From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web10.153809.1673825274206247621 for ; Sun, 15 Jan 2023 15:27:57 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=FgwkjolY; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673825277; x=1705361277; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eB00qeCMjGP2tATfvvkolEBowxrtZ7y76J1dbVbYoVs=; b=FgwkjolYi+4bSTTpLb/Dr2hrfM6K/kHRru+ntCRTrONPaUbyNirpEhtT gRKEnh1B898ih7vffizF4nfmRGIvh29KLZE4qoDYKgd2g/GHo8vs3TFAY fabDk8lVbakiNdecdWxpzwWpfk8i+/y9yHfVnOG3ZTm4EjPOOePjkDgOr Gn1CGxoqBFR3RwKb+uNqoyqJQLOQl0xlHWkacpO1HewqrilYlLGwhoXDD zWDWY4jhXxEiFIYZxGJVtZ0YQzFaNkzr3VEexkLNq4y+oWbVMik5Mx7gj uBC3xYmNTozU8OhGISoA2kEC6O25ityqjb/0gGxxSCh3Xyd2u7NFHd7zL g==; X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="304050378" X-IronPort-AV: E=Sophos;i="5.97,219,1669104000"; d="scan'208";a="304050378" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2023 15:27:57 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="652092346" X-IronPort-AV: E=Sophos;i="5.97,219,1669104000"; d="scan'208";a="652092346" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.76]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2023 15:27:56 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Jiewen Yao , Jian J Wang Subject: [PATCH V1 2/3] SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1] Date: Mon, 16 Jan 2023 07:27:38 +0800 Message-Id: <20230115232739.415-3-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: <20230115232739.415-1-min.m.xu@intel.com> References: <20230115232739.415-1-min.m.xu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable should be measured and extended to PCR[1], not PCR[5]. This patch is proposed to fix this error. Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Min Xu --- SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c index d19923b0c682..59341a8c0250 100644 --- a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c +++ b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c @@ -1873,12 +1873,8 @@ ReadAndMeasureBootVariable ( OUT VOID **VarData ) { - // - // Boot variables are measured into (PCR[5]) RTMR[1], - // details in section 8.1 of TDVF design guide. - // return ReadAndMeasureVariable ( - MapPcrToMrIndex (5), + MapPcrToMrIndex (1), EV_EFI_VARIABLE_BOOT, VarName, VendorGuid, -- 2.29.2.windows.2