From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by mx.groups.io with SMTP id smtpd.web10.27203.1631525508812587611
 for <devel@edk2.groups.io>;
 Mon, 13 Sep 2021 02:31:50 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=YFqUnviz;
 spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10105"; a="221671082"
X-IronPort-AV: E=Sophos;i="5.85,288,1624345200"; 
   d="scan'208";a="221671082"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2021 02:31:47 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,288,1624345200"; 
   d="scan'208";a="608759654"
Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86])
  by fmsmga001.fm.intel.com with ESMTP; 13 Sep 2021 02:31:46 -0700
Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by
 fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Mon, 13 Sep 2021 02:31:46 -0700
Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by
 fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Mon, 13 Sep 2021 02:31:46 -0700
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.104)
 by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Mon, 13 Sep 2021 02:31:45 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=NybLtgvp68aItODbRrgGuMLBjnu4unxjKvKDVsszSNhqd9aKqdjJkASyhb23f3LZ46Rl2croVPNp0UXNLf28v4TthfqnBakpEUdsw2yRScsmVxfDbQswFpsFjMbSYOyO+CLZnHIU0HzwOUDPoaopU6nyN4f7gJaAdYpk9nysqXzEy1RGH/jSEm79ABS+Z07g0s700nCjrl7u2si7y9NgtzF7wLzlojRclmlBfEWMYYgEHj2dWNT5y8aGhquFsM5IgW0nmTEB4FE5atJvrWAFxHWRQUywcUg9frgI4hySXDPes8a6xMmj0jXAqlZuvzvFXHQh9PxA6aEzMFUEiIHnzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=u+ZWvC4BygGChQD+/52wnAlFyjb6YqKldO6zMXICvo4=;
 b=CoBTOq1QS2wY1yNIMBf40qztntZDRxrqvqVIE/fcSV+ZSJQFetNvnmz0Q3Ahg2SW1Dl2SXduss+GKMMksk4pToWZ8jHJ/BqcpwFjvhJMwU68jm0HYB84rJ8sgHZsVFM8mg4teSUuRljEz+OC5YPIe0ezl740QnRwFWM3QgImVHlEHl9SWVwiF3i+R019sLbGLIl8NxFDayD7t2Q3hoWbfbeOFR+vL9jpqoECDVp973iyivGHvxpGtfG4ypKbDlVYK46oprmIAHX3rbNsk1BOcMr4nph65mc5N5kPMslctO2WvgikmxYJjgWZnUNoitg67CfX+KsBiaMaAYF7XJjR8Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=u+ZWvC4BygGChQD+/52wnAlFyjb6YqKldO6zMXICvo4=;
 b=YFqUnvizAGQvV661enWVnyO/oFXr/EujrKKtfe1Y5r6rkk8132d7BxcNv+VV5qCxw6R/ddwjeVWM7f5F6/BUTDCDKJLdHrhz8IiMXt9gCeloUAmC7OzYvtvNSKxabOvE6tZuvHpQ8XQE4wF3Yb1sN6Q1PYYRZRLfgW0lHZEBJCM=
Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14)
 by PH0PR11MB5207.namprd11.prod.outlook.com (2603:10b6:510:32::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Mon, 13 Sep
 2021 09:31:45 +0000
Received: from PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306]) by PH0PR11MB4885.namprd11.prod.outlook.com
 ([fe80::754e:42e9:16cd:1306%7]) with mapi id 15.20.4500.018; Mon, 13 Sep 2021
 09:31:45 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Yao, Jiewen"
	<jiewen.yao@intel.com>, Stefan Berger <stefanb@linux.vnet.ibm.com>
CC: "mhaeuser@posteo.de" <mhaeuser@posteo.de>, "spbrogan@outlook.com"
	<spbrogan@outlook.com>, "marcandre.lureau@redhat.com"
	<marcandre.lureau@redhat.com>, "kraxel@redhat.com" <kraxel@redhat.com>
Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy
Thread-Topic: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
 hierarchy
Thread-Index: AQHXpaEjYTHqRpqWPkOoDiEmU8dZHauhkK4wgAAn86A=
Date: Mon, 13 Sep 2021 09:31:44 +0000
Message-ID: <PH0PR11MB4885CCECDC6C0F8E6DA72BE88CD99@PH0PR11MB4885.namprd11.prod.outlook.com>
References: <20210909173538.2380673-1-stefanb@linux.vnet.ibm.com>
 <16A44FFF7B7DEB00.6211@groups.io>
In-Reply-To: <16A44FFF7B7DEB00.6211@groups.io>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6a7b3de5-0940-4899-cb7f-08d976994d6f
x-ms-traffictypediagnostic: PH0PR11MB5207:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <PH0PR11MB52076195B423B741DCEAEDBA8CD99@PH0PR11MB5207.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wUoDTzNszfpfNTjaNQLA/zop/wlEnvyZarjgBuAthUCqflafYumokbi5CwLIG0DcK2cHbN3Y+SJTOi61l/z9cxtSl/IQZ9QJl2fnXJjSBmlrZ161aNtCyxaVpxi6YWTgJzVtwGSvl5Yh6g8+yNwdtGxY7R2bckuKj8mjm700TMKNMTusNG0sZU90uLQe1/FRoy1KUd/utrSH6SYAWckpajIrTpLv1r+IiICcu5OESS9hnF/nvj5wjFBIp/KeJ9prAszV9NN2VoOebvttSlO9ODvnL/35f17Hok+BZHqxIN/rhA05xuJBb6vbxwNIVTYdVue/UiUTLwUGhbSGzZd8JThXagCzEJQJfFu0ZLUG03ht7R8I0shtkOc8QVoJ4QOYAqRi7dHDcpzAEVzJncEVatNZsv3xuAT6/t0f2iFmHAQFz4jz2przCLKv18a+jhJb381NSie+bmm2LOe6WLdofcMFMC4rskgl5cbVACZ2lJQwDFCDWJ6t1eH0F8ii6ryc3OUi3ucSL1QlgTacZ+MTUQx14jQPRIxfTFcypq3yrgotzl3fDQeUYv3RVoNpwe6+mtN5F8qW/dCRudIN/FBXhTz6lXR6n55H4uA2BFhYOmJ3MpX9HrWmNKUT6XHGHM7soykgcyiL5X4xaorCXdg9ZX3EfbNF4a/2vjyNqbouTy8NG1l2n3ticA6Tfo/18YNIxwu8sJFrvfLzhCLOBnEcpFnEc6b3pcJLssniWjTWPRgJlkNOwpwj6Q9FjZ+kV0sP7IIZ/dzF14tsNl0hsU6ssDWgscp+VYk1H+zc/MRDrLMctyq24TvTiLkM4ndN6of53nhlDp89dmHldm7mIiIowQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(396003)(366004)(376002)(346002)(71200400001)(478600001)(38070700005)(7696005)(9686003)(86362001)(54906003)(316002)(83380400001)(76116006)(66556008)(45080400002)(5660300002)(19627235002)(66476007)(110136005)(2906002)(186003)(26005)(8936002)(53546011)(6506007)(8676002)(33656002)(4326008)(52536014)(122000001)(38100700002)(66446008)(64756008)(966005)(66946007)(55016002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?rbtbIpwMvl6fmq3wl9Y3OjVGxUdHdQJPyu2yvJ0tHIffvwgaUcUuTpK8tbF/?=
 =?us-ascii?Q?FMFJrtoSF8dCWH4MtKZSxfqFK29rEjtA/lWYgqQgw5d9Z+3wjbJKujAS/Xzn?=
 =?us-ascii?Q?QVJuPuTlKJ21nfEGYPKlYxigN2MO9AUCVssOCBDw3rrjke3dgk7dMTypEZbx?=
 =?us-ascii?Q?CbGWSHlHABWloGLNrTDP3ON1ISZNmqy+JrTbSJa7o5Uh9XZhSBPvMgG8LBlY?=
 =?us-ascii?Q?Uvd3IYvcJiySsv/hy9nm1BkJ+HG+hqzdtRHfrtpsyZ7C9Ftr0HXoPqW14QPN?=
 =?us-ascii?Q?GEfWO45r3iHjahLgE4/w28kj/uVDdOLyXbC+1uZW/TGfWU5LlabHDu3LPt9u?=
 =?us-ascii?Q?zyaR//h2nZQBhGjlVug90NwbNkiTXSvfWHWqM1ZSPusNLF9HwwlGe1k2Jp5W?=
 =?us-ascii?Q?fOF1pXI1mD90M3zx0xfXY8OVB31LFtAEP+ED3kqr6F21wr9+ta1QSpqmdHI9?=
 =?us-ascii?Q?vAkFwul3q9gYa4yMgvRyRNiqWqEn35/YB6TJnrbGUKoOtD9mSN4Wwoppweh7?=
 =?us-ascii?Q?+HZeAQSAonCDyp+n9HHrRwfRhKhHaUWRqZY3wK5s4onZ1rUbjRyI1+wkcTi+?=
 =?us-ascii?Q?GP/UhiBT5QuEguljog+v/R3WkLRq6qkhDNNytWC4AqkueZnZtDypTF8C+SuU?=
 =?us-ascii?Q?Ffwq8zgvUhph1zX8vC7rRU3x4AiEkRpv8nYDb18t/oXjC7RLdGDKgGDdByQx?=
 =?us-ascii?Q?csbjrySq68kTjaKvFNGW7opz2DtWHltkhqvVtGN8JiZ46/z6M7jNxTPHfAiB?=
 =?us-ascii?Q?oZKqCiA6KwtpC5wr3rP6So2Y+zf8aqjt3I7/rlLs3kAHTfRxn3kgFjwd8rlc?=
 =?us-ascii?Q?2QSOpALJpN1FZXzIE2R/9cs+DFP17Gf0dDIk8mtY2tsORODvdkSp6UyDmQ8G?=
 =?us-ascii?Q?wrWWeUbqhfiRY6jEIBFt1d2eQMOD+UzKhrYpkNrJEni2VB/X2tlu8n/LWHO1?=
 =?us-ascii?Q?nwjvLnVOoF+vtaxfqQj4FYg7MIS9fK9869j3KmF7Uxbm4+A0S0I8qhPLHA1n?=
 =?us-ascii?Q?0yxqQ7G9dHh5d2iODcSxl0OPTDWWVzMGD71Du+4Hq2U6otF484pKReGcLOcZ?=
 =?us-ascii?Q?TIH9Eyp1kfYz9A3NWuFPhgJj4+BwjRPGo1QBzHBzTviql4Dz8xULw+UtkfOK?=
 =?us-ascii?Q?+xfzQHcNN6jgQ4DbBGb5oCELLX6xBa5k69zPzcpiW+jzOqg+/0vHujwm2NoT?=
 =?us-ascii?Q?eEHWS6YkgLkYox+Y0TcJwGirsH+5MKDvCVHqwQ4YcUL9pnigmfQtPeU84IH7?=
 =?us-ascii?Q?xRfv0COmQr40xv/NDlNPvIXOA2950lpDulZ2zEcEZwNkwX8ch2+fMJkIcouv?=
 =?us-ascii?Q?/x9iZd6m+T5og0UzVZqgZX3p?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a7b3de5-0940-4899-cb7f-08d976994d6f
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2021 09:31:44.9567
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: O5q0f8g7g/4BxqSliCovUxSbsT2OBhdwA8dPf/IYhn58SeZDExnRwwAaDj22ADlOOgAD4w8W4WP+Z1W405fBuw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5207
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Stefan
CI fails on your patch - https://github.com/tianocore/edk2/pull/1965

Would you please take a look and fix that?

It is always recommended to run CI by yourself before you submit the patch.

Thank you
Yao Jiewen


> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewe=
n
> Sent: Monday, September 13, 2021 3:08 PM
> To: Stefan Berger <stefanb@linux.vnet.ibm.com>; devel@edk2.groups.io
> Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> marcandre.lureau@redhat.com; kraxel@redhat.com
> Subject: Re: [edk2-devel] [PATCH v7 0/9] Ovmf: Disable the TPM2 platform
> hierarchy
>=20
> According to the discussion, the OvmfPkg update requires more work.
> We decide to push the SecurityPkg as first wave.
>=20
> SecurityPkg: Reviewed by: Jiewen Yao <Jiewen.yao@intel.com>
>=20
>=20
>=20
> > -----Original Message-----
> > From: Stefan Berger <stefanb@linux.vnet.ibm.com>
> > Sent: Friday, September 10, 2021 1:35 AM
> > To: devel@edk2.groups.io
> > Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
> > marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
> > <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.vnet.ibm.com>
> > Subject: [PATCH v7 0/9] Ovmf: Disable the TPM2 platform hierarchy
> >
> > This series imports code from the edk2-platforms project related to
> > disabling the TPM2 platform hierarchy in Ovmf. It addresses the Ovmf
> > aspects of the following bugs:
> >
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3510
> > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3499
> >
> > I have patched the .dsc files and successfully test-built with most of
> > them. Some I could not build because they failed for other reasons
> > unrelated to this series.
> >
> > I tested the changes with QEMU on x86 following the build of
> > OvmfPkgX64.dsc.
> >
> > Neither one of the following commands should work anymore on first
> > try when run on Linux:
> >
> > With IBM tss2 tools:
> > tsshierarchychangeauth -hi p -pwdn newpass
> >
> > With Intel tss2 tools:
> > tpm2_changeauth -c platform newpass
> >
> > Regards,
> >   Stefan
> >
> > v7:
> >  - Ditched ARM support in this series
> >  - Using Tcg2PlatformDxe and Tcg2PlaformPei from edk2-platforms now
> >    and revised most of the patches
> >
> > v6:
> >  - Removed unnecessary entries in .dsc files
> >  - Added support for S3 resume failure case
> >  - Assigned unique FILE_GUID to NULL implementation
> >
> > v5:
> >  - Modified patch 1 copies the code from edk2-platforms
> >  - Modified patch 2 fixes bugs in the code
> >  - Modified patch 4 introduces required PCD
> >
> > v4:
> >  - Fixed and simplified code imported from edk2-platforms
> >
> > v3:
> >  - Referencing Null implementation on Bhyve and Xen platforms
> >  - Add support in Arm
> >
> >
> > Stefan Berger (9):
> >   SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
> >     edk2-platforms
> >   SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
> >   SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
> >   SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable
> >   SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
> >   OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
> >     compilation
> >   SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
> >   SecurityPkg/Tcg: Make Tcg2PlatformPei buildable
> >   OvmfPkg: Reference new Tcg2PlatformPei in the build system
> >
> >  OvmfPkg/AmdSev/AmdSevX64.dsc                  |   8 +
> >  OvmfPkg/AmdSev/AmdSevX64.fdf                  |   2 +
> >  OvmfPkg/OvmfPkgIa32.dsc                       |   8 +
> >  OvmfPkg/OvmfPkgIa32.fdf                       |   2 +
> >  OvmfPkg/OvmfPkgIa32X64.dsc                    |   8 +
> >  OvmfPkg/OvmfPkgIa32X64.fdf                    |   2 +
> >  OvmfPkg/OvmfPkgX64.dsc                        |   8 +
> >  OvmfPkg/OvmfPkgX64.fdf                        |   2 +
> >  .../Include/Library/TpmPlatformHierarchyLib.h |  27 ++
> >  .../PeiDxeTpmPlatformHierarchyLib.c           | 255 ++++++++++++++++++
> >  .../PeiDxeTpmPlatformHierarchyLib.inf         |  44 +++
> >  SecurityPkg/SecurityPkg.dec                   |   6 +
> >  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     |  85 ++++++
> >  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  43 +++
> >  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c     | 107 ++++++++
> >  .../Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf   |  51 ++++
> >  16 files changed, 658 insertions(+)
> >  create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib=
.h
> >  create mode 100644
> >
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> > chyLib.c
> >  create mode 100644
> >
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> > chyLib.inf
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
> >  create mode 100644 SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
> >
> > --
> > 2.31.1
>=20
>=20
>=20
>=20
>=20
>=20