From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id 664C0D811B1 for ; Thu, 11 Apr 2024 10:29:43 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=W1SPV9wEynY/yTJwsnxspxIc4pI8VdFquakBubZnHV4=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20240206; t=1712831382; v=1; b=io7zgRmTjDO8kz3Db90icLThR4d3bGO/p60kmo4FohBb1breu1soxOubBonuzbF+P8Z0i5V7 J45DNevJ+u9DBAHHta+RBIQeWKQtDJGACj0PZJwM5n28EFMG87dvenYjVeNJlJYtywqMuQH6ePX fPBn5yzR1V4xo0jFEpDd1VOKlxbTV3hsyl5Uhp45OCRi3s8UNMLH8dxOHcjB3YICGHaaX4SfSYR yq3XyceC3pSH0mPx5M/mnfR6tYDpC1XJcSpCHxjXmDCXVj3SKtkrrZ8FInWkqQrLC9UruGWmJbh ZEhZXLCd3PehdKTWHbluOZenwUbV9KOqA0oOEi2VBR3BQ== X-Received: by 127.0.0.2 with SMTP id v76MYY7687511xG4nMSZ2hfb; Thu, 11 Apr 2024 03:29:42 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.14375.1712831381424884059 for ; Thu, 11 Apr 2024 03:29:41 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-332-_9LLabuZOKqgYMFQFhYYRg-1; Thu, 11 Apr 2024 06:29:38 -0400 X-MC-Unique: _9LLabuZOKqgYMFQFhYYRg-1 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D168E1049BC6; Thu, 11 Apr 2024 10:29:37 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8FC872026962; Thu, 11 Apr 2024 10:29:37 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 6041A180063D; Thu, 11 Apr 2024 12:29:32 +0200 (CEST) Date: Thu, 11 Apr 2024 12:29:32 +0200 From: "Gerd Hoffmann" To: devel@edk2.groups.io, jiewen.yao@intel.com Cc: Ard Biesheuvel , Dionna Amalie Glaze , Mikko Ylinen , James Bottomley , Tom Lendacky , Michael Roth , qinkun Bao , "linux-coco@lists.linux.dev" , "Aktas, Erdem" , Peter Gonda , "Johnson, Simon P" , "Xiang, Qinglan" Subject: Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR. Message-ID: References: MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 11 Apr 2024 03:29:41 -0700 Resent-From: kraxel@redhat.com Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: pLcQ8ercxP4dmlm7C4zFccaix7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=io7zgRmT; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) On Thu, Apr 11, 2024 at 09:56:48AM +0000, Yao, Jiewen wrote: > Please allow me to clarify what you are proposing: > Do you mean in vTPM case, we extend both, but we only need TCG event log, NOT CC event log? Elsewhere in this thread it was mentioned that writing both vTPM and RTMR events to the event log is problematic because the event log format has no field to specify whenever a given event was measured to vTPM or RTMR. If the firmware can make sure all events are measured to both vTPM and RTMR the need to trace them separately goes away. So, yes, in case a vTPM is present the firmware would: (a) expose EFI_TCG2_PROTOCOL, measure to both vTPM + RTMR (b) not expose EFI_CC_MEASUREMENT_PROTOCOL (c) log measurements to TCG event log take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117629): https://edk2.groups.io/g/devel/message/117629 Mute This Topic: https://groups.io/mt/105070442/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-