NvmeExpressDxE.ffs Security Issues

Someone knows the author of the DxE Extension for NVme? I would like to to know what exactly is performing this executable module, unless 00 00 CEF5B9A3-476D-49F-9FDC-E98143E0422C is being modified and doubled and lots of efi drivers are being added after about a week in a new volume in the bios image after insertion of this module.

Instead of starting a new thread you should better have carefully read the start post of >this< thread, where you would have found the answer to your question (Chapter “This is what you need” > “Notes”).

This new volume is NVRAM_BACKUP, it’s created by NvramDxe driver after first launch of factory BIOs, and it has nothing to do with NvmeExpressDxe. The sources of this generic DXE driver from EDK2 is here.

What is the "NVRAM_Backup" good for?

Well, the new Image contains 27 new efi drivers with already existing GUIDs
If I try to insert a driver with the same GUID there will be an error message.

It’s good for restoring the NVRAM state in case of corruption. Almost every AMI Aptio-based BIOS is using it to ensure NVRAM integrity, but normally it’s not a part of factory BIOS image (there is a free space instead) and is created after first boot.
Can you please upload the original and the modified files for me to analyze? It could just be a bug of MMTool, because there is nothing malicious in NvmExpressDxe driver per se.

Hi,

I uploaded the Screenshot of the MMTools List now. As you can see, the first NVAR Driver Section is duplicated (0+1) and all other volumes are increased by one, that is all. I thought, a complete volume would have been added, but it is not.
The First Driver ist NVAR Settings storage? I see some configurations in there:
NVAR …
Timeout
VARSTORE_OCMR_Settings_Name
VARSTORE_OCMR_TIMING_SETTINGS_NAME
IccAdvancedSetupDataVar
WdtPersistentData

I have seen that in other Bios files, too, meanwhile.

Zwischenablage04.jpg