From patchwork Tue Nov 20 09:01:46 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ming Huang <ming.huang@linaro.org>
X-Patchwork-Id: 151561
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp351548ljp;
 Tue, 20 Nov 2018 01:02:03 -0800 (PST)
X-Google-Smtp-Source: AFSGD/W7v0V4j5q/sbZKnM4NtJmcDafvkle90FkB1ZlxupYrNUMf/hR3YMaJTYV+QH6iRiEZvrON
X-Received: by 2002:a63:36c4:: with SMTP id
 d187mr1132952pga.404.1542704523607; 
 Tue, 20 Nov 2018 01:02:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542704523; cv=none;
 d=google.com; s=arc-20160816;
 b=KUmetqjukPcWpAncpnnbd39wX7jqoV12hofGePMF5KGw4Qh6Ep2FC6Mbpz71bWan4o
 MRWWzGrC/u4q9GNgTgztNfW6qtd8sCz46/inWj2YW5S9R0995YcomRFWC8pVahoisBXT
 dEesKBVo1FioUCMj0+vUE6VRbYiqso4aBMbfgEFbbzqnSeE+5nDZ39gdV7QPQcKVuClz
 KU8rWFVUqoQ519HKjWV1honzZp6bQC6GCl0R2UskR5dBL1NZsp4LQzrIqmXxuUglVXqW
 J4+TkjxDZcO6sfUbyZl0FVy/tk9geh9rqd9dkQOpTfnrpZ6DyQGaZhzT/G5PAHF91532
 jPZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:mime-version:cc
 :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
 :list-id:precedence:subject:references:in-reply-to:message-id:date
 :to:from:dkim-signature:delivered-to;
 bh=Kswa4HK0pUwV7oL70XT1oE2PTwwCuXBomd+LWN6u6sY=;
 b=hIjVWLGhXb2kBZGHwtFzPcR7TMdXzHxaiRhYy9nwO4b+Me7raeuQLqB0AztNsWFi2U
 e3OUhx27iNgqGV4+d7Af20v6Clz2g7PAaArH3AfkG35jZnTDOtkjPf0J5tB3PYxNVYeT
 m+3yINLJ3mCtKQmdxUMPWm2JpfJEBbiBYOgaQ/MyQ4snbpCjq3K3Yu/MscCvgBTXCjuv
 qiA+HsNyzjX1Lghd5t87lPmQIl+A45VhZLNDX1af38tiA77E4R84bL+Zc0J4mUFCMh8o
 6eNEyAC8sIuB491sVWnV35bMg5jHuwvdGG2Au+Vf6rm/nZ3NSw7WS0DFpbktMefr3rYE
 UWOg==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=U8McWSln; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [198.145.21.10])
 by mx.google.com with ESMTPS id
 u21si41896434pgm.21.2018.11.20.01.02.03
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 20 Nov 2018 01:02:03 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender) client-ip=198.145.21.10; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@linaro.org
 header.s=google header.b=U8McWSln; 
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 198.145.21.10 as
 permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 3731321193590;
 Tue, 20 Nov 2018 01:02:03 -0800 (PST)
X-Original-To: edk2-devel@lists.01.org
Delivered-To: edk2-devel@lists.01.org
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:4864:20::444; helo=mail-pf1-x444.google.com;
 envelope-from=ming.huang@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com
 [IPv6:2607:f8b0:4864:20::444])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 1A2E621959CB2
 for <edk2-devel@lists.01.org>; Tue, 20 Nov 2018 01:02:02 -0800 (PST)
Received: by mail-pf1-x444.google.com with SMTP id z9so689524pfi.2
 for <edk2-devel@lists.01.org>; Tue, 20 Nov 2018 01:02:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=lIRDHnJPp8G+AxBhDqM2R6/srX7TycJcA74pxVoPG8M=;
 b=U8McWSlnxox8dW36Q3fPrxtkXGtuCLsLumEjMtEuuBp4H9AKk3wxNxSRh693eNnQJI
 quDCbIXh4oh155NDH3mMyu7ASAAbSVUr5L4RyONudguQCSFO9k28jQYxsd4T1UPaUO27
 gKgC376x729LXBRx/Cnd1QuhxC+6WIIM7BgGI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=lIRDHnJPp8G+AxBhDqM2R6/srX7TycJcA74pxVoPG8M=;
 b=uk3UG7ePPfiGXjX+dfvRp8pSiYY/nAKY7hD//r/r/4oplMLhSZ7MF41jqfJdeT3CTI
 CF/gr7ohrDWaV+0zXFvdIBwL6ShZMdhDp4A/VB62mSLkI3nOR7FoPc2mMASle8NwkY2n
 fgcgMVOwyH0p7bb8aCmPEG/fBDJqROcJJa7gNyhBdCI2J39Ecvyk15+oyp+QU4heOlTS
 AbmzLJpTJmGD24VgtOefV/mbrM1VpgyV4hHftHHgYkFy906elyXfcA/41x5lCVvT0C4y
 4q+doVG3IavFY6utbRn0bj0A7jvYVnZDrADCfwUwtg1bFigiUE/GMncLGsoywbi8wBQE
 nYog==
X-Gm-Message-State: AA+aEWYvo/VRsIdtBmSwgiIxnxwe0masSGM2BVv7NqF992CvPpsteDmY
 tzmcarMvigUKDR7IkhPR149ioA==
X-Received: by 2002:a62:4b4d:: with SMTP id y74mr58353pfa.186.1542704521750; 
 Tue, 20 Nov 2018 01:02:01 -0800 (PST)
Received: from localhost.localdomain ([114.119.4.74])
 by smtp.gmail.com with ESMTPSA id
 f13sm24151250pfa.132.2018.11.20.01.01.58
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Tue, 20 Nov 2018 01:02:01 -0800 (PST)
From: Ming Huang <ming.huang@linaro.org>
To: leif.lindholm@linaro.org, linaro-uefi@lists.linaro.org,
 edk2-devel@lists.01.org, graeme.gregory@linaro.org
Date: Tue, 20 Nov 2018 17:01:46 +0800
Message-Id: <20181120090150.1102-2-ming.huang@linaro.org>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20181120090150.1102-1-ming.huang@linaro.org>
References: <20181120090150.1102-1-ming.huang@linaro.org>
Subject: [edk2] [PATCH edk2-platforms v3 1/5] Hisilicon/D0x: Fix secure boot
 bug in FlashFvbDxe
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: huangming23@huawei.com, xinliang.liu@linaro.org, john.garry@huawei.com, 
 zhangjinsong2@huawei.com, huangdaode@hisilicon.com,
 zhangfeng56@huawei.com, 
 michael.d.kinney@intel.com, lersek@redhat.com, wanghuiqiang@huawei.com
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

Now that the generic Variable Runtime DXE code no longer
distinguishes between gEfiVariableGuid and
gEfiAuthenticatedVariableGuid in the varstore FV header.
We can relax the check in the flashFvb driver to accept
either GUID regardless of whether we are running a secure
boot capable build or not.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ming Huang <ming.huang@linaro.org>
---
 Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf | 1 +
 Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c   | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

-- 
2.9.5

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

diff --git a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf
index f8be4741ef7c..a0226e0d87c0 100644
--- a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf
+++ b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.inf
@@ -44,6 +44,7 @@ [LibraryClasses]
   UefiRuntimeLib
 
 [Guids]
+  gEfiAuthenticatedVariableGuid
   gEfiSystemNvDataFvGuid
   gEfiVariableGuid
 
diff --git a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c
index e18cc9e06ec2..12baed41cd4e 100644
--- a/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c
+++ b/Silicon/Hisilicon/Drivers/FlashFvbDxe/FlashFvbDxe.c
@@ -189,7 +189,7 @@ InitializeFvAndVariableStoreHeaders (
     // VARIABLE_STORE_HEADER
     //
     VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)Headers + (UINTN)FirmwareVolumeHeader->HeaderLength);
-    CopyGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid);
+    CopyGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid);
     VariableStoreHeader->Size = PcdGet32(PcdFlashNvStorageVariableSize) - FirmwareVolumeHeader->HeaderLength;
     VariableStoreHeader->Format            = VARIABLE_STORE_FORMATTED;
     VariableStoreHeader->State             = VARIABLE_STORE_HEALTHY;
@@ -258,7 +258,8 @@ ValidateFvHeader (
     VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + (UINTN)FwVolHeader->HeaderLength);
 
     // Check the Variable Store Guid
-    if ( CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) == FALSE )
+    if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) &&
+        !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid))
     {
         DEBUG ((EFI_D_ERROR, "ValidateFvHeader: Variable Store Guid non-compatible\n"));
         return EFI_NOT_FOUND;