From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web11.17015.1628471624359544522 for ; Sun, 08 Aug 2021 18:13:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=q/KcrtG9; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10070"; a="214336292" X-IronPort-AV: E=Sophos;i="5.84,305,1620716400"; d="scan'208";a="214336292" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Aug 2021 18:13:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,305,1620716400"; d="scan'208";a="570305150" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by orsmga004.jf.intel.com with ESMTP; 08 Aug 2021 18:13:43 -0700 Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Sun, 8 Aug 2021 18:13:42 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Sun, 8 Aug 2021 18:13:42 -0700 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.43) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Sun, 8 Aug 2021 18:13:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FzwGBr55AyghcFScBsXP9A0OrjYMPSJTYRZESDR1n9sJYNiPnJgVeaPMUDWaRYAlzchFtlGj3nDkPWFHuZ8SYqKxh1o3N903bYWDo/gsJbExDz5pO+2D6bW1XFOLDE4gv5ShgsBxp1BVsTa7sp3XYqF0XQBCNDo1WzDdJr7TbsxXa55tklO68Wf3DO10S0IkkXtoTgwcIBL4HgMaz6XnUJ+xdUJkvvKp9xhu8KkEtm9clvIy8JICaracy4whwzwqnQ4W1NSKMrtbv4bL5btqiOTd55t5096GorhJwUeJJsM08eEKk+tP40BF6n8eMJWgLMmnSwjxFE/3SliwgrYQsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9HoiyUc1XJWgJMWGpXvzsFajp8HqXPEOddB1ED4YB+o=; b=dFTRGyp3O8AjtCMQaieHviaO2Zspmgxw3LxL+5bWtmGuW33nny9492ZzHvYx/CYS0vZgn3YF9dGfdLnQrKL4pTTGehaNfJvmSB0DLdVq0k/NSmmpgC2NXdzUP2W8cVFU12A8xnJzJamWRVJDT5Nyb/eU4kO240YaZ7VrM9dcwjSx+8J2V6vkqfTUClkxVEEFks3mDaHAuzIJox3uVt0/TYpDxVktegFBcFjRvgWcZU98k2zwbE5aBiQyspVqea8NeaVbFUqz/DW6jsrc66Uqz3+Kz5pfS5dvcDRu4chhpfVuL4o5/sSPGF/ZgTW0weyZy/S2tz0NPuuPBfwHkBTmZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9HoiyUc1XJWgJMWGpXvzsFajp8HqXPEOddB1ED4YB+o=; b=q/KcrtG9sleDWR2WZOp4LNBpeq9fDm3YDUZHOGOQH2TyRBF6KhSCkyylpqOPVbbg6GtBpG69LqmJ1wDqBofG88xMpL235+H2AljKApA4QLCxM+9XZhVzp2v4DrHWioix5sPJ6eavRQKk84hOJefM8RIwh0xmWLj8u6EigzbMdFs= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5205.namprd11.prod.outlook.com (2603:10b6:510:3d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.21; Mon, 9 Aug 2021 01:13:38 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::e97b:e466:268f:fb79]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::e97b:e466:268f:fb79%5]) with mapi id 15.20.4394.022; Mon, 9 Aug 2021 01:13:38 +0000 From: "Yao, Jiewen" To: "Gonzalez Del Cueto, Rodrigo" , "devel@edk2.groups.io" CC: "Wang, Jian J" Subject: Re: [PATCH] Reallocate TPM Active PCRs based on platform support. Thread-Topic: [PATCH] Reallocate TPM Active PCRs based on platform support. Thread-Index: AQHXiYhseCcYam1TIkqF11JRcPSteatqZERQ Date: Mon, 9 Aug 2021 01:13:38 +0000 Message-ID: References: <20210804232813.818-1-rodrigo.gonzalez.del.cueto@intel.com> In-Reply-To: <20210804232813.818-1-rodrigo.gonzalez.del.cueto@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 77be64c5-c22e-41c2-278e-08d95ad2eb66 x-ms-traffictypediagnostic: PH0PR11MB5205: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 3PmwBTIgwUSDB+TmSQSN0ReoV7M4fgd6bfivifF9aox2h+OQ/Qhq2yLFkc9H9KmGhr/J3BNmS7Nn+7FC9Rd3xKLOA7V/Nn0sqHSGJMvExIMknFjYkHKuqQEPU/WFwgNcelwAVGZ4YDUiCISpZ0LG8QQ++j4Yyto7gfFxeblav5/awsFDgxfkOk+tgxeUR757hFEblDZ/wXfsT5f4H3Hyuhww8l/oSqPTUFt2Lam4jAl70Tv6t+ttvwm35itsXuqukehpOSthBtFwJbrF63m10W26OmgwyeFU4TxoEcQIWNGuw4PyG3O3wiFUL1zwIn7oCgWaBBLFuRrNNfYqd1V+SVyVLeNtblGIuaCuuwugslV20tIQZD0xkW59yu/UytalQTM/WK7D2ne2wiQla++h4VBUyF2W0RvJCH6Sl2KVaqokHfwKz7F8MEl57eDdmmNHDYCv/k9aV2TFOcoUnBRZ2wPkIjuFc3LO2SO/JWRLPkpZ6sZU6vgu0jhKzWxD2pwoOtTbVuaVC6rKpqvSme3VTsoFrK91NAy7Hmj8E/tR1hVu+VdH8+nZDH7MFnIWZjnCFHSQD1Rq4r+Dbx0b/ClcGv0V7c9lTw7YBNYtmimIlPPmwr8FAd7mRy1Wpwou+5stju72/y3ZzRd95IIUWBDZA9kLV1rSAEYAhMRA12eFFK9mvViwdLn0D+7ub0n/0BMwFI7k84fNDnGVOUCVnfsh7Ntm4POH4DkIrYvb9Tw8KbdwVgLGgZqEon+micami3Mh0sIm0qT5Ltd+RWn0oGqQLFXJkuEnKZqZLubLVxVYKKQ= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(396003)(346002)(136003)(376002)(366004)(64756008)(186003)(76116006)(66946007)(66476007)(66556008)(5660300002)(52536014)(2906002)(26005)(966005)(83380400001)(9686003)(122000001)(66446008)(55016002)(4326008)(478600001)(7696005)(107886003)(38100700002)(71200400001)(8936002)(19627235002)(8676002)(33656002)(86362001)(53546011)(6506007)(316002)(38070700005)(110136005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?xEsJAcHM995usGtQIRZGX0YCjyKEEk0916cgJSXUR/xI6ID/4sEHkkOLdciP?= =?us-ascii?Q?oYGOk7/3MlnTQJ6AL4pKRY2AfbBGi6M8vGFW22EYXnHg13YSwK7NCX1PrP4F?= =?us-ascii?Q?fACzucAxzbZRH2uiHKF++7sMynktRCFW+waBV36cGS+47stzzJHry9g1v0fR?= =?us-ascii?Q?Yn9qzluFR2lrIptYcgThMmVJFN1FgemnGCxUSQppZTroM38GMZ/gswMH8T2p?= =?us-ascii?Q?YW6511uk6wHCIaFnuUVKBqGtnZnaePjmJr5r84MTgTNcUKIs5ASXXcVYUot3?= =?us-ascii?Q?DfnqOXwiLcFXlM0tE553y/263a7enl6MX9IZ3uWNpVZE+XcKy0C1SCCv9RDb?= =?us-ascii?Q?Od/tZT+0ontTB7ENTVHrC1ON1vKvo5ViwO7SW8EbyM+16tCYnsqB5HzL0cKv?= =?us-ascii?Q?gxrq1I4uB9vllK36ZfW5f6IF6tcQriq6FGkgTR6vUNMKpuMwysFaL9pvpZRt?= =?us-ascii?Q?bWsOCgs2yN/qjVjTIbkwIvBZhmBEj3AMR+jLfVrYR4IvGX8TrgcAx58Cnhwq?= =?us-ascii?Q?apjN3XcjPXLwnv8rMjopbPnv3LFCbKQM0RJKNGuqkyJgishvHVA0mtaahTqc?= =?us-ascii?Q?N2buQoAGrdLA7Od6LZTh4dB4bnu0NxK4H6QoDFy+OZLDOhtpMeSm87Y3lE/I?= =?us-ascii?Q?R95Itp73cVlH5Ld4eip5YcNOCuUGk8ra1t9+vq8LrmfDC0cHOa1epmnlEnCo?= =?us-ascii?Q?tOE82oWx0w9EGQHGfmB246VkNuq5pdkpQvU8bkVJi9l0CLn9ECSMJo3bT/ek?= =?us-ascii?Q?y/bKy0vX0DwhGQ+4vNaJzxgpihwTkmUVEgRqYF805aETm0EiFRM2aFnLKD6E?= =?us-ascii?Q?Dp9i5eD4avy3U+UiUMagJNY+Atjphyx66UH41OuI32w1J0Sas9p4cqCNSHgS?= =?us-ascii?Q?nuD+NfPbCafv5NZCiX3Xq/QU3nwYwi1tg2On4ugc9P4Rtkh0otSqWP6ruHL0?= =?us-ascii?Q?vU4MmUZDildWzVoRflmdhff+cTYcZtlCG9yiIXXEIry8DWxMN+fHUqR8RExe?= =?us-ascii?Q?7EitMxBdV5BeouDpwkhO3UeY7CLFfLTfPN+98Xnf7q5eGw8XLELjFtK46cSw?= =?us-ascii?Q?j1Vj4tEdPWw1fuQYuHPa/uy2dAvxvO+EtimiprBJMWZ0EnQ+vbh1+9rLKNo6?= =?us-ascii?Q?WWP94IEwV58lkMfzaKsrPsDINidTYe4ebuMWj5SiKmwJbv+C/LdkC2tfy3EG?= =?us-ascii?Q?dTxs+Fv2d4vABiijRVYuZi52rTszMcoKa0bCsGpNuPn6v4NkzmslvcpOVzOK?= =?us-ascii?Q?543zctzErfQVmXtdd2LOvOdB3EMf91zKGHiHFYaMhNm2hc0SDNpVJc9r4s42?= =?us-ascii?Q?0byE22jbmOBYzXk+DKHz12l7?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 77be64c5-c22e-41c2-278e-08d95ad2eb66 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Aug 2021 01:13:38.7324 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Z6J+o5gY8S1UxmQRdP4QPb6QGmhMggU3MT35UZ8LNpt/z5jpZNnPrdYpF9KcKJQoYXsJtLHbmDSGCRANBeN4kg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5205 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Rodrigo I don't understand the problem statement. This code has been there for long time. What is changed recently ? Thank you Yao Jiewen > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo > Sent: Thursday, August 5, 2021 7:28 AM > To: devel@edk2.groups.io > Cc: Gonzalez Del Cueto, Rodrigo ; > Wang, Jian J ; Yao, Jiewen > Subject: [PATCH] Reallocate TPM Active PCRs based on platform support. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3515 >=20 > In V2: Add case to RegisterHashInterfaceLib logic >=20 > RegisterHashInterfaceLib needs to correctly handle registering the HashLi= b > instance supported algorithm bitmap when PcdTpm2HashMask is set to zero. >=20 > The current implementation of SyncPcrAllocationsAndPcrMask() triggers > PCR bank reallocation only based on the intersection between > TpmActivePcrBanks and PcdTpm2HashMask. >=20 > When the software HashLibBaseCryptoRouter solution is used, no PCR bank > reallocation is occurring based on the supported hashing algorithms > registered by the HashLib instances. >=20 > Need to have an additional check for the intersection between the > TpmActivePcrBanks and the PcdTcg2HashAlgorithmBitmap populated by the > HashLib instances present on the platform's BIOS. >=20 > Signed-off-by: Rodrigo Gonzalez del Cueto > >=20 > Cc: Jian J Wang > Cc: Jiewen Yao > --- > SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c > | 6 +++++- > SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c= | > 6 +++++- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c = | 18 > +++++++++++++++++- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf = | 1 + > 4 files changed, 28 insertions(+), 3 deletions(-) >=20 > diff --git > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > index 7a0f61efbb..0821159120 100644 > --- > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > +++ > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > @@ -230,13 +230,17 @@ RegisterHashInterfaceLib ( > { > UINTN Index; > UINT32 HashMask; > + UINT32 Tpm2HashMask; > EFI_STATUS Status; >=20 > // > // Check allow > // > HashMask =3D Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid); > - if ((HashMask & PcdGet32 (PcdTpm2HashMask)) =3D=3D 0) { > + Tpm2HashMask =3D PcdGet32 (PcdTpm2HashMask); > + > + if ((Tpm2HashMask !=3D 0) && > + ((HashMask & Tpm2HashMask) =3D=3D 0)) { > return EFI_UNSUPPORTED; > } >=20 > diff --git > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > index 42cb562f67..6ae51dbce4 100644 > --- > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > +++ > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > @@ -327,13 +327,17 @@ RegisterHashInterfaceLib ( > UINTN Index; > HASH_INTERFACE_HOB *HashInterfaceHob; > UINT32 HashMask; > + UINT32 Tpm2HashMask; > EFI_STATUS Status; >=20 > // > // Check allow > // > HashMask =3D Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid); > - if ((HashMask & PcdGet32 (PcdTpm2HashMask)) =3D=3D 0) { > + Tpm2HashMask =3D PcdGet32 (PcdTpm2HashMask); > + > + if ((Tpm2HashMask !=3D 0) && > + ((HashMask & Tpm2HashMask) =3D=3D 0)) { > return EFI_UNSUPPORTED; > } >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > index 93a8803ff6..5ad6a45cf3 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -262,6 +262,7 @@ SyncPcrAllocationsAndPcrMask ( > { > EFI_STATUS Status; > EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; > + EFI_TCG2_EVENT_ALGORITHM_BITMAP BiosHashAlgorithmBitmap; > UINT32 TpmActivePcrBanks; > UINT32 NewTpmActivePcrBanks; > UINT32 Tpm2PcrMask; > @@ -273,16 +274,27 @@ SyncPcrAllocationsAndPcrMask ( > // Determine the current TPM support and the Platform PCR mask. > // > Status =3D Tpm2GetCapabilitySupportedAndActivePcrs > (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks); > + > ASSERT_EFI_ERROR (Status); > + > + DEBUG ((EFI_D_INFO, "Tpm2GetCapabilitySupportedAndActivePcrs - > TpmHashAlgorithmBitmap: 0x%08x\n", TpmHashAlgorithmBitmap)); > + DEBUG ((EFI_D_INFO, "Tpm2GetCapabilitySupportedAndActivePcrs - > TpmActivePcrBanks 0x%08x\n", TpmActivePcrBanks)); >=20 > Tpm2PcrMask =3D PcdGet32 (PcdTpm2HashMask); > if (Tpm2PcrMask =3D=3D 0) { > // > // if PcdTPm2HashMask is zero, use ActivePcr setting > // > + DEBUG ((EFI_D_VERBOSE, "Initializing PcdTpm2HashMask to > TpmActivePcrBanks 0x%08x\n", TpmActivePcrBanks)); > PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); > + DEBUG ((EFI_D_VERBOSE, "Initializing Tpm2PcrMask to TpmActivePcrBank= s > 0x%08x\n", Tpm2PcrMask)); > Tpm2PcrMask =3D TpmActivePcrBanks; > } > + > + BiosHashAlgorithmBitmap =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap); > + DEBUG ((EFI_D_INFO, "PcdTcg2HashAlgorithmBitmap 0x%08x\n", > BiosHashAlgorithmBitmap)); > + DEBUG ((EFI_D_INFO, "Tpm2PcrMask 0x%08x\n", Tpm2PcrMask)); // Active > PCR banks from TPM input > + DEBUG ((EFI_D_INFO, "TpmActivePcrBanks & BiosHashAlgorithmBitmap =3D > 0x%08x\n", NewTpmActivePcrBanks)); >=20 > // > // Find the intersection of Pcd support and TPM support. > @@ -294,9 +306,12 @@ SyncPcrAllocationsAndPcrMask ( > // If there are active PCR banks that are not supported by the Platfor= m mask, > // update the TPM allocations and reboot the machine. > // > - if ((TpmActivePcrBanks & Tpm2PcrMask) !=3D TpmActivePcrBanks) { > + if (((TpmActivePcrBanks & Tpm2PcrMask) !=3D TpmActivePcrBanks) || > + ((TpmActivePcrBanks & BiosHashAlgorithmBitmap) !=3D TpmActivePcrBa= nks)) { > NewTpmActivePcrBanks =3D TpmActivePcrBanks & Tpm2PcrMask; > + NewTpmActivePcrBanks &=3D BiosHashAlgorithmBitmap; >=20 > + DEBUG ((EFI_D_INFO, "NewTpmActivePcrBanks 0x%08x\n", > NewTpmActivePcrBanks)); > DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\= n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); > if (NewTpmActivePcrBanks =3D=3D 0) { > DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a les= s > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > @@ -331,6 +346,7 @@ SyncPcrAllocationsAndPcrMask ( > } >=20 > Status =3D PcdSet32S (PcdTpm2HashMask, NewTpm2PcrMask); > + DEBUG ((EFI_D_INFO, "Setting PcdTpm2Hash Mask to 0x%08x\n", > NewTpm2PcrMask)); > ASSERT_EFI_ERROR (Status); > } > } > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > index 06c26a2904..17ad116126 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > @@ -86,6 +86,7 @@ > ## SOMETIMES_CONSUMES > ## SOMETIMES_PRODUCES > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask > + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap = ## > CONSUMES >=20 > [Depex] > gEfiPeiMasterBootModePpiGuid AND > -- > 2.31.1.windows.1