From nobody Fri Apr 26 06:52:47 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+43246+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1562213337; cv=none;
	d=zoho.com; s=zohoarc;
	b=XbNL28aP3+2wVtFeAk/kMBr+IqCZbGZsUc2rsRbs2Eh3K46BpT2Xv0yrhW8BKsNqV1VUVswuSZUPL1UhzPfL/P6h1V6VEtpbXl0mQX3Ypa9dcTWixC+hPgfM4I7hhrxcbuuPWT9jTz1EK1ozCiU3PRFbKSkCyTO09JtB/MVrhOM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1562213337;
 h=Content-ID:Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To:ARC-Authentication-Results;
	bh=vLFUFUpm9JQ1mlJupNL4EeXh5hKXYvByXPwzzYKMbew=;
	b=T5lbUlZ8cJeTMpOfjxp0TQP1yGPHEA02+q+CxbJnRJYNfPGGno3YqFZo5uRWrDJ1one7/2Z6jDwSaBIVmyHXsWf6J4W+TE+B2eywpXtOLK+TNv8mVKtTRltY48LcIVTQ36iuTWHXSVmSQ5BXEjPnEVEBrx7uCijHG5f5QRe7UsA=
ARC-Authentication-Results: i=1; mx.zoho.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+43246+1787277+3901457@groups.io
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 15622133362821023.1097146532363;
 Wed, 3 Jul 2019 21:08:56 -0700 (PDT)
Return-Path: <bounce+27952+43246+1787277+3901457@groups.io>
X-Received: from m4a0039g.houston.softwaregrp.com
 (m4a0039g.houston.softwaregrp.com [15.124.2.85])
 by groups.io with SMTP; Wed, 03 Jul 2019 21:08:54 -0700
X-Received: FROM m4a0039g.houston.softwaregrp.com (15.120.17.147) BY
 m4a0039g.houston.softwaregrp.com WITH ESMTP;
 Thu,  4 Jul 2019 04:05:02 +0000
X-Received: from M9W0067.microfocus.com (2002:f79:be::f79:be) by
 M4W0335.microfocus.com (2002:f78:1193::f78:1193) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1591.10; Thu, 4 Jul 2019 04:08:01 +0000
X-Received: from NAM04-BN3-obe.outbound.protection.outlook.com (15.124.72.11)
 by
 M9W0067.microfocus.com (15.121.0.190) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1591.10 via Frontend Transport; Thu, 4 Jul 2019 04:08:01 +0000
X-Received: from DM6PR18MB2489.namprd18.prod.outlook.com (20.179.105.16) by
 DM6PR18MB2826.namprd18.prod.outlook.com (20.179.51.24) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2052.17; Thu, 4 Jul 2019 04:07:59 +0000
X-Received: from DM6PR18MB2489.namprd18.prod.outlook.com
 ([fe80::c953:1927:cc0a:dcae]) by DM6PR18MB2489.namprd18.prod.outlook.com
 ([fe80::c953:1927:cc0a:dcae%7]) with mapi id 15.20.2032.019; Thu, 4 Jul 2019
 04:07:59 +0000
From: "Gary Lin" <glin@suse.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: Jordan Justen <jordan.l.justen@intel.com>, Laszlo Ersek
	<lersek@redhat.com>, =?utf-8?B?TWFyYy1BbmRyw6kgTHVyZWF1?=
	<marcandre.lureau@redhat.com>, Stefan Berger <stefanb@linux.ibm.com>
Subject: [edk2-devel] [PATCH v2] OvmfPkg: use DxeTpmMeasurementLib if and only
 if TPM2_ENABLE
Thread-Topic: [PATCH v2] OvmfPkg: use DxeTpmMeasurementLib if and only if
 TPM2_ENABLE
Thread-Index: AQHVMh4RcXoeM9fFN0+Nz8z6mNPudg==
Date: Thu, 4 Jul 2019 04:07:59 +0000
Message-ID: <20190704040731.5303-1-glin@suse.com>
Accept-Language: zh-TW, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-clientproxiedby: DB8PR03CA0021.eurprd03.prod.outlook.com
 (2603:10a6:10:be::34) To DM6PR18MB2489.namprd18.prod.outlook.com
 (2603:10b6:5:184::16)
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [202.47.205.198]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5d40feb2-5d76-4f03-28d0-08d700353341
x-ms-traffictypediagnostic: DM6PR18MB2826:
x-microsoft-antispam-prvs: 
 <DM6PR18MB2826B80308167C42D0345478A9FA0@DM6PR18MB2826.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as
 permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+43246+1787277+3901457@groups.io;
 helo=web01.groups.io;
received-spf: None (protection.outlook.com: suse.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 vb8V99gxdcnGFE2ERBDX85TBkxVa2IvFjpHfceb/c4bAUG7Kk1BEN/Q0wnWWC0DVxZuM1BypmvT23q1VJtTJkS3YrvZfzyKkjZUZ8inkvdiR/c9teFJjgA4osY0cdH4zC/Orhriardh6htrbPWGAawZaoeicW7CDNhYc/ceJSxa3UalFfULFdkoxlncBf5056+CmCRNzCRLKgWWdh4eSjBX1StyHolWO5bZgCkFdRzKTJ297ZXdbTEv9ptWY0CgO+mfTM0Q7MK0CBj1rxQEfbAmKgcdCVCL6/BeNyfyBWx6urnknv3l9xE+VAFMR6vaAt7L2xGkT6i6rd0S/y50de6leml7F8XUeM4U516LFvT6qi9YFs8kx9W7R04YbP77fI3iEWQneMM+Mrur1Mwkong6knYaHF5lOJD9r6rmm0nU=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 5d40feb2-5d76-4f03-28d0-08d700353341
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jul 2019 04:07:59.3936
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 856b813c-16e5-49a5-85ec-6f081e13b527
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GLin@suse.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR18MB2826
X-OriginatorOrg: suse.com
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,glin@suse.com
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-ID: <6CFA860E06DB234693E5C92AFBD803A0@namprd18.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1562213335;
 bh=vLFUFUpm9JQ1mlJupNL4EeXh5hKXYvByXPwzzYKMbew=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=xDEEZ+Giqy3Ff8mylCZr3uMY40oV92AmHci2ARjYa6K8pv7pGkW/vkCsXFE+rPwZM86
 m2M+kq2O77knxg+J8+qITK629BcnMHU6TLygZK/3fe0wpJCGgswPgT1LUK1dujQvUr8R2
 Ri+j+NP/ai53nZdhKvmJdxTPBautEa5ee8Q=
X-ZohoMail-DKIM: pass (identity @groups.io)

(a) OvmfPkg first had to resolve the TpmMeasurementLib class -- for
    SECURE_BOOT_ENABLE only -- when the DxeImageVerificationLib instance
    became dependent on TpmMeasurementLib. For details, refer to commit
    0d28d286bf4d ("OvmfPkg: resolve TpmMeasurementLib dependency
    introduced in r14687", 2013-09-21).

(b) At the time, only one instance of TpmMeasurementLib existed, namely
    DxeTpmMeasurementLib. This lib instance didn't do anything -- like it
    was desirable for OVMF --, because OVMF didn't include any Tcg / TrEE
    protocol implementations.

(c) In commit 308521b13354 ("MdeModulePkg: Move TpmMeasurementLib
    LibraryClass from SecurityPkg", 2015-07-01), TpmMeasurementLibNull was
    introduced.

(d) In commit 285542ebbb03 ("OvmfPkg: Link AuthVariableLib for following
    merged variable driver deploy", 2015-07-01), a TpmMeasurementLib
    resolution became necessary regardless of SECURE_BOOT_ENABLE. And so
    TpmMeasurementLib was resolved to TpmMeasurementLibNull in OVMF, but
    only in the non-SECURE_BOOT_ENABLE case. This step -- possibly, the
    larger series containing commit 285542ebbb03 -- missed an opportunity
    for simplification: given (b), the DxeTpmMeasurementLib instance
    should have been simply replaced with the TpmMeasurementLibNull
    instance, regardless of SECURE_BOOT_ENABLE.

(e) In commit 1abfa4ce4835 ("Add TPM2 support defined in trusted computing
    group.", 2015-08-13), the TrEE dependency was replaced with a Tcg2
    dependency in DxeTpmMeasurementLib.

(f) Starting with commit 0c0a50d6b3ff ("OvmfPkg: include Tcg2Dxe module",
    2018-03-09), OVMF would include a Tcg2 protocol implementation,
    thereby satisfying DxeTpmMeasurementLib's dependency. With
    TPM2_ENABLE, it would actually make sense to consume
    DxeTpmMeasurementLib -- however, DxeTpmMeasurementLib would never be
    used without SECURE_BOOT_ENABLE.

Therefore, we have the following four scenarios:

- TPM2_ENABLE + SECURE_BOOT_ENABLE: works as expected.

- Neither enabled: works as expected.

- Only TPM2_ENABLE: this build is currently incorrect, because
  Variable/RuntimeDxe consumes TpmMeasurementLib directly, but
  TpmMeasureAndLogData() will never reach the TPM because we link
  TpmMeasurementLibNull into the variable driver. This is a problem from
  the larger series containing (f).

- Only SECURE_BOOT_ENABLE: this build works as expected, but it is
  wasteful -- given that the protocol database will never contain Tcg2
  without TPM2_ENABLE, we should simply use TpmMeasurementLibNull. This is
  a problem from (d).

Resolving TpmMeasurementLib to DxeTpmMeasurementLib as a function of
*only* TPM2_ENABLE, we can fix / optimize the last two cases.

v2:
  - Amend the title and description suggested by Laszlo
  - Move TpmMeasurementLib to the existed TPM2_ENABLE block

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Marc-Andr=C3=A9 Lureau <marcandre.lureau@redhat.com>
Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/OvmfPkgIa32.dsc    | 4 ++--
 OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++--
 OvmfPkg/OvmfPkgX64.dsc     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 87716123997a..5bbf87540ab9 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -178,10 +178,8 @@ [LibraryClasses]
=20
 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 !else
-  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib=
Null.inf
 !endif
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
@@ -207,8 +205,10 @@ [LibraryClasses]
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT=
cg2PhysicalPresenceLib.inf
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN=
ull.inf
+  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf
 !else
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
 !endif
=20
 [LibraryClasses.common]
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index ad20531ceb8b..5015e92b6eea 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -183,10 +183,8 @@ [LibraryClasses]
=20
 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 !else
-  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib=
Null.inf
 !endif
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
@@ -212,8 +210,10 @@ [LibraryClasses]
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT=
cg2PhysicalPresenceLib.inf
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN=
ull.inf
+  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf
 !else
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
 !endif
=20
 [LibraryClasses.common]
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0542ac2235b4..dda8dac18441 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -183,10 +183,8 @@ [LibraryClasses]
=20
 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE
   PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
-  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 !else
-  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
   AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib=
Null.inf
 !endif
   VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
@@ -212,8 +210,10 @@ [LibraryClasses]
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT=
cg2PhysicalPresenceLib.inf
   Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN=
ull.inf
+  TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure=
mentLib.inf
 !else
   Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT=
cg2PhysicalPresenceLib.inf
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem=
entLibNull.inf
 !endif
=20
 [LibraryClasses.common]
--=20
2.22.0


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#43246): https://edk2.groups.io/g/devel/message/43246
Mute This Topic: https://groups.io/mt/32305122/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-