glin@suse.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 14 Aug 2018 16:37:54 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 14 Aug 2018 16:37:54 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: Re: [PATCH 1/1] OvmfPkg: Resolve HashInstanceLibSha384 and HashInstanceLibSha512 X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2018 16:37:56 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Hi Gary, (+ Marc-André) On 08/14/18 09:36, Gary Lin wrote: > Sha384 and Sha512 were added to HashInstanceLib recently. Resolve those > two libraries to enable SHA384 and SHA512 support in TPM. > > Cc: Ard Biesheuvel > Cc: Jordan Justen > Cc: Laszlo Ersek > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Gary Lin > --- > OvmfPkg/OvmfPkgIa32.dsc | 4 ++++ > OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++ > OvmfPkg/OvmfPkgX64.dsc | 4 ++++ > 3 files changed, 12 insertions(+) > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index a28b511d5c2f..9f07e75050c0 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -634,6 +634,8 @@ [Components] > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > } > !endif > > @@ -936,5 +938,7 @@ [Components] > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > } > !endif > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 115d0c01ff5c..a4eaeb808c6b 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -642,6 +642,8 @@ [Components.IA32] > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > } > !endif > > @@ -946,5 +948,7 @@ [Components.X64] > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > } > !endif > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 362eb789c712..aa3efc5e73b9 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -641,6 +641,8 @@ [Components] > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > } > !endif > > @@ -944,5 +946,7 @@ [Components] > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > } > !endif > this patch looks good to me, but we'll have to delay it until after the stable tag (see "EDK II Stable Tag release edk2-stable201808 and quiet period starting today"). Meanwhile, can you please repost the patch with some commit message updates (including the subject): we're not really resolving these libraries for OvmfPkg; instead we link them into Tcg2Pei and Tcg2Dxe via NULL class resolution. So I suggest the following subject: OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe Please try to replace the "resolve those two libraries" expression in the commit message similarly. Thanks! Laszlo