It looks like all errors are still related to ECC and PatchCheck, even though I'm just matching the rest of the file.

Please advise if we want to update the entire file.

On Thu, Oct 14, 2021 at 3:48 AM Yao, Jiewen <jiewen.yao@intel.com> wrote:
Hi Bret
I saw PR failure - https://github.com/tianocore/edk2/pull/2066

Thank you

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret
> Barkelew
> Sent: Thursday, October 14, 2021 1:33 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: Add
> Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
>
> Used to provision and maintain certain HW-defined NV spaces.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2994
>
> Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> ---
>  SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122
> ++++++++++++++++++++
>  SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
>  2 files changed, 144 insertions(+)
>
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> index 87572de20164..275cb1683f51 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> @@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)
>
>  #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)
>
>
>
> +#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)
>
> +
>
>  #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)
>
>  #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)
>
>  #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)
>
> @@ -74,6 +76,20 @@ typedef struct {
>    TPMS_AUTH_RESPONSE         AuthSession;
>
>  } TPM2_NV_UNDEFINESPACE_RESPONSE;
>
>
>
> +typedef struct {
>
> +  TPM2_COMMAND_HEADER       Header;
>
> +  TPMI_RH_NV_INDEX          NvIndex;
>
> +  TPMI_RH_PLATFORM          Platform;
>
> +  UINT32                    AuthSessionSize;
>
> +  TPMS_AUTH_COMMAND         AuthSession;
>
> +} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;
>
> +
>
> +typedef struct {
>
> +  TPM2_RESPONSE_HEADER       Header;
>
> +  UINT32                     AuthSessionSize;
>
> +  TPMS_AUTH_RESPONSE         AuthSession;
>
> +} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;
>
> +
>
>  typedef struct {
>
>    TPM2_COMMAND_HEADER       Header;
>
>    TPMI_RH_NV_AUTH           AuthHandle;
>
> @@ -506,6 +522,112 @@ Done:
>    return Status;
>
>  }
>
>
>
> +/**
>
> +  This command allows removal of a platform-created NV Index that has
> TPMA_NV_POLICY_DELETE SET.
>
> +
>
> +  @param[in]  NvIndex             The NV Index.
>
> +  @param[in]  IndexAuthSession    Auth session context for the Index
> auth/policy
>
> +  @param[in]  PlatAuthSession     Auth session context for the Platform
> auth/policy
>
> +
>
> +  @retval EFI_SUCCESS             Operation completed successfully.
>
> +  @retval EFI_NOT_FOUND           The command was returned successfully, but
> NvIndex is not found.
>
> +  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion
> through this call.
>
> +  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current
> policy session.
>
> +  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.
>
> +  @retval EFI_DEVICE_ERROR        The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2NvUndefineSpaceSpecial (
>
> +  IN      TPMI_RH_NV_INDEX          NvIndex,
>
> +  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,
>
> +  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL
>
> +  )
>
> +{
>
> +  EFI_STATUS                              Status;
>
> +  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;
>
> +  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;
>
> +  UINT32                                  SendBufferSize;
>
> +  UINT32                                  RecvBufferSize;
>
> +  UINT8                                   *Buffer;
>
> +  UINT32                                  IndexAuthSize, PlatAuthSize;
>
> +  TPM_RC                                  ResponseCode;
>
> +
>
> +  //
>
> +  // Construct command
>
> +  //
>
> +  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
>
> +  SendBuffer.Header.commandCode =
> SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);
>
> +
>
> +  SendBuffer.NvIndex = SwapBytes32 (NvIndex);
>
> +  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);
>
> +
>
> +  //
>
> +  // Marshall the Auth Sessions for the two handles.
>
> +  Buffer = (UINT8 *)&SendBuffer.AuthSession;
>
> +  // IndexAuthSession
>
> +  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);
>
> +  Buffer += IndexAuthSize;
>
> +  // PlatAuthSession
>
> +  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);
>
> +  Buffer += PlatAuthSize;
>
> +  // AuthSessionSize
>
> +  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);
>
> +
>
> +  // Update total command size.
>
> +  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
>
> +  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
>
> +
>
> +  //
>
> +  // send Tpm command
>
> +  //
>
> +  RecvBufferSize = sizeof (RecvBuffer);
>
> +  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
> &RecvBufferSize, (UINT8 *)&RecvBuffer);
>
> +  if (EFI_ERROR (Status)) {
>
> +    goto Done;
>
> +  }
>
> +
>
> +  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
>
> +    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize
> Error - %x\n", RecvBufferSize));
>
> +    Status = EFI_DEVICE_ERROR;
>
> +    goto Done;
>
> +  }
>
> +
>
> +  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
>
> +  if (ResponseCode != TPM_RC_SUCCESS) {
>
> +    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode -
>  %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
>
> +  }
>
> +  switch (ResponseCode) {
>
> +  case TPM_RC_SUCCESS:
>
> +    // return data
>
> +    break;
>
> +  case TPM_RC_ATTRIBUTES:
>
> +  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:
>
> +    Status = EFI_UNSUPPORTED;
>
> +    break;
>
> +  case TPM_RC_NV_AUTHORIZATION:
>
> +    Status = EFI_SECURITY_VIOLATION;
>
> +    break;
>
> +  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: //
> TPM_RC_NV_DEFINED:
>
> +    Status = EFI_NOT_FOUND;
>
> +    break;
>
> +  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:
>
> +    Status = EFI_INVALID_PARAMETER;
>
> +    break;
>
> +  default:
>
> +    Status = EFI_DEVICE_ERROR;
>
> +    break;
>
> +  }
>
> +
>
> +Done:
>
> +  //
>
> +  // Clear AuthSession Content
>
> +  //
>
> +  ZeroMem (&SendBuffer, sizeof(SendBuffer));
>
> +  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
>
> +  return Status;
>
> +}
>
> +
>
>  /**
>
>    This command reads a value from an area in NV memory previously defined by
> TPM2_NV_DefineSpace().
>
>
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ee8eb622951c..92967662ce96 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
>    IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL
>
>    );
>
>
>
> +/**
>
> +  This command allows removal of a platform-created NV Index that has
> TPMA_NV_POLICY_DELETE SET.
>
> +
>
> +  @param[in]  NvIndex             The NV Index.
>
> +  @param[in]  IndexAuthSession    Auth session context for the Index
> auth/policy
>
> +  @param[in]  PlatAuthSession     Auth session context for the Platform
> auth/policy
>
> +
>
> +  @retval EFI_SUCCESS             Operation completed successfully.
>
> +  @retval EFI_NOT_FOUND           The command was returned successfully, but
> NvIndex is not found.
>
> +  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion
> through this call.
>
> +  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current
> policy session.
>
> +  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.
>
> +  @retval EFI_DEVICE_ERROR        The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2NvUndefineSpaceSpecial (
>
> +  IN      TPMI_RH_NV_INDEX          NvIndex,
>
> +  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,
>
> +  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL
>
> +  );
>
> +
>
>  /**
>
>    This command reads a value from an area in NV memory previously defined by
> TPM2_NV_DefineSpace().
>
>
>
> --
> 2.31.1.windows.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#81922): https://edk2.groups.io/g/devel/message/81922
> Mute This Topic: https://groups.io/mt/86293842/1772286
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
> -=-=-=-=-=-=
>