From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3BFA8AC09A9 for ; Fri, 12 Jan 2024 01:50:29 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=wZNpUTg0gu+6pNd3a/UkNSSvdfAQhbRt0yw6zeV3nnI=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1705024227; v=1; b=jXJn4n5xaL1yMA88dXHpSqYD6LbaI2cdYnIZPQfY77I2MPABs/q1S7048rbFa5JOq+lLK/5e nisk5qbXsputFgkXPmIRLdie9zfyV1L/KqYEg9DGzj7n8VtTgUCBMdheSWxFJmf33CTH3ugnwAU jtuAz+b80lJFobRO2TxXUHQM= X-Received: by 127.0.0.2 with SMTP id R5JXYY7687511xHh1DLMxoCa; Thu, 11 Jan 2024 17:50:27 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) by mx.groups.io with SMTP id smtpd.web10.9931.1705024226911027610 for ; Thu, 11 Jan 2024 17:50:27 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10950"; a="6424098" X-IronPort-AV: E=Sophos;i="6.04,188,1695711600"; d="scan'208";a="6424098" X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2024 17:50:15 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10950"; a="1114054649" X-IronPort-AV: E=Sophos;i="6.04,188,1695711600"; d="scan'208";a="1114054649" X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga005.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 11 Jan 2024 17:50:13 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 11 Jan 2024 17:50:11 -0800 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 11 Jan 2024 17:50:11 -0800 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.168) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 11 Jan 2024 17:50:11 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lIpEDhae5bxamyg8BGIIAPeHDODzr5L6aXM71rgqHKMna4VXoNjF0vEv55Hg2Dy5Idn06UI1DDDZBNh4YwhS2nsSBaLL5Tk3aDSjmzcKoDFMXNKK5gO0LT9XIrTND+zddEQ2vQ0lLMwMBsu2+ONxzk+ki7eWbqtYiRginQ/C8T0U1mXOiU9zOh1alrd4XbgJP09rOrmhcpgabVfr/8v7JmWvr7HaEk419mZYYinQQ+HJCwwlNQwe9mBR8CXSampMFKPJGMfM3kK36+4lCg7rf4nIBfaK1lftDErYwoLSJ+jXS5xhgsZqxzZHHofCLhu6PFB/6s/3hgjoffpoQssXhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nukR4oIalsGYIzxMUhp3BE7uNqhgJsNrdUtxImT0gz0=; b=aVM0jAjXa6HHN17ZoiJRSrx7jz/1Ty02uPMGPNLVxZGEuD48lyk1Gmn2cw4V5nhi+mI+zh5evRq4o/z5KoEpgX7Q6pAIMSbx/UTYrzJCnrhyfGeq6+xt9XOsiwZthr+wPoPs+QtAOOPj0NXOwztFDD+D5qQR8/7KLFoUyeiI9PYMd78bpjz91HoqZJvETVe8bec+oU+3/V+SeyGLmtAFjbzxREOpDGLtHMef5U3ldKxwYztVDW9w8yeEdjctQrU0oNo2q3mY8GaEcSKxcS+WQ7D08MXWpmimGiBqVJ5KLLtY8vJ1kKkTJ/jPKh5Jars6hkC/tb1YnA5PLI98dBYHGA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by CY8PR11MB7081.namprd11.prod.outlook.com (2603:10b6:930:53::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.21; Fri, 12 Jan 2024 01:50:09 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2%4]) with mapi id 15.20.7181.020; Fri, 12 Jan 2024 01:50:09 +0000 From: "Yao, Jiewen" To: "Douglas Flick [MSFT]" , "devel@edk2.groups.io" CC: "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Topic: [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Index: AQHaRLpn5kqNPAWQ/EurLYl0cPys1LDVaMmA Date: Fri, 12 Jan 2024 01:50:09 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|CY8PR11MB7081:EE_ x-ms-office365-filtering-correlation-id: 3efe66ff-00ec-4cb8-ea7e-08dc1310ceee x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: c6HmPRTht/GwtdQENF6m4A9BB5sC9BDNaZb9nh+EeMV6aeuhxvDn6kupbVxtAu42UNzXhv2PeZfP9dngOGkUUUhhA0n+5x9pM4JaR2BhELMim+dLa7agAf7LWR2PykRnAZE/WgpHyGlmMGtdwrHk1K/07RuFX3lR8v7Y0PDjg8ykXyWBBylOG4blPH9l/MjpRKc8+lbwxE2WEI1QaTBoIp/6MEyIrPuTb+1fRJNdrdBNEAJDIsJ+mchjhd0HDmro4YaEQuIOyr/omORJ1F2bDYeFDJcKl2CZi1bkmvdFE0maNUgW/H75GCZzHLq3WZjjczvhonESfRGhV38D1x43l7RD6mG/O2BPlFGe3dxAu3DVCYbm/FUH+1Imq0F3DYqH1zNjxMK32ZFiLXa+pIJGohTbA+0mIgDlhPn1qXa5UjumjNeamANPwI87+Tn27sjbrJvQ7KgHdYV/l7jvw9yM5dUGOsVntXRt913inVOkQJ8KSIBur+zN+Xq8mT8hD8TYw6o2xFGvrIZvu4J4KH1ymqxBBLdqQbBGt48r8AcCVCv32ZuvVEBgmRcBgQ0ffRLpNzGKgMMptk7qt86QCM159lRjwmyZcxJJZQY2bAdcdFv4PkjmPC61ENU+CAJY2ydM x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?gIyEk5XVaksjcu9Z9QEp8CMmu1VK7eHqzJsJwxtyRbRIoG06iQ7S8zdemSWu?= =?us-ascii?Q?w3FDNA70bEPsp5ah2kpf7+Qd+EQ14qo5FPW7FKxyNpoZX+VE2X6dvVJiCRaw?= =?us-ascii?Q?ahzoqgDvqyzmYcoF3vP0+NeUMynaejm8RLuss0kDlQ37SOUJlEzGl3aj7UH3?= =?us-ascii?Q?UcaogmyPTr2l20IYepA4ON+R+5/fTViUCUMcrSSnFXvW6YIwVc6vK7onHjap?= =?us-ascii?Q?tJCe9IKrgAVrgK0kZ6lirSMXDg/knu8lYVeTPWq/F2yi9TUHnHPbqSa/5C7U?= =?us-ascii?Q?zNnc0GFD7s2jmJxeHi6KLoGar6fKeRjQX+3tHMBGSHILY1DXWQl6e79JPdCa?= =?us-ascii?Q?iy7cMxPkvfN4YFUxX6PYJkAal/2VeoiL1h0t+gYG//dzE3uCeE2Id6cL5Ei2?= =?us-ascii?Q?n72nECQ7OoaMWr2ls9gQsGJVKN1S43sjtfbFuAESTsisX57KvUCt5IgB+Fiu?= =?us-ascii?Q?6yyU9HUzZC7HB3JHek9NVXf6d0PGT4teyg3CF8Mn8YIVKSQj86qxNUNFfdaJ?= =?us-ascii?Q?a0wz5plTay+YEZwbib/Udq5FnjJEVYrhvi13XVhTSlLyeRLcAt0V3Y8T7SwT?= =?us-ascii?Q?dcpHiDNnTpDGQp362IRlP+JXTxyHq5FhMcSfm+Gvc25SwTFjTHUwpJ+xYzOH?= =?us-ascii?Q?2BYyXwPdvnbVNRe0HGmBtDkTVLAk6+ewcmqWtTAT1fSsE8ZsdvdWBfGVZYS8?= =?us-ascii?Q?sf+iYQAEy0VpwoMuefyfVvOsVL2dQUIM8TIwSnl5rJG7dPQmzOZ/XuYZLunf?= =?us-ascii?Q?cAxu+Gw0efxiuours84j8CcK/bQP7UoXfzuUCu/s5Vu8VYUt2nWC7nm2oWCG?= =?us-ascii?Q?3FdUQR8oJQGzmnm776tDMb1wQgpshE5TMt6pGR2oWsfPtkuVFdtziB9doB9c?= =?us-ascii?Q?fs0sqGpZB4I6G+jDc3DqT0nI65W+eHdrkEbwrkqjI6K8VkZzm6uCPvCtPAfK?= =?us-ascii?Q?IeNf3TSi/TLYlK4p1W3nCIHgmZQ0RZijDx3emZOCTNJqv8Gl7ySsVyvtrZAi?= =?us-ascii?Q?HF02LqNmj7mRTogD0l2c7EVttlMK0y86QJQj8dgBZvPSiYCKf/1m0f3qM/3o?= =?us-ascii?Q?MtRY915VZp4RN0bRTO7Zt7sgKAwfAo35A5j7PUJJF/611zW+xqx9p5+StzXV?= =?us-ascii?Q?xrrwvy0ZLusnb9iLAAO15mNGRGE+RfFrv/E2BTtPwEg2R31JVLILyXN6/R9H?= =?us-ascii?Q?YWqV/y8qQeMD3wBxKJtY3THusCwbz1XE8DPIGllxwRchzJM5m4K6VNok2t6/?= =?us-ascii?Q?pB9J1DTK/0efBQ8AEU0A013fMZ6KSHfZk1KS2DNSXXePT0Yu1mMcXwyJ0FYH?= =?us-ascii?Q?4vKffPuUa98fqat46YQoCLUFnNSabELdWElItK3ywXG8WHFop9Qkk05OVJji?= =?us-ascii?Q?xRwoc7ofkRBI5YTs38sw2pUO3vTiXishIP90G9KVR/sCyRWTayyO/fxLUmK5?= =?us-ascii?Q?UmcmFLf7IG7fkM/oNskrNfuNj7lDrRPZKSlNC9b5hWFsZAD40FWYq91s9Lsu?= =?us-ascii?Q?o7WzlH8Qy5mNI+Wl+W71jlZwHXw/zGBNtmT/L8qc7g4nFNGHyFMQCFEYLsod?= =?us-ascii?Q?KBA8bpIsq+vURMNob+YiSwyDk9cqcSttsKmRNdpq?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3efe66ff-00ec-4cb8-ea7e-08dc1310ceee X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2024 01:50:09.1841 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TrDqGp+H87ae0rEmvEiSSP+szr8Nsgf5XtIjvbCI1n+2a0OWIrDWeRmHNny5vKEj107EmVQIAsMPpl1KCVcvuw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB7081 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: NNwgT1CqB9Ve7OGuVa0EHTx0x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=jXJn4n5x; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Doug Thanks for the fix. Please remember to CC all SecurityPkg maintainer and reviewer. I will merge after several days to see if there is any additional feedback = from the community. Thank you Yao, Jiewen > -----Original Message----- > From: Douglas Flick [MSFT] > Sent: Friday, January 12, 2024 2:16 AM > To: devel@edk2.groups.io > Cc: Douglas Flick [MSFT] ; Yao, Jiewen > > Subject: [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 >=20 > This patch series include the combined / merged security patches > (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118 > (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib. > These patches have already been reviewed by SecurityPkg Maintainer > (Jiewen) on GHSA. >=20 > This patch series (specifically TCBZ4117) supersedes TCBZ2168. >=20 > Cc: Jiewen Yao >=20 > Douglas Flick [MSFT] (6): > SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE > 2022-36763 > SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE > 2022-36763 > SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml > SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE > 2022-36764 > SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE > 2022-36764 > SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml >=20 > SecurityPkg/Test/SecurityPkgHostTest.dsc | 2 + > .../DxeTpm2MeasureBootLib.inf | 4 +- > ...Tpm2MeasureBootLibSanitizationTestHost.inf | 28 ++ > .../DxeTpmMeasureBootLib.inf | 4 +- > ...eTpmMeasureBootLibSanitizationTestHost.inf | 28 ++ > .../DxeTpm2MeasureBootLibSanitization.h | 139 +++++++ > .../DxeTpmMeasureBootLibSanitization.h | 137 +++++++ > .../DxeTpm2MeasureBootLib.c | 87 ++-- > .../DxeTpm2MeasureBootLibSanitization.c | 319 +++++++++++++++ > .../DxeTpm2MeasureBootLibSanitizationTest.c | 345 ++++++++++++++++ > .../DxeTpmMeasureBootLib.c | 53 ++- > .../DxeTpmMeasureBootLibSanitization.c | 285 +++++++++++++ > .../DxeTpmMeasureBootLibSanitizationTest.c | 387 ++++++++++++++++++ > SecurityPkg/SecurityFixes.yaml | 36 ++ > SecurityPkg/SecurityPkg.ci.yaml | 2 + > 15 files changed, 1801 insertions(+), 55 deletions(-) > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2Measur > eBootLibSanitizationTestHost.inf > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureB > ootLibSanitizationTestHost.inf > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitiza > tion.h > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitizatio > n.h > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitiza > tion.c > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2Measur > eBootLibSanitizationTest.c > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitizatio > n.c > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureB > ootLibSanitizationTest.c > create mode 100644 SecurityPkg/SecurityFixes.yaml >=20 > -- > 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113637): https://edk2.groups.io/g/devel/message/113637 Mute This Topic: https://groups.io/mt/103675434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-