[edk2-devel] [RFC PATCH 0/7] OVMF: Disable the TPM2 platform hierarchy
Yao, Jiewen
jiewen.yao at intel.com
Sat Aug 7 06:00:54 UTC 2021
Hi Stefan
It seems this patch series is not a production fix. It is more like a prototype, my personally feeling.
A common issue in patch 2, 3, 4, 5, is that using "comment" to remove the code. Please remove the unnecessary code directly without // or /**/ in C, and # in INF.
For patch 1, if you want to move the code to SecurityPkg, that is fine. Please move the whole driver their and you should not remove and code by comment. Please fix the issue to make it pass build, instead of commenting the code like work-around.
Otherwise, you may copy the module to OvmfPkg. Then you can modify it as you need.
Please also merge 2, 3, 4 into 1. I don’t think we want a broken patch in 1, then add fix in 2, 3, 4.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
> Sent: Friday, August 6, 2021 11:33 PM
> To: devel at edk2.groups.io; Yao, Jiewen <jiewen.yao at intel.com>
> Cc: marcandre.lureau at redhat.com; lersek at redhat.com;
> dick_wilkins at phoenix.com; Stefan Berger <stefanb at linux.vnet.ibm.com>
> Subject: [RFC PATCH 0/7] OVMF: Disable the TPM2 platform hierarchy
>
> This series imports code from the edk2-platforms project related to
> changing the password of the TPM2 platform hierarchy and uses it to
> disable the TPM2 platform hierarchy in OVMF. It addresses the OVMF
> aspects of the following bugs:
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=3510
> https://bugzilla.tianocore.org/show_bug.cgi?id=3499
>
> There's no doubt that my struggles with the build system and handling
> of dependencies are visible in this series. Quite a few aspects of
> getting things right are more or less guesswork and I am often not sure
> what the correct way of doing things are. If 'you' wanted to fix
> things up and repost it, please go ahead...
>
> Stefan
>
> Stefan Berger (7):
> SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from
> edk2-platforms
> SecruityPkg/TPM: Disable dependency on MinPlatformPkg
> SecurityPkg/TPM: Disable PcdGetBool (PcdRandomizePlatformHierarchy)
> SecurityPkg/TPM: Disable a Pcd
> SecurityPkg/TPM: Add a NULL implementation of
> PeiDxeTpmPlatformHierarchyLib
> OVMF: Reference new classes in the build system for compilation
> OVMF: Disable the TPM2 platform hierarchy
>
> OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +
> .../PlatformBootManagerLib/BdsPlatform.c | 6 +
> .../PlatformBootManagerLib.inf | 1 +
> .../PlatformBootManagerLibBhyve/BdsPlatform.c | 6 +
> .../PlatformBootManagerLibGrub/BdsPlatform.c | 6 +
> OvmfPkg/OvmfPkgIa32.dsc | 3 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 3 +
> OvmfPkg/OvmfPkgX64.dsc | 3 +
> .../Include/Library/TpmPlatformHierarchyLib.h | 27 ++
> .../PeiDxeTpmPlatformHierarchyLib.c | 266 ++++++++++++++++++
> .../PeiDxeTpmPlatformHierarchyLib.inf | 46 +++
> .../PeiDxeTpmPlatformHierarchyLib.c | 23 ++
> .../PeiDxeTpmPlatformHierarchyLib.inf | 39 +++
> 13 files changed, 432 insertions(+)
> create mode 100644 SecurityPkg/Include/Library/TpmPlatformHierarchyLib.h
> create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.c
> create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierar
> chyLib.inf
> create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHi
> erarchyLib.c
> create mode 100644
> SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHi
> erarchyLib.inf
>
> --
> 2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78843): https://edk2.groups.io/g/devel/message/78843
Mute This Topic: https://groups.io/mt/84712022/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list