From 2dbfc91269fd944aeb82e0f9178e0ab278ccf0da Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 9 Jan 2024 12:29:01 +0100 Subject: [PATCH 1/2] OvmfPkg/VirtNorFlashDxe: stop accepting gEfiVariableGuid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Gerd Hoffmann RH-MergeRequest: 41: OvmfPkg/VirtNorFlashDxe: sanity-check variables RH-Jira: RHEL-20351 RH-Acked-by: Jon Maloy RH-Commit: [1/2] c39aca9d2933518dff4216f585fdfcc492f08673 Only accept gEfiAuthenticatedVariableGuid when checking the variable store header in ValidateFvHeader(). The edk2 code base has been switched to use the authenticated varstore format unconditionally (even in case secure boot is not used or supported) a few years ago. Suggested-by: László Érsek Signed-off-by: Gerd Hoffmann Reviewed-by: Laszlo Ersek Message-Id: <20240109112902.30002-3-kraxel@redhat.com> (cherry picked from commit ae22b2f136bcbd27135a5f4dd76d3a68a172d00e) --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c index db8eb595f4..904605cbbc 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c @@ -210,8 +210,7 @@ ValidateFvHeader ( VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + FwVolHeader->HeaderLength); // Check the Variable Store Guid - if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) && - !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { + if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) { DEBUG ((EFI_D_INFO, "%a: Variable Store Guid non-compatible\n", __FUNCTION__)); return EFI_NOT_FOUND; -- 2.41.0