Hi Stefan,
I noticed that the TPM2 Spec volume 3 says TPM2_SetPrimaryPolicy requires an auth session. BIOS/platform hierarchy currently use pass word authorization, which does not require an auth session, so the TPM2_StartAuthSession command is not supported. Do you know if TPM2_SetPrimaryPolicy will work with password authorization? thanks -----Original Message----- From: Yao, Jiewen [mailto:[email protected]] Sent: Thursday, November 13, 2014 11:42 PM To: [email protected] Subject: Re: [edk2] SecurityPkg: TPM2_SetPrimaryPolicy command Hi Stefan I think it might OK to add commands to Tpm2CommandLib, as long as there is valid usage. Would you please help to describe more on a whole picture on below 2 cases? E.g. Why and how TPM firmware upgrade use this command in BIOS? Why and how OEM delegate TPM_RH_PLATFORM role, and for which TPM command, as example? Do you think TPM2_SetPrimaryPolicy is only missing command, or there are more needed in above 2 cases? Like TPM2_CreatePrimary? Thank you Yao Jiewen -----Original Message----- From: <mailto:[email protected]> [email protected] [ <mailto:[email protected]> mailto:[email protected]] Sent: Friday, November 14, 2014 12:10 AM To: <mailto:[email protected]> [email protected] Subject: [edk2] SecurityPkg: TPM2_SetPrimaryPolicy command Hello! Would it be possible to add the command TPM2_SetPrimaryPolicy to Tpm2CommandLib? The command is required to set platformPolicy and use cases are: * OEM/BIOS sets platformPolicy to authorize TPM firmware upgrade. * OEM/BIOS delegates the TPM_RH_PLATFORM role for a specific TPM command. For further information on the command please refer to chapter 24.3 in <http://www.trustedcomputinggroup.org/files/static_page_files/8C68ADA8-1A4B- B294-D0FC06D3773F7DAA/TPM%20Rev%202.0%20Part%203%20-%20Commands%2001.16-code .pdf> http://www.trustedcomputinggroup.org/files/static_page_files/8C68ADA8-1A4B-B 294-D0FC06D3773F7DAA/TPM%20Rev%202.0%20Part%203%20-%20Commands%2001.16-code. pdf. Regards, Stefan Stefan Käser Infineon Technologies AG CCS TI SWT SW PC Staff Engineer Software Development Phone: +49 (0)821 25851 65 Fax: +49 (0)821 25851 40 <mailto:[email protected]%3cmailto:[email protected]> [email protected]<mailto:[email protected]> ***** VISIT US AT: <http://www.infineon.com> http://www.infineon.com ***** Infineon Technologies AG Chairman of the Supervisory Board: Wolfgang Mayrhuber Management Board: Dr. Reinhard Ploss (CEO), Dominik Asam, Arunjai Mittal Registered Office: Neubiberg Commercial Register: München HRB 126492 This e-mail and any attachments are confidential. They are intended solely for the attention and use of the named addressee(s). If you are not the named addressee(s) you must not use, disclose, retain or reproduce all or any part of the information contained in this e-mail or any attachments. Any unauthorized use or disclosure may be unlawful. If you have received this e-mail by mistake, please inform the sender immediately and delete it and all copies from your system and destroy any hard copies of it. ---------------------------------------------------------------------------- -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. <http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktr k> http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list <mailto:[email protected]> [email protected] <https://lists.sourceforge.net/lists/listinfo/edk2-devel> https://lists.sourceforge.net/lists/listinfo/edk2-devel ---------------------------------------------------------------------------- -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. <http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktr k> http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list <mailto:[email protected]> [email protected] <https://lists.sourceforge.net/lists/listinfo/edk2-devel> https://lists.sourceforge.net/lists/listinfo/edk2-devel
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________ edk2-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/edk2-devel
