From fc7a119df2b639320ed32946136d74d40798f0cd Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Mon, 15 Jan 2024 08:56:12 -0500 Subject: [PATCH] * Mon Jan 15 2024 Miroslav Rezanina - 20231122-2 - edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963] - Resolves: RHEL-20963 ([rhel9] guest fails to boot due to ASSERT error) --- ...t-use-gEfiAuthenticatedVariableGuid-.patch | 52 +++++ ...rtNorFlashDxe-sanity-check-variables.patch | 210 ++++++++++++++++++ ...lashDxe-stop-accepting-gEfiVariableG.patch | 42 ++++ edk2.spec | 12 +- 4 files changed, 315 insertions(+), 1 deletion(-) create mode 100644 edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch create mode 100644 edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch create mode 100644 edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch diff --git a/edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch b/edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch new file mode 100644 index 0000000..74f594f --- /dev/null +++ b/edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch @@ -0,0 +1,52 @@ +From 390efa52b8c2b61bcc6f24cc9f3b805798150b6e Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 9 Jan 2024 12:29:00 +0100 +Subject: [PATCH 1/3] OvmfPkg/RiscVVirt: use gEfiAuthenticatedVariableGuid + unconditionally +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +ArmVirt and OVMF are doing the same. + +See commit d92eaabefbe0 ("OvmfPkg: simplify VARIABLE_STORE_HEADER +generation") for details. + +Suggested-by: László Érsek +Signed-off-by: Gerd Hoffmann +Reviewed-by: Sunil V L +Reviewed-by: Laszlo Ersek +Message-Id: <20240109112902.30002-2-kraxel@redhat.com> +(cherry picked from commit 3b1ddbddeee64cee5aba4f0170fbf5e4781d4879) +--- + OvmfPkg/RiscVVirt/VarStore.fdf.inc | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git a/OvmfPkg/RiscVVirt/VarStore.fdf.inc b/OvmfPkg/RiscVVirt/VarStore.fdf.inc +index aba32315cc..6679c246b3 100644 +--- a/OvmfPkg/RiscVVirt/VarStore.fdf.inc ++++ b/OvmfPkg/RiscVVirt/VarStore.fdf.inc +@@ -36,19 +36,12 @@ DATA = { + # Blockmap[1]: End + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ## This is the VARIABLE_STORE_HEADER +-!if $(SECURE_BOOT_ENABLE) == TRUE ++ # It is compatible with SECURE_BOOT_ENABLE == FALSE as well. + # Signature: gEfiAuthenticatedVariableGuid = + # { 0xaaf32c78, 0x947b, 0x439a, + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, +-!else +- # Signature: gEfiVariableGuid = +- # { 0xddcf3616, 0x3275, 0x4164, +- # { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }} +- 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41, +- 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d, +-!endif + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3FFB8 + # This can speed up the Variable Dispatch a bit. +-- +2.39.3 + diff --git a/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch b/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch new file mode 100644 index 0000000..847f62e --- /dev/null +++ b/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch @@ -0,0 +1,210 @@ +From d557e973e4a400325f68014e463201a5b48c1547 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 9 Jan 2024 12:29:02 +0100 +Subject: [PATCH 3/3] OvmfPkg/VirtNorFlashDxe: sanity-check variables + +Extend the ValidateFvHeader function, additionally to the header checks +walk over the list of variables and sanity check them. + +In case we find inconsistencies indicating variable store corruption +return EFI_NOT_FOUND so the variable store will be re-initialized. + +Signed-off-by: Gerd Hoffmann +Message-Id: <20240109112902.30002-4-kraxel@redhat.com> +Reviewed-by: Laszlo Ersek +[lersek@redhat.com: fix StartId initialization/assignment coding style] +(cherry picked from commit 4a443f73fd67ca8caaf0a3e1a01f8231b330d2e0) +--- + OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf | 1 + + OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 149 +++++++++++++++++++- + 2 files changed, 145 insertions(+), 5 deletions(-) + +diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf +index 2a3d4a218e..f549400280 100644 +--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf ++++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf +@@ -34,6 +34,7 @@ + DxeServicesTableLib + HobLib + IoLib ++ SafeIntLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiLib +diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c +index 9a614ae4b2..8fcd999ac6 100644 +--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c ++++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -185,11 +186,12 @@ ValidateFvHeader ( + IN NOR_FLASH_INSTANCE *Instance + ) + { +- UINT16 Checksum; +- EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader; +- VARIABLE_STORE_HEADER *VariableStoreHeader; +- UINTN VariableStoreLength; +- UINTN FvLength; ++ UINT16 Checksum; ++ CONST EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader; ++ CONST VARIABLE_STORE_HEADER *VariableStoreHeader; ++ UINTN VarOffset; ++ UINTN VariableStoreLength; ++ UINTN FvLength; + + FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)Instance->RegionBaseAddress; + +@@ -258,6 +260,143 @@ ValidateFvHeader ( + return EFI_NOT_FOUND; + } + ++ // ++ // check variables ++ // ++ DEBUG ((DEBUG_INFO, "%a: checking variables\n", __func__)); ++ VarOffset = sizeof (*VariableStoreHeader); ++ for ( ; ;) { ++ UINTN VarHeaderEnd; ++ UINTN VarNameEnd; ++ UINTN VarEnd; ++ UINTN VarPadding; ++ CONST AUTHENTICATED_VARIABLE_HEADER *VarHeader; ++ CONST CHAR16 *VarName; ++ CONST CHAR8 *VarState; ++ RETURN_STATUS Status; ++ ++ Status = SafeUintnAdd (VarOffset, sizeof (*VarHeader), &VarHeaderEnd); ++ if (RETURN_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__)); ++ return EFI_NOT_FOUND; ++ } ++ ++ if (VarHeaderEnd >= VariableStoreHeader->Size) { ++ if (VarOffset <= VariableStoreHeader->Size - sizeof (UINT16)) { ++ CONST UINT16 *StartId; ++ ++ StartId = (VOID *)((UINTN)VariableStoreHeader + VarOffset); ++ if (*StartId == 0x55aa) { ++ DEBUG ((DEBUG_ERROR, "%a: startid at invalid location\n", __func__)); ++ return EFI_NOT_FOUND; ++ } ++ } ++ ++ DEBUG ((DEBUG_INFO, "%a: end of var list (no space left)\n", __func__)); ++ break; ++ } ++ ++ VarHeader = (VOID *)((UINTN)VariableStoreHeader + VarOffset); ++ if (VarHeader->StartId != 0x55aa) { ++ DEBUG ((DEBUG_INFO, "%a: end of var list (no startid)\n", __func__)); ++ break; ++ } ++ ++ VarName = NULL; ++ switch (VarHeader->State) { ++ // usage: State = VAR_HEADER_VALID_ONLY ++ case VAR_HEADER_VALID_ONLY: ++ VarState = "header-ok"; ++ VarName = L""; ++ break; ++ ++ // usage: State = VAR_ADDED ++ case VAR_ADDED: ++ VarState = "ok"; ++ break; ++ ++ // usage: State &= VAR_IN_DELETED_TRANSITION ++ case VAR_ADDED &VAR_IN_DELETED_TRANSITION: ++ VarState = "del-in-transition"; ++ break; ++ ++ // usage: State &= VAR_DELETED ++ case VAR_ADDED &VAR_DELETED: ++ case VAR_ADDED &VAR_DELETED &VAR_IN_DELETED_TRANSITION: ++ VarState = "deleted"; ++ break; ++ ++ default: ++ DEBUG (( ++ DEBUG_ERROR, ++ "%a: invalid variable state: 0x%x\n", ++ __func__, ++ VarHeader->State ++ )); ++ return EFI_NOT_FOUND; ++ } ++ ++ Status = SafeUintnAdd (VarHeaderEnd, VarHeader->NameSize, &VarNameEnd); ++ if (RETURN_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__)); ++ return EFI_NOT_FOUND; ++ } ++ ++ Status = SafeUintnAdd (VarNameEnd, VarHeader->DataSize, &VarEnd); ++ if (RETURN_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__)); ++ return EFI_NOT_FOUND; ++ } ++ ++ if (VarEnd > VariableStoreHeader->Size) { ++ DEBUG (( ++ DEBUG_ERROR, ++ "%a: invalid variable size: 0x%Lx + 0x%Lx + 0x%x + 0x%x > 0x%x\n", ++ __func__, ++ (UINT64)VarOffset, ++ (UINT64)(sizeof (*VarHeader)), ++ VarHeader->NameSize, ++ VarHeader->DataSize, ++ VariableStoreHeader->Size ++ )); ++ return EFI_NOT_FOUND; ++ } ++ ++ if (((VarHeader->NameSize & 1) != 0) || ++ (VarHeader->NameSize < 4)) ++ { ++ DEBUG ((DEBUG_ERROR, "%a: invalid name size\n", __func__)); ++ return EFI_NOT_FOUND; ++ } ++ ++ if (VarName == NULL) { ++ VarName = (VOID *)((UINTN)VariableStoreHeader + VarHeaderEnd); ++ if (VarName[VarHeader->NameSize / 2 - 1] != L'\0') { ++ DEBUG ((DEBUG_ERROR, "%a: name is not null terminated\n", __func__)); ++ return EFI_NOT_FOUND; ++ } ++ } ++ ++ DEBUG (( ++ DEBUG_VERBOSE, ++ "%a: +0x%04Lx: name=0x%x data=0x%x guid=%g '%s' (%a)\n", ++ __func__, ++ (UINT64)VarOffset, ++ VarHeader->NameSize, ++ VarHeader->DataSize, ++ &VarHeader->VendorGuid, ++ VarName, ++ VarState ++ )); ++ ++ VarPadding = (4 - (VarEnd & 3)) & 3; ++ Status = SafeUintnAdd (VarEnd, VarPadding, &VarOffset); ++ if (RETURN_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__)); ++ return EFI_NOT_FOUND; ++ } ++ } ++ + return EFI_SUCCESS; + } + +-- +2.39.3 + diff --git a/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch b/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch new file mode 100644 index 0000000..e49c2cc --- /dev/null +++ b/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch @@ -0,0 +1,42 @@ +From 77047a56601aaa955a12030343bdee973b9d393d Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 9 Jan 2024 12:29:01 +0100 +Subject: [PATCH 2/3] OvmfPkg/VirtNorFlashDxe: stop accepting gEfiVariableGuid +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Only accept gEfiAuthenticatedVariableGuid when checking the variable +store header in ValidateFvHeader(). + +The edk2 code base has been switched to use the authenticated varstore +format unconditionally (even in case secure boot is not used or +supported) a few years ago. + +Suggested-by: László Érsek +Signed-off-by: Gerd Hoffmann +Reviewed-by: Laszlo Ersek +Message-Id: <20240109112902.30002-3-kraxel@redhat.com> +(cherry picked from commit ae22b2f136bcbd27135a5f4dd76d3a68a172d00e) +--- + OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c +index 5ee98e9b59..9a614ae4b2 100644 +--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c ++++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c +@@ -239,9 +239,7 @@ ValidateFvHeader ( + VariableStoreHeader = (VARIABLE_STORE_HEADER *)((UINTN)FwVolHeader + FwVolHeader->HeaderLength); + + // Check the Variable Store Guid +- if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && +- !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) +- { ++ if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { + DEBUG (( + DEBUG_INFO, + "%a: Variable Store Guid non-compatible\n", +-- +2.39.3 + diff --git a/edk2.spec b/edk2.spec index 6436655..9a80951 100644 --- a/edk2.spec +++ b/edk2.spec @@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE} -Release: 1%{?dist} +Release: 2%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -81,6 +81,9 @@ Patch28: 0028-distro-apply-git-diff-c9s-new_c9s-by-mirek.patch Patch29: 0029-CryptoPkg-CrtLib-add-stat.h-include-file.patch Patch30: 0030-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch Patch31: 0031-ArmVirtQemu-Allow-EFI-memory-attributes-protocol-to-.patch +Patch32: edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch +Patch33: edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch +Patch34: edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and @@ -414,6 +417,13 @@ install -m 0644 \ %changelog +* Mon Jan 15 2024 Miroslav Rezanina - 20231122-2 +- edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963] +- edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963] +- edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963] +- Resolves: RHEL-20963 + ([rhel9] guest fails to boot due to ASSERT error) + * Fri Dec 15 2023 Miroslav Rezanina - 20231122-1 - Rebase to edk2-stable202311 [RHEL-12323] - Switch to OpenSSL 3.0 [RHEL-49]