From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 2C46E211B1121
 for <edk2-devel@lists.01.org>; Mon, 28 Jan 2019 00:34:43 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 9C5FE8830C;
 Mon, 28 Jan 2019 08:34:42 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-224.rdu2.redhat.com
 [10.10.120.224])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 58F9E2B9F7;
 Mon, 28 Jan 2019 08:34:22 +0000 (UTC)
To: Stefan Berger <stefanb@linux.ibm.com>, edk2-devel@lists.01.org
Cc: chao.b.zhang@intel.com, jiewen.yao@intel.com,
 marcandre.lureau@redhat.com, jordan.l.justen@intel.com,
 ard.biesheuvel@linaro.org, anthony.perard@citrix.com, julien.grall@linaro.org
References: <20190125213029.1096138-1-stefanb@linux.ibm.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <db6459d9-ef64-efb3-fb3b-654f2b066fae@redhat.com>
Date: Mon, 28 Jan 2019 09:34:21 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20190125213029.1096138-1-stefanb@linux.ibm.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.28]); Mon, 28 Jan 2019 08:34:42 +0000 (UTC)
Subject: Re: [Patch v2] OvmfPkg: Add TCG2 Configuration menu to the Device Manager menu
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jan 2019 08:34:43 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit

On 01/25/19 22:30, Stefan Berger wrote:
> This patch adds the TCG2 Configuration menu to the Device Manager
> menu. We can apparently reuse the sample Tcg2ConfigDxe from
> SecurityPkg/Tcg/Tcg2Config without obvious adverse effects. The
> added TCG2 Configuration menu now shows details about the attached
> TPM 2.0 and lets one for example configure the active PCR banks
> or issue commands, among other things.
> 
> The code is added to Ovmf by building with -DTPM2_ENABLE and
> -DTPM2_CONFIG_ENABLE.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
>  OvmfPkg/OvmfPkgIa32.dsc    | 4 ++++
>  OvmfPkg/OvmfPkgIa32.fdf    | 3 +++
>  OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++
>  OvmfPkg/OvmfPkgIa32X64.fdf | 3 +++
>  OvmfPkg/OvmfPkgX64.dsc     | 4 ++++
>  OvmfPkg/OvmfPkgX64.fdf     | 3 +++
>  6 files changed, 21 insertions(+)
> 
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index aee19b75d7..2b642ab5dc 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -40,6 +40,7 @@
>    DEFINE SMM_REQUIRE             = FALSE
>    DEFINE TLS_ENABLE              = FALSE
>    DEFINE TPM2_ENABLE             = FALSE
> +  DEFINE TPM2_CONFIG_ENABLE      = FALSE
>  
>    #
>    # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
> @@ -632,6 +633,9 @@
>        NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>        NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>    }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>  
>    #
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index e013099136..4999403ad7 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -381,6 +381,9 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>  
>  !if $(TPM2_ENABLE) == TRUE
>  INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>  
>  ################################################################################
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 90cbd8e341..14a5c1bb29 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -40,6 +40,7 @@
>    DEFINE SMM_REQUIRE             = FALSE
>    DEFINE TLS_ENABLE              = FALSE
>    DEFINE TPM2_ENABLE             = FALSE
> +  DEFINE TPM2_CONFIG_ENABLE      = FALSE
>  
>    #
>    # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
> @@ -640,6 +641,9 @@
>        NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>        NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>    }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>  
>  [Components.X64]
> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> index afaa334384..d0cc107928 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> @@ -388,6 +388,9 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>  
>  !if $(TPM2_ENABLE) == TRUE
>  INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>  
>  ################################################################################
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 83d16eb00b..aa7197f533 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -40,6 +40,7 @@
>    DEFINE SMM_REQUIRE             = FALSE
>    DEFINE TLS_ENABLE              = FALSE
>    DEFINE TPM2_ENABLE             = FALSE
> +  DEFINE TPM2_CONFIG_ENABLE      = FALSE
>  
>    #
>    # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to
> @@ -639,6 +640,9 @@
>        NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
>        NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
>    }
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>  
>    #
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index afaa334384..d0cc107928 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -388,6 +388,9 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
>  
>  !if $(TPM2_ENABLE) == TRUE
>  INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +!if $(TPM2_CONFIG_ENABLE) == TRUE
> +INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
> +!endif
>  !endif
>  
>  ################################################################################
> 

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

I'll wait a few more days before pushing this, in order to give time to
others to comment.

In particular, Marc-André, could you please ACK the patch?

(Subsequently, I should submit a patch that adds both Marc-André and
Stefan as "R" to OvmfPkg, for TPM stuff.)

Thanks!
Laszlo