From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web11.33078.1599445215936253691
 for <devel@edk2.groups.io>;
 Sun, 06 Sep 2020 19:20:16 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=KcpVp8rX;
 spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com)
IronPort-SDR: U92mPFvnkg9ZPc2PanjSOQE2usg015n5nnV5DoMQ8FspAr6mgsj+aeMGLn0FcfH3nO1DVkhn/j
 UEa8Id9pRg6Q==
X-IronPort-AV: E=McAfee;i="6000,8403,9736"; a="175999653"
X-IronPort-AV: E=Sophos;i="5.76,400,1592895600"; 
   d="scan'208";a="175999653"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Sep 2020 19:20:15 -0700
IronPort-SDR: ibClglQudQ2lXQHHHe8f/GYXtIhhX4lZlg/quHk0xLn2Jss3hqqwDGHh+CZrEmE3noWkN4ppRl
 /LgKdZUuaM3w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.76,400,1592895600"; 
   d="scan'208";a="377071639"
Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16])
  by orsmga001.jf.intel.com with ESMTP; 06 Sep 2020 19:20:14 -0700
Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by
 ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Sun, 6 Sep 2020 19:20:14 -0700
Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by
 ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1713.5; Sun, 6 Sep 2020 19:20:14 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5
 via Frontend Transport; Sun, 6 Sep 2020 19:20:14 -0700
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (104.47.45.54) by
 edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.1713.5; Sun, 6 Sep 2020 19:20:12 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=KlpuT0p/CSDKQ8naZf3ge2AqzOFQybgBcZUMY9mdKQZiKiCvYaIl/sXAsu2VZCEzBR1xJyQdoKNziMenLFS52NLDioo7YKfdVynjSK2Zgjcg1ll/k8D1vvhMs7V3TVLcLjpLASOlQzP4q03EVe6tdARiRPWoaAf3c4XCNBIOl9WDooSK3ky7rW8g4ci5xLOHg8ohF3BczLgzHRgvjnl37nMCWuFHoqP0/8x7gSjmhOuS2hZQChrF+GetosnXPdRD5//DrKc8vF0JCeXBnxDJ0kBtUxwZx+wylyfqk71LjU0v3HvKbEb0prjX9Nlm5U02sy7XjHbSkrgz7zHUV6WccA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=nQrb/IMo2ys24Bm7Qh5YU+qgDjZWnagf6W1DUI2b0g0=;
 b=Idx4VfG1nnCURBGG3VqiRmW7KsVonkkuUc7ZpmY622kTSFWU84LU86QeSwaXHDvKErrBZFqAWQDun2QVg3fCW1FCMcArqC/lK4M6ZW+Ww9l23cN+BbLvRq0FXlAm5DJReUGeE/MPmfk6jVUb5ChkNXFAlDLpAUCDwZ8adgxj8d4lvuf9B2LnsMm15zKXpA2/+ckzezo2smqPVdQqwaGBbzELextbkvQz5Rt0EdpiLPlQgasWrFWjL/AJ8BuEORsv+Loggieq4a2XHkLyc/Ux6er+0v7CiXN+xtai2EnskvfIRh7NxtQGkgrO5yxyCq6QhDuX0+4O7bT8lI1Qq9K/9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=nQrb/IMo2ys24Bm7Qh5YU+qgDjZWnagf6W1DUI2b0g0=;
 b=KcpVp8rXtNULPZ3wl/LgcQpbuUqYhvKgZgRsQtCN182r9sIxGcaR7IaCEwQThfL1AhMOlybtIyPAz4IaLxlY4JGE5kqfT4qmiznLz2LlILEEa/O7d9z+P5siOHyNYcg7D1p3uf2HL/Fd/6rrVhNUah+MBgkolhx/0MNWj5NMQEk=
Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8)
 by CY4PR11MB1911.namprd11.prod.outlook.com (2603:10b6:903:123::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Mon, 7 Sep
 2020 02:20:11 +0000
Received: from CY4PR11MB1288.namprd11.prod.outlook.com
 ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com
 ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3348.019; Mon, 7 Sep 2020
 02:20:11 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Yao, Jiewen"
	<jiewen.yao@intel.com>, "Gao, Zhichao" <zhichao.gao@intel.com>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, "Xu, Min M" <min.m.xu@intel.com>,
	"Zhang, Qi1" <qi1.zhang@intel.com>
Subject: Re: [edk2-devel] [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO
Thread-Topic: [edk2-devel] [PATCH] SecurityPkg/DxeImageVerificationLib:
 Disable SHA1 base on MACRO
Thread-Index: AQHWf1V5WJ1VXDyUuEiHFNn+kDyDxalcerMwgAAAszA=
Date: Mon, 7 Sep 2020 02:20:11 +0000
Message-ID: <CY4PR11MB12885FA46764A7C5742E995F8C280@CY4PR11MB1288.namprd11.prod.outlook.com>
References: <20200831051317.11532-1-zhichao.gao@intel.com>
 <16325EB1DAFF59F3.20857@groups.io>
In-Reply-To: <16325EB1DAFF59F3.20857@groups.io>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com;
x-originating-ip: [192.198.147.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 34fdf11c-516f-4fc0-1c3d-08d852d48ca9
x-ms-traffictypediagnostic: CY4PR11MB1911:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <CY4PR11MB1911ADD032BE189F26F82EF98C280@CY4PR11MB1911.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kfXrpZEuJ8D6oRRFDZclOMDgkmgDarIQ+/ZLzQk0y5dQGjY2InuX0WvSLGWCl3mnIXgtzhMmYlBnwrtX8nV6T6NrFeVb0vwdlGKsDjOlDnYtTUDUvrb8bS4W2qJfOkspbWXqcQ0uWvLn3HOQirtjrVpmhvebrcfEYZ+iPCSZW/zty7SI/NQiucQBpV+/kkWGtn31Pg0jgykrgAgtuHchSLyFG7NfqBLsGJsOXOoZY/5BNOpL281JHILPi27pr9R4igvC0GhlErPYWFVrcPgsRxZYhZP/XwIq5Tja6Hkxo+G6yZicbS0hLyJvJCX8+Z7q3Rw8dDPeMHcJQQPRZ62Oa98roNOXZp/N8ZNFgPltNxujJ43/98r3r5VOUiv+PClY7eyiB2GMEWIlFg1K+57vkg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(39860400002)(346002)(136003)(376002)(66556008)(6636002)(55016002)(478600001)(52536014)(33656002)(4326008)(316002)(8676002)(5660300002)(54906003)(8936002)(110136005)(2906002)(71200400001)(53546011)(26005)(6506007)(966005)(66476007)(66946007)(64756008)(66446008)(76116006)(15650500001)(107886003)(83380400001)(86362001)(186003)(7696005)(9686003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: wFiQs7KRK5CWdaka/HGto71NmdyVyvO7PMIJyka9WnzYWFo6BdtghUgJ57Qf9/5HMxBb93TVqtaVeeBt0bmqTjp2zuflh10NX4i19H8iBdUYCr9Ai6Onr6MSU6oB5Srsgiarj3r5C9bwEL68vAeNJFC3An+VZIfegpee///zJwNIcONIAwMOLHj6DXBvkP9hMOoDRf3MvEtPOOyrNUw8O35ASmWnhai3SejyKHCyVb50D3mcKIyPyQBorYo1XdQo9H1mNo8P/4My+WTRSjgpWYboEmXIDWE/qCrqGI1MClTDBoWWIB3MlhzcY4mTDPeHcbmckobktoyV69dtzkwgWdrHcYD66dOu/w7vnbO7oVyy4eMsvMCFtm2cXZLiWzFnUyeKy0owOLbCuEMEOjJ4dnfPX8DsBYw5xjjkO6xsWZm4NUEEw8BLAY4d1/PCbu/77uoqPtKMvwltTGzw1ysZlnL2iJqExYqcOMmibysCfiKCrx1jH8K1b5VswCmrtj3/VHNdJFIN4dvWo9I4h22ZgslN1ytFNKKN16yQk+8ydHCn0TjDW3+J+LBN6/5kP8oQBuFeldcJYJdrQ2ZujF+pW827U8umdnrgmkXkPNkUVsUakS0UWPt6U52YVOWxjY7EMfsquB7pAl53eQf5ZAS4Kg==
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 34fdf11c-516f-4fc0-1c3d-08d852d48ca9
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Sep 2020 02:20:11.7923
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ekrwLCP/ZR7tU5JJbQZud+oFJFzQFg0Of7vScyKpb378uXXHS5RKFgdcsHzRLhyaOXo/2cKF3lF6aNJg1/CuwQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1911
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Zhichao
Thanks for the patch.
I gave Reviewed-by because the Bugzilla only mentioned DxeImageVerificatio=
nLib.

As a full solution to remove SHA1 from SecureBoot, I think we should also =
remove SHA1 from AuthVariableLib.

Any plan on that?

Thank you
Yao Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiew=
en
> Sent: Monday, September 7, 2020 10:16 AM
> To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Xu, Min M <min.m.xu@intel.com>=
;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: Re: [edk2-devel] [PATCH] SecurityPkg/DxeImageVerificationLib: D=
isable
> SHA1 base on MACRO
>=20
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>=20
> > -----Original Message-----
> > From: Gao, Zhichao <zhichao.gao@intel.com>
> > Sent: Monday, August 31, 2020 1:13 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>;
> > Xu, Min M <min.m.xu@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>
> > Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 bas=
e on
> > MACRO
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2943
> >
> > Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES.
> > SHA1 is deprecated function and the MACRO is used to remove the whole
> > implementation of the SHA1. For the platforms that do not need SHA1
> > for security, the MACRO should works for DxeImageVerificationLib as
> > well.
> >
> > Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Min Xu <min.m.xu@intel.com>
> > Cc: Qi Zhang <qi1.zhang@intel.com>
> > ---
> >  .../DxeImageVerificationLib/DxeImageVerificationLib.c       | 6 +++++=
+
> >  1 file changed, 6 insertions(+)
> >
> > diff --git
> > a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.=
c
> > b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.=
c
> > index b08fe24e85..7871220140 100644
> > --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerification=
Lib.c
> > +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerification=
Lib.c
> > @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] =3D {
> >    };
> >
> >  HASH_TABLE mHash[] =3D {
> > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
> >    { L"SHA1",   20, &mHashOidValue[0],  5, Sha1GetContextSize,   Sha1I=
nit,
> > Sha1Update,   Sha1Final  },
> > +#else
> > +  { L"SHA1",   20, &mHashOidValue[0],  5, NULL,                 NULL,=
       NULL,
> > NULL       },
> > +#endif
> >    { L"SHA224", 28, &mHashOidValue[5],  9, NULL,                 NULL,=
       NULL,
> > NULL       },
> >    { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha25=
6Init,
> > Sha256Update, Sha256Final},
> >    { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha38=
4Init,
> > Sha384Update, Sha384Final},
> > @@ -315,10 +319,12 @@ HashPeImage (
> >    ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
> >
> >    switch (HashAlg) {
> > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
> >    case HASHALG_SHA1:
> >      mImageDigestSize =3D SHA1_DIGEST_SIZE;
> >      mCertType        =3D gEfiCertSha1Guid;
> >      break;
> > +#endif
> >
> >    case HASHALG_SHA256:
> >      mImageDigestSize =3D SHA256_DIGEST_SIZE;
> > --
> > 2.21.0.windows.1
>=20
>=20
>=20