From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id B1CDAAC0E4C for ; Wed, 17 Jan 2024 08:15:38 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=8krYOxDo2RbY34XXU8wD4N6Tke4Ol+kjTjcH4rLbrAo=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1705479337; v=1; b=W6OZxLvKnYrq0u8fzd/tURA/2e8FsZPy82SF3zkglxDbS/i+4hk/8LWysGMlCO5VW8WauaFB HwsiYA+Cpo+kDU6gH00l1Z7NodkAf4Wt6W1n08o7iVtY53kAJlQ9+d87rBCTXQmFD/xzSKtGg7r NNJWszG3GuM0VSnwe8GYsM/U= X-Received: by 127.0.0.2 with SMTP id jeiZYY7687511xNEMYtHMc4n; Wed, 17 Jan 2024 00:15:37 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.4741.1705479336654573288 for ; Wed, 17 Jan 2024 00:15:36 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10955"; a="466486102" X-IronPort-AV: E=Sophos;i="6.05,200,1701158400"; d="scan'208";a="466486102" X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2024 00:15:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10955"; a="1115605287" X-IronPort-AV: E=Sophos;i="6.05,200,1701158400"; d="scan'208";a="1115605287" X-Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga005.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 17 Jan 2024 00:15:04 -0800 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 17 Jan 2024 00:15:04 -0800 X-Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 17 Jan 2024 00:15:03 -0800 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 17 Jan 2024 00:15:03 -0800 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 17 Jan 2024 00:15:03 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TOXWjXGnf/1S8ix8jllV7H6/IjvhAekkmWyeFAjBogXRVamrn5Ny4LhfYs+7NYZmM7j8wQpRBbk0fjjyX16+wJy4Opkv+VGHkGpIxDcRksTgZ7GESBOIv6BG/3Misyc0dqgH3Nr3jr59CAC53lu9rMHAVoV88F8MlpQMcUopPfGCn3qO+JFREHyEStfga2LSbfue+I64WZ5AcOu+LSsNB67MNPc0DbD8ADPNLxlHbiUXHjURALjdefVu8niTXXqe0eGYDOF+biy6s7uOii1KPLDaTdMfcfUp0EcJwM+NdtcRauJvWzZRaMZN5znh0QjlQr7TMkTTw1m5+tMEl/khxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zp9F22fz3Wodlwn+8q1oRbCaUGWJ4yFrH6pGuuGW4JA=; b=N0G8edEuHbSswfp1mqybD7M3DGmG7duVbUd23f9XMjeLWRNFidw6xgetFf67OxSlw+oEj2cCIK9l2hcg/P1KF4t3750H6Y26TbMaBkGm/NWyh0droVpa2Yze+f4FNisv6dKSUpF5l+vmxhBZ6vodkAnwp6jWigYB4BbgsLNt9X+WK02qWB+0Am1EsLwtXE4yijiZy+zUMLnEPZaAdLHuIRy8rc6YHLTsDngOWSS1HnwQgURN1NLuWmBS43CiXEHnknAavm39uuSZO9MDcTNKPSVspj2FfBCZegf5gugxTuwJA+lZfO6PkqFrdPxKamDEv4OftWNQtOesf85joU3nnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com (2603:10b6:a03:45a::10) by SA1PR11MB5827.namprd11.prod.outlook.com (2603:10b6:806:236::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.23; Wed, 17 Jan 2024 08:15:00 +0000 X-Received: from SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::c9e4:c4a2:dd30:3ec5]) by SJ1PR11MB6227.namprd11.prod.outlook.com ([fe80::c9e4:c4a2:dd30:3ec5%4]) with mapi id 15.20.7181.026; Wed, 17 Jan 2024 08:15:00 +0000 From: "Li, Yi" To: "Yao, Jiewen" , "devel@edk2.groups.io" , Gerd Hoffmann CC: "dougflick@microsoft.com" , "Douglas Flick [MSFT]" Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Topic: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Thread-Index: AQHaRLo65kqNPAWQ/EurLYl0cPys1LDcXdsAgAAZGICAABHyAIAAAOGAgAEW6gCAAA6hgIAAAEyA Date: Wed, 17 Jan 2024 08:15:00 +0000 Message-ID: References: <2t6cs4djbxujhdglj5ok4y4we6jhnemgztttetunda3hv4zef5@cn4jew2nlhud> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SJ1PR11MB6227:EE_|SA1PR11MB5827:EE_ x-ms-office365-filtering-correlation-id: 9b23f2e3-1f67-4b73-5451-08dc1734668f x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: qQimfWHbCtUt1ZNMAZ24QhJaeJPDE7t9gapu2Wc/FPZP19XoIkO0Lx2/+0BRU85iGfHEFRsLbQjbZ+TcCTrOAgrjm+u+iXJ30/Vsf0ccvDIPrTl+1xMQjKK+k4IpKRz/MjvI6YzzzupLGeTUiDsA5Wugk37bP9AafbAHQA7hVIbHlLc/nxnNgenbchhQVAMqqROzL4Q+D92gLfAuPk/mSqv/CTkXR7DMnz1Aj20/RRgMpCdEYb1fOV+Hn6r6eHbE/GsBIBh3+lDQoK+jcyoucM0faHNtHM33ber6yguhr08mRP4vyfQ3Co5RIlKzI72Up6btCD2c/x1i7l5/6XfzGUQIwczNwD9htm8HuK+IF0/k08bIY5QZuyJhWWuCVen+7b7GgKoTrJq1PqDT7dhb26MVDujSsA9WAsuNE8YP+7Z5lewuQSu218u/tEFO/JlrPcMK8mi/BUoHl/EBNyyLR2SE70yVWVaSdFVkPlNAckTvcU22NhtKOTaYZ8Mo/UtLDGWt7u6sBL7kaR8sy6LLqcdlLO2YPoRx2oWTC2MbXAK3Ylu+WZ/73BOJj62ROvMRQVJkdFyfoP/e72j+kAeQaBSt4rnmYCsfK67JY6DQt53an1EzZIWWR3LxXcF5iyZ+P5zJA5cCUFkdvkqmzIK0OQ== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?5b4uyRa64OtmMP05cjDih37MpW9ut9pu3XZlaJ46z4zEOhGtEXjublgr4LBp?= =?us-ascii?Q?kzIAKBlfOToXtDmj9zyiQZwVH9WajaDRo1dmu0wqNL7rWRbTpd0thyGsO44S?= =?us-ascii?Q?HhMfMiu7llpa22UhqXntFo5vB+eETL8FuDbJT565/NncBoQcZ8/CL9cnEkaX?= =?us-ascii?Q?CG67uX2wtN+Lg5QXOnBAxnlZB2u5WLJt4jP8alY6B9fW00e9C3DMw5kopYBe?= =?us-ascii?Q?w+eMdOIlni7V7c+goxzDvaeHcdF3orih/FYiBdMqLpE+4JxKg38ImGVXpG0y?= =?us-ascii?Q?iqpxagDvvlUu/oJ20TQUly6r0OJUJm9xOi/ZYAqrVmFvf6L3NKCZf2lDzRB+?= =?us-ascii?Q?DB8RGLxsXkG+6RaK+/6STcUEqGvXAPntmaLbUlbu8ja7/XEn41Vb15r69prX?= =?us-ascii?Q?WSiILxyeev0HyVOfS5TQ0gEWXPWW4i84Ln+AXV5FO3eZEpPERAQzgFZOuoiY?= =?us-ascii?Q?VX3baBdcGVT82aOOWGZGrtW8jPINF3H//pOlCU/B9n6fAeR5Py/nM2QXoy2O?= =?us-ascii?Q?gWxMPJcDiFx0H2ctsN8PyGrgA2dqalvF6pVngtwGEUqwIDIj2ug1xEgRiQhO?= =?us-ascii?Q?lCi5oV2e2bEEJwinc72AMf2siS11461AhECh07TxBis2yQWyNdp4Ih53l+Mu?= =?us-ascii?Q?dDreOnBDx4sMh57qSRP4KXaKC2uZhsxj2MVK91fmPyhaYG0VjNYNPSmoUx/T?= =?us-ascii?Q?66F5lUDSFzU0dGVcakSkkza7mlFvKBW4Yu5p6TRkFmK8hvM84Nd/DM8x1yGN?= =?us-ascii?Q?Sjs/n4qGt8aq/YmHpUy3e0VnaT8gwXRecOql8i8YO4S5wJe13aNlRfM9oO+Y?= =?us-ascii?Q?cobeXu7JtISxvhlViapRhp5DS4R8T8N9Y3gMTzEAjjWfnw1JF9fazi+DzODj?= =?us-ascii?Q?pFweoKBM6t4bvl8cwlKPNNJ8VsrBxgfuLRPVPLu7VV/y+hF/Dcoq1gXTfaa2?= =?us-ascii?Q?TUuI/cQZgmbDBYfUH1Tu0+gRe3gHMMGIH2m4FyYlJ1WDyr8DWyWv5w2pqeSN?= =?us-ascii?Q?IoOMU31OZts5KV+KShOGeKiCbc+b1UYwb+QMlUF61BNXbjWV/ZuBgyenQarY?= =?us-ascii?Q?WHKgXWCKQmUpbhDoYZXW8oXlhUxuTW2ea3RDqBscDOBcvvIy9lszNRLt679w?= =?us-ascii?Q?mdOvklzsuq2vqSPBTcCaHxSVrj6SPlJw1X//C9uPHmvSl9TlF3fENSsZYXhh?= =?us-ascii?Q?kASMfXrKHVTPZUydJWq6RwraI5+c+GSK7O7znzE/4N+ZDIUSnsmdPT9vRINx?= =?us-ascii?Q?P9xvWmTucmiZ0uRENZa+hhjhr1qCqa0JUE0+qbDDcXzItIoegGaNEFeEP+8R?= =?us-ascii?Q?7+XYfxpFjGz3amIMmcVDj1C5GwkiDLA9HSiR5LjHQmlKn/61B29LkgEx22AR?= =?us-ascii?Q?yEXKFDTy5YDcIGoHLCHjhNMvJiwJx7woaWW8zZHV/NJzdUZSnTOQ9Sxqe4+u?= =?us-ascii?Q?Kbqn80+c25Aoc2ewld2lvnZaMQ7OVkgLB2f0LHgQc5F9SoxmXmmryHu/L7NN?= =?us-ascii?Q?XPe8j+mIkKt50jdAYrI1crpjnc/By11GyxMsT0JiCHDAyrkpRVd7HnEY2Icx?= =?us-ascii?Q?HypFr3YCT47eHBocqsg=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ1PR11MB6227.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9b23f2e3-1f67-4b73-5451-08dc1734668f X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jan 2024 08:15:00.5570 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: murlS5b6nZgNrj6ndvgpSAzn3M3kpe6+Iyj8cBQPioqG9+i+9QZueJWF64UM/5Ns0Uumj5zd89uEpFYRCWuCng== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB5827 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,yi1.li@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 55T51SWyFASdgz1gXWdDKplMx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=W6OZxLvK; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Jiewen, Sounds strange, but new PRs in today all broken due to this issue, e.g.: https://github.com/tianocore/edk2/pull/5210 https://github.com/tianocore/edk2/pull/5268 I checked build log, it matched the description from Gerd: https://dev.azure.com/tianocore/11ea4a10-ac9f-4e5f-8b13-7def1f19d478/_apis/= build/builds/114097/logs/350 2024-01-17T04:09:52.5996237Z INFO - /usr/bin/ld: DxeTpm2MeasureBootLibSanit= ization.obj (symbol from plugin): in function `SanitizeEfiPartitionTableHea= der': 2024-01-17T04:09:52.6010570Z INFO - (.text+0x0): multiple definition of `Sa= nitizeEfiPartitionTableHeader'; DxeTpmMeasureBootLibSanitization.obj (symbo= l from plugin):(.text+0x0): first defined here 2024-01-17T04:09:52.6020435Z INFO - /usr/bin/ld: DxeTpm2MeasureBootLibSanit= ization.obj (symbol from plugin): in function `SanitizeEfiPartitionTableHea= der': 2024-01-17T04:09:52.6030987Z INFO - (.text+0x0): multiple definition of `Sa= nitizePrimaryHeaderAllocationSize'; DxeTpmMeasureBootLibSanitization.obj (s= ymbol from plugin):(.text+0x0): first defined here 2024-01-17T04:09:52.6040167Z INFO - /usr/bin/ld: DxeTpm2MeasureBootLibSanit= ization.obj (symbol from plugin): in function `SanitizeEfiPartitionTableHea= der': 2024-01-17T04:09:52.6050625Z INFO - (.text+0x0): multiple definition of `Sa= nitizePrimaryHeaderGptEventSize'; DxeTpmMeasureBootLibSanitization.obj (sym= bol from plugin):(.text+0x0): first defined here 2024-01-17T04:09:52.6061966Z INFO - /usr/bin/ld: DxeTpm2MeasureBootLibSanit= ization.obj (symbol from plugin): in function `SanitizeEfiPartitionTableHea= der': 2024-01-17T04:09:52.6072661Z INFO - (.text+0x0): multiple definition of `Sa= nitizePeImageEventSize'; DxeTpmMeasureBootLibSanitization.obj (symbol from = plugin):(.text+0x0): first defined here 2024-01-17T04:10:12.9532147Z INFO - build.py... 2024-01-17T04:10:12.9593220Z INFO - : error 7000: Failed to execute comman= d 2024-01-17T04:10:23.2054653Z INFO - build.py... 2024-01-17T04:10:23.2055014Z INFO - : error F002: Failed to build module 2024-01-17T04:10:23.2055379Z INFO - /__w/1/s/MdeModulePkg/Universal/Securi= tyStubDxe/SecurityStubDxe.inf [X64, GCC5, DEBUG] -----Original Message----- From: Yao, Jiewen =20 Sent: Wednesday, January 17, 2024 4:09 PM To: Li, Yi1 ; devel@edk2.groups.io; Gerd Hoffmann Cc: dougflick@microsoft.com; Douglas Flick [MSFT] Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Please check https://github.com/tianocore/edk2/pull/5264. It is merged afte= r pass CI. May I know where you see PR CI builds are broken? Thank you Yao, Jiewen > -----Original Message----- > From: Li, Yi1 > Sent: Wednesday, January 17, 2024 3:21 PM > To: devel@edk2.groups.io; Yao, Jiewen ; Gerd=20 > Hoffmann > Cc: dougflick@microsoft.com; Douglas Flick [MSFT]=20 > > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 &=20 > TCBZ4118 >=20 > Hi Jiewen, >=20 > All EDK2 PR CI builds of OvmfPkg are broken due to this issue. > Maybe we didn't have enough time to wait feedback and should fix the=20 > CI issue first. >=20 > Regards, > Yi >=20 > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao,=20 > Jiewen > Sent: Tuesday, January 16, 2024 10:38 PM > To: Gerd Hoffmann ; devel@edk2.groups.io > Cc: dougflick@microsoft.com; Douglas Flick [MSFT]=20 > > Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 &=20 > TCBZ4118 >=20 > Sure. Let's start from OVMF. >=20 > We have leaf enough time for feedback, but I see no comment from other pe= ople. >=20 >=20 > > -----Original Message----- > > From: Gerd Hoffmann > > Sent: Tuesday, January 16, 2024 10:35 PM > > To: devel@edk2.groups.io; Yao, Jiewen > > Cc: dougflick@microsoft.com; Douglas Flick [MSFT]=20 > > > > Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117=20 > > & > > TCBZ4118 > > > > On Tue, Jan 16, 2024 at 01:30:43PM +0000, Yao, Jiewen wrote: > > > Gerd > > > I have merged this patch set today. > > > > > > I am fine to remove TPM1.2 in OVMF because of the known security > limitation. > > > > I was thinking about the complete edk2 code base not only OVMF. > > > > But I can surely start with OVMF. Maybe it is the only platform=20 > > affected because on physical hardware you usually know whenever TPM > > 1.2 or TPM 2.0 is present so there is no need to include both. > > > > take care, > > Gerd >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113937): https://edk2.groups.io/g/devel/message/113937 Mute This Topic: https://groups.io/mt/103675434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-