I linked email with Bugzilla. Either email or Bugzilla is OK for the discussion.
Personally, I don't understand one thing. If EDKII causes such failure, how the archlinux validates the correctness of the tool and document in [3] ? Or are they using a different UEFI implementation? Thank you Yao, Jiewen > -----Original Message----- > From: Jan Bobek <jbo...@nvidia.com> > Sent: Tuesday, January 17, 2023 6:30 AM > To: Yao, Jiewen <jiewen....@intel.com> > Cc: devel@edk2.groups.io; Jeff Brasen <jbra...@nvidia.com>; Girish > Mahadevan <gmahade...@nvidia.com>; Wang, Jian J > <jian.j.w...@intel.com>; Xu, Min M <min.m...@intel.com> > Subject: Re: [edk2-devel] [PATCH 1/1] SecurityPkg/AuthVariableLib: Check > SHA-256 OID with ContentInfo present > > > Hi > > That is good catch! > > My apology to miss it before. > > > > 1) Please file a bugzilla (https://bugzilla.tianocore.org/) to record the > > issue > and associate to the patch. > > Filed bug 4305 [1]. Sorry for the delay, I didn't get my bugzilla > credentials until late last week. > > > 2) Would you please share with us that how you discover the issue? > > For example, any real use case to include ContentInfo? If yes, please share > a URL. > > Or this is just a purely spec compliance fix ? > > > > 3) Please describe how you validate the fix. > > If possible, would you please share your test case? > > I believe both of these answered / included in the bug description. > > > 4) Since the new code is handling ContentInfo structure is present, I > > believe > we need also check if the ContentInfo structure is valid. > > For example: > > ============ > > c SignedData.contentInfo.contentType shall be set to id-data > > d SignedData.contentInfo.content shall be absent > > ============ > > What do you think? > > I think you're talking about the ContentInfo structure that's part of > the SignedData structure, but the real problem is with ContentInfo > structure that _wraps_ the SignedData structure. More info in the bug > description. > > Also, is it customary to continue the discussion here on edk2-devel or > in the bug comments on bugzilla? > > -Jan > > References: > 1. https://bugzilla.tianocore.org/show_bug.cgi?id=4305 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98622): https://edk2.groups.io/g/devel/message/98622 Mute This Topic: https://groups.io/mt/95419835/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
