From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) by mx.groups.io with SMTP id smtpd.web09.26540.1628531672949950873 for ; Mon, 09 Aug 2021 10:54:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Pl5sbHmJ; spf=pass (domain: hansenpartnership.com, ip: 96.44.175.130, mailfrom: james.bottomley@hansenpartnership.com) Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id E5CA91280E45; Mon, 9 Aug 2021 10:54:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1628531671; bh=hHYXAfeA/uHkQcEO7/1QnnMfA/tRsfY2DSiE0ZT3pnQ=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=Pl5sbHmJE+qu6adIHP5ZoeiQuo4fIeGUp2bitgonnOpS812dc0M4uoYZf2vWzUJ4a RWmEvAfkfv1FhifwqpSN052UsTi2OqRiegd1SNl9IHVcLgJLWPgxnaJziBWprvGbxI poEedce1eKkT7BhfWcEdfAEmLQBUoIRufJYRkP0Y= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3Ju_48CV331; Mon, 9 Aug 2021 10:54:31 -0700 (PDT) Received: from jarvis.int.hansenpartnership.com (unknown [IPv6:2601:600:8280:66d1::527]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 4C9861280E39; Mon, 9 Aug 2021 10:54:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1628531671; bh=hHYXAfeA/uHkQcEO7/1QnnMfA/tRsfY2DSiE0ZT3pnQ=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=Pl5sbHmJE+qu6adIHP5ZoeiQuo4fIeGUp2bitgonnOpS812dc0M4uoYZf2vWzUJ4a RWmEvAfkfv1FhifwqpSN052UsTi2OqRiegd1SNl9IHVcLgJLWPgxnaJziBWprvGbxI poEedce1eKkT7BhfWcEdfAEmLQBUoIRufJYRkP0Y= Message-ID: <854e9cbc40b1a03204ed0a58aa639c4bc4a75c63.camel@HansenPartnership.com> Subject: Re: [edk2-devel] [PATCH v2 0/4] Ovmf: Disable the TPM2 platform hierarchy From: "James Bottomley" To: devel@edk2.groups.io, stefanb@linux.vnet.ibm.com, jiewen.yao@intel.com Cc: marcandre.lureau@redhat.com, lersek@redhat.com, dick_wilkins@phoenix.com Date: Mon, 09 Aug 2021 10:54:30 -0700 In-Reply-To: <20210809163718.874512-1-stefanb@linux.vnet.ibm.com> References: <20210809163718.874512-1-stefanb@linux.vnet.ibm.com> User-Agent: Evolution 3.34.4 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit On Mon, 2021-08-09 at 12:37 -0400, Stefan Berger wrote: > This series imports code from the edk2-platforms project related to > changing the password of the TPM2 platform hierarchy and uses it to > disable the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf > aspects of the following bugs: > > https://bugzilla.tianocore.org/show_bug.cgi?id=3510 > https://bugzilla.tianocore.org/show_bug.cgi?id=3499 This raises a couple of issues: 1. Since OVMF is for all x86 virtual platforms not just the PC ones, should it be following the PC client spec for everything? I notice you left out Xen and Bhyve ... should they never follow this? 2. Since OVMF is effectively both the platform and the firmware, what attitude should we take to code in edk2-platforms? There are arguments for pulling all the necessary components into OVMF, but it could also be argued that the VMM should take care of all the edk2- platforms pieces and OVMF should be strictly firmware. Getting 2. sorted out is probably the more pressing policy issue for us. James