From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mx.groups.io with SMTP id smtpd.web12.6580.1592298287706275716
 for <devel@edk2.groups.io>;
 Tue, 16 Jun 2020 02:04:47 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: zhiguang.liu@intel.com)
IronPort-SDR: 1PlY2JEXruYqZYK2QO16ByUqD6+MQjMtIrs+4ITkN8ihih81hNkLdTk1Xd/Iwb1s8csmcq6Kz+
 uWaxNfaHhRrA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2020 02:04:47 -0700
IronPort-SDR: lsQ4n9v7AwmKQGB7tkiqjZh6g8PQDz7+RTj1YOAoGffHTB6/BrWBuSZ8+heRvvhYZcLrfbplMU
 Ex19Iz0Ng0Tw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,518,1583222400"; 
   d="scan'208";a="290992339"
Received: from fieedk002.ccr.corp.intel.com ([10.239.158.178])
  by orsmga002.jf.intel.com with ESMTP; 16 Jun 2020 02:04:45 -0700
From: "Zhiguang Liu" <zhiguang.liu@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH 4/5] SecurityPkg: Remove DXE_SMM_DRIVER support for some libraries
Date: Tue, 16 Jun 2020 17:04:33 +0800
Message-Id: <20200616090434.1201-4-zhiguang.liu@intel.com>
X-Mailer: git-send-email 2.25.1.windows.1
In-Reply-To: <20200616090434.1201-1-zhiguang.liu@intel.com>
References: <20200616090434.1201-1-zhiguang.liu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2317
Remove DXE_SMM_DRIVER support for some libraries because they
have the risks of leaking data from SMM mode to non-SMM mode.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
---
 SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf | =
2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificati=
onLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio=
nLib.inf
index 1e1a639857..9494d04b1d 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i=
nf
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.i=
nf
@@ -20,7 +20,7 @@
   FILE_GUID                      =3D 0CA970E1-43FA-4402-BC0A-81AF336BFFD6=
=0D
   MODULE_TYPE                    =3D DXE_DRIVER=0D
   VERSION_STRING                 =3D 1.0=0D
-  LIBRARY_CLASS                  =3D NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DX=
E_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER=0D
+  LIBRARY_CLASS                  =3D NULL|DXE_DRIVER DXE_RUNTIME_DRIVER UE=
FI_APPLICATION UEFI_DRIVER=0D
   CONSTRUCTOR                    =3D DxeImageVerificationLibConstructor=0D
 =0D
 #=0D
--=20
2.25.1.windows.1