tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Acidanthera UEFI Development Kit based on EDK II edk2-stable202311
26,374 Commits 14 Branches 0 Tags 318 MiB
C 76.4%
Assembly 10.5%
Python 9.3%
Rich Text Format 1.5%
C++ 0.8%
Other 1.1%
Go to file
Gary Lin 1ec05b81e5 OvmfPkg: use DxeTpmMeasurementLib if and only if TPM2_ENABLE 
(a) OvmfPkg first had to resolve the TpmMeasurementLib class -- for
    SECURE_BOOT_ENABLE only -- when the DxeImageVerificationLib instance
    became dependent on TpmMeasurementLib. For details, refer to commit
    0d28d286bf ("OvmfPkg: resolve TpmMeasurementLib dependency
    introduced in r14687", 2013-09-21).

(b) At the time, only one instance of TpmMeasurementLib existed, namely
    DxeTpmMeasurementLib. This lib instance didn't do anything -- like it
    was desirable for OVMF --, because OVMF didn't include any Tcg / TrEE
    protocol implementations.

(c) In commit 308521b133 ("MdeModulePkg: Move TpmMeasurementLib
    LibraryClass from SecurityPkg", 2015-07-01), TpmMeasurementLibNull was
    introduced.

(d) In commit 285542ebbb ("OvmfPkg: Link AuthVariableLib for following
    merged variable driver deploy", 2015-07-01), a TpmMeasurementLib
    resolution became necessary regardless of SECURE_BOOT_ENABLE. And so
    TpmMeasurementLib was resolved to TpmMeasurementLibNull in OVMF, but
    only in the non-SECURE_BOOT_ENABLE case. This step -- possibly, the
    larger series containing commit 285542ebbb -- missed an opportunity
    for simplification: given (b), the DxeTpmMeasurementLib instance
    should have been simply replaced with the TpmMeasurementLibNull
    instance, regardless of SECURE_BOOT_ENABLE.

(e) In commit 1abfa4ce48 ("Add TPM2 support defined in trusted computing
    group.", 2015-08-13), the TrEE dependency was replaced with a Tcg2
    dependency in DxeTpmMeasurementLib.

(f) Starting with commit 0c0a50d6b3 ("OvmfPkg: include Tcg2Dxe module",
    2018-03-09), OVMF would include a Tcg2 protocol implementation,
    thereby satisfying DxeTpmMeasurementLib's dependency. With
    TPM2_ENABLE, it would actually make sense to consume
    DxeTpmMeasurementLib -- however, DxeTpmMeasurementLib would never be
    used without SECURE_BOOT_ENABLE.

Therefore, we have the following four scenarios:

- TPM2_ENABLE + SECURE_BOOT_ENABLE: works as expected.

- Neither enabled: works as expected.

- Only TPM2_ENABLE: this build is currently incorrect, because
  Variable/RuntimeDxe consumes TpmMeasurementLib directly, but
  TpmMeasureAndLogData() will never reach the TPM because we link
  TpmMeasurementLibNull into the variable driver. This is a problem from
  the larger series containing (f).

- Only SECURE_BOOT_ENABLE: this build works as expected, but it is
  wasteful -- given that the protocol database will never contain Tcg2
  without TPM2_ENABLE, we should simply use TpmMeasurementLibNull. This is
  a problem from (d).

Resolving TpmMeasurementLib to DxeTpmMeasurementLib as a function of
*only* TPM2_ENABLE, we can fix / optimize the last two cases.

v2:
  - Amend the title and description suggested by Laszlo
  - Move TpmMeasurementLib to the existed TPM2_ENABLE block

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Gary Lin <glin@suse.com>
Message-Id: <20190704040731.5303-1-glin@suse.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 		2019-07-04 15:42:45 +02:00
ArmPkg ArmPkg: Fix various typos 2019-07-04 12:20:28 +01:00
ArmPlatformPkg ArmPlatformPkg: Fix various typos 2019-07-04 12:20:52 +01:00
ArmVirtPkg ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu* 2019-06-28 18:07:54 +02:00
BaseTools BaseTools/FMMT: Add a tool FMMT 2019-07-04 11:34:57 +08:00
Conf BaseTools:Delete FrameworkDatabase from BaseTools/Conf 2019-05-09 15:03:30 +08:00
CryptoPkg CryptoPkg/OpensslLib: Exclude err_all.c in process_files.pl 2019-06-25 16:45:54 +08:00
DynamicTablesPkg DynamicTablesPkg: Disable deprecated APIs 2019-06-11 10:06:42 +01:00
EmbeddedPkg EmbeddedPkg: Fix various typos 2019-07-04 12:21:04 +01:00
EmulatorPkg EmulatorPkg/MiscSubClassPlatformDxe: Remove this unused module 2019-07-02 10:42:46 +08:00
FatPkg FatPkg/FatPei: Remove BootInRecoveryMode PPI DEPEX. 2019-05-09 20:52:40 +08:00
FmpDevicePkg FmpDevicePkg: Add TimerLib to DSC file 2019-06-04 08:10:39 +08:00
IntelFsp2Pkg IntelFsp2Pkg: FSP Python scripts to support 3.x. 2019-07-01 19:18:34 +08:00
IntelFsp2WrapperPkg IntelFsp2WrapperPkg/FspWrapperNotifyDxe: make global variable static 2019-04-28 10:54:27 +08:00
MdeModulePkg MdeModulePkg SmbiosMeasurementDxe: Add Type4 Voltage field to blacklist 2019-07-01 19:36:15 +08:00
MdePkg MdePkg/Protocol/Hash: introduce GUID for SM3 2019-07-03 16:31:53 +08:00
NetworkPkg NetworkPkg: Move Network library header file from MdeModulePkg to NetworkPkg 2019-05-27 09:25:18 +08:00
OvmfPkg OvmfPkg: use DxeTpmMeasurementLib if and only if TPM2_ENABLE 2019-07-04 15:42:45 +02:00
PcAtChipsetPkg PcAtChipsetPkg: Remove framework modules 2019-06-27 08:14:19 +08:00
SecurityPkg SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default 2019-07-03 16:31:55 +08:00
ShellPkg ShellPkg: acpiview: Make '-h' option not require a parameter 2019-07-02 17:22:46 +08:00
SignedCapsulePkg SignedCapsulePkg: Update Package DSC to remove unused network libs 2019-05-28 21:34:56 +08:00
SourceLevelDebugPkg SourceLevelDebugPkg: Add missing instances for build only 2019-06-17 09:19:00 +08:00
StandaloneMmPkg StandaloneMmPkg: Replace BSD License with BSD+Patent License 2019-04-09 10:58:27 -07:00
UefiCpuPkg UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid 2019-06-27 09:20:53 +08:00
UefiPayloadPkg UefiPayloadPkg: Remove legacy PIC 8259 driver 2019-06-21 08:39:26 -07:00
.gitignore
.gitmodules ArmPkg: import Berkeley Softfloat library as git submodule 2019-05-31 17:53:44 +02:00
License-History.txt edk2: Add License-History.txt 2019-04-09 09:10:18 -07:00
License.txt edk2: Change License.txt from 2-Clause BSD to BSD+Patent 2019-04-09 09:10:18 -07:00
Maintainers.txt Maintainers.txt: Drop deprecated SourceForge SVN link 2019-07-04 08:08:35 +08:00
Readme.md edk2: Update additional licenses in Readme.md 2019-06-05 09:28:48 -07:00
edksetup.bat Edk2Setup: Support different VS tool chain setup 2019-06-28 15:04:42 +08:00
edksetup.sh BaseTools:Linux changes the way the latest version is judged 2019-07-01 11:57:06 +08:00

Readme.md

EDK II Project

A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from www.uefi.org.

The majority of the content in the EDK II open source project uses a BSD-2-Clause Plus Patent License. The EDK II open source project contains the following components that are covered by additional licenses:

The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.

Resources

Code Contributions

To make a contribution to a TianoCore project, follow these steps.

  1. Create a change description in the format specified below to use in the source control commit log.

  2. Your commit message must include your Signed-off-by signature

  3. Submit your code to the TianoCore project using the process that the project documents on its web page. If the process is not documented, then submit the code on development email list for the project.

  4. It is preferred that contributions are submitted using the same copyright license as the base project. When that is not possible, then contributions using the following licenses can be accepted:

    For documentation:

    Contributions of code put into the public domain can also be accepted.

    Contributions using other licenses might be accepted, but further review will be required.

Developer Certificate of Origin

Your change description should use the standard format for a commit message, and must include your Signed-off-by signature.

In order to keep track of who did what, all patches contributed must include a statement that to the best of the contributor's knowledge they have the right to contribute it under the specified license.

The test for this is as specified in the Developer's Certificate of Origin (DCO) 1.1. The contributor certifies compliance by adding a line saying

Signed-off-by: Developer Name developer@example.org

where Developer Name is the contributor's real name, and the email address is one the developer is reachable through at the time of contributing.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

Sample Change Description / Commit Message

From: Contributor Name <contributor@example.com>
Subject: [Repository/Branch PATCH] Pkg-Module: Brief-single-line-summary

Full-commit-message

Signed-off-by: Contributor Name <contributor@example.com>

Notes for sample patch email

  • The first line of commit message is taken from the email's subject line following [Repository/Branch PATCH]. The remaining portion of the commit message is the email's content.
  • git format-patch is one way to create this format

Definitions for sample patch email

  • Repository is the identifier of the repository the patch applies. This identifier should only be provided for repositories other than edk2. For example edk2-BuildSpecification or staging.
  • Branch is the identifier of the branch the patch applies. This identifier should only be provided for branches other than edk2/master. For example edk2/UDK2015, edk2-BuildSpecification/release/1.27, or staging/edk2-test.
  • Module is a short identifier for the affected code or documentation. For example MdePkg, MdeModulePkg/UsbBusDxe, Introduction, or EDK II INF File Format.
  • Brief-single-line-summary is a short summary of the change.
  • The entire first line should be less than ~70 characters.
  • Full-commit-message a verbose multiple line comment describing the change. Each line should be less than ~70 characters.
  • Signed-off-by is the contributor's signature identifying them by their real/legal name and their email address.