From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Interpretation of specification To: devel@edk2.groups.io From: phlamorim@riseup.net X-Originating-Location: Bandeirantes, Parana, BR (138.99.195.228) X-Originating-Platform: Linux Firefox 70 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Wed, 23 Oct 2019 10:12:42 -0700 Message-ID: <30436.1571850762845158639@groups.io> Content-Type: multipart/alternative; boundary="HZML12ZEQ3L7VzroB4zz" --HZML12ZEQ3L7VzroB4zz Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit on edk2 added a new a check on format of Authenticated= variables: https://github.com/tianocore/edk2/commit/c035e37335ae43229d7e68= de74a65f2c01ebc0af ( https://github.com/tianocore/edk2/commit/c035e37335ae4= 3229d7e68de74a65f2c01ebc0af ) After this point some implementations started to have differences in the v= alidation of the format of Authenticator Descriptor as we can se here: http= s://blog.hansenpartnership.com/uefi-secure-boot/#comment-48351 This case make me reach the following discussions: https://bugzilla.tianoc= ore.org/show_bug.cgi?id=3D586 where i have seen lots of tools(more on linux= ) dont generate the correct format to use on the payload for TimeBased auth= enticated variables, at this time i was just trying to create a private aut= henticated variable, first thig which worked is to use this patch: https://= patchew.org/EDK2/1525903747.5882.11.camel@HansenPartnership.com/ ( https://= patchew.org/EDK2/1525903747.5882.11.camel@HansenPartnership.com/ ) But this patch never got merged, so i realized the tools on linux received= upgrades to work properly with Authentication Variables of the edk2, but t= he same code just dont worked at a real machine using a ASROCK board. So my= question is, where the developers should trust to consume the UEFI APIs in= a trusted way. Another example i had is the path separator "\" or "/", edk= 2 uses "/" but the spec allow both, ASROCK mix both sometimes it can lead t= o some errors. I want to know if i can trust if my code work on EDK2 it sho= uld work on all other implementations too, and how we will try to remove th= ese ambiguities of interpretation. --HZML12ZEQ3L7VzroB4zz Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit on edk2 added a new a check on format of Authenticated= variables: https://= github.com/tianocore/edk2/commit/c035e37335ae43229d7e68de74a65f2c01ebc0af <= /a>

After this point some implementations started to have differ= ences in the validation of the format of Authenticator Descriptor as we can= se here:
https://blog.hansenpartner= ship.com/uefi-secure-boot/#comment-48351

This case make me r= each the following discussions: https://bugzilla.tianocore.org/show_bug.cgi= ?id=3D586 where i have seen lots of tools(more on linux) dont generate the = correct format to use on the payload for TimeBased authenticated variables,= at this time i was just trying to create a private authenticated variable,= first thig which worked is to use this patch: https://patchew.org/EDK2/1525903747.5882.11.camel@HansenP= artnership.com/

But this patch never got merged, so i reali= zed the tools on linux received upgrades to work properly with Authenticati= on Variables of the edk2, but the same code just dont worked at a real mach= ine using a ASROCK board. So my question is, where the developers should tr= ust to consume the UEFI APIs in a trusted way. Another example i had is the= path separator "\" or "/", edk2 uses "/" but the spec allow both, ASROCK m= ix both sometimes it can lead to some errors. I want to know if i can trust= if my code work on EDK2 it should work on all other implementations too, a= nd how we will try to remove these ambiguities of interpretation. --HZML12ZEQ3L7VzroB4zz--