[edk2-devel] [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional support for TPM2 measured boot

Yao, Jiewen jiewen.yao at intel.com
Fri Jan 10 00:32:02 UTC 2020 

Hi Marc-André 
Would you please share some information on how to use vTPM with QEMU?

I saw https://github.com/stefanberger/qemu-tpm

But I am not sure if that has been integrated to official QEMU release?

> -----Original Message-----
> From: Laszlo Ersek <lersek at redhat.com>
> Sent: Thursday, January 9, 2020 9:07 PM
> To: Yao, Jiewen <jiewen.yao at intel.com>; Ard Biesheuvel
> <ard.biesheuvel at linaro.org>
> Cc: edk2-devel-groups-io <devel at edk2.groups.io>; Marc-André Lureau
> <marcandre.lureau at redhat.com>
> Subject: Re: [PATCH 4/4] ArmVirtPkg/ArmVirtQemu: add optional support for
> TPM2 measured boot
> 
> On 01/09/20 01:51, Yao, Jiewen wrote:
> > Hi
> > Comment for the warning:
> >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xC)
> >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xD)
> >
> > The reason is that: The DSC added all HASH algorithm to the TCG2 driver.
> (SHA1/SHA256/SHA384/SHA512/SM3).
> > But the current TPM hardware device does not support SHA384 (0xC) and
> SHA512 (0xD).
> >
> > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf {
> >     <LibraryClasses>
> >
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRout
> erPei.inf
> >       NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
> >
> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
> >
> NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
> >
> NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
> >       NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
> >   }
> >
> >
> > It is warning because the Firmware Image *may* want to support another
> TPM2 which has such capability.
> > It just means the *current* TPM2 does not support this hash.
> > The platform owner may decide to clean up the warning by remove the
> SHA384/SHA512 null lib instance
> > support for current TPM2, or leave them as is for another TPM2.
> 
> Thank you for the explanation!
> 
> > BTW: Is there any document on how to enable TPM2 on QEMU ?
> > I would like to have a try. :-)
> 
> Please ask Marc-André (already CC'd) about vTPM usage with QEMU;
> unfortunately, I don't know.
> 
> Thanks!
> Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#53100): https://edk2.groups.io/g/devel/message/53100
Mute This Topic: https://groups.io/mt/69499023/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list