Bug 869670 - shim: GetTime may require synchronization
shim: GetTime may require synchronization
Product: Fedora
Classification: Fedora
Component: shim (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Matthew Garrett
Fedora Extras Quality Assurance
Depends On:
Blocks: 869613
  Show dependency treegraph
Reported: 2012-10-24 10:21 EDT by Florian Weimer
Modified: 2013-01-10 03:33 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-10-24 10:33:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2012-10-24 10:21:09 EDT
The PKCS#7 validator copied from OpenSSL appears to call the UEFI GetTime interface.  According to its specification, locking is required ("During runtime, if a PC-AT CMOS device is present in the platform the caller must synchronize
access to the device before calling GetTime().").  It is probably better to have the caller pass the current time (which is mostly advisory anyway due to a lack of a trusted time source).
Comment 1 Matthew Garrett 2012-10-24 10:33:34 EDT
Only relevant at runtime, not in boot services.
Comment 2 Florian Weimer 2012-10-24 10:40:02 EDT
(In reply to comment #1)
> Only relevant at runtime, not in boot services.

Isn't verify_buffer supposed to be able at run time?
Comment 3 Matthew Garrett 2012-10-24 10:41:58 EDT

Note You need to log in before you can comment on or make changes to this bug.