Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move measurevariable #470

Merged
merged 5 commits into from
Feb 5, 2024
Merged

Move measurevariable #470

merged 5 commits into from
Feb 5, 2024

Conversation

Wenxing-hou
Copy link
Member

No description provided.

@Wenxing-hou Wenxing-hou marked this pull request as draft January 26, 2024 09:01
@Wenxing-hou Wenxing-hou force-pushed the move_measurevariable branch 2 times, most recently from 670ccfb to 7ce7bad Compare January 30, 2024 10:07
@Wenxing-hou Wenxing-hou marked this pull request as ready for review January 30, 2024 10:08
jyao1
jyao1 reviewed Jan 31, 2024
View reviewed changes
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2333,6 +2334,36 @@ MeasureAllSecureVariables (
DEBUG ((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));
}

//
// Meaurement UEFI device signature database
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check AuthLib as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I have added the measure.

jyao1
jyao1 reviewed Feb 2, 2024
View reviewed changes
MdePkg/MdePkg.dec Outdated
#
## GUID used to specify section with devdb content
## Include/Guid/DeviceAuthentication.h
gEdkiiDeviceSignatureDatabaseGuid = {0xb9c2b4f4, 0xbf5f, 0x462d, {0x8a, 0xdf, 0xc5, 0xc7, 0xa, 0xc3, 0x5d, 0xad}}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why use Edkii as prefix?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have fixed the name.

Zhiqiang520
Zhiqiang520 reviewed Feb 2, 2024
View reviewed changes
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c Outdated
Status = MeasureVariable (
PCR_INDEX_FOR_SIGNATURE_DB,
EV_EFI_SPDM_DEVICE_POLICY,
EDKII_DEVICE_SECURITY_DATABASE,
Copy link

@Zhiqiang520 Zhiqiang520 Feb 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think here EDKII_DEVICE_SECURITY_DATABASE should be changed to EFI_DEVICE_SECURITY_DATABASE.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. I have fixed the name error.

@Wenxing-hou
MdeModulePkg:Add PcdEnableSpdmDeviceAuhenticaion and variable udpate …
e432780 
…measure

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
@Wenxing-hou
MdePkg: Move gEdkiiDeviceSignatureDatabaseGuid to MdePkg
9aeae8d 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
@Wenxing-hou
SecurityPkg: Add PcdEnableSpdmDeviceAuhenticaion and check
4ac59de 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
@Wenxing-hou
SecurityPkg/Tcg2Dxe: Add EV_EFI_SPDM_DEVICE_POLICY measure
2425a73 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
@Wenxing-hou
Change prefix
642b52f 
Change gEdkiiDeviceSignatureDatabaseGuid and
EDKII_DEVICE_SECURITY_DATABASE prefix

Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
@jyao1 jyao1 merged commit 87090d3 into tianocore:DeviceSecurity Feb 5, 2024
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zhiqiang520 Zhiqiang520 Zhiqiang520 left review comments

@jyao1 jyao1 Awaiting requested review from jyao1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Wenxing-hou @jyao1 @Zhiqiang520