From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 08BE9D811AC for ; Tue, 16 Jan 2024 12:01:02 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=pfWqb5r1c++Kmz5bhJRpndMDQVaSMXuabn4I7iDhVuw=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20140610; t=1705406461; v=1; b=Y13FM85fiXjR/xo7a9OHoMf0p/X57mSRjnGN2wE88yBK1Q0yONT5hAjEV9jWvDe5Xxn/PvGf y3ajBm8nfel3DnKOPBtasHFw2V6pdpFd0CZIy9qev5vmZ06/QXEeZ6o+bSmVegL7oXrWWmwxijF zrj84mHbeWTNTiTrUk0U4RuA= X-Received: by 127.0.0.2 with SMTP id peZyYY7687511xQLivHEh7OY; Tue, 16 Jan 2024 04:01:01 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.11779.1705406460933084282 for ; Tue, 16 Jan 2024 04:01:01 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-94-2kbASYLLOKOZSZevfYxWKw-1; Tue, 16 Jan 2024 07:00:56 -0500 X-MC-Unique: 2kbASYLLOKOZSZevfYxWKw-1 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7CFA0811E86; Tue, 16 Jan 2024 12:00:56 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.193.155]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 738972026F96; Tue, 16 Jan 2024 12:00:55 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 73B5F1800987; Tue, 16 Jan 2024 13:00:54 +0100 (CET) Date: Tue, 16 Jan 2024 13:00:54 +0100 From: "Gerd Hoffmann" To: devel@edk2.groups.io, dougflick@microsoft.com Cc: "Douglas Flick [MSFT]" , Jiewen Yao Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Message-ID: <2t6cs4djbxujhdglj5ok4y4we6jhnemgztttetunda3hv4zef5@cn4jew2nlhud> References: MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: gKfl2SSqv4oLA8246SgGrWGvx7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Y13FM85f; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) On Thu, Jan 11, 2024 at 10:16:00AM -0800, Doug Flick via groups.io wrote: > This patch series include the combined / merged security patches > (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118 > (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib. > These patches have already been reviewed by SecurityPkg Maintainer > (Jiewen) on GHSA. This patch series breaks ovmf build (duplicate symbols) in case both TPM2 and TPM1 support are enabled (-D TPM2_ENABLE=TRUE -DTPM1_ENABLE=TRUE). Compiling with TPM2 only (-D TPM2_ENABLE=TRUE -DTPM1_ENABLE=FALSE) works fine. I see two options to deal with the problem: (1) Rename the Sanitize* functions in the TPM2 version of the library to carry a '2' somewhere in the function name, simliar to all other TPM2 functions, to avoid the name clash. (2) Remove TPM1 support from the edk2 code base. The relevance of TPM 1.2 support should be close to zero given that the TPM 2.0 specification was released almost a decade ago ... take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113889): https://edk2.groups.io/g/devel/message/113889 Mute This Topic: https://groups.io/mt/103675434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-