From: Laszlo Ersek <lersek@redhat.com>
To: marcandre.lureau@redhat.com, edk2-devel@lists.01.org
Cc: qemu-devel@nongnu.org, javierm@redhat.com, pjones@redhat.com,
jiewen.yao@intel.com
Subject: Re: [Qemu-devel] [edk2] [PATCH 4/4] ovmf: process TPM PPI request in AfterConsole()
Date: Thu, 17 May 2018 12:24:53 +0200 [thread overview]
Message-ID: <1c61d02b-bd26-3eb7-239d-0f1458a649a3@redhat.com> (raw)
In-Reply-To: <20180515123007.10164-5-marcandre.lureau@redhat.com>
On 05/15/18 14:30, marcandre.lureau@redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Call Tcg2PhysicalPresenceLibProcessRequest() to process pending PPI
> requests from PlatformBootManagerAfterConsole().
>
> Laszlo understanding of edk2 is that the PPI operation processing was
> meant to occur *entirely* before End-Of-Dxe, so that 3rd party UEFI
> drivers couldn't interfere with PPI opcode processing *at all*.
>
> He suggested that we should *not* call
> Tcg2PhysicalPresenceLibProcessRequest() from BeforeConsole(). Because,
> an "auth" console, i.e. one that does not depend on a 3rd party
> driver, is *in general* impossible to guarantee. Instead we could opt
> to trust 3rd party drivers, and use the "normal" console(s) in
> AfterConsole(), in order to let the user confirm the PPI requests. It
> will depend on the user to enable Secure Boot, so that the
> trustworthiness of those 3rd party drivers is ensured. If an attacker
> roots the guest OS from within, queues some TPM2 PPI requests, and
> also modifies drivers on the EFI system partition and/or in GPU option
> ROMs (?), then those drivers will not load after guest reboot, and
> thus the dependent console(s) won't be used for confirming the PPI
> requests.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> ---
> OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 8 ++++++++
> .../PlatformBootManagerLib/PlatformBootManagerLib.inf | 2 ++
> 2 files changed, 10 insertions(+)
>
> diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
> index 004b753f4d26..8b1beaa3e207 100644
> --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
> +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
> @@ -16,6 +16,7 @@
> #include <Guid/XenInfo.h>
> #include <Guid/RootBridgesConnectedEventGroup.h>
> #include <Protocol/FirmwareVolume2.h>
> +#include <Library/Tcg2PhysicalPresenceLib.h>
>
>
> //
> @@ -1410,6 +1411,13 @@ PlatformBootManagerAfterConsole (
> //
> PciAcpiInitialization ();
>
> +
> + //
> + // Process TPM PPI request
> + //
> + Tcg2PhysicalPresenceLibProcessRequest (NULL);
> +
> +
Please just keep one empty line before and after the new code. With that
cleanup, for this patch:
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This series is a very nice work IMO, thank you both Stefan and
Marc-André. I hope v2 can be merged!
Thanks!
Laszlo
> //
> // Process QEMU's -kernel command line option
> //
> diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
> index 27789b7377bc..4b72c44bcf0a 100644
> --- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
> +++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
> @@ -38,6 +38,7 @@ [Packages]
> IntelFrameworkModulePkg/IntelFrameworkModulePkg.dec
> SourceLevelDebugPkg/SourceLevelDebugPkg.dec
> OvmfPkg/OvmfPkg.dec
> + SecurityPkg/SecurityPkg.dec
>
> [LibraryClasses]
> BaseLib
> @@ -56,6 +57,7 @@ [LibraryClasses]
> LoadLinuxLib
> QemuBootOrderLib
> UefiLib
> + Tcg2PhysicalPresenceLib
>
> [Pcd]
> gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
>
next prev parent reply other threads:[~2018-05-17 10:25 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-15 12:30 [Qemu-devel] [PATCH 0/4] RFC: ovmf: Add support for TPM Physical Presence interface marcandre.lureau
2018-05-15 12:30 ` [Qemu-devel] [PATCH 1/4] ovmf: add and link with Tcg2PhysicalPresenceLibNull when !TPM2_ENABLE marcandre.lureau
2018-05-17 7:58 ` [Qemu-devel] [edk2] " Laszlo Ersek
2018-05-15 12:30 ` [Qemu-devel] [PATCH 2/4] ovmf: add QemuTpm.h header marcandre.lureau
2018-05-17 8:10 ` [Qemu-devel] [edk2] " Laszlo Ersek
2018-05-15 12:30 ` [Qemu-devel] [PATCH 3/4] ovmf: replace SecurityPkg with OvfmPkg Tcg2PhysicalPresenceLibQemu marcandre.lureau
2018-05-17 10:14 ` [Qemu-devel] [edk2] " Laszlo Ersek
2018-05-15 12:30 ` [Qemu-devel] [PATCH 4/4] ovmf: process TPM PPI request in AfterConsole() marcandre.lureau
2018-05-17 10:24 ` Laszlo Ersek [this message]
2018-05-16 9:29 ` [Qemu-devel] [edk2] [PATCH 0/4] RFC: ovmf: Add support for TPM Physical Presence interface Laszlo Ersek
2018-05-17 7:41 ` Laszlo Ersek
2018-05-17 14:43 ` Marc-André Lureau
2018-05-17 14:58 ` Laszlo Ersek
2018-05-17 7:54 ` Laszlo Ersek
2018-05-17 8:26 ` Laszlo Ersek
2018-05-17 14:44 ` Marc-André Lureau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1c61d02b-bd26-3eb7-239d-0f1458a649a3@redhat.com \
--to=lersek@redhat.com \
--cc=edk2-devel@lists.01.org \
--cc=javierm@redhat.com \
--cc=jiewen.yao@intel.com \
--cc=marcandre.lureau@redhat.com \
--cc=pjones@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.