From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=zEdJ=OS=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7AD06C433F5
	for <u-boot@archiver.kernel.org>; Tue, 28 Sep 2021 17:41:48 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id A379B611CE
	for <u-boot@archiver.kernel.org>; Tue, 28 Sep 2021 17:41:47 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A379B611CE
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id B756782D88;
	Tue, 28 Sep 2021 19:41:44 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="h7y0sRwn";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id C472983124; Tue, 28 Sep 2021 19:41:41 +0200 (CEST)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com
 [IPv6:2607:f8b0:4864:20::b2b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id D658282D52
 for <u-boot@lists.denx.de>; Tue, 28 Sep 2021 19:41:36 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-yb1-xb2b.google.com with SMTP id 71so7555694ybe.6
 for <u-boot@lists.denx.de>; Tue, 28 Sep 2021 10:41:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=SBGlNJ8pwFXQWBP+XsNsqmkhCuPGdaYIzcXij9ezycg=;
 b=h7y0sRwn/lEShlPsdbRkpIGmMyQpwnhelwVJgzbPDi8RPGuLKOBgp1REnhfnzWLnvh
 tB90iuCX7qh3FOTWM8kdq7x3Ns2p1qWuQ3N7JLgsFkjiVZI2iwgrlRlb78LM2V4608QO
 ZDmEtk7fhI+/GEI3iDpsdlqR6T3bQK02tqa/DagJx+Av1E8c58ZT4wJ1zRUufas0hSNt
 /5vNIixeMySOOc4jMVX6nRET0zEBYXjip+hNfEvtKDsUi8rGbBF1OojNXfjBOaL+n92o
 3RXc21fcHEQXmBricxvjGOP1mf1DVlp3inaQPmFf7ET7PQHBgsTV3SMzH3QEuHrFxK0d
 Qwig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=SBGlNJ8pwFXQWBP+XsNsqmkhCuPGdaYIzcXij9ezycg=;
 b=vle+dHlZb0fOhzEIH5qAsWjcAEt+d+yr9vmqdPZks7a9DHAtFdgriBhH1ibD2Z5VpQ
 ZOFQo73azdpQfPOj7oZ7jLMlesQ5RNWhQpzCyOUKG2yIRh3bwbmvk5tOBz/EWZmrDEk9
 ba3BgYLsedxZYIQwZoovRPuBtRj6Xavr5rn2Q7yVYgvIWKXD5PlHj2nzMzgXXlOMbGVm
 qfKEZK9jkv2AdSNwQ/h4ftR+w11YCTDTMxtOOO1co8POYLTZcTXNyqhXD/SIZD+y7KT0
 slqWo6ZsGpARFOkfzn5DbP52KS8QXZVEfA1sZyQvi7EpPcaZMNtTJjI3Oet0zhBcaxre
 2Z4w==
X-Gm-Message-State: AOAM532y/aA7AFQTszWkuyhjLqUEbqamT07GJO1V2JklBSsJON7Z4vg2
 b/IrtsYJb5DtAIE75QOcVg5UXmWFof2r5UES7K3QjQ==
X-Google-Smtp-Source: ABdhPJxrsLrcqOxBY+Av7KECgHYHdAIhUJb6pusJqyAum8nw2IUlqm3E8RRDsNYoNuJHAnbumlowY9kUaqjqNJUAbdM=
X-Received: by 2002:a25:6183:: with SMTP id v125mr189515ybb.531.1632850895506; 
 Tue, 28 Sep 2021 10:41:35 -0700 (PDT)
MIME-Version: 1.0
References: <20210921071931.3755-1-masahisa.kojima@linaro.org>
 <20210921071931.3755-2-masahisa.kojima@linaro.org>
 <CAPnjgZ2St5g5-S9sGAKDdnaOjf50QG0jacgQ+KnCodXs3CtjWg@mail.gmail.com>
 <CAC_iWjLWxPyEwPpG7v=1U1sxLOD4LXF+Vm+cGTHom9Mpz9pAgw@mail.gmail.com>
 <CAPnjgZ3L_GDS=XKJp2S1CbNv-JcKuSSHyxCgQWQWkuxFJwB02A@mail.gmail.com>
 <YVGGRqgVAiHvd1aR@apalos.home>
 <CAPnjgZ0uwcVLBV+tz82qvBAEP+eNfE9YMhvQfPL67R7zj=ixqA@mail.gmail.com>
In-Reply-To: <CAPnjgZ0uwcVLBV+tz82qvBAEP+eNfE9YMhvQfPL67R7zj=ixqA@mail.gmail.com>
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Date: Tue, 28 Sep 2021 20:40:59 +0300
Message-ID: <CAC_iWjLY-qH0ckQHh=WhvbVc2pa_a2COjr=g3cp8ZEdVxV6=aw@mail.gmail.com>
Subject: Re: [PATCH v2 1/3] efi_loader: add SMBIOS table measurement
To: Simon Glass <sjg@chromium.org>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>,
 U-Boot Mailing List <u-boot@lists.denx.de>, 
 Heinrich Schuchardt <xypron.glpk@gmx.de>, Alexander Graf <agraf@csgraf.de>,
 Bin Meng <bmeng.cn@gmail.com>, 
 Christian Gmeiner <christian.gmeiner@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Hi Simon,


[...]
> > > > We've mentioned this in the past.  The sandbox TPM is very limited wrt
> > > > tpm testing for the EFI TCG protocol.
> > >
> > > So let's add some more features? If it helps, think of the sandbox TPM
> > > as test code, not an emulator. It is a very simple kind of emulator to
> > > allow tests to work.
> >
> > The amount of features needed to test EFI TCG are not minimal.  Since I'll
> > upstream the mmio tpm anyway,  we'll just test TCG there.  If someone wants
> > to go ahead and make the sandbox TPM a TIS compliant device that covers the
> > requirements of the EFI TCG,  I am fine using it.
>
> Do you know how many features? There's 250 LOC in this patch.

I haven't checked for a while but back when I tested it
tpm2_get_capability() was failing on a number of cases.  The EFI TCG
code expects:
- TPM2_PT_MAX_COMMAND_SIZE
- TPM2_PT_MAX_RESPONSE_SIZE
- TPM2_PT_MANUFACTURER
- TPM2_PT_PCR_COUNT
- TPM2_CAP_PCRS
when querying capabilities.  Ideally we'd also want to extend more
than 1 PCRs and verify that worked correctly.

>
> >
> > >
> > > > I did send TPM MMIO patches a while back [1].  This would allow us to
> > > > test everything under QEMU,  but you asked for *another* device to be
> > > > part of the API I posted (apart from the MMIO).  I've found some time
> > >
> > > Yes that is because if you just add a new protocol you have not made
> > > anything better, just added one more way of doing things.
> >
> > Our perspective of 'better' seems to be different.
> >
> > I added a TIS API for any driver to use.  I actually did 2 iterations of
> > the driver.  The first one was replicating all the code and you said 'why
> > are we replicating code',  which was done already in a bunch of drivers
> > already...
> > Then I added an API and a driver using it but you wanted to convert more
> > *existing* drivers to the API before merging it. But the fact is that if
> > anyone wants to add a new driver he has to code  ~900 lines instead of the
> > ~150 needed with the API in place,  not to mention the duplication of bugs
> > all over the place....
>
> It would be like adding a new filesystem in U-Boot with its own new
> framework for filesystems. It creates technical debt and we don't know
> if anyone will actually use it.
>
> https://xkcd.com/927/
>
> I think your API is a great idea but we need some effort to migrate to
> it, to avoid the problem above. After all, who else is going to do it?

I ordered the SPI TPM, so hopefully, I'll be able to have the MMIO and
SPI drivers using it!

Cheers
/Ilias