Hi Jan, > All that should be signed, so this is "just" a safety measure, right?
yes, this is just a convenience feature to give the user a proper error message instead of (hundreds of thousands) synchronous exceptions. > Is that enough, or should we look systematically for such things? Well, I think this one was particularly "nasty" because it seems you will get a synchronous exception for *every* invalid memory access (of which there are many due to the underflow). So I'd say it's enough for the time being. However, I had to insert quite a few logging statements into the kernel stub to find out what's going on. My custom kernel stub was quite verbose, which is probably not what you want by default, but I'd fancy a mechanism to turn on verbose logging for the kernel stub (without having to recompile). I'm not too familiar with UEFI programming, so I don't know how feasible that is. Kind Regards, Michael -- Michael Adler Siemens AG T CED SES-DE Otto-Hahn-Ring 6 81739 München, Deutschland Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Jim Hagemann Snabe; Vorstand: Roland Busch, Vorsitzender; Klaus Helmrich, Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin-Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20221208072859.vhyt35vt4iofnkji%40backstein.
