[edk2-devel] [PATCH 1/1] SecurityPkg/AuthVariableLib: Check SHA-256 OID with ContentInfo present
Yao, Jiewen
jiewen.yao at intel.com
Tue Jan 17 00:24:14 UTC 2023
I linked email with Bugzilla. Either email or Bugzilla is OK for the discussion.
Personally, I don't understand one thing.
If EDKII causes such failure, how the archlinux validates the correctness of the tool and document in [3] ?
Or are they using a different UEFI implementation?
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Jan Bobek <jbobek at nvidia.com>
> Sent: Tuesday, January 17, 2023 6:30 AM
> To: Yao, Jiewen <jiewen.yao at intel.com>
> Cc: devel at edk2.groups.io; Jeff Brasen <jbrasen at nvidia.com>; Girish
> Mahadevan <gmahadevan at nvidia.com>; Wang, Jian J
> <jian.j.wang at intel.com>; Xu, Min M <min.m.xu at intel.com>
> Subject: Re: [edk2-devel] [PATCH 1/1] SecurityPkg/AuthVariableLib: Check
> SHA-256 OID with ContentInfo present
>
> > Hi
> > That is good catch!
> > My apology to miss it before.
> >
> > 1) Please file a bugzilla (https://bugzilla.tianocore.org/) to record the issue
> and associate to the patch.
>
> Filed bug 4305 [1]. Sorry for the delay, I didn't get my bugzilla
> credentials until late last week.
>
> > 2) Would you please share with us that how you discover the issue?
> > For example, any real use case to include ContentInfo? If yes, please share
> a URL.
> > Or this is just a purely spec compliance fix ?
> >
> > 3) Please describe how you validate the fix.
> > If possible, would you please share your test case?
>
> I believe both of these answered / included in the bug description.
>
> > 4) Since the new code is handling ContentInfo structure is present, I believe
> we need also check if the ContentInfo structure is valid.
> > For example:
> > ============
> > c SignedData.contentInfo.contentType shall be set to id-data
> > d SignedData.contentInfo.content shall be absent
> > ============
> > What do you think?
>
> I think you're talking about the ContentInfo structure that's part of
> the SignedData structure, but the real problem is with ContentInfo
> structure that _wraps_ the SignedData structure. More info in the bug
> description.
>
> Also, is it customary to continue the discussion here on edk2-devel or
> in the bug comments on bugzilla?
>
> -Jan
>
> References:
> 1. https://bugzilla.tianocore.org/show_bug.cgi?id=4305
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98622): https://edk2.groups.io/g/devel/message/98622
Mute This Topic: https://groups.io/mt/95419835/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list