Re: [PATCH v2 3/4] OvmfPkg: Enable physical presence interface for TPM 1.2


Yao, Jiewen
 

The PPFlag variable MUST to be locked to prevent malicious modification.
Otherwise, anyone can change the PP configuration without confirmation from end user.

Thank you
Yao Jiewen

-----Original Message-----
From: Gerd Hoffmann <kraxel@...>
Sent: Monday, November 8, 2021 7:58 PM
To: Stefan Berger <stefanb@...>
Cc: devel@edk2.groups.io; marcandre.lureau@...; Yao, Jiewen
<jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>; Ard Biesheuvel
<ardb+tianocore@...>; Justen, Jordan L <jordan.l.justen@...>
Subject: Re: [edk2-devel] [PATCH v2 3/4] OvmfPkg: Enable physical presence
interface for TPM 1.2

On Sat, Nov 06, 2021 at 09:19:33PM -0400, Stefan Berger wrote:

On 11/5/21 08:17, Gerd Hoffmann wrote:
On Tue, Nov 02, 2021 at 11:49:09AM -0400, Stefan Berger wrote:
Enable the physical presence interface for TPM 1.2. It is required for the
TPM 1.2 menu to work.

The changes to DxeTcgPhysicalPresenceLib.c are due to the device we are
using
in QEMU for presenting the supported PPI commands and results to the OS
via
ACPI as well as to store the PPI opcode to execute.
Fails to build for microvm.

+
TcgPhysicalPresenceLib|OvmfPkg/Library/TcgPhysicalPresenceLibNull/DxeTcgPh
ysicalPresenceLib.inf
I guess this line is needed just next to Tcg2PhysicalPresenceLibNull
line?
(same problem on OvmfXen.dsc)
Fixed in v3 for microvm and Xen and Bhyve also.

You happen to know about the variable lock issue? Why does the variable need
to be locked?
No clue, sorry. That's a topic I have to learn about myself. Noticed
the variable locking deprecation warning in the ovmf boot log too, but
havn't found the time yet to look into that.

take care,
Gerd

Join devel@edk2.groups.io to automatically receive all group messages.