diff options
author | oliviermartin <oliviermartin@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-12-13 09:42:36 +0000 |
---|---|---|
committer | oliviermartin <oliviermartin@6f19259b-4bc3-4df7-8a09-765794883524> | 2011-12-13 09:42:36 +0000 |
commit | 4d832aabbf0e917d1e66e78f3954d4bd46aa50e0 (patch) | |
tree | 54c0dcceff3d355a861113f58dbc63c5d34269a7 /SecurityPkg/VariableAuthenticated/Pei | |
parent | 3aa1ff61b29f0d2da5d920b70eee576f3680561c (diff) | |
download | edk2-platforms-4d832aabbf0e917d1e66e78f3954d4bd46aa50e0.tar.xz |
SecurityPkg/VariableAuthenticated: Check if there is a NV Variable Storage header prior to use its attributes
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of
EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at
the base address.
In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength'
is a non valid value that can lead to a non valid physical address when accessing produces an
access error.
Signed-off-by: oliviermartin
Reviewed-by: rsun3
Reviewed-by: niruiyu
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated/Pei')
-rw-r--r-- | SecurityPkg/VariableAuthenticated/Pei/Variable.c | 9 | ||||
-rw-r--r-- | SecurityPkg/VariableAuthenticated/Pei/Variable.h | 1 | ||||
-rw-r--r-- | SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf | 1 |
3 files changed, 11 insertions, 0 deletions
diff --git a/SecurityPkg/VariableAuthenticated/Pei/Variable.c b/SecurityPkg/VariableAuthenticated/Pei/Variable.c index 7549be2dca..d27f679073 100644 --- a/SecurityPkg/VariableAuthenticated/Pei/Variable.c +++ b/SecurityPkg/VariableAuthenticated/Pei/Variable.c @@ -359,6 +359,15 @@ GetVariableStore ( PcdGet64 (PcdFlashNvStorageVariableBase64) :
PcdGet32 (PcdFlashNvStorageVariableBase)
);
+
+ //
+ // Check if the Firmware Volume is not corrupted
+ //
+ if ((FvHeader->Signature != EFI_FVH_SIGNATURE) || (!CompareGuid (&gEfiSystemNvDataFvGuid, &FvHeader->FileSystemGuid))) {
+ DEBUG ((EFI_D_ERROR, "Firmware Volume for Variable Store is corrupted\n"));
+ break;
+ }
+
VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINT8 *) FvHeader + FvHeader->HeaderLength);
if (IndexTable != NULL) {
diff --git a/SecurityPkg/VariableAuthenticated/Pei/Variable.h b/SecurityPkg/VariableAuthenticated/Pei/Variable.h index 75d32dac5f..a85d3bbab6 100644 --- a/SecurityPkg/VariableAuthenticated/Pei/Variable.h +++ b/SecurityPkg/VariableAuthenticated/Pei/Variable.h @@ -29,6 +29,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/VariableIndexTable.h>
+#include <Guid/SystemNvDataGuid.h>
typedef enum {
VariableStoreTypeHob,
diff --git a/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf b/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf index 7863293ff8..e74143cd19 100644 --- a/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf +++ b/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf @@ -46,6 +46,7 @@ [Guids]
gEfiAuthenticatedVariableGuid
gEfiVariableIndexTableGuid
+ gEfiSystemNvDataFvGuid
[Ppis]
gEfiPeiReadOnlyVariable2PpiGuid ## SOMETIMES_PRODUCES (Not for boot mode RECOVERY)
|