Guomin,

On 07/09/20 03:56, Guomin Jiang wrote:
> The TOCTOU vulnerability allow that the physical present person to replace 
> the code with the normal BootGuard check and PCR0 value.
> The issue occur when BootGuard measure IBB and access flash code after NEM 
> disable.
> the reason why we access the flash code is that we have some pointer to flash.
> To avoid this vulnerability, we need to convert those pointers, the patch 
> series do this work and make sure that no code will access flash address.
> 
> v2:
> Create gEdkiiMigratedFvInfoGuid HOB and add 
> PcdMigrateTemporaryRamFirmwareVolumes to control whole feature.
> 
> v3:
> Remove changes which is not related with the feature and disable the feature 
> in virtual platform.
> 
> v4:
> Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei
> 
> v5:
> Initialize local variable Shadow and return EFI_ABORTED when RepublishSecPpi 
> not installed.

When you post a new version of a patch set to the list, and there is an
associated BZ ticket, please *always* (not just for this BZ) capture the
fact of posting the next version in a new BZ comment. Please record the
version of the patch series being posted, and also include a link to the
series blurb (patch 0), in the mailing list archive.

I did that for you, covering the first four versions (v1 throuogh v4) of
the series in comment 16 on TianoCore#1614:

  https://bugzilla.tianocore.org/show_bug.cgi?id=1614#c16

Please do the same (in a new BZ comment) for the current version (v5),
and please repeat the same for any further versions.

Again this applies to all BZs and all posted patches.

Thanks
Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#62330): https://edk2.groups.io/g/devel/message/62330
Mute This Topic: https://groups.io/mt/75390172/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to