From: Laszlo Ersek <lersek@redhat.com>
To: Jordan Justen <jordan.l.justen@intel.com>,
edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Gary Ching-Pang Lin <glin@suse.com>
Subject: Re: [PATCH v2 4/5] OvmfPkg: raise max variable size (auth & non-auth) to 33KB for FD_SIZE_4MB
Date: Thu, 4 May 2017 21:30:29 +0200 [thread overview]
Message-ID: <5183018b-e0c4-512e-7bad-f6e3cb33ad5f@redhat.com> (raw)
In-Reply-To: <c6f4983e-be93-93ac-4d0e-e1ce42e43f66@redhat.com>
On 05/04/17 21:27, Laszlo Ersek wrote:
> On 05/04/17 20:50, Jordan Justen wrote:
>> On 2017-05-04 09:52:48, Laszlo Ersek wrote:
>>> On 05/04/17 18:36, Jordan Justen wrote:
>>>> On 2017-05-03 14:39:46, Laszlo Ersek wrote:
>>>>> The "ConfirmSetOfLargeVariable" test case of the Secure Boot Logo Test
>>>>> ("Microsoft.UefiSecureBootLogo.Tests") suite in the Microsoft Hardware
>>>>> Certification Kit sets a 32 KB large non-authenticated variable.
>>>>
>>>> According to
>>>> http://www.uefi.org/sites/default/files/resources/UEFI_Plugfest_Security_Microsoft_Fall_2016.pdf
>>>>
>>>> "The maximum supported variable size must be at least 64kB"
>>>>
>>>> Should we just bump the size to match this? We should be able to make
>>>> this change later once it is in a test/spec, but for some reason I
>>>> thought the requirement was already 64k.
>>>
>>> The 32KB requirement comes from the most recent Secure Boot Logo Test. I
>>
>> If the limit is 32k, why go with 33k? Does the test fail with a 32k
>> limit?
>
> Yes, it does. First I tried setting the PCDs to 0x8000 sharp, and then
> the test failed.
>
> Then I remembered that the PCDs present a limit on data, name, and
> attributes together:
>
> (1) In "MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c", function
> InitNonVolatileVariableStore(), we stash the PCDs like this:
>
>> mVariableModuleGlobal->MaxVariableSize = PcdGet32 (PcdMaxVariableSize);
>> mVariableModuleGlobal->MaxAuthVariableSize = ((PcdGet32 (PcdMaxAuthVariableSize) != 0) ? PcdGet32 (PcdMaxAuthVariableSize) : mVariableModuleGlobal->MaxVariableSize);
>
> (2) In the same file, function VariableServiceSetVariable(), we have the
> following size checks:
>
>> //
>> // The size of the VariableName, including the Unicode Null in bytes plus
>> // the DataSize is limited to maximum size of PcdGet32 (PcdMaxHardwareErrorVariableSize)
>> // bytes for HwErrRec#### variable.
>> //
>> if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
>> if (StrSize (VariableName) + PayloadSize > PcdGet32 (PcdMaxHardwareErrorVariableSize) - GetVariableHeaderSize ()) {
>> return EFI_INVALID_PARAMETER;
>> }
>> } else {
>> //
>> // The size of the VariableName, including the Unicode Null in bytes plus
>> // the DataSize is limited to maximum size of Max(Auth)VariableSize bytes.
>> //
>> if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
>> if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ()) {
>> return EFI_INVALID_PARAMETER;
>> }
>> } else {
>> if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize ()) {
>> return EFI_INVALID_PARAMETER;
>> }
>> }
>> }
>
> That is, the PCDs limit the sum of:
> - the variable name (including the terminating L'\0'),
> - the variable contents,
> - the internal header (which carries the attributes as well). In our
> case that's AUTHENTICATED_VARIABLE_HEADER, because we always format
> the auth varstore GUID into the template.
(NB I mentioned this in the commit message, just not in such detail.)
Thanks
Laszlo
>
> Furthermore, the 32KB data size for the contents is not based on
> "reverse engineering"; the Secure Boot Logo Test tells you exactly what
> it is trying to do. (In fact, there is no other way to fix failures in
> any of the tests; you can only rely on the messages in order to see what
> the test attempted.)
>
> In this case, we have (see
> <https://bugzilla.redhat.com/show_bug.cgi?id=1443351#c27>):
>
>> NOTE: if this testcase fails, try restarting the machine and then
>> running this test case on its own, for example: "te.exe
>> UefiSecureBootLogo.dll
>> /name:Microsoft.UefiSecureBootLogo.Tests.ConfirmSetOfLargeVariable"
>>
>> Test creation of 1 large variable of size 32768 bytes.
>>
>> Test creation of testLargeVariable Unexpected Error - SetVariable
>> failed with status 0xC000000D VariableName "testLargeVariable"
>> VendorGuid 77fa9abd-0359-4d32-bd60-28f4e78f784b Attributes 0x00000007
>> DataSize 0x00008000
>
> It reports all the parameters of the gRT->SetVariable() call that
> failed, except "Data".
>
> In the successful test (with this patch applied), the messages are (see
> <https://bugzilla.redhat.com/attachment.cgi?id=1275172>):
>
>> NOTE: if this testcase fails, try restarting the machine and then
>> running this test case on its own, for example: "te.exe
>> UefiSecureBootLogo.dll
>> /name:Microsoft.UefiSecureBootLogo.Tests.ConfirmSetOfLargeVariable"
>>
>> Test creation of 1 large variable of size 32768 bytes.
>>
>> AreEqual(7, 7) - testLargeVariable: Attributes from GetVariable()
>> match SetVariable()
>>
>> AreEqual(32768, 32768) - testLargeVariable: DataSize from
>> GetVariable() matches SetVariable()
>
> Thanks
> Laszlo
>
>>
>>> installed both the Windows Server 2008 R2 SP1 test controller and the
>>> Windows 2016 Server test client just the other day, together with the
>>> most recent filters, using the following descriptions:
>>>
>>> https://msdn.microsoft.com/en-us/library/windows/hardware/jj123537.aspx
>>> https://github.com/daynix/VirtHCK/wiki#Checklist_for_a_New_Controller_VM
>>> https://github.com/daynix/VirtHCK/wiki#Checklist_for_a_New_Client_VM
>>>
>>> Given that this limit can be bumped without breaking compatibility, as
>>> you say, I'd like to remain frugal with it, same as we were in James's
>>> commit f5404a3eba1d ("OvmfPkg: Increase the maximum size for
>>> Authenticated variables", 2016-03-24).
>>>
>>> I don't understand why the plugfest presentation and the SB Logo Test
>>> require different limits... But, I'm certain our QE will find out in
>>> short order once the SB Logo Test catches up with the presentation, and
>>> I expect I'll submit the corresponding patch soon after.
>>>
>>> I dislike the speculation in this series, but breaking compatibility is
>>> even worse. (A lot worse, to me at least.) So I consider the varstore
>>> restructuring the smaller of two wrongs. However, wrt.
>>> PcdMaxVariableSize, it seems we're not being forced to either of those
>>> wrongs (i.e., breaking compat or speculation), so we can delay the increase.
>>>
>>>>
>>>> Aside from this question:
>>>>
>>>> Series Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
>>>
>>> Thanks a lot!
>>>
>>> I'll await your ACK for the above argument before pushing the series.
>>>
>>> Thanks,
>>> Laszlo
>>>
>>>>> In the FD_SIZE_4MB build, our live varstore is now 256 KB big, so we can
>>>>> accommodate this. Set both PcdMaxVariableSize and PcdMaxAuthVariableSize
>>>>> to 0x8400 -- beyond DataSize=0x8000 from the HCK test, we need some room
>>>>> for the variable name and attributes as well.
>>>>>
>>>>> Cc: Gary Ching-Pang Lin <glin@suse.com>
>>>>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>>>> Contributed-under: TianoCore Contribution Agreement 1.0
>>>>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>>>>> ---
>>>>>
>>>>> Notes:
>>>>> v2:
>>>>> - adjust to FD_SIZE_IN_KB
>>>>> - update commit msg to state 256 KB for the varstore [Jordan]
>>>>>
>>>>> OvmfPkg/OvmfPkgIa32.dsc | 6 ++++++
>>>>> OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++++++
>>>>> OvmfPkg/OvmfPkgX64.dsc | 6 ++++++
>>>>> 3 files changed, 18 insertions(+)
>>>>>
>>>>> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
>>>>> index 26b807dde9fa..e0779ddaa426 100644
>>>>> --- a/OvmfPkg/OvmfPkgIa32.dsc
>>>>> +++ b/OvmfPkg/OvmfPkgIa32.dsc
>>>>> @@ -404,28 +404,34 @@ [PcdsFeatureFlag]
>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
>>>>> !endif
>>>>> !if $(SMM_REQUIRE) == TRUE
>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
>>>>> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmEnableBspElection|FALSE
>>>>> !endif
>>>>>
>>>>> [PcdsFixedAtBuild]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
>>>>> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
>>>>> +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>>>>> +!endif
>>>>> +!if $(FD_SIZE_IN_KB) == 4096
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
>>>>> +!endif
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
>>>>>
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
>>>>>
>>>>> gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07
>>>>>
>>>>> # DEBUG_INIT 0x00000001 // Initialization
>>>>> # DEBUG_WARN 0x00000002 // Warnings
>>>>> # DEBUG_LOAD 0x00000004 // Load events
>>>>> # DEBUG_FS 0x00000008 // EFI File system
>>>>> # DEBUG_POOL 0x00000010 // Alloc & Free (pool)
>>>>> # DEBUG_PAGE 0x00000020 // Alloc & Free (page)
>>>>> # DEBUG_INFO 0x00000040 // Informational debug messages
>>>>> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
>>>>> index 41f06a6b6a66..bbe26e2cf452 100644
>>>>> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
>>>>> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
>>>>> @@ -409,28 +409,34 @@ [PcdsFeatureFlag]
>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
>>>>> !endif
>>>>> !if $(SMM_REQUIRE) == TRUE
>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
>>>>> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmEnableBspElection|FALSE
>>>>> !endif
>>>>>
>>>>> [PcdsFixedAtBuild]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
>>>>> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
>>>>> +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>>>>> +!endif
>>>>> +!if $(FD_SIZE_IN_KB) == 4096
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
>>>>> +!endif
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
>>>>>
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
>>>>>
>>>>> gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07
>>>>>
>>>>> # DEBUG_INIT 0x00000001 // Initialization
>>>>> # DEBUG_WARN 0x00000002 // Warnings
>>>>> # DEBUG_LOAD 0x00000004 // Load events
>>>>> # DEBUG_FS 0x00000008 // EFI File system
>>>>> # DEBUG_POOL 0x00000010 // Alloc & Free (pool)
>>>>> # DEBUG_PAGE 0x00000020 // Alloc & Free (page)
>>>>> # DEBUG_INFO 0x00000040 // Informational debug messages
>>>>> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
>>>>> index 053c84b685c5..ff795815f65f 100644
>>>>> --- a/OvmfPkg/OvmfPkgX64.dsc
>>>>> +++ b/OvmfPkg/OvmfPkgX64.dsc
>>>>> @@ -409,28 +409,34 @@ [PcdsFeatureFlag]
>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootEnable|TRUE
>>>>> !endif
>>>>> !if $(SMM_REQUIRE) == TRUE
>>>>> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE
>>>>> gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmEnableBspElection|FALSE
>>>>> !endif
>>>>>
>>>>> [PcdsFixedAtBuild]
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
>>>>> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x10
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported|6
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeimPerFv|32
>>>>> +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048)
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
>>>>> +!endif
>>>>> +!if $(FD_SIZE_IN_KB) == 4096
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8400
>>>>> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x8400
>>>>> +!endif
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xe000
>>>>>
>>>>> gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress|0x0
>>>>>
>>>>> gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x07
>>>>>
>>>>> # DEBUG_INIT 0x00000001 // Initialization
>>>>> # DEBUG_WARN 0x00000002 // Warnings
>>>>> # DEBUG_LOAD 0x00000004 // Load events
>>>>> # DEBUG_FS 0x00000008 // EFI File system
>>>>> # DEBUG_POOL 0x00000010 // Alloc & Free (pool)
>>>>> # DEBUG_PAGE 0x00000020 // Alloc & Free (page)
>>>>> # DEBUG_INFO 0x00000040 // Informational debug messages
>>>>> --
>>>>> 2.9.3
>>>>>
>>>>>
>>>
>
next prev parent reply other threads:[~2017-05-04 19:30 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-03 21:39 [PATCH v2 0/5] OvmfPkg: add FD_SIZE_4MB for Windows HCK SB tests, and for future proofing Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 1/5] OvmfPkg: introduce the FD_SIZE_IN_KB macro / build flag Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 2/5] OvmfPkg/OvmfPkg.fdf.inc: extract VARS_LIVE_SIZE and VARS_SPARE_SIZE macros Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 3/5] OvmfPkg: introduce 4MB flash image (mainly) for Windows HCK Laszlo Ersek
2017-05-05 4:07 ` Laszlo Ersek
2017-05-05 8:57 ` Jordan Justen
2017-05-05 12:07 ` Laszlo Ersek
2017-05-05 15:43 ` Jordan Justen
2017-05-05 16:46 ` Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 4/5] OvmfPkg: raise max variable size (auth & non-auth) to 33KB for FD_SIZE_4MB Laszlo Ersek
2017-05-04 16:36 ` Jordan Justen
2017-05-04 16:52 ` Laszlo Ersek
2017-05-04 18:50 ` Jordan Justen
2017-05-04 19:27 ` Laszlo Ersek
2017-05-04 19:30 ` Laszlo Ersek [this message]
2017-05-04 23:00 ` Laszlo Ersek
2017-05-03 21:39 ` [PATCH v2 5/5] OvmfPkg: make the 4MB flash size the default Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5183018b-e0c4-512e-7bad-f6e3cb33ad5f@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox