[edk2-devel] [PATCH V2 1/1] SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1]

Yao, Jiewen jiewen.yao at intel.com
Wed Jan 18 00:15:26 UTC 2023 

Reviewed-by: Jiewen Yao <Jiewen.yao at intel.com>

> -----Original Message-----
> From: Xu, Min M <min.m.xu at intel.com>
> Sent: Wednesday, January 18, 2023 7:53 AM
> To: devel at edk2.groups.io
> Cc: Xu, Min M <min.m.xu at intel.com>; Yao, Jiewen <jiewen.yao at intel.com>;
> Wang, Jian J <jian.j.wang at intel.com>
> Subject: [PATCH V2 1/1] SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to
> PCR[1]
> 
> From: Min M Xu <min.m.xu at intel.com>
> 
> According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable
> should be measured and extended to PCR[1], not PCR[5]. This patch is
> proposed to fix this error.
> 
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Reviewed-by: Jiewen Yao <jiewen.yao at intel.com>
> Signed-off-by: Min Xu <min.m.xu at intel.com>
> ---
>  SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
> b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
> index d19923b0c682..59341a8c0250 100644
> --- a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
> +++ b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
> @@ -1873,12 +1873,8 @@ ReadAndMeasureBootVariable (
>    OUT     VOID      **VarData
>    )
>  {
> -  //
> -  // Boot variables are measured into (PCR[5]) RTMR[1],
> -  // details in section 8.1 of TDVF design guide.
> -  //
>    return ReadAndMeasureVariable (
> -           MapPcrToMrIndex (5),
> +           MapPcrToMrIndex (1),
>             EV_EFI_VARIABLE_BOOT,
>             VarName,
>             VendorGuid,
> --
> 2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98738): https://edk2.groups.io/g/devel/message/98738
Mute This Topic: https://groups.io/mt/96343925/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list