Re: [edk2] [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE

Tue, 16 Oct 2018 00:04:09 -0700 

Reviewed-by: [email protected]

> -----Original Message-----
> From: Zeng, Star
> Sent: Tuesday, October 16, 2018 10:41 AM
> To: [email protected]
> Cc: Zeng, Star <[email protected]>; Yao, Jiewen <[email protected]>;
> Zhang, Chao B <[email protected]>; Wang, Jian J
> <[email protected]>
> Subject: [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on
> APPEND_WRITE
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415
> 
> When SetVariable() to a time based auth variable with APPEND_WRITE
> attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in
> the input Data is earlier than current value, it will cause timestamp
> zeroing.
> 
> This issue may bring time based auth variable downgrade problem.
> For example:
> A vendor released three certs at 2014, 2015, and 2016, and system
> integrated the 2016 cert. User can SetVariable() with 2015 cert and
> APPEND_WRITE attribute to cause timestamp zeroing first, then
> SetVariable() with 2014 cert to downgrade the cert.
> 
> This patch fixes this issue.
> 
> Cc: Jiewen Yao <[email protected]>
> Cc: Chao Zhang <[email protected]>
> Cc: Jian J Wang <[email protected]>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Star Zeng <[email protected]>
> ---
>  MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> index a2d61c8cd618..8e8db71bd201 100644
> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> @@ -2462,6 +2462,8 @@ UpdateVariable (
>          if (Variable->CurrPtr != NULL) {
>            if (VariableCompareTimeStampInternal
> (&(((AUTHENTICATED_VARIABLE_HEADER *)
> CacheVariable->CurrPtr)->TimeStamp), TimeStamp)) {
>              CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof
> (EFI_TIME));
> +          } else {
> +            CopyMem (&AuthVariable->TimeStamp,
> &(((AUTHENTICATED_VARIABLE_HEADER *)
> CacheVariable->CurrPtr)->TimeStamp), sizeof (EFI_TIME));
>            }
>          }
>        }
> --
> 2.7.0.windows.1

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to