From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:400c:c0c::241; helo=mail-wr0-x241.google.com; envelope-from=marcandre.lureau@gmail.com; receiver=edk2-devel@lists.01.org Received: from mail-wr0-x241.google.com (mail-wr0-x241.google.com [IPv6:2a00:1450:400c:c0c::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 317872253FB72 for ; Fri, 9 Mar 2018 05:53:29 -0800 (PST) Received: by mail-wr0-x241.google.com with SMTP id o76so9109663wrb.7 for ; Fri, 09 Mar 2018 05:59:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Fd6TYd7EA2y3G82YPbMcLhO/8tOaGZm6gEfewlK1I8g=; b=vNEn9RxKMr9xO/1Bv+Tol+I1M0wN5nUK02RBkA32QzEb2Q9GnLtSiZn7thecSnHkqT z6ySigifeit8C6/BenEldZntv9BhR1mPGpYWer5SIkyWpPe1pSGMjgDjoJbdGFCs2uCv rlEE5IdlUdtNsypabUSg0ntUjQOam2uXEhxyIezgrbWxbHtqq8cCpu8SS/YYk3IpZNOO XfBonkQ/qdJQ2oXIFQJe+TgT/y3ZigjvMi0HapOewspA/YlEMHZa01pFNaApafpK65aP AUAMi0CH8Ygy3rJ8CrXiFdaoUfHqwP6qZMT4eFhNY5UorWWvf4LBQwWnGxp/ViJqLxSw /5Fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Fd6TYd7EA2y3G82YPbMcLhO/8tOaGZm6gEfewlK1I8g=; b=iQ8Npf6GoaTzpni9ABqsNqoSuDD7XIHpOyv1wPqmhXlTqJuwQQM98fX03qx4mDLfzI rBLsd3pKXHeJ2GnyDrWfZlGtyhLSSj8RQQpCM0hVPQtwCo73WFpuIpGg1FfV/m4l6/lm CPfulAbyo0r3tgSQVEi7d4wSastJS3NXCq8Auv+bzGQUGi9lhPMk/AubIMCaykAXgTMS EG0yxRJqdqGebYJEvIWblcnxR5b1qT4tGRHF0CyX1rV+Kv+psB1efJCGa19aA03JVUbt kjY+jtP0pEclIVZM7bOBOqsMxa46J21rdeMj1w1zjKgkV/TFQeQoR0/mbAOMqCnevh90 Fy8w== X-Gm-Message-State: APf1xPDFauxyss0VI0tQ2XHvknzyr0J+EgZ13S0wZwkHsd8W3vWt5h34 os5R4fS4DFF7istZAE/EHEyouggwgNS4oF6HM943LpqG X-Google-Smtp-Source: AG47ELu/mfj7CJs4FWztapungWfkHx75U008qOicK4cxK5yQJSV9Syybg6DiGCWAHyJ7gwOY1aiWv2xpk67caYRGTVQ= X-Received: by 10.223.171.88 with SMTP id r24mr26028003wrc.194.1520603985355; Fri, 09 Mar 2018 05:59:45 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.195.92 with HTTP; Fri, 9 Mar 2018 05:59:44 -0800 (PST) In-Reply-To: <20180309130918.734-1-marcandre.lureau@redhat.com> References: <20180309130918.734-1-marcandre.lureau@redhat.com> From: =?UTF-8?B?TWFyYy1BbmRyw6kgTHVyZWF1?= Date: Fri, 9 Mar 2018 14:59:44 +0100 Message-ID: To: edk2-devel@lists.01.org Cc: QEMU , Javier Martinez Canillas , Peter Jones , Jiewen Yao , Laszlo Ersek Subject: Re: [PATCH v3 0/7] ovmf: preliminary TPM2 support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2018 13:53:30 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi On Fri, Mar 9, 2018 at 2:09 PM, wrote: > From: Marc-Andr=C3=A9 Lureau > > Hi, > > The following series adds basic TPM2 support for OVMF-on-QEMU (I > haven't tested TPM1, for lack of interest). It links with the modules > to initializes the device in PEI phase, and do measurements (both PEI > and DXE). The Tcg2Dxe module provides the Tcg2 protocol which allows > the guest to access the measurement log and other facilities. > > DxeTpm2MeasureBootLib seems to do its job at measuring images that are > not measured in PEI phase (such as PCI PXE rom) > > Tcg2ConfigDxe is not included due to its integration with edk2 own PPI > implementation which conflicts with qemu design. PPI design is still > being discussed & experimented at this point. > > Linux guests seem to work fine. But windows guest generally complains > about the lack of PPI interface (most HLK tests require it, tpm.msc > admin interactions too). I haven't done "real" use-cases tests, as I > lack experience with TPM usage. Any help appreciated to test the TPM. > > I build edk2 with: > > $ build -DTPM2_ENABLE -DSECURE_BOOT_ENABLE -DMEM_VARSTORE_EMU_ENABLE=3DF= ALSE > > I test with qemu & swtpm/libtpms (tpm2 branches, swtpm_setup.sh --tpm2 --= tpm-state tpmstatedir) > > $ swtpm socket --tpmstate tpmstatedir --ctrl type=3Dunixio,path=3Dtpmsock= --tpm2 & > $ qemu .. -chardev socket,id=3Dchrtpm,path=3Dtpmsock -tpmdev emulator,id= =3Dtpm0,chardev=3Dchrtpm -device tpm-crb,tpmdev=3Dtpm0 > > Thanks > > Github tree: > https://github.com/elmarco/edk2/tree/tpm2 (tpm2-v2 tag) I updated the github tree: https://github.com/elmarco/edk2/tree/tpm2 (tpm2-v3 tag) > > Related bug: > https://bugzilla.tianocore.org/show_bug.cgi?id=3D594 > > v3: after Laszlo review > - many simplifications to "add customized Tcg2ConfigPei clone" patch > - various move of fdf/dsc sections > - modify Ia32 & Ia32x64 fdf/dsc too > - modify commit messages > - add r-b tags > > v2: > - the series can now be applied to master directly, thanks to dropping > PeiReadOnlyVariable requirement > - remove the HOB list workaround, the main fix is now upstream. Add a > preliminary patch to complete it. > - removed traces of TPM1.2 support > - add own OvmfPkg Tcg2ConfigPei, which performs only TPM2 detection > - make PcdTpmInstanceGuid default all-bits-zero > - drop unneeded Pcd values > - explain why SHA1 is still nice to have (for 1.2 log format) > - drop Tcg2ConfigDxe > - more detailed commit messages, thanks to Laszlo explanations! > - rebased > > TODO: > - modify Ia32 and Ia32X64 builds This is now done. thanks > > Marc-Andr=C3=A9 Lureau (7): > SecurityPkg/Tcg2Pei: drop PeiReadOnlyVariable from Depex > MdeModulePkg/Core/Pei: fix REGISITER -> REGISTER typo > OvmfPkg: simplify SecurityStubDxe.inf inclusion > OvmfPkg: add customized Tcg2ConfigPei clone > OvmfPkg: include Tcg2Pei module > OvmfPkg: include Tcg2Dxe module > OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe > > MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 18 ++-- > MdeModulePkg/Core/Pei/Image/Image.c | 4 +- > MdeModulePkg/Core/Pei/PeiMain.h | 2 +- > MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 2 +- > OvmfPkg/OvmfPkgIa32.dsc | 49 ++++++++++- > OvmfPkg/OvmfPkgIa32.fdf | 9 ++ > OvmfPkg/OvmfPkgIa32X64.dsc | 49 ++++++++++- > OvmfPkg/OvmfPkgIa32X64.fdf | 9 ++ > OvmfPkg/OvmfPkgX64.dsc | 49 ++++++++++- > OvmfPkg/OvmfPkgX64.fdf | 9 ++ > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 53 ++++++++++++ > OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 84 +++++++++++++++++++ > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 - > 13 files changed, 312 insertions(+), 26 deletions(-) > create mode 100644 OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > create mode 100644 OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c > > -- > 2.16.2.346.g9779355e34 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel --=20 Marc-Andr=C3=A9 Lureau