Reviewed-by: jiewen....@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Tuesday, October 16, 2018 10:41 AM > To: edk2-devel@lists.01.org > Cc: Zeng, Star <star.z...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; > Zhang, Chao B <chao.b.zh...@intel.com>; Wang, Jian J > <jian.j.w...@intel.com> > Subject: [PATCH] MdeModulePkg Variable: Fix Timestamp zeroing issue on > APPEND_WRITE > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415 > > When SetVariable() to a time based auth variable with APPEND_WRITE > attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in > the input Data is earlier than current value, it will cause timestamp > zeroing. > > This issue may bring time based auth variable downgrade problem. > For example: > A vendor released three certs at 2014, 2015, and 2016, and system > integrated the 2016 cert. User can SetVariable() with 2015 cert and > APPEND_WRITE attribute to cause timestamp zeroing first, then > SetVariable() with 2014 cert to downgrade the cert. > > This patch fixes this issue. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Star Zeng <star.z...@intel.com> > --- > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > index a2d61c8cd618..8e8db71bd201 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > @@ -2462,6 +2462,8 @@ UpdateVariable ( > if (Variable->CurrPtr != NULL) { > if (VariableCompareTimeStampInternal > (&(((AUTHENTICATED_VARIABLE_HEADER *) > CacheVariable->CurrPtr)->TimeStamp), TimeStamp)) { > CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof > (EFI_TIME)); > + } else { > + CopyMem (&AuthVariable->TimeStamp, > &(((AUTHENTICATED_VARIABLE_HEADER *) > CacheVariable->CurrPtr)->TimeStamp), sizeof (EFI_TIME)); > } > } > } > -- > 2.7.0.windows.1
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel