Re: [edk2-devel] [PATCH v5 0/9] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098)

["Guomin Jiang" <guomin.jiang@intel.com>]

I see it and will do it later.

I remind that everyone should pay attention to it as well.

Thanks.
> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Friday, July 10, 2020 1:47 PM
> To: devel@edk2.groups.io; Jiang, Guomin <guomin.jiang@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A
> <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Gao, Liming
> <liming.gao@intel.com>; De, Debkumar <debkumar.de@intel.com>; Han,
> Harry <harry.han@intel.com>; West, Catharine <catharine.west@intel.com>;
> Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Justen,
> Jordan L <jordan.l.justen@intel.com>; Andrew Fish <afish@apple.com>; Ard
> Biesheuvel <ard.biesheuvel@arm.com>; Anthony Perard
> <anthony.perard@citrix.com>; Julien Grall <julien@xen.org>; Leif Lindholm
> <leif@nuviainc.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: Re: [edk2-devel] [PATCH v5 0/9] Add new feature that evacuate
> temporary to permanent memory (CVE-2019-11098)
> 
> Guomin,
> 
> On 07/09/20 03:56, Guomin Jiang wrote:
> > The TOCTOU vulnerability allow that the physical present person to replace
> the code with the normal BootGuard check and PCR0 value.
> > The issue occur when BootGuard measure IBB and access flash code after
> NEM disable.
> > the reason why we access the flash code is that we have some pointer to
> flash.
> > To avoid this vulnerability, we need to convert those pointers, the patch
> series do this work and make sure that no code will access flash address.
> >
> > v2:
> > Create gEdkiiMigratedFvInfoGuid HOB and add
> PcdMigrateTemporaryRamFirmwareVolumes to control whole feature.
> >
> > v3:
> > Remove changes which is not related with the feature and disable the
> feature in virtual platform.
> >
> > v4:
> > Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei
> >
> > v5:
> > Initialize local variable Shadow and return EFI_ABORTED when
> RepublishSecPpi not installed.
> 
> When you post a new version of a patch set to the list, and there is an
> associated BZ ticket, please *always* (not just for this BZ) capture the fact of
> posting the next version in a new BZ comment. Please record the version of
> the patch series being posted, and also include a link to the series blurb
> (patch 0), in the mailing list archive.
> 
> I did that for you, covering the first four versions (v1 throuogh v4) of the
> series in comment 16 on TianoCore#1614:
> 
>   https://bugzilla.tianocore.org/show_bug.cgi?id=1614#c16
> 
> Please do the same (in a new BZ comment) for the current version (v5), and
> please repeat the same for any further versions.
> 
> Again this applies to all BZs and all posted patches.
> 
> Thanks
> Laszlo