qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [edk2] [PATCH 6/7] ovmf: link with Tcg2ConfigDxe module


From: Stefan Berger
Subject: Re: [Qemu-devel] [edk2] [PATCH 6/7] ovmf: link with Tcg2ConfigDxe module
Date: Thu, 1 Mar 2018 11:59:16 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 02/26/2018 04:58 AM, Laszlo Ersek wrote:
On 02/23/18 14:23, address@hidden wrote:
From: Marc-André Lureau <address@hidden>

The module allows to tweak and interact with the TPM. Note that many
actions are broken due to implementation of qemu TPM (providing it's
own ACPI table), and the lack of PPI implementation.

CC: Laszlo Ersek <address@hidden>
CC: Stefan Berger <address@hidden>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Marc-André Lureau <address@hidden>
---
  OvmfPkg/OvmfPkgX64.dsc | 2 ++
  OvmfPkg/OvmfPkgX64.fdf | 1 +
  2 files changed, 3 insertions(+)

diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 9bd0709f98..2281bd5ff8 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -669,6 +669,8 @@
        NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
        NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
    }
+
+  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
  !endif
!if $(SECURE_BOOT_ENABLE) == TRUE
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b8dd7ecae4..985404850f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -399,6 +399,7 @@ INF  
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(TPM2_ENABLE) == TRUE
  INF  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+INF  SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
  !endif
################################################################################

Please drop this patch.

In my earlier investigation I wrote, Tcg2ConfigDxe "[p]rovides a Setup
TUI interface to configure the TPM. IIUC, it can also save the
configured TPM type for subsequent boots (see Tcg2ConfigPei.inf above)".

The INF file itself says "This module is only for reference only, each
platform should have its own setup page."

And Jiewen wrote earlier, "Tcg2ConfigPei/Dxe are platform sample driver.
A platform may have its own version based upon platform requirement. For
example, if a platform supports fTPM, it may use another Tcg2Config driver."

Given that OVMF lacks PEI-phase variable access, and that I consequently
suggested cloning, and seriously trimming, Tcg2ConfigPei, it makes no
sense to include an HII dialog that sets a variable for PEI phase
consumption. Also, as you say, many of the exposed operations are broken
due to lack of PPI support. So let's just postpone the inclusion of this
driver, for now.

Just FYI: The PPI support for the OS requires ACPI and, as it is currently implemented, SMF where UEFI variables are manipulated. Some menu items in the TPM 2 menu (also TPM 1.2) also require these UEFI variables of the PPI interface so that UEFI can react on the menu choices upon re.

   Stefan




reply via email to

[Prev in Thread] Current Thread [Next in Thread]