From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web10.153809.1673825274206247621
 for <devel@edk2.groups.io>;
 Sun, 15 Jan 2023 15:27:57 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=FgwkjolY;
 spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673825277; x=1705361277;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=eB00qeCMjGP2tATfvvkolEBowxrtZ7y76J1dbVbYoVs=;
  b=FgwkjolYi+4bSTTpLb/Dr2hrfM6K/kHRru+ntCRTrONPaUbyNirpEhtT
   gRKEnh1B898ih7vffizF4nfmRGIvh29KLZE4qoDYKgd2g/GHo8vs3TFAY
   fabDk8lVbakiNdecdWxpzwWpfk8i+/y9yHfVnOG3ZTm4EjPOOePjkDgOr
   Gn1CGxoqBFR3RwKb+uNqoyqJQLOQl0xlHWkacpO1HewqrilYlLGwhoXDD
   zWDWY4jhXxEiFIYZxGJVtZ0YQzFaNkzr3VEexkLNq4y+oWbVMik5Mx7gj
   uBC3xYmNTozU8OhGISoA2kEC6O25ityqjb/0gGxxSCh3Xyd2u7NFHd7zL
   g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="304050378"
X-IronPort-AV: E=Sophos;i="5.97,219,1669104000"; 
   d="scan'208";a="304050378"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2023 15:27:57 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="652092346"
X-IronPort-AV: E=Sophos;i="5.97,219,1669104000"; 
   d="scan'208";a="652092346"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.76])
  by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2023 15:27:56 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [PATCH V1 2/3] SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1]
Date: Mon, 16 Jan 2023 07:27:38 +0800
Message-Id: <20230115232739.415-3-min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
In-Reply-To: <20230115232739.415-1-min.m.xu@intel.com>
References: <20230115232739.415-1-min.m.xu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Min M Xu <min.m.xu@intel.com>

According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable
should be measured and extended to PCR[1], not PCR[5]. This patch is
proposed to fix this error.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
index d19923b0c682..59341a8c0250 100644
--- a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
+++ b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
@@ -1873,12 +1873,8 @@ ReadAndMeasureBootVariable (
   OUT     VOID      **VarData
   )
 {
-  //
-  // Boot variables are measured into (PCR[5]) RTMR[1],
-  // details in section 8.1 of TDVF design guide.
-  //
   return ReadAndMeasureVariable (
-           MapPcrToMrIndex (5),
+           MapPcrToMrIndex (1),
            EV_EFI_VARIABLE_BOOT,
            VarName,
            VendorGuid,
-- 
2.29.2.windows.2