subject:"\[edk2\-devel\] \[PATCH v2 8\/9\] UefiCpuPkg\/SecMigrationPei\: Add switch to control if produce PPI \(CVE\-2019\-11098\)"

Re: [edk2-devel] [PATCH v2 8/9] UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI (CVE-2019-11098)

2020-07-03 Thread Laszlo Ersek

On 07/02/20 07:15, Guomin Jiang wrote:
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614
> 
> SecMigrationPei create RepublishSecPpi, if the TOCTOU switch is off,
> the Ppi is meaningless, so relate it with TOCTOU switch to avoid
> producing useless PPI.
> 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Cc: Rahul Kumar 
> Signed-off-by: Guomin Jiang 
> ---
>  UefiCpuPkg/SecMigrationPei/SecMigrationPei.c   | 8 +---
>  UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf | 4 
>  2 files changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c 
> b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
> index f96013b09b21..ab8066e8e0de 100644
> --- a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
> +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
> @@ -363,10 +363,12 @@ SecMigrationPeiInitialize (
>IN CONST EFI_PEI_SERVICES  **PeiServices
>)
>  {
> -  EFI_STATUS  Status;
> +  EFI_STATUS  Status = EFI_SUCCESS;
>  
> -  Status = PeiServicesInstallPpi ();
> -  ASSERT_EFI_ERROR (Status);
> +  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
> +Status = PeiServicesInstallPpi ();
> +ASSERT_EFI_ERROR (Status);
> +  }
>  
>return Status;
>  }
> diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf 
> b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> index e29c04710941..8edbd3aa23a9 100644
> --- a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> @@ -60,5 +60,9 @@ [Ppis]
>## SOMETIMES_PRODUCES
>gEfiSecPlatformInformation2PpiGuid
>  
> +[Pcd]
> +  ## CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes
> +
>  [Depex]
>TRUE
> 

(1) This patch should be squashed into:

"UefiCpuPkg/SecMigrationPei: Add initial PEIM"

Thanks.
Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#62036): https://edk2.groups.io/g/devel/message/62036
Mute This Topic: https://groups.io/mt/75252667/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 8/9] UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI (CVE-2019-11098)

2020-07-01 Thread Guomin Jiang

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

SecMigrationPei create RepublishSecPpi, if the TOCTOU switch is off,
the Ppi is meaningless, so relate it with TOCTOU switch to avoid
producing useless PPI.

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Cc: Rahul Kumar 
Signed-off-by: Guomin Jiang 
---
 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c   | 8 +---
 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf | 4 
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c 
b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
index f96013b09b21..ab8066e8e0de 100644
--- a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
+++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
@@ -363,10 +363,12 @@ SecMigrationPeiInitialize (
   IN CONST EFI_PEI_SERVICES  **PeiServices
   )
 {
-  EFI_STATUS  Status;
+  EFI_STATUS  Status = EFI_SUCCESS;
 
-  Status = PeiServicesInstallPpi ();
-  ASSERT_EFI_ERROR (Status);
+  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
+Status = PeiServicesInstallPpi ();
+ASSERT_EFI_ERROR (Status);
+  }
 
   return Status;
 }
diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf 
b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
index e29c04710941..8edbd3aa23a9 100644
--- a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
+++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
@@ -60,5 +60,9 @@ [Ppis]
   ## SOMETIMES_PRODUCES
   gEfiSecPlatformInformation2PpiGuid
 
+[Pcd]
+  ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes
+
 [Depex]
   TRUE
-- 
2.25.1.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#61949): https://edk2.groups.io/g/devel/message/61949
Mute This Topic: https://groups.io/mt/75252667/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 8/9] UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI (CVE-2019-11098)

[edk2-devel] [PATCH v2 8/9] UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI (CVE-2019-11098)

2 matches

Site Navigation

Mail list logo

Footer information