Closed orangecms closed 2 years ago
Unfortunately, as per https://doc.coreboot.org/soc/amd/psp_integration.html?highlight=checksum#bios-directory-table-header the checksum includes the entries. I suggest setting a limit to 2000 entries (why is that a 4 byte value anyway? Probably just so it fits nicely in a 32 bit registee...) - and return an error if number of entries > 2000. In a next step, validate the checksum. WDYT?
@rihter007 @trynity
Let me try to fix it
Will fix it in fiano
If this issue is resolved to satisfaction of @orangecms, may he be so kind and close the issue?
indeed, yea - thank you :)
Here is an excerpt from a Lenovo T14 Gen1 (AMD):
Having the
$BHD
cookie,0x0004a370
is falsely recognized by CSS. Then, it OOMs attempting to allocate memory in https://github.com/9elements/converged-security-suite/blob/9ce9f84/pkg/amd/manifest/bios_directory_table.go#L154. This is because (in the example) it thought to have found millions of entries.Is there anything that we can use to verify the table to be valid? There is a checksum, so that should tell, I think.
From my debug output: