[edk2-devel] [PATCH v5 0/9] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098)
Guomin Jiang
guomin.jiang at intel.com
Fri Jul 10 06:57:00 UTC 2020
I see it and will do it later.
I remind that everyone should pay attention to it as well.
Thanks.
> -----Original Message-----
> From: Laszlo Ersek <lersek at redhat.com>
> Sent: Friday, July 10, 2020 1:47 PM
> To: devel at edk2.groups.io; Jiang, Guomin <guomin.jiang at intel.com>
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Wu, Hao A
> <hao.a.wu at intel.com>; Bi, Dandan <dandan.bi at intel.com>; Gao, Liming
> <liming.gao at intel.com>; De, Debkumar <debkumar.de at intel.com>; Han,
> Harry <harry.han at intel.com>; West, Catharine <catharine.west at intel.com>;
> Dong, Eric <eric.dong at intel.com>; Ni, Ray <ray.ni at intel.com>; Justen,
> Jordan L <jordan.l.justen at intel.com>; Andrew Fish <afish at apple.com>; Ard
> Biesheuvel <ard.biesheuvel at arm.com>; Anthony Perard
> <anthony.perard at citrix.com>; Julien Grall <julien at xen.org>; Leif Lindholm
> <leif at nuviainc.com>; Kumar, Rahul1 <rahul1.kumar at intel.com>; Yao,
> Jiewen <jiewen.yao at intel.com>; Zhang, Chao B <chao.b.zhang at intel.com>;
> Zhang, Qi1 <qi1.zhang at intel.com>
> Subject: Re: [edk2-devel] [PATCH v5 0/9] Add new feature that evacuate
> temporary to permanent memory (CVE-2019-11098)
>
> Guomin,
>
> On 07/09/20 03:56, Guomin Jiang wrote:
> > The TOCTOU vulnerability allow that the physical present person to replace
> the code with the normal BootGuard check and PCR0 value.
> > The issue occur when BootGuard measure IBB and access flash code after
> NEM disable.
> > the reason why we access the flash code is that we have some pointer to
> flash.
> > To avoid this vulnerability, we need to convert those pointers, the patch
> series do this work and make sure that no code will access flash address.
> >
> > v2:
> > Create gEdkiiMigratedFvInfoGuid HOB and add
> PcdMigrateTemporaryRamFirmwareVolumes to control whole feature.
> >
> > v3:
> > Remove changes which is not related with the feature and disable the
> feature in virtual platform.
> >
> > v4:
> > Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei
> >
> > v5:
> > Initialize local variable Shadow and return EFI_ABORTED when
> RepublishSecPpi not installed.
>
> When you post a new version of a patch set to the list, and there is an
> associated BZ ticket, please *always* (not just for this BZ) capture the fact of
> posting the next version in a new BZ comment. Please record the version of
> the patch series being posted, and also include a link to the series blurb
> (patch 0), in the mailing list archive.
>
> I did that for you, covering the first four versions (v1 throuogh v4) of the
> series in comment 16 on TianoCore#1614:
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=1614#c16
>
> Please do the same (in a new BZ comment) for the current version (v5), and
> please repeat the same for any further versions.
>
> Again this applies to all BZs and all posted patches.
>
> Thanks
> Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#62334): https://edk2.groups.io/g/devel/message/62334
Mute This Topic: https://groups.io/mt/75390172/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list