From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: Laszlo Ersek <lersek@redhat.com>,
marcandre.lureau@redhat.com, edk2-devel@lists.01.org
Cc: pjones@redhat.com, jiewen.yao@intel.com, qemu-devel@nongnu.org,
javierm@redhat.com
Subject: Re: [PATCH 6/7] ovmf: link with Tcg2ConfigDxe module
Date: Thu, 1 Mar 2018 11:59:16 -0500 [thread overview]
Message-ID: <b1eb7e49-f2ba-6115-79b1-a299af8e5032@linux.vnet.ibm.com> (raw)
In-Reply-To: <4dc45713-b15d-0db5-d72e-ccb007cd2487@redhat.com>
On 02/26/2018 04:58 AM, Laszlo Ersek wrote:
> On 02/23/18 14:23, marcandre.lureau@redhat.com wrote:
>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>
>> The module allows to tweak and interact with the TPM. Note that many
>> actions are broken due to implementation of qemu TPM (providing it's
>> own ACPI table), and the lack of PPI implementation.
>>
>> CC: Laszlo Ersek <lersek@redhat.com>
>> CC: Stefan Berger <stefanb@linux.vnet.ibm.com>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> ---
>> OvmfPkg/OvmfPkgX64.dsc | 2 ++
>> OvmfPkg/OvmfPkgX64.fdf | 1 +
>> 2 files changed, 3 insertions(+)
>>
>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
>> index 9bd0709f98..2281bd5ff8 100644
>> --- a/OvmfPkg/OvmfPkgX64.dsc
>> +++ b/OvmfPkg/OvmfPkgX64.dsc
>> @@ -669,6 +669,8 @@
>> NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
>> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
>> }
>> +
>> + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>> !endif
>>
>> !if $(SECURE_BOOT_ENABLE) == TRUE
>> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
>> index b8dd7ecae4..985404850f 100644
>> --- a/OvmfPkg/OvmfPkgX64.fdf
>> +++ b/OvmfPkg/OvmfPkgX64.fdf
>> @@ -399,6 +399,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>>
>> !if $(TPM2_ENABLE) == TRUE
>> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
>> +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>> !endif
>>
>> ################################################################################
>>
> Please drop this patch.
>
> In my earlier investigation I wrote, Tcg2ConfigDxe "[p]rovides a Setup
> TUI interface to configure the TPM. IIUC, it can also save the
> configured TPM type for subsequent boots (see Tcg2ConfigPei.inf above)".
>
> The INF file itself says "This module is only for reference only, each
> platform should have its own setup page."
>
> And Jiewen wrote earlier, "Tcg2ConfigPei/Dxe are platform sample driver.
> A platform may have its own version based upon platform requirement. For
> example, if a platform supports fTPM, it may use another Tcg2Config driver."
>
> Given that OVMF lacks PEI-phase variable access, and that I consequently
> suggested cloning, and seriously trimming, Tcg2ConfigPei, it makes no
> sense to include an HII dialog that sets a variable for PEI phase
> consumption. Also, as you say, many of the exposed operations are broken
> due to lack of PPI support. So let's just postpone the inclusion of this
> driver, for now.
Just FYI: The PPI support for the OS requires ACPI and, as it is
currently implemented, SMF where UEFI variables are manipulated. Some
menu items in the TPM 2 menu (also TPM 1.2) also require these UEFI
variables of the PPI interface so that UEFI can react on the menu
choices upon re.
Stefan
next prev parent reply other threads:[~2018-03-01 16:53 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-23 13:23 [PATCH 0/7] RFC: ovmf: preliminary TPM2 support marcandre.lureau
2018-02-23 13:23 ` [PATCH 1/7] SecurityPkg/Tcg2Pei: drop Tcg2PhysicalPresenceLib dependency marcandre.lureau
2018-02-23 15:58 ` Laszlo Ersek
2018-02-24 0:09 ` Yao, Jiewen
2018-03-02 14:34 ` Laszlo Ersek
2018-02-23 13:23 ` [PATCH 2/7] ovmf: link with Tcg2ConfigPei module marcandre.lureau
2018-02-23 17:31 ` Laszlo Ersek
2018-03-01 14:59 ` Marc-André Lureau
2018-03-02 10:50 ` Laszlo Ersek
2018-02-23 13:23 ` [PATCH 3/7] HACK: HobLib: workaround infinite loop marcandre.lureau
2018-02-23 19:14 ` Laszlo Ersek
2018-02-23 19:45 ` Andrew Fish
2018-03-05 14:05 ` Marc-André Lureau
2018-03-05 18:22 ` Laszlo Ersek
2018-03-05 20:18 ` Andrew Fish
2018-03-06 0:45 ` Brian J. Johnson
2018-03-06 8:38 ` Laszlo Ersek
2018-03-06 2:02 ` Gao, Liming
2018-02-23 13:23 ` [PATCH 4/7] ovmf: link with Tcg2Pei module marcandre.lureau
2018-02-26 9:38 ` Laszlo Ersek
2018-03-01 15:08 ` Marc-André Lureau
2018-03-02 10:51 ` Laszlo Ersek
2018-02-23 13:23 ` [PATCH 5/7] ovmf: link with Tcg2Dxe module marcandre.lureau
2018-02-26 9:50 ` Laszlo Ersek
2018-03-05 15:45 ` Marc-André Lureau
2018-03-05 19:25 ` Laszlo Ersek
2018-02-23 13:23 ` [PATCH 6/7] ovmf: link with Tcg2ConfigDxe module marcandre.lureau
2018-02-26 9:58 ` Laszlo Ersek
2018-03-01 16:59 ` Stefan Berger [this message]
2018-03-02 11:12 ` Laszlo Ersek
2018-03-02 13:35 ` [Qemu-devel] " Stefan Berger
2018-02-23 13:23 ` [PATCH 7/7] ovmf: add DxeTpm2MeasureBootLib marcandre.lureau
2018-02-26 10:29 ` Laszlo Ersek
2018-02-23 15:55 ` [PATCH 0/7] RFC: ovmf: preliminary TPM2 support Laszlo Ersek
2018-03-01 16:36 ` [Qemu-devel] " Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b1eb7e49-f2ba-6115-79b1-a299af8e5032@linux.vnet.ibm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox