Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

["Li, Yi" <yi1.li@intel.com>]

Hi Jiewen,

All EDK2 PR CI builds of OvmfPkg are broken due to this issue.
Maybe we didn't have enough time to wait feedback and should fix the CI issue first.

Regards,
Yi

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Tuesday, January 16, 2024 10:38 PM
To: Gerd Hoffmann <kraxel@redhat.com>; devel@edk2.groups.io
Cc: dougflick@microsoft.com; Douglas Flick [MSFT] <doug.edk2@gmail.com>
Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

Sure. Let's start from OVMF.

We have leaf enough time for feedback, but I see no comment from other people.


> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Tuesday, January 16, 2024 10:35 PM
> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
> Cc: dougflick@microsoft.com; Douglas Flick [MSFT] 
> <doug.edk2@gmail.com>
> Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 &
> TCBZ4118
> 
> On Tue, Jan 16, 2024 at 01:30:43PM +0000, Yao, Jiewen wrote:
> > Gerd
> > I have merged this patch set today.
> >
> > I am fine to remove TPM1.2 in OVMF because of the known security limitation.
> 
> I was thinking about the complete edk2 code base not only OVMF.
> 
> But I can surely start with OVMF.  Maybe it is the only platform 
> affected because on physical hardware you usually know whenever TPM 
> 1.2 or TPM 2.0 is present so there is no need to include both.
> 
> take care,
>   Gerd








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113933): https://edk2.groups.io/g/devel/message/113933
Mute This Topic: https://groups.io/mt/103675434/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-