Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow issue.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524
author: Chao, Zhang <chao.b.zhang@intel.com> 2014-10-22 07:30:22 +0000
committer: czhang46 <czhang46@Edk2> 2014-10-22 07:30:22 +0000
commit: 36bdec3cd94346c9ccae4df02ae5890409498cf8 (patch)
tree: 555feb56d3eb7c1bcb7cc87be4e9dafb9d920205
parent: 0414ec24bad8adf62982fe2c15d7f55a7a0fda6b (diff)
4 files changed, 30 insertions, 0 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 49d7648f6..566c5e29a 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -7,6 +7,10 @@
   This external input must be validated carefully to avoid security issue like
   buffer overflow, integer overflow.
   Variable attribute should also be checked to avoid authentication bypass.
+     The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+  which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory
+  may not be modified without authorization. If platform fails to protect these resources, 
+  the authentication service provided in this driver will be broken, and the behavior is undefined.
 
   ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
   variable authentication.
@@ -251,6 +255,10 @@ AutenticatedVariableServiceInitialize (
     DataSize  = DataSizeOfVariable (Variable.CurrPtr);
     Data      = GetVariableDataPtr (Variable.CurrPtr);
     ASSERT ((DataSize != 0) && (Data != NULL));
+    //
+    // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) 
+    //  Therefore, there is no memory overflow in underlying CopyMem.
+    //
     CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
     mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
   }
@@ -564,6 +572,10 @@ AddPubKeyInStore (
       DataSize  = DataSizeOfVariable (Variable.CurrPtr);
       Data      = GetVariableDataPtr (Variable.CurrPtr);
       ASSERT ((DataSize != 0) && (Data != NULL));
+      //
+      // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) 
+      //  Therefore, there is no memory overflow in underlying CopyMem.
+      //
       CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
       mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
 
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
index 6ebc77707..0e57c5b5e 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
@@ -2,6 +2,16 @@
   The internal header file includes the common header files, defines
   internal structure and functions used by AuthService module.
 
+  Caution: This module requires additional review when modified.
+  This driver will have external input - variable data. It may be input in SMM mode.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+  Variable attribute should also be checked to avoid authentication bypass.
+     The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+  which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory
+  may not be modified without authorization. If platform fails to protect these resources, 
+  the authentication service provided in this driver will be broken, and the behavior is undefined.
+
 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
index 279a9248e..1987764d8 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
@@ -13,6 +13,10 @@
 #  This driver will have external input - variable data and communicate buffer in SMM mode.
 #  This external input must be validated carefully to avoid security issues such as 
 #  buffer overflow or integer overflow.
+#    The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+#  which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory
+#  may not be modified without authorization. If platform fails to protect these resources, 
+#  the authentication service provided in this driver will be broken, and the behavior is undefined.
 #
 # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
index f0dfa8981..ca6027433 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
@@ -8,6 +8,10 @@
 #  This driver will have external input - variable data.
 #  This external input must be validated carefully to avoid security issues such as 
 #  buffer overflow or integer overflow.
+#    The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+#  which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory
+#  may not be modified without authorization. If platform fails to protect these resources, 
+#  the authentication service provided in this driver will be broken, and the behavior is undefined.
 #
 # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
author	Chao, Zhang <chao.b.zhang@intel.com>	2014-10-22 07:30:22 +0000
committer	czhang46 <czhang46@Edk2>	2014-10-22 07:30:22 +0000
commit	36bdec3cd94346c9ccae4df02ae5890409498cf8 (patch)
tree	555feb56d3eb7c1bcb7cc87be4e9dafb9d920205
parent	0414ec24bad8adf62982fe2c15d7f55a7a0fda6b (diff)