public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* Re: [PATCH] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu
       [not found] <20190125165527.1059649-1-stefanb@linux.ibm.com>
@ 2019-01-25 17:12 ` Stefan Berger
  0 siblings, 0 replies; 4+ messages in thread
From: Stefan Berger @ 2019-01-25 17:12 UTC (permalink / raw)
  To: lersek, edk2-devel; +Cc: chao.b.zhang, jiewen.yao, marcandre.lureau

I have to repost this since my email has changed.

On 1/25/19 11:55 AM, Stefan Berger wrote:
> This patch adds the TCG2 Configuration menu to the Device Manager
> menu. We can reuse all the code in the SecurityPkg and need to
> only add it to the build and flash config files.
>
> The code is added to Ovfm by building with -DTPM2_ENABLE and
> -DTPM2_CONFIG_ENABLE.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
>   OvmfPkg/OvmfPkgIa32.dsc    | 3 +++
>   OvmfPkg/OvmfPkgIa32.fdf    | 4 ++++
>   OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
>   OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++
>   OvmfPkg/OvmfPkgX64.dsc     | 3 +++
>   OvmfPkg/OvmfPkgX64.fdf     | 4 ++++
>   6 files changed, 21 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index aee19b75d7..68e707e7e5 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -632,6 +632,9 @@
>         NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>         NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>     }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>   !endif
>   
>     #
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index e013099136..a46598f2c3 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -295,6 +295,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
>   
>   INF MdeModulePkg/Logo/LogoDxe.inf
>   
> +!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
> +
>   #
>   # Network modules
>   #
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 90cbd8e341..dd6c700774 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -640,6 +640,9 @@
>         NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>         NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>     }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>   !endif
>   
>   [Components.X64]
> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> index afaa334384..8a02b3cc79 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> @@ -296,6 +296,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
>   
>   INF MdeModulePkg/Logo/LogoDxe.inf
>   
> +!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
> +
>   #
>   # Network modules
>   #
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 83d16eb00b..828a1d9999 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -639,6 +639,9 @@
>         NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>         NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>     }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>   !endif
>   
>     #
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index afaa334384..8a02b3cc79 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -296,6 +296,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
>   
>   INF MdeModulePkg/Logo/LogoDxe.inf
>   
> +!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
> +
>   #
>   # Network modules
>   #




^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu
@ 2019-01-25 17:12 Stefan Berger
  2019-01-25 19:30 ` Laszlo Ersek
  0 siblings, 1 reply; 4+ messages in thread
From: Stefan Berger @ 2019-01-25 17:12 UTC (permalink / raw)
  To: lersek, edk2-devel
  Cc: chao.b.zhang, jiewen.yao, marcandre.lureau, Stefan Berger

This patch adds the TCG2 Configuration menu to the Device Manager
menu. We can reuse all the code in the SecurityPkg and need to
only add it to the build and flash config files.

The code is added to Ovfm by building with -DTPM2_ENABLE and
-DTPM2_CONFIG_ENABLE.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 OvmfPkg/OvmfPkgIa32.dsc    | 3 +++
 OvmfPkg/OvmfPkgIa32.fdf    | 4 ++++
 OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
 OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++
 OvmfPkg/OvmfPkgX64.dsc     | 3 +++
 OvmfPkg/OvmfPkgX64.fdf     | 4 ++++
 6 files changed, 21 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index aee19b75d7..68e707e7e5 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -632,6 +632,9 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
   }
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
 !endif
 
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index e013099136..a46598f2c3 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,6 +295,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
+INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 90cbd8e341..dd6c700774 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -640,6 +640,9 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
   }
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
 !endif
 
 [Components.X64]
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index afaa334384..8a02b3cc79 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -296,6 +296,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
+INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 83d16eb00b..828a1d9999 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -639,6 +639,9 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
   }
+!if $(TPM2_CONFIG_ENABLE) == TRUE
+  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
 !endif
 
   #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index afaa334384..8a02b3cc79 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -296,6 +296,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
+INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
+!endif
+
 #
 # Network modules
 #
-- 
2.20.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu
  2019-01-25 17:12 [PATCH] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu Stefan Berger
@ 2019-01-25 19:30 ` Laszlo Ersek
  2019-01-25 21:25   ` Stefan Berger
  0 siblings, 1 reply; 4+ messages in thread
From: Laszlo Ersek @ 2019-01-25 19:30 UTC (permalink / raw)
  To: Stefan Berger, edk2-devel
  Cc: chao.b.zhang, jiewen.yao, marcandre.lureau,
	Jordan Justen (Intel address), Ard Biesheuvel, Anthony Perard,
	Julien Grall

 Hi,

(1) when posting a patch, please CC all people marked with "M" for the
subject package in Maintainers.txt. And, if in doubt, please CC the "R"
people too.

Adding the others now.

(2) In [a] [b], you mentioned a need to repost, due to your email
address having changed. However, that posting, and this posting, seem to
come from the same email address, and to use the same S-o-b: "Stefan
Berger <stefanb@linux.ibm.com>".

[a] http://mid.mail-archive.com/d0222c94-4578-74bd-94ad-90d10911b534@linux.ibm.com
[b] https://lists.01.org/pipermail/edk2-devel/2019-January/035701.html

On 01/25/19 18:12, Stefan Berger wrote:
> This patch adds the TCG2 Configuration menu to the Device Manager
> menu.

OK.

> We can reuse all the code in the SecurityPkg and need to
> only add it to the build and flash config files.

(3) I disagree with this formulation.

Instead, we can apparently include the *sample* Tcg2ConfigDxe from
SecurityPkg as-is, without obvious adverse effects. I consider this an
experimental feature that's being enabled (not by default) in order to
support further R&D. The Tcg2ConfigDxe has not been trimmed / modified
for OVMF / QEMU specifics (unlike Tcg2ConfigPei in commit 6cf1880fb5b6).
That's why we are gating Tcg2ConfigDxe with TPM2_CONFIG_ENABLE, and not
enabling it simply as part of TPM2_ENABLE.

> The code is added to Ovfm by building with -DTPM2_ENABLE and
> -DTPM2_CONFIG_ENABLE.

(4) Typo, s/Ovfm/OVMF/. "OVMF" stands for Open Virtual Machine Firmware.

>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

(5) Before your S-o-b, please add:

"""
Contributed-under: TianoCore Contribution Agreement 1.1
"""

after reviewing "Contributions.txt" in the project root dir.

> ---
>  OvmfPkg/OvmfPkgIa32.dsc    | 3 +++
>  OvmfPkg/OvmfPkgIa32.fdf    | 4 ++++
>  OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
>  OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++
>  OvmfPkg/OvmfPkgX64.dsc     | 3 +++
>  OvmfPkg/OvmfPkgX64.fdf     | 4 ++++
>  6 files changed, 21 insertions(+)

(6) In all three DSC files, please DEFINE TPM2_CONFIG_ENABLE = FALSE as
well, just below TPM2_ENABLE.

>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index aee19b75d7..68e707e7e5 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -632,6 +632,9 @@
>        NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>        NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>    }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>
>    #

This looks good.

> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index e013099136..a46598f2c3 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -295,6 +295,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
>
>  INF MdeModulePkg/Logo/LogoDxe.inf
>
> +!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
> +

(7) In this file, we already have

"""
!if $(TPM2_ENABLE) == TRUE
INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
!endif
"""

elsewhere. Can you please nest the addition in that scope?

Thanks,
Laszlo


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu
  2019-01-25 19:30 ` Laszlo Ersek
@ 2019-01-25 21:25   ` Stefan Berger
  0 siblings, 0 replies; 4+ messages in thread
From: Stefan Berger @ 2019-01-25 21:25 UTC (permalink / raw)
  To: Laszlo Ersek, edk2-devel
  Cc: chao.b.zhang, jiewen.yao, marcandre.lureau,
	Jordan Justen (Intel address), Ard Biesheuvel, Anthony Perard,
	Julien Grall

On 1/25/19 2:30 PM, Laszlo Ersek wrote:
>   Hi,
>
> (1) when posting a patch, please CC all people marked with "M" for the
> subject package in Maintainers.txt. And, if in doubt, please CC the "R"
> people too.
>
> Adding the others now.
>
> (2) In [a] [b], you mentioned a need to repost, due to your email
> address having changed. However, that posting, and this posting, seem to
> come from the same email address, and to use the same S-o-b: "Stefan
> Berger <stefanb@linux.ibm.com>".

I re-subscribed to the ml. Old address was stefanb@linux.vnet.ibm.com.


>
> [a] http://mid.mail-archive.com/d0222c94-4578-74bd-94ad-90d10911b534@linux.ibm.com
> [b] https://lists.01.org/pipermail/edk2-devel/2019-January/035701.html
>
> On 01/25/19 18:12, Stefan Berger wrote:
>> This patch adds the TCG2 Configuration menu to the Device Manager
>> menu.
> OK.
>
>> We can reuse all the code in the SecurityPkg and need to
>> only add it to the build and flash config files.
> (3) I disagree with this formulation.
>
> Instead, we can apparently include the *sample* Tcg2ConfigDxe from
> SecurityPkg as-is, without obvious adverse effects. I consider this an


I will reuse some of this formulation.


> experimental feature that's being enabled (not by default) in order to
> support further R&D. The Tcg2ConfigDxe has not been trimmed / modified
> for OVMF / QEMU specifics (unlike Tcg2ConfigPei in commit 6cf1880fb5b6).
> That's why we are gating Tcg2ConfigDxe with TPM2_CONFIG_ENABLE, and not
> enabling it simply as part of TPM2_ENABLE.
>
>> The code is added to Ovfm by building with -DTPM2_ENABLE and
>> -DTPM2_CONFIG_ENABLE.
> (4) Typo, s/Ovfm/OVMF/. "OVMF" stands for Open Virtual Machine Firmware.


:-)


>
>> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> (5) Before your S-o-b, please add:
>
> """
> Contributed-under: TianoCore Contribution Agreement 1.1
> """
>
> after reviewing "Contributions.txt" in the project root dir.


Done.


>
>> ---
>>   OvmfPkg/OvmfPkgIa32.dsc    | 3 +++
>>   OvmfPkg/OvmfPkgIa32.fdf    | 4 ++++
>>   OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
>>   OvmfPkg/OvmfPkgIa32X64.fdf | 4 ++++
>>   OvmfPkg/OvmfPkgX64.dsc     | 3 +++
>>   OvmfPkg/OvmfPkgX64.fdf     | 4 ++++
>>   6 files changed, 21 insertions(+)
> (6) In all three DSC files, please DEFINE TPM2_CONFIG_ENABLE = FALSE as
> well, just below TPM2_ENABLE.


Done.


>
>> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
>> index aee19b75d7..68e707e7e5 100644
>> --- a/OvmfPkg/OvmfPkgIa32.dsc
>> +++ b/OvmfPkg/OvmfPkgIa32.dsc
>> @@ -632,6 +632,9 @@
>>         NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>>         NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>>     }
>> +!if $(TPM2_CONFIG_ENABLE) == TRUE
>> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>> +!endif
>>   !endif
>>
>>     #
> This looks good.
>
>> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
>> index e013099136..a46598f2c3 100644
>> --- a/OvmfPkg/OvmfPkgIa32.fdf
>> +++ b/OvmfPkg/OvmfPkgIa32.fdf
>> @@ -295,6 +295,10 @@ INF  ShellPkg/Application/Shell/Shell.inf
>>
>>   INF MdeModulePkg/Logo/LogoDxe.inf
>>
>> +!if ($(TPM2_ENABLE) == TRUE) && ($(TPM2_CONFIG_ENABLE) == TRUE)
>> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
>> +!endif
>> +
> (7) In this file, we already have
>
> """
> !if $(TPM2_ENABLE) == TRUE
> INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> !endif
> """
>
> elsewhere. Can you please nest the addition in that scope?

Done.


>
> Thanks,
> Laszlo
>



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-01-25 21:25 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-25 17:12 [PATCH] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu Stefan Berger
2019-01-25 19:30 ` Laszlo Ersek
2019-01-25 21:25   ` Stefan Berger
     [not found] <20190125165527.1059649-1-stefanb@linux.ibm.com>
2019-01-25 17:12 ` Stefan Berger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox