Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[202405][Rebase&&FF] Everything MS Changes #311

Merged
merged 12 commits into from
Aug 10, 2024
Merged

[202405][Rebase&&FF] Everything MS Changes #311

merged 12 commits into from
Aug 10, 2024

Conversation

Flickdm
Copy link
Member

@Flickdm Flickdm commented Jul 30, 2024
edited
Loading

0461663

Description

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

How This Was Tested

Local CI

Integration Instructions

N/A

@github-actions github-actions bot added the impact:non-functional Does not have a functional impact label Jul 30, 2024
os-d
os-d reviewed Jul 30, 2024
View reviewed changes
SecurityPkg/Include/Library/Tcg2PreUefiEventLogLib.h Outdated Show resolved Hide resolved
SecurityPkg/Include/Library/Tpm2CommandLib.h Outdated Show resolved Hide resolved
SecurityPkg/Include/Library/Tpm2CommandLib.h Outdated Show resolved Hide resolved
SecurityPkg/SecurityPkg.ci.yaml Outdated Show resolved Hide resolved
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c Outdated Show resolved Hide resolved
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c Outdated Show resolved Hide resolved
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c Outdated Show resolved Hide resolved
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c Outdated Show resolved Hide resolved
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c Outdated Show resolved Hide resolved
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf Outdated Show resolved Hide resolved
@Flickdm Flickdm force-pushed the cherry-pick/release/202405/feature/ms-changes branch 2 times, most recently from acc8bc1 to 9ca5e19 Compare July 30, 2024 19:12
@Flickdm Flickdm force-pushed the cherry-pick/release/202405/feature/ms-changes branch 4 times, most recently from f6724b7 to 9c633e5 Compare July 31, 2024 00:35
Flickdm
Flickdm commented Jul 31, 2024
View reviewed changes
SecurityPkg/SecurityPkg.dsc Outdated Show resolved Hide resolved
@Flickdm Flickdm force-pushed the cherry-pick/release/202405/feature/ms-changes branch 8 times, most recently from 3cabe69 to 4e623f3 Compare August 1, 2024 20:46
@Flickdm Flickdm marked this pull request as ready for review August 1, 2024 20:46
@Flickdm Flickdm requested review from makubacki and os-d August 1, 2024 20:47
os-d
os-d approved these changes Aug 1, 2024
View reviewed changes
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c Outdated Show resolved Hide resolved
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c Outdated Show resolved Hide resolved
SecurityPkg/SecurityPkg.dec Outdated Show resolved Hide resolved
@Flickdm Flickdm force-pushed the cherry-pick/release/202405/feature/ms-changes branch 3 times, most recently from 46f0be1 to f4aab82 Compare August 1, 2024 21:32
@Flickdm Flickdm force-pushed the cherry-pick/release/202405/feature/ms-changes branch 2 times, most recently from c4e73b0 to 1b08b94 Compare August 8, 2024 23:24
@codecov-commenter
Copy link

codecov-commenter commented Aug 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 75 lines in your changes missing coverage. Please review.

Please upload report for BASE (release/202405@2cb135b). Learn more about missing BASE report.

Files Patch % Lines
...g2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c 0.00% 29 Missing ⚠️
...urityPkg/Library/AuthVariableLib/AuthVariableLib.c 0.00% 19 Missing ⚠️
...sicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c 0.00% 15 Missing ⚠️
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c 0.00% 12 Missing ⚠️
Additional details and impacted files 
@@               Coverage Diff                @@
##             release/202405    #311   +/-   ##
================================================
  Coverage                  ?   0.54%           
================================================
  Files                     ?     147           
  Lines                     ?   34764           
  Branches                  ?     167           
================================================
  Hits                      ?     190           
  Misses                    ?   34466           
  Partials                  ?     108
Flag Coverage Δ
SecurityPkg 0.54% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Flickdm Flickdm force-pushed the cherry-pick/release/202405/feature/ms-changes branch from 50acf3d to 1d47375 Compare August 10, 2024 00:52
@Flickdm Flickdm enabled auto-merge (squash) August 10, 2024 00:58
Bret Barkelew and others added 12 commits August 9, 2024 17:59
@Flickdm
SecurityPkg: Comment out print indicating rebooting the system after
fecb34c 
TPM2 changes
@Flickdm
SecurityPkg: Update DSC to include additional libraries and PCDs
14e14eb 
Adds the following:
    + SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
    + SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
    + SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
    + SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
@Flickdm
SecurityPkg: Add Debug Message to show the TPM2 PCR bank info
ed5f6c7 
Add a debug message to show the TPM2 PCR bank info in Tcg2Dxe.
Prints out both the TpmHashalgorithmBitmap and the Pcr banks.
@Flickdm
SecurityPkg: Check for Tpm2GetCapabilitySupportedAndActivePcrs()
5bcabe1 
This replaces a assert for a proper runtime check for the status of
Tpm2GetCapabilitySupportedAndActivePcrs()
@Flickdm
SecurityPkg: Add support for checking if hash algorithms are supported
d3ab135 
This commit adds support to Tpm2Help.c to query the TPM for supported
hash algorithms.
@Flickdm
SecurityPkg: Create Tcg2PreUefiEventLogLib interface
66dd5fd 
This change describes the interface that should be published by
instances of the Tcg2PreUefiEventLogLib. This library can be used
to publish TPM EventLog entries for measurements that may have been
made prior to driver initialization
@Flickdm
SecurityPkg: Do not allow SecureBootEnable to override mPlatformMode
4922cf6 
Ensures that if SecureBootEnable is found and mPlatformMode is USER_MODE
that SecureBootEnable == SECURE_BOOT_MODE_ENABLE.
@Flickdm
SecurityPkg: Use helper function to display confirmation dialog
a598db7 
The code to display the confirmation dialog is moved to a helper function
to make the code more readable and maintainable. This is for
DxeTcg2PhysicalPresenceLib.
@Flickdm
SecurityPkg: Do not allow Flags to bypass confirmation in Production
a486470 
Adds a flag to disable TCG2 flags from bypassing confirmation in
production mode.
@Flickdm
SecurityPkg: Disable physical presence in production mode
e0a5cb0
@Flickdm
SecurityPkg: Make TPM2_Startup() return an error
699235c 
The TPM2_Startup() function is called in the Tcg2Pei driver to start the
TPM. The function is expected to return an error if the TPM is not in
the correct state.
@Flickdm
SecurityPkg: Override change for DxeTcg2PhysicalPresenceLib.inf
b542b90 
Since the commit:

"SecurityPkg: Do not allow Flags to bypass confirmation in Production"

modified DxeTcg2PhysicalPresenceLib.inf the override in
DxeTcg2PhysicalPresenceMinimumLib.inf needs to be updated to reflect the
changes.
@Flickdm Flickdm force-pushed the cherry-pick/release/202405/feature/ms-changes branch from 1d47375 to b542b90 Compare August 10, 2024 00:59
@Flickdm Flickdm merged commit 2f03c18 into microsoft:release/202405 Aug 10, 2024
18 checks passed
@Flickdm Flickdm deleted the cherry-pick/release/202405/feature/ms-changes branch August 10, 2024 01:22
Flickdm
Flickdm commented Sep 12, 2024
View reviewed changes
SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -1241,4 +1241,24 @@ Tpm2PcrReadForActiveBank (
OUT TPML_DIGEST *HashList
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigate Tianocore version of the different options for the PCR banks. If rotten throw away otherwise upstream

Flickdm
Flickdm commented Sep 12, 2024
View reviewed changes
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -46,6 +46,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// MU_CHANGE [BEGIN] - Add the OemTpm2InitLib
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirm if we're using the Tianocore edk2 version of this - if so check if it works for us. If upstream is acceptable don't upstream. If we remove this, this is a breaking change in 202405-dev and eventually 202411. If downstream consumers cannot resolve this - they cannot move to 202411.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MuTcg2Protocol -Audit

Flickdm
Flickdm commented Sep 12, 2024
View reviewed changes
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -212,6 +212,25 @@ AuthVariableLibInitialize (
if (!EFI_ERROR (Status)) {
if (mPlatformMode == USER_MODE) {
SecureBootEnable = *(UINT8 *)Data;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

potentially can't upstream - may want to keep as one of our changes

Flickdm
Flickdm commented Sep 12, 2024
View reviewed changes
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni
@@ -12,8 +12,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

look at physical presence spec - this was potentially implemented for tablets. this may require spec change. look for a different commit / or make change that pushes this logic up to allow platforms to make changes. This may need to be a library allowing edk2 to use their own strings and a platform their own

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfernald cfernald cfernald left review comments

@apop5 apop5 apop5 approved these changes

@os-d os-d os-d approved these changes

@makubacki makubacki makubacki approved these changes

Assignees
No one assigned
Labels
impact:non-functional Does not have a functional impact
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Flickdm @codecov-commenter @cfernald @makubacki @os-d @apop5