For 3, I don’t understand your problem. But I don’t think we need link NULL lib instance for Tcg2Dxe.
Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen > Sent: Monday, September 6, 2021 11:05 PM > To: devel@edk2.groups.io; stef...@linux.ibm.com; Stefan Berger > <stef...@linux.vnet.ibm.com> > Cc: mhaeu...@posteo.de; spbro...@outlook.com; > marcandre.lur...@redhat.com; kra...@redhat.com > Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform > hierarchy > > For 2, https://github.com/tianocore/edk2- > platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg > > The edk2-platform solution is to let Tcg2PlatformDxe and Tcg2PlatformPei link > Library/PeiDxeTpmPlatformHierarchyLib. > > The DSC/FDF can include Tcg2PlatformDxe and Tcg2PlatformPei. No BDS change > is required. > > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan > > Berger > > Sent: Monday, September 6, 2021 9:50 PM > > To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com>; Stefan > Berger > > <stef...@linux.vnet.ibm.com> > > Cc: mhaeu...@posteo.de; spbro...@outlook.com; > > marcandre.lur...@redhat.com; kra...@redhat.com > > Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform > > hierarchy > > > > > > On 9/6/21 8:34 AM, Yao, Jiewen wrote: > > > Hi Stefan > > > Thank you very much for the work. > > > > > > I would like to double confirm with you on several things: > > > 1) S3 resume - According to security guideline, we can randomize platform > > hiearachy if S3 start state fail. > > > > > > REF: https://github.com/tianocore/edk2- > > > platforms/blob/master/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/T > > cg2PlatformPei.c > > > > > > But I did not see your S3 solution there. > > > > That may be a omission, also for ARM. > > > > > > > > > > 2) I am curious, why you don't use a DXE driver, but choose to like to > > > BDS lib > > for the DXE case. > > > > I don't know the difference. Is the code in edk2-platforms unsuitable? > > > > > > > You also include a NULL lib there, which seems unnecessary, if you use a > > DXE/PEI module > > > > > > The downside of linking to BDS lib is that you have to change all BDS lib > > instance, which is a big burden. > > > And you still have code to choose NULL lib v.s. real Lib based upon TPM > enable > > flag. > > > > > > How about just include Tcg2PlatformPei/Tcg2PlatformDxe to securityPkg as > > well? Then we can remove the TcgPlatform from MinPlatform totally. > > > > > > 3) In some platform, you add TpmPlatformHierarchyLib to Tcg2Dxe. Would > > you please help me understand why? > > > > > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > > > <LibraryClasses> > > > > > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRout > > erDxe.inf > > > > > > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/ > > PeiDxeTpmPlatformHierarchyLib.inf > > > > > NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > > > > I cannot compile several of the target platforms that I have made > > modifications to that I thought were correct but have done so 'blindly'. > > For example , I cannot compile for OvmfPkg/AmdSev/AmdSevX64.dsc, it > > fails for me for this reason: > > > > # build -p OvmfPkg/AmdSev/AmdSevX64.dsc -b DEBUG -a X64 -t GCC5 -D > > TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D > > NETWORK_TLS_ENABLE > > > > mkfs.fat 4.2 (2021-01-31) > > grub2-mkimage: error: cannot open `/usr/lib/grub/x86_64-efi/moddep.lst': > > No such file or directory. > > > > > > This here is an example of a platform I cannot build at all (before my > > modifications) but would need changes as well: > > > > $ build -p OvmfPkg/OvmfPkgIa32X64.dsc -b DEBUG -a IA32 -t GCC5 -D > > TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D > > NETWORK_TLS_ENABLE > > > > [...] > > > > Active Platform = > /home/stefanb/dev/edk2/OvmfPkg/OvmfPkgIa32X64.dsc > > . > > > > build.py... > > : error F001: Module > > > /home/stefanb/dev/edk2/MdeModulePkg/Universal/DevicePathDxe/DevicePat > > hDxe.inf > > NOT found in DSC file; Is it really a binary module? > > > > > > > > Should I drop the targets I cannot compile for or that seem broken just > > to begin with? > > > > > > Does someone else want to take a pass on this series? I have to say that > > I work with too many unknowns here so that this is now the preferred > > path from my perspective. > > > > Thanks. > > > > Stefan > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80275): https://edk2.groups.io/g/devel/message/80275 Mute This Topic: https://groups.io/mt/85316773/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
