From abe5b633eaae333190fb742af3fa15968f02a92e Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 9 Jan 2024 12:29:01 +0100 Subject: [PATCH 1/2] OvmfPkg/VirtNorFlashDxe: stop accepting gEfiVariableGuid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Gerd Hoffmann RH-MergeRequest: 42: OvmfPkg/VirtNorFlashDxe: sanity-check variables RH-Jira: RHEL-17587 RH-Acked-by: Laszlo Ersek RH-Commit: [1/2] 790f895bd180bc2c4b957a7a3c7d07e9107dd74b Only accept gEfiAuthenticatedVariableGuid when checking the variable store header in ValidateFvHeader(). The edk2 code base has been switched to use the authenticated varstore format unconditionally (even in case secure boot is not used or supported) a few years ago. Suggested-by: László Érsek Signed-off-by: Gerd Hoffmann Reviewed-by: Laszlo Ersek Message-Id: <20240109112902.30002-3-kraxel@redhat.com> (cherry picked from commit ae22b2f136bcbd27135a5f4dd76d3a68a172d00e) --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c index db8eb595f4..904605cbbc 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c @@ -210,8 +210,7 @@ ValidateFvHeader ( VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + FwVolHeader->HeaderLength); // Check the Variable Store Guid - if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && - !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { + if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { DEBUG ((EFI_D_INFO, "%a: Variable Store Guid non-compatible\n", __FUNCTION__)); return EFI_NOT_FOUND; -- 2.41.0