I see it and will do it later. I remind that everyone should pay attention to it as well.
Thanks. > -----Original Message----- > From: Laszlo Ersek <ler...@redhat.com> > Sent: Friday, July 10, 2020 1:47 PM > To: devel@edk2.groups.io; Jiang, Guomin <guomin.ji...@intel.com> > Cc: Wang, Jian J <jian.j.w...@intel.com>; Wu, Hao A > <hao.a...@intel.com>; Bi, Dandan <dandan...@intel.com>; Gao, Liming > <liming....@intel.com>; De, Debkumar <debkumar...@intel.com>; Han, > Harry <harry....@intel.com>; West, Catharine <catharine.w...@intel.com>; > Dong, Eric <eric.d...@intel.com>; Ni, Ray <ray...@intel.com>; Justen, > Jordan L <jordan.l.jus...@intel.com>; Andrew Fish <af...@apple.com>; Ard > Biesheuvel <ard.biesheu...@arm.com>; Anthony Perard > <anthony.per...@citrix.com>; Julien Grall <jul...@xen.org>; Leif Lindholm > <l...@nuviainc.com>; Kumar, Rahul1 <rahul1.ku...@intel.com>; Yao, > Jiewen <jiewen....@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com>; > Zhang, Qi1 <qi1.zh...@intel.com> > Subject: Re: [edk2-devel] [PATCH v5 0/9] Add new feature that evacuate > temporary to permanent memory (CVE-2019-11098) > > Guomin, > > On 07/09/20 03:56, Guomin Jiang wrote: > > The TOCTOU vulnerability allow that the physical present person to replace > the code with the normal BootGuard check and PCR0 value. > > The issue occur when BootGuard measure IBB and access flash code after > NEM disable. > > the reason why we access the flash code is that we have some pointer to > flash. > > To avoid this vulnerability, we need to convert those pointers, the patch > series do this work and make sure that no code will access flash address. > > > > v2: > > Create gEdkiiMigratedFvInfoGuid HOB and add > PcdMigrateTemporaryRamFirmwareVolumes to control whole feature. > > > > v3: > > Remove changes which is not related with the feature and disable the > feature in virtual platform. > > > > v4: > > Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei > > > > v5: > > Initialize local variable Shadow and return EFI_ABORTED when > RepublishSecPpi not installed. > > When you post a new version of a patch set to the list, and there is an > associated BZ ticket, please *always* (not just for this BZ) capture the fact > of > posting the next version in a new BZ comment. Please record the version of > the patch series being posted, and also include a link to the series blurb > (patch 0), in the mailing list archive. > > I did that for you, covering the first four versions (v1 throuogh v4) of the > series in comment 16 on TianoCore#1614: > > https://bugzilla.tianocore.org/show_bug.cgi?id=1614#c16 > > Please do the same (in a new BZ comment) for the current version (v5), and > please repeat the same for any further versions. > > Again this applies to all BZs and all posted patches. > > Thanks > Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62334): https://edk2.groups.io/g/devel/message/62334 Mute This Topic: https://groups.io/mt/75390172/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
