869670 – shim: GetTime may require synchronization

Bug 869670 - shim: GetTime may require synchronization

Summary: shim: GetTime may require synchronization

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	shim
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Matthew Garrett
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	869613
TreeView+	depends on / blocked

Reported:	2012-10-24 14:21 UTC by Florian Weimer
Modified:	2013-01-10 08:33 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-10-24 14:33:34 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Florian Weimer 2012-10-24 14:21:09 UTC

The PKCS#7 validator copied from OpenSSL appears to call the UEFI GetTime interface.  According to its specification, locking is required ("During runtime, if a PC-AT CMOS device is present in the platform the caller must synchronize
access to the device before calling GetTime().").  It is probably better to have the caller pass the current time (which is mostly advisory anyway due to a lack of a trusted time source).

Comment 1 Matthew Garrett 2012-10-24 14:33:34 UTC

Only relevant at runtime, not in boot services.

Comment 2 Florian Weimer 2012-10-24 14:40:02 UTC

(In reply to comment #1)
> Only relevant at runtime, not in boot services.

Isn't verify_buffer supposed to be able at run time?

Comment 3 Matthew Garrett 2012-10-24 14:41:58 UTC

No.

Note You need to log in before you can comment on or make changes to this bug.