Please enable QEMU TPM2 support in OVMF build, with -DTPM2_ENABLE. There are a number of commits needed that I could try to list if we need to backport. or you can use upstream commit version 8d65d3b25e35a2e968395d261b34416776b95d9e.
I'd prefer a rebase for simplicity. Laszlo any thoughts on rebasing edk2 in fedora to 8d65d3b25e35a2e968395d261b34416776b95d9e ?
I'm not aware of anything broken or under heavy churn in edk2 right now, therefore I'd generally suggest rebasing the Fedora package to current edk2 master. What's better -- it was confirmed to me in one of the monthly stewards' meetings that Red Hat hadn't been the only edk2 downstream to pick fork-off points based on mailing list and bug tracker "gut feeling". A large part of the community would apparently benefit from coordinated stabilization and actual releases. As a result, the first step in that direction is the following: [edk2] [RFC] EDK II stable tag releases http://mid.mail-archive.com/E92EE9817A31E24EB0585FDF735412F5B8A7203A@ORSMSX113.amr.corp.intel.com https://lists.01.org/pipermail/edk2-devel/2018-June/026474.html Therefore, I suggest to rebase the Fedora package to the upcoming "edk2-stable201808" tag, if Marc-André can tolerate the delay. (The next stewards' meeting should be in one week; I've now made a note to myself for raising the stable tags topic.) I think we can preserve the name-version-release pattern we've followed thus far; sticking the commit hash in "release" should be fine for the future too (i.e. I don't see a need to put the stable tag name in there -- but I could be convinced otherwise, I guess, if others preferred the tag names). If there's any trouble with rebasing downstream-only patches, feel free to ping me; I'll try to assist. Thanks!
Nice work Laszlo! I'm sure it's fine to wait for the next stable tag
indeed, it's fine to wait! thanks Laszlo
Looks like we have a recent upstream regression in TPM2 support; adding the External Tracker dependency.
Also we're postponing the stewards' meeting (where I plan to bring up the stable tags) from today to next Tuesday.
The "edk2-stable201808" tag exists now (at commit cb5f4f45ce1f), and it contains the fix for TianoCore#1075 (3781f14c31e0).
Marc-André, can you check if the following commit is also useful? b9130c866dc0 OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe It is not part of the "edk2-stable201808" tag, but it should be an easy cherry-pick, of you think it's helpful. Thanks.
I am not sure how useful, but it doesn't seem to hurt. (However, I have issues with my setup, it seems there is a libtpms regression I'll need to look at, tpm2_pcrlist no longer works.. tpm2_hash works though)
Should be enabled in edk2-20180815gitcb5f4f45ce-1.fc30, I can do an f28 build after it gets some testing in f29