[edk2-devel] [RFC PATCH v1 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy
Yao, Jiewen
jiewen.yao at intel.com
Tue Sep 14 02:18:41 UTC 2021
Hi Stefan
I recommend we add some comment in the code on the "trusted console" definition.
[Patch 1]
+ // Console for user interaction
// We need connect all trusted console for TCG PP. Here we treat all console in OVMF to be trusted console.
+ EfiBootManagerConnectAllDefaultConsoles ();
[Patch 2]
// We need connect all trusted console for TCG PP. Here we treat all console in OVMF to be trusted console.
+ PlatformInitializeConsole (
+ XenDetected() ? gXenPlatformConsole : gPlatformConsole);
With that change, Reviewed-by: Jiewen Yao <Jiewen.yao at intel.com>
> -----Original Message-----
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
> Sent: Tuesday, September 14, 2021 4:57 AM
> To: devel at edk2.groups.io
> Cc: mhaeuser at posteo.de; spbrogan at outlook.com;
> marcandre.lureau at redhat.com; kraxel at redhat.com; Yao, Jiewen
> <jiewen.yao at intel.com>; Stefan Berger <stefanb at linux.vnet.ibm.com>
> Subject: [RFC PATCH v1 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy
>
> This series of patches adds support for disabling the TPM 2 platform
> hierarchy to Ovmf. To be able to do this we have to handle TPM 2
> physical presence interface (PPI) opcodes before the TPM 2 platform
> hierarchy is disabled otherwise TPM 2 commands that are sent due to the
> PPI opcodes may fail if the platform hierarchy is already disabled.
> Therefore, we need to invoke the handler function
> Tcg2PhysicalPresenceLibProcessRequest from within
> PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may
> require
> interaction with the user, we also move PlatformInitializeConsole
> to before the handling of PPI codes so that the keyboard is available
> when needed. The PPI handling code will activate the default consoles
> only if it requires user interaction.
>
> The question to answer at this point is whether the rearragement of
> functions is correct or what an alternative should look like. There
> are other BdsPlatform files that may need similar changes in a later
> revision of this series.
>
> Regards,
> Stefan
>
> Stefan Berger (4):
> OvmfPkg/TPM PPI: Connect default consoles for user interaction
> OvmfPkg: Handle TPM 2 physical presence codes much earlier
> OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
> compilation
> OvmfPkg: Reference new Tcg2PlatformPei in the build system
>
> OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
> OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
> .../PlatformBootManagerLib/BdsPlatform.c | 17 +++++++++--------
> .../DxeTcg2PhysicalPresenceLib.c | 4 ++++
> OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
> OvmfPkg/OvmfPkgIa32.fdf | 2 ++
> OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
> OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
> OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
> OvmfPkg/OvmfPkgX64.fdf | 2 ++
> 10 files changed, 53 insertions(+), 8 deletions(-)
>
> --
> 2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80632): https://edk2.groups.io/g/devel/message/80632
Mute This Topic: https://groups.io/mt/85588957/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list