Ubuntu
edk2 package

qemu-efi: guest can corrupt its own firmware

Bug #1812093 reported by dann frazier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
edk2 (Debian)
Fix Released
Unknown
edk2 (Ubuntu)
Fix Released
Undecided
dann frazier

Bug Description

[Impact]
LP: #1811722 and LP: #1811901 describe situations where buggy EFI apps can corrupt the firmware flash volume by dereferencing NULL pointers because we map the NOR flash at 0x0.

Upstream has merged patches to make these inadvertent accesses fault instead.

[Test Case]
Boot an arm64 guest w/ SecureBoot enabled using shim-signed 1.39, which is impacted by the bugs above. The guest will boot up into EFI, but crash in shim. Note that the checksum of the firmware flash volume (which should be RO) has changed from the system AAVMF_CODE.fd.

[Fix]
Backport the following patches from edk2 upstream:
51bb05c795 ArmVirtPkg/QemuVirtMemInfoLib: trim the MMIO region mapping
5e27deed43 ArmVirtPkg/NorFlashQemuLib: disregard our primary FV
aa1097921d ArmPkg/ArmMmuLib ARM: handle unmapped sections when updating permissions
36a87fec68 ArmPkg/ArmMmuLib ARM: handle unmapped section in GetMemoryRegion()

[Regression Risk]
It is possible that there are buggy VMs out there with EFI apps that happen to access the first page but do so without corrupting firmware (e.g. with "just" a read), but succeed in booting anyway. This would now cause these guests to crash.

See original description
dann frazier (dannf)
description: updated
Bug Watch Updater (bug-watch-updater)
Changed in edk2 (Debian):
status: Unknown → New
dann frazier (dannf)
Changed in edk2 (Ubuntu):
status: New → In Progress
assignee: nobody → dann frazier (dannf)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package edk2 - 0~20190309.89910a39-1ubuntu1

---------------
edk2 (0~20190309.89910a39-1ubuntu1) disco; urgency=medium

  * Merge with Debian experimental. Remaining changes:
    - debian/patches/enroll-default-keys.patch: Build EnrollDefaultKeys.efi to
      provide an automated way of injecting Microsoft signing keys in VMs that
      need them.
    - debian/control: add genisoimage, qemu-utils, qemu-system-x86, python3 to
      Build-Depends for the automatic key enrollment process.
    - debian/rules:
      - build a SecureBoot/SMM enabled variant of OVMF_CODE too.
      - build OVMF_VARS.ms.fd with embedded Microsoft keys from the binary
        EnrollDefaultKeys.efi
    - debian/ovmf.links: add OVMF_CODE.ms.fd.
    - debian/ovmf.install: install OVMF_VARS.ms.fd.
  * debian/control: Fold and sort Build-Depends line.
  * debian/control: Add bc to Build-Depends, as it is now used by
    edksetup.sh.
  * debian/control: Add python3-distutils to Build-Depends. Part of
    the build will now use python3 instead of python if found at build-time.
    However, the build requires distutils, and upstream only embeds the
    python(2) version of that.

 -- dann frazier <email address hidden> Mon, 18 Mar 2019 21:44:41 -0600

Changed in edk2 (Ubuntu):
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in edk2 (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.