From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.93; helo=mga11.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 075D52116DA2B for ; Tue, 16 Oct 2018 00:03:56 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Oct 2018 00:03:56 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,387,1534834800"; d="scan'208";a="100596435" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga002.jf.intel.com with ESMTP; 16 Oct 2018 00:03:55 -0700 Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 16 Oct 2018 00:03:55 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 16 Oct 2018 00:03:55 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.217]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.183]) with mapi id 14.03.0319.002; Tue, 16 Oct 2018 15:03:52 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" , "Wang, Jian J" Thread-Topic: [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE Thread-Index: AQHUZPm0pzMNpgEh8k2nt0RwTJO0fqUhcshw Date: Tue, 16 Oct 2018 07:03:51 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503ADECCD7@shsmsx102.ccr.corp.intel.com> References: <1539657661-57656-1-git-send-email-star.zeng@intel.com> In-Reply-To: <1539657661-57656-1-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZWJlYjc5ZDItMWZhZS00NzBiLWE3MjMtM2E5NTEyYjE1Mzc0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoicStEMVdrUzZJYWFZdVhZeVRxY2J2ZjIwOVMzMVwvUGtvZjhhTHdQa0NFeDNhN003b0c1Rk9TaFMrVEFjS0lOZ0MifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Oct 2018 07:03:57 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Tuesday, October 16, 2018 10:41 AM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Zhang, Chao B ; Wang, Jian J > > Subject: [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on > APPEND_WRITE >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D415 >=20 > When SetVariable() to a time based auth variable with APPEND_WRITE > attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in > the input Data is earlier than current value, it will cause timestamp > zeroing. >=20 > This issue may bring time based auth variable downgrade problem. > For example: > A vendor released three certs at 2014, 2015, and 2016, and system > integrated the 2016 cert. User can SetVariable() with 2015 cert and > APPEND_WRITE attribute to cause timestamp zeroing first, then > SetVariable() with 2014 cert to downgrade the cert. >=20 > This patch fixes this issue. >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Cc: Jian J Wang > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Star Zeng > --- > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++ > 1 file changed, 2 insertions(+) >=20 > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > index a2d61c8cd618..8e8db71bd201 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > @@ -2462,6 +2462,8 @@ UpdateVariable ( > if (Variable->CurrPtr !=3D NULL) { > if (VariableCompareTimeStampInternal > (&(((AUTHENTICATED_VARIABLE_HEADER *) > CacheVariable->CurrPtr)->TimeStamp), TimeStamp)) { > CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof > (EFI_TIME)); > + } else { > + CopyMem (&AuthVariable->TimeStamp, > &(((AUTHENTICATED_VARIABLE_HEADER *) > CacheVariable->CurrPtr)->TimeStamp), sizeof (EFI_TIME)); > } > } > } > -- > 2.7.0.windows.1