1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox

Qi Zhang posted 1 patch 3 years, 1 month ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/edk2 tags/patchew/20210317025632.3640-1-qi1.zhang@intel.com
There is a newer version of this series
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++
1 file changed, 2 insertions(+)
[edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox
Posted by Qi Zhang 3 years, 1 month ago 
wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
index 2946f95db0..81a4d3fa6a 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -710,9 +710,11 @@ SetConfigInfo (
   )
 {
   switch (TpmAlgHash) {
+#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
   case TPM_ALG_SHA1:
     Tcg2ConfigInfo->Sha1Supported = TRUE;
     break;
+#endif
   case TPM_ALG_SHA256:
     Tcg2ConfigInfo->Sha256Supported = TRUE;
     break;
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#72945): https://edk2.groups.io/g/devel/message/72945
Mute This Topic: https://groups.io/mt/81395026/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox
Posted by Yao, Jiewen 3 years, 1 month ago 
Thank you Qi. 

i recommend we file a bugzilla on the scope of the problem

After the scope is agreed, then you can send the patch. 

For example, I can ask why not remove the sha1supported field at all?

I hope the community can reach consensus on the problem statement at first. 


thank you!
Yao, Jiewen


> 在 2021年3月17日,上午10:56,Zhang, Qi1 <qi1.zhang@intel.com> 写道:
> 
> wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> ---
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++
> 1 file changed, 2 insertions(+)
> 
> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
> index 2946f95db0..81a4d3fa6a 100644
> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
> @@ -710,9 +710,11 @@ SetConfigInfo (
>   )
> {
>   switch (TpmAlgHash) {
> +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
>   case TPM_ALG_SHA1:
>     Tcg2ConfigInfo->Sha1Supported = TRUE;
>     break;
> +#endif
>   case TPM_ALG_SHA256:
>     Tcg2ConfigInfo->Sha256Supported = TRUE;
>     break;
> -- 
> 2.26.2.windows.1
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#72951): https://edk2.groups.io/g/devel/message/72951
Mute This Topic: https://groups.io/mt/81395026/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: hide PCR Bank SHA1 checkbox
Posted by Laszlo Ersek 3 years, 1 month ago 
On 03/17/21 05:19, Yao, Jiewen wrote:
> Thank you Qi. 
> 
> i recommend we file a bugzilla on the scope of the problem

I agree.

We already have a number of BZs related to the disablement of SHA1 and MD5:

https://bugzilla.tianocore.org/show_bug.cgi?id=1682
https://bugzilla.tianocore.org/show_bug.cgi?id=2943
https://bugzilla.tianocore.org/show_bug.cgi?id=3003
https://bugzilla.tianocore.org/show_bug.cgi?id=3021
https://bugzilla.tianocore.org/show_bug.cgi?id=3027
https://bugzilla.tianocore.org/show_bug.cgi?id=3079

We should certainly track the change for Tcg2Config too, in a new BZ.

Thanks
Laszlo

> 
> After the scope is agreed, then you can send the patch. 
> 
> For example, I can ask why not remove the sha1supported field at all?
> 
> I hope the community can reach consensus on the problem statement at first. 
> 
> 
> thank you!
> Yao, Jiewen
> 
> 
>> 在 2021年3月17日,上午10:56,Zhang, Qi1 <qi1.zhang@intel.com> 写道:
>>
>> wrap SHA1 related by DISABLE_SHA1_DEPRECATED_INTERFACES.
>>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Qi Zhang <qi1.zhang@intel.com>
>> Cc: Rahul Kumar <rahul1.kumar@intel.com>
>> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
>> ---
>> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
>> index 2946f95db0..81a4d3fa6a 100644
>> --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
>> +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
>> @@ -710,9 +710,11 @@ SetConfigInfo (
>>   )
>> {
>>   switch (TpmAlgHash) {
>> +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
>>   case TPM_ALG_SHA1:
>>     Tcg2ConfigInfo->Sha1Supported = TRUE;
>>     break;
>> +#endif
>>   case TPM_ALG_SHA256:
>>     Tcg2ConfigInfo->Sha256Supported = TRUE;
>>     break;
>> -- 
>> 2.26.2.windows.1
>>
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#72976): https://edk2.groups.io/g/devel/message/72976
Mute This Topic: https://groups.io/mt/81395026/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.