Re: [edk2] [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE

2018-10-16 Thread Yao, Jiewen 
Reviewed-by: jiewen@intel.com

> -Original Message-
> From: Zeng, Star
> Sent: Tuesday, October 16, 2018 10:41 AM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star ; Yao, Jiewen ;
> Zhang, Chao B ; Wang, Jian J
> 
> Subject: [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on
> APPEND_WRITE
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415
> 
> When SetVariable() to a time based auth variable with APPEND_WRITE
> attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in
> the input Data is earlier than current value, it will cause timestamp
> zeroing.
> 
> This issue may bring time based auth variable downgrade problem.
> For example:
> A vendor released three certs at 2014, 2015, and 2016, and system
> integrated the 2016 cert. User can SetVariable() with 2015 cert and
> APPEND_WRITE attribute to cause timestamp zeroing first, then
> SetVariable() with 2014 cert to downgrade the cert.
> 
> This patch fixes this issue.
> 
> Cc: Jiewen Yao 
> Cc: Chao Zhang 
> Cc: Jian J Wang 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Star Zeng 
> ---
>  MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> index a2d61c8cd618..8e8db71bd201 100644
> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
> @@ -2462,6 +2462,8 @@ UpdateVariable (
>  if (Variable->CurrPtr != NULL) {
>if (VariableCompareTimeStampInternal
> (&(((AUTHENTICATED_VARIABLE_HEADER *)
> CacheVariable->CurrPtr)->TimeStamp), TimeStamp)) {
>  CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof
> (EFI_TIME));
> +  } else {
> +CopyMem (&AuthVariable->TimeStamp,
> &(((AUTHENTICATED_VARIABLE_HEADER *)
> CacheVariable->CurrPtr)->TimeStamp), sizeof (EFI_TIME));
>}
>  }
>}
> --
> 2.7.0.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on APPEND_WRITE

2018-10-15 Thread Star Zeng 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415

When SetVariable() to a time based auth variable with APPEND_WRITE
attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in
the input Data is earlier than current value, it will cause timestamp
zeroing.

This issue may bring time based auth variable downgrade problem.
For example:
A vendor released three certs at 2014, 2015, and 2016, and system
integrated the 2016 cert. User can SetVariable() with 2015 cert and
APPEND_WRITE attribute to cause timestamp zeroing first, then
SetVariable() with 2014 cert to downgrade the cert.

This patch fixes this issue.

Cc: Jiewen Yao 
Cc: Chao Zhang 
Cc: Jian J Wang 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng 
---
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c 
b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index a2d61c8cd618..8e8db71bd201 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -2462,6 +2462,8 @@ UpdateVariable (
 if (Variable->CurrPtr != NULL) {
   if (VariableCompareTimeStampInternal 
(&(((AUTHENTICATED_VARIABLE_HEADER *) CacheVariable->CurrPtr)->TimeStamp), 
TimeStamp)) {
 CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof (EFI_TIME));
+  } else {
+CopyMem (&AuthVariable->TimeStamp, 
&(((AUTHENTICATED_VARIABLE_HEADER *) CacheVariable->CurrPtr)->TimeStamp), 
sizeof (EFI_TIME));
   }
 }
   }
-- 
2.7.0.windows.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel