On 01/09/20 01:51, Yao, Jiewen wrote: > Hi > Comment for the warning: >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xC) >>> WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0xD) > > The reason is that: The DSC added all HASH algorithm to the TCG2 driver. > (SHA1/SHA256/SHA384/SHA512/SM3). > But the current TPM hardware device does not support SHA384 (0xC) and SHA512 > (0xD). > > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > <LibraryClasses> > > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf > NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf > } > > > It is warning because the Firmware Image *may* want to support another TPM2 > which has such capability. > It just means the *current* TPM2 does not support this hash. > The platform owner may decide to clean up the warning by remove the > SHA384/SHA512 null lib instance > support for current TPM2, or leave them as is for another TPM2.
Thank you for the explanation! > BTW: Is there any document on how to enable TPM2 on QEMU ? > I would like to have a try. :-) Please ask Marc-André (already CC'd) about vTPM usage with QEMU; unfortunately, I don't know. Thanks! Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#53079): https://edk2.groups.io/g/devel/message/53079 Mute This Topic: https://groups.io/mt/69499023/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-