That is weird. It seems we need to merge Gerd's patch soon - https://github.com/tianocore/edk2/pull/5265 to unblock CI.
Hi Gerd Would you please confirm what test you have done for removing TPM1.2? Does TPM2.0 in OvmfPkg still work? Hi Doug I cannot tell why CI passed before but failed now. But it does seems a big issue now. Would you please propose a patch to resolve it? Just rename the symbol. Thank you Yao, Jiewen > -----Original Message----- > From: Li, Yi1 <yi1...@intel.com> > Sent: Wednesday, January 17, 2024 4:15 PM > To: Yao, Jiewen <jiewen....@intel.com>; devel@edk2.groups.io; Gerd Hoffmann > <kra...@redhat.com> > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] <doug.e...@gmail.com> > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 > > Hi Jiewen, > > Sounds strange, but new PRs in today all broken due to this issue, e.g.: > https://github.com/tianocore/edk2/pull/5210 > https://github.com/tianocore/edk2/pull/5268 > > > I checked build log, it matched the description from Gerd: > https://dev.azure.com/tianocore/11ea4a10-ac9f-4e5f-8b13- > 7def1f19d478/_apis/build/builds/114097/logs/350 > 2024-01-17T04:09:52.5996237Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6010570Z INFO - (.text+0x0): multiple definition of > `SanitizeEfiPartitionTableHeader'; DxeTpmMeasureBootLibSanitization.obj > (symbol from plugin):(.text+0x0): first defined here > 2024-01-17T04:09:52.6020435Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6030987Z INFO - (.text+0x0): multiple definition of > `SanitizePrimaryHeaderAllocationSize'; DxeTpmMeasureBootLibSanitization.obj > (symbol from plugin):(.text+0x0): first defined here > 2024-01-17T04:09:52.6040167Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6050625Z INFO - (.text+0x0): multiple definition of > `SanitizePrimaryHeaderGptEventSize'; DxeTpmMeasureBootLibSanitization.obj > (symbol from plugin):(.text+0x0): first defined here > 2024-01-17T04:09:52.6061966Z INFO - /usr/bin/ld: > DxeTpm2MeasureBootLibSanitization.obj (symbol from plugin): in function > `SanitizeEfiPartitionTableHeader': > 2024-01-17T04:09:52.6072661Z INFO - (.text+0x0): multiple definition of > `SanitizePeImageEventSize'; DxeTpmMeasureBootLibSanitization.obj (symbol > from plugin):(.text+0x0): first defined here > 2024-01-17T04:10:12.9532147Z INFO - build.py... > 2024-01-17T04:10:12.9593220Z INFO - : error 7000: Failed to execute command > 2024-01-17T04:10:23.2054653Z INFO - build.py... > 2024-01-17T04:10:23.2055014Z INFO - : error F002: Failed to build module > 2024-01-17T04:10:23.2055379Z INFO - > /__w/1/s/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.i > nf [X64, GCC5, DEBUG] > > -----Original Message----- > From: Yao, Jiewen <jiewen....@intel.com> > Sent: Wednesday, January 17, 2024 4:09 PM > To: Li, Yi1 <yi1...@intel.com>; devel@edk2.groups.io; Gerd Hoffmann > <kra...@redhat.com> > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] <doug.e...@gmail.com> > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & TCBZ4118 > > Please check https://github.com/tianocore/edk2/pull/5264. It is merged after > pass CI. > > May I know where you see PR CI builds are broken? > > Thank you > Yao, Jiewen > > > -----Original Message----- > > From: Li, Yi1 <yi1...@intel.com> > > Sent: Wednesday, January 17, 2024 3:21 PM > > To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com>; Gerd > > Hoffmann <kra...@redhat.com> > > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] > > <doug.e...@gmail.com> > > Subject: RE: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & > > TCBZ4118 > > > > Hi Jiewen, > > > > All EDK2 PR CI builds of OvmfPkg are broken due to this issue. > > Maybe we didn't have enough time to wait feedback and should fix the > > CI issue first. > > > > Regards, > > Yi > > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, > > Jiewen > > Sent: Tuesday, January 16, 2024 10:38 PM > > To: Gerd Hoffmann <kra...@redhat.com>; devel@edk2.groups.io > > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] > > <doug.e...@gmail.com> > > Subject: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 & > > TCBZ4118 > > > > Sure. Let's start from OVMF. > > > > We have leaf enough time for feedback, but I see no comment from other > people. > > > > > > > -----Original Message----- > > > From: Gerd Hoffmann <kra...@redhat.com> > > > Sent: Tuesday, January 16, 2024 10:35 PM > > > To: devel@edk2.groups.io; Yao, Jiewen <jiewen....@intel.com> > > > Cc: dougfl...@microsoft.com; Douglas Flick [MSFT] > > > <doug.e...@gmail.com> > > > Subject: Re: Re: [edk2-devel] [PATCH 0/6] SECURITY PATCHES TCBZ4117 > > > & > > > TCBZ4118 > > > > > > On Tue, Jan 16, 2024 at 01:30:43PM +0000, Yao, Jiewen wrote: > > > > Gerd > > > > I have merged this patch set today. > > > > > > > > I am fine to remove TPM1.2 in OVMF because of the known security > > limitation. > > > > > > I was thinking about the complete edk2 code base not only OVMF. > > > > > > But I can surely start with OVMF. Maybe it is the only platform > > > affected because on physical hardware you usually know whenever TPM > > > 1.2 or TPM 2.0 is present so there is no need to include both. > > > > > > take care, > > > Gerd > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113938): https://edk2.groups.io/g/devel/message/113938 Mute This Topic: https://groups.io/mt/103675434/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
