Reviewed-by: jiewen@intel.com
> -Original Message-
> From: Zeng, Star
> Sent: Tuesday, October 16, 2018 10:41 AM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star ; Yao, Jiewen ;
> Zhang, Chao B ; Wang, Jian J
>
> Subject: [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on
> APPEND_WRITE
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415
>
> When SetVariable() to a time based auth variable with APPEND_WRITE
> attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in
> the input Data is earlier than current value, it will cause timestamp
> zeroing.
>
> This issue may bring time based auth variable downgrade problem.
> For example:
> A vendor released three certs at 2014, 2015, and 2016, and system
> integrated the 2016 cert. User can SetVariable() with 2015 cert and
> APPEND_WRITE attribute to cause timestamp zeroing first, then
> SetVariable() with 2014 cert to downgrade the cert.
>
> This patch fixes this issue.
>
> Cc: Jiewen Yao
> Cc: Chao Zhang
> Cc: Jian J Wang
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Star Zeng
> ---
> MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> index a2d61c8cd618..8e8db71bd201 100644
> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> @@ -2462,6 +2462,8 @@ UpdateVariable (
> if (Variable->CurrPtr != NULL) {
>if (VariableCompareTimeStampInternal
> (&(((AUTHENTICATED_VARIABLE_HEADER *)
> CacheVariable->CurrPtr)->TimeStamp), TimeStamp)) {
> CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof
> (EFI_TIME));
> + } else {
> +CopyMem (&AuthVariable->TimeStamp,
> &(((AUTHENTICATED_VARIABLE_HEADER *)
> CacheVariable->CurrPtr)->TimeStamp), sizeof (EFI_TIME));
>}
> }
>}
> --
> 2.7.0.windows.1
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel