Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

15, 2016 8:44 AM >> To: Dick Wilkins <dick_wilk...@phoenix.com> >> Cc: edk2-de...@ml01.01.org; Kevin Davis <kevin.da...@insyde.com>; >> Laszlo Ersek <ler...@redhat.com>; Zhang, Chao B >> <chao.b.zh...@intel.com>; Long, Qin <qin.l...@intel.com> >&

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

2016 12:02 AM To: Peter Jones; Dick Wilkins Cc: edk2-de...@ml01.01.org; Kevin Davis; Laszlo Ersek; Zhang, Chao B; Long, Qin Subject: RE: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT Yes, this process needs refinement, it's on my list of things

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

zlo > Ersek <ler...@redhat.com>; Zhang, Chao B <chao.b.zh...@intel.com>; > Long, Qin <qin.l...@intel.com> > Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong > verification logic in DBX & DBT > > On Fri, Apr 15, 2016 at 08:10:50A

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

; From: edk2-devel [edk2-devel-boun...@lists.01.org] On Behalf Of Peter Jones > [pjo...@redhat.com] > Sent: Friday, April 15, 2016 10:51 AM > To: Zhang, Chao B > Cc: edk2-de...@ml01.01.org; Kevin Davis; Laszlo Ersek; Long, Qin > Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVerific

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

l01.01.org; Kevin Davis; Laszlo Ersek; Long, Qin Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT On Fri, Apr 15, 2016 at 12:40:14AM +, Zhang, Chao B wrote: > Hi all: > Thank you very much for the info. Do you agree to ad

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

On Fri, Apr 15, 2016 at 12:40:14AM +, Zhang, Chao B wrote: > Hi all: > Thank you very much for the info. Do you agree to add "[USRT > 0001604]: Bug found in SecuritPkg: DxeImageVerificationLib" into the > log & check in this patch? What's the point of adding our internal tracker to it?

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

.@lists.01.org] On Behalf Of > Kevin Davis > Sent: Thursday, April 14, 2016 4:09 PM > To: Peter Jones <pjo...@redhat.com>; Zhang, Chao B > <chao.b.zh...@intel.com> > Cc: edk2-de...@ml01.01.org; Laszlo Ersek <ler...@redhat.com>; Long, Qin > <qin.l...@intel.com

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

com] Sent: Friday, April 15, 2016 7:55 AM To: Zhang, Chao B Cc: edk2-de...@ml01.01.org; Laszlo Ersek; Long, Qin; Peter Jones Subject: RE: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT Chao, If you would like to reference the USRT's Mantis ticket

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

Long, Qin <qin.l...@intel.com> Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT I agree with Peter. I just pinged the USRT about this. We can create a Mantis ticket for it and Chao can modify the Patch. Thanks, Kevin 戴連輝 US

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

-devel-boun...@lists.01.org] On Behalf Of Peter Jones Sent: Thursday, April 14, 2016 1:31 PM To: Zhang, Chao B <chao.b.zh...@intel.com> Cc: edk2-de...@ml01.01.org; Laszlo Ersek <ler...@redhat.com>; Long, Qin <qin.l...@intel.com> Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVe

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

On Thu, Apr 14, 2016 at 01:10:02AM +, Zhang, Chao B wrote: > Laszlo: >There is no CVE number. The issue was exposed during internal code >review. The code has been existing since 11/4/2014. So... why not? This is exactly the sort of issue that needs proper tracking. -- Peter

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

hang, Chao B Cc: edk2-de...@ml01.01.org; Long, Qin; Peter Jones Subject: Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT On 04/13/16 10:29, Zhang, Chao B wrote: > In image verification, if image verified pass in DBT, still nee

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

On 04/13/16 10:29, Zhang, Chao B wrote: > In image verification, if image verified pass in DBT, still need to verify if > it is blocked by any other cert/cert hash from DBX. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang > --- >

Re: [edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

Reviewed-by: Qin Long Best Regards & Thanks, LONG, Qin > -Original Message- > From: Zhang, Chao B > Sent: Wednesday, April 13, 2016 4:29 PM > To: edk2-devel@lists.01.org > Cc: Long, Qin; Zhang, Chao B > Subject: [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong

[edk2] [PATCH] SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT

In image verification, if image verified pass in DBT, still need to verify if it is blocked by any other cert/cert hash from DBX. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang ---