A variable store length check was introduced since r14252. After applying the patch, OVMF died in
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c ASSERT(MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) < VariableStoreLength); The check is reasonable. However, in OvmfPkg/OvmfPkgX64.dsc: !if $(SECURE_BOOT_ENABLE) == TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x10000 !else gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x400 !endif gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x8000 gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize|0xc000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0xc000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x2000 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x10000 When Secure Boot is enabled, PcdFlashNvStorageVariableSize is much smaller than PcdMaxVariableSize, not to mention VariableStoreLength which is derived from PcdFlashNvStorageVariableSize, so the check always fails. Any suggestion about the variable size? Cheers, Gary Lin ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
