The PPFlag variable MUST to be locked to prevent malicious modification. Otherwise, anyone can change the PP configuration without confirmation from end user.
Thank you Yao Jiewen > -----Original Message----- > From: Gerd Hoffmann <kra...@redhat.com> > Sent: Monday, November 8, 2021 7:58 PM > To: Stefan Berger <stef...@linux.ibm.com> > Cc: devel@edk2.groups.io; marcandre.lur...@redhat.com; Yao, Jiewen > <jiewen....@intel.com>; Wang, Jian J <jian.j.w...@intel.com>; Ard Biesheuvel > <ardb+tianoc...@kernel.org>; Justen, Jordan L <jordan.l.jus...@intel.com> > Subject: Re: [edk2-devel] [PATCH v2 3/4] OvmfPkg: Enable physical presence > interface for TPM 1.2 > > On Sat, Nov 06, 2021 at 09:19:33PM -0400, Stefan Berger wrote: > > > > On 11/5/21 08:17, Gerd Hoffmann wrote: > > > On Tue, Nov 02, 2021 at 11:49:09AM -0400, Stefan Berger wrote: > > > > Enable the physical presence interface for TPM 1.2. It is required for > > > > the > > > > TPM 1.2 menu to work. > > > > > > > > The changes to DxeTcgPhysicalPresenceLib.c are due to the device we are > using > > > > in QEMU for presenting the supported PPI commands and results to the OS > via > > > > ACPI as well as to store the PPI opcode to execute. > > > Fails to build for microvm. > > > > > > > + > TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPh > ysicalPresenceLib.inf > > > I guess this line is needed just next to Tcg2PhysicalPresenceLibNull > > > line? > > > (same problem on OvmfXen.dsc) > > > > Fixed in v3 for microvm and Xen and Bhyve also. > > > > You happen to know about the variable lock issue? Why does the variable need > > to be locked? > > No clue, sorry. That's a topic I have to learn about myself. Noticed > the variable locking deprecation warning in the ovmf boot log too, but > havn't found the time yet to look into that. > > take care, > Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#83448): https://edk2.groups.io/g/devel/message/83448 Mute This Topic: https://groups.io/mt/86769186/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
