From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io, min.m.xu@intel.com
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
"Justen, Jordan L" <jordan.l.justen@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb
Date: Tue, 31 Aug 2021 07:13:05 +0200 [thread overview]
Message-ID: <20210831051305.dhqvsh4jzqekmjly@sirius.home.kraxel.org> (raw)
In-Reply-To: <PH0PR11MB5064F555390C7DD73AD18531C5CC9@PH0PR11MB5064.namprd11.prod.outlook.com>
Hi,
> > From a security point of view I don't think it is a good idea to hard code any
> > assumptions about the layout of the vars volume.
> Do you mean I cannot assume the layout of VarStore?
> At least in Ovmf the VarStore.fdf.inc defines the layout of VarStore like below.
What prevents an attacker from creating a varstore with a different
layout? Place the variables at the end of the file, which isn't
measured (because you assume it is the spare part), then being able
to change variables without the guest noticing?
take care,
Gerd
next prev parent reply other threads:[~2021-08-31 5:13 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 2:35 [PATCH V5 0/2] Add Intel TDX support in OvmfPkg/ResetVector Min Xu
2021-08-30 2:35 ` [PATCH V5 1/2] OvmfPkg: Introduce Tdx BFV/CFV PCDs and PcdOvmfImageSizeInKb Min Xu
2021-08-30 7:03 ` Gerd Hoffmann
2021-08-31 3:29 ` [edk2-devel] " Min Xu
2021-08-31 5:13 ` Gerd Hoffmann [this message]
2021-08-31 6:17 ` Min Xu
2021-08-31 10:21 ` Gerd Hoffmann
2021-09-01 5:18 ` Min Xu
2021-09-01 6:10 ` Gerd Hoffmann
2021-09-01 6:57 ` Ard Biesheuvel
2021-09-01 7:19 ` Min Xu
2021-09-01 7:44 ` Gerd Hoffmann
2021-09-01 8:59 ` Yao, Jiewen
2021-09-01 16:53 ` James Bottomley
2021-09-01 19:19 ` Andrew Fish
2021-09-10 17:03 ` Erdem Aktas
2021-08-30 2:35 ` [PATCH V5 2/2] OvmfPkg/ResetVector: Enable Intel TDX in ResetVector of Ovmf Min Xu
2021-08-30 7:40 ` Gerd Hoffmann
2021-08-31 3:09 ` [edk2-devel] " Min Xu
2021-08-31 5:35 ` Gerd Hoffmann
2021-09-02 0:05 ` Min Xu
2021-09-02 7:18 ` Gerd Hoffmann
2021-09-02 7:49 ` Min Xu
2021-09-03 3:03 ` Yao, Jiewen
2021-09-03 5:39 ` Gerd Hoffmann
2021-09-09 13:54 ` Min Xu
2021-09-10 8:19 ` Gerd Hoffmann
2021-09-14 3:54 ` Yao, Jiewen
2021-09-11 1:17 ` Erdem Aktas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210831051305.dhqvsh4jzqekmjly@sirius.home.kraxel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox