From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web09.22.1631552201849997960
 for <devel@edk2.groups.io>;
 Mon, 13 Sep 2021 09:56:43 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Cn+19plF;
 spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10106"; a="307283833"
X-IronPort-AV: E=Sophos;i="5.85,290,1624345200"; 
   d="scan'208";a="307283833"
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2021 09:56:40 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,290,1624345200"; 
   d="scan'208";a="582473158"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
  by orsmga004.jf.intel.com with ESMTP; 13 Sep 2021 09:56:40 -0700
Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Mon, 13 Sep 2021 09:56:40 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Mon, 13 Sep 2021 09:56:40 -0700
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.175)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Mon, 13 Sep 2021 09:56:39 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QTwv+PTTXGqsO/vkP/H1NzYS+ca6Oltji6AJKzvM/nvc+JshPVojIx0ycfbiZwUZrFNe0P8on6648cfjjJy76mQdo9mXJyZL8Dxy6To7EZEkm58zleD4h/XIhcYczSlC4fWBqqRQWXRJ7FgpNGxUVozBQtsyGtwzATnPGZGEBzTa67S1ZrDnlAdQxpgvrbJ3YvfAKg37F1gIp21S9ZdSpA38YE2cRlam8R8hc/yJNPCZGmyyLoGKilV7WdAxo03Jzh6RyuHnhUy750pJbOwqVf2V4Rk+dUbyLc/DFdgZkHGRwDYA4eRzJ/gzQXLJqLLxHvj416uFMcvhtSnqQ1WuwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=mvqo+9ZMcneefq5dvJY0DMN+c4vV/iHNOAZdFVbWfXY=;
 b=UFht/n3lwTZBG8/UmVaeIzgnc272eKuI/9h+tVtzex7cQP3IkzwsOUlnmpITkFanY46yt6oB6EaCWqe9E2u1PpSBlX0f2jMD9aBWP7N/r3vroxoogxtu8DJsnCgIsg3xdNGwZ9onSFOoa8PPlbE8J4QgKnsZxi0wKAefjFKlnKGzs7jLTt3/fPHaemvLrAF0WuiBERhj+bolKkcJw0EvWXpsrVuPR4Rg7MFyVD+RkLm9pctqZBR2M1r/KHXzwmmlymuPMND5fGyCQMQKheUO9oocRJGsrWR/EnBWatzm+u/uPJB87gNcdJgjb1rwj2c3N23yusDUYH9dpS+AP1i9cQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=mvqo+9ZMcneefq5dvJY0DMN+c4vV/iHNOAZdFVbWfXY=;
 b=Cn+19plFTqCkn41fvCofCFztoyEKZodLjg33WMu0WdFlMi7zedICsLlHG1wZvLV+DOUCS+EFJu7lvOCwoBcVykUReCrrNtBLmykm+RWgYb6GT2czrMLdwbNRL+avzAv+n63o/qac32cD8WeDGegQaORqJ2Q+V61NWnwnTksGHiE=
Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14)
 by PH0PR11MB4856.namprd11.prod.outlook.com (2603:10b6:510:32::10) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Mon, 13 Sep
 2021 16:56:36 +0000
Received: from PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306%7]) with mapi id 15.20.4500.019; Mon, 13 Sep 2021
 16:56:36 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "mhaeuser@posteo.de" <mhaeuser@posteo.de>, "spbrogan@outlook.com"
	<spbrogan@outlook.com>, "marcandre.lureau@redhat.com"
	<marcandre.lureau@redhat.com>, "kraxel@redhat.com" <kraxel@redhat.com>
Subject: Re: [PATCH v8 00/10] Ovmf: Disable the TPM2 platform hierarchy
Thread-Topic: [PATCH v8 00/10] Ovmf: Disable the TPM2 platform hierarchy
Thread-Index: AQHXqKqkul7cwwZCq0i5HZs/l2AEf6uiLwpw
Date: Mon, 13 Sep 2021 16:56:36 +0000
Message-ID: <PH0PR11MB4885A9E03ED277FEEDA0D3968CD99@PH0PR11MB4885.namprd11.prod.outlook.com>
References: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com>
In-Reply-To: <20210913142106.2526997-1-stefanb@linux.vnet.ibm.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: linux.vnet.ibm.com; dkim=none (message not signed)
 header.d=none;linux.vnet.ibm.com; dmarc=none action=none
 header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0d7db596-f703-4e5b-ed72-08d976d772a1
x-ms-traffictypediagnostic: PH0PR11MB4856:
x-microsoft-antispam-prvs: <PH0PR11MB485663F8EE94BF6C4303840A8CD99@PH0PR11MB4856.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OG0sLTsKuISqyj4aTvbpz4uqh+SLAp62/SlhSMBsoJXkwTgWA1hjyQjb9wwO/pRGvW3gZDADzHRtQWV/ZPhRRuyc02X1V00nlanHXdYWZLgPZLru2zeixYqsL719wyXGb6I7JOu5u1hPJE+swK1OxzdVrVmZ+ftFriKHng/eNDYg3eZCsDhf/uZ8KO3RT6Yuk8vMNkTolPdy/IuQnResL6paUfklzXHub+oM9Vt4IRTxYPQuxE+tISkEKtgzS6kvPDHnu8que73l1/MW3/BoxNy2ECmgztYiVr5n5Bsf4aYRhVVHT9x3AxhzGmdb3exrlDM8CqkfmqFbGi6yE8+BVF3M2SdI3YWbzEDoFx6yCXwWaamhuGukgC/HL2L2I7X4C910Ku09+4K9cBXO3nkFtigpVWxpTtlwbzgAhmKmhwTGhfHELK/BNj2dRUZWgPA1mKRJWq5a/cWZtxP94B1OXSdnZyG/+QFjT2TlWYSol9U0B/kxbR0l9CEKYykffo//xHan44dMBrCiU27jA1b5cgYOsGshH11po+/f8d1f6aXgceeDLZFPU0JW9lNt/mpfnG4XraAcqESuiUMImfyq7Y+Wh93fhotAQgG69IRcX7qHNgnw4XoUSL0OrQB1b+axTBDfuG1OZW/ORP2nOSo+ctygAKyc9+tjHG9Ca3uHj07WqQPwRbCM4ZlNiaVWWbAbQVXe+1l7iuRFb7g8ZnM4HEaXbHHePyO+oENF3CrT5+LYSPxwO6IjgdWCoX3eK/HjeUOpnY33cpbVDbj/VAafb4vvdo0dg68cc3Ce4/zte1yq+rcKHljiYEUAWdwh+DPXv01fVNrhE/9LRRprU8KdwQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(39860400002)(366004)(136003)(396003)(110136005)(7696005)(45080400002)(19627235002)(53546011)(9686003)(6506007)(8936002)(8676002)(86362001)(66946007)(2906002)(66446008)(122000001)(38100700002)(71200400001)(316002)(38070700005)(52536014)(66556008)(966005)(4326008)(66476007)(83380400001)(55016002)(186003)(54906003)(76116006)(64756008)(478600001)(33656002)(26005)(5660300002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?rkhLOgxIeFCJVipvqNdljEC/dR/AwG8OjEXUPgTguWcqxmJoGQI2x4WCg47l?=
 =?us-ascii?Q?IlHGjdgodBkYCIefoNi+DNh/+LgbBUIg/uT2x/F89TqVeTPHF6obO9Hd3JoK?=
 =?us-ascii?Q?uEHFv5jheGEoOBkERzbJy8IQcTJ6PgAnkZp+WqNGDyA3dbno1toHDrN8dimv?=
 =?us-ascii?Q?CVQdd0UFUucfFtjErM5Cvwdf77TsYNX4aPhqO3BynWpq5Cdoew8Fi04yD2fe?=
 =?us-ascii?Q?OdurdzYIzc00QfboWl3yYsQ8PIOxc+XjwWQcUpH0QsqGqYSBow4ug8iBDFk3?=
 =?us-ascii?Q?cKTdOP2XjwSnj8UCe9SKb1kT2wlqCJ1ji4wrFSyajBwMba+S14prtJN4HbAc?=
 =?us-ascii?Q?PLg2VYT3+irvCwcnsHzVt7ckbMaoNnb+L+sOZehi0RRvLOn5xs0hklDGQZwz?=
 =?us-ascii?Q?P2xs/6qUDqE4PQCWwafmhVFbHJbcyWfClKFjeMMF2G7aH83kUEmjisuVP4VF?=
 =?us-ascii?Q?b++3377GmM0C6pKsHfCRiw0X+7luDuB1Hnr5qa3qLlDv6UN327zsYI136qJY?=
 =?us-ascii?Q?HpvEe2cu6tfjZfhdlcgcibh3YBbT7bF7Ge6NjwjG7wuiURh6gFixGsNfdNj7?=
 =?us-ascii?Q?mKsN3ZsaixVFl1XRV219uXlc9N41sDZyOP6EtETpNYH5+YjnOPdF62crVH3F?=
 =?us-ascii?Q?HYYpFX56sV6PXBnuS33usPAzU8inw0NEenUCqxPzmYixtZdIVOTobrJfx6ot?=
 =?us-ascii?Q?q2XVaYsa8Kg0Lqm79TYs4fGPHOyrzaurhBjy2la2WS7uUYb6M1mOPfWXsc0q?=
 =?us-ascii?Q?4CbhDo+LFChJMhYfpeUZePQD+moeE+iwAQe1orKjc37rqbZxEDMwfCY51sy4?=
 =?us-ascii?Q?efUmhoesbcsYzl9SwpbD8cDaGDUdx0QCC4eHlXEkJBbwU5jw879MDjRRlh3k?=
 =?us-ascii?Q?7tP/pnQZFywGgEwQU0VVCJEnnIxlBIN8zCiteHkWXJB7VZRER0S+XZdk4fgj?=
 =?us-ascii?Q?xVvCKbFkX0kj1TflUiO3tn4c1SNSArlrKV0c2qEzjTylUKSIjbppXybr4z/O?=
 =?us-ascii?Q?Dz6RtpSOS/6ezY8KOFakEldzZbGt2LaaxgLrlw3vo+7LpJxKMPDnjuM7OLBx?=
 =?us-ascii?Q?V2s9BtiQmytMqDENHanS6lkBiaprsjeYsTbStpSf9m6HBSE+2zMz2rsXg1Et?=
 =?us-ascii?Q?zCCxg79XB0IzVEeCzplrBBySbYFr0lb4qwLjZZVcK9N9hFRlgpZHt65IWSkc?=
 =?us-ascii?Q?QC9UfXtVcBVnjKtS4uSG8xmLGjH/hgkVeyroI7A9zmj4isvQJgaf8n30AJVR?=
 =?us-ascii?Q?0zfxl4iNc8HM+tDLiYaY/lX88UiHGv+FyEFrZ/tF1uwNR6fZej3bMq+5J7Pb?=
 =?us-ascii?Q?Z/BnEQkX4ZxkBySY1AH5ojI4?=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0d7db596-f703-4e5b-ed72-08d976d772a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2021 16:56:36.2169
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XanWUZnPA6hqxecjOljAvNE5Bso5PfTq6fz9p8uXaFqE8o231OAYV+1e2+0Ujhz9roeSbgvGEwhcb7JcrBvf8w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4856
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

PR - https://github.com/tianocore/edk2/pull/1968
Git Hash: 3b69fcf5f849021aa3bc810f8100ea71c03019e5..610d8073f29f30aa2f9dd58=
fe9d59e0dc979d085

Thank you
Yao Jiewen

> -----Original Message-----
> From: Stefan Berger <stefanb@linux.vnet.ibm.com>
> Sent: Monday, September 13, 2021 10:21 PM
> To: devel@edk2.groups.io
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.vnet.ibm.com>
> Subject: [PATCH v8 00/10] Ovmf: Disable the TPM2 platform hierarchy
>=20
> This series imports code from the edk2-platforms project related to
> disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> aspects of the following bugs:
>=20
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D3499
>=20
> I have patched the .dsc files and successfully test-built with most of
> them. Some I could not build because they failed for other reasons
> unrelated to this series.
>=20
> I tested the changes with QEMU on x86 following the build of
> OvmfPkgX64.dsc.
>=20
> Neither one of the following commands should work anymore on first
> try when run on Linux:
>=20
> With IBM tss2 tools:
> tsshierarchychangeauth -hi p -pwdn newpass
>=20
> With Intel tss2 tools:
> tpm2_changeauth -c platform newpass
>=20
> Regards,
>   Stefan
>=20
> v8:
>  - Fixed style issue in imported code; added patch 10
>=20
> v7:
>  - Ditched ARM support in this series
>  - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
>    and revised most of the patches
>=20
> v6:
>  - Removed unnecessary entries in .dsc files
>  - Added support for S3 resume failure case
>  - Assigned unique FILE_GUID to NULL implementation
>=20
> v5:
>  - Modified patch 1 copies the code from edk2-platforms
>  - Modified patch 2 fixes bugs in the code
>  - Modified patch 4 introduces required PCD
>=20
> v4:
>  - Fixed and simplified code imported from edk2-platforms
>=20
> v3:
>  - Referencing Null implementation on Bhyve and Xen platforms
>  - Add support in Arm
>=20
>=20
>=20
> Stefan Berger (10):
>   SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
>     edk2-platforms
>   SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
>   SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
>   SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues
>   SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
>   OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
>     compilation
>   SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
>   SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues
>   OvmfPkg: Reference new Tcg2PlatformPei in the build system
>   SecurityPkg: Add references to header and inf files to SecurityPkg
>=20
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
>  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
>  OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
>  OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
>  OvmfPkg/OvmfPkgX64.dsc                        |   8 +
>  OvmfPkg/OvmfPkgX64.fdf                        |   2 +
>  .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
>  .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
>  .../PeiDxeTpmPlatformHierarchyLib.inf         |  43 +++
>  SecurityPkg/SecurityPkg.dec                   |  10 +
>  SecurityPkg/SecurityPkg.dsc                   |  12 +
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
>  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 108 ++++++++
>  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  52 ++++
>  17 files changed, 675 insertions(+)
>  create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.c
>  create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.inf
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
>  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
>=20
> --
> 2.31.1