On August 31, 2021 1:13 PM, Gerd Hoffmann wrote: > Hi, > > > > From a security point of view I don't think it is a good idea to > > > hard code any assumptions about the layout of the vars volume. > > Do you mean I cannot assume the layout of VarStore? > > At least in Ovmf the VarStore.fdf.inc defines the layout of VarStore like > below. > > What prevents an attacker from creating a varstore with a different layout? > Place the variables at the end of the file, which isn't measured (because you > assume it is the spare part), then being able to change variables without the > guest noticing? If the VarStore does not follow the layout defined in VarStore.fdf.inc, do you mean the current Variable mechanism still works? From the code of InitNonVolatileVariableStore(), the first variable is right after the VarStoreHeader. See GetStartPointer(). > > take care, > Gerd > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79983): https://edk2.groups.io/g/devel/message/79983 Mute This Topic: https://groups.io/mt/85242567/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
