From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id BBAF8AC12A3 for ; Tue, 16 Jan 2024 13:30:48 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Y+5Q1fDUqLTHepCfsli9/bbJKiE7/pxuvzQDCdfzxAE=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1705411847; v=1; b=FGSJL0A//sqx1w0QflhjIbqfaOV4MjBlFwxClsZvT1luN2xdDVm2H/1qynZ7RUzQpyknFOkV SsSNqmELAgkLADDk0+GlIn/EZo5sIwCsVH0eXOyqrL8z4XLgi/JP7njtZDEqjbI1JGQQDWnX8M8 YWoMGTpE7vfMfVEP8SE71UoI= X-Received: by 127.0.0.2 with SMTP id FRaFYY7687511xsvQPElE11o; Tue, 16 Jan 2024 05:30:47 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) by mx.groups.io with SMTP id smtpd.web10.13731.1705411846619779478 for ; Tue, 16 Jan 2024 05:30:46 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10954"; a="13362362" X-IronPort-AV: E=Sophos;i="6.05,199,1701158400"; d="scan'208";a="13362362" X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jan 2024 05:30:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10954"; a="854352971" X-IronPort-AV: E=Sophos;i="6.05,199,1701158400"; d="scan'208";a="854352971" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga004.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 16 Jan 2024 05:30:46 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 16 Jan 2024 05:30:45 -0800 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Tue, 16 Jan 2024 05:30:45 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 16 Jan 2024 05:30:45 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MP6h830wwupb+0U3oysj3MnYTBYqfyLPJLz7sI/tCC5KpSRfCXDo1YBYHbS+v33AmLocv6BB5Glkpx4NVJWCg/4qWsz4CSNmDTCd1uqooBeB+Z49z99RKPrEmgFX39gJQm3VVflGOoIKHHpa31SMnadCuJD/fQY68y0pV2/J2Lt7ZYx9hgU2PpiXGEzlJHIm61GluCV+KtiiFxLVNk52ioCyWA4ILAShf099HPAmcyb6tbzSX4xl+spJhnRqPmzk0RA7l2mf2MVBdbmkLV2vTDn95whKbm4/juKgvru6qhYu7AUhRYRvneOsP6XiS4xPWbHxhYErh+w3MilSeHlptw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Qlpt2WhpC/eyjrgC9h1aXZoeEJD6wccu+5mtrBjiozk=; b=ltXlryWPmOH5QgdVwcnMEooUxg6KrJGAg+ZF/oqUB2z4LvjPnxUuPzHp+KM9EgasVDU6cwT0ifT0ltuSoVReYTO5/xhb1xY6u8E/S4UpXPRfnGfd4RMD7S1MVkPrFJXgM6M6WZSIl+C/d9f0czEEg9XTzDDduL7AvXJJlVXyxH53UzER0d8kkOfeYVyCEem1rOoI6JOvhzlgTWupN3dmFZKXC9ip+nbYXWmEh+aghg/8+kKIOLDTXjYL8fFgGKgRhJ/UMH2zyoEeAEeDedyqHiJRdznrUzgH11CC8VbvQK0S8pdhpEe5ADqhmA6O7+JiXCT9AZzQdr1DLZpLDsjGCw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SJ0PR11MB6573.namprd11.prod.outlook.com (2603:10b6:a03:44d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.23; Tue, 16 Jan 2024 13:30:43 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::7d26:e1f1:1986:55d2%4]) with mapi id 15.20.7181.029; Tue, 16 Jan 2024 13:30:43 +0000 From: "Yao, Jiewen" To: Gerd Hoffmann , "devel@edk2.groups.io" , "dougflick@microsoft.com" CC: "Douglas Flick [MSFT]" Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Topic: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Index: AQHaRLpn5kqNPAWQ/EurLYl0cPys1LDcXdsAgAAYpIA= Date: Tue, 16 Jan 2024 13:30:43 +0000 Message-ID: References: <2t6cs4djbxujhdglj5ok4y4we6jhnemgztttetunda3hv4zef5@cn4jew2nlhud> In-Reply-To: <2t6cs4djbxujhdglj5ok4y4we6jhnemgztttetunda3hv4zef5@cn4jew2nlhud> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SJ0PR11MB6573:EE_ x-ms-office365-filtering-correlation-id: d771f73f-b8d2-4eaa-a2bf-08dc169756c8 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: x9Hh3SNUCrLUPK9pzUrMG6AAt57bXnPOOPDYroAiuTAjXQwG1Xhakmn+f/6Z3ApL9dOnzB09kC3k4KATMG0FWlvQ8aLzWN5ng0KSysCiDmS7b1gHEHciJ8s/AOMHrkKXnByzQjC6uIcwJhtX0hdJJxg+u0mOhZQP41xPw7/aYRfBpV3s8IiO/WaEvddOLFhaNBeQ/qHmbpT7w09Rr+X43/qt6+Q3j3LivngB0HoWFjtgsySzI2egrfkazyrXQu+leZvmXTah4crb7g4wgNq/fwQZRNPSOmYDMuGcw5w6O2HjId0eWZ8GKYtvGLmafFi9ZnUxvxhxRCu4I2NL39xKvOtxTIcPWrLXtO6Tz2C2zMY7UXRcfbyiOjWAzRdQ+d383UA2oUDYthSK2IjqVt17xj5K3HBAVX6XsdC0ZebEwoiZPyd5jWBbC3+p5tC1WqWyOMSDbhorcWtGLMv06SXEer1oGDdN/ogPnFYwVwovpHwqTPs05o2EteeDmi1RR3d1rwsa6dQXvAK/Vzs/sZ7quTUZiU0p0azQNtFWoG723ncxdklTLFDg3i2irwACW4saAt/08eCnBEZnFjmJnVWSvPt/tBa1IYmnfRkTPeOutN+0r9KDleZWcfh+mtHcUBOe x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?+y0Dr5zhrrivV9ymEPbQ2rhJ5kdTTq3jAEjhm60vzjJEnBNCy4fw9WYcT4IG?= =?us-ascii?Q?4YTduA5JVB22MK0lzotgzBx0getfi2gLZMrbqYRXlptDq4mIYPgYzbYOav8h?= =?us-ascii?Q?e98iOdbySt4UsdB49Cypgf6jX6hvjjDZbeCagTQ2ljkSnKkC8Mi9Paoj6/ey?= =?us-ascii?Q?9CjCOfZsmq5bl7TX8wwA9yoaco1/sNQAsJrLsXYrSOB1EIb8YIJCiSmmp5Xn?= =?us-ascii?Q?svZMCSm3sGAe9GVQg+56K76qbmxzTE3KSK81U9w6JKcz7BuMiIIGPb1c8H5G?= =?us-ascii?Q?NsvXNAqL3ofhjPuqYbK9/14ezB0i3MZq6ZMxs8ywWOxtPjPoRlIHcPnA4NSW?= =?us-ascii?Q?Qz08T7Cq5mESYcnNQkVdi8TrJUAqnE2VK35+a8IK8OVM8OYvBnSz1r+8+GqP?= =?us-ascii?Q?/WhTuYMv5vETUuxIRmTQucmRh/SAJacuRM+Fn4VbuoDtA6sMqnuJytt0lzdb?= =?us-ascii?Q?crkJuuvile81K1wnbZuyXZ/6YYYrdJdVTrXh2iuErBMxBJy4OyBLNG/y2JJY?= =?us-ascii?Q?JAXZaDFtZiq8rumLnl3WCXv4vrsyUCBaJq8b07oKlw+xPoff6UxhzcyYu48H?= =?us-ascii?Q?DTffSqhhQLnNGEmhwD86+qsFYja5pVN3u/jjJi1Ut9mNEjRuG862aJwNcdmJ?= =?us-ascii?Q?ErUbDB0prth6JHolv0N6zNPWc89mHRgO+AHkmlBGlmJo5HePjYFmvPdCBiRs?= =?us-ascii?Q?iKjpbLpOuDxU7IOKR1Q+6WzwrZ3x07s73IlhVXyn03k1b1WVhoSCUaNBlvKu?= =?us-ascii?Q?9A+O8lNj1jYtOkFY/FQRvt7Ipc33i/zXU01c/Qx25VUoGEX4QHL0FIVbioEh?= =?us-ascii?Q?mUnWmSVGvc23x2tIhBIyIqPV1yPt54TZ8wZA/1vV4nqhkU0o1EDysHWde6Vn?= =?us-ascii?Q?4SDbziGW28lA8ebRRX7gsOrkD6fc9o8788e9rXzo8X+0GKxcoJcTQEcTZ5so?= =?us-ascii?Q?gLO1Mr2JwsWOtXZUBLRrWYoLWHfXWAEsaXfpZ67dscEDLuhI2hphdKvZSGoe?= =?us-ascii?Q?isPB5SPis4dbtd28aFpkBPp9U9nyrqlVaqPrmcsOWHu392SvpIjYBfVP+h7E?= =?us-ascii?Q?D7A3PzQRFdloZeUmASkHJoiQ4qFo3EMrb7H/TRGt8ng4XW40mEQP6Twmi4ox?= =?us-ascii?Q?u5zrYSD+VC8US2EhVaA1LshUuTWR4OQRe4NoVqnhAInDTMjfZ1zrdj3u1Lq8?= =?us-ascii?Q?st2tr+HipzDBeidXA47L8vsqJ+w1NYPxogRzKM6LML0BwFjDH6txsgnoTvil?= =?us-ascii?Q?B5det1O/VQT4glCqo8PCyhanohunAKWHywoeFkJz+wVhfp4a/4dJeFTd/DQx?= =?us-ascii?Q?vTWCq0wg2ua/FbT7ORyskjw2NqVi7d7w5hFAtLYatrF5Iy6wrnkjzzFCrCXk?= =?us-ascii?Q?Shbkk8xgaFBxzDXdnpS0ArOs90DPxGUKifRBVGcMGjuPJFhHL+GYUU2vtv6G?= =?us-ascii?Q?cQ7i9WGf2HoLjJa9yk3NrFspGgRecrSUglJTwxpUszDA2bzy4MZ/jqkJFVEs?= =?us-ascii?Q?lPG54L2dA81adFvkkRQXIgLSqQDljU/HBoPpz3HFFvNh/49KCkJUHXDX/iwR?= =?us-ascii?Q?R+dUHz2iIhdRkz3ESbfug5o31xUEuc7YTuWoYjpu?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d771f73f-b8d2-4eaa-a2bf-08dc169756c8 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2024 13:30:43.1061 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Lgrbqk5oZUuFG1dNtc421EdXC6g+3klUzHTPRbsFr/deRg805t+SLqprvofDcOx3WtGgyqvJqrkpERH3iYieIA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB6573 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: dYh15q4GXAsWXggMp9FJy4J6x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="FGSJL0A/"; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Gerd I have merged this patch set today. I am fine to remove TPM1.2 in OVMF because of the known security limitation= . Thank you Yao, Jiewen > -----Original Message----- > From: Gerd Hoffmann > Sent: Tuesday, January 16, 2024 8:01 PM > To: devel@edk2.groups.io; dougflick@microsoft.com > Cc: Douglas Flick [MSFT] ; Yao, Jiewen > > Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ411= 8 >=20 > On Thu, Jan 11, 2024 at 10:16:00AM -0800, Doug Flick via groups.io wrote: > > This patch series include the combined / merged security patches > > (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118 > > (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib. > > These patches have already been reviewed by SecurityPkg Maintainer > > (Jiewen) on GHSA. >=20 > This patch series breaks ovmf build (duplicate symbols) in case both > TPM2 and TPM1 support are enabled (-D TPM2_ENABLE=3DTRUE > -DTPM1_ENABLE=3DTRUE). Compiling with TPM2 only (-D TPM2_ENABLE=3DTRUE > -DTPM1_ENABLE=3DFALSE) works fine. >=20 > I see two options to deal with the problem: >=20 > (1) Rename the Sanitize* functions in the TPM2 version of the library > to carry a '2' somewhere in the function name, simliar to all other > TPM2 functions, to avoid the name clash. > (2) Remove TPM1 support from the edk2 code base. The relevance of > TPM 1.2 support should be close to zero given that the TPM 2.0 > specification was released almost a decade ago ... >=20 > take care, > Gerd -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113898): https://edk2.groups.io/g/devel/message/113898 Mute This Topic: https://groups.io/mt/103675434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-