From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81]) by mx.groups.io with SMTP id smtpd.web12.8270.1578575244485538265 for ; Thu, 09 Jan 2020 05:07:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HrCdi031; spf=pass (domain: redhat.com, ip: 207.211.31.81, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1578575243; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fEyU6VsbG/08IuQqJBZFKkSYpzEUh2bQ13MkANVQsDI=; b=HrCdi031rlYVyDoCMiwwlHDA/BgkGkCon+gTYl1wO00NVlck/unK67CnVluWmLmp+ar0OR OE9gVajfylRdH071bgMO5lSQ200RfkywBt4/X1MN0IUOZDU5OlslVBaHxyqq/sGJbtFptU QFZp9H7JZ9Z/VGR0S2E2r6QfpyG9jkM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-137-sHq7JgVhMVm0i_bLtMLd9g-1; Thu, 09 Jan 2020 08:07:19 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 486C6477; Thu, 9 Jan 2020 13:07:18 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.36.118.145]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4B18B9CA3; Thu, 9 Jan 2020 13:07:14 +0000 (UTC) Subject: Re: [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional support for TPM2 measured boot To: "Yao, Jiewen" , Ard Biesheuvel Cc: edk2-devel-groups-io , =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= References: <20200107094800.4488-1-ard.biesheuvel@linaro.org> <20200107094800.4488-5-ard.biesheuvel@linaro.org> <27a930b2-bbf8-a1d2-075f-6f33ce03b460@redhat.com> <6408f5c9-1759-5cd8-c570-5422fcff25e5@redhat.com> <74D8A39837DF1E4DA445A8C0B3885C503F8D6F2F@shsmsx102.ccr.corp.intel.com> From: "Laszlo Ersek" Message-ID: Date: Thu, 9 Jan 2020 14:07:13 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F8D6F2F@shsmsx102.ccr.corp.intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: sHq7JgVhMVm0i_bLtMLd9g-1 X-Mimecast-Spam-Score: 0 Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/09/20 01:51, Yao, Jiewen wrote: > Hi > Comment for the warning:=20 >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xC) >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xD) >=20 > The reason is that: The DSC added all HASH algorithm to the TCG2 driver. = (SHA1/SHA256/SHA384/SHA512/SM3). > But the current TPM hardware device does not support SHA384 (0xC) and SHA= 512 (0xD). >=20 > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryp= toRouterPei.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.in= f > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha25= 6.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha38= 4.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha51= 2.inf > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > } >=20 >=20 > It is warning because the Firmware Image *may* want to support another TP= M2 which has such capability. > It just means the *current* TPM2 does not support this hash. > The platform owner may decide to clean up the warning by remove the SHA38= 4/SHA512 null lib instance > support for current TPM2, or leave them as is for another TPM2. Thank you for the explanation! > BTW: Is there any document on how to enable TPM2 on QEMU ? > I would like to have a try. :-) Please ask Marc-Andr=C3=A9 (already CC'd) about vTPM usage with QEMU; unfortunately, I don't know. Thanks! Laszlo