On 9/6/21 8:34 AM, Yao, Jiewen wrote:
Hi Stefan
Thank you very much for the work.
I would like to double confirm with you on several things:
1) S3 resume - According to security guideline, we can randomize platform
hiearachy if S3 start state fail.
REF:
https://github.com/tianocore/edk2-platforms/blob/master/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
But I did not see your S3 solution there.
That may be a omission, also for ARM.
2) I am curious, why you don't use a DXE driver, but choose to like to BDS lib
for the DXE case.
I don't know the difference. Is the code in edk2-platforms unsuitable?
You also include a NULL lib there, which seems unnecessary, if you use a
DXE/PEI module
The downside of linking to BDS lib is that you have to change all BDS lib
instance, which is a big burden.
And you still have code to choose NULL lib v.s. real Lib based upon TPM enable
flag.
How about just include Tcg2PlatformPei/Tcg2PlatformDxe to securityPkg as well?
Then we can remove the TcgPlatform from MinPlatform totally.
3) In some platform, you add TpmPlatformHierarchyLib to Tcg2Dxe. Would you
please help me understand why?
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
<LibraryClasses>
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
I cannot compile several of the target platforms that I have made
modifications to that I thought were correct but have done so 'blindly'.
For example , I cannot compile for OvmfPkg/AmdSev/AmdSevX64.dsc, it
fails for me for this reason:
# build -p OvmfPkg/AmdSev/AmdSevX64.dsc -b DEBUG -a X64 -t GCC5 -D
TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D NETWORK_TLS_ENABLE
mkfs.fat 4.2 (2021-01-31)
grub2-mkimage: error: cannot open `/usr/lib/grub/x86_64-efi/moddep.lst':
No such file or directory.
This here is an example of a platform I cannot build at all (before my
modifications) but would need changes as well:
$ build -p OvmfPkg/OvmfPkgIa32X64.dsc -b DEBUG -a IA32 -t GCC5 -D
TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D NETWORK_TLS_ENABLE
[...]
Active Platform = /home/stefanb/dev/edk2/OvmfPkg/OvmfPkgIa32X64.dsc
.
build.py...
: error F001: Module
/home/stefanb/dev/edk2/MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
NOT found in DSC file; Is it really a binary module?
Should I drop the targets I cannot compile for or that seem broken just
to begin with?
Does someone else want to take a pass on this series? I have to say that
I work with too many unknowns here so that this is now the preferred
path from my perspective.
Thanks.
Stefan
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80271): https://edk2.groups.io/g/devel/message/80271
Mute This Topic: https://groups.io/mt/85316773/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
