From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.8137.1654763452221188709 for ; Thu, 09 Jun 2022 01:30:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=BGoCxWpY; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654763452; x=1686299452; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=JITtf7x+Ag1cYU+CqVxumA/BJYx8HnqLSNSbH4z3XGw=; b=BGoCxWpYZkO7yc6eJCAye9gWjfnC0HDJRqeAkuDUzcPbcodEF1Bxxgjx MWtDnbPDFnWjYTdDkeLLGIzhjNo+VhvuRfnebnp6RDnbb6rgLTHCcHzVw zpwKwE6zfNMElkKSnN+4RoE9rzZdpYzNDrn5hRfeKrSr6TJJ15ZKZnt+Y QkWM7+DjdF4yjB0YoaRRICWisCnBvSmZTvNsuwRlLPBXt8R7X0xOb5LKB 2/lHYQwj67dubLb+UESO6wMIa94gIG4yagOfzwKgKX0aeNp0utIVsKpq6 Q8YhMQJvVis/bzG0ns+5R3u+E7GhJvuAAS0xoyeep7UjxN5STT7+dk/7k A==; X-IronPort-AV: E=McAfee;i="6400,9594,10372"; a="265984791" X-IronPort-AV: E=Sophos;i="5.91,287,1647327600"; d="scan'208";a="265984791" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jun 2022 01:30:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,287,1647327600"; d="scan'208";a="533475889" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga003.jf.intel.com with ESMTP; 09 Jun 2022 01:30:49 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 9 Jun 2022 01:30:48 -0700 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Thu, 9 Jun 2022 01:30:48 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Thu, 9 Jun 2022 01:30:48 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.109) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Thu, 9 Jun 2022 01:30:47 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=havVjldoQaq6mY9dDCVhxfqYm92sEcFGiX/Zwo7CC6RXWRBjrpgQPDHp1IJY+80SYs+b/tHa+E7nPs2IBUPip3lP1zh/XtF4Qz5HCh+JvjA9Td0ingg+EtYQH2Nxuyn/lBq9w1MkJrvfV8Vy/04ryu/1lyinuK5NgKUgjabI6jjoDKgPe6DmIU9YCpgVyrDZ0Nkh4rTp6SVslOgRAxQJc9dxIX9UhUXIz4qV/rvSDPS0IUmtTzRKo7wqHpCrborBW8jF52caet9X+N9cqsaJ0UQbub23Z3E/JCuAfaRF927DqxKgFZdSbL1dzbhwxWsDfoJxNy6YmGDBfpnNpiluhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=B4MTJEXatrw9Gsuv3S8lrSQzdqJXOrj6lpSks3kFIgQ=; b=G5oHcdLmLB30fCq9v0G10c87zJCkcHAOlYG6BCPx8ScDJPANWlqiSu+Dp7l+uSmVCBinTsdH3aTrZENYcHEH2lsAjKKJ2bY6LoABhtLz0ZDsl0yJq9z+P89XsSTNsFzmO9UxdEtp0iJ9HfaB7JtExf+WwixRMhfIdC+8o4lKEp3t8SzU2Wi4aGUTWv4hSOwNBYPMQ6pze1JAgBDOM6xVttnCO2PBAI8w8B7k+jpoMurRRZvePzjvo/H8aYH9Tff62An/4WxCGDsFyvu5syKxa1foA+unciCwqG81LH14QIUgwZztCJ6zYo4Qmbau2+g8Tcd8NS7njD0GTGIxDj/Kjw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by DM5PR1101MB2155.namprd11.prod.outlook.com (2603:10b6:4:5b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.13; Thu, 9 Jun 2022 08:30:46 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::1844:3fca:639e:7c56]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::1844:3fca:639e:7c56%7]) with mapi id 15.20.5314.019; Thu, 9 Jun 2022 08:30:45 +0000 From: "Min Xu" To: "Vang, Judah" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Yao, Jiewen" , "Mistry, Nishant C" Subject: Re: [PATCH v3 17/28] SecurityPkg: Add Protected Variable Services Thread-Topic: [PATCH v3 17/28] SecurityPkg: Add Protected Variable Services Thread-Index: AQHYe8ayK/KMmYIfzE+mhfFjNVuDga1GvJxw Date: Thu, 9 Jun 2022 08:30:45 +0000 Message-ID: References: <20220609060322.3491-1-judah.vang@intel.com> <20220609060322.3491-18-judah.vang@intel.com> In-Reply-To: <20220609060322.3491-18-judah.vang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.500.17 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ad34cc92-9674-49d6-950f-08da49f25974 x-ms-traffictypediagnostic: DM5PR1101MB2155:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1wgeYUdP9uvDwQImSi1Ys+bvQ8kXkHfxZ+vWCW1s40TEIH72JszuID9Q9N803+46twZ4YLCpyzivLXZmqWrQdPMXevYcLZDeHo/cxMPVEtbaSZNp+Wd7bjgNvtPl/xFNa8FXmLVLJAqLFiMpVAsdp0T7qbA99ExQEGVj0jP5odW34RKK7AGmEeyxhqAV3YJAb4Xu7ZWpfaP/Uk7VVAmUZy9x/HSEXjapFITGLuv4L3I8SMPypx/xfHfFiL1RtjKNreegBxYqdQNfs3OmkMSIY6WyfT4rn3062o9MI1Jyi8rPNjUf7zPZsyOJzXT1WLddLgCbiRmvrVC7/1d4LP9RjbqzLKxQUVClA6GfjxxEp8ZzIEMtuZ8IKPOGCZ54/xzxadW3gcds2Eu9xjfd3ThGk8dXM9vBYsa/VlNVEPaCr6nQwICCjNf0Mbrx7OrarQ0UfeSzgVFStngvX1HQU8AR4fBUWGtpUat++pet+nIClsWsQQEn5tfs8TjW4x7LNAypUAyfM0X4kPhj2BAaqc+fmjASkvdRZOAYxbVoNdUpKi93ty3+AL76YuHWfdZN1yHRRilTPIchR58F4AdCCOXIMg0CSfJ8ykYiO6dIKEV+cv5sObsVNy/bLvE6sOrk8QBvRj6gXANgvFv280+sjgD4oiCfL55TvCSI7qlw5XlENvvv2vJ7fxYO/M+CaI0HtSDhTcl9UQ6oIFM99iZXqvZdBOYfFIModIwIHlq5oUicx/Vz3Ne+qSdTZfqtC4bnf50hD0WcbrKElNy4+dWCGi8qdrn7OGsSmDo5+bF2OsT3/qo= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(4744005)(316002)(8936002)(2906002)(33656002)(7696005)(83380400001)(9686003)(26005)(966005)(5660300002)(38100700002)(71200400001)(82960400001)(38070700005)(54906003)(6506007)(122000001)(15650500001)(52536014)(55016003)(186003)(86362001)(66556008)(66476007)(66446008)(8676002)(64756008)(107886003)(4326008)(76116006)(66946007)(110136005)(508600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?k5jJN1K2s/9D70MBYQP1Ax9kJP/3POdlQgjn6+SD1J5sYYbfSYhcy4sQwiI6?= =?us-ascii?Q?c8XtHU8mfURlZ595D0H9dwRcCsvCblgXrQmSFizF3l6D75zDrfMdcSjDUCXt?= =?us-ascii?Q?Z8coMdvt5hn0XEzdLMrQKVfPZZxqLoGrkM86Ar4i10WwMes/OT0SFvghKtqE?= =?us-ascii?Q?3S3zqDXoW1gix44f0Ho6lgAeGTWEvQr5JRqzvTm6ev2ktqCgxZU1iElSFkTk?= =?us-ascii?Q?J4XY70vtPAiXKSPgvfPO9+7wEUEOTF9Wph97i1gYbXmL6CwVeOjRZAaIA6gc?= =?us-ascii?Q?dGaS1LAESJVYdh4ZztUwADeQZ81HI99QMJkI3GP8LD65U3yJRQbVouckf0Tn?= =?us-ascii?Q?MwaQ9gnQpuqzI5070DWm2QpRJyJVHudPe5jj+lqziiPCzzPbstvI186Gk50x?= =?us-ascii?Q?QfJZ7lDDlrYv33KgngjvxSmQ17wzgXe6pPQKnSa2JJZ49aVYXcFoYGIOUyn6?= =?us-ascii?Q?V/WQ8Sg6RaKO48Wf1R9FdOjrYz4LgdOf4JufsxVNF6jeMi+myRYD5YM7J5RU?= =?us-ascii?Q?fZMoPtA/ItNH5eWCWxEk4afJtVtM8tI6E/bn6m3p5NeF3SNhv6tnr1jW34fj?= =?us-ascii?Q?38xbLM+atwqRJplgBv/to4M5UrDuYz+5ZWGfrvcW6hT/BW+kAcBchu4++sDe?= =?us-ascii?Q?AuGePtWL55hDcG3JlBGA+E7PjT+w2tC+FsSR+8wnZKB243aef8JE6YnkS4jR?= =?us-ascii?Q?Is8NoQoQsga9T95ZTldH+QpIp1KD7vU70SRfdO8vn0QyYuGnyEBtkmcD0w+O?= =?us-ascii?Q?rwlIxaAzSmQLYYSDnf6eOcn/ETcguwD0UtfpcSw5KYAoXd+FtRWUsuxc5Cwu?= =?us-ascii?Q?I7kV5sLkWZSluz8ySGb5qAu433X2DsvSpXZ7FLHQQBtKGPSecMFfXD/O5lSR?= =?us-ascii?Q?xJ2SQoltWluJnwm/+PQALzT+nZvTjTFULoFsVmUYy+jpCTbYpMHI91BWIZEq?= =?us-ascii?Q?z16Gtr9EgJnJ3PT13yUtNmK4559b0jURdaXQTB7zEiOxO4vzIroI/6MkG/FR?= =?us-ascii?Q?95gK+v0ZTkJBeGk4hSR3Ngtu5irBxFfQ2p1wi40PFJSiwEwxb/eW2dja/T2z?= =?us-ascii?Q?d3AcN9yDMDaNT5mk84ijwQFRb0X7uR1uCaX+UVZyLBlQ7WQ7aZKpV0qinfND?= =?us-ascii?Q?T4Q+Og+0IyfuTf5h7q4wG1MTTw4D3v7aIdsKuVtLymqS4u9sEp1E2iQCm9o+?= =?us-ascii?Q?4qXJe/NLjhio7goppvk8rHU6Wg4n9fjH28q+Yp2QPsGmC9IKATUgYzg+UT7A?= =?us-ascii?Q?FjfBZWk1sahRb4BlXdkPqvAAsV3vsD+xZNgJjbK8lfwnqTnzN75+LUo+N3wq?= =?us-ascii?Q?ryrShrG2PZZMxGLHiQEsvBScjVKTfO3q8eXDIK0Z0CWI/t6kghDjHU0zeAEC?= =?us-ascii?Q?sDjx0boihBxQrHX1LforXrwmzgp5GHEPKvEiHKhB4b94/cXL5E5NiC1KwAMi?= =?us-ascii?Q?6BuE5go+6Mz5CyyGZNa2WkalvE+SvT0dixbMu5Bv4DDthfckmCj2vWdOAH97?= =?us-ascii?Q?+Bi5hfb0XfrkXLEtX3mgHJSWfIeKezYk1rUl8y6JPBRsdtz07ac2GfCMyhlC?= =?us-ascii?Q?746k5bzZFM2u55HXcmzMNjrBlSJ11YLPnR8QScLqVUrbOUoWSQWnD1Al7zWG?= =?us-ascii?Q?/3+p0vID2UAz2n+m6jbhGgA3Djd3JBPcLeZLqwNOkC/SHzPflg8vYbf9IDrt?= =?us-ascii?Q?8/0DE0AFNFZhQB8+Ph35Sqjp+KEXaMmpIcjZQDbeB0mjxD5xGGvSwVoMDQhW?= =?us-ascii?Q?CFFzZy89iQ=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad34cc92-9674-49d6-950f-08da49f25974 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2022 08:30:45.7447 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: lOnSF/tg3nLLAT4vqkCC4TRMon2TuLcCPe9RTD90LG+Amd1RO0CW0/ybrBS3MhDK+uL35YEQUxUI/81MQ0y5Ag== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2155 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On June 9, 2022 2:03 PM, Vang, Judah wrote: >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 >=20 > V3: Change placement of buffer used for confidentiality crypto > operation to fix an issue when enabling confidentiality. Remove > un-needed increment of monotonic counter. >=20 > V1: Add Protected Variable Services across the different UEFI phases. > Functions includes creating variable digest, performing integrity > check, initializing protected variables, updating protected > variables, and verifying the MetaDataHmacVar variable. > This module prevents UEFI variable tampering. It provides > variable integrity and confidentiality. >=20 It seems there are 4 .inf in one patch and almost 6000 lines changes. - DxeProtectedVariableLib.inf - PeiProtectedVariableLib.inf - SmmProtectedVariableLib.inf - SmmRuntimeProtectedVariableLib.inf Can these 4 .inf be split into 4 patches? So that it is easier for the comm= unity to review. Thanks Min