Re: [edk2] [PATCH 4/7] ovmf: link with Tcg2Pei module
On 03/01/18 16:08, Marc-André Lureau wrote: > Hi > > On Mon, Feb 26, 2018 at 10:38 AM, Laszlo Ersek wrote: >> On 02/23/18 14:23, marcandre.lur...@redhat.com wrote: >>> From: Marc-André Lureau >>> >>> This module will initialize TPM device, measure reported FVs and BIOS >>> version. >>> >>> CC: Laszlo Ersek >>> CC: Stefan Berger >>> Contributed-under: TianoCore Contribution Agreement 1.0 >>> Signed-off-by: Marc-André Lureau >>> --- >>> OvmfPkg/OvmfPkgX64.dsc | 7 +++ >>> OvmfPkg/OvmfPkgX64.fdf | 1 + >>> 2 files changed, 8 insertions(+) >>> >>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >>> index b5cbe8430f..34a7c2778e 100644 >>> --- a/OvmfPkg/OvmfPkgX64.dsc >>> +++ b/OvmfPkg/OvmfPkgX64.dsc >>> @@ -279,6 +279,8 @@ >>>PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf >>>QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf >>> !if $(TPM2_ENABLE) >>> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf >>> + >>> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf >>> >>> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf >>>Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf >>> !endif >>> @@ -647,6 +649,11 @@ >>> >>> !if $(TPM2_ENABLE) == TRUE >>>SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf >>> + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { >>> + >>> + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf >>> + >>> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf >>> + } >>> !endif >>> >>> !if $(SECURE_BOOT_ENABLE) == TRUE >>> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf >>> index dc35d0a1f7..9558142a42 100644 >>> --- a/OvmfPkg/OvmfPkgX64.fdf >>> +++ b/OvmfPkg/OvmfPkgX64.fdf >>> @@ -170,6 +170,7 @@ INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf >>> !endif >>> !if $(TPM2_ENABLE) == TRUE >>> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf >>> +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf >>> !endif >>> >>> >>> >>> >> >> Would it be possible to drop SHA1 (include SHA256 only) by setting >> PcdTpm2HashMask to value 2? Or SHA1 required for some other reason? (If >> so please mention it in the commit message.) >> > > afaik, it's not strictly required, and apparently the support is being > dropped. I'll remove it. > > btw, now I understand your comment about read-only variable not being > used by PEI module. I'll add a preliminary patch dropping it from > depex ;) OK, thanks :) Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 4/7] ovmf: link with Tcg2Pei module
Hi On Mon, Feb 26, 2018 at 10:38 AM, Laszlo Ersek wrote: > On 02/23/18 14:23, marcandre.lur...@redhat.com wrote: >> From: Marc-André Lureau >> >> This module will initialize TPM device, measure reported FVs and BIOS >> version. >> >> CC: Laszlo Ersek >> CC: Stefan Berger >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Marc-André Lureau >> --- >> OvmfPkg/OvmfPkgX64.dsc | 7 +++ >> OvmfPkg/OvmfPkgX64.fdf | 1 + >> 2 files changed, 8 insertions(+) >> >> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >> index b5cbe8430f..34a7c2778e 100644 >> --- a/OvmfPkg/OvmfPkgX64.dsc >> +++ b/OvmfPkg/OvmfPkgX64.dsc >> @@ -279,6 +279,8 @@ >>PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf >>QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf >> !if $(TPM2_ENABLE) >> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf >> + >> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf >> >> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf >>Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf >> !endif >> @@ -647,6 +649,11 @@ >> >> !if $(TPM2_ENABLE) == TRUE >>SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf >> + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { >> + >> + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf >> + >> NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf >> + } >> !endif >> >> !if $(SECURE_BOOT_ENABLE) == TRUE >> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf >> index dc35d0a1f7..9558142a42 100644 >> --- a/OvmfPkg/OvmfPkgX64.fdf >> +++ b/OvmfPkg/OvmfPkgX64.fdf >> @@ -170,6 +170,7 @@ INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf >> !endif >> !if $(TPM2_ENABLE) == TRUE >> INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf >> +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf >> !endif >> >> >> >> > > Would it be possible to drop SHA1 (include SHA256 only) by setting > PcdTpm2HashMask to value 2? Or SHA1 required for some other reason? (If > so please mention it in the commit message.) > afaik, it's not strictly required, and apparently the support is being dropped. I'll remove it. btw, now I understand your comment about read-only variable not being used by PEI module. I'll add a preliminary patch dropping it from depex ;) thanks -- Marc-André Lureau ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 4/7] ovmf: link with Tcg2Pei module
On 02/23/18 14:23, marcandre.lur...@redhat.com wrote: > From: Marc-André Lureau > > This module will initialize TPM device, measure reported FVs and BIOS > version. > > CC: Laszlo Ersek > CC: Stefan Berger > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Marc-André Lureau > --- > OvmfPkg/OvmfPkgX64.dsc | 7 +++ > OvmfPkg/OvmfPkgX64.fdf | 1 + > 2 files changed, 8 insertions(+) > > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index b5cbe8430f..34a7c2778e 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -279,6 +279,8 @@ >PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf >QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf > !if $(TPM2_ENABLE) > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > + > HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf > > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf >Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf > !endif > @@ -647,6 +649,11 @@ > > !if $(TPM2_ENABLE) == TRUE >SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { > + > + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf > + > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf > + } > !endif > > !if $(SECURE_BOOT_ENABLE) == TRUE > diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf > index dc35d0a1f7..9558142a42 100644 > --- a/OvmfPkg/OvmfPkgX64.fdf > +++ b/OvmfPkg/OvmfPkgX64.fdf > @@ -170,6 +170,7 @@ INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf > !endif > !if $(TPM2_ENABLE) == TRUE > INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf > +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > !endif > > > > Would it be possible to drop SHA1 (include SHA256 only) by setting PcdTpm2HashMask to value 2? Or SHA1 required for some other reason? (If so please mention it in the commit message.) Thanks Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 4/7] ovmf: link with Tcg2Pei module
From: Marc-André Lureau This module will initialize TPM device, measure reported FVs and BIOS version. CC: Laszlo Ersek CC: Stefan Berger Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Marc-André Lureau --- OvmfPkg/OvmfPkgX64.dsc | 7 +++ OvmfPkg/OvmfPkgX64.fdf | 1 + 2 files changed, 8 insertions(+) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index b5cbe8430f..34a7c2778e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -279,6 +279,8 @@ PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf !if $(TPM2_ENABLE) + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif @@ -647,6 +649,11 @@ !if $(TPM2_ENABLE) == TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + } !endif !if $(SECURE_BOOT_ENABLE) == TRUE diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index dc35d0a1f7..9558142a42 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -170,6 +170,7 @@ INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf !endif !if $(TPM2_ENABLE) == TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf !endif -- 2.16.1.73.g5832b7e9f2 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel