From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8BA66D81113 for ; Tue, 16 Jan 2024 07:59:26 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=SxRAUfA9HdWl3jpbH+eDYybXLrQyyZsya4jxHb5mHOg=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1705391965; v=1; b=w1FBi4uoRKs2mKs0nxbCAkx56D37mTPcfVJ2tbqphNJkAkymW0Fr5fJIs7r1RD2AgyHQ/nq8 TyqVTzh1zd9/sr6ONAciKgDOvppN+zWA2eWZt55of8gWLK2hRFXONUNpe6Hsse4eqIEzUMKGYA6 yOtDkPlTX1RdSXaQiv7TMT88= X-Received: by 127.0.0.2 with SMTP id wrK4YY7687511xTd3H534ZWE; Mon, 15 Jan 2024 23:59:25 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10]) by mx.groups.io with SMTP id smtpd.web10.7968.1705391963978738219 for ; Mon, 15 Jan 2024 23:59:24 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10954"; a="13143623" X-IronPort-AV: E=Sophos;i="6.04,198,1695711600"; d="scan'208";a="13143623" X-Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2024 23:59:14 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.04,198,1695711600"; d="scan'208";a="32378419" X-Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 15 Jan 2024 23:59:13 -0800 X-Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 15 Jan 2024 23:59:13 -0800 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 15 Jan 2024 23:59:13 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 15 Jan 2024 23:59:12 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iuh9lMRRS4kAoaUXEhwgxHukV9RtMYH5T5juviplMruLQdpMNIFZfAmIypxzGH/JN3ulKeheJjXu0aJrH3Y47DEOuzQwIPphq8BgSO06vezplsHR2NHnoqM4WTnH9aBfcKPDrjzQodv4KFCuyldb1741WYVNwAg2lPF262F4SxjkyqjY+DtQtKYcfJ7f0Sd4nKPYWqXkvLWLde2+wsjlOUitFgmrvFgbJG6ZM6PREKquQuG8Xa4pehJEqFXoWqfvZpzfZMIwUb316qJmuzeiQsujsoF5hpWeq4A+fCTRd+XSccDq0V8pQM9moMIvG5osEvFv0h5wjls7lsugTOPNwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SoOELq4OMiQHaDH4z6FTG6Kr7XvYOhCAqh9LGIqogt4=; b=Fi6QBIZjs0Acm4ckF88VdZI7Q7CimvEOd28P7XrfoUyqiMniZCDJ5Gm97v4imTGmI/TUxe41hYvyIEIbwy2Pj585cyloFaMUnPF2ZNAVpzC4joq0/dM2FRw9vCrsGLU8JwuUZ4+8fC28XqTlZ+AVTvUe+ogrTLsttNVZXCynYce9wMnoDfRc4XQzP7DWyQgGN719UbcW5mL4DrbYtNPDYAuYUDz/5k3Wc1M53yB6+DHfIyicbWPdVculDw4XrxIb1gXKxMl6Wutkjfjz+cEfbPApcH8fIjzKoW04tnm6p462YoSbOCMYc7T2IiYKhn5Hzlo4eT7m544p07WZNKxTnA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by MW4PR11MB8265.namprd11.prod.outlook.com (2603:10b6:303:1e1::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.21; Tue, 16 Jan 2024 07:59:10 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2%4]) with mapi id 15.20.7181.029; Tue, 16 Jan 2024 07:59:09 +0000 From: "Yao, Jiewen" To: "Douglas Flick [MSFT]" , "devel@edk2.groups.io" Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Topic: [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Index: AQHaRLpn5kqNPAWQ/EurLYl0cPys1LDcGkBw Date: Tue, 16 Jan 2024 07:59:09 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|MW4PR11MB8265:EE_ x-ms-office365-filtering-correlation-id: ce6116e4-a6d8-428c-0302-08dc16690585 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: Wa3KBd6iXx3jkv52UH1G3AzyzR7Pyey8o/7HyCvVXWKubBBPQkKBhFUXlmAouWe3P98DahydjI6J5hSEn7nL76evHitGTFxC/7M1ad/C/3XAoosXzDJbte7HS8lQ/rpN1a0t0x1UZiPrLlM8ZGBGnioQWJU5SV0DCYOoOHPp8ZJ6kcYmUpPSmm+saYWxZK9Pch7jaefjkR6idLvk84C3bEydHcRZztTE9mobv5p+LuQeM41DxNFkoE/cGWY76B6N62fIOOE7f1I3InbWzn0Bl++R4AEULW5Mod1zwad4C7ZMVXLloAjmWR3dMIlJeHUodWVvgVvp1AhMlwo6v0GtpBMLF+RsJEqKkB9QTs5cH/g0IHRpHQ7bk7xhWoGEhN3gcIu4iNgaKM29fCsce6t56j6hlR6394QfKLYbnR2JoREkvFwNlgQgVfEG7g+dEeQVVIWl1IhHMBP7rPVnZb6V8j/vxJpy9PquljOFWH00esK3kMwiHxLyh2U3TrmmgWaX5bYww1jUTsdVc/X1RqgLLr14Pk9hR2SZM4MjIydeuiQ64jlp7Nul3Lc8PdgXMWf61ZaVhKJHHC/1WFpFHotv+ufc81JIfVl88ViApXRXqoc= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?SQE7sU6HO4dm26l6B9LrEed5+9YnJlHIEXEkeH7ArTcyILaaTI4KNDXaGZa9?= =?us-ascii?Q?/8zV9FXRWcJ5ajDSTwC7yNv9V0AMBlXjwt1Bk1LL9IWDY35B3IFvTxX2EAP1?= =?us-ascii?Q?rrlSZ0rbHd+bPtkM02zX3VMpdqC0TKbFQ3BJLUIVztmw1KGXdOTYVo1mRm7N?= =?us-ascii?Q?MmQo72ac8d5Dh9GoQ+PP9xEkMAx2fu4uQYkaYKgQh0I5T4koufXju9NBneNm?= =?us-ascii?Q?PxbOjvdU8NADiP2lX2nk0Hc1VCm2Jg/twZAmLs0W3EdxmVxEDSbf5pK+Vrn4?= =?us-ascii?Q?HALbRLhP5P6Mcaa41yo7skMW208lsMop3LEcuKqSNCvrCmiZOOuU/n+5F4F4?= =?us-ascii?Q?MI7dRGYloPmoSV4hZFxnLfVhQQNND+vEIxkiYwZE10WbuoSvIRrDK8DvRv72?= =?us-ascii?Q?ZXwRqQxULsxpMd2uHbAU1jJgeKNjhLvIhOE3nxat7DjwylHuUik2pXxwmrZl?= =?us-ascii?Q?XoHHTLE/prmgm8l+mmQWG16FbRYt046Mh+nCuWv0nt63z71WIFVzj7NH/e12?= =?us-ascii?Q?CRCCeVr3GfxRVjlLTmM+x4jQPBlEhbKa3VGqid+WMnFDqSQo1k5MkBxkA7wC?= =?us-ascii?Q?BNHXez4LXJ3JFcVA73ikuWpJ8jW+Z9UsZj35tdr1BS8YY46ejTzQZC4EnWDa?= =?us-ascii?Q?Dk4hxZyzPM/ZigYjEVfSwLj+a7dCBsDhkH7XUY5CS6qB4Xc4Y5wyFeYQIQMo?= =?us-ascii?Q?Ce98UkoX3f+mXbjTnc1BZEY2CwMC8xg1f+IQnsx9eYFnHO0k/G3YVitvAQ2R?= =?us-ascii?Q?8iMvMIQ6StQXNDcmaGNzxEoQMypuu54L9vQvFcMDws07kB+bOVh9Im5kyYSe?= =?us-ascii?Q?7mcZCkcnwxRr1mZUciLHlMrJnOx090JmquSyaAaX0JHAcyYOdM/CikELpVdN?= =?us-ascii?Q?irS5h+tQZ/AtoBdRUnC+KVIP+85HoBNrV41UHE1ghfLNKpc09bVCs3OkS2rT?= =?us-ascii?Q?lw5/kvZ24HQMgp+JMF6/7qpExXfEnAea2tylddA2ph+EpuXk+tDJI4Axkf6o?= =?us-ascii?Q?sFHVViaAcPGDZmttYa4M5gn3J+2BlJCgrqgkv0p4Jqw/bVYDOceiU0DyIQY7?= =?us-ascii?Q?PUL0g1X+smYW7+LxFDnyT0S1y9Q+DeUDfbfkTS6RlM0/jpwSgv8S0H/EX0Xl?= =?us-ascii?Q?+moCG/bEBTp8htzQUMsA27fWPQ8aQEVwlBUPTILrHfNBFqR/5c1S8X1I29pB?= =?us-ascii?Q?zOT6fY6yS0XDU5Js0CB3zdLMM/jjt9HP1wQdmGsp0Nw4r8yRW81kBOC9T8X8?= =?us-ascii?Q?oIvQ/W+NyYj9pZ5iFjV2Oc37lI7q7dLXjKBzb2s8Lh+l6K0m1eeLWYOQwQ0m?= =?us-ascii?Q?a1S62tXOy0WyKiPxgsaJWbwkcK8JAY3XRcuvM9VbrYL5m/tKC1UNN90SfS32?= =?us-ascii?Q?8ky3cBaaON8byZZong/VZBsCF4gbNViRhI/u22N9QffZgORq7Q22T/Qe1Zf7?= =?us-ascii?Q?sJ5hAjl/arMjPwjbspnacu1TdyZes1zOhlDMvxihMYnsHma3kJkVl+jBWc8s?= =?us-ascii?Q?2VwfVJMyZuYMw5Xj7MOGBZjSMacSHZizpC8zZ6vuTog7Davqf7WHiNmelXSO?= =?us-ascii?Q?lYlQPULi7WPRssKUZzRI5GDya47FOjPbREu9FHN7?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce6116e4-a6d8-428c-0302-08dc16690585 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2024 07:59:09.9236 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: pf842m0BVbS07IAS4gzmKDacWuqw34GdQALuaJSMB1CBI+UEiUhkK2W0OoVQ9tNaGr3r/SDOOZC7b8/XYzWhfg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB8265 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: c8DrDghWrKZ8SITkv13ulcuPx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=w1FBi4uo; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Merged https://github.com/tianocore/edk2/pull/5264 > -----Original Message----- > From: Douglas Flick [MSFT] > Sent: Friday, January 12, 2024 2:16 AM > To: devel@edk2.groups.io > Cc: Douglas Flick [MSFT] ; Yao, Jiewen > > Subject: [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 >=20 > This patch series include the combined / merged security patches > (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118 > (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib. > These patches have already been reviewed by SecurityPkg Maintainer > (Jiewen) on GHSA. >=20 > This patch series (specifically TCBZ4117) supersedes TCBZ2168. >=20 > Cc: Jiewen Yao >=20 > Douglas Flick [MSFT] (6): > SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE > 2022-36763 > SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE > 2022-36763 > SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml > SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE > 2022-36764 > SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE > 2022-36764 > SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml >=20 > SecurityPkg/Test/SecurityPkgHostTest.dsc | 2 + > .../DxeTpm2MeasureBootLib.inf | 4 +- > ...Tpm2MeasureBootLibSanitizationTestHost.inf | 28 ++ > .../DxeTpmMeasureBootLib.inf | 4 +- > ...eTpmMeasureBootLibSanitizationTestHost.inf | 28 ++ > .../DxeTpm2MeasureBootLibSanitization.h | 139 +++++++ > .../DxeTpmMeasureBootLibSanitization.h | 137 +++++++ > .../DxeTpm2MeasureBootLib.c | 87 ++-- > .../DxeTpm2MeasureBootLibSanitization.c | 319 +++++++++++++++ > .../DxeTpm2MeasureBootLibSanitizationTest.c | 345 ++++++++++++++++ > .../DxeTpmMeasureBootLib.c | 53 ++- > .../DxeTpmMeasureBootLibSanitization.c | 285 +++++++++++++ > .../DxeTpmMeasureBootLibSanitizationTest.c | 387 ++++++++++++++++++ > SecurityPkg/SecurityFixes.yaml | 36 ++ > SecurityPkg/SecurityPkg.ci.yaml | 2 + > 15 files changed, 1801 insertions(+), 55 deletions(-) > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2Measur > eBootLibSanitizationTestHost.inf > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureB > ootLibSanitizationTestHost.inf > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitiza > tion.h > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitizatio > n.h > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitiza > tion.c > create mode 100644 > SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2Measur > eBootLibSanitizationTest.c > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitizatio > n.c > create mode 100644 > SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureB > ootLibSanitizationTest.c > create mode 100644 SecurityPkg/SecurityFixes.yaml >=20 > -- > 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113878): https://edk2.groups.io/g/devel/message/113878 Mute This Topic: https://groups.io/mt/103675434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-