From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stefanb@linux.vnet.ibm.com>
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=148.163.158.5;
 helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
 [148.163.158.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C6D462034D8C5
 for <edk2-devel@lists.01.org>; Thu,  1 Mar 2018 08:53:22 -0800 (PST)
Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
 by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
 w21GxUmh102238
 for <edk2-devel@lists.01.org>; Thu, 1 Mar 2018 11:59:30 -0500
Received: from e16.ny.us.ibm.com (e16.ny.us.ibm.com [129.33.205.206])
 by mx0b-001b2d01.pphosted.com with ESMTP id 2gekty5jq9-1
 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
 for <edk2-devel@lists.01.org>; Thu, 01 Mar 2018 11:59:29 -0500
Received: from localhost
 by e16.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
 Violators will be prosecuted
 for <edk2-devel@lists.01.org> from <stefanb@linux.vnet.ibm.com>;
 Thu, 1 Mar 2018 11:59:20 -0500
Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27)
 by e16.ny.us.ibm.com (146.89.104.203) with IBM ESMTP SMTP Gateway: Authorized
 Use Only! Violators will be prosecuted; 
 Thu, 1 Mar 2018 11:59:17 -0500
Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com
 [9.57.199.110])
 by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 w21GxGej43909196; Thu, 1 Mar 2018 16:59:16 GMT
Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 2AB8DAE03C;
 Thu,  1 Mar 2018 12:00:40 -0500 (EST)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
 by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP id 1C49AAE03B;
 Thu,  1 Mar 2018 12:00:40 -0500 (EST)
To: Laszlo Ersek <lersek@redhat.com>, marcandre.lureau@redhat.com,
 edk2-devel@lists.01.org
References: <20180223132311.26555-1-marcandre.lureau@redhat.com>
 <20180223132311.26555-7-marcandre.lureau@redhat.com>
 <4dc45713-b15d-0db5-d72e-ccb007cd2487@redhat.com>
Cc: pjones@redhat.com, jiewen.yao@intel.com, qemu-devel@nongnu.org,
 javierm@redhat.com
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 1 Mar 2018 11:59:16 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <4dc45713-b15d-0db5-d72e-ccb007cd2487@redhat.com>
X-TM-AS-GCONF: 00
x-cbid: 18030116-0024-0000-0000-0000032FA695
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008608; HX=3.00000241; KW=3.00000007;
 PH=3.00000004; SC=3.00000254; SDB=6.00996870; UDB=6.00506833; IPR=6.00776188; 
 MB=3.00019803; MTD=3.00000008; XFM=3.00000015; UTC=2018-03-01 16:59:19
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18030116-0025-0000-0000-00004730B519
Message-Id: <b1eb7e49-f2ba-6115-79b1-a299af8e5032@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
 definitions=2018-03-01_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1803010211
Subject: Re: [PATCH 6/7] ovmf: link with Tcg2ConfigDxe module
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 16:53:23 -0000
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

On 02/26/2018 04:58 AM, Laszlo Ersek wrote:
> On 02/23/18 14:23, marcandre.lureau@redhat.com wrote:
>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>
>> The module allows to tweak and interact with the TPM. Note that many
>> actions are broken due to implementation of qemu TPM (providing it's
>> own ACPI table), and the lack of PPI implementation.
>>
>> CC: Laszlo Ersek <lersek@redhat.com>
>> CC: Stefan Berger <stefanb@linux.vnet.ibm.com>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> ---
>>   OvmfPkg/OvmfPkgX64.dsc | 2 ++
>>   OvmfPkg/OvmfPkgX64.fdf | 1 +
>>   2 files changed, 3 insertions(+)
>>
>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
>> index 9bd0709f98..2281bd5ff8 100644
>> --- a/OvmfPkg/OvmfPkgX64.dsc
>> +++ b/OvmfPkg/OvmfPkgX64.dsc
>> @@ -669,6 +669,8 @@
>>         NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
>>         NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
>>     }
>> +
>> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>>   !endif
>>   
>>   !if $(SECURE_BOOT_ENABLE) == TRUE
>> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
>> index b8dd7ecae4..985404850f 100644
>> --- a/OvmfPkg/OvmfPkgX64.fdf
>> +++ b/OvmfPkg/OvmfPkgX64.fdf
>> @@ -399,6 +399,7 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>>   
>>   !if $(TPM2_ENABLE) == TRUE
>>   INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
>> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>>   !endif
>>   
>>   ################################################################################
>>
> Please drop this patch.
>
> In my earlier investigation I wrote, Tcg2ConfigDxe "[p]rovides a Setup
> TUI interface to configure the TPM. IIUC, it can also save the
> configured TPM type for subsequent boots (see Tcg2ConfigPei.inf above)".
>
> The INF file itself says "This module is only for reference only, each
> platform should have its own setup page."
>
> And Jiewen wrote earlier, "Tcg2ConfigPei/Dxe are platform sample driver.
> A platform may have its own version based upon platform requirement. For
> example, if a platform supports fTPM, it may use another Tcg2Config driver."
>
> Given that OVMF lacks PEI-phase variable access, and that I consequently
> suggested cloning, and seriously trimming, Tcg2ConfigPei, it makes no
> sense to include an HII dialog that sets a variable for PEI phase
> consumption. Also, as you say, many of the exposed operations are broken
> due to lack of PPI support. So let's just postpone the inclusion of this
> driver, for now.

Just FYI: The PPI support for the OS requires ACPI and, as it is 
currently implemented, SMF where UEFI variables are manipulated. Some 
menu items in the TPM 2 menu (also TPM 1.2) also require these UEFI 
variables of the PPI interface so that UEFI can react on the menu 
choices upon re.

    Stefan