Re: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098)

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Guomin Jiang" <guomin.jiang@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Jiang, Guomin" <guomin.jiang@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
	"Wu, Hao A" <hao.a.wu@intel.com>,
	"Bi, Dandan" <dandan.bi@intel.com>,
	"Gao, Liming" <liming.gao@intel.com>,
	"De, Debkumar" <debkumar.de@intel.com>,
	"Han, Harry" <harry.han@intel.com>,
	"West, Catharine" <catharine.west@intel.com>,
	"Dong, Eric" <eric.dong@intel.com>, "Ni, Ray" <ray.ni@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	"Kumar, Rahul1" <rahul1.kumar@intel.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	"Zhang, Chao B" <chao.b.zhang@intel.com>,
	"Zhang, Qi1" <qi1.zhang@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098)
Date: Thu, 2 Jul 2020 05:21:31 +0000	[thread overview]
Message-ID: <DM6PR11MB29550DAB0A9D8BFA7BA054B49D6D0@DM6PR11MB2955.namprd11.prod.outlook.com> (raw)
In-Reply-To: <161DD7A1BBA5A0CB.10798@groups.io>

Hi everybody,

I am sorry for bothering you, I just want to reminder you that I want catch those change up next stable tag.
So I hope that you can give me some comments or reviewed-by.

Appreciate it.

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guomin
> Jiang
> Sent: Thursday, July 2, 2020 1:15 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A
> <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Gao, Liming
> <liming.gao@intel.com>; De, Debkumar <debkumar.de@intel.com>; Han,
> Harry <harry.han@intel.com>; West, Catharine <catharine.west@intel.com>;
> Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to
> permanent memory (CVE-2019-11098)
> 
> The TOCTOU vulnerability allow that the physical present person to replace
> the code with the normal BootGuard check and PCR0 value.
> The issue occur when BootGuard measure IBB and access flash code after
> NEM disable.
> the reason why we access the flash code is that we have some pointer to
> flash.
> To avoid this vulnerability, we need to convert those pointers, the patch
> series do this work and make sure that no code will access flash address.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Debkumar De <debkumar.de@intel.com>
> Cc: Harry Han <harry.han@intel.com>
> Cc: Catharine West <catharine.west@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> 
> Guomin Jiang (5):
>   MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash
>     (CVE-2019-11098)
>   SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash
>     (CVE-2019-11098)
>   MdeModulePkg/Core: Add switch to enable or disable TOCTOU feature
>     (CVE-2019-11098)
>   UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI
>     (CVE-2019-11098)
>   UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU
>     (CVE-2019-11098)
> 
> Jian J Wang (1):
>   MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot
>     (CVE-2019-11098)
> 
> Michael Kubacki (3):
>   MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore
>     (CVE-2019-11098)
>   UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support
>     (CVE-2019-11098)
>   UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)
> 
>  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |   3 +
>  MdeModulePkg/Core/DxeIplPeim/DxeLoad.c        |   2 +-
>  MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417
> ++++++++++++++++++
>  MdeModulePkg/Core/Pei/Image/Image.c           | 115 +++++
>  MdeModulePkg/Core/Pei/Memory/MemoryServices.c |  82 ++++
>  MdeModulePkg/Core/Pei/PeiMain.h               | 169 +++++++
>  MdeModulePkg/Core/Pei/PeiMain.inf             |   3 +
>  MdeModulePkg/Core/Pei/PeiMain/PeiMain.c       |  17 +
>  MdeModulePkg/Core/Pei/Ppi/Ppi.c               | 287 ++++++++++++
>  MdeModulePkg/Include/Guid/MigratedFvInfo.h    |  22 +
>  MdeModulePkg/MdeModulePkg.dec                 |   8 +
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c             |  31 +-
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf           |   1 +
>  UefiCpuPkg/CpuMpPei/CpuMpPei.c                |  40 +-
>  UefiCpuPkg/CpuMpPei/CpuMpPei.h                |  13 +
>  UefiCpuPkg/CpuMpPei/CpuMpPei.inf              |   3 +
>  UefiCpuPkg/CpuMpPei/CpuPaging.c               |  31 +-
>  UefiCpuPkg/Include/Ppi/RepublishSecPpi.h      |  54 +++
>  .../Ia32/ArchExceptionHandler.c               |   4 +-
>  .../SecPeiCpuException.c                      |   2 +-
>  UefiCpuPkg/SecCore/SecCore.inf                |   2 +
>  UefiCpuPkg/SecCore/SecMain.c                  |  26 +-
>  UefiCpuPkg/SecCore/SecMain.h                  |   1 +
>  UefiCpuPkg/SecMigrationPei/SecMigrationPei.c  | 374 ++++++++++++++++
> UefiCpuPkg/SecMigrationPei/SecMigrationPei.h  | 170 +++++++
>  .../SecMigrationPei/SecMigrationPei.inf       |  68 +++
>  .../SecMigrationPei/SecMigrationPei.uni       |  13 +
>  UefiCpuPkg/UefiCpuPkg.dec                     |   4 +
>  UefiCpuPkg/UefiCpuPkg.dsc                     |   1 +
>  29 files changed, 1947 insertions(+), 16 deletions(-)  create mode 100644
> MdeModulePkg/Include/Guid/MigratedFvInfo.h
>  create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni
> 
> --
> 2.25.1.windows.1
> 
> 
>

next      parent reply	other threads:[~2020-07-02  5:21 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <161DD7A1BBA5A0CB.10798@groups.io>
2020-07-02  5:21 ` Guomin Jiang [this message]
2020-07-02  5:15 [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098) Guomin Jiang
2020-07-03 14:06 ` [edk2-devel] " Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM6PR11MB29550DAB0A9D8BFA7BA054B49D6D0@DM6PR11MB2955.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox