Hi Zhichao Thanks for the patch. I gave Reviewed-by because the Bugzilla only mentioned DxeImageVerificationLib.
As a full solution to remove SHA1 from SecureBoot, I think we should also remove SHA1 from AuthVariableLib. Any plan on that? Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen > Sent: Monday, September 7, 2020 10:16 AM > To: Gao, Zhichao <zhichao....@intel.com>; devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Xu, Min M <min.m...@intel.com>; > Zhang, Qi1 <qi1.zh...@intel.com> > Subject: Re: [edk2-devel] [PATCH] SecurityPkg/DxeImageVerificationLib: Disable > SHA1 base on MACRO > > Reviewed-by: Jiewen Yao <jiewen....@intel.com> > > > -----Original Message----- > > From: Gao, Zhichao <zhichao....@intel.com> > > Sent: Monday, August 31, 2020 1:13 PM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J > <jian.j.w...@intel.com>; > > Xu, Min M <min.m...@intel.com>; Zhang, Qi1 <qi1.zh...@intel.com> > > Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on > > MACRO > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2943 > > > > Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. > > SHA1 is deprecated function and the MACRO is used to remove the whole > > implementation of the SHA1. For the platforms that do not need SHA1 > > for security, the MACRO should works for DxeImageVerificationLib as > > well. > > > > Signed-off-by: Zhichao Gao <zhichao....@intel.com> > > Cc: Jiewen Yao <jiewen....@intel.com> > > Cc: Jian J Wang <jian.j.w...@intel.com> > > Cc: Min Xu <min.m...@intel.com> > > Cc: Qi Zhang <qi1.zh...@intel.com> > > --- > > .../DxeImageVerificationLib/DxeImageVerificationLib.c | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git > > a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > > b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > > index b08fe24e85..7871220140 100644 > > --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > > +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > > @@ -59,7 +59,11 @@ UINT8 mHashOidValue[] = { > > }; > > > > HASH_TABLE mHash[] = { > > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES > > { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, > > Sha1Update, Sha1Final }, > > +#else > > + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, > > NULL, > > NULL }, > > +#endif > > { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, > > NULL, > > NULL }, > > { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, > > Sha256Update, Sha256Final}, > > { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, > > Sha384Update, Sha384Final}, > > @@ -315,10 +319,12 @@ HashPeImage ( > > ZeroMem (mImageDigest, MAX_DIGEST_SIZE); > > > > switch (HashAlg) { > > +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES > > case HASHALG_SHA1: > > mImageDigestSize = SHA1_DIGEST_SIZE; > > mCertType = gEfiCertSha1Guid; > > break; > > +#endif > > > > case HASHALG_SHA256: > > mImageDigestSize = SHA256_DIGEST_SIZE; > > -- > > 2.21.0.windows.1 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#65071): https://edk2.groups.io/g/devel/message/65071 Mute This Topic: https://groups.io/mt/76528676/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
