From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by mx.groups.io with SMTP id smtpd.web10.3021.1673999618456654555
 for <devel@edk2.groups.io>;
 Tue, 17 Jan 2023 15:53:38 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=bUjudv1m;
 spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673999618; x=1705535618;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=om686IltBbDoqjNz/Oe8MdQbzTIKbY7kpeuON9MStoI=;
  b=bUjudv1mBOa00esFgWA2Sx5iW6IhCAw4X0+jEkQyzDTn0QdEJtCkVKRS
   sjdwruZuE52S7ZZhXClO4+QI96lz1y8c27nJJp/1IEzLVzHVWZIqqwBdn
   bTb1OdMi9dXk3H8F/aH3VGAYNHtUpS8/0AEoiKw7ER2eSYnSFzGNmr1WL
   1+cLhDZCe7NaOske2xi/8xmYB0/x0n+L5CCch32yF0dgv7GtqAmNcDI3C
   XobOomjHAEBldJdoCXKK0zGOfFcYdzz/6wddkkjXLhqNmROlNY1oZ14Ru
   NFoPhYcHEGJW3aqBppACsWLup7noDylpVqeFYYMWmHQEq6QP5HC14pTfx
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="324905471"
X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; 
   d="scan'208";a="324905471"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 15:53:38 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="661497382"
X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; 
   d="scan'208";a="661497382"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.169.184])
  by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 15:53:36 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [PATCH V2 1/1] SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1]
Date: Wed, 18 Jan 2023 07:53:26 +0800
Message-Id: <20230117235326.600-1-min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Min M Xu <min.m.xu@intel.com>

According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable
should be measured and extended to PCR[1], not PCR[5]. This patch is
proposed to fix this error.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
index d19923b0c682..59341a8c0250 100644
--- a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
+++ b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
@@ -1873,12 +1873,8 @@ ReadAndMeasureBootVariable (
   OUT     VOID      **VarData
   )
 {
-  //
-  // Boot variables are measured into (PCR[5]) RTMR[1],
-  // details in section 8.1 of TDVF design guide.
-  //
   return ReadAndMeasureVariable (
-           MapPcrToMrIndex (5),
+           MapPcrToMrIndex (1),
            EV_EFI_VARIABLE_BOOT,
            VarName,
            VendorGuid,
-- 
2.29.2.windows.2