From nobody Mon Feb  9 23:39:04 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+98526+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+98526+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1673825278; cv=none;
	d=zohomail.com; s=zohoarc;
	b=U8QLIj14ue/HStaXyRMsUWWYZYGzXgIjd0wNKj/FICuP7Brjt/qQvYd5ZDOl33aVzYfEpu402V0YwmjEuyMkMk4Ox6G0ITFe3xkQaHCvF9vNQdGOa0Yap32V3nSoYp568y3PN27S4U1OASCJxinH7d5VNGN6YOmFCF4YZ+lsASg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1673825278;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=PwCnnllbSwkdjQIMB4Kxduu2pZJh9lCT0x6sDUFhv5U=;
	b=PEnqmuBf1F/UM70quT8FZDg0q8VN4tzQqAYRqhMDAV4dV0TYsI9LxHqQAfHrGkenlqpKBxkcUg6SJmpaXFSPCztLoGDTxoKzyv0ecE2f2Hi5Yx06CHkCsAu+ku/OHWgOA8rvUxbVS99kbTAi52liIqK3gCp/DibQfSnB/KWBTgk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+98526+1787277+3901457@groups.io;
	dmarc=fail header.from=<min.m.xu@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1673825278545306.993479180352;
 Sun, 15 Jan 2023 15:27:58 -0800 (PST)
Return-Path: <bounce+27952+98526+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id 066kYY1788612x5TQZCsjTk6;
 Sun, 15 Jan 2023 15:27:58 -0800
X-Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web10.153809.1673825274206247621
 for <devel@edk2.groups.io>;
 Sun, 15 Jan 2023 15:27:57 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="304050378"
X-IronPort-AV: E=Sophos;i="5.97,219,1669104000";
   d="scan'208";a="304050378"
X-Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 15 Jan 2023 15:27:57 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10591"; a="652092346"
X-IronPort-AV: E=Sophos;i="5.97,219,1669104000";
   d="scan'208";a="652092346"
X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.76])
  by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 15 Jan 2023 15:27:56 -0800
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min M Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [edk2-devel] [PATCH V1 2/3] SecurityPkg/TdTcg2Dxe: Extend EFI boot
 variable to PCR[1]
Date: Mon, 16 Jan 2023 07:27:38 +0800
Message-Id: <20230115232739.415-3-min.m.xu@intel.com>
In-Reply-To: <20230115232739.415-1-min.m.xu@intel.com>
References: <20230115232739.415-1-min.m.xu@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,min.m.xu@intel.com
X-Gm-Message-State: F4tWImz13sKq43h89obdqBOIx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1673825278;
 bh=+xEmAmv99RWqcDrCJbd1UF9pDIsPrA1L1LV8wzNdCtM=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=kU59Q5wCF/srmmoDyYkoRsGplVKNyEgXaY1JmNcSU+zuiZ4S/L5qyKjSBPLVWi//FUt
 ReO7CL2prBZiCVTtEXYPJPC0Lr0ge/iJNuqfZtoU12w52cQwbDhMJiUTD89zpQhaZhlHM
 0ruXh652g3vu0RMf9OWixLAu2Ml782iVHUE=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1673825278950100006
Content-Type: text/plain; charset="utf-8"

From: Min M Xu <min.m.xu@intel.com>

According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable
should be measured and extended to PCR[1], not PCR[5]. This patch is
proposed to fix this error.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/SecurityPkg/Tcg/TdTcg2=
Dxe/TdTcg2Dxe.c
index d19923b0c682..59341a8c0250 100644
--- a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
+++ b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
@@ -1873,12 +1873,8 @@ ReadAndMeasureBootVariable (
   OUT     VOID      **VarData
   )
 {
-  //
-  // Boot variables are measured into (PCR[5]) RTMR[1],
-  // details in section 8.1 of TDVF design guide.
-  //
   return ReadAndMeasureVariable (
-           MapPcrToMrIndex (5),
+           MapPcrToMrIndex (1),
            EV_EFI_VARIABLE_BOOT,
            VarName,
            VendorGuid,
--=20
2.29.2.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98526): https://edk2.groups.io/g/devel/message/98526
Mute This Topic: https://groups.io/mt/96296909/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-