From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, philmd@redhat.com
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Dandan Bi <dandan.bi@intel.com>,
Leif Lindholm <leif.lindholm@linaro.org>
Subject: Re: [edk2-devel] [PATCH] ArmVirtPkg/PlatformBootManagerLib: unload image on EFI_SECURITY_VIOLATION
Date: Thu, 5 Sep 2019 19:26:13 +0200 [thread overview]
Message-ID: <40365990-3f52-98f3-d9da-d46c9f38d184@redhat.com> (raw)
In-Reply-To: <fdac892c-04c4-a6f9-39e8-524da04f7152@redhat.com>
On 09/04/19 16:16, Philippe Mathieu-Daudé wrote:
> On 9/3/19 6:38 PM, Laszlo Ersek wrote:
>> The LoadImage() boot service is a bit unusual in that it allocates
>> resources in a particular failure case; namely, it produces a valid
>> "ImageHandle" when it returns EFI_SECURITY_VIOLATION. This is supposed to
>> happen e.g. when Secure Boot verification fails for the image, but the
>> platform policy for the particular image origin (such as "fixed media" or
>> "removable media") is DEFER_EXECUTE_ON_SECURITY_VIOLATION. The return code
>> allows platform logic to selectively override the verification failure,
>> and launch the image nonetheless.
>>
>> ArmVirtPkg/PlatformBootManagerLib does not override EFI_SECURITY_VIOLATION
>> for the kernel image loaded from fw_cfg -- any LoadImage() error is
>> considered fatal. When we simply treat EFI_SECURITY_VIOLATION like any
>> other LoadImage() error, we leak the resources associated with
>> "KernelImageHandle". From a resource usage perspective,
>> EFI_SECURITY_VIOLATION must be considered "success", and rolled back.
>>
>> Implement this rollback, without breaking the proper "nesting" of error
>> handling jumps and labels.
>>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Leif Lindholm <leif.lindholm@linaro.org>
>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1992
>> Fixes: 23d04b58e27b382bbd3f9b16ba9adb1cb203dad5
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>
> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Thank you all, pushed as commit ae9f12058d71.
Laszlo
prev parent reply other threads:[~2019-09-05 17:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-03 16:38 [PATCH] ArmVirtPkg/PlatformBootManagerLib: unload image on EFI_SECURITY_VIOLATION Laszlo Ersek
2019-09-03 16:51 ` [edk2-devel] " Ard Biesheuvel
2019-09-04 2:07 ` Dandan Bi
2019-09-04 14:16 ` [edk2-devel] " Philippe Mathieu-Daudé
2019-09-05 17:26 ` Laszlo Ersek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40365990-3f52-98f3-d9da-d46c9f38d184@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox