On 12/14/23 16:31, Gerd Hoffmann wrote:
> Hi,
>
>> The general idea is, once we don't trust the varstore, there cannot be
>> a *single* unchecked addition in the code. (Unless we can *prove* that
>> overflow is impossible.)
>
> There are some cases where we add a small, constant number to a
Hi,
> The general idea is, once we don't trust the varstore, there cannot be
> a *single* unchecked addition in the code. (Unless we can *prove* that
> overflow is impossible.)
There are some cases where we add a small, constant number to a value we
know is smaller than
On 12/7/23 10:44, Gerd Hoffmann wrote:
> Extend the ValidateFvHeader function, additionally to the header checks
> walk over the list of variables and sanity check them.
>
> In case we find inconsistencies indicating variable store corruption
> return EFI_NOT_FOUND so the variable store will be
On Thu, Dec 07, 2023 at 05:16:10PM +0100, Ard Biesheuvel wrote:
> Hi Gerd,
>
> On Thu, 7 Dec 2023 at 10:44, Gerd Hoffmann wrote:
> >
> > Extend the ValidateFvHeader function, additionally to the header checks
> > walk over the list of variables and sanity check them.
> >
> > In case we find
Hi Gerd,
On Thu, 7 Dec 2023 at 10:44, Gerd Hoffmann wrote:
>
> Extend the ValidateFvHeader function, additionally to the header checks
> walk over the list of variables and sanity check them.
>
> In case we find inconsistencies indicating variable store corruption
> return EFI_NOT_FOUND so the
Extend the ValidateFvHeader function, additionally to the header checks
walk over the list of variables and sanity check them.
In case we find inconsistencies indicating variable store corruption
return EFI_NOT_FOUND so the variable store will be re-initialized.
Signed-off-by: Gerd Hoffmann
---