From mboxrd@z Thu Jan 1 00:00:00 1970
Subject: Interpretation of specification
To: devel@edk2.groups.io
From: phlamorim@riseup.net
X-Originating-Location: Bandeirantes, Parana, BR (138.99.195.228)
X-Originating-Platform: Linux Firefox 70
User-Agent: GROUPS.IO Web Poster
MIME-Version: 1.0
Date: Wed, 23 Oct 2019 10:12:42 -0700
Message-ID: <30436.1571850762845158639@groups.io>
Content-Type: multipart/alternative; boundary="HZML12ZEQ3L7VzroB4zz"
--HZML12ZEQ3L7VzroB4zz
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
The following commit on edk2 added a new a check on format of Authenticated=
variables: https://github.com/tianocore/edk2/commit/c035e37335ae43229d7e68=
de74a65f2c01ebc0af ( https://github.com/tianocore/edk2/commit/c035e37335ae4=
3229d7e68de74a65f2c01ebc0af )
After this point some implementations started to have differences in the v=
alidation of the format of Authenticator Descriptor as we can se here: http=
s://blog.hansenpartnership.com/uefi-secure-boot/#comment-48351
This case make me reach the following discussions: https://bugzilla.tianoc=
ore.org/show_bug.cgi?id=3D586 where i have seen lots of tools(more on linux=
) dont generate the correct format to use on the payload for TimeBased auth=
enticated variables, at this time i was just trying to create a private aut=
henticated variable, first thig which worked is to use this patch: https://=
patchew.org/EDK2/1525903747.5882.11.camel@HansenPartnership.com/ ( https://=
patchew.org/EDK2/1525903747.5882.11.camel@HansenPartnership.com/ )
But this patch never got merged, so i realized the tools on linux received=
upgrades to work properly with Authentication Variables of the edk2, but t=
he same code just dont worked at a real machine using a ASROCK board. So my=
question is, where the developers should trust to consume the UEFI APIs in=
a trusted way. Another example i had is the path separator "\" or "/", edk=
2 uses "/" but the spec allow both, ASROCK mix both sometimes it can lead t=
o some errors. I want to know if i can trust if my code work on EDK2 it sho=
uld work on all other implementations too, and how we will try to remove th=
ese ambiguities of interpretation.
--HZML12ZEQ3L7VzroB4zz
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
The following commit on edk2 added a new a check on format of Authenticated=
variables: https://=
github.com/tianocore/edk2/commit/c035e37335ae43229d7e68de74a65f2c01ebc0af <=
/a>
After this point some implementations started to have differ=
ences in the validation of the format of Authenticator Descriptor as we can=
se here: https://blog.hansenpartner=
ship.com/uefi-secure-boot/#comment-48351
This case make me r=
each the following discussions: https://bugzilla.tianocore.org/show_bug.cgi=
?id=3D586 where i have seen lots of tools(more on linux) dont generate the =
correct format to use on the payload for TimeBased authenticated variables,=
at this time i was just trying to create a private authenticated variable,=
first thig which worked is to use this patch: https://patchew.org/EDK2/1525903747.5882.11.camel@HansenP=
artnership.com/
But this patch never got merged, so i reali=
zed the tools on linux received upgrades to work properly with Authenticati=
on Variables of the edk2, but the same code just dont worked at a real mach=
ine using a ASROCK board. So my question is, where the developers should tr=
ust to consume the UEFI APIs in a trusted way. Another example i had is the=
path separator "\" or "/", edk2 uses "/" but the spec allow both, ASROCK m=
ix both sometimes it can lead to some errors. I want to know if i can trust=
if my code work on EDK2 it should work on all other implementations too, a=
nd how we will try to remove these ambiguities of interpretation.
--HZML12ZEQ3L7VzroB4zz--