From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 by mx.groups.io with SMTP id smtpd.web11.6553.1574514501070220768
 for <devel@edk2.groups.io>;
 Sat, 23 Nov 2019 05:08:21 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@riseup.net header.s=squak header.b=IO2YpC15;
 spf=pass (domain: riseup.net, ip: 198.252.153.129, mailfrom: phlamorim@riseup.net)
Received: from capuchin.riseup.net (unknown [10.0.1.176])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified))
	by mx1.riseup.net (Postfix) with ESMTPS id 47Kts03mj1zFcH9;
	Sat, 23 Nov 2019 05:08:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
	t=1574514500; bh=HSVOfKHJSmJYErcflFrmaBCibvyq+QVMOe5ORxlhXpY=;
	h=Subject:To:References:From:Date:In-Reply-To:From;
	b=IO2YpC153fk+Mv+zzk98EYVnqBTpaFFB4yHbgJDHWniFiTk6Dm2B+pWZLaEFDvaAX
	 i3uTEdOu4zoAsXiEk1SGC3h5l7osehG6Yg7+cMgxp9TpQeC2ojPfeaQmCMWBmwp8FQ
	 UxSa6CltxO+se3Euh24c+7RlNVnnymUHURnFzMFo=
X-Riseup-User-ID: 15F31E70C362955402EAA2B6E174DF55B19CF1CA715E1F577410FAA6FF5ACEC4
Received: from [127.0.0.1] (localhost [127.0.0.1])
	 by capuchin.riseup.net (Postfix) with ESMTPSA id 47Ktrz4cZbz8tTd;
	Sat, 23 Nov 2019 05:08:19 -0800 (PST)
Subject: Re: [edk2-devel] Interpretation of specification
To: devel@edk2.groups.io, sun2sirius@gmail.com
References: <7e4784d1-998c-303b-711b-30f6beb33656@riseup.net>
 <9504.1574485172591155571@groups.io>
From: "Paulo Henrique Lacerda de Amorim" <phlamorim@riseup.net>
Message-ID: <8bcef1fa-c8a4-2b1b-dcd3-adb45cc7254e@riseup.net>
Date: Sat, 23 Nov 2019 10:08:16 -0300
MIME-Version: 1.0
In-Reply-To: <9504.1574485172591155571@groups.io>
Content-Type: multipart/alternative;
 boundary="------------CE4271AE2337AECB00E9DBF8"
Content-Language: en-US

--------------CE4271AE2337AECB00E9DBF8
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Correct, im using my own GUID and Name, they started to name theses
variables Private Authenticated Variables since UEFI 2.7 as stated in
the session on how the firmware validate the payload to SetVariable
using EFI_VARIABLE_AUTHENTICATION2 descriptor:

"Otherwise, if the variable is none of the above, it shall be designated
a Private Authenticated Variable..."

In my case the first write is failing, i got a Security Violation return
when trying to create the variable, you used Key/cert which chains to
PK/KEK when creating variables on production devices? Maybe im missing
something. Let me know if i need to provide more information, as i
stated before i can provide the same scripts/sources im using.

Thanks in advance.

Em 23/11/2019 01:59, Eugene Khoruzhenko escreveu:
> Hi Paulo,
>
> Just to be clear - your variables have your own GUID and Name, so your
> variables are "common" Authenticated Variables, correct? What exactly
> is failing in your case:
>
>   * You cannot write your variable first time, so it does not get create=
d?
>   * Or you can create, but cannot update after it's been created?
>
> I seem to be able to create my Authenticated Variables on a number of
> production devices, including Dell, but then these variables cannot be
> deleted. I see exactly why deletion does not work -
> bug=C2=A0https://bugzilla.tianocore.org/show_bug.cgi?id=3D2374, but this
> issue is specific to deletion only.
>=20

--------------CE4271AE2337AECB00E9DBF8
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-=
8">
  </head>
  <body>
    <p>Correct, im using my own GUID and Name, they started to name
      theses variables Private Authenticated Variables since UEFI 2.7 as
      stated in the session on how the firmware validate the payload to
      SetVariable using EFI_VARIABLE_AUTHENTICATION2 descriptor: <br>
    </p>
    <p><span style=3D"left: 225.599px; top: 870.692px; font-size: 18.3px;
        font-family: sans-serif; transform: scaleX(0.883273);">"Otherwise,
        if the variable is none of th</span><span style=3D"left: 537.7px;
        top: 870.692px; font-size: 18.3px; font-family: sans-serif;
        transform: scaleX(0.874546);">e above, it shall be designated a
        Private </span><span style=3D"left: 225.601px; top: 890.692px;
        font-size: 18.3px; font-family: sans-serif; transform:
        scaleX(0.88907);">Authenticated Variable..." </span><span
        style=3D"left: 443.399px; top: 945.717px; font-size: 23.3px;
        font-family: sans-serif; transform: scaleX(0.972528);"></span></p>
    <div class=3D"moz-cite-prefix">In my case the first write is failing,
      i got a Security Violation return when trying to create the
      variable, you used Key/cert which chains to PK/KEK when creating
      variables on production devices? Maybe im missing something. Let
      me know if i need to provide more information, as i stated before
      i can provide the same scripts/sources im using.<br>
      <br>
      Thanks in advance.<br>
      <br>
      Em 23/11/2019 01:59, Eugene Khoruzhenko escreveu:<br>
    </div>
    <blockquote type=3D"cite"
      cite=3D"mid:9504.1574485172591155571@groups.io">
      <meta http-equiv=3D"content-type" content=3D"text/html; charset=3DUT=
F-8">
      Hi Paulo,<br>
      <br>
      Just to be clear - your variables have your own GUID and Name, so
      your variables are "common" Authenticated Variables, correct? What
      exactly is failing in your case:<br>
      <ul>
        <li>You cannot write your variable first time, so it does not
          get created?</li>
        <li>Or you can create, but cannot update after it's been
          created?</li>
      </ul>
      I seem to be able to create my Authenticated Variables on a number
      of production devices, including Dell, but then these variables
      cannot be deleted. I see exactly why deletion does not work - bug=C2=
=
=A0<a
        href=3D"https://bugzilla.tianocore.org/show_bug.cgi?id=3D2374"
        moz-do-not-send=3D"true">https://bugzilla.tianocore.org/show_bug.c=
gi?id=3D2374</a>,
      but this issue is specific to deletion only.
      
    </blockquote>
  </body>
</html>

--------------CE4271AE2337AECB00E9DBF8--