From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <liming.gao@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D1FF481EE4
 for <edk2-devel@lists.01.org>; Wed,  8 Feb 2017 20:15:02 -0800 (PST)
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by fmsmga102.fm.intel.com with ESMTP; 08 Feb 2017 20:15:02 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.35,349,1484035200"; d="scan'208";a="62544326"
Received: from shwde7172.ccr.corp.intel.com ([10.239.9.23])
 by orsmga005.jf.intel.com with ESMTP; 08 Feb 2017 20:15:01 -0800
From: Liming Gao <liming.gao@intel.com>
To: edk2-devel@lists.01.org
Date: Thu,  9 Feb 2017 12:14:50 +0800
Message-Id: <1486613692-11076-1-git-send-email-liming.gao@intel.com>
X-Mailer: git-send-email 2.8.0.windows.1
Subject: [Patch 0/2] MdeModulePkg PeiCore: Signed GUIDED section may not be dispatched
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 04:15:03 -0000

https://bugzilla.tianocore.org/show_bug.cgi?id=365

When RSA2048 GUIDED section has SIGNED attribute only without PROCESSED_REQUIRED 
attribute, it will not be processed correctly once RSA2048 GUIDED extraction 
service is dispatcher later, because PeiCore cache GUIDED section with 
EFI_AUTH_STATUS_NOT_TESTED.

Here is the failure case. RSA Extraction Service is compressed. DxeIpl installs
the decompress service. On the first round dispatcher, FVMAIN is cached with 
EFI_AUTH_STATUS_NOT_TESTED. It can't be dispatched again. 

INF RuleOverride = LzmaCompress MdeModulePkg/../SectionExtractionPei.inf
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
  SECTION GUIDED A7717414-C616-4977-9420-844712A735BF AUTH_STATUS_VALID = TRUE
    SECTION FV_IMAGE = FVMAIN
  }
}
INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf

Liming Gao (2):
  MdeModulePkg PeiCore: Reset PeimNeedingDispatch when its security
    violation
  MdeModulePkg PeiCore: Don't cache GUIDED section with AUTH_NOT_TESTED

 MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c |  9 ++++++++-
 MdeModulePkg/Core/Pei/FwVol/FwVol.c           | 24 +++++++++++++-----------
 2 files changed, 21 insertions(+), 12 deletions(-)

-- 
2.8.0.windows.1