From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 7318BD8024B for ; Mon, 8 Jan 2024 19:22:36 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=THEiLh0BwwpNvGDTNGvz5tY7gaA0WDlSZ4dh8TPPC4Y=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20140610; t=1704741755; v=1; b=g2qAhp2gV4IoPHN/mbWh3+YJvkJbqgrxqUnKnRcuSZ0x4FdRpuYICfLaJKlXZ3ivm89Cf1vG k5hjEifFKGjRv7yV40ytMLOAVHRzHLlXfG0nAwtyuvj4nxVRETG/jPApAJK6io+6mJcN1WLiI9F p53nXHBw7yQj9NpZKwuKqKHg= X-Received: by 127.0.0.2 with SMTP id l7GXYY7687511xHxhNfVVmbC; Mon, 08 Jan 2024 11:22:35 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.6595.1704741692706659603 for ; Mon, 08 Jan 2024 11:21:32 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-626-yQDqoW0TMjWbgfcp70mGoA-1; Mon, 08 Jan 2024 14:21:27 -0500 X-MC-Unique: yQDqoW0TMjWbgfcp70mGoA-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2BF15185A781; Mon, 8 Jan 2024 19:21:27 +0000 (UTC) X-Received: from dobby.home.kraxel.org (unknown [10.39.192.107]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DE3303C2E; Mon, 8 Jan 2024 19:21:26 +0000 (UTC) X-Received: by dobby.home.kraxel.org (Postfix, from userid 1000) id 06774A4983; Mon, 8 Jan 2024 20:21:24 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: oliver@redhat.com, Laszlo Ersek , Jiewen Yao , Gerd Hoffmann , Ard Biesheuvel , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [PATCH v4 2/3] OvmfPkg/VirtNorFlashDxe: stop accepting gEfiVariableGuid Date: Mon, 8 Jan 2024 20:21:22 +0100 Message-ID: <20240108192123.42359-3-kraxel@redhat.com> In-Reply-To: <20240108192123.42359-1-kraxel@redhat.com> References: <20240108192123.42359-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ilIbqyp48y5UmMRP24Ex8SfWx7686176AA= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=g2qAhp2g; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) Only accept gEfiAuthenticatedVariableGuid when checking the variable store header in ValidateFvHeader(). The edk2 code base has been switched to use the authenticated varstore format unconditionally (even in case secure boot is not used or supported) a few years ago. Suggested-by: László Érsek Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c index 5ee98e9b595a..9a614ae4b24d 100644 --- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c +++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c @@ -239,9 +239,7 @@ ValidateFvHeader ( VariableStoreHeader = (VARIABLE_STORE_HEADER *)((UINTN)FwVolHeader + FwVolHeader->HeaderLength); // Check the Variable Store Guid - if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && - !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) - { + if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { DEBUG (( DEBUG_INFO, "%a: Variable Store Guid non-compatible\n", -- 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113410): https://edk2.groups.io/g/devel/message/113410 Mute This Topic: https://groups.io/mt/103605076/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-