The PPFlag variable MUST to be locked to prevent malicious modification.
toggle quoted messageShow quoted text
Otherwise, anyone can change the PP configuration without confirmation from end user.
From: Gerd Hoffmann <kraxel@...>
Sent: Monday, November 8, 2021 7:58 PM
To: Stefan Berger <stefanb@...>
Cc: email@example.com; marcandre.lureau@...; Yao, Jiewen
<jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>; Ard Biesheuvel
<ardb+tianocore@...>; Justen, Jordan L <jordan.l.justen@...>
Subject: Re: [edk2-devel] [PATCH v2 3/4] OvmfPkg: Enable physical presence
interface for TPM 1.2
On Sat, Nov 06, 2021 at 09:19:33PM -0400, Stefan Berger wrote:
On 11/5/21 08:17, Gerd Hoffmann wrote:
On Tue, Nov 02, 2021 at 11:49:09AM -0400, Stefan Berger wrote:
Enable the physical presence interface for TPM 1.2. It is required for the
TPM 1.2 menu to work.
The changes to DxeTcgPhysicalPresenceLib.c are due to the device we are
in QEMU for presenting the supported PPI commands and results to the OS
ACPI as well as to store the PPI opcode to execute.Fails to build for microvm.
No clue, sorry. That's a topic I have to learn about myself. Noticed
I guess this line is needed just next to Tcg2PhysicalPresenceLibNullFixed in v3 for microvm and Xen and Bhyve also.
(same problem on OvmfXen.dsc)
You happen to know about the variable lock issue? Why does the variable need
to be locked?
the variable locking deprecation warning in the ovmf boot log too, but
havn't found the time yet to look into that.