;
devel@edk2.groups.io; Johnson, Michael ; Kubacki,
Michael A
Subject: RE: [edk2-devel] [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
Nate
I believe this SMI reduction work only handle GetVariable.
VarCheckLib only handles SetVariable.
VarCheckLib does not handle GetVaraible.
Thank you
Yao
, Michael ; Kubacki,
Michael A
Subject: RE: [edk2-devel] [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
Nate
I believe this SMI reduction work only handle GetVariable.
VarCheckLib only handles SetVariable.
VarCheckLib does not handle GetVaraible.
Thank you
Yao Jiewen
From: Desimone
On 09/09/19 20:03, Kubacki, Michael A wrote:
> I completely understand the need for granular breakup of changes for code
> review and future maintenance. I would not send this as a single patch on the
> mailing list for formal code review. Due to the size of the change, the main
> point here was
; Kubacki, Michael A
Subject: RE: [edk2-devel] [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
Hi All,
There is a security issue with regard to the way VarCheckLib works. There are
plenty of usages of VarCheckLib that are intended to prevent ring0 from reading
a variable after ReadyToBoot
, Michael ;
Kubacki, Michael A
Subject: Re: [edk2-devel] [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
Hey, from security perspective, I am not clear what is difference on below 2
scenario – TPM or read-modify-write.
Whenever we return some data from SMM, we are in ring0, any program in ring0
elsewhere inline.
Thanks,
Michael
> -Original Message-
> From: Laszlo Ersek
> Sent: Monday, September 9, 2019 8:32 AM
> To: devel@edk2.groups.io; Kubacki, Michael A
>
> Subject: Re: [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
>
> On 09/05/19 21:54,
On 09/05/19 21:54, Kubacki, Michael A wrote:
> Proof-of-Concept Implementation
> --
> The implementation is available in the following commit - check the commit
> message for some more details.
> https://github.com/makubacki/edk2/commit/d812d43412a26e4
buffer.
Thank you
Yao Jiewen
From: devel@edk2.groups.io On Behalf Of Johnson, Michael
Sent: Saturday, September 7, 2019 5:52 AM
To: Kubacki, Michael A ; devel@edk2.groups.io
Subject: Re: [edk2-devel] [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
Yes - both things I bring up are just
: Johnson, Michael ; devel@edk2.groups.io
Subject: RE: [edk2-devel] [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
My understanding is both of your points return to the issue of a ring 0 entity
potentially modifying the runtime cache. As the SetVariable ( ) API is already
accessible to ring 0
secure boot related keys.
From: Johnson, Michael
Sent: Thursday, September 5, 2019 1:59 PM
To: Kubacki; Kubacki, Michael A ;
devel@edk2.groups.io
Subject: Re: [edk2-devel] [edk2-rfc] [edk2-devel] UEFI Variable SMI Reduction
Your primary concern is my primary concern. I can think of two scenarios
Your primary concern is my primary concern. I can think of two scenarios where
a runtime memory varstore would hurt.
The less severe one is that any variables measured into a TPM could appear to
be modified when read back so that if/when some entity wants to verify or
unseal something, they wo
Hello,
I would appreciate any feedback you may have for this proposal.
Overview
--
This is a proposal to reduce SMM usage when using VariableSmmRuntimeDxe with
VariableSmm. It will do so by eliminating SMM usage for the vast majority of
runtime service GetVariable ( ) and GetNextVar
12 matches
Mail list logo