Your primary concern is my primary concern. I can think of two scenarios where a runtime memory varstore would hurt.
The less severe one is that any variables measured into a TPM could appear to be modified when read back so that if/when some entity wants to verify or unseal something, they would be unable to match the TPM's PCR values and unable to verify/unseal. This turns access to runtime EFI memory into a denial of service for TPM-based post-boot software. The more worrying possibility is if somebody decides to use a read-modify-write pattern for some variable they have an interest in and thus end up defeating the security of the variable write method. Today a read-modify-write is safe, but after this change it would not be. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46941): https://edk2.groups.io/g/devel/message/46941 Mute This Topic: https://groups.io/mt/33158252/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
