Add UEFI variable append tests #361
Conversation
dinhngtu
force-pushed
the
dnt/varstored
branch
from
16a502c to
4596f70
Compare
|
I don't understand all of that, but just wonder if part of the message in commit log could make sense as a comment in test ? |
|
The context is here: https://xcp-ng.org/blog/2025/10/30/xcp-ng-8-3-varstored-update-unbootable-vm-risk-and-remediation/ In short, the dbx variable previously used in the bad update did not use the Microsoft owner GUID, preventing deduplication of EFI signature data entries during an append call. Normally, this would not cause the VM to crash; except varstored does not check for the variable data length on append (https://redirect.github.com/xapi-project/varstored/commit/46edc9d071bdee42a80b312540c0fc076c227db0, backported but still not released), triggering the issue. |
dinhngtu
force-pushed
the
dnt/varstored
branch
from
4596f70 to
9d3d2fc
Compare
|
|
||
| # Variable attributes for time based authentication attrs | ||
| EFI_AT_ATTRS = 0x27 | ||
| EFI_VARIABLE_APPEND_WRITE = 0x40 |
There was a problem hiding this comment.
I would put reference to source:
https://uefi.org/specs/UEFI/2.10/08_Services_Runtime_Services.html
Unless there is a python module that define those constants
* Rename secureboot_certs to secureboot_objects * Delete unused files Signed-off-by: Tu Dinh <ngoc-tu.dinh@vates.tech>
Signed-off-by: Tu Dinh <ngoc-tu.dinh@vates.tech>
Fallout from the varstored update. At the moment, test the following scenarios: * From the varstored defaults, append MS dbx and verify VM boots * From the varstored 1.2.0-3.1 defaults, append MS dbx and verify VM boots (which implies not having the oversized variable append bug) Signed-off-by: Tu Dinh <ngoc-tu.dinh@vates.tech>
dinhngtu
force-pushed
the
dnt/varstored
branch
from
9d3d2fc to
bcdcbdb
Compare
Fallout from the varstored update.
At the moment, test the following scenarios: