From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+117619+7686176+12367111@groups.io>
Received: from mail03.groups.io (mail03.groups.io [45.79.227.220])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 043897803DF
	for <rebecca@openfw.io>; Thu, 11 Apr 2024 08:07:43 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=K4yBfxmQZvk1bQp4DwfxVGXdz1QpZ72Y8XCeUiV9/L8=;
 c=relaxed/simple; d=groups.io;
 h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition;
 s=20240206; t=1712822862; v=1;
 b=fIhuoOLGs/Np3IO9sK1eEfELQxzKsDHfnziiAnwZabENXeVmjWT7OO6k9/cHKYVQ7Di7E6+p
 tKYSfK5aZYaccptPHfJKu+Yyak7unkJ/RAgqPI/ykGVZAnj2vCc6HVtrIG0s/e/fHGMq0cT6xmk
 eKtuK71ffTd1d5/a5bf5+augG+L0E8CkWVIeAEuoOqe8I1P6PdnVDvmjtkV/chxmPxMrO/qa1xk
 XFpnpTbNSOwjbR/HVTW4R53zVA3VxxfCUFPReTLP5u1imX59JYbXejfDHygGezzs8HhnISL/hTt
 XCbrLKJlKbOE/UecP1gFTfBg2w1HCo6q1nJ1ShHv3G/bQ==
X-Received: by 127.0.0.2 with SMTP id BhtfYY7687511xA8nzObEam7; Thu, 11 Apr 2024 01:07:42 -0700
X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web11.12315.1712822861942860506
 for <devel@edk2.groups.io>;
 Thu, 11 Apr 2024 01:07:42 -0700
X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-288-ZiOPhE-kM2e92CpHVFCwYA-1; Thu, 11 Apr 2024 04:07:37 -0400
X-MC-Unique: ZiOPhE-kM2e92CpHVFCwYA-1
X-Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 32AB288B3C4;
	Thu, 11 Apr 2024 08:07:37 +0000 (UTC)
X-Received: from sirius.home.kraxel.org (unknown [10.39.192.204])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9300DC28102;
	Thu, 11 Apr 2024 08:07:36 +0000 (UTC)
X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id 63290180063D; Thu, 11 Apr 2024 10:07:31 +0200 (CEST)
Date: Thu, 11 Apr 2024 10:07:31 +0200
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: devel@edk2.groups.io, jiewen.yao@intel.com, 
	Dionna Amalie Glaze <dionnaglaze@google.com>, Mikko Ylinen <mikko.ylinen@linux.intel.com>, 
	James Bottomley <jejb@linux.ibm.com>, Tom Lendacky <thomas.lendacky@amd.com>, 
	Michael Roth <michael.roth@amd.com>, qinkun Bao <qinkun@google.com>, 
	"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>, "Aktas, Erdem" <erdemaktas@google.com>, 
	Peter Gonda <pgonda@google.com>, "Johnson, Simon P" <simon.p.johnson@intel.com>, 
	"Xiang, Qinglan" <qinglan.xiang@intel.com>
Subject: Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR.
Message-ID: <dd6vsgt7aayspdhzkqrjsthuiexig4apvhc4ikoeewx62iqmva@rajndsnzoppq>
References: <94521f20aa2872c1b8f018b7db31eca4a2b8222d.1711039409.git.qinkun@google.com>
 <CAAH4kHbAi=Jn7Lw82idGGmQYnAhJnhoS9u8wBMOZsp7iLiOWxw@mail.gmail.com>
 <PH0PR11MB587959168F72B20E0AC836438C312@PH0PR11MB5879.namprd11.prod.outlook.com>
 <u76teout4bwpg5yoklah6xfkrpcn4lw5nosw5lmph7sfjipqnz@gagzyh3xrkie>
 <CAAH4kHbeGborxwDOzxeMbTjU4Xo79v-OVSHXYWQiJxg-yWQfWQ@mail.gmail.com>
 <ZgF3ACjFj8LtUWgv@himmelriiki>
 <CAAH4kHbqpaCgZJpF55x2NGWL22rz1ucRewYmR=K2chw2kP6sKA@mail.gmail.com>
 <MW4PR11MB5872BBA0D379C40E071300B98C052@MW4PR11MB5872.namprd11.prod.outlook.com>
 <CAMj1kXGm5RPNAzshaTAb7fnB80m8S+q0gbNxWSA3i9Dp-AL8uw@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAMj1kXGm5RPNAzshaTAb7fnB80m8S+q0gbNxWSA3i9Dp-AL8uw@mail.gmail.com>
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Thu, 11 Apr 2024 01:07:42 -0700
Resent-From: kraxel@redhat.com
Reply-To: devel@edk2.groups.io,kraxel@redhat.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: aX95LDRaQ2Ur8ZOC2yapeIDix7686176AA=
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=fIhuoOLG;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io

  Hi,
 
> Given that RTMR is a proper subset of vTPM (modulo the PCR/RTMR index
> conversion), I feel that it should be the CoCo firmware's
> responsibility to either:
> - expose RTMR and not vTPM
> - expose vTPM, and duplicate each measurement into RTMR as they are taken

That approach looks good to me.  It will make sure vTPM and RTMR
measurements are consistent and it also solves the event log issue
(we don't need separate vTPM and RTMR entries then).

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117619): https://edk2.groups.io/g/devel/message/117619
Mute This Topic: https://groups.io/mt/105070442/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-