Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-17 Thread Doug Flick via groups.io
Linking this here https://edk2.groups.io/g/devel/message/113966 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113970): https://edk2.groups.io/g/devel/message/113970 Mute This Topic: https://groups.io/mt/103675434/21656 Group Owner:

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-17 Thread Doug Flick via groups.io
I'll propose a patch to correct this. Building against Ovmf now to confirm it corrects the issue. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113958): https://edk2.groups.io/g/devel/message/113958 Mute This Topic:

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-17 Thread Yao, Jiewen
Yao, Jiewen > Cc: Li, Yi1 ; dougfl...@microsoft.com; Douglas Flick [MSFT] > > Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & > TCBZ4118 > > On Wed, Jan 17, 2024 at 08:23:19AM +, Yao, Jiewen wrote: > > That is weird. > > It seems we need to

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-17 Thread Gerd Hoffmann
On Wed, Jan 17, 2024 at 08:23:19AM +, Yao, Jiewen wrote: > That is weird. > It seems we need to merge Gerd's patch soon - > https://github.com/tianocore/edk2/pull/5265 to unblock CI. > > Hi Gerd > Would you please confirm what test you have done for removing TPM1.2? > Does TPM2.0 in OvmfPkg

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-17 Thread Yao, Jiewen
; > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 > > Hi Jiewen, > > Sounds strange, but new PRs in today all broken due to this issue, e.g.: > https://github.com/tianocore/edk2/pull/5210 >

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-17 Thread Li, Yi
2.groups.io; Yao, Jiewen ; Gerd > Hoffmann > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] > > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & > TCBZ4118 > > Hi Jiewen, > > All EDK2 PR CI builds of OvmfPkg are broken due to this issue. >

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-17 Thread Yao, Jiewen
iewen ; Gerd Hoffmann > > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 > > Hi Jiewen, > > All EDK2 PR CI builds of OvmfPkg are broken due to this issue. > Maybe we didn't have enough tim

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-16 Thread Li, Yi
To: Gerd Hoffmann ; devel@edk2.groups.io Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 Sure. Let's start from OVMF. We have leaf enough time for feedback, but I see no comment from other people. > -Original

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-16 Thread Yao, Jiewen
las Flick [MSFT] > Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & > TCBZ4118 > > On Tue, Jan 16, 2024 at 01:30:43PM +, Yao, Jiewen wrote: > > Gerd > > I have merged this patch set today. > > > > I am fine to remove TPM1.2 i

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-16 Thread Gerd Hoffmann
On Tue, Jan 16, 2024 at 01:30:43PM +, Yao, Jiewen wrote: > Gerd > I have merged this patch set today. > > I am fine to remove TPM1.2 in OVMF because of the known security limitation. I was thinking about the complete edk2 code base not only OVMF. But I can surely start with OVMF. Maybe it

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-16 Thread Yao, Jiewen
oft.com > Cc: Douglas Flick [MSFT] ; Yao, Jiewen > > Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 > > On Thu, Jan 11, 2024 at 10:16:00AM -0800, Doug Flick via groups.io wrote: > > This patch series include the combined / merged security patches &

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-16 Thread Gerd Hoffmann
On Thu, Jan 11, 2024 at 10:16:00AM -0800, Doug Flick via groups.io wrote: > This patch series include the combined / merged security patches > (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118 > (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib. > These patches

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-15 Thread Yao, Jiewen
Merged https://github.com/tianocore/edk2/pull/5264 > -Original Message- > From: Douglas Flick [MSFT] > Sent: Friday, January 12, 2024 2:16 AM > To: devel@edk2.groups.io > Cc: Douglas Flick [MSFT] ; Yao, Jiewen > > Subject: [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 > > This patch

[edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-12 Thread Doug Flick via groups.io
This patch series include the combined / merged security patches (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118 (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib. These patches have already been reviewed by SecurityPkg Maintainer (Jiewen) on GHSA. This patch

Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118

2024-01-11 Thread Yao, Jiewen
Hi Doug Thanks for the fix. Please remember to CC all SecurityPkg maintainer and reviewer. I will merge after several days to see if there is any additional feedback from the community. Thank you Yao, Jiewen > -Original Message- > From: Douglas Flick [MSFT] > Sent: Friday, January