From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id 043897803DF for ; Thu, 11 Apr 2024 08:07:43 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=K4yBfxmQZvk1bQp4DwfxVGXdz1QpZ72Y8XCeUiV9/L8=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20240206; t=1712822862; v=1; b=fIhuoOLGs/Np3IO9sK1eEfELQxzKsDHfnziiAnwZabENXeVmjWT7OO6k9/cHKYVQ7Di7E6+p tKYSfK5aZYaccptPHfJKu+Yyak7unkJ/RAgqPI/ykGVZAnj2vCc6HVtrIG0s/e/fHGMq0cT6xmk eKtuK71ffTd1d5/a5bf5+augG+L0E8CkWVIeAEuoOqe8I1P6PdnVDvmjtkV/chxmPxMrO/qa1xk XFpnpTbNSOwjbR/HVTW4R53zVA3VxxfCUFPReTLP5u1imX59JYbXejfDHygGezzs8HhnISL/hTt XCbrLKJlKbOE/UecP1gFTfBg2w1HCo6q1nJ1ShHv3G/bQ== X-Received: by 127.0.0.2 with SMTP id BhtfYY7687511xA8nzObEam7; Thu, 11 Apr 2024 01:07:42 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.12315.1712822861942860506 for ; Thu, 11 Apr 2024 01:07:42 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-288-ZiOPhE-kM2e92CpHVFCwYA-1; Thu, 11 Apr 2024 04:07:37 -0400 X-MC-Unique: ZiOPhE-kM2e92CpHVFCwYA-1 X-Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 32AB288B3C4; Thu, 11 Apr 2024 08:07:37 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9300DC28102; Thu, 11 Apr 2024 08:07:36 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 63290180063D; Thu, 11 Apr 2024 10:07:31 +0200 (CEST) Date: Thu, 11 Apr 2024 10:07:31 +0200 From: "Gerd Hoffmann" To: Ard Biesheuvel Cc: devel@edk2.groups.io, jiewen.yao@intel.com, Dionna Amalie Glaze , Mikko Ylinen , James Bottomley , Tom Lendacky , Michael Roth , qinkun Bao , "linux-coco@lists.linux.dev" , "Aktas, Erdem" , Peter Gonda , "Johnson, Simon P" , "Xiang, Qinglan" Subject: Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR. Message-ID: References: <94521f20aa2872c1b8f018b7db31eca4a2b8222d.1711039409.git.qinkun@google.com> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 11 Apr 2024 01:07:42 -0700 Resent-From: kraxel@redhat.com Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: aX95LDRaQ2Ur8ZOC2yapeIDix7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=fIhuoOLG; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io Hi, > Given that RTMR is a proper subset of vTPM (modulo the PCR/RTMR index > conversion), I feel that it should be the CoCo firmware's > responsibility to either: > - expose RTMR and not vTPM > - expose vTPM, and duplicate each measurement into RTMR as they are taken That approach looks good to me. It will make sure vTPM and RTMR measurements are consistent and it also solves the event log issue (we don't need separate vTPM and RTMR entries then). take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117619): https://edk2.groups.io/g/devel/message/117619 Mute This Topic: https://groups.io/mt/105070442/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-