From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 4C0AA7803DA for ; Wed, 17 Jan 2024 08:23:34 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=3Pn07tTn7E7RjPXuaptPpngU+sRi3wYlX8D6URrm3Eo=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1705479812; v=1; b=hBR5s41/qtd4s8/KfjdQiQ0yee6dxXc+UpdNtaTKTsmdWyZxGiTD/UdqwL/QCd75rbUmc0yo jMx7R/0+7jeZ19XfwwyDOwJyHpIrcB+RucxG0ZfzNRgn2cnhSBX8QxOl4c72k0B5IszCngBkexo O2MNakLWN/q8qFs6ClKFl1YM= X-Received: by 127.0.0.2 with SMTP id sq4HYY7687511xjmWFcmimau; Wed, 17 Jan 2024 00:23:32 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9]) by mx.groups.io with SMTP id smtpd.web10.4865.1705479812405254228 for ; Wed, 17 Jan 2024 00:23:32 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10955"; a="18700382" X-IronPort-AV: E=Sophos;i="6.05,200,1701158400"; d="scan'208";a="18700382" X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2024 00:23:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10955"; a="874753931" X-IronPort-AV: E=Sophos;i="6.05,200,1701158400"; d="scan'208";a="874753931" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by FMSMGA003.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 17 Jan 2024 00:23:31 -0800 X-Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 17 Jan 2024 00:23:30 -0800 X-Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 17 Jan 2024 00:23:30 -0800 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 17 Jan 2024 00:23:30 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 17 Jan 2024 00:23:29 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TWrVzeQC00fM28sseBmoe68xmummF/dVmJKHlX6ZLpVxYFJNUsCfqWgHea4xRr+/34gZxbL7FFPQ0eQanUQDfeIB+KUqAj4YJTlknwbAvKsNgjz6etzNuybz8VVL1HgohEZ+geERh2W/bhsCykvSIhl3x5kGf2SYxL5nA4XXDvWTJf2nxNeQ2ii2iW8BbXRqKyjyz952oy9gUhyArTdd6zQrUl0MW5NVIlvTo6QxTwqEiw1RO5LGFoD4iD5vj1hERinX+O3/hxE3i0lcw+ATH5RrLzmoPgw79G5rHyai9TGkKGHFfmZ0EFbHmHQghUqvhVAZyCBXQLHenhbW7B0eXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LVUAzzvJMEf6OJjyY7hR8oRJGnBMVBE/ukxLT6kJBXI=; b=VYFUg9J0EcT2rxoWcKYQSR2Or7D53PC147DpQ1vdWtiKRZFJQPyFderEaBlVyXbqJVd1Le75MmxOS61shwrF1PSR7haldjAiht22YDWQnazPkueXQ2Z1FgjYcMdLd9KH49wz6a2joiLS/T7YW30fORVqFXiM7adfpCknr5CztppZXFWbOFJuCDVAA+C9+mBy6ybB4juEZpmCgrbOGzgdyy4fg7r0O02Fj+b5t5PvQkj6TSF3eVBWsYMfteSmqCNAhGGK15BSDrMQ6ek/8hlmXIAm28oRrvhDGKpiQF05XELSJPJYO81LApUwoof3qu1zd/1R4WynmtZAxXHuwg9ZRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by LV3PR11MB8482.namprd11.prod.outlook.com (2603:10b6:408:1bb::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.24; Wed, 17 Jan 2024 08:23:19 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2%4]) with mapi id 15.20.7181.029; Wed, 17 Jan 2024 08:23:19 +0000 From: "Yao, Jiewen" To: "Li, Yi1" , "devel@edk2.groups.io" , Gerd Hoffmann , "dougflick@microsoft.com" , "Douglas Flick [MSFT]" Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Topic: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Index: AQHaSRXDYoVGweOIL0CQUYHyyFhslLDdpmYAgAAB9QCAAAEssA== Date: Wed, 17 Jan 2024 08:23:19 +0000 Message-ID: References: <2t6cs4djbxujhdglj5ok4y4we6jhnemgztttetunda3hv4zef5@cn4jew2nlhud> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|LV3PR11MB8482:EE_ x-ms-office365-filtering-correlation-id: fc272c92-0dbe-4a1a-f48f-08dc17359026 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: Ir+7hkk8yboU82LJPveKEmiaGo4DJu4BNX/P1fA6yJnY3nBfs9WENyPKjNtMZEtn6uDDtZTOI7o+tDdzoyIbVK7lfMBx5qYsa4fmb+dIyuJGJf4ce5jV16xJZL9CC96sE0yidAhXK+ctvHvw+cmSd+kwd5BjC9jKT+aeMrxg0CBtcJAUfkCdVuwB/F6VecMir/RhJlypmz65tGGnJcGcDCCFNb8La7pth4gq/QWVV83T6OcpgDBYk2wVRuiUDe+JVPm7y7vY9/5MUIl9ONUPD7Qqg6ipOl/234iVgBphZvBEvAvJ2/cOHuUYHWVlej3S75dLMgUyhFQg1FuVeFzhRl4UVYqpurn3EgOPOdtalYyWSdK4+YEZ6meS4ObdoFjSQg2vLREsqW8dyCjmYVqoYjh004llTVb0phCP/CMwsE575ykqFsL0baRtMAYJ0u6ByrOJOKAUvPo2tnTMI7fYPzzmmL5JgHDnchMItxvrb93jm3c0TQaTaRSPm0a0rW9B7a1iXMaSr9zz0r+SpshUERePmryKr/LhSZxrweRMYvkaNbY7ys0G1Vg+nv3YETlk2K6cy+MS8oDpQBLg35ASqFwMw/30iUCEI+rc9sLyFkXPK0jjWHdFSmD2DrADSGrYwPF1Xs/jSXuH4EFmgJfTHQ== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?BVzIVIPt4ulrHThy/m+JQ6/v0k2TLWJdatyV/yhJ8cu16JzPaChuSLikuUqs?= =?us-ascii?Q?HBSSBwf5096sRPjDa4GwHKRuYcjuHF48AOog8XPqttvR5EGVOrzMgI0hmXO5?= =?us-ascii?Q?1MwrWPpC/bBvG630LjtBm400GLuXQTR+A/9tOcJ9jWsGE6AK/mQfJsZ4ZFCO?= =?us-ascii?Q?VQ3eTxkmoLASBv3sfzYD/pr+4/kpOFi8apc5YMuFjyKi8R1o6P6ypMVOCFjx?= =?us-ascii?Q?/IZb+1S6j5mJW0kBIVsKlhoByoqmKFa0LgzidtGZ6zJF6NmU9ZVUlsqmOvMC?= =?us-ascii?Q?T8lgdE6GwfQnfGyyJ6xe3ZXWVupkytN4//SlhIOAHKeZO+9ZMWBOeEUrSOIp?= =?us-ascii?Q?uo5kImVCSv9B1vyYHTLBjSOmgDvar7cciHqCpc6qxWHqrIKETeV4TMmMN+FG?= =?us-ascii?Q?DXtEZuQlJGwQVk4C0P7zEVwWGxCx9nU3JkOWcb+hR5lkgHybWfTPOLUJwBs3?= =?us-ascii?Q?AHyJph1UsOmLrtubkBYUqKUnpYpMTtHEHUTEk34UvAMmn6CA+PS9V4ymXC6d?= =?us-ascii?Q?ja/WCAt6PRVXnvP8AcwkWdICmhXgRTHKInvRQEWwqAtBYvw8CjWcqDHRtZmF?= =?us-ascii?Q?BeF2PRh+qrtYDDcW3jGQcPgqOXnyyLIJvlwiD+skjkOHQE/Ae3hrhkfemCiA?= =?us-ascii?Q?1dLIEI4IY8pmdFqSllQHkGziDuMYaALEMMYCXo15/s8wQD48mu2BZLshuZPC?= =?us-ascii?Q?Z2YmCX1KaDDs/86GU7j0j1cZBdWSjnxBxuOYc+paHsT8APKfHd0gwS0cP/C6?= =?us-ascii?Q?yU7nsfNwOV4p55aNB7HjYHlPluB6YHdFGZNFd2L1TqcDQyug3eg9rFIfXZq4?= =?us-ascii?Q?4iFP68g5AhBaTrrPz4nhNKXXHKYCSAME5e/p4RubkcwOn86ltNbW7SMvTQm0?= =?us-ascii?Q?OUlmtUxHPP4gWbpWGMseom9+jVvqZoYzi0JUsHEqR7uCb7yVRGzy8XC34sIB?= =?us-ascii?Q?KYv8XiiOKE2c3rptEihEFfOHYFY71uGvrVm0VChAGC1ixHOreFsGlYAX+bU6?= =?us-ascii?Q?7Lewsof95spsvFrYabzfNOlijU8L50NsYvvySXhXhoMWBBDve1RtQqf/Zety?= =?us-ascii?Q?YyUSx6VgkZW5gU8VdYIj6GAC9ylGxiw910pxbPDLzJROAiGxL5MVurQBp61e?= =?us-ascii?Q?KhtCHkS+ZqWUYyJ4KPw07OjB0Cgy9y+RiQCGUn+NkWMpqeGPad2co/eljWfV?= =?us-ascii?Q?CLS0usYHHUj3+O3YatT8ipNZa4/DZhKjtRz0NjBCH/UKbY4MWhAHgaUHfAUm?= =?us-ascii?Q?Ge4Hmt/iLJ+5EO3DQ8WzEx55wj9CHV+cixbzlFUg9Gn9gUS20hDcXgqB8oOU?= =?us-ascii?Q?5bq/1/RY2hvEGvI2rrKo3AtflzBVmsQasfnSBz066CZ88+4UNQgJEm0RrP/p?= =?us-ascii?Q?el43byb64eQiOt6oHfVyHRJbjKFOxvarbFAv3T94Pm989Dcc0T97vb25w2Tu?= =?us-ascii?Q?d8ojfpYzHbRn5ehbGQI24/VEe1ZaSA38K6HHbwnODCVuoh7m5+sYwFo+plzJ?= =?us-ascii?Q?RH2f+S8t2Ch/3n/WsRO8Lv7qzEqyVOkgeOH4f0nhW7o/dB75YRjOwJSdXqtU?= =?us-ascii?Q?bBdGnL9tnAbHjMnsRMSJqBx2v2GFvDNhCcr2CuCl?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fc272c92-0dbe-4a1a-f48f-08dc17359026 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jan 2024 08:23:19.8899 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Ir7VKg9MYKzSF3mfZVgRKY4KzhjfjdnetwrwqkzkUG4fajPSpxuqFVgScq1EWOEtDuzxk9cnRPr4AGOjNR0jTA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR11MB8482 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: XueZSJXVj4rUNWZk6sLpKv75x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="hBR5s41/"; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io That is weird. It seems we need to merge Gerd's patch soon - https://github.com/tianocore/= edk2/pull/5265 to unblock CI. Hi Gerd Would you please confirm what test you have done for removing TPM1.2? Does TPM2.0 in OvmfPkg still work? Hi Doug I cannot tell why CI passed before but failed now. But it does seems a big issue now. Would you please propose a patch to reso= lve it? Just rename the symbol. Thank you Yao, Jiewen > -----Original Message----- > From: Li, Yi1 > Sent: Wednesday, January 17, 2024 4:15 PM > To: Yao, Jiewen ; devel@edk2.groups.io; Gerd Hoffma= nn > > Cc: dougflick@microsoft.com; Douglas Flick [MSFT] > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ411= 8 >=20 > Hi Jiewen, >=20 > Sounds strange, but new PRs in today all broken due to this issue, e.g.: > https://github.com/tianocore/edk2/pull/5210 > https://github.com/tianocore/edk2/pull/5268 >=20 >=20 > I checked build log, it matched the description from Gerd: > https://dev.azure.com/tianocore/11ea4a10-ac9f-4e5f-8b13- > 7def1f19d478/_apis/build/builds/114097/logs/350 > 2024-01-17T04:09:52.5996237Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6010570Z INFO - (.text+0x0): multiple definition of > `SanitizeEfiPartitionTableHeader'; DxeTpmMeasureBootLibSanitization.obj > (symbol from plugin):(.text+0x0): first defined here > 2024-01-17T04:09:52.6020435Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6030987Z INFO - (.text+0x0): multiple definition of > `SanitizePrimaryHeaderAllocationSize'; DxeTpmMeasureBootLibSanitization.o= bj > (symbol from plugin):(.text+0x0): first defined here > 2024-01-17T04:09:52.6040167Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6050625Z INFO - (.text+0x0): multiple definition of > `SanitizePrimaryHeaderGptEventSize'; DxeTpmMeasureBootLibSanitization.obj > (symbol from plugin):(.text+0x0): first defined here > 2024-01-17T04:09:52.6061966Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6072661Z INFO - (.text+0x0): multiple definition of > `SanitizePeImageEventSize'; DxeTpmMeasureBootLibSanitization.obj (symbol > from plugin):(.text+0x0): first defined here > 2024-01-17T04:10:12.9532147Z INFO - build.py... > 2024-01-17T04:10:12.9593220Z INFO - : error 7000: Failed to execute comm= and > 2024-01-17T04:10:23.2054653Z INFO - build.py... > 2024-01-17T04:10:23.2055014Z INFO - : error F002: Failed to build module > 2024-01-17T04:10:23.2055379Z INFO - > /__w/1/s/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.i > nf [X64, GCC5, DEBUG] >=20 > -----Original Message----- > From: Yao, Jiewen > Sent: Wednesday, January 17, 2024 4:09 PM > To: Li, Yi1 ; devel@edk2.groups.io; Gerd Hoffmann > > Cc: dougflick@microsoft.com; Douglas Flick [MSFT] > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ411= 8 >=20 > Please check https://github.com/tianocore/edk2/pull/5264. It is merged af= ter > pass CI. >=20 > May I know where you see PR CI builds are broken? >=20 > Thank you > Yao, Jiewen >=20 > > -----Original Message----- > > From: Li, Yi1 > > Sent: Wednesday, January 17, 2024 3:21 PM > > To: devel@edk2.groups.io; Yao, Jiewen ; Gerd > > Hoffmann > > Cc: dougflick@microsoft.com; Douglas Flick [MSFT] > > > > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & > > TCBZ4118 > > > > Hi Jiewen, > > > > All EDK2 PR CI builds of OvmfPkg are broken due to this issue. > > Maybe we didn't have enough time to wait feedback and should fix the > > CI issue first. > > > > Regards, > > Yi > > > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Yao, > > Jiewen > > Sent: Tuesday, January 16, 2024 10:38 PM > > To: Gerd Hoffmann ; devel@edk2.groups.io > > Cc: dougflick@microsoft.com; Douglas Flick [MSFT] > > > > Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & > > TCBZ4118 > > > > Sure. Let's start from OVMF. > > > > We have leaf enough time for feedback, but I see no comment from other > people. > > > > > > > -----Original Message----- > > > From: Gerd Hoffmann > > > Sent: Tuesday, January 16, 2024 10:35 PM > > > To: devel@edk2.groups.io; Yao, Jiewen > > > Cc: dougflick@microsoft.com; Douglas Flick [MSFT] > > > > > > Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 > > > & > > > TCBZ4118 > > > > > > On Tue, Jan 16, 2024 at 01:30:43PM +0000, Yao, Jiewen wrote: > > > > Gerd > > > > I have merged this patch set today. > > > > > > > > I am fine to remove TPM1.2 in OVMF because of the known security > > limitation. > > > > > > I was thinking about the complete edk2 code base not only OVMF. > > > > > > But I can surely start with OVMF. Maybe it is the only platform > > > affected because on physical hardware you usually know whenever TPM > > > 1.2 or TPM 2.0 is present so there is no need to include both. > > > > > > take care, > > > Gerd > > > > > > > >=20 > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113938): https://edk2.groups.io/g/devel/message/113938 Mute This Topic: https://groups.io/mt/103675434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-