The TOCTOU vulnerability allow that the physical present person to replace the code with the normal BootGuard check and PCR0 value. The issue occur when BootGuard measure IBB and access flash code after NEM disable. the reason why we access the flash code is that we have some pointer to flash. To avoid this vulnerability, we need to convert those pointers, the patch series do this work and make sure that no code will access flash address.
Cc: Jian J Wang <[email protected]> Cc: Hao A Wu <[email protected]> Cc: Dandan Bi <[email protected]> Cc: Liming Gao <[email protected]> Cc: Debkumar De <[email protected]> Cc: Harry Han <[email protected]> Cc: Catharine West <[email protected]> Cc: Eric Dong <[email protected]> Cc: Ray Ni <[email protected]> Cc: Laszlo Ersek <[email protected]> Cc: Rahul Kumar <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Chao Zhang <[email protected]> Cc: Qi Zhang <[email protected]> Guomin Jiang (2): MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Jian J Wang (1): MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot (CVE-2019-11098) Michael Kubacki (3): MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098) UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support (CVE-2019-11098) UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 +- MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417 ++++++++++++++++++ MdeModulePkg/Core/Pei/Image/Image.c | 115 +++++ MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++ MdeModulePkg/Core/Pei/PeiMain.h | 169 +++++++ MdeModulePkg/Core/Pei/PeiMain.inf | 2 + MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 16 + MdeModulePkg/Core/Pei/Ppi/Ppi.c | 287 ++++++++++++ MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 + MdeModulePkg/MdeModulePkg.dec | 3 + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + UefiCpuPkg/CpuMpPei/CpuMpPei.c | 40 +- UefiCpuPkg/CpuMpPei/CpuMpPei.h | 13 + UefiCpuPkg/CpuMpPei/CpuPaging.c | 14 +- UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ .../Ia32/ArchExceptionHandler.c | 4 +- .../SecPeiCpuException.c | 2 +- UefiCpuPkg/SecCore/SecCore.inf | 2 + UefiCpuPkg/SecCore/SecMain.c | 26 +- UefiCpuPkg/SecCore/SecMain.h | 1 + UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 372 ++++++++++++++++ UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 +++++++ .../SecMigrationPei/SecMigrationPei.inf | 64 +++ .../SecMigrationPei/SecMigrationPei.uni | 13 + UefiCpuPkg/UefiCpuPkg.dec | 4 + UefiCpuPkg/UefiCpuPkg.dsc | 1 + 28 files changed, 1916 insertions(+), 14 deletions(-) create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni -- 2.25.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#61822): https://edk2.groups.io/g/devel/message/61822 Mute This Topic: https://groups.io/mt/75209404/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
