[edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098)
Guomin Jiang
guomin.jiang at intel.com
Thu Jul 2 05:21:31 UTC 2020
Hi everybody,
I am sorry for bothering you, I just want to reminder you that I want catch those change up next stable tag.
So I hope that you can give me some comments or reviewed-by.
Appreciate it.
> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Guomin
> Jiang
> Sent: Thursday, July 2, 2020 1:15 PM
> To: devel at edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Wu, Hao A
> <hao.a.wu at intel.com>; Bi, Dandan <dandan.bi at intel.com>; Gao, Liming
> <liming.gao at intel.com>; De, Debkumar <debkumar.de at intel.com>; Han,
> Harry <harry.han at intel.com>; West, Catharine <catharine.west at intel.com>;
> Dong, Eric <eric.dong at intel.com>; Ni, Ray <ray.ni at intel.com>; Laszlo Ersek
> <lersek at redhat.com>; Kumar, Rahul1 <rahul1.kumar at intel.com>; Yao,
> Jiewen <jiewen.yao at intel.com>; Zhang, Chao B <chao.b.zhang at intel.com>;
> Zhang, Qi1 <qi1.zhang at intel.com>
> Subject: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to
> permanent memory (CVE-2019-11098)
>
> The TOCTOU vulnerability allow that the physical present person to replace
> the code with the normal BootGuard check and PCR0 value.
> The issue occur when BootGuard measure IBB and access flash code after
> NEM disable.
> the reason why we access the flash code is that we have some pointer to
> flash.
> To avoid this vulnerability, we need to convert those pointers, the patch
> series do this work and make sure that no code will access flash address.
>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Hao A Wu <hao.a.wu at intel.com>
> Cc: Dandan Bi <dandan.bi at intel.com>
> Cc: Liming Gao <liming.gao at intel.com>
> Cc: Debkumar De <debkumar.de at intel.com>
> Cc: Harry Han <harry.han at intel.com>
> Cc: Catharine West <catharine.west at intel.com>
> Cc: Eric Dong <eric.dong at intel.com>
> Cc: Ray Ni <ray.ni at intel.com>
> Cc: Laszlo Ersek <lersek at redhat.com>
> Cc: Rahul Kumar <rahul1.kumar at intel.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Chao Zhang <chao.b.zhang at intel.com>
> Cc: Qi Zhang <qi1.zhang at intel.com>
>
> Guomin Jiang (5):
> MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash
> (CVE-2019-11098)
> SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash
> (CVE-2019-11098)
> MdeModulePkg/Core: Add switch to enable or disable TOCTOU feature
> (CVE-2019-11098)
> UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI
> (CVE-2019-11098)
> UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU
> (CVE-2019-11098)
>
> Jian J Wang (1):
> MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot
> (CVE-2019-11098)
>
> Michael Kubacki (3):
> MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore
> (CVE-2019-11098)
> UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support
> (CVE-2019-11098)
> UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)
>
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 +
> MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 +-
> MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417
> ++++++++++++++++++
> MdeModulePkg/Core/Pei/Image/Image.c | 115 +++++
> MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++
> MdeModulePkg/Core/Pei/PeiMain.h | 169 +++++++
> MdeModulePkg/Core/Pei/PeiMain.inf | 3 +
> MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 17 +
> MdeModulePkg/Core/Pei/Ppi/Ppi.c | 287 ++++++++++++
> MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 +
> MdeModulePkg/MdeModulePkg.dec | 8 +
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +-
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 +
> UefiCpuPkg/CpuMpPei/CpuMpPei.c | 40 +-
> UefiCpuPkg/CpuMpPei/CpuMpPei.h | 13 +
> UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 3 +
> UefiCpuPkg/CpuMpPei/CpuPaging.c | 31 +-
> UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++
> .../Ia32/ArchExceptionHandler.c | 4 +-
> .../SecPeiCpuException.c | 2 +-
> UefiCpuPkg/SecCore/SecCore.inf | 2 +
> UefiCpuPkg/SecCore/SecMain.c | 26 +-
> UefiCpuPkg/SecCore/SecMain.h | 1 +
> UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 374 ++++++++++++++++
> UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 +++++++
> .../SecMigrationPei/SecMigrationPei.inf | 68 +++
> .../SecMigrationPei/SecMigrationPei.uni | 13 +
> UefiCpuPkg/UefiCpuPkg.dec | 4 +
> UefiCpuPkg/UefiCpuPkg.dsc | 1 +
> 29 files changed, 1947 insertions(+), 16 deletions(-) create mode 100644
> MdeModulePkg/Include/Guid/MigratedFvInfo.h
> create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni
>
> --
> 2.25.1.windows.1
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#61951): https://edk2.groups.io/g/devel/message/61951
Mute This Topic: https://groups.io/mt/75252659/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list