From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: None (no SPF record) identity=mailfrom; client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=edk2-devel@lists.01.org Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C6D462034D8C5 for ; Thu, 1 Mar 2018 08:53:22 -0800 (PST) Received: from pps.filterd (m0098414.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w21GxUmh102238 for ; Thu, 1 Mar 2018 11:59:30 -0500 Received: from e16.ny.us.ibm.com (e16.ny.us.ibm.com [129.33.205.206]) by mx0b-001b2d01.pphosted.com with ESMTP id 2gekty5jq9-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 01 Mar 2018 11:59:29 -0500 Received: from localhost by e16.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 1 Mar 2018 11:59:20 -0500 Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27) by e16.ny.us.ibm.com (146.89.104.203) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 1 Mar 2018 11:59:17 -0500 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w21GxGej43909196; Thu, 1 Mar 2018 16:59:16 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2AB8DAE03C; Thu, 1 Mar 2018 12:00:40 -0500 (EST) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP id 1C49AAE03B; Thu, 1 Mar 2018 12:00:40 -0500 (EST) To: Laszlo Ersek , marcandre.lureau@redhat.com, edk2-devel@lists.01.org References: <20180223132311.26555-1-marcandre.lureau@redhat.com> <20180223132311.26555-7-marcandre.lureau@redhat.com> <4dc45713-b15d-0db5-d72e-ccb007cd2487@redhat.com> Cc: pjones@redhat.com, jiewen.yao@intel.com, qemu-devel@nongnu.org, javierm@redhat.com From: Stefan Berger Date: Thu, 1 Mar 2018 11:59:16 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <4dc45713-b15d-0db5-d72e-ccb007cd2487@redhat.com> X-TM-AS-GCONF: 00 x-cbid: 18030116-0024-0000-0000-0000032FA695 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008608; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000254; SDB=6.00996870; UDB=6.00506833; IPR=6.00776188; MB=3.00019803; MTD=3.00000008; XFM=3.00000015; UTC=2018-03-01 16:59:19 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18030116-0025-0000-0000-00004730B519 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-01_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1803010211 Subject: Re: [PATCH 6/7] ovmf: link with Tcg2ConfigDxe module X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Mar 2018 16:53:23 -0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit On 02/26/2018 04:58 AM, Laszlo Ersek wrote: > On 02/23/18 14:23, marcandre.lureau@redhat.com wrote: >> From: Marc-André Lureau >> >> The module allows to tweak and interact with the TPM. Note that many >> actions are broken due to implementation of qemu TPM (providing it's >> own ACPI table), and the lack of PPI implementation. >> >> CC: Laszlo Ersek >> CC: Stefan Berger >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Marc-André Lureau >> --- >> OvmfPkg/OvmfPkgX64.dsc | 2 ++ >> OvmfPkg/OvmfPkgX64.fdf | 1 + >> 2 files changed, 3 insertions(+) >> >> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >> index 9bd0709f98..2281bd5ff8 100644 >> --- a/OvmfPkg/OvmfPkgX64.dsc >> +++ b/OvmfPkg/OvmfPkgX64.dsc >> @@ -669,6 +669,8 @@ >> NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf >> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf >> } >> + >> + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf >> !endif >> >> !if $(SECURE_BOOT_ENABLE) == TRUE >> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf >> index b8dd7ecae4..985404850f 100644 >> --- a/OvmfPkg/OvmfPkgX64.fdf >> +++ b/OvmfPkg/OvmfPkgX64.fdf >> @@ -399,6 +399,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf >> >> !if $(TPM2_ENABLE) == TRUE >> INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf >> +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf >> !endif >> >> ################################################################################ >> > Please drop this patch. > > In my earlier investigation I wrote, Tcg2ConfigDxe "[p]rovides a Setup > TUI interface to configure the TPM. IIUC, it can also save the > configured TPM type for subsequent boots (see Tcg2ConfigPei.inf above)". > > The INF file itself says "This module is only for reference only, each > platform should have its own setup page." > > And Jiewen wrote earlier, "Tcg2ConfigPei/Dxe are platform sample driver. > A platform may have its own version based upon platform requirement. For > example, if a platform supports fTPM, it may use another Tcg2Config driver." > > Given that OVMF lacks PEI-phase variable access, and that I consequently > suggested cloning, and seriously trimming, Tcg2ConfigPei, it makes no > sense to include an HII dialog that sets a variable for PEI phase > consumption. Also, as you say, many of the exposed operations are broken > due to lack of PPI support. So let's just postpone the inclusion of this > driver, for now. Just FYI: The PPI support for the OS requires ACPI and, as it is currently implemented, SMF where UEFI variables are manipulated. Some menu items in the TPM 2 menu (also TPM 1.2) also require these UEFI variables of the PPI interface so that UEFI can react on the menu choices upon re. Stefan