From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Thu, 09 May 2019 04:17:07 -0700 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A2798C0586D8; Thu, 9 May 2019 11:17:06 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-234.rdu2.redhat.com [10.10.120.234]) by smtp.corp.redhat.com (Postfix) with ESMTP id ADFEA60F8A; Thu, 9 May 2019 11:17:05 +0000 (UTC) Subject: Re: [edk2-devel] [Patch v2 1/3] SecurityPkg/SecurityPkg.dec: Change default value. To: devel@edk2.groups.io, hao.a.wu@intel.com, "Dong, Eric" References: <20190508030150.3968-1-eric.dong@intel.com> <20190508030150.3968-2-eric.dong@intel.com> From: "Laszlo Ersek" Message-ID: <3a09c176-f6f0-0c8f-8e71-a507fc33c02b@redhat.com> Date: Thu, 9 May 2019 13:16:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Thu, 09 May 2019 11:17:06 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 05/09/19 05:03, Wu, Hao A wrote: >> -----Original Message----- >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Dong, >> Eric >> Sent: Wednesday, May 08, 2019 11:02 AM >> To: devel@edk2.groups.io >> Cc: Wu, Hao A >> Subject: [edk2-devel] [Patch v2 1/3] SecurityPkg/SecurityPkg.dec: Change >> default value. > > Just one minor comment, how about changing the title to: > SecurityPkg/SecurityPkg.dec: Change BlockSID default policy That's an improvement too, thanks. Laszlo > > Other than that, the patch is good to me: > Reviewed-by: Hao A Wu > > Best Regards, > Hao Wu > >> >> https://bugzilla.tianocore.org/show_bug.cgi?id=1782 >> >> Change BlockSID default policy, default enable BlockSid. >> >> Signed-off-by: Eric Dong >> Cc: Hao Wu >> --- >> SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 3 ++- >> SecurityPkg/SecurityPkg.dec | 2 +- >> 2 files changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h >> b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h >> index d9eee7f3e8..8da3deaf86 100644 >> --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h >> +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h >> @@ -51,7 +51,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent >> // Default value >> // >> #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT >> (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BL >> OCK_SID | \ >> - >> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BL >> OCK_SID) >> + >> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BL >> OCK_SID |\ >> + >> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) >> >> /** >> Check and execute the pending TPM request. >> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec >> index 6e4c4c3a02..3314f1854b 100644 >> --- a/SecurityPkg/SecurityPkg.dec >> +++ b/SecurityPkg/SecurityPkg.dec >> @@ -410,7 +410,7 @@ >> # PCD can be configured for different settings in different scenarios >> # Default setting is TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | >> TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT >> # @Prompt Initial setting of TCG2 Persistent Firmware Management Flags >> - >> gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x300E2|UINT3 >> 2|0x0001001B >> + >> gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT3 >> 2|0x0001001B >> >> ## Indicate current TPM2 Interrupt Number reported by _CRS control >> method.

>> # TPM2 Interrupt feature is disabled If the pcd is set to 0.
>> -- >> 2.21.0.windows.1 >> >> >> > > > >