From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web08.918.1636082793157575152 for ; Thu, 04 Nov 2021 20:26:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=SUrXTw6u; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: longlong.yang@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10158"; a="211889029" X-IronPort-AV: E=Sophos;i="5.87,210,1631602800"; d="scan'208";a="211889029" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2021 20:26:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,210,1631602800"; d="scan'208";a="450442156" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by orsmga006.jf.intel.com with ESMTP; 04 Nov 2021 20:26:32 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Thu, 4 Nov 2021 20:26:31 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Thu, 4 Nov 2021 20:26:31 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.170) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Thu, 4 Nov 2021 20:26:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aOMyhPoPx3hBxFoEjGn4If27cBEM3EsEgveLzMhSvz9lFjWLKADTmYfQGOLNduM/RKwvSsIUiJAjt3OsnbHfSStLl4ebGdkLeDn0aBpFycCx1HQPTZyU8dGBlXV2agddJXbdgcQH6IAzprV3lqFZFrLeHVp2Ks51XenfwU4CiFkcwASXLjNDDwN2M9c0sJmnaiT4YACzcSM0G9zxtpqrOzj5IfU0yms7e4bQRtrxwTbTG6RVzxuDYPFHrCn51zYGHH6BsN0Tv6z2VgPdApslrmWDEFf1SivssJYv3pMDxH9YkA3qBa1AWOi0NeHV/slytf/0UwoLGcNmQXadxeTWBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wq7NSV12ch0SlsIuMvl2j4o8j7cdJwxeoa1d+ZokR04=; b=kmT6j/RuThaSf31DtM7YgpVxaMzhR+SyMdqFBHI89rGVaTebL3RGsY/MAD5f0A29ItqpfvxLT5rjvNuBoQB+gGUVly+znR9MWYsWenJo/uiYcDKNHt5uyyI+N9jl85AUunYyVWKEHLOdrgi8ywm091M6ICeNOFPEvFTHbcKw06DPRybq7mIWlEjHViRGwOUaPHtqgB9fe2th6nfUgC5HtUI9gFHJMAfWiSOLa4nGm1/JQn5XvsHx2h3r6IqUhzoVJUOyKy7VLuL44VfAzIar162aiA/0FmM2H4UbBJ8ZeWkPobXzjaHj9jZdMQmo2eG2zB3S9EZDc5SN4SyOoWI5vw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wq7NSV12ch0SlsIuMvl2j4o8j7cdJwxeoa1d+ZokR04=; b=SUrXTw6uB6V0LRwBlqVm5IdrHMEPr80hLQmz7r+9BtD0uIeyqlrH295sg4TMrsXoi90P7QylWBH06qdiqv2bkya4DFOautlWKkWJ5/T2xcE7VQrepgpmSi1oa01GmqDAFUqtVMP3PGfTYVONutwPEafHNbjsT6YTmVBQ7BMxipw= Received: from DM4PR11MB5456.namprd11.prod.outlook.com (2603:10b6:5:39c::14) by DM6PR11MB3785.namprd11.prod.outlook.com (2603:10b6:5:13f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.10; Fri, 5 Nov 2021 03:26:29 +0000 Received: from DM4PR11MB5456.namprd11.prod.outlook.com ([fe80::c0b6:5d8d:f73d:d306]) by DM4PR11MB5456.namprd11.prod.outlook.com ([fe80::c0b6:5d8d:f73d:d306%4]) with mapi id 15.20.4649.019; Fri, 5 Nov 2021 03:26:29 +0000 From: "Yang, Longlong" To: "Ni, Ray" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul1" , "Yao, Jiewen" , "Xu, Min M" , "Zhang, Qi1" Subject: Re: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Topic: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Index: AQHXy8ywYK/cCYJiHEWTG9aahnUZ3Kvvf1LggAAYsZCABK3gAA== Date: Fri, 5 Nov 2021 03:26:29 +0000 Message-ID: References: <69d53dbbfe4bb2fdd27d5098850a9e91a43d63bb.1635405564.git.longlong.yang@intel.com> <16B397E9723CF0A5.13015@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.6.200.16 dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b0d609dc-8926-48cd-dd9f-08d9a00c0eb6 x-ms-traffictypediagnostic: DM6PR11MB3785: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 5jzRgJ/uGXeEwgqHDZPQVaLVU0ADsV2ChshQ6P7ImrGTmuvGSFU0yGDocMv+pcvEev/mMT+hYCd5n6AmbxtEPRImkP6OSziDdyXj1wAbBf9+Tv965tsiNDvsJyyN3oxjf8VxHDwMvf3uW3FGiSB/Tb/2Jkxq9M7vXiB1KK0KlF9+r8ZvCB0g8LqhLU77PJ60Du+8qVXEak7tz5B64N3Ltxgag/TfBsQ8wjCKYQSfb82EdZCyxsDaFCjYX5aiupksAw6qoLkqhS1MuEDow29jQ+wxm2Pgm4+mmdXl+t8Ej05vFAvKi6bYdZRhZU8tFFMHlsc4JqTOYi5W32YIET0wn57N6cQveHGIV/vRgDjOXPxyYcz87GTRy4WQWPspdslTTqPKMzs9CWt3o2wAGOafsZMXV5CQUdbavjiJxj/OWGZUl2384JFRS7DX6t0tl9dpkep/mreNy2aTcktycvQbrDHOfzpY9LtSIMFjsvdlvkFwBlNAfgish96UvBo1CnV+btx6eONefc+RCSrOa/XhKYL4dHbt3Mt7Hm5C7e3z1DYooiNa9A69LMmRT2z7exlzvsskbRkktjj/VZVhDcNpK6YYmmuuDe70ju/ErnAuWqpZhlR/RccQZ918hyK9tctWNwLvjm0kXjuxRd5DweCj2uno7Ob+2e+avSGYYwEwNYB+RFo4F/zFf8Pzp8tKsjWXza/p3e9kPAnheDIWxZX3xsZ8JFdmuPFPNnPYVgZdmWOSWgR8Rekyff54F7mdl4rT1/ZXL+NBbDkB/uv8xBOJ6Hd78lJVPhY/Z0K0yruYjbk= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR11MB5456.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(26005)(53546011)(38070700005)(6506007)(8936002)(2906002)(122000001)(54906003)(66476007)(316002)(71200400001)(38100700002)(66946007)(86362001)(33656002)(52536014)(186003)(110136005)(4326008)(7696005)(76116006)(107886003)(82960400001)(66446008)(5660300002)(9686003)(55016002)(66556008)(966005)(508600001)(64756008)(8676002)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?bPsSXDeDeMly95R408QTHNk6Ywu+TUIgDGYYT2Qr60uvwdz6dTiVizxGmYp2?= =?us-ascii?Q?9fRRQ+42qZzBRxzuR/cRkcfo+lh+E+gLwM6blRq4qMGUVLzmhzQ4+wDjNUg8?= =?us-ascii?Q?EAjlVjLHBzcmyO3YMZ1kGyb18ZTGpBRjI4/UFN4TWcdUE5OHeM7Z0Rr6rACI?= =?us-ascii?Q?8gRo7AcWX/10BBf7FI+LFYGTvP3OyEnQDHK/t2kGQXE0DjyrGy9QxL56yKiO?= =?us-ascii?Q?+pii4C0fZu9bIm3nHL1TggpSqU5s1es8EmIAb26aMa8uwoe6uhwrZP6wlE6E?= =?us-ascii?Q?gfrcPmCuoq3io25blbqrpfgfX4goshIAJY5uKAfSmBH+7ry2GG27KyIKyEyl?= =?us-ascii?Q?xOX3Mo5l2p5T6po9RdUt9z7jQKD4DqDVumZxjFwoXM5Vp8jJOe2p70tHcFMU?= =?us-ascii?Q?QT7Ao/JxFHRwFFdES0TiYrwnzOYj2u0QxzDQJ5rdnk23A0obfOd77m+BaPxZ?= =?us-ascii?Q?3DJBfRZ+5RI/RV/Al4aj8DhCGyX7amERbeG5eLtgmcXrf7Vo0YgeTJo8xL2z?= =?us-ascii?Q?xVtTX61txhqfrVsMSpO2QcyMWv8GrJeUbE0gjTfhUatPB05nSKTbMh4dlPuE?= =?us-ascii?Q?dZK8nue9bzrcMJ8z4MhHFmvWKiV9X77Dd06Y57Cs0ljoveYAGB85YLXMChzr?= =?us-ascii?Q?SXnbLLF/KO5M+a5fzUVUV0fVV16tlOlmLqUiicPI04S7mcTKJFbGtwWMyov8?= =?us-ascii?Q?zSE+QhoCPy9AmOBxyjy9tZylFpr+AoiFwQP4xVto3tq1uexxLvljYpmotmbG?= =?us-ascii?Q?Kgp168QAIyz5b7TVGeYmoV9Qev4jzOFaOnYBnfY3NBhkgB633AqIIM3k1esx?= =?us-ascii?Q?PT3qMdXJ/EhI9C3YSYKTKSGp0jeKEEsfBTqeLTWO4MKuvzzH9KVFXkETWdjE?= =?us-ascii?Q?bQvhM6HzStsKCn59eqTCYgrDV5Ax+AdmCIZOa9CcNNM+QkyDILDxubOiET+b?= =?us-ascii?Q?PG1wafWK09An9c24uJ30AraBpz682PepD9RN/N3FUYcpSjDhw3t8L3QZleY4?= =?us-ascii?Q?FzxrGPAD88y5PhGMYQfkIZngueUHvKbZenUJIyb31J4UZdRMa8Dj0U9ED+9l?= =?us-ascii?Q?GMy55mqxBTAkh95Iul2UByorOY82hanMNjSR5xp0VjRH6CsWRzzRmjZdN70d?= =?us-ascii?Q?G9ZonZouozKtTzBRxHDv1FZ8NiYIfZT45uVNhP/PgKxO6a8HtQiTSizgpIYS?= =?us-ascii?Q?69u/dSvk5QaAiwZSG2t/f/AD9p1eta9kkNBj4FP5OTMjCCH6HPzs+AbWJn54?= =?us-ascii?Q?LFP1vHk6BddPb4f+B++FKF2DA3mvEcVS4Ys0vVEHnuPIvj49XdjyIumofcME?= =?us-ascii?Q?1flO80zGGTahTSwWPbtkna92T22ckIW7/35ZVivmrYCx+pCb1wZZltGCxZPZ?= =?us-ascii?Q?8bdhs/fJWe9j8TkohO03u7ejIntaL1sIH+tqY3kKNWIdPioioxor1Sgzqo+L?= =?us-ascii?Q?X1CCzb11iQDw/Ggwjh4cLKItaS8gDyhPKz6rn6bc60K65MV+juCZIPdw4I7n?= =?us-ascii?Q?vbcJrU0D7Dhh+GYZ07YPYv9D/cw/7LocVkGiQ5uUgLWqEh9i6GbNBK5kdtxH?= =?us-ascii?Q?p2IU+1UwRWZfIr+DZXUU6h5Zjd488DhpmHn1j1mLN+pxwgudaCuocARehuMi?= =?us-ascii?Q?Yw=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5456.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b0d609dc-8926-48cd-dd9f-08d9a00c0eb6 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2021 03:26:29.5358 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: /c1ZKdlnQxGG/ASJb/0Bw7tuTHoi9fQWtfQ16LdfC15AjQalBkiaBLWyKuLr+NCKnvBHNma8G/jbzW5viMTyvg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3785 Return-Path: longlong.yang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thank you Ray for your kind and patient feedbacks and advices. I checked all 10 comments one by one and you could see my responses inline = in below code change. I am testing new patch, will send to community soon if all tests pass. BRs Longlong -----Original Message----- From: Ni, Ray =20 Sent: Tuesday, November 2, 2021 11:30 AM To: devel@edk2.groups.io; Ni, Ray ; Yang, Longlong Cc: Dong, Eric ; Kumar, Rahul1 ; Yao, Jiewen ; Xu, Min M ; Zhan= g, Qi1 Subject: RE: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of mic= rocode patches to TPM Just offline discussed with Longlong, measuring the entire microcode buffer= might spend more time comparing to only measuring the applied microcode, w= hen the platform firmware includes lots of microcode. 10 comments embedded in code change in below. -----Original Message----- From: devel@edk2.groups.io On Behalf Of Ni, Ray Sent: Tuesday, November 2, 2021 9:55 AM To: Yang, Longlong ; devel@edk2.groups.io Cc: Dong, Eric ; Kumar, Rahul1 ; Yao, Jiewen ; Xu, Min M ; Zhan= g, Qi1 Subject: Re: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of mic= rocode patches to TPM Longlong, Your code creates a big buffer that holds microcode data for all threads. MicrocodeCpu[i] =3D MicrocodePatchHob->MicrocodePatchAddress + MicrocodePa= tchHob->ProcessorSpecificPatchOffset[i] BigBuffer =3D GetMicrocodeBuffer (MicrocodeOfCpu[0]) + GetMicrocodeBuffer = (MicrocodeOfCpu[1]) + ... HashValue =3D Hash (BigBuffer) I am not sure if we can do like below: BigBuffer =3D Micro= codePatchAddress> + ProcessorSpecificP= atchOffset[]> HashValue =3D Hash (BigBuffer) The second approach doesn't require sorting, one-by-one-copying. Thanks, Ray -----Original Message----- From: Yang, Longlong Sent: Thursday, October 28, 2021 3:21 PM To: devel@edk2.groups.io Cc: Yang, Longlong ; Dong, Eric ; Ni, Ray ; Kumar, Rahul1 ; Ya= o, Jiewen ; Xu, Min M ; Zhang, Qi= 1 Subject: [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to= TPM REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3683 TCG specification says BIOS should extend measurement of microcode to TPM. However, reference BIOS is not doing this. This patch consumes gEdkiiMicroc= odePatchHobGuid to checkout all applied microcode patches, then all applied= microcode patches are packed in order to form a single binary blob which i= s measured with event type EV_CPU_MICROCODE to PCR[1] in TPM. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Jiewen Yao Cc: Min M Xu Cc: Qi Zhang Signed-off-by: Longlong Yang --- .../MicrocodeMeasurementDxe.c | 254 ++++++++++++++++++ .../MicrocodeMeasurementDxe.inf | 58 ++++ .../MicrocodeMeasurementDxe.uni | 15 ++ .../MicrocodeMeasurementDxeExtra.uni | 12 + UefiCpuPkg/UefiCpuPkg.dsc | 2 + 5 files changed, 341 insertions(+) create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.c create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.inf create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.uni create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= DxeExtra.uni diff --git a/UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c b= /UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c new file mode 100644 index 000000000000..1898a2bff023 --- /dev/null +++ b/UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c @@ -0,0 +1,254 @@ +/** @file + + + if (TRUE =3D=3D mMicrocodeMeasured) { 1. Remove "TRUE =3D=3D " please [longlong] The mMicrocodeMeasured flag and this check are removed in new im= plementation. 2. Can you please duplicate the MicrocodePatchHob->ProcessorSpecificPatchOf= fset in a new array and sort the "PatchOffset" before calculating the total= microcode size? This avoids big memory consumption in many-core platforms. [longlong] Fixed in new implementation. + + // + // Extract all microcode patches to a list from MicrocodePatchHob //=20 + MicrocodePatchesList =3D AllocatePool (MicrocodePatchHob->ProcessorCount + * sizeof (MICROCODE_PATCH_TYPE)); if (NULL =3D=3D MicrocodePatchesList) = { + DEBUG ((DEBUG_ERROR, "ERROR: AllocatePool to MicrocodePatchesList Fail= ed!\n")); + return; + } + for (Index =3D 0; Index < MicrocodePatchHob->ProcessorCount; Index++) { + if (MAX_UINT64 =3D=3D MicrocodePatchHob->ProcessorSpecificPatchOffset[= Index]) { + // + // If no microcode patch was found in a slot, set the address of the= microcode patch + // in that slot to MAX_UINTN, and the size to 0, thus indicates no p= atch in that slot. + // + MicrocodePatchesList[Index].Address =3D MAX_UINTN; + MicrocodePatchesList[Index].Size =3D 0; + + DEBUG ((DEBUG_INFO, "INFO: Processor#%d: detected no microcode patch= \n", Index)); + } else { + MicrocodePatchesList[Index].Address =3D (UINTN)(MicrocodePatchHo= b->MicrocodePatchAddress + MicrocodePatchHob->ProcessorSpecificPatchOffset[= Index]); + MicrocodePatchesList[Index].Size =3D ((CPU_MICROCODE_HEADER*)= ((UINTN)(MicrocodePatchHob->MicrocodePatchAddress + MicrocodePatchHob->Proc= essorSpecificPatchOffset[Index])))->TotalSize; 3. Can you please use GetMicrocodeLength() from MicrocodeLib? [longlong] Fixed in new implementation. + PerformQuickSort ( + MicrocodePatchesList, + MicrocodePatchHob->ProcessorCount, + sizeof (MICROCODE_PATCH_TYPE), + MicrocodePatchesListSortFunction + ); 4. Can you please use QuickSort() in BaseLib? This avoids UefiCpuPkg depend= s on MdeModulePkg. [longlong] Fixed in new implementation. + for (Index =3D 0; Index < MicrocodePatchHob->ProcessorCount; Index++) { + DEBUG ((DEBUG_INFO, "INFO: After sorting: Processor#%d: Microcode=20 + patch address: 0x%x, size: 0x%x\n", Index,=20 + MicrocodePatchesList[Index].Address, + MicrocodePatchesList[Index].Size)); + } 5. There are lots of debug messages in this module. Please review them and = think about what are necessary. Try to remove some unnecessary messages. [longlong] Checked and removed some unnecessary messages in new implementat= ion. + // + // LastPackedMicrocodeAddress is used to skip duplicate microcode patch. 6. You might need a "LastPatchOffset" to skip duplicate the PatchOffset aft= er sorting. [longlong] Advice accepted. "LastPatchOffset" is used to skip duplicate the= PatchOffset after sorting in new implementation. + + if (0 =3D=3D MicrocodePatchesBlobSize) { + DEBUG ((DEBUG_INFO, "INFO: No microcode patch was ever applied!")); + FreePool (MicrocodePatchesList); + FreePool (MicrocodePatchesBlob); + return; + } 7. Please confirm with Jiewen or Qi whether no measurement is fine if there= is no microcode. [longlong] Confirmed with Qi, he prefers no measurement if there is no micr= ocode. + + Status =3D TpmMeasureAndLogData ( + PCRIndex, // PCRIndex + EventType, // EventType + &EventLog, // EventLog + EventLogSize, // LogLen + MicrocodePatchesBlob, // HashData + MicrocodePatchesBlobSize // HashDataLen + ); + if (!EFI_ERROR (Status)) { + mMicrocodeMeasured =3D TRUE; + gBS->CloseEvent (Event); 8. I think if you CloseEvent() there is no need to use mMicrocodeMeasured f= lag because the event won't be signaled again. [longlong] The mMicrocodeMeasured flag is removed in new implementation. + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 EBC ARM AARCH64 9. Can you just list "IA32" and "X64"? The microcode HOB doesn't apply to A= RM. EBC can be added to the supported list if we verified it works. [longlong] After following a template to create the inf file, I ignored thi= s comment, Sorry for that. Will check other comments as well and fix it in = new implementation. VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf 10. No need the above SortLib. [longlong] SortLib is deleted in new implementation.