On Fri, Sep 5, 2014 at 2:03 AM, Laszlo Ersek <[email protected]> wrote: > In addition, I could tighten the Length + checksum validation with > ACPI_BUILD_APPNAME6 and ACPI_BUILD_APPNAME4 checks, according to qemu's > build_header() function -- if Michael agrees that these are stable. IOW, > the OEMID would have to be "BOCHS ", and the first four bytes of > OEMTableID would have to be "BXPC". I think these four checks together > are pretty strong: a static check for a *10-byte* signature (in effect), > and a dynamic check for length + checksum.
Michael, what do you think about Laszlo's idea to verify "BOCHS" and "BXPC" in the tables? Can we assume that these won't be changing anytime soon? You also suggested a new flag to indicate that a blob is acpi data. I guess if we ever see that we can skip the extra ACPI table checks, such as OEMID/OEMTableID. -Jordan ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ edk2-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/edk2-devel
