Guomin, On 07/09/20 03:56, Guomin Jiang wrote: > The TOCTOU vulnerability allow that the physical present person to replace > the code with the normal BootGuard check and PCR0 value. > The issue occur when BootGuard measure IBB and access flash code after NEM > disable. > the reason why we access the flash code is that we have some pointer to flash. > To avoid this vulnerability, we need to convert those pointers, the patch > series do this work and make sure that no code will access flash address. > > v2: > Create gEdkiiMigratedFvInfoGuid HOB and add > PcdMigrateTemporaryRamFirmwareVolumes to control whole feature. > > v3: > Remove changes which is not related with the feature and disable the feature > in virtual platform. > > v4: > Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei > > v5: > Initialize local variable Shadow and return EFI_ABORTED when RepublishSecPpi > not installed.
When you post a new version of a patch set to the list, and there is an associated BZ ticket, please *always* (not just for this BZ) capture the fact of posting the next version in a new BZ comment. Please record the version of the patch series being posted, and also include a link to the series blurb (patch 0), in the mailing list archive. I did that for you, covering the first four versions (v1 throuogh v4) of the series in comment 16 on TianoCore#1614: https://bugzilla.tianocore.org/show_bug.cgi?id=1614#c16 Please do the same (in a new BZ comment) for the current version (v5), and please repeat the same for any further versions. Again this applies to all BZs and all posted patches. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62330): https://edk2.groups.io/g/devel/message/62330 Mute This Topic: https://groups.io/mt/75390172/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-