Star:
The patch is good. Reviewed-by: Liming Gao <liming....@intel.com>
Thanks
Liming
From: Zeng, Star [mailto:star.z...@intel.com]
Sent: Monday, June 24, 2013 7:29 PM
To: edk2-devel@lists.sourceforge.net
Subject: [edk2] [PATCH 1/2] MdeModulePkg and SecurityPkg: PEI variable does not
robustly handle crashes during Reclaim().
==========
MdeModulePkg: Variable drivers robustly handle crashes during Reclaim().
PEI variable implementation checks only the variable header signature for
validity. This does not seem robust if system crash occurred during previous
Reclaim() operation. If the crash occurred while FTW was rewriting the variable
FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: Add a FaultTolerantWritePei driver to check and provide the FTW last
write status, then PEI variable and early phase(before FTW protocol ready) of
DXE variable can check the status and determine if all or partial variable data
has been backed up in spare block, and then use the backed up data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.z...@intel.com<mailto:star.z...@intel.com>>
==========
SecurityPkg: Variable drivers robustly handle crashes during Reclaim().
PEI variable implementation checks only the variable header signature for
validity. This does not seem robust if system crash occurred during previous
Reclaim() operation. If the crash occurred while FTW was rewriting the variable
FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: PEI variable and early phase(before FTW protocol ready) of DXE
variable can check the FTW last write status provided by FaultTolerantWritePei
and determine if all or partial variable data has been backed up in spare
block, and then use the backed up data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.z...@intel.com<mailto:star.z...@intel.com>>
==========
[Impact]
1. If Platforms use VariablePei.inf now, they need to add
FaultTolerantWritePei.inf into the platform *.dsc and *.inf. Because PEI
variable will be updated to depend on the added FaultTolerantWritePei.
2. The signature of working block header needs to be updated to
gWorkingBlockSignatureGuid because FTW write header and record will be updated
and exposed to support crossing archs. Low impact to platform because
FaultTolerantWrite DXE driver can help correct or add the working block header
at the first boot if platform *.fdf uses the old signature GUID or no working
block header init data.
Thanks!
Star
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel