<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 7/27/21 12:25 PM, Yao, Jiewen wrote:<br>
</div>
<blockquote type="cite"
cite="mid:PH0PR11MB4885567FA2317371B6637C138CE99@PH0PR11MB4885.namprd11.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Oops. Sorry for late response.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The code is NOT in EDKII, but
EDKII-platform as example. <a
href="https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg"
moz-do-not-send="true">
https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We allow a platform having its own
implementation. That is why it is NOT in EDKII.</p>
</div>
</blockquote>
<p><br>
</p>
<p>How do edk2 and edk2-platform relate? Do we need to copy code
form one to the other ?</p>
<p> Stefan<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:PH0PR11MB4885567FA2317371B6637C138CE99@PH0PR11MB4885.namprd11.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you<o:p></o:p></p>
<p class="MsoNormal">Yao Jiewen<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> <a class="moz-txt-link-abbreviated" href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a>
<a class="moz-txt-link-rfc2396E" href="mailto:devel@edk2.groups.io"><devel@edk2.groups.io></a> <b>
On Behalf Of </b>Bret Barkelew via groups.io<br>
<b>Sent:</b> Wednesday, July 28, 2021 12:11 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a>; <a class="moz-txt-link-abbreviated" href="mailto:stefanb@linux.ibm.com">stefanb@linux.ibm.com</a>;
Yao, Jiewen <a class="moz-txt-link-rfc2396E" href="mailto:jiewen.yao@intel.com"><jiewen.yao@intel.com></a>; Jeremiah Cox
<a class="moz-txt-link-rfc2396E" href="mailto:jerecox@microsoft.com"><jerecox@microsoft.com></a>; Michael Kubacki
<a class="moz-txt-link-rfc2396E" href="mailto:Michael.Kubacki@microsoft.com"><Michael.Kubacki@microsoft.com></a><br>
<b>Cc:</b> Marc-André Lureau
<a class="moz-txt-link-rfc2396E" href="mailto:marcandre.lureau@redhat.com"><marcandre.lureau@redhat.com></a><br>
<b>Subject:</b> Re: [EXTERNAL] [edk2-devel] Missing TPM 2
related call to Tpm2HierarchyChangeAuth<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Adding <a
id="OWAAM57DF552AAA444C9D81C6D190197AAE31"
href="mailto:jerecox@microsoft.com" moz-do-not-send="true">
<span
style="font-family:"Calibri",sans-serif;text-decoration:none">@Jeremiah</span></a>…<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Jeremiah, weren’t you or <a
id="OWAAMF48ECF70C0FF4290BC7C5F323E5081B0"
href="mailto:Michael.Kubacki@microsoft.com"
moz-do-not-send="true">
<span
style="font-family:"Calibri",sans-serif;text-decoration:none">@Michael</span></a>
shopping this change to MinPlatform?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">- Bret <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From: </b><a
href="mailto:stefanb=linux.ibm.com@groups.io"
moz-do-not-send="true">Stefan Berger via groups.io</a><br>
<b>Sent: </b>Monday, July 26, 2021 7:48 AM<br>
<b>To: </b><a href="mailto:jiewen.yao@intel.com"
moz-do-not-send="true">Yao, Jiewen</a>; <a
href="mailto:devel@edk2.groups.io" moz-do-not-send="true">
devel@edk2.groups.io</a><br>
<b>Cc: </b><a href="mailto:marcandre.lureau@redhat.com"
moz-do-not-send="true">Marc-André Lureau</a><br>
<b>Subject: </b>[EXTERNAL] [edk2-devel] Missing TPM 2
related call to Tpm2HierarchyChangeAuth<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hello!<br>
<br>
The TPM 2 code in EDK2 is missing an important call to <br>
Tpm2HierarchyChangeAuth for the platform hierarchy. We have to
set the <br>
password of that hierarchy and discard the password. See also
specs <br>
section 11: <br>
<a
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrustedcomputinggroup.org%2Fwp-content%2Fuploads%2FTCG_PCClient_PFP_r1p05_v22_02dec2020.pdf&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cf2a2262eee2c44b3760c08d95044601a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629077356686202%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=N7VQIw87rHqUAFQ54TvhNwcsPFEwJzdZQ9JZrmX1S4E%3D&reserved=0"
moz-do-not-send="true">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrustedcomputinggroup.org%2Fwp-content%2Fuploads%2FTCG_PCClient_PFP_r1p05_v22_02dec2020.pdf&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cf2a2262eee2c44b3760c08d95044601a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629077356686202%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=N7VQIw87rHqUAFQ54TvhNwcsPFEwJzdZQ9JZrmX1S4E%3D&reserved=0</a><br>
<br>
"Platform Firmware MUST protect access to the Platform
Hierarchy and <br>
prevent access to the platform hierarchy by<br>
non-manufacturer-controlled components. "<br>
<br>
I was wondering where we could put that call so it's invoked
after the <br>
user has possibly interacted with the menu and before passing
control to <br>
the next stage such as boot loader.<br>
<br>
Regards,<br>
<br>
Stefan<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"></o:p></span></p>
</div>
</div>
</blockquote>
</body>
</html>
<div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links:<p> You receive all messages sent to this group. <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/78257">View/Reply Online (#78257)</a> | | <a target="_blank" href="https://groups.io/mt/84485285/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>