For 2, https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg
The edk2-platform solution is to let Tcg2PlatformDxe and Tcg2PlatformPei link Library/PeiDxeTpmPlatformHierarchyLib. The DSC/FDF can include Tcg2PlatformDxe and Tcg2PlatformPei. No BDS change is required. > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Stefan > Berger > Sent: Monday, September 6, 2021 9:50 PM > To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com>; Stefan Berger > <stef...@linux.vnet.ibm.com> > Cc: mhaeu...@posteo.de; spbro...@outlook.com; > marcandre.lur...@redhat.com; kra...@redhat.com > Subject: Re: [edk2-devel] [PATCH v5 0/8] Ovmf: Disable the TPM2 platform > hierarchy > > > On 9/6/21 8:34 AM, Yao, Jiewen wrote: > > Hi Stefan > > Thank you very much for the work. > > > > I would like to double confirm with you on several things: > > 1) S3 resume - According to security guideline, we can randomize platform > hiearachy if S3 start state fail. > > > > REF: https://github.com/tianocore/edk2- > platforms/blob/master/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/T > cg2PlatformPei.c > > > > But I did not see your S3 solution there. > > That may be a omission, also for ARM. > > > > > > 2) I am curious, why you don't use a DXE driver, but choose to like to BDS > > lib > for the DXE case. > > I don't know the difference. Is the code in edk2-platforms unsuitable? > > > > You also include a NULL lib there, which seems unnecessary, if you use a > DXE/PEI module > > > > The downside of linking to BDS lib is that you have to change all BDS lib > instance, which is a big burden. > > And you still have code to choose NULL lib v.s. real Lib based upon TPM > > enable > flag. > > > > How about just include Tcg2PlatformPei/Tcg2PlatformDxe to securityPkg as > well? Then we can remove the TcgPlatform from MinPlatform totally. > > > > 3) In some platform, you add TpmPlatformHierarchyLib to Tcg2Dxe. Would > you please help me understand why? > > > > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { > > <LibraryClasses> > > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRout > erDxe.inf > > > TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/ > PeiDxeTpmPlatformHierarchyLib.inf > > > NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf > > I cannot compile several of the target platforms that I have made > modifications to that I thought were correct but have done so 'blindly'. > For example , I cannot compile for OvmfPkg/AmdSev/AmdSevX64.dsc, it > fails for me for this reason: > > # build -p OvmfPkg/AmdSev/AmdSevX64.dsc -b DEBUG -a X64 -t GCC5 -D > TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D > NETWORK_TLS_ENABLE > > mkfs.fat 4.2 (2021-01-31) > grub2-mkimage: error: cannot open `/usr/lib/grub/x86_64-efi/moddep.lst': > No such file or directory. > > > This here is an example of a platform I cannot build at all (before my > modifications) but would need changes as well: > > $ build -p OvmfPkg/OvmfPkgIa32X64.dsc -b DEBUG -a IA32 -t GCC5 -D > TPM_ENABLE -D TPM_CONFIG_ENABLE -D SECURE_BOOT_ENABLE -D > NETWORK_TLS_ENABLE > > [...] > > Active Platform = /home/stefanb/dev/edk2/OvmfPkg/OvmfPkgIa32X64.dsc > . > > build.py... > : error F001: Module > /home/stefanb/dev/edk2/MdeModulePkg/Universal/DevicePathDxe/DevicePat > hDxe.inf > NOT found in DSC file; Is it really a binary module? > > > > Should I drop the targets I cannot compile for or that seem broken just > to begin with? > > > Does someone else want to take a pass on this series? I have to say that > I work with too many unknowns here so that this is now the preferred > path from my perspective. > > Thanks. > > Stefan > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#80274): https://edk2.groups.io/g/devel/message/80274 Mute This Topic: https://groups.io/mt/85316773/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
