From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web10.15980.1594229355078191484 for ; Wed, 08 Jul 2020 10:29:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=STWYIW0q; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594229354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Tbruqu6pyMJVWsnUynnOCuKGiNLeP51qsGqrKrz39kc=; b=STWYIW0q5rJOacfaAF33a17gaWlO7KTYUmSbkPssxBjnI6x9lJlicknzm7HMFjcwR6DJn5 FWYVQjHgeGrk9U8WPq3CilTI836AGGxl3CDv7kfxcrWqYbdHCNSwpDjSp/VkBav5IWYdey 69PyKidazHF612Jh4Gl4Q74sFrTo+1w= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-72-ZeFFZqLPNHSNUEPwnzvJUw-1; Wed, 08 Jul 2020 13:29:10 -0400 X-MC-Unique: ZeFFZqLPNHSNUEPwnzvJUw-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id ED70D8015FB; Wed, 8 Jul 2020 17:29:08 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by smtp.corp.redhat.com (Postfix) with ESMTP id 232C260E3E; Wed, 8 Jul 2020 17:29:06 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v4 5/9] MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) To: devel@edk2.groups.io, guomin.jiang@intel.com Cc: Jian J Wang , Hao A Wu , Dandan Bi , Liming Gao , Debkumar De , Harry Han , Catharine West References: <20200708081059.691-1-guomin.jiang@intel.com> <20200708081059.691-6-guomin.jiang@intel.com> From: "Laszlo Ersek" Message-ID: <6012dcdb-b909-cbe0-942d-c2f9a1f1c9df@redhat.com> Date: Wed, 8 Jul 2020 19:29:06 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20200708081059.691-6-guomin.jiang@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 07/08/20 10:10, Guomin Jiang wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 > > When we allocate pool to save the rebased PEIMs, the address will change > randomly, therefore the hash will change and result PCR0 change as well. > To avoid this, we save the raw PEIMs and use it to calculate hash. > > The MigratedFvInfo HOB will never produce when > PcdMigrateTemporaryRamFirmwareVolumes is FALSE, because the PCD control > the total feature. [...] > @@ -1278,7 +1294,19 @@ EvacuateTempRam ( > (UINTN) MigratedFvHeader > )); > > + // > + // Copy the context to the rebased pages and raw pages, and create hob to save the > + // information. the MigratedFvInfo HOB will never produce when > + // PcdMigrateTemporaryRamFirmwareVolumes is FALSE, because the PCD control the > + // feature. > + // > CopyMem (MigratedFvHeader, FvHeader, (UINTN) FvHeader->FvLength); > + CopyMem (RawDataFvHeader, MigratedFvHeader, (UINTN) FvHeader->FvLength); > + MigratedFvInfo.FvOrgBase = (UINT32) (UINTN) FvHeader; > + MigratedFvInfo.FvNewBase = (UINT32) (UINTN) MigratedFvHeader; > + MigratedFvInfo.FvDataBase = (UINT32) (UINTN) RawDataFvHeader; > + MigratedFvInfo.FvLength = (UINT32) (UINTN) FvHeader->FvLength; > + BuildGuidDataHob (&gEdkiiMigratedFvInfoGuid, &MigratedFvInfo, sizeof (MigratedFvInfo)); > > // > // Migrate any children for this FV now > Thank you for addressing my requests! This patch should definitely be reviewed by PeiCore experts, but from my perspective, I'm happy with the updates. Acked-by: Laszlo Ersek Thanks Laszlo