REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3923 According to definition of PcdTpm2HashMask, the mask reflects the PCR banks which need to be extended. In the Tcg2Pei SyncPcrAllocationsAndPcrMask function, we are setting PcdTpm2HashMask to match the active PCR banks, but this will only occur if the mask was originally set to 0. Always syncing the PcdTpm2HashMask to the active PCR banks in the TPM. Only then we do see the computed hashes are limited to those PCRs which are active.
Cc: Jiewen Yao <jiewen....@intel.com> Cc: Qi Zhang <qi1.zh...@intel.com> Signed-off-by: Snehal Kangralkar <snehal.kangral...@intel.com> Snehal Kangralkar (1): SecurityPkg : Sync PcdTpm2HashMask to the active PCR banks in the TPM SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#91018): https://edk2.groups.io/g/devel/message/91018 Mute This Topic: https://groups.io/mt/92157476/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
