From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4864:20::444; helo=mail-pf1-x444.google.com; envelope-from=ming.huang@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 1A2E621959CB2 for ; Tue, 20 Nov 2018 01:02:02 -0800 (PST) Received: by mail-pf1-x444.google.com with SMTP id z9so689524pfi.2 for ; Tue, 20 Nov 2018 01:02:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lIRDHnJPp8G+AxBhDqM2R6/srX7TycJcA74pxVoPG8M=; b=U8McWSlnxox8dW36Q3fPrxtkXGtuCLsLumEjMtEuuBp4H9AKk3wxNxSRh693eNnQJI quDCbIXh4oh155NDH3mMyu7ASAAbSVUr5L4RyONudguQCSFO9k28jQYxsd4T1UPaUO27 gKgC376x729LXBRx/Cnd1QuhxC+6WIIM7BgGI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lIRDHnJPp8G+AxBhDqM2R6/srX7TycJcA74pxVoPG8M=; b=uk3UG7ePPfiGXjX+dfvRp8pSiYY/nAKY7hD//r/r/4oplMLhSZ7MF41jqfJdeT3CTI CF/gr7ohrDWaV+0zXFvdIBwL6ShZMdhDp4A/VB62mSLkI3nOR7FoPc2mMASle8NwkY2n fgcgMVOwyH0p7bb8aCmPEG/fBDJqROcJJa7gNyhBdCI2J39Ecvyk15+oyp+QU4heOlTS AbmzLJpTJmGD24VgtOefV/mbrM1VpgyV4hHftHHgYkFy906elyXfcA/41x5lCVvT0C4y 4q+doVG3IavFY6utbRn0bj0A7jvYVnZDrADCfwUwtg1bFigiUE/GMncLGsoywbi8wBQE nYog== X-Gm-Message-State: AA+aEWYvo/VRsIdtBmSwgiIxnxwe0masSGM2BVv7NqF992CvPpsteDmY tzmcarMvigUKDR7IkhPR149ioA== X-Google-Smtp-Source: AFSGD/UXILVthAPFBjXtM853ugMwZ2kyQJ7HNY/0gvx/6dtqofhNCSJWscqpO2zENhMD4SWWrlUiJw== X-Received: by 2002:a62:4b4d:: with SMTP id y74mr58353pfa.186.1542704521750; Tue, 20 Nov 2018 01:02:01 -0800 (PST) Received: from localhost.localdomain ([114.119.4.74]) by smtp.gmail.com with ESMTPSA id f13sm24151250pfa.132.2018.11.20.01.01.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 20 Nov 2018 01:02:01 -0800 (PST) From: Ming Huang To: leif.lindholm@linaro.org, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org, graeme.gregory@linaro.org Cc: ard.biesheuvel@linaro.org, michael.d.kinney@intel.com, lersek@redhat.com, wanghuiqiang@huawei.com, huangming23@huawei.com, zhangjinsong2@huawei.com, huangdaode@hisilicon.com, john.garry@huawei.com, xinliang.liu@linaro.org, zhangfeng56@huawei.com, Ming Huang Date: Tue, 20 Nov 2018 17:01:46 +0800 Message-Id: <20181120090150.1102-2-ming.huang@linaro.org> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20181120090150.1102-1-ming.huang@linaro.org> References: <20181120090150.1102-1-ming.huang@linaro.org> Subject: [PATCH edk2-platforms v3 1/5] Hisilicon/D0x: Fix secure boot bug in FlashFvbDxe X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 09:02:02 -0000 Now that the generic Variable Runtime DXE code no longer distinguishes between gEfiVariableGuid and gEfiAuthenticatedVariableGuid in the varstore FV header. We can relax the check in the flashFvb driver to accept either GUID regardless of whether we are running a secure boot capable build or not. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ming Huang --- Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf | 1 + Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf index f8be4741ef7c..a0226e0d87c0 100644 --- a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf +++ b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf @@ -44,6 +44,7 @@ [LibraryClasses] UefiRuntimeLib [Guids] + gEfiAuthenticatedVariableGuid gEfiSystemNvDataFvGuid gEfiVariableGuid diff --git a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c index e18cc9e06ec2..12baed41cd4e 100644 --- a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c +++ b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c @@ -189,7 +189,7 @@ InitializeFvAndVariableStoreHeaders ( // VARIABLE_STORE_HEADER // VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + (UINTN)FirmwareVolumeHeader->HeaderLength); - CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid); + CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid); VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength; VariableStoreHeader->Format = VARIABLE_STORE_FORMATTED; VariableStoreHeader->State = VARIABLE_STORE_HEALTHY; @@ -258,7 +258,8 @@ ValidateFvHeader ( VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + (UINTN)FwVolHeader->HeaderLength); // Check the Variable Store Guid - if ( CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) == FALSE ) + if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && + !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { DEBUG ((EFI_D_ERROR, "ValidateFvHeader: Variable Store Guid non-compatible\n")); return EFI_NOT_FOUND; -- 2.9.5