From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+113878+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 8BA66D81113
	for <rebecca@openfw.io>; Tue, 16 Jan 2024 07:59:26 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=SxRAUfA9HdWl3jpbH+eDYybXLrQyyZsya4jxHb5mHOg=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1705391965; v=1;
 b=w1FBi4uoRKs2mKs0nxbCAkx56D37mTPcfVJ2tbqphNJkAkymW0Fr5fJIs7r1RD2AgyHQ/nq8
 TyqVTzh1zd9/sr6ONAciKgDOvppN+zWA2eWZt55of8gWLK2hRFXONUNpe6Hsse4eqIEzUMKGYA6
 yOtDkPlTX1RdSXaQiv7TMT88=
X-Received: by 127.0.0.2 with SMTP id wrK4YY7687511xTd3H534ZWE; Mon, 15 Jan 2024 23:59:25 -0800
X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10])
 by mx.groups.io with SMTP id smtpd.web10.7968.1705391963978738219
 for <devel@edk2.groups.io>;
 Mon, 15 Jan 2024 23:59:24 -0800
X-IronPort-AV: E=McAfee;i="6600,9927,10954"; a="13143623"
X-IronPort-AV: E=Sophos;i="6.04,198,1695711600"; 
   d="scan'208";a="13143623"
X-Received: from orviesa001.jf.intel.com ([10.64.159.141])
  by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2024 23:59:14 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.04,198,1695711600"; 
   d="scan'208";a="32378419"
X-Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83])
  by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 15 Jan 2024 23:59:13 -0800
X-Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
 fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Mon, 15 Jan 2024 23:59:13 -0800
X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35 via Frontend Transport; Mon, 15 Jan 2024 23:59:13 -0800
X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168)
 by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Mon, 15 Jan 2024 23:59:12 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=iuh9lMRRS4kAoaUXEhwgxHukV9RtMYH5T5juviplMruLQdpMNIFZfAmIypxzGH/JN3ulKeheJjXu0aJrH3Y47DEOuzQwIPphq8BgSO06vezplsHR2NHnoqM4WTnH9aBfcKPDrjzQodv4KFCuyldb1741WYVNwAg2lPF262F4SxjkyqjY+DtQtKYcfJ7f0Sd4nKPYWqXkvLWLde2+wsjlOUitFgmrvFgbJG6ZM6PREKquQuG8Xa4pehJEqFXoWqfvZpzfZMIwUb316qJmuzeiQsujsoF5hpWeq4A+fCTRd+XSccDq0V8pQM9moMIvG5osEvFv0h5wjls7lsugTOPNwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=SoOELq4OMiQHaDH4z6FTG6Kr7XvYOhCAqh9LGIqogt4=;
 b=Fi6QBIZjs0Acm4ckF88VdZI7Q7CimvEOd28P7XrfoUyqiMniZCDJ5Gm97v4imTGmI/TUxe41hYvyIEIbwy2Pj585cyloFaMUnPF2ZNAVpzC4joq0/dM2FRw9vCrsGLU8JwuUZ4+8fC28XqTlZ+AVTvUe+ogrTLsttNVZXCynYce9wMnoDfRc4XQzP7DWyQgGN719UbcW5mL4DrbYtNPDYAuYUDz/5k3Wc1M53yB6+DHfIyicbWPdVculDw4XrxIb1gXKxMl6Wutkjfjz+cEfbPApcH8fIjzKoW04tnm6p462YoSbOCMYc7T2IiYKhn5Hzlo4eT7m544p07WZNKxTnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by MW4PR11MB8265.namprd11.prod.outlook.com (2603:10b6:303:1e1::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.21; Tue, 16 Jan
 2024 07:59:10 +0000
X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::7d26:e1f1:1986:55d2]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::7d26:e1f1:1986:55d2%4]) with mapi id 15.20.7181.029; Tue, 16 Jan 2024
 07:59:09 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Douglas Flick [MSFT]" <doug.edk2@gmail.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118
Thread-Topic: [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118
Thread-Index: AQHaRLpn5kqNPAWQ/EurLYl0cPys1LDcGkBw
Date: Tue, 16 Jan 2024 07:59:09 +0000
Message-ID: <MW4PR11MB58728374F5AB9ED3A5223F788C732@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <cover.1704996627.git.doug.edk2@gmail.com>
In-Reply-To: <cover.1704996627.git.doug.edk2@gmail.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|MW4PR11MB8265:EE_
x-ms-office365-filtering-correlation-id: ce6116e4-a6d8-428c-0302-08dc16690585
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: Wa3KBd6iXx3jkv52UH1G3AzyzR7Pyey8o/7HyCvVXWKubBBPQkKBhFUXlmAouWe3P98DahydjI6J5hSEn7nL76evHitGTFxC/7M1ad/C/3XAoosXzDJbte7HS8lQ/rpN1a0t0x1UZiPrLlM8ZGBGnioQWJU5SV0DCYOoOHPp8ZJ6kcYmUpPSmm+saYWxZK9Pch7jaefjkR6idLvk84C3bEydHcRZztTE9mobv5p+LuQeM41DxNFkoE/cGWY76B6N62fIOOE7f1I3InbWzn0Bl++R4AEULW5Mod1zwad4C7ZMVXLloAjmWR3dMIlJeHUodWVvgVvp1AhMlwo6v0GtpBMLF+RsJEqKkB9QTs5cH/g0IHRpHQ7bk7xhWoGEhN3gcIu4iNgaKM29fCsce6t56j6hlR6394QfKLYbnR2JoREkvFwNlgQgVfEG7g+dEeQVVIWl1IhHMBP7rPVnZb6V8j/vxJpy9PquljOFWH00esK3kMwiHxLyh2U3TrmmgWaX5bYww1jUTsdVc/X1RqgLLr14Pk9hR2SZM4MjIydeuiQ64jlp7Nul3Lc8PdgXMWf61ZaVhKJHHC/1WFpFHotv+ufc81JIfVl88ViApXRXqoc=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?SQE7sU6HO4dm26l6B9LrEed5+9YnJlHIEXEkeH7ArTcyILaaTI4KNDXaGZa9?=
 =?us-ascii?Q?/8zV9FXRWcJ5ajDSTwC7yNv9V0AMBlXjwt1Bk1LL9IWDY35B3IFvTxX2EAP1?=
 =?us-ascii?Q?rrlSZ0rbHd+bPtkM02zX3VMpdqC0TKbFQ3BJLUIVztmw1KGXdOTYVo1mRm7N?=
 =?us-ascii?Q?MmQo72ac8d5Dh9GoQ+PP9xEkMAx2fu4uQYkaYKgQh0I5T4koufXju9NBneNm?=
 =?us-ascii?Q?PxbOjvdU8NADiP2lX2nk0Hc1VCm2Jg/twZAmLs0W3EdxmVxEDSbf5pK+Vrn4?=
 =?us-ascii?Q?HALbRLhP5P6Mcaa41yo7skMW208lsMop3LEcuKqSNCvrCmiZOOuU/n+5F4F4?=
 =?us-ascii?Q?MI7dRGYloPmoSV4hZFxnLfVhQQNND+vEIxkiYwZE10WbuoSvIRrDK8DvRv72?=
 =?us-ascii?Q?ZXwRqQxULsxpMd2uHbAU1jJgeKNjhLvIhOE3nxat7DjwylHuUik2pXxwmrZl?=
 =?us-ascii?Q?XoHHTLE/prmgm8l+mmQWG16FbRYt046Mh+nCuWv0nt63z71WIFVzj7NH/e12?=
 =?us-ascii?Q?CRCCeVr3GfxRVjlLTmM+x4jQPBlEhbKa3VGqid+WMnFDqSQo1k5MkBxkA7wC?=
 =?us-ascii?Q?BNHXez4LXJ3JFcVA73ikuWpJ8jW+Z9UsZj35tdr1BS8YY46ejTzQZC4EnWDa?=
 =?us-ascii?Q?Dk4hxZyzPM/ZigYjEVfSwLj+a7dCBsDhkH7XUY5CS6qB4Xc4Y5wyFeYQIQMo?=
 =?us-ascii?Q?Ce98UkoX3f+mXbjTnc1BZEY2CwMC8xg1f+IQnsx9eYFnHO0k/G3YVitvAQ2R?=
 =?us-ascii?Q?8iMvMIQ6StQXNDcmaGNzxEoQMypuu54L9vQvFcMDws07kB+bOVh9Im5kyYSe?=
 =?us-ascii?Q?7mcZCkcnwxRr1mZUciLHlMrJnOx090JmquSyaAaX0JHAcyYOdM/CikELpVdN?=
 =?us-ascii?Q?irS5h+tQZ/AtoBdRUnC+KVIP+85HoBNrV41UHE1ghfLNKpc09bVCs3OkS2rT?=
 =?us-ascii?Q?lw5/kvZ24HQMgp+JMF6/7qpExXfEnAea2tylddA2ph+EpuXk+tDJI4Axkf6o?=
 =?us-ascii?Q?sFHVViaAcPGDZmttYa4M5gn3J+2BlJCgrqgkv0p4Jqw/bVYDOceiU0DyIQY7?=
 =?us-ascii?Q?PUL0g1X+smYW7+LxFDnyT0S1y9Q+DeUDfbfkTS6RlM0/jpwSgv8S0H/EX0Xl?=
 =?us-ascii?Q?+moCG/bEBTp8htzQUMsA27fWPQ8aQEVwlBUPTILrHfNBFqR/5c1S8X1I29pB?=
 =?us-ascii?Q?zOT6fY6yS0XDU5Js0CB3zdLMM/jjt9HP1wQdmGsp0Nw4r8yRW81kBOC9T8X8?=
 =?us-ascii?Q?oIvQ/W+NyYj9pZ5iFjV2Oc37lI7q7dLXjKBzb2s8Lh+l6K0m1eeLWYOQwQ0m?=
 =?us-ascii?Q?a1S62tXOy0WyKiPxgsaJWbwkcK8JAY3XRcuvM9VbrYL5m/tKC1UNN90SfS32?=
 =?us-ascii?Q?8ky3cBaaON8byZZong/VZBsCF4gbNViRhI/u22N9QffZgORq7Q22T/Qe1Zf7?=
 =?us-ascii?Q?sJ5hAjl/arMjPwjbspnacu1TdyZes1zOhlDMvxihMYnsHma3kJkVl+jBWc8s?=
 =?us-ascii?Q?2VwfVJMyZuYMw5Xj7MOGBZjSMacSHZizpC8zZ6vuTog7Davqf7WHiNmelXSO?=
 =?us-ascii?Q?lYlQPULi7WPRssKUZzRI5GDya47FOjPbREu9FHN7?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ce6116e4-a6d8-428c-0302-08dc16690585
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2024 07:59:09.9236
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pf842m0BVbS07IAS4gzmKDacWuqw34GdQALuaJSMB1CBI+UEiUhkK2W0OoVQ9tNaGr3r/SDOOZC7b8/XYzWhfg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB8265
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: c8DrDghWrKZ8SITkv13ulcuPx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=w1FBi4uo;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}")

Merged https://github.com/tianocore/edk2/pull/5264

> -----Original Message-----
> From: Douglas Flick [MSFT] <doug.edk2@gmail.com>
> Sent: Friday, January 12, 2024 2:16 AM
> To: devel@edk2.groups.io
> Cc: Douglas Flick [MSFT] <doug.edk2@gmail.com>; Yao, Jiewen
> <jiewen.yao@intel.com>
> Subject: [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118
>=20
> This patch series include the combined / merged security patches
> (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118
> (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib.
> These patches have already been reviewed by SecurityPkg Maintainer
> (Jiewen) on GHSA.
>=20
> This patch series (specifically TCBZ4117) supersedes TCBZ2168.
>=20
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>=20
> Douglas Flick [MSFT] (6):
>   SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE
>     2022-36763
>   SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE
>     2022-36763
>   SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
>   SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE
>     2022-36764
>   SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE
>     2022-36764
>   SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml
>=20
>  SecurityPkg/Test/SecurityPkgHostTest.dsc      |   2 +
>  .../DxeTpm2MeasureBootLib.inf                 |   4 +-
>  ...Tpm2MeasureBootLibSanitizationTestHost.inf |  28 ++
>  .../DxeTpmMeasureBootLib.inf                  |   4 +-
>  ...eTpmMeasureBootLibSanitizationTestHost.inf |  28 ++
>  .../DxeTpm2MeasureBootLibSanitization.h       | 139 +++++++
>  .../DxeTpmMeasureBootLibSanitization.h        | 137 +++++++
>  .../DxeTpm2MeasureBootLib.c                   |  87 ++--
>  .../DxeTpm2MeasureBootLibSanitization.c       | 319 +++++++++++++++
>  .../DxeTpm2MeasureBootLibSanitizationTest.c   | 345 ++++++++++++++++
>  .../DxeTpmMeasureBootLib.c                    |  53 ++-
>  .../DxeTpmMeasureBootLibSanitization.c        | 285 +++++++++++++
>  .../DxeTpmMeasureBootLibSanitizationTest.c    | 387 ++++++++++++++++++
>  SecurityPkg/SecurityFixes.yaml                |  36 ++
>  SecurityPkg/SecurityPkg.ci.yaml               |   2 +
>  15 files changed, 1801 insertions(+), 55 deletions(-)
>  create mode 100644
> SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2Measur
> eBootLibSanitizationTestHost.inf
>  create mode 100644
> SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureB
> ootLibSanitizationTestHost.inf
>  create mode 100644
> SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitiza
> tion.h
>  create mode 100644
> SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitizatio
> n.h
>  create mode 100644
> SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitiza
> tion.c
>  create mode 100644
> SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2Measur
> eBootLibSanitizationTest.c
>  create mode 100644
> SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitizatio
> n.c
>  create mode 100644
> SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureB
> ootLibSanitizationTest.c
>  create mode 100644 SecurityPkg/SecurityFixes.yaml
>=20
> --
> 2.43.0


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113878): https://edk2.groups.io/g/devel/message/113878
Mute This Topic: https://groups.io/mt/103675434/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-