2ed8eebcc5
According to UEFI-2.8, section 8.3 "Time Services" / GetTime(), the
"EFI_TIME.Year" field must be in the range [1900, 9999] (both bounds
inclusive). It is not stated or even implied that "EFI_TIME.Year" would
not be an absolute year number.
According to POSIX, the "tm_year" field of "struct tm" is defined as
"Years since 1900". In other words, "tm_year" is relative to 1900.
In set_timestamp(), time() and gmtime() are suitable for populating
"EFI_VARIABLE_AUTHENTICATION_2.TimeStamp", as the UEFI spec specifically
requires a stamp expressed in the GMT (UTC) zone. But we still need to
offset "tm->tm_year" by 1900 for filling in "timestamp->Year". So let's do
that now.
While this issue does not seem to affect upstream edk2, SetVariable()
calls with payloads containing an invalid
"EFI_VARIABLE_AUTHENTICATION_2.TimeStamp.Year" value do seem to be
rejected at least on some Dell Inspiron machines (using a UEFI
implementation from AMI).
Reported-by: Eugene Khoruzhenko <ekhoruzhenko@absolute.com>
Reported-by: Paulo Henrique Lacerda de Amorim <phlamorim@riseup.net>
Ref: https://edk2.groups.io/g/devel/message/49402
Fixes:
|
||
|---|---|---|
| docs | ||
| lib | ||
| src | ||
| tests | ||
| .gitmodules | ||
| autogen.sh | ||
| configure.ac | ||
| COPYING | ||
| LICENSE.GPLv3 | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
sbsigntool - Signing utility for UEFI secure boot Copyright (C) 2102 Jeremy Kerr <jeremy.kerr@canonical.com> Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. See file ./INSTALL for building and installation instructions. Main git repository: git://kernel.ubuntu.com/jk/sbsigntool.git sbsigntool is free software. See the file COPYING for copying conditions.