OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++ OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++ .../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++-------- .../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++------- .../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++------- .../DxeTcg2PhysicalPresenceLib.c | 5 +++++ .../DxeTcg2PhysicalPresenceLib.inf | 1 + OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ OvmfPkg/OvmfPkgIa32.fdf | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ OvmfPkg/OvmfPkgX64.fdf | 2 ++ 13 files changed, 75 insertions(+), 22 deletions(-)
This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may require
interaction with the user, we also move PlatformInitializeConsole
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.
Regards,
Stefan
v2:
- 1/4: Added missing link library
- 2/4: Modified other BdsPlatform.c files as well
- Added Yao's comments to 1/2 and 2/2
Stefan Berger (4):
OvmfPkg/TPM PPI: Connect default consoles for user interaction
OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
OvmfPkg: Reference new Tcg2PlatformPei in the build system
OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++-------
.../DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
13 files changed, 75 insertions(+), 22 deletions(-)
--
2.31.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80656): https://edk2.groups.io/g/devel/message/80656
Mute This Topic: https://groups.io/mt/85602992/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> I will wait for a week, to see if there is any feedback from AMD or Bhyve reviewer. Thank you Yao Jiewen > -----Original Message----- > From: Stefan Berger <stefanb@linux.ibm.com> > Sent: Tuesday, September 14, 2021 10:18 PM > To: devel@edk2.groups.io > Cc: mhaeuser@posteo.de; spbrogan@outlook.com; > marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen > <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com> > Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy > > This series of patches adds support for disabling the TPM 2 platform > hierarchy to Ovmf. To be able to do this we have to handle TPM 2 > physical presence interface (PPI) opcodes before the TPM 2 platform > hierarchy is disabled otherwise TPM 2 commands that are sent due to the > PPI opcodes may fail if the platform hierarchy is already disabled. > Therefore, we need to invoke the handler function > Tcg2PhysicalPresenceLibProcessRequest from within > PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may > require > interaction with the user, we also move PlatformInitializeConsole > to before the handling of PPI codes so that the keyboard is available > when needed. The PPI handling code will activate the default consoles > only if it requires user interaction. > > Regards, > Stefan > > v2: > - 1/4: Added missing link library > - 2/4: Modified other BdsPlatform.c files as well > - Added Yao's comments to 1/2 and 2/2 > > Stefan Berger (4): > OvmfPkg/TPM PPI: Connect default consoles for user interaction > OvmfPkg: Handle TPM 2 physical presence opcodes much earlier > OvmfPkg: Reference new Tcg2PlatformDxe in the build system for > compilation > OvmfPkg: Reference new Tcg2PlatformPei in the build system > > OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++ > OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++ > .../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++-------- > .../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++------- > .../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++------- > .../DxeTcg2PhysicalPresenceLib.c | 5 +++++ > .../DxeTcg2PhysicalPresenceLib.inf | 1 + > OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ > OvmfPkg/OvmfPkgIa32.fdf | 2 ++ > OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ > OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ > OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ > OvmfPkg/OvmfPkgX64.fdf | 2 ++ > 13 files changed, 75 insertions(+), 22 deletions(-) > > -- > 2.31.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80671): https://edk2.groups.io/g/devel/message/80671 Mute This Topic: https://groups.io/mt/85602992/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 9/14/21 6:26 PM, Yao, Jiewen wrote: > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > I will wait for a week, to see if there is any feedback from AMD or Bhyve reviewer. I can repost as v3 with your Reviewed-by's cc'ing them. Stefan > > Thank you > Yao Jiewen > > >> -----Original Message----- >> From: Stefan Berger <stefanb@linux.ibm.com> >> Sent: Tuesday, September 14, 2021 10:18 PM >> To: devel@edk2.groups.io >> Cc: mhaeuser@posteo.de; spbrogan@outlook.com; >> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen >> <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com> >> Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy >> >> This series of patches adds support for disabling the TPM 2 platform >> hierarchy to Ovmf. To be able to do this we have to handle TPM 2 >> physical presence interface (PPI) opcodes before the TPM 2 platform >> hierarchy is disabled otherwise TPM 2 commands that are sent due to the >> PPI opcodes may fail if the platform hierarchy is already disabled. >> Therefore, we need to invoke the handler function >> Tcg2PhysicalPresenceLibProcessRequest from within >> PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may >> require >> interaction with the user, we also move PlatformInitializeConsole >> to before the handling of PPI codes so that the keyboard is available >> when needed. The PPI handling code will activate the default consoles >> only if it requires user interaction. >> >> Regards, >> Stefan >> >> v2: >> - 1/4: Added missing link library >> - 2/4: Modified other BdsPlatform.c files as well >> - Added Yao's comments to 1/2 and 2/2 >> >> Stefan Berger (4): >> OvmfPkg/TPM PPI: Connect default consoles for user interaction >> OvmfPkg: Handle TPM 2 physical presence opcodes much earlier >> OvmfPkg: Reference new Tcg2PlatformDxe in the build system for >> compilation >> OvmfPkg: Reference new Tcg2PlatformPei in the build system >> >> OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++ >> OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++ >> .../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++-------- >> .../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++------- >> .../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++------- >> .../DxeTcg2PhysicalPresenceLib.c | 5 +++++ >> .../DxeTcg2PhysicalPresenceLib.inf | 1 + >> OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ >> OvmfPkg/OvmfPkgIa32.fdf | 2 ++ >> OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ >> OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ >> OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ >> OvmfPkg/OvmfPkgX64.fdf | 2 ++ >> 13 files changed, 75 insertions(+), 22 deletions(-) >> >> -- >> 2.31.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80672): https://edk2.groups.io/g/devel/message/80672 Mute This Topic: https://groups.io/mt/85602992/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
On 9/14/21 6:26 PM, Yao, Jiewen wrote: > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > I will wait for a week, to see if there is any feedback from AMD or Bhyve reviewer. I didn't see any more comments to v3 (https://listman.redhat.com/archives/edk2-devel-archive/2021-September/msg00641.html) So maybe you can apply it to the repo. Stefan > > Thank you > Yao Jiewen > > >> -----Original Message----- >> From: Stefan Berger <stefanb@linux.ibm.com> >> Sent: Tuesday, September 14, 2021 10:18 PM >> To: devel@edk2.groups.io >> Cc: mhaeuser@posteo.de; spbrogan@outlook.com; >> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen >> <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com> >> Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy >> >> This series of patches adds support for disabling the TPM 2 platform >> hierarchy to Ovmf. To be able to do this we have to handle TPM 2 >> physical presence interface (PPI) opcodes before the TPM 2 platform >> hierarchy is disabled otherwise TPM 2 commands that are sent due to the >> PPI opcodes may fail if the platform hierarchy is already disabled. >> Therefore, we need to invoke the handler function >> Tcg2PhysicalPresenceLibProcessRequest from within >> PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may >> require >> interaction with the user, we also move PlatformInitializeConsole >> to before the handling of PPI codes so that the keyboard is available >> when needed. The PPI handling code will activate the default consoles >> only if it requires user interaction. >> >> Regards, >> Stefan >> >> v2: >> - 1/4: Added missing link library >> - 2/4: Modified other BdsPlatform.c files as well >> - Added Yao's comments to 1/2 and 2/2 >> >> Stefan Berger (4): >> OvmfPkg/TPM PPI: Connect default consoles for user interaction >> OvmfPkg: Handle TPM 2 physical presence opcodes much earlier >> OvmfPkg: Reference new Tcg2PlatformDxe in the build system for >> compilation >> OvmfPkg: Reference new Tcg2PlatformPei in the build system >> >> OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++ >> OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++ >> .../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++-------- >> .../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++------- >> .../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++------- >> .../DxeTcg2PhysicalPresenceLib.c | 5 +++++ >> .../DxeTcg2PhysicalPresenceLib.inf | 1 + >> OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ >> OvmfPkg/OvmfPkgIa32.fdf | 2 ++ >> OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ >> OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ >> OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ >> OvmfPkg/OvmfPkgX64.fdf | 2 ++ >> 13 files changed, 75 insertions(+), 22 deletions(-) >> >> -- >> 2.31.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#81292): https://edk2.groups.io/g/devel/message/81292 Mute This Topic: https://groups.io/mt/85602992/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Yes. Merged. 499c4608b13df0738213329722cdcb0ac838f3ad.. bd298d75934a7a0cf6b9e2863a5e4975e9714285 > -----Original Message----- > From: Stefan Berger <stefanb@linux.ibm.com> > Sent: Thursday, September 30, 2021 3:15 AM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com> > Cc: mhaeuser@posteo.de; spbrogan@outlook.com; > marcandre.lureau@redhat.com; kraxel@redhat.com > Subject: Re: [edk2-devel] [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform > hierarchy > > > On 9/14/21 6:26 PM, Yao, Jiewen wrote: > > Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > > > > I will wait for a week, to see if there is any feedback from AMD or Bhyve > reviewer. > > I didn't see any more comments to v3 > (https://listman.redhat.com/archives/edk2-devel-archive/2021- > September/msg00641.html) > So maybe you can apply it to the repo. > > > Stefan > > > > > > Thank you > > Yao Jiewen > > > > > >> -----Original Message----- > >> From: Stefan Berger <stefanb@linux.ibm.com> > >> Sent: Tuesday, September 14, 2021 10:18 PM > >> To: devel@edk2.groups.io > >> Cc: mhaeuser@posteo.de; spbrogan@outlook.com; > >> marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen > >> <jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com> > >> Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy > >> > >> This series of patches adds support for disabling the TPM 2 platform > >> hierarchy to Ovmf. To be able to do this we have to handle TPM 2 > >> physical presence interface (PPI) opcodes before the TPM 2 platform > >> hierarchy is disabled otherwise TPM 2 commands that are sent due to the > >> PPI opcodes may fail if the platform hierarchy is already disabled. > >> Therefore, we need to invoke the handler function > >> Tcg2PhysicalPresenceLibProcessRequest from within > >> PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may > >> require > >> interaction with the user, we also move PlatformInitializeConsole > >> to before the handling of PPI codes so that the keyboard is available > >> when needed. The PPI handling code will activate the default consoles > >> only if it requires user interaction. > >> > >> Regards, > >> Stefan > >> > >> v2: > >> - 1/4: Added missing link library > >> - 2/4: Modified other BdsPlatform.c files as well > >> - Added Yao's comments to 1/2 and 2/2 > >> > >> Stefan Berger (4): > >> OvmfPkg/TPM PPI: Connect default consoles for user interaction > >> OvmfPkg: Handle TPM 2 physical presence opcodes much earlier > >> OvmfPkg: Reference new Tcg2PlatformDxe in the build system for > >> compilation > >> OvmfPkg: Reference new Tcg2PlatformPei in the build system > >> > >> OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++ > >> OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++ > >> .../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++-------- > >> .../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++------- > >> .../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++------- > >> .../DxeTcg2PhysicalPresenceLib.c | 5 +++++ > >> .../DxeTcg2PhysicalPresenceLib.inf | 1 + > >> OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++ > >> OvmfPkg/OvmfPkgIa32.fdf | 2 ++ > >> OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++ > >> OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ > >> OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++ > >> OvmfPkg/OvmfPkgX64.fdf | 2 ++ > >> 13 files changed, 75 insertions(+), 22 deletions(-) > >> > >> -- > >> 2.31.1 > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#81294): https://edk2.groups.io/g/devel/message/81294 Mute This Topic: https://groups.io/mt/85602992/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.