From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web10.3021.1673999618456654555 for ; Tue, 17 Jan 2023 15:53:38 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=bUjudv1m; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673999618; x=1705535618; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=om686IltBbDoqjNz/Oe8MdQbzTIKbY7kpeuON9MStoI=; b=bUjudv1mBOa00esFgWA2Sx5iW6IhCAw4X0+jEkQyzDTn0QdEJtCkVKRS sjdwruZuE52S7ZZhXClO4+QI96lz1y8c27nJJp/1IEzLVzHVWZIqqwBdn bTb1OdMi9dXk3H8F/aH3VGAYNHtUpS8/0AEoiKw7ER2eSYnSFzGNmr1WL 1+cLhDZCe7NaOske2xi/8xmYB0/x0n+L5CCch32yF0dgv7GtqAmNcDI3C XobOomjHAEBldJdoCXKK0zGOfFcYdzz/6wddkkjXLhqNmROlNY1oZ14Ru NFoPhYcHEGJW3aqBppACsWLup7noDylpVqeFYYMWmHQEq6QP5HC14pTfx w==; X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="324905471" X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; d="scan'208";a="324905471" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 15:53:38 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="661497382" X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; d="scan'208";a="661497382" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.169.184]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 15:53:36 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Jiewen Yao , Jian J Wang Subject: [PATCH V2 1/1] SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1] Date: Wed, 18 Jan 2023 07:53:26 +0800 Message-Id: <20230117235326.600-1-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable should be measured and extended to PCR[1], not PCR[5]. This patch is proposed to fix this error. Cc: Jiewen Yao Cc: Jian J Wang Reviewed-by: Jiewen Yao Signed-off-by: Min Xu --- SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c index d19923b0c682..59341a8c0250 100644 --- a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c +++ b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c @@ -1873,12 +1873,8 @@ ReadAndMeasureBootVariable ( OUT VOID **VarData ) { - // - // Boot variables are measured into (PCR[5]) RTMR[1], - // details in section 8.1 of TDVF design guide. - // return ReadAndMeasureVariable ( - MapPcrToMrIndex (5), + MapPcrToMrIndex (1), EV_EFI_VARIABLE_BOOT, VarName, VendorGuid, -- 2.29.2.windows.2