From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web08.9122.1635407983526413171 for ; Thu, 28 Oct 2021 00:59:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=yhFwi3QR; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jian.j.wang@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10150"; a="217257889" X-IronPort-AV: E=Sophos;i="5.87,189,1631602800"; d="scan'208";a="217257889" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2021 00:59:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,189,1631602800"; d="scan'208";a="498273908" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga008.jf.intel.com with ESMTP; 28 Oct 2021 00:59:41 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Thu, 28 Oct 2021 00:59:41 -0700 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Thu, 28 Oct 2021 00:59:40 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Thu, 28 Oct 2021 00:59:40 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.170) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Thu, 28 Oct 2021 00:59:40 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F3k12v/lyz904AGpYxsHApyTycTNiHLzSW9FKeBXDYlLU3HZYxHpQGb/KbESBHJV39lcT35/TrqkOpXIwE0B8XFwtR6z9m3vcZP5tceAtGOqKLG3pqOTGMTXujoMHZhJCzY5G133gIRCkibIuzscqghMEJh/s1H5gK2ftBbD3TS/99E1iJ2ZYKAgJYaxTvvdU68EbNTfl9eXKO6X3x5TwuHpWePa9Lz/CGGQUeI+UEEpds7R1yJiDo6oNlRjjjq4Es9h4p8yIieRrDISSUGWMkTxn9Nt+xfl8gN8gVwrKau+mR95gjbFeGMS5zkPeZAtg5Skvwt+6G0ljGgwTqMk0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yLiF3I1kcqK3n6kYoET5gxvqRMpKdtMHlVYM2s4eoxg=; b=C1/MNgRlnkW8nH27r0a72KzSv85UBszwdiyqpbcr7rSVeF1FTS41/WOD1a29qV1fmTrZCwl5tHxK8Y/mkGQGKsXeKjLxm6PiNATzcgG0EDfwx5C1MeNPjHUe87pbNiQQIgV5J8VV3nXxPJYFhF8myYIhgEZWT8p+89wkgkXTfwj/UyZpxC4B/eLz47H9eI25E7u/cImvOgN6tPqZndReL1IenbSZC65+a+LxylRGj7HTanl9wrkvA1sdxFLfjGfgkA2cuzORhN0wcXcWUK4vjZvzIYfLQFNdlG2maxRNiofp7tHNbp3ceGq7CpRWTnxT9vtAAv7w6j4X9yR3HU0qRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yLiF3I1kcqK3n6kYoET5gxvqRMpKdtMHlVYM2s4eoxg=; b=yhFwi3QRpDE8O/MCYjZxqBrCYmHnNo1Dwx+JmOKRs80yuajD2HangLmcXZ4CEBqiDMETezr07qHxfKW4ICkeLfqORQPeiPxeYvHLKj/ZGiv2TbMX7kbt31cNnYJTlYuWJYXyRvSrBsxRSi2UdOpNkYZW46PzOlZqdg58wHoMzdQ= Received: from CO1PR11MB4945.namprd11.prod.outlook.com (2603:10b6:303:9c::8) by MWHPR1101MB2111.namprd11.prod.outlook.com (2603:10b6:301:4d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.14; Thu, 28 Oct 2021 07:59:39 +0000 Received: from CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::496e:9075:27c3:25f5]) by CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::496e:9075:27c3:25f5%2]) with mapi id 15.20.4649.015; Thu, 28 Oct 2021 07:59:39 +0000 From: "Wang, Jian J" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Yao, Jiewen" Subject: Re: [PATCH v2 1/1] SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V Thread-Topic: [PATCH v2 1/1] SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V Thread-Index: AQHXwX15xdvuGcr7hkSsMPiyXgxodKvoIHLw Date: Thu, 28 Oct 2021 07:59:39 +0000 Message-ID: References: <20211015043101.912-1-guomin.jiang@intel.com> In-Reply-To: <20211015043101.912-1-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.200.16 dlp-product: dlpe-windows authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0eb99ec5-25c3-45af-bb0b-08d999e8e49c x-ms-traffictypediagnostic: MWHPR1101MB2111: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pp9S7RQciUtMdkvYw4aq6v92LPrb9aN2fZjAvKS7Iyl/in4KFo1ieig0Q3FBYzV+zFJbQBwKkEyso+rwKPFYPZYWXUqCQkbBSJTskIjC+c3MNLF5fVnLIrnAF/3zumyKo8IIQwbEdZ379iNoVCcsAVkoOjQu3S4XfGfvhW3DJrc80QNyZGlg3Z2XkuYGrBG/9VqbC865hGeIzROzef1edTEo6APCDF5AzCE0CRQqtPWapk1/SjNQb3B78uuDxQWAIad41Gb1dNV5SPct3sPAuWVm+FisaCXLNqVUa847OuvJgQSF/DmuNXxj0ThTlHqAq2MYazL/9kFHXh5llpxyPWGsvNLJg2OQAvbyJ4VgDz+TO15/4et3clndy4cAMVNu2WQtfupY7lRpRcqdP1wqrurFOUhgEAgdw/WdEeZ5rkOEKGA2tV7dg9PAxAAqjkJR/dngZYBNom3SiNRQR3kQDMls1FYGXTpaAQdo33vKurwYG+StPQ0jFVkJGA+3egbvt6e8RsetpwkojCOejV2vwa0IEU/hK64J6elW74mTQFUpAu7JacgxSocI3gdcBmLmACcV3Kmd33CpWiRuAWiIYOkS4w1yMT68DVEKwn+7PHHd9tFmBrfG3Ykzyw7p/0k9YyDJq5VfwarIVreACaKLT1J2V0cNdq2mB7HxGfjraaAh0C5ZETQcUSX9BDkFnbwkWwM1dNX/16lR1zl65nU/F2/Ctd0fVIG+MrcBl4lH2ryex/bn06QCDnMI6wV90PveR5vnUHDKvIC10wCqBwFEG6QbmIp6R0AbVi/JGMwyKfs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4945.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(64756008)(76116006)(4326008)(8936002)(15650500001)(83380400001)(9686003)(53546011)(71200400001)(508600001)(55016002)(38100700002)(66476007)(8676002)(966005)(66446008)(38070700005)(66556008)(66946007)(122000001)(6506007)(52536014)(110136005)(316002)(7696005)(186003)(86362001)(2906002)(82960400001)(5660300002)(33656002)(107886003)(26005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?r1SO1nlUzMJ58ug3hmomZ46Er23FKOdJKCXHWsgfeHOhLsv8W0/IU1iJMuaL?= =?us-ascii?Q?6ky3Dgnbu7IwTLA32VlbS3r4fBhW+t2gq3fFHQxYJHwaDOS95sYPwjeZV/Lc?= =?us-ascii?Q?L9E49cMn5PkCTETppwVlpkc6ieSCPrLQ+mCfpC717a8Sj+aTMUsOwl16kH7p?= =?us-ascii?Q?uEt5dplKbioaFKBW6gJZheZhPQ/Ex+7Q9kjJPhYUJF1Rpi+JB+yWC0cHyhdD?= =?us-ascii?Q?6oUXEzNMj1n0zmASCA/aLuvuOt+dVgoUPmd6tVAI+9RQfCWKnKwiPqQ5Glg0?= =?us-ascii?Q?SUSxqgDGJ8Dk6hZ0ZKLnA7WRU6RDFfjig75I6uoDMuOn7VdO2yRFqJLmv9qW?= =?us-ascii?Q?6vbmXuGJcdhZ3/QTbYUeAgIgsUsgiyqg6LX8NYorn0yfpAcNMQB4DrGT4QIB?= =?us-ascii?Q?2b9e5I0VqNPranuH9VdjnQ6HacZ5MAIqzcloX/zXwzgSlLy/OiCy/6v/+D0c?= =?us-ascii?Q?SXbNS/vvoHcx1puaXTzIcqaIZjaDk0E4Z9pbA5AFJml0TVyCl4UMHaaJwBKR?= =?us-ascii?Q?p/Lh51I9lRgB+tXgTh2uqQqUzhM/V35pqdySBpElXStkCLeuKo+R6KgYN84x?= =?us-ascii?Q?POHlLwlzqfl5cXrW9r/Cl3bxzA2zDj89lCKxlJnMtG8aa+LSvH2avOdk1uDQ?= =?us-ascii?Q?0CN5nG1cMp/kl3ctUToaEKfXoxs3vTL7iM1lMtnYhIqoSfqBQkzRSOKuPlgB?= =?us-ascii?Q?d5W4YiuAJVkdVWfUC5G9WyrlP2THTX2jml9rlRFxCfPfAbMlJgw7sGVu8Dpf?= =?us-ascii?Q?wViZBxj6/TX0MuyK4R9DZKT/Vi2Z36m9cosDDBIc1T2Imf+19jc83EZ60OLw?= =?us-ascii?Q?o3RIMf4se8Zc4tsL1BGd+ECZF4ksfAyJsHCDqaugix+2rHcOzbYlovx6incf?= =?us-ascii?Q?LsewXPQNHqXoBMKvH2g6mD+c3Hm2a8Cu/+YvF+jZVj7sF/Aao+6Mi2+YLcSU?= =?us-ascii?Q?UNG7KF28to+H0i+yGL1A7vVCimdDA9I3NVvPhEVj7wY7lu9WVXQP16+sWl7N?= =?us-ascii?Q?8W++0zL+5+0vAboX2pviLDa3NJ0LePiyZM6fCZyAQOGkTUu6SUNYlgKAzZip?= =?us-ascii?Q?52dwhlriFPgTsOhCNBWE54VwYaCr2OaXi9czn9NPcTm6FGRr09hwI8LM9UnK?= =?us-ascii?Q?NxdKcIKDHxV+FzM/mtu2BNuEhCTTvJo5eVo9gt1z1xwNgajeNCfM4bUI59Wm?= =?us-ascii?Q?dRUMqeTZadxjtheMCOnQmWzC823x2kMWjElA+ix5zspb5t0eAN+8sxoRuQam?= =?us-ascii?Q?XEkVzruvx1/sReKAT6j/oaEvDwO6v07VGl+y44yOfKqS993k9q45UwmyX+iL?= =?us-ascii?Q?oCyvMHXg7/Q7xGRBmLC9I+9ScM2GOSYF+EGXEZ7jzpgQCV99oYTcNHgnHJSQ?= =?us-ascii?Q?y0I8A5UcOhg/+6pfgX/23Z2b4duSnW2iv7YTaY1xcjqKUgCggMWEQoEd5aho?= =?us-ascii?Q?J+uh3j18aWZXqf1GWREBKZNQjkz0SuNlJLLFHuXSjuwpB5tv1MRRrzMOYxTN?= =?us-ascii?Q?5UWHfPjar2/niDYV/4O288yNFtW0IWMKM5xqtri3CAA9nbKUzPnduehLmvJM?= =?us-ascii?Q?jRh4C3Q/KkLIELRxSOEOhLmRO4mSYkLd5/bIRinVOpxQKkWTe9WAh4XQNNnn?= =?us-ascii?Q?oaw6GJaIpWZD4xZNFUtmJMo=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4945.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0eb99ec5-25c3-45af-bb0b-08d999e8e49c X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2021 07:59:39.5529 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: xv87qJ/fCx7a9sg/IHGFE+BpcY28icl7M6h/5Gw2EA9c+R1zfpwIR1g+Yho4zHxAufgjmPUzIgdLpBjENVqUHg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR1101MB2111 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Jiang, Guomin > Sent: Friday, October 15, 2021 12:31 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J > Subject: [PATCH v2 1/1] SecurityPkg/FvReportPei: Remove the ASSERT to all= ow > neither M nor V >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2673 >=20 > M mean that Measured Boot, V mean that Verified Boot. >=20 > The FvReport do below: > 1. Do nothing if neither M nor V > 2. Allocate pages to save the firmware volume and use it to install > firmware info Ppi > 3. Install PreHashFv Ppi if the FV need measurement. > 4. Verify the Hash if the FV need verification >=20 > Notes: > 1. The component is used to verify the FV or measure the FV > 2. Copy action is just for security purpose but not main purpose. > 3. If you use this component, Doesn't need to copy in other compoent > which result time consumption. >=20 > Signed-off-by: Guomin Jiang > Cc: Jiewen Yao > Cc: Jian J Wang > --- > SecurityPkg/FvReportPei/FvReportPei.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) >=20 > diff --git a/SecurityPkg/FvReportPei/FvReportPei.c > b/SecurityPkg/FvReportPei/FvReportPei.c > index 9f3ebd8ed174..6dce3298e3a2 100644 > --- a/SecurityPkg/FvReportPei/FvReportPei.c > +++ b/SecurityPkg/FvReportPei/FvReportPei.c > @@ -150,10 +150,12 @@ VerifyHashedFv ( > FvHashValue =3D HashValue; > for (FvIndex =3D 0; FvIndex < FvNumber; ++FvIndex) { > // > - // FV must be meant for verified boot and/or measured boot. > + // Not meant for verified boot and/or measured boot? > // > - ASSERT ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) !=3D 0= || > - (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) !=3D 0= ); > + if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) =3D=3D 0 &= & > + (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) =3D=3D 0= ) { > + continue; > + } >=20 > // > // Skip any FV not meant for current boot mode. > -- > 2.30.0.windows.2