Skip to content

Add UEFI variable append tests #361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add UEFI variable append tests #361

wants to merge 3 commits into from

Conversation

@dinhngtu
Copy link
Member

@dinhngtu dinhngtu commented Oct 31, 2025

Fallout from the varstored update.

At the moment, test the following scenarios:

  • From the varstored defaults, append MS dbx and verify VM boots
  • From the varstored 1.2.0-3.1 defaults, append MS dbx and verify VM boots (which implies not having the oversized variable append bug)

@dinhngtu dinhngtu requested a review from stormi October 31, 2025 15:00
@dinhngtu
Reorganize contrib SB objects
c07229f 
* Rename secureboot_certs to secureboot_objects
* Delete unused files

Signed-off-by: Tu Dinh <[email protected]>
@dinhngtu
vm: split out set_variable_from_file
7ff012d 
Signed-off-by: Tu Dinh <[email protected]>
@guzu
Copy link

guzu commented Nov 13, 2025

I don't understand all of that, but just wonder if part of the message in commit log could make sense as a comment in test ?
Mainly "which implies not having the oversized variable append bug", maybe that's what test_append_with_poison() is just about.

@guzu guzu self-requested a review November 13, 2025 08:34
@dinhngtu
Copy link
Member Author

dinhngtu commented Nov 13, 2025

The context is here: https://xcp-ng.org/blog/2025/10/30/xcp-ng-8-3-varstored-update-unbootable-vm-risk-and-remediation/

In short, the dbx variable previously used in the bad update did not use the Microsoft owner GUID, preventing deduplication of EFI signature data entries during an append call. Normally, this would not cause the VM to crash; except varstored does not check for the variable data length on append (https://redirect.github.com/xapi-project/varstored/commit/46edc9d071bdee42a80b312540c0fc076c227db0, backported but still not released), triggering the issue.

@dinhngtu
Add UEFI variable append tests
9d3d2fc 
Fallout from the varstored update.

At the moment, test the following scenarios:
* From the varstored defaults, append MS dbx and verify VM boots
* From the varstored 1.2.0-3.1 defaults, append MS dbx and verify VM
  boots (which implies not having the oversized variable append bug)

Signed-off-by: Tu Dinh <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stormi stormi Awaiting requested review from stormi

@guzu guzu Awaiting requested review from guzu

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dinhngtu @guzu