[edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098)

Guomin Jiang guomin.jiang at intel.com
Thu Jul 2 05:21:31 UTC 2020 

Hi everybody,

I am sorry for bothering you, I just want to reminder you that I want catch those change up next stable tag.
So I hope that you can give me some comments or reviewed-by.

Appreciate it.

> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Guomin
> Jiang
> Sent: Thursday, July 2, 2020 1:15 PM
> To: devel at edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Wu, Hao A
> <hao.a.wu at intel.com>; Bi, Dandan <dandan.bi at intel.com>; Gao, Liming
> <liming.gao at intel.com>; De, Debkumar <debkumar.de at intel.com>; Han,
> Harry <harry.han at intel.com>; West, Catharine <catharine.west at intel.com>;
> Dong, Eric <eric.dong at intel.com>; Ni, Ray <ray.ni at intel.com>; Laszlo Ersek
> <lersek at redhat.com>; Kumar, Rahul1 <rahul1.kumar at intel.com>; Yao,
> Jiewen <jiewen.yao at intel.com>; Zhang, Chao B <chao.b.zhang at intel.com>;
> Zhang, Qi1 <qi1.zhang at intel.com>
> Subject: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to
> permanent memory (CVE-2019-11098)
> 
> The TOCTOU vulnerability allow that the physical present person to replace
> the code with the normal BootGuard check and PCR0 value.
> The issue occur when BootGuard measure IBB and access flash code after
> NEM disable.
> the reason why we access the flash code is that we have some pointer to
> flash.
> To avoid this vulnerability, we need to convert those pointers, the patch
> series do this work and make sure that no code will access flash address.
> 
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Hao A Wu <hao.a.wu at intel.com>
> Cc: Dandan Bi <dandan.bi at intel.com>
> Cc: Liming Gao <liming.gao at intel.com>
> Cc: Debkumar De <debkumar.de at intel.com>
> Cc: Harry Han <harry.han at intel.com>
> Cc: Catharine West <catharine.west at intel.com>
> Cc: Eric Dong <eric.dong at intel.com>
> Cc: Ray Ni <ray.ni at intel.com>
> Cc: Laszlo Ersek <lersek at redhat.com>
> Cc: Rahul Kumar <rahul1.kumar at intel.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Chao Zhang <chao.b.zhang at intel.com>
> Cc: Qi Zhang <qi1.zhang at intel.com>
> 
> Guomin Jiang (5):
>   MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash
>     (CVE-2019-11098)
>   SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash
>     (CVE-2019-11098)
>   MdeModulePkg/Core: Add switch to enable or disable TOCTOU feature
>     (CVE-2019-11098)
>   UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI
>     (CVE-2019-11098)
>   UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU
>     (CVE-2019-11098)
> 
> Jian J Wang (1):
>   MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot
>     (CVE-2019-11098)
> 
> Michael Kubacki (3):
>   MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore
>     (CVE-2019-11098)
>   UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support
>     (CVE-2019-11098)
>   UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)
> 
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |   3 +
>  MdeModulePkg/Core/DxeIplPeim/DxeLoad.c        |   2 +-
>  MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417
> ++++++++++++++++++
>  MdeModulePkg/Core/Pei/Image/Image.c           | 115 +++++
>  MdeModulePkg/Core/Pei/Memory/MemoryServices.c |  82 ++++
>  MdeModulePkg/Core/Pei/PeiMain.h               | 169 +++++++
>  MdeModulePkg/Core/Pei/PeiMain.inf             |   3 +
>  MdeModulePkg/Core/Pei/PeiMain/PeiMain.c       |  17 +
>  MdeModulePkg/Core/Pei/Ppi/Ppi.c               | 287 ++++++++++++
>  MdeModulePkg/Include/Guid/MigratedFvInfo.h    |  22 +
>  MdeModulePkg/MdeModulePkg.dec                 |   8 +
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c             |  31 +-
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf           |   1 +
>  UefiCpuPkg/CpuMpPei/CpuMpPei.c                |  40 +-
>  UefiCpuPkg/CpuMpPei/CpuMpPei.h                |  13 +
>  UefiCpuPkg/CpuMpPei/CpuMpPei.inf              |   3 +
>  UefiCpuPkg/CpuMpPei/CpuPaging.c               |  31 +-
>  UefiCpuPkg/Include/Ppi/RepublishSecPpi.h      |  54 +++
>  .../Ia32/ArchExceptionHandler.c               |   4 +-
>  .../SecPeiCpuException.c                      |   2 +-
>  UefiCpuPkg/SecCore/SecCore.inf                |   2 +
>  UefiCpuPkg/SecCore/SecMain.c                  |  26 +-
>  UefiCpuPkg/SecCore/SecMain.h                  |   1 +
>  UefiCpuPkg/SecMigrationPei/SecMigrationPei.c  | 374 ++++++++++++++++
> UefiCpuPkg/SecMigrationPei/SecMigrationPei.h  | 170 +++++++
>  .../SecMigrationPei/SecMigrationPei.inf       |  68 +++
>  .../SecMigrationPei/SecMigrationPei.uni       |  13 +
>  UefiCpuPkg/UefiCpuPkg.dec                     |   4 +
>  UefiCpuPkg/UefiCpuPkg.dsc                     |   1 +
>  29 files changed, 1947 insertions(+), 16 deletions(-)  create mode 100644
> MdeModulePkg/Include/Guid/MigratedFvInfo.h
>  create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni
> 
> --
> 2.25.1.windows.1
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#61951): https://edk2.groups.io/g/devel/message/61951
Mute This Topic: https://groups.io/mt/75252659/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list