Gerd I have merged this patch set today. I am fine to remove TPM1.2 in OVMF because of the known security limitation.
Thank you Yao, Jiewen > -----Original Message----- > From: Gerd Hoffmann <kra...@redhat.com> > Sent: Tuesday, January 16, 2024 8:01 PM > To: devel@edk2.groups.io; dougfl...@microsoft.com > Cc: Douglas Flick [MSFT] <doug.e...@gmail.com>; Yao, Jiewen > <jiewen....@intel.com> > Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 > > On Thu, Jan 11, 2024 at 10:16:00AM -0800, Doug Flick via groups.io wrote: > > This patch series include the combined / merged security patches > > (as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118 > > (CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib. > > These patches have already been reviewed by SecurityPkg Maintainer > > (Jiewen) on GHSA. > > This patch series breaks ovmf build (duplicate symbols) in case both > TPM2 and TPM1 support are enabled (-D TPM2_ENABLE=TRUE > -DTPM1_ENABLE=TRUE). Compiling with TPM2 only (-D TPM2_ENABLE=TRUE > -DTPM1_ENABLE=FALSE) works fine. > > I see two options to deal with the problem: > > (1) Rename the Sanitize* functions in the TPM2 version of the library > to carry a '2' somewhere in the function name, simliar to all other > TPM2 functions, to avoid the name clash. > (2) Remove TPM1 support from the edk2 code base. The relevance of > TPM 1.2 support should be close to zero given that the TPM 2.0 > specification was released almost a decade ago ... > > take care, > Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113898): https://edk2.groups.io/g/devel/message/113898 Mute This Topic: https://groups.io/mt/103675434/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
