From nobody Tue Nov 26 01:38:21 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+61949+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61949+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1593666951; cv=none; d=zohomail.com; s=zohoarc; b=O6DII8AG4NdgPSEnEat/136dIFhfWguxkNg6Ftz0+VJ/YrV+oOTtP5cXbriLouGLM3kv0SM1dhbxnUh9nA53d+qVt4Z/s5xJWBSdkPCeBbdlPvoEEFVreA26zBw5o0DMqvwwbm0Q7TV9Qk5+yhlmt640vcLWl/9LtRoasu3c2+c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593666951; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qLto1OlzDWbjm+uPi5He6rxeWetjRyik+Pe/5J7Cy9o=; b=HSP8wQ7DmD1DCZ16jF0g5ALwCWQkE5kGTKO6XRN9nWD2ZTuAF1crkbXlR/ieJ0JX+VHRjoKUDtf/+Z7lBDVC0O6jaO3lcwDjxVHN+SgtKrTr4m3diaLxKt/HxNCaBP7bnnjMaVD2isJSn0KaMhvJiIb0hk/YM9mzIsE3oRFOb0A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61949+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1593666951005795.843081703235; Wed, 1 Jul 2020 22:15:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jHjTYY1788612xI08t5dDPIx; Wed, 01 Jul 2020 22:15:50 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.360.1593666932487247443 for ; Wed, 01 Jul 2020 22:15:50 -0700 IronPort-SDR: Kd2sXVXU5RRWTaDIyETNeCLNQVV3pqGV3qsoaYqC4/NrHjFNb6UZyP/ytGvMsLuAE6Zjm3qmaD 37iVyVjd5AZw== X-IronPort-AV: E=McAfee;i="6000,8403,9669"; a="208319093" X-IronPort-AV: E=Sophos;i="5.75,302,1589266800"; d="scan'208";a="208319093" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jul 2020 22:15:49 -0700 IronPort-SDR: GzVJDPWPqWE23dgye/cyzfJ0twEdF8zQeHJaiWMDgXf772CJeXhVE7UzvBXX7Pw+Fx1FUhzWiL srAClE95hoAA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,302,1589266800"; d="scan'208";a="455385061" X-Received: from guominji-mobl.ccr.corp.intel.com ([10.238.4.95]) by orsmga005.jf.intel.com with ESMTP; 01 Jul 2020 22:15:48 -0700 From: "Guomin Jiang" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Laszlo Ersek , Rahul Kumar Subject: [edk2-devel] [PATCH v2 8/9] UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI (CVE-2019-11098) Date: Thu, 2 Jul 2020 13:15:24 +0800 Message-Id: <20200702051525.1102-9-guomin.jiang@intel.com> In-Reply-To: <20200702051525.1102-1-guomin.jiang@intel.com> References: <20200702051525.1102-1-guomin.jiang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,guomin.jiang@intel.com X-Gm-Message-State: MR1cdIxfLCIAXlRjmwW1A4vUx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1593666950; bh=x8+PQ09YttQXqBfLY2fBJSSVTMvhuaM2g3F32gIIdr0=; h=Cc:Date:From:Reply-To:Subject:To; b=ENsgm/S2PB3P4ci08WPyEKLUTB9Jr1OMeqv+o5hDliWGIFsScTl+ZNblMoGld6djRtW L/pOD8hDpPZasIDGhfcBiHRXgdfF6/Q8O2GWOe/qbtl7tGr4J61u76DnZeRClYORX55Ju WSTB7MLogvmHAMilrf8cEsG5Xxz7Mb0SbFM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 SecMigrationPei create RepublishSecPpi, if the TOCTOU switch is off, the Ppi is meaningless, so relate it with TOCTOU switch to avoid producing useless PPI. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Rahul Kumar Signed-off-by: Guomin Jiang --- UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 8 +++++--- UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf | 4 ++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c b/UefiCpuPkg/SecM= igrationPei/SecMigrationPei.c index f96013b09b21..ab8066e8e0de 100644 --- a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c @@ -363,10 +363,12 @@ SecMigrationPeiInitialize ( IN CONST EFI_PEI_SERVICES **PeiServices ) { - EFI_STATUS Status; + EFI_STATUS Status =3D EFI_SUCCESS; =20 - Status =3D PeiServicesInstallPpi (&mEdkiiRepublishSecPpiDescriptor); - ASSERT_EFI_ERROR (Status); + if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { + Status =3D PeiServicesInstallPpi (&mEdkiiRepublishSecPpiDescriptor); + ASSERT_EFI_ERROR (Status); + } =20 return Status; } diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf b/UefiCpuPkg/Se= cMigrationPei/SecMigrationPei.inf index e29c04710941..8edbd3aa23a9 100644 --- a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf @@ -60,5 +60,9 @@ [Ppis] ## SOMETIMES_PRODUCES gEfiSecPlatformInformation2PpiGuid =20 +[Pcd] + ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes + [Depex] TRUE --=20 2.25.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#61949): https://edk2.groups.io/g/devel/message/61949 Mute This Topic: https://groups.io/mt/75252667/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-