SECURITY PATCHES TCBZ4117 & TCBZ4118 #5264
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 6 commits
January 16, 2024 15:14
This commit contains the patch files and tests for DxeTpm2MeasureBootLib CVE 2022-36763. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
This commit contains the patch files and tests for DxeTpmMeasureBootLib CVE 2022-36763. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit contains the patch files and tests for DxeTpm2MeasureBootLib CVE 2022-36764. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit contains the patch files and tests for DxeTpmMeasureBootLib CVE 2022-36764. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch series include the combined / merged security patches
(as seperate commits) for TCBZ4117 (CVE-2022-36763) and TCBZ4118
(CVE-2022-36764) for DxeTpm2MeasureBootLib and DxeTpmMeasureBootLib.
These patches have already been reviewed by SecurityPkg Maintainer
(Jiewen) on GHSA.
This patch series (specifically TCBZ4117) supersedes TCBZ2168.
Cc: Jiewen Yao jiewen.yao@intel.com
Douglas Flick [MSFT] (6):
SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE
2022-36763
SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE
2022-36763
SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE
2022-36764
SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE
2022-36764
SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml
SecurityPkg/Test/SecurityPkgHostTest.dsc | 2 +
.../DxeTpm2MeasureBootLib.inf | 4 +-
...Tpm2MeasureBootLibSanitizationTestHost.inf | 28 ++
.../DxeTpmMeasureBootLib.inf | 4 +-
...eTpmMeasureBootLibSanitizationTestHost.inf | 28 ++
.../DxeTpm2MeasureBootLibSanitization.h | 139 +++++++
.../DxeTpmMeasureBootLibSanitization.h | 137 +++++++
.../DxeTpm2MeasureBootLib.c | 87 ++--
.../DxeTpm2MeasureBootLibSanitization.c | 319 +++++++++++++++
.../DxeTpm2MeasureBootLibSanitizationTest.c | 345 ++++++++++++++++
.../DxeTpmMeasureBootLib.c | 53 ++-
.../DxeTpmMeasureBootLibSanitization.c | 285 +++++++++++++
.../DxeTpmMeasureBootLibSanitizationTest.c | 387 ++++++++++++++++++
SecurityPkg/SecurityFixes.yaml | 36 ++
SecurityPkg/SecurityPkg.ci.yaml | 2 +
15 files changed, 1801 insertions(+), 55 deletions(-)
create mode 100644 SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2MeasureBootLibSanitizationTestHost.inf
create mode 100644 SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureBootLibSanitizationTestHost.inf
create mode 100644 SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.h
create mode 100644 SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitization.h
create mode 100644 SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.c
create mode 100644 SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2MeasureBootLibSanitizationTest.c
create mode 100644 SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitization.c
create mode 100644 SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureBootLibSanitizationTest.c
create mode 100644 SecurityPkg/SecurityFixes.yaml