From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 60B81D8119E for ; Tue, 9 Jan 2024 11:29:13 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=OWdnCwDyZOVmx5DPmVZFjahSQEiRMgrSI9VemcD2Dhw=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20140610; t=1704799752; v=1; b=D4xPHqvrVbmo6CvihKXKjjcApAeUxhSeac8Xsh3s8P4d/PrWXnawdaOuPDLTYT+nHkFs2HN+ 9TkFpfmTtqgBpxPkKkJBhjhxqUTGVyIPddoLZggzCQHdgZGA6n4oD3i6USHEnV4hcMnFcpsR1V+ h5+TldPvPygdg0hhDyzRTxns= X-Received: by 127.0.0.2 with SMTP id bWh2YY7687511xmmQ66ylyHa; Tue, 09 Jan 2024 03:29:12 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.14478.1704799749795519124 for ; Tue, 09 Jan 2024 03:29:09 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-330-jo8QB574MZijD-1GcuKEaw-1; Tue, 09 Jan 2024 06:29:05 -0500 X-MC-Unique: jo8QB574MZijD-1GcuKEaw-1 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8327A8314EF; Tue, 9 Jan 2024 11:29:05 +0000 (UTC) X-Received: from dobby.home.kraxel.org (unknown [10.39.194.247]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 503792026D66; Tue, 9 Jan 2024 11:29:05 +0000 (UTC) X-Received: by dobby.home.kraxel.org (Postfix, from userid 1000) id 07B53A7A5A; Tue, 9 Jan 2024 12:29:03 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Sunil V L , Gerd Hoffmann , Jiewen Yao , oliver@redhat.com, Laszlo Ersek , Andrei Warkentin , Ard Biesheuvel Subject: [edk2-devel] [PATCH v5 2/3] OvmfPkg/VirtNorFlashDxe: stop accepting gEfiVariableGuid Date: Tue, 9 Jan 2024 12:29:01 +0100 Message-ID: <20240109112902.30002-3-kraxel@redhat.com> In-Reply-To: <20240109112902.30002-1-kraxel@redhat.com> References: <20240109112902.30002-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 6bS4qUDqELLkrravt64r1djWx7686176AA= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=D4xPHqvr; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) Only accept gEfiAuthenticatedVariableGuid when checking the variable store header in ValidateFvHeader(). The edk2 code base has been switched to use the authenticated varstore format unconditionally (even in case secure boot is not used or supported) a few years ago. Suggested-by: László Érsek Signed-off-by: Gerd Hoffmann Reviewed-by: Laszlo Ersek --- OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c index 5ee98e9b595a..9a614ae4b24d 100644 --- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c +++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c @@ -239,9 +239,7 @@ ValidateFvHeader ( VariableStoreHeader = (VARIABLE_STORE_HEADER *)((UINTN)FwVolHeader + FwVolHeader->HeaderLength); // Check the Variable Store Guid - if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && - !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) - { + if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { DEBUG (( DEBUG_INFO, "%a: Variable Store Guid non-compatible\n", -- 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#113443): https://edk2.groups.io/g/devel/message/113443 Mute This Topic: https://groups.io/mt/103617814/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-