MdeModulePkg PeiCore: Signed GUIDED section may not be dispatched

[edk2] [Patch 0/2] MdeModulePkg PeiCore: Signed GUIDED section may not be dispatched

Liming Gao posted 2 patches 7 years, 2 months ago

Download series mbox

Failed in applying to current master (apply log)

MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c |  9 ++++++++-
MdeModulePkg/Core/Pei/FwVol/FwVol.c           | 24 +++++++++++++-----------
2 files changed, 21 insertions(+), 12 deletions(-)

Expand all Fold all

[edk2] [Patch 0/2] MdeModulePkg PeiCore: Signed GUIDED section may not be dispatched

Posted by Liming Gao 7 years, 2 months ago

https://bugzilla.tianocore.org/show_bug.cgi?id=365

When RSA2048 GUIDED section has SIGNED attribute only without PROCESSED_REQUIRED 
attribute, it will not be processed correctly once RSA2048 GUIDED extraction 
service is dispatcher later, because PeiCore cache GUIDED section with 
EFI_AUTH_STATUS_NOT_TESTED.

Here is the failure case. RSA Extraction Service is compressed. DxeIpl installs
the decompress service. On the first round dispatcher, FVMAIN is cached with 
EFI_AUTH_STATUS_NOT_TESTED. It can't be dispatched again. 

INF RuleOverride = LzmaCompress MdeModulePkg/../SectionExtractionPei.inf
FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
  SECTION GUIDED A7717414-C616-4977-9420-844712A735BF AUTH_STATUS_VALID = TRUE
    SECTION FV_IMAGE = FVMAIN
  }
}
INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf

Liming Gao (2):
  MdeModulePkg PeiCore: Reset PeimNeedingDispatch when its security
    violation
  MdeModulePkg PeiCore: Don't cache GUIDED section with AUTH_NOT_TESTED

 MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c |  9 ++++++++-
 MdeModulePkg/Core/Pei/FwVol/FwVol.c           | 24 +++++++++++++-----------
 2 files changed, 21 insertions(+), 12 deletions(-)

-- 
2.8.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel