Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1609827 - edk2-ovmf TPM2 support
Summary: edk2-ovmf TPM2 support
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: edk2
Version: 28
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paolo Bonzini
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-30 15:01 UTC by Marc-Andre Lureau
Modified: 2018-08-23 16:44 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-23 16:44:51 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
TianoCore 1075 0 None None None 2019-04-26 15:04:48 UTC

Description Marc-Andre Lureau 2018-07-30 15:01:28 UTC 
Please enable QEMU TPM2 support in OVMF build, with -DTPM2_ENABLE.

There are a number of commits needed that I could try to list if we need to backport.

or you can use upstream commit version 8d65d3b25e35a2e968395d261b34416776b95d9e.
Comment 1 Cole Robinson 2018-07-31 14:15:25 UTC 
I'd prefer a rebase for simplicity. Laszlo any thoughts on rebasing edk2 in fedora to 8d65d3b25e35a2e968395d261b34416776b95d9e ?
Comment 2 Laszlo Ersek 2018-07-31 15:09:21 UTC 
I'm not aware of anything broken or under heavy churn in edk2 right now, therefore I'd generally suggest rebasing the Fedora package to current edk2 master.

What's better -- it was confirmed to me in one of the monthly stewards' meetings that Red Hat hadn't been the only edk2 downstream to pick fork-off points based on mailing list and bug tracker "gut feeling". A large part of the community would apparently benefit from coordinated stabilization and actual releases. As a result, the first step in that direction is the following:

  [edk2] [RFC] EDK II stable tag releases
  http://mid.mail-archive.com/E92EE9817A31E24EB0585FDF735412F5B8A7203A@ORSMSX113.amr.corp.intel.com
  https://lists.01.org/pipermail/edk2-devel/2018-June/026474.html

Therefore, I suggest to rebase the Fedora package to the upcoming "edk2-stable201808" tag, if Marc-André can tolerate the delay.

(The next stewards' meeting should be in one week; I've now made a note to myself for raising the stable tags topic.)

I think we can preserve the name-version-release pattern we've followed thus far; sticking the commit hash in "release" should be fine for the future too (i.e. I don't see a need to put the stable tag name in there -- but I could be convinced otherwise, I guess, if others preferred the tag names).

If there's any trouble with rebasing downstream-only patches, feel free to ping me; I'll try to assist. Thanks!
Comment 3 Cole Robinson 2018-07-31 15:12:37 UTC 
Nice work Laszlo! I'm sure it's fine to wait for the next stable tag
Comment 4 Marc-Andre Lureau 2018-07-31 15:15:37 UTC 
indeed, it's fine to wait! thanks Laszlo
Comment 5 Laszlo Ersek 2018-08-07 14:31:11 UTC 
Looks like we have a recent upstream regression in TPM2 support; adding the External Tracker dependency.
Comment 6 Laszlo Ersek 2018-08-07 14:33:13 UTC 
Also we're postponing the stewards' meeting (where I plan to bring up the stable tags) from today to next Tuesday.
Comment 7 Laszlo Ersek 2018-08-16 17:03:08 UTC 
The "edk2-stable201808" tag exists now (at commit cb5f4f45ce1f), and it contains the fix for TianoCore#1075 (3781f14c31e0).
Comment 8 Laszlo Ersek 2018-08-16 18:49:02 UTC 
Marc-André, can you check if the following commit is also useful?

b9130c866dc0 OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe

It is not part of the "edk2-stable201808" tag, but it should be an easy cherry-pick, of you think it's helpful. Thanks.
Comment 9 Marc-Andre Lureau 2018-08-16 21:04:04 UTC 
I am not sure how useful, but it doesn't seem to hurt.

(However, I have issues with my setup, it seems there is a libtpms regression I'll need to look at, tpm2_pcrlist no longer works.. tpm2_hash works though)
Comment 10 Cole Robinson 2018-08-23 16:44:51 UTC 
Should be enabled in edk2-20180815gitcb5f4f45ce-1.fc30, I can do an f28 build after it gets some testing in f29
Note You need to log in before you can comment on or make changes to this bug.