From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web12.26304.1631516922700353173 for ; Mon, 13 Sep 2021 00:08:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=ynwwWOdU; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10105"; a="307145324" X-IronPort-AV: E=Sophos;i="5.85,288,1624345200"; d="scan'208";a="307145324" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2021 00:08:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,288,1624345200"; d="scan'208";a="432450777" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga006.jf.intel.com with ESMTP; 13 Sep 2021 00:08:30 -0700 Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 13 Sep 2021 00:08:30 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 13 Sep 2021 00:08:30 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 13 Sep 2021 00:08:30 -0700 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (104.47.51.45) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 13 Sep 2021 00:08:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HzQAZJVeCkvrO8pdGCesQvENWY4VZQFW06hrtUfeHTHa5shM29dkdoAbNJ4rPRGtfeSO9wNQNIoYlBGyeAO7nc027ickZhoBAzKWPJ1gRVLdg4Dr3jC7H1CM6p7S2TYwXSjtRrsR+0xVwnYvB24BO9NZjMw/HmqVxf8/CsCQAae4JCyl0jdqluMZr9lzRmJaHbbgIhQ7vHZDP+dV2EvBwRN6LkXcz11KaHD2cM8WDAqrRRPcJHWo/rDl891wnTcBNdaqh8+fQ8y+1ytDkFeTmclJq7jOCe59woD7bbs9otYIdkwl7kiCPN9LasQgs2+ZyTnx980ETBvTaJwCFHDkwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=LQll37uMcVV4HXOjaDlusYKFecZ6JcMYwlCokJWwTXA=; b=Qu4Hr2KyfcU0ckMSQ1pWQeFQyfQ5W7pIB8oskqic31DVLsRya+WUdye42G7+CjC6zVw4CgT8mFfdhRJkkE8XUkOYXrif9rTqkTv0s08P5Ek38cgZ3aIDTHX0tmJDMjlgCCSnhpKhRjvXsPpXzFuU0iECYQf0OjBhdExRQy8PocmnszNcm/NdSk4VfsRttrHTEPXx3TZZk1rzVrQ4qGau5ibD45DiUJ1vBy5BynsFyJjLNUx39/cae8yyC9CKNmT6Yb9WofG3glJS+LSlfokP6UyJ6WernGlsPe1uhWc7DlA1TFYfq9SDNriYXNw8CAFZr8hH0fvQu74hCw5Nt1GsYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LQll37uMcVV4HXOjaDlusYKFecZ6JcMYwlCokJWwTXA=; b=ynwwWOdUaBLpuni2C2RIZnEw7Hxa3GytSfoIYboGLJlcGFWr9iZlzeSRh/9bFa9pdPblevgaG3ahrmrA1jzkdvU4LUn8m7w940d0UZVygtff45FJurK1HNeLYbVuu3n5ujDajV4pThvWsGJANnvKzsFeZ8Maq2XIZ+NajRHVUXg= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5190.namprd11.prod.outlook.com (2603:10b6:510:3c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.16; Mon, 13 Sep 2021 07:08:22 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::754e:42e9:16cd:1306%7]) with mapi id 15.20.4500.018; Mon, 13 Sep 2021 07:08:22 +0000 From: "Yao, Jiewen" To: Stefan Berger , "devel@edk2.groups.io" CC: "mhaeuser@posteo.de" , "spbrogan@outlook.com" , "marcandre.lureau@redhat.com" , "kraxel@redhat.com" Subject: Re: [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy Thread-Topic: [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy Thread-Index: AQHXpaEjYTHqRpqWPkOoDiEmU8dZHauhkK4w Date: Mon, 13 Sep 2021 07:08:22 +0000 Message-ID: References: <20210909173538.2380673-1-stefanb@linux.vnet.ibm.com> In-Reply-To: <20210909173538.2380673-1-stefanb@linux.vnet.ibm.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: linux.vnet.ibm.com; dkim=none (message not signed) header.d=none;linux.vnet.ibm.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2a297f56-6dbe-41e8-dc6a-08d9768545c5 x-ms-traffictypediagnostic: PH0PR11MB5190: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Xjvm0+EW1zv5fAmGKHsmccMJtt/2StJOehYPk4bahzQ852Pm08sy//2yTYO2E2CLycFCbNyzaU3l01Km2wLwmXgTnM9NswAJEqczbFa+Gn1vXpwGOkbMU333cIaaiWPKx1wGfeL+b+7Cc6ZPMxMLEa37y5cy787eZDFa8MABkQ+7gRWOmEuMOi4QDNhdsLaeVLUuDCv2Nfp1yo2oCLvAw5Xac3OxYux6nWjUqHF5kYc3hZz7bMvKYx6R6Xrilq/7SuFxFlfGkX13SelfCVSvY/eb+K/ly+6Wig6RPGpYykxk+nje8VBpdqqwUwen8hJOuUGdzxjRcBU1Fgoqg06aXPoCDvfbWAq8SK+G9osNx2mVziglbCZM2cmgt7mtKrR9rROq7aVlNFOt+0AYJwyvWRRY7TDh+3TA8tKghM+WsqS9rloEFNwmoR4OKo2xLB+b9HFpSzz1w3M0d9Cz/kla7UdvAK54X86tyNreAW4K0Q3j6h227DrtKLiCv7a8IyiS38QDATkpbjlw5Z23VqOgIGOqauJWyXjSM+0EDT2VStSfup/eyJe2Q1B+CRQnHX8SgoB/KHM1JTYIu5MSZNybvBkWVLUYvMXz4kzV+IpEhlPZKlKFWSAQpWxL7/bgzeVGC2SxxYeW+sXjOoP7H8BZi18j1JYSiwTYX1nOn7wxuvQWOPzLj0Y1GSntvgKr4EOUO9XDMoUNUnRVe7Eb+vXlB5svcqgTUw1eeFWm7u+EmI665sqL1EBqvhoSt6xEjJ5chpBh9C0ZyhmqsrNe/wNEDoqthE4DwacsmaP7mlXpCL39E/5qQhXh9sy02FZWEPQ8ycGK3pRb6zH8x5KmATq53g== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(366004)(136003)(396003)(346002)(376002)(6506007)(2906002)(4326008)(186003)(71200400001)(122000001)(54906003)(8936002)(53546011)(7696005)(66556008)(66476007)(66946007)(45080400002)(966005)(26005)(110136005)(38070700005)(5660300002)(33656002)(316002)(8676002)(83380400001)(38100700002)(52536014)(478600001)(66446008)(64756008)(19627235002)(9686003)(55016002)(76116006)(86362001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?jTrddECWWRJlc+X12zz4l3pzREOHc4oHWxHCBwo0OoJowmXFCc4MD40cVDhB?= =?us-ascii?Q?IZ0h58dG+UAlY2tmPp+K+liZffT6g6iQ/86JM/B47/HKrujQJQRj/3lxugzJ?= =?us-ascii?Q?jZI8I33Q43MagIxPzkdACX4eC/G2Z26ax3JQXX+5czGeWeV7/YWjuwTk6wFA?= =?us-ascii?Q?fCrPgf3TlDDXYXr92aggrCuOMT0cDXhcXIAAhdT66cQA8Gl8/1GPGY8UJq8H?= =?us-ascii?Q?pYIYZUorKL1BfdQsHIjLcjkStCn9KXMCM6pfDaVFGTR9a3idBgvv22sRA66c?= =?us-ascii?Q?dEsJgOV+rLMDyItIWwlaJ5b3C/TMvcUYo1dS1QiYZbuPjWo7PD+BhT6d76oi?= =?us-ascii?Q?BcekobO75gI6kjQgx7qn/Zz9jLPHTHmaYNYtaMGDgp3ibo0lKN0+3ZrtYWoD?= =?us-ascii?Q?ZZaN6bHKIrLPGqyh4cWhzOHPWPdqPYQgPVXjksDFtbzVL6edsJuDFfHVIm+8?= =?us-ascii?Q?iazXdCcUKX0g4C9s+ewhZ3kZcKRTmAAllfBDnUHMk1WcUb1UCZZKzlLNq1cT?= =?us-ascii?Q?2tZFZCa3rlGoFSGFwhN3yormDFP3H6ORliUDdVwYpqRr6G7FzO6e5U3VUHuY?= =?us-ascii?Q?lqrFBsc5ZRPyWswmEOct3bpI+bhV5nq4anmGNjjcrNmwzF4CvJMPDPSwkDK4?= =?us-ascii?Q?9U/1rk+P2qUyo6oK0t1s3/BtUAmWw7gR+LamqRLVMsGIZkDQ+jILjb32vYnk?= =?us-ascii?Q?tkBMhIjamH8Uc6S4biYbVUGnmw9XYdj3p24l2UvEF3skoIdPsSjLnG2yMtP3?= =?us-ascii?Q?Jx+UvK36KNuxd7M0EPMzitBeurkFrlzCTSQs8snflG8E0ecmUj845UDUCx/B?= =?us-ascii?Q?VHKGycEXz8NynCrsDLNyprY+BJa5lRfN4NfIHltTtIfYdcPs49BY6ouv0L/D?= =?us-ascii?Q?agmz65aRNYsraA2/Fnlf0XAw9wbdHLbq2CelLMqcm24G4miIulPr97rjheqz?= =?us-ascii?Q?oPMrEEWEVthPaFAnqIDkc0m8qPruOlZ+ZrHUoGD+v/uoYwkQG2HJm1IYJV4w?= =?us-ascii?Q?+eZWiicB3B+oo7Ur/lgsKkl5an1T2OkxGmzTrJXoRol67p6KuNhfdK8hGhrv?= =?us-ascii?Q?VxouG7pFxqoedHwDPSPXFVAL+lUG98NcF+lxjQbQiOBcle1xfwxz5SjWHkKg?= =?us-ascii?Q?Z3Eu0Shz9egYGrVgTyaLsTKbE+QTL+hXpY5DnkXlesUP8wk4l3qv9PQpxO5+?= =?us-ascii?Q?3Cf+ehHnNekdSQxdL7eFRMF9N16Vm1vuHOtRNjNQInz1FUSDG1RFecdlY1Av?= =?us-ascii?Q?Gyf0erNB613q5rNYDB+f3H5XmvxKORxx0XdTaROcb0uGMaT0bFUjs8hW6taA?= =?us-ascii?Q?sYPTAiPFHPvK1uDqZmZkkn7R?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2a297f56-6dbe-41e8-dc6a-08d9768545c5 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2021 07:08:22.2391 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pOHI7CTLGGrbtsKVqh+dhlEO56CW9wv/aWQVKz/P1rwhNq7kQykG4kPjimFQB2XLA0yWMnMsFXqPA7o2LQIX8Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5190 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable According to the discussion, the OvmfPkg update requires more work. We decide to push the SecurityPkg as first wave. SecurityPkg: Reviewed by: Jiewen Yao > -----Original Message----- > From: Stefan Berger > Sent: Friday, September 10, 2021 1:35 AM > To: devel@edk2.groups.io > Cc: mhaeuser@posteo.de; spbrogan@outlook.com; > marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen > ; Stefan Berger > Subject: [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy >=20 > This series imports code from the edk2-platforms project related to > disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf > aspects of the following bugs: >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3499 >=20 > I have patched the .dsc files and successfully test-built with most of > them. Some I could not build because they failed for other reasons > unrelated to this series. >=20 > I tested the changes with QEMU on x86 following the build of > OvmfPkgX64.dsc. >=20 > Neither one of the following commands should work anymore on first > try when run on Linux: >=20 > With IBM tss2 tools: > tsshierarchychangeauth -hi p -pwdn newpass >=20 > With Intel tss2 tools: > tpm2_changeauth -c platform newpass >=20 > Regards, > Stefan >=20 > v7: > - Ditched ARM support in this series > - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now > and revised most of the patches >=20 > v6: > - Removed unnecessary entries in .dsc files > - Added support for S3 resume failure case > - Assigned unique FILE_GUID to NULL implementation >=20 > v5: > - Modified patch 1 copies the code from edk2-platforms > - Modified patch 2 fixes bugs in the code > - Modified patch 4 introduces required PCD >=20 > v4: > - Fixed and simplified code imported from edk2-platforms >=20 > v3: > - Referencing Null implementation on Bhyve and Xen platforms > - Add support in Arm >=20 >=20 > Stefan Berger (9): > SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from > edk2-platforms > SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib > SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms > SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable > SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy > OvmfPkg: Reference new Tcg2PlatformDxe in the build system for > compilation > SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms > SecurityPkg/Tcg: Make Tcg2PlatformPei buildable > OvmfPkg: Reference new Tcg2PlatformPei in the build system >=20 > OvmfPkg/AmdSev/AmdSevX64.dsc | 8 + > OvmfPkg/AmdSev/AmdSevX64.fdf | 2 + > OvmfPkg/OvmfPkgIa32.dsc | 8 + > OvmfPkg/OvmfPkgIa32.fdf | 2 + > OvmfPkg/OvmfPkgIa32X64.dsc | 8 + > OvmfPkg/OvmfPkgIa32X64.fdf | 2 + > OvmfPkg/OvmfPkgX64.dsc | 8 + > OvmfPkg/OvmfPkgX64.fdf | 2 + > .../Include/Library/TpmPlatformHierarchyLib.h | 27 ++ > .../PeiDxeTpmPlatformHierarchyLib.c | 255 ++++++++++++++++++ > .../PeiDxeTpmPlatformHierarchyLib.inf | 44 +++ > SecurityPkg/SecurityPkg.dec | 6 + > .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 85 ++++++ > .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 43 +++ > .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 107 ++++++++ > .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 51 ++++ > 16 files changed, 658 insertions(+) > create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h > create mode 100644 > SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar > chyLib.c > create mode 100644 > SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar > chyLib.inf > create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c > create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf > create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c > create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf >=20 > -- > 2.31.1