[edk2-devel] [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb
Gerd Hoffmann
kraxel at redhat.com
Tue Aug 31 05:13:05 UTC 2021
Hi,
> > From a security point of view I don't think it is a good idea to hard code any
> > assumptions about the layout of the vars volume.
> Do you mean I cannot assume the layout of VarStore?
> At least in Ovmf the VarStore.fdf.inc defines the layout of VarStore like below.
What prevents an attacker from creating a varstore with a different
layout? Place the variables at the end of the file, which isn't
measured (because you assume it is the spare part), then being able
to change variables without the guest noticing?
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79977): https://edk2.groups.io/g/devel/message/79977
Mute This Topic: https://groups.io/mt/85242567/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list