* [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox @ 2021-03-17 2:56 Qi Zhang 2021-03-17 4:19 ` Yao, Jiewen 0 siblings, 1 reply; 6+ messages in thread From: Qi Zhang @ 2021-03-17 2:56 UTC (permalink / raw) To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Rahul Kumar wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> --- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index 2946f95db0..81a4d3fa6a 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -710,9 +710,11 @@ SetConfigInfo ( ) { switch (TpmAlgHash) { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case TPM_ALG_SHA1: Tcg2ConfigInfo->Sha1Supported = TRUE; break; +#endif case TPM_ALG_SHA256: Tcg2ConfigInfo->Sha256Supported = TRUE; break; -- 2.26.2.windows.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox 2021-03-17 2:56 [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox Qi Zhang @ 2021-03-17 4:19 ` Yao, Jiewen 2021-03-17 18:28 ` [edk2-devel] " Laszlo Ersek 0 siblings, 1 reply; 6+ messages in thread From: Yao, Jiewen @ 2021-03-17 4:19 UTC (permalink / raw) To: Zhang, Qi1; +Cc: devel@edk2.groups.io, Wang, Jian J, Kumar, Rahul1 Thank you Qi. i recommend we file a bugzilla on the scope of the problem After the scope is agreed, then you can send the patch. For example, I can ask why not remove the sha1supported field at all? I hope the community can reach consensus on the problem statement at first. thank you! Yao, Jiewen > 在 2021年3月17日,上午10:56,Zhang, Qi1 <qi1.zhang@intel.com> 写道: > > wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES. > > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > Signed-off-by: Qi Zhang <qi1.zhang@intel.com> > --- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > index 2946f95db0..81a4d3fa6a 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > @@ -710,9 +710,11 @@ SetConfigInfo ( > ) > { > switch (TpmAlgHash) { > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES > case TPM_ALG_SHA1: > Tcg2ConfigInfo->Sha1Supported = TRUE; > break; > +#endif > case TPM_ALG_SHA256: > Tcg2ConfigInfo->Sha256Supported = TRUE; > break; > -- > 2.26.2.windows.1 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox 2021-03-17 4:19 ` Yao, Jiewen @ 2021-03-17 18:28 ` Laszlo Ersek [not found] ` <MW4PR21MB1907F79198F1509C702A708CEF6A9@MW4PR21MB1907.namprd21.prod.outlook.com> 0 siblings, 1 reply; 6+ messages in thread From: Laszlo Ersek @ 2021-03-17 18:28 UTC (permalink / raw) To: devel, jiewen.yao, Zhang, Qi1; +Cc: Wang, Jian J, Kumar, Rahul1 On 03/17/21 05:19, Yao, Jiewen wrote: > Thank you Qi. > > i recommend we file a bugzilla on the scope of the problem I agree. We already have a number of BZs related to the disablement of SHA1 and MD5: https://bugzilla.tianocore.org/show_bug.cgi?id=1682 https://bugzilla.tianocore.org/show_bug.cgi?id=2943 https://bugzilla.tianocore.org/show_bug.cgi?id=3003 https://bugzilla.tianocore.org/show_bug.cgi?id=3021 https://bugzilla.tianocore.org/show_bug.cgi?id=3027 https://bugzilla.tianocore.org/show_bug.cgi?id=3079 We should certainly track the change for Tcg2Config too, in a new BZ. Thanks Laszlo > > After the scope is agreed, then you can send the patch. > > For example, I can ask why not remove the sha1supported field at all? > > I hope the community can reach consensus on the problem statement at first. > > > thank you! > Yao, Jiewen > > >> 在 2021年3月17日,上午10:56,Zhang, Qi1 <qi1.zhang@intel.com> 写道: >> >> wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES. >> >> Cc: Jiewen Yao <jiewen.yao@intel.com> >> Cc: Jian J Wang <jian.j.wang@intel.com> >> Cc: Qi Zhang <qi1.zhang@intel.com> >> Cc: Rahul Kumar <rahul1.kumar@intel.com> >> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> >> --- >> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> index 2946f95db0..81a4d3fa6a 100644 >> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> @@ -710,9 +710,11 @@ SetConfigInfo ( >> ) >> { >> switch (TpmAlgHash) { >> +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES >> case TPM_ALG_SHA1: >> Tcg2ConfigInfo->Sha1Supported = TRUE; >> break; >> +#endif >> case TPM_ALG_SHA256: >> Tcg2ConfigInfo->Sha256Supported = TRUE; >> break; >> -- >> 2.26.2.windows.1 >> > > > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <MW4PR21MB1907F79198F1509C702A708CEF6A9@MW4PR21MB1907.namprd21.prod.outlook.com>]
* Re: [EXTERNAL] Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox [not found] ` <MW4PR21MB1907F79198F1509C702A708CEF6A9@MW4PR21MB1907.namprd21.prod.outlook.com> @ 2021-03-18 4:46 ` Qi Zhang 2021-03-18 23:56 ` Yao, Jiewen 0 siblings, 1 reply; 6+ messages in thread From: Qi Zhang @ 2021-03-18 4:46 UTC (permalink / raw) To: Bret Barkelew, devel@edk2.groups.io, lersek@redhat.com, Yao, Jiewen Cc: Wang, Jian J, Kumar, Rahul1 [-- Attachment #1: Type: text/plain, Size: 5808 bytes --] Submit a new BZ https://bugzilla.tianocore.org/show_bug.cgi?id=3268 for this change. Patch set V2 has been sent out for review. Thanks! Qi Zhang From: Bret Barkelew <Bret.Barkelew@microsoft.com> Sent: Thursday, March 18, 2021 4:45 AM To: devel@edk2.groups.io; lersek@redhat.com; Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com> Cc: Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com> Subject: RE: [EXTERNAL] Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox +1 - Bret ________________________________ From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Laszlo Ersek via groups.io <lersek=redhat.com@groups.io<mailto:lersek=redhat.com@groups.io>> Sent: Wednesday, March 17, 2021 11:28:07 AM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Kumar, Rahul1 <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>> Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox On 03/17/21 05:19, Yao, Jiewen wrote: > Thank you Qi. > > i recommend we file a bugzilla on the scope of the problem I agree. We already have a number of BZs related to the disablement of SHA1 and MD5: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D1682&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Bxq4fGkZUA91NNncp%2F68zbcXSYBQcIfGbgcT4CYktKs%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2943&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eh9ef1WSF1DuepEkiXg1x%2BmmWs77eNrkSObOS5SVB94%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3003&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YJTXNb2GnPkkc9Y6GI%2BI9WYy8MdeujtSvpah5mWhrp0%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3021&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pcAqk46YRGn9jS0ra5sl7Gg7i8PvqZbdewsH6hMq5YM%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3027&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4sOMDQitxKwFfXmYFJ9ooF7hovK4vfMww0ppsHz5vjk%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3079&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8is%2FUsgRy71E%2F9ui%2BkMwoTmp4jiw0vKlsUwJ%2BxEqfO0%3D&reserved=0 We should certainly track the change for Tcg2Config too, in a new BZ. Thanks Laszlo > > After the scope is agreed, then you can send the patch. > > For example, I can ask why not remove the sha1supported field at all? > > I hope the community can reach consensus on the problem statement at first. > > > thank you! > Yao, Jiewen > > >> 在 2021年3月17日,上午10:56,Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> 写道: >> >> wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES. >> >> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> >> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> >> Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> >> Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>> >> Signed-off-by: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> >> --- >> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> index 2946f95db0..81a4d3fa6a 100644 >> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> @@ -710,9 +710,11 @@ SetConfigInfo ( >> ) >> { >> switch (TpmAlgHash) { >> +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES >> case TPM_ALG_SHA1: >> Tcg2ConfigInfo->Sha1Supported = TRUE; >> break; >> +#endif >> case TPM_ALG_SHA256: >> Tcg2ConfigInfo->Sha256Supported = TRUE; >> break; >> -- >> 2.26.2.windows.1 >> > > > > > [-- Attachment #2: Type: text/html, Size: 13501 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [EXTERNAL] Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox 2021-03-18 4:46 ` [EXTERNAL] " Qi Zhang @ 2021-03-18 23:56 ` Yao, Jiewen 0 siblings, 0 replies; 6+ messages in thread From: Yao, Jiewen @ 2021-03-18 23:56 UTC (permalink / raw) To: Zhang, Qi1, Bret Barkelew, devel@edk2.groups.io, lersek@redhat.com Cc: Wang, Jian J, Kumar, Rahul1 [-- Attachment #1: Type: text/plain, Size: 7446 bytes --] Hi I gave feedback in bugzilla. I think the statement is confusing - "SHA1 algorithm can be disabled by build option DISABLE_SHA1_DEPRECATED_INTERFACES defined.". Do you mean disable TPM hardware bank, or just software SHA1 algorithm ? We can have three ways to handle SHA1. 1) Disable SHA1 bank in TPM hardware. - Then no one can see the SHA1 bank. 2) Disable SHA1 PCR via capping PCR in the TCG driver. - Then SHA1 bank can be seen. But it will be useless. 3) Ignore SHA1 PCR bank. - Then it can be seen. The value is empty. The downside is that anyone can use it, even forge it. To me, only 1) and 2) are secure way to "disable". But the patch seems want to use the 3). Removing it in the UI checkbox really does not do anything to "disable". Do I misunderstand something? Besides that, I am also not clear, that if we want to hide the SHA1. Why not remove “Sha1Supported” field completely with DISABLE_SHA1_DEPRECATED_INTERFACES ? Why we still need it in the data structure? Thank you Yao Jiewen From: Zhang, Qi1 <qi1.zhang@intel.com> Sent: Thursday, March 18, 2021 12:47 PM To: Bret Barkelew <Bret.Barkelew@microsoft.com>; devel@edk2.groups.io; lersek@redhat.com; Yao, Jiewen <jiewen.yao@intel.com> Cc: Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com> Subject: RE: [EXTERNAL] Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox Submit a new BZ https://bugzilla.tianocore.org/show_bug.cgi?id=3268 for this change. Patch set V2 has been sent out for review. Thanks! Qi Zhang From: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>> Sent: Thursday, March 18, 2021 4:45 AM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; lersek@redhat.com<mailto:lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Kumar, Rahul1 <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>> Subject: RE: [EXTERNAL] Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox +1 - Bret ________________________________ From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Laszlo Ersek via groups.io <lersek=redhat.com@groups.io<mailto:lersek=redhat.com@groups.io>> Sent: Wednesday, March 17, 2021 11:28:07 AM To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Kumar, Rahul1 <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>> Subject: [EXTERNAL] Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox On 03/17/21 05:19, Yao, Jiewen wrote: > Thank you Qi. > > i recommend we file a bugzilla on the scope of the problem I agree. We already have a number of BZs related to the disablement of SHA1 and MD5: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D1682&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Bxq4fGkZUA91NNncp%2F68zbcXSYBQcIfGbgcT4CYktKs%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2943&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eh9ef1WSF1DuepEkiXg1x%2BmmWs77eNrkSObOS5SVB94%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3003&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YJTXNb2GnPkkc9Y6GI%2BI9WYy8MdeujtSvpah5mWhrp0%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3021&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pcAqk46YRGn9jS0ra5sl7Gg7i8PvqZbdewsH6hMq5YM%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3027&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4sOMDQitxKwFfXmYFJ9ooF7hovK4vfMww0ppsHz5vjk%3D&reserved=0 https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3079&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Ca9f46449e57d4642ab4608d8e9727545%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637516025103613890%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8is%2FUsgRy71E%2F9ui%2BkMwoTmp4jiw0vKlsUwJ%2BxEqfO0%3D&reserved=0 We should certainly track the change for Tcg2Config too, in a new BZ. Thanks Laszlo > > After the scope is agreed, then you can send the patch. > > For example, I can ask why not remove the sha1supported field at all? > > I hope the community can reach consensus on the problem statement at first. > > > thank you! > Yao, Jiewen > > >> 在 2021年3月17日,上午10:56,Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> 写道: >> >> wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES. >> >> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> >> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>> >> Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> >> Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>> >> Signed-off-by: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>> >> --- >> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> index 2946f95db0..81a4d3fa6a 100644 >> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >> @@ -710,9 +710,11 @@ SetConfigInfo ( >> ) >> { >> switch (TpmAlgHash) { >> +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES >> case TPM_ALG_SHA1: >> Tcg2ConfigInfo->Sha1Supported = TRUE; >> break; >> +#endif >> case TPM_ALG_SHA256: >> Tcg2ConfigInfo->Sha256Supported = TRUE; >> break; >> -- >> 2.26.2.windows.1 >> > > > > > [-- Attachment #2: Type: text/html, Size: 16676 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox @ 2020-11-25 2:30 Qi Zhang 0 siblings, 0 replies; 6+ messages in thread From: Qi Zhang @ 2020-11-25 2:30 UTC (permalink / raw) To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Rahul Kumar wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> --- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index 2946f95db0..81a4d3fa6a 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -710,9 +710,11 @@ SetConfigInfo ( ) { switch (TpmAlgHash) { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES case TPM_ALG_SHA1: Tcg2ConfigInfo->Sha1Supported = TRUE; break; +#endif case TPM_ALG_SHA256: Tcg2ConfigInfo->Sha256Supported = TRUE; break; -- 2.26.2.windows.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-03-18 23:56 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-17 2:56 [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox Qi Zhang
2021-03-17 4:19 ` Yao, Jiewen
2021-03-17 18:28 ` [edk2-devel] " Laszlo Ersek
[not found] ` <MW4PR21MB1907F79198F1509C702A708CEF6A9@MW4PR21MB1907.namprd21.prod.outlook.com>
2021-03-18 4:46 ` [EXTERNAL] " Qi Zhang
2021-03-18 23:56 ` Yao, Jiewen
-- strict thread matches above, loose matches on Subject: below --
2020-11-25 2:30 Qi Zhang
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox