From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web10.41549.1656697362383086124 for ; Fri, 01 Jul 2022 10:42:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=ICztfbPB; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: snehal.kangralkar@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1656697362; x=1688233362; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=5m3LCpQ5LSfhZBYWTsoRSPz2zny4GoWYeLA13Tw3fKQ=; b=ICztfbPBniFH6OUgm3qmdEu5hua8pulrVHTsZETt+esY7xwfRFM7KF69 9GYzgSwzWz5k5fmOqvpg+jmznH8bgx5UNMtGU3qB+dJdz/ODFjXHqj64s v9IzIv6mJrang80sYnXD7Hwn/XbPu4RLiSLA6TYdU+BX0mIwJyhmjt68e pTbtldgEu7ZLo4GCspKI0o9Vf9uxvqS+dRAvwP/IooUQgBSfHvQF4WWNl 0U6yGH+I0VrJdF0Zmj4ZfWCX22h3WVAUWoBXQ2QTLpXqnVc5Tz9HAPyu8 gm22UEPjJp/wr2UnS0GLmeqpvtj3LmwMUhAdVvu3DKNA7HbPX8yoYrwtd g==; X-IronPort-AV: E=McAfee;i="6400,9594,10395"; a="263104380" X-IronPort-AV: E=Sophos;i="5.92,237,1650956400"; d="scan'208";a="263104380" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jul 2022 10:42:42 -0700 X-IronPort-AV: E=Sophos;i="5.92,237,1650956400"; d="scan'208";a="718689479" Received: from fm73lab065.amr.corp.intel.com ([10.121.72.253]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jul 2022 10:42:41 -0700 From: snehal.kangralkar@intel.com To: devel@edk2.groups.io Cc: Jiewen Yao , Qi Zhang Subject: [PATCH v1 0/1] Sync the PcdTpm2HashMask to the active PCR banks Date: Fri, 1 Jul 2022 10:42:12 -0700 Message-Id: <20220701174213.935-1-snehal.kangralkar@intel.com> X-Mailer: git-send-email 2.36.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3923 According to definition of PcdTpm2HashMask, the mask reflects the PCR banks which need to be extended. In the Tcg2Pei SyncPcrAllocationsAndPcrMask function, we are setting PcdTpm2HashMask to match the active PCR banks, but this will only occur if the mask was originally set to 0. Always syncing the PcdTpm2HashMask to the active PCR banks in the TPM. Only then we do see the computed hashes are limited to those PCRs which are active. Cc: Jiewen Yao Cc: Qi Zhang Signed-off-by: Snehal Kangralkar Snehal Kangralkar (1): SecurityPkg : Sync PcdTpm2HashMask to the active PCR banks in the TPM SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) -- 2.36.1.windows.1