diff options
Diffstat (limited to 'SecurityPkg')
19 files changed, 2608 insertions, 223 deletions
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index 5ec3ead05e..c4915496dd 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -1,7 +1,7 @@ /** @file
This library is used by other modules to send TPM2 command.
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -141,6 +141,27 @@ Tpm2SelfTest ( );
/**
+ This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
+ storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
+
+ @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
+ @param[in] AuthSession Auth Session context
+ @param[in] AuthPolicy An authorization policy hash
+ @param[in] HashAlg The hash algorithm to use for the policy
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2SetPrimaryPolicy (
+ IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
+ IN TPMS_AUTH_COMMAND *AuthSession,
+ IN TPM2B_DIGEST *AuthPolicy,
+ IN TPMI_ALG_HASH HashAlg
+ );
+
+/**
This command removes all TPM context associated with a specific Owner.
@param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
@@ -774,6 +795,135 @@ Tpm2SetAlgorithmSet ( IN UINT32 AlgorithmSet
);
+/**
+ This command is used to start an authorization session using alternative methods of
+ establishing the session key (sessionKey) that is used for authorization and encrypting value.
+
+ @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.
+ @param[in] Bind Entity providing the authValue.
+ @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.
+ @param[in] Salt Value encrypted according to the type of tpmKey.
+ @param[in] SessionType Indicates the type of the session.
+ @param[in] Symmetric The algorithm and key size for parameter encryption.
+ @param[in] AuthHash Hash algorithm to use for the session.
+ @param[out] SessionHandle Handle for the newly created session.
+ @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2StartAuthSession (
+ IN TPMI_DH_OBJECT TpmKey,
+ IN TPMI_DH_ENTITY Bind,
+ IN TPM2B_NONCE *NonceCaller,
+ IN TPM2B_ENCRYPTED_SECRET *Salt,
+ IN TPM_SE SessionType,
+ IN TPMT_SYM_DEF *Symmetric,
+ IN TPMI_ALG_HASH AuthHash,
+ OUT TPMI_SH_AUTH_SESSION *SessionHandle,
+ OUT TPM2B_NONCE *NonceTPM
+ );
+
+/**
+ This command causes all context associated with a loaded object or session to be removed from TPM memory.
+
+ @param[in] FlushHandle The handle of the item to flush.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2FlushContext (
+ IN TPMI_DH_CONTEXT FlushHandle
+ );
+
+/**
+ This command includes a secret-based authorization to a policy.
+ The caller proves knowledge of the secret value using an authorization
+ session using the authValue associated with authHandle.
+
+ @param[in] AuthHandle Handle for an entity providing the authorization
+ @param[in] PolicySession Handle for the policy session being extended.
+ @param[in] AuthSession Auth Session context
+ @param[in] NonceTPM The policy nonce for the session.
+ @param[in] CpHashA Digest of the command parameters to which this authorization is limited.
+ @param[in] PolicyRef A reference to a policy relating to the authorization.
+ @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
+ @param[out] Timeout Time value used to indicate to the TPM when the ticket expires.
+ @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicySecret (
+ IN TPMI_DH_ENTITY AuthHandle,
+ IN TPMI_SH_POLICY PolicySession,
+ IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
+ IN TPM2B_NONCE *NonceTPM,
+ IN TPM2B_DIGEST *CpHashA,
+ IN TPM2B_NONCE *PolicyRef,
+ IN INT32 Expiration,
+ OUT TPM2B_TIMEOUT *Timeout,
+ OUT TPMT_TK_AUTH *PolicyTicket
+ );
+
+/**
+ This command allows options in authorizations without requiring that the TPM evaluate all of the options.
+ If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that
+ satisfies the policy. This command will indicate that one of the required sets of conditions has been
+ satisfied.
+
+ @param[in] PolicySession Handle for the policy session being extended.
+ @param[in] HashList the list of hashes to check for a match.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicyOR (
+ IN TPMI_SH_POLICY PolicySession,
+ IN TPML_DIGEST *HashList
+ );
+
+/**
+ This command indicates that the authorization will be limited to a specific command code.
+
+ @param[in] PolicySession Handle for the policy session being extended.
+ @param[in] Code The allowed commandCode.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicyCommandCode (
+ IN TPMI_SH_POLICY PolicySession,
+ IN TPM_CC Code
+ );
+
+/**
+ This command returns the current policyDigest of the session. This command allows the TPM
+ to be used to perform the actions required to precompute the authPolicy for an object.
+
+ @param[in] PolicySession Handle for the policy session.
+ @param[out] PolicyHash the current value of the policyHash of policySession.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicyGetDigest (
+ IN TPMI_SH_POLICY PolicySession,
+ OUT TPM2B_DIGEST *PolicyHash
+ );
+
//
// Help function
//
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index c3793b9429..959a9b062d 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -769,7 +769,7 @@ AddImageExeInfo ( }
DevicePathSize = GetDevicePathSize (DevicePath);
- NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
+ NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) - sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize + SignatureSize;
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
return ;
@@ -841,7 +841,7 @@ IsCertHashFoundInDatabase ( )
{
BOOLEAN IsFound;
- EFI_STATUS Status;
+ BOOLEAN Status;
EFI_SIGNATURE_LIST *DbxList;
UINTN DbxSize;
EFI_SIGNATURE_DATA *CertHash;
@@ -852,6 +852,8 @@ IsCertHashFoundInDatabase ( UINT8 CertDigest[MAX_DIGEST_SIZE];
UINT8 *DbxCertHash;
UINTN SiglistHeaderSize;
+ UINT8 *TBSCert;
+ UINTN TBSCertSize;
IsFound = FALSE;
DbxList = SignatureList;
@@ -859,7 +861,16 @@ IsCertHashFoundInDatabase ( HashCtx = NULL;
HashAlg = HASHALG_MAX;
- ASSERT (RevocationTime != NULL);
+ if ((RevocationTime == NULL) || (DbxList == NULL)) {
+ return FALSE;
+ }
+
+ //
+ // Retrieve the TBSCertificate from the X.509 Certificate.
+ //
+ if (!X509GetTBSCert (Certificate, CertSize, &TBSCert, &TBSCertSize)) {
+ return FALSE;
+ }
while ((DbxSize > 0) && (SignatureListSize >= DbxList->SignatureListSize)) {
//
@@ -878,7 +889,7 @@ IsCertHashFoundInDatabase ( }
//
- // Calculate the hash value of current db certificate for comparision.
+ // Calculate the hash value of current TBSCertificate for comparision.
//
if (mHash[HashAlg].GetContextSize == NULL) {
goto Done;
@@ -892,7 +903,7 @@ IsCertHashFoundInDatabase ( if (!Status) {
goto Done;
}
- Status = mHash[HashAlg].HashUpdate (HashCtx, Certificate, CertSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);
if (!Status) {
goto Done;
}
@@ -1132,15 +1143,16 @@ PassTimestampCheck ( //
DbtDataSize = 0;
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, NULL);
- if (Status == EFI_BUFFER_TOO_SMALL) {
- DbtData = (UINT8 *) AllocateZeroPool (DbtDataSize);
- if (DbtData == NULL) {
- goto Done;
- }
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *) DbtData);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ goto Done;
+ }
+ DbtData = (UINT8 *) AllocateZeroPool (DbtDataSize);
+ if (DbtData == NULL) {
+ goto Done;
+ }
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *) DbtData);
+ if (EFI_ERROR (Status)) {
+ goto Done;
}
CertList = (EFI_SIGNATURE_LIST *) DbtData;
@@ -1229,14 +1241,15 @@ IsForbiddenByDbx ( //
DataSize = 0;
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
- if (Status == EFI_BUFFER_TOO_SMALL) {
- Data = (UINT8 *) AllocateZeroPool (DataSize);
- if (Data == NULL) {
- return IsForbidden;
- }
-
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ return IsForbidden;
+ }
+ Data = (UINT8 *) AllocateZeroPool (DataSize);
+ if (Data == NULL) {
+ return IsForbidden;
}
+
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
if (EFI_ERROR (Status)) {
return IsForbidden;
}
@@ -1254,7 +1267,7 @@ IsForbiddenByDbx ( // UINT8 Certn[];
//
Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength);
- if (BufferLength == 0) {
+ if ((BufferLength == 0) || (CertBuffer == NULL)) {
IsForbidden = TRUE;
goto Done;
}
@@ -1472,6 +1485,7 @@ DxeImageVerificationHandler ( UINTN AuthDataSize;
EFI_IMAGE_DATA_DIRECTORY *SecDataDir;
UINT32 OffSet;
+ CHAR16 *NameStr;
SignatureList = NULL;
SignatureListSize = 0;
@@ -1775,7 +1789,12 @@ Done: //
// Policy decides to defer or reject the image; add its information in image executable information table.
//
- AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);
+ NameStr = ConvertDevicePathToText (File, FALSE, TRUE);
+ AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
+ if (NameStr != NULL) {
+ DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));
+ FreePool(NameStr);
+ }
Status = EFI_SECURITY_VIOLATION;
}
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf b/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf index bc95ce7fa6..740af3f72b 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf @@ -35,6 +35,9 @@ Tpm2Hierarchy.c
Tpm2NVStorage.c
Tpm2Startup.c
+ Tpm2Session.c
+ Tpm2Context.c
+ Tpm2EnhancedAuthorization.c
Tpm2Test.c
Tpm2DictionaryAttack.c
Tpm2Miscellaneous.c
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c new file mode 100644 index 0000000000..02a250127a --- /dev/null +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c @@ -0,0 +1,86 @@ +/** @file
+ Implement TPM2 Context related command.
+
+Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#pragma pack(1)
+
+typedef struct {
+ TPM2_COMMAND_HEADER Header;
+ TPMI_DH_CONTEXT FlushHandle;
+} TPM2_FLUSH_CONTEXT_COMMAND;
+
+typedef struct {
+ TPM2_RESPONSE_HEADER Header;
+} TPM2_FLUSH_CONTEXT_RESPONSE;
+
+#pragma pack()
+
+/**
+ This command causes all context associated with a loaded object or session to be removed from TPM memory.
+
+ @param[in] FlushHandle The handle of the item to flush.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2FlushContext (
+ IN TPMI_DH_CONTEXT FlushHandle
+ )
+{
+ EFI_STATUS Status;
+ TPM2_FLUSH_CONTEXT_COMMAND SendBuffer;
+ TPM2_FLUSH_CONTEXT_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext);
+
+ SendBuffer.FlushHandle = SwapBytes32 (FlushHandle);
+
+ SendBufferSize = (UINT32) sizeof (SendBuffer);
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((EFI_D_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_DEVICE_ERROR;
+ }
+
+ return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c new file mode 100644 index 0000000000..d11f543463 --- /dev/null +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c @@ -0,0 +1,377 @@ +/** @file
+ Implement TPM2 EnhancedAuthorization related command.
+
+Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#pragma pack(1)
+
+typedef struct {
+ TPM2_COMMAND_HEADER Header;
+ TPMI_DH_ENTITY AuthHandle;
+ TPMI_SH_POLICY PolicySession;
+ UINT32 AuthSessionSize;
+ TPMS_AUTH_COMMAND AuthSession;
+ TPM2B_NONCE NonceTPM;
+ TPM2B_DIGEST CpHashA;
+ TPM2B_NONCE PolicyRef;
+ INT32 Expiration;
+} TPM2_POLICY_SECRET_COMMAND;
+
+typedef struct {
+ TPM2_RESPONSE_HEADER Header;
+ UINT32 AuthSessionSize;
+ TPM2B_TIMEOUT Timeout;
+ TPMT_TK_AUTH PolicyTicket;
+ TPMS_AUTH_RESPONSE AuthSession;
+} TPM2_POLICY_SECRET_RESPONSE;
+
+typedef struct {
+ TPM2_COMMAND_HEADER Header;
+ TPMI_SH_POLICY PolicySession;
+ TPML_DIGEST HashList;
+} TPM2_POLICY_OR_COMMAND;
+
+typedef struct {
+ TPM2_RESPONSE_HEADER Header;
+} TPM2_POLICY_OR_RESPONSE;
+
+typedef struct {
+ TPM2_COMMAND_HEADER Header;
+ TPMI_SH_POLICY PolicySession;
+ TPM_CC Code;
+} TPM2_POLICY_COMMAND_CODE_COMMAND;
+
+typedef struct {
+ TPM2_RESPONSE_HEADER Header;
+} TPM2_POLICY_COMMAND_CODE_RESPONSE;
+
+typedef struct {
+ TPM2_COMMAND_HEADER Header;
+ TPMI_SH_POLICY PolicySession;
+} TPM2_POLICY_GET_DIGEST_COMMAND;
+
+typedef struct {
+ TPM2_RESPONSE_HEADER Header;
+ TPM2B_DIGEST PolicyHash;
+} TPM2_POLICY_GET_DIGEST_RESPONSE;
+
+#pragma pack()
+
+/**
+ This command includes a secret-based authorization to a policy.
+ The caller proves knowledge of the secret value using an authorization
+ session using the authValue associated with authHandle.
+
+ @param[in] AuthHandle Handle for an entity providing the authorization
+ @param[in] PolicySession Handle for the policy session being extended.
+ @param[in] AuthSession Auth Session context
+ @param[in] NonceTPM The policy nonce for the session.
+ @param[in] CpHashA Digest of the command parameters to which this authorization is limited.
+ @param[in] PolicyRef A reference to a policy relating to the authorization.
+ @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
+ @param[out] Timeout Time value used to indicate to the TPM when the ticket expires.
+ @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicySecret (
+ IN TPMI_DH_ENTITY AuthHandle,
+ IN TPMI_SH_POLICY PolicySession,
+ IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL
+ IN TPM2B_NONCE *NonceTPM,
+ IN TPM2B_DIGEST *CpHashA,
+ IN TPM2B_NONCE *PolicyRef,
+ IN INT32 Expiration,
+ OUT TPM2B_TIMEOUT *Timeout,
+ OUT TPMT_TK_AUTH *PolicyTicket
+ )
+{
+ EFI_STATUS Status;
+ TPM2_POLICY_SECRET_COMMAND SendBuffer;
+ TPM2_POLICY_SECRET_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+ UINT8 *Buffer;
+ UINT32 SessionInfoSize;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);
+ SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
+ SendBuffer.PolicySession = SwapBytes32 (PolicySession);
+
+ //
+ // Add in Auth session
+ //
+ Buffer = (UINT8 *)&SendBuffer.AuthSession;
+
+ // sessionInfoSize
+ SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
+ Buffer += SessionInfoSize;
+ SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
+
+ //
+ // Real data
+ //
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size));
+ Buffer += sizeof(UINT16);
+ CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size);
+ Buffer += NonceTPM->size;
+
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size));
+ Buffer += sizeof(UINT16);
+ CopyMem (Buffer, CpHashA->buffer, CpHashA->size);
+ Buffer += CpHashA->size;
+
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size));
+ Buffer += sizeof(UINT16);
+ CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);
+ Buffer += PolicyRef->size;
+
+ WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));
+ Buffer += sizeof(UINT32);
+
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Return the response
+ //
+ Buffer = (UINT8 *)&RecvBuffer.Timeout;
+ Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
+ Buffer += sizeof(UINT16);
+ CopyMem (Timeout->buffer, Buffer, Timeout->size);
+
+ PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
+ Buffer += sizeof(UINT16);
+ PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer));
+ Buffer += sizeof(UINT32);
+ PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer));
+ Buffer += sizeof(UINT16);
+ CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This command allows options in authorizations without requiring that the TPM evaluate all of the options.
+ If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that
+ satisfies the policy. This command will indicate that one of the required sets of conditions has been
+ satisfied.
+
+ @param[in] PolicySession Handle for the policy session being extended.
+ @param[in] HashList the list of hashes to check for a match.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicyOR (
+ IN TPMI_SH_POLICY PolicySession,
+ IN TPML_DIGEST *HashList
+ )
+{
+ EFI_STATUS Status;
+ TPM2_POLICY_OR_COMMAND SendBuffer;
+ TPM2_POLICY_OR_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+ UINT8 *Buffer;
+ UINTN Index;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR);
+
+ SendBuffer.PolicySession = SwapBytes32 (PolicySession);
+ Buffer = (UINT8 *)&SendBuffer.HashList;
+ WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count));
+ Buffer += sizeof(UINT32);
+ for (Index = 0; Index < HashList->count; Index++) {
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size));
+ Buffer += sizeof(UINT16);
+ CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size);
+ Buffer += HashList->digests[Index].size;
+ }
+
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_DEVICE_ERROR;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This command indicates that the authorization will be limited to a specific command code.
+
+ @param[in] PolicySession Handle for the policy session being extended.
+ @param[in] Code The allowed commandCode.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicyCommandCode (
+ IN TPMI_SH_POLICY PolicySession,
+ IN TPM_CC Code
+ )
+{
+ EFI_STATUS Status;
+ TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer;
+ TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode);
+
+ SendBuffer.PolicySession = SwapBytes32 (PolicySession);
+ SendBuffer.Code = SwapBytes32 (Code);
+
+ SendBufferSize = (UINT32) sizeof (SendBuffer);
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_DEVICE_ERROR;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This command returns the current policyDigest of the session. This command allows the TPM
+ to be used to perform the actions required to precompute the authPolicy for an object.
+
+ @param[in] PolicySession Handle for the policy session.
+ @param[out] PolicyHash the current value of the policyHash of policySession.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PolicyGetDigest (
+ IN TPMI_SH_POLICY PolicySession,
+ OUT TPM2B_DIGEST *PolicyHash
+ )
+{
+ EFI_STATUS Status;
+ TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer;
+ TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest);
+
+ SendBuffer.PolicySession = SwapBytes32 (PolicySession);
+
+ SendBufferSize = (UINT32) sizeof (SendBuffer);
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Return the response
+ //
+ PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size);
+ CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size);
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c index 9eb4c9c384..11f1229434 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c @@ -23,6 +23,21 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. typedef struct {
TPM2_COMMAND_HEADER Header;
+ TPMI_RH_HIERARCHY_AUTH AuthHandle;
+ UINT32 AuthSessionSize;
+ TPMS_AUTH_COMMAND AuthSession;
+ TPM2B_DIGEST AuthPolicy;
+ TPMI_ALG_HASH HashAlg;
+} TPM2_SET_PRIMARY_POLICY_COMMAND;
+
+typedef struct {
+ TPM2_RESPONSE_HEADER Header;
+ UINT32 AuthSessionSize;
+ TPMS_AUTH_RESPONSE AuthSession;
+} TPM2_SET_PRIMARY_POLICY_RESPONSE;
+
+typedef struct {
+ TPM2_COMMAND_HEADER Header;
TPMI_RH_CLEAR AuthHandle;
UINT32 AuthorizationSize;
TPMS_AUTH_COMMAND AuthSession;
@@ -106,6 +121,87 @@ typedef struct { #pragma pack()
/**
+ This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the
+ storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy).
+
+ @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated
+ @param[in] AuthSession Auth Session context
+ @param[in] AuthPolicy An authorization policy hash
+ @param[in] HashAlg The hash algorithm to use for the policy
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR Unexpected device behavior.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2SetPrimaryPolicy (
+ IN TPMI_RH_HIERARCHY_AUTH AuthHandle,
+ IN TPMS_AUTH_COMMAND *AuthSession,
+ IN TPM2B_DIGEST *AuthPolicy,
+ IN TPMI_ALG_HASH HashAlg
+ )
+{
+ EFI_STATUS Status;
+ TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer;
+ TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+ UINT8 *Buffer;
+ UINT32 SessionInfoSize;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy);
+
+ SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
+
+ //
+ // Add in Auth session
+ //
+ Buffer = (UINT8 *)&SendBuffer.AuthSession;
+
+ // sessionInfoSize
+ SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer);
+ Buffer += SessionInfoSize;
+ SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize);
+
+ //
+ // Real data
+ //
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size));
+ Buffer += sizeof(UINT16);
+ CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size);
+ Buffer += AuthPolicy->size;
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg));
+ Buffer += sizeof(UINT16);
+
+ SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer);
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_DEVICE_ERROR;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
This command removes all TPM context associated with a specific Owner.
@param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c new file mode 100644 index 0000000000..f03b6689ac --- /dev/null +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c @@ -0,0 +1,169 @@ +/** @file
+ Implement TPM2 Session related command.
+
+Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/Tpm2DeviceLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#pragma pack(1)
+
+typedef struct {
+ TPM2_COMMAND_HEADER Header;
+ TPMI_DH_OBJECT TpmKey;
+ TPMI_DH_ENTITY Bind;
+ TPM2B_NONCE NonceCaller;
+ TPM2B_ENCRYPTED_SECRET Salt;
+ TPM_SE SessionType;
+ TPMT_SYM_DEF Symmetric;
+ TPMI_ALG_HASH AuthHash;
+} TPM2_START_AUTH_SESSION_COMMAND;
+
+typedef struct {
+ TPM2_RESPONSE_HEADER Header;
+ TPMI_SH_AUTH_SESSION SessionHandle;
+ TPM2B_NONCE NonceTPM;
+} TPM2_START_AUTH_SESSION_RESPONSE;
+
+#pragma pack()
+
+/**
+ This command is used to start an authorization session using alternative methods of
+ establishing the session key (sessionKey) that is used for authorization and encrypting value.
+
+ @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt.
+ @param[in] Bind Entity providing the authValue.
+ @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session.
+ @param[in] Salt Value encrypted according to the type of tpmKey.
+ @param[in] SessionType Indicates the type of the session.
+ @param[in] Symmetric The algorithm and key size for parameter encryption.
+ @param[in] AuthHash Hash algorithm to use for the session.
+ @param[out] SessionHandle Handle for the newly created session.
+ @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2StartAuthSession (
+ IN TPMI_DH_OBJECT TpmKey,
+ IN TPMI_DH_ENTITY Bind,
+ IN TPM2B_NONCE *NonceCaller,
+ IN TPM2B_ENCRYPTED_SECRET *Salt,
+ IN TPM_SE SessionType,
+ IN TPMT_SYM_DEF *Symmetric,
+ IN TPMI_ALG_HASH AuthHash,
+ OUT TPMI_SH_AUTH_SESSION *SessionHandle,
+ OUT TPM2B_NONCE *NonceTPM
+ )
+{
+ EFI_STATUS Status;
+ TPM2_START_AUTH_SESSION_COMMAND SendBuffer;
+ TPM2_START_AUTH_SESSION_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+ UINT8 *Buffer;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession);
+
+ SendBuffer.TpmKey = SwapBytes32 (TpmKey);
+ SendBuffer.Bind = SwapBytes32 (Bind);
+ Buffer = (UINT8 *)&SendBuffer.NonceCaller;
+
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size));
+ Buffer += sizeof(UINT16);
+ CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size);
+ Buffer += NonceCaller->size;
+
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size));
+ Buffer += sizeof(UINT16);
+ CopyMem (Buffer, Salt->secret, Salt->size);
+ Buffer += Salt->size;
+
+ *(TPM_SE *)Buffer = SessionType;
+ Buffer++;
+
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm));
+ Buffer += sizeof(UINT16);
+ switch (Symmetric->algorithm) {
+ case TPM_ALG_NULL:
+ break;
+ case TPM_ALG_AES:
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes));
+ Buffer += sizeof(UINT16);
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes));
+ Buffer += sizeof(UINT16);
+ break;
+ case TPM_ALG_SM4:
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4));
+ Buffer += sizeof(UINT16);
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4));
+ Buffer += sizeof(UINT16);
+ break;
+ case TPM_ALG_SYMCIPHER:
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym));
+ Buffer += sizeof(UINT16);
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym));
+ Buffer += sizeof(UINT16);
+ break;
+ case TPM_ALG_XOR:
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor));
+ Buffer += sizeof(UINT16);
+ break;
+ default:
+ ASSERT (FALSE);
+ DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm));
+ return EFI_UNSUPPORTED;
+ }
+
+ WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));
+ Buffer += sizeof(UINT16);
+
+ SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Return the response
+ //
+ *SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle);
+ NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size);
+ CopyMem (NonceTPM->buffer, &RecvBuffer.NonceTPM.buffer, NonceTPM->size);
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index bf9c7521aa..282505dbc7 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -1021,7 +1021,7 @@ MeasureAllBootVariables ( &BootCount,
(VOID **) &BootOrder
);
- if (Status == EFI_NOT_FOUND) {
+ if (Status == EFI_NOT_FOUND || BootOrder == NULL) {
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c index 2f159e0c6b..54e505d136 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c @@ -1245,7 +1245,7 @@ MeasureVariable ( VarName,
VarNameLength * sizeof (*VarName)
);
- if (VarSize != 0) {
+ if (VarSize != 0 && VarData != NULL) {
CopyMem (
(CHAR16 *)VarLog->UnicodeName + VarNameLength,
VarData,
@@ -1423,7 +1423,7 @@ MeasureAllBootVariables ( &BootCount,
(VOID **) &BootOrder
);
- if (Status == EFI_NOT_FOUND) {
+ if (Status == EFI_NOT_FOUND || BootOrder == NULL) {
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c new file mode 100644 index 0000000000..76bd7b4d90 --- /dev/null +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c @@ -0,0 +1,1225 @@ +/** @file
+ Implementation functions and structures for var check protocol.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "Variable.h"
+#include <Library/DevicePathLib.h>
+
+extern LIST_ENTRY mLockedVariableList;
+extern BOOLEAN mEndOfDxe;
+extern BOOLEAN mEnableLocking;
+
+#define VAR_CHECK_HANDLER_TABLE_SIZE 0x8
+
+UINT32 mNumberOfHandler = 0;
+UINT32 mMaxNumberOfHandler = 0;
+VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable = NULL;
+
+typedef struct {
+ LIST_ENTRY Link;
+ EFI_GUID Guid;
+ VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
+ //CHAR16 *Name;
+} VAR_CHECK_VARIABLE_ENTRY;
+
+LIST_ENTRY mVarCheckVariableList = INITIALIZE_LIST_HEAD_VARIABLE (mVarCheckVariableList);
+
+typedef
+EFI_STATUS
+(EFIAPI *INTERNAL_VAR_CHECK_FUNCTION) (
+ IN VAR_CHECK_VARIABLE_PROPERTY *Propery,
+ IN UINTN DataSize,
+ IN VOID *Data
+ );
+
+typedef struct {
+ CHAR16 *Name;
+ VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
+ INTERNAL_VAR_CHECK_FUNCTION CheckFunction;
+} UEFI_DEFINED_VARIABLE_ENTRY;
+
+typedef struct _EFI_LOAD_OPTION {
+ UINT32 Attributes;
+ UINT16 FilePathListLength;
+//CHAR16 Description[];
+//EFI_DEVICE_PATH_PROTOCOL FilePathList[];
+//UINT8 OptionalData[];
+} EFI_LOAD_OPTION;
+
+/**
+ Internal check for load option.
+
+ @param[in] VariablePropery Pointer to variable property.
+ @param[in] DataSize Data size.
+ @param[in] Data Pointer to data buffer.
+
+ @retval EFI_SUCCESS The SetVariable check result was success.
+ @retval EFI_INVALID_PARAMETER The data buffer is not a valid load option.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckLoadOption (
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ EFI_LOAD_OPTION *LoadOption;
+ CHAR16 *Description;
+ EFI_DEVICE_PATH_PROTOCOL *FilePathList;
+
+ LoadOption = (EFI_LOAD_OPTION *) Data;
+
+ //
+ // Check Description
+ //
+ Description = (CHAR16 *) ((UINTN) Data + sizeof (EFI_LOAD_OPTION));
+ while (Description < (CHAR16 *) ((UINTN) Data + DataSize)) {
+ if (*Description == L'\0') {
+ break;
+ }
+ Description++;
+ }
+ if ((UINTN) Description >= ((UINTN) Data + DataSize)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ Description++;
+
+ //
+ // Check FilePathList
+ //
+ FilePathList = (EFI_DEVICE_PATH_PROTOCOL *) Description;
+ if ((UINTN) FilePathList > (MAX_ADDRESS - LoadOption->FilePathListLength)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ if (((UINTN) FilePathList + LoadOption->FilePathListLength) > ((UINTN) Data + DataSize)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ if (LoadOption->FilePathListLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ if (!IsDevicePathValid (FilePathList, LoadOption->FilePathListLength)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Internal check for key option.
+
+ @param[in] VariablePropery Pointer to variable property.
+ @param[in] DataSize Data size.
+ @param[in] Data Pointer to data buffer.
+
+ @retval EFI_SUCCESS The SetVariable check result was success.
+ @retval EFI_INVALID_PARAMETER The data buffer is not a valid key option.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckKeyOption (
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ if (((DataSize - sizeof (EFI_KEY_OPTION)) % sizeof (EFI_INPUT_KEY)) != 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Internal check for device path.
+
+ @param[in] VariablePropery Pointer to variable property.
+ @param[in] DataSize Data size.
+ @param[in] Data Pointer to data buffer.
+
+ @retval EFI_SUCCESS The SetVariable check result was success.
+ @retval EFI_INVALID_PARAMETER The data buffer is not a valid device path.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckDevicePath (
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ if (!IsDevicePathValid ((EFI_DEVICE_PATH_PROTOCOL *) Data, DataSize)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ return EFI_SUCCESS;
+}
+
+/**
+ Internal check for ASCII string.
+
+ @param[in] VariablePropery Pointer to variable property.
+ @param[in] DataSize Data size.
+ @param[in] Data Pointer to data buffer.
+
+ @retval EFI_SUCCESS The SetVariable check result was success.
+ @retval EFI_INVALID_PARAMETER The data buffer is not a Null-terminated ASCII string.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckAsciiString (
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ CHAR8 *String;
+ UINTN Index;
+
+ String = (CHAR8 *) Data;
+ if (String[DataSize - 1] == '\0') {
+ return EFI_SUCCESS;
+ } else {
+ for (Index = 1; Index < DataSize && (String[DataSize - 1 - Index] != '\0'); Index++);
+ if (Index == DataSize) {
+ return EFI_INVALID_PARAMETER;
+ }
+ }
+ return EFI_SUCCESS;
+}
+
+/**
+ Internal check for size array.
+
+ @param[in] VariablePropery Pointer to variable property.
+ @param[in] DataSize Data size.
+ @param[in] Data Pointer to data buffer.
+
+ @retval EFI_SUCCESS The SetVariable check result was success.
+ @retval EFI_INVALID_PARAMETER The DataSize is not size array.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckSizeArray (
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ if ((DataSize % VariablePropery->MinSize) != 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+ return EFI_SUCCESS;
+}
+
+//
+// To prevent name collisions with possible future globally defined variables,
+// other internal firmware data variables that are not defined here must be
+// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
+// any other GUID defined by the UEFI Specification. Implementations must
+// only permit the creation of variables with a UEFI Specification-defined
+// VendorGuid when these variables are documented in the UEFI Specification.
+//
+UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList[] = {
+ {
+ EFI_LANG_CODES_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ InternalVarCheckAsciiString
+ },
+ {
+ EFI_LANG_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ InternalVarCheckAsciiString
+ },
+ {
+ EFI_TIME_OUT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (UINT16),
+ sizeof (UINT16)
+ },
+ NULL
+ },
+ {
+ EFI_PLATFORM_LANG_CODES_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ InternalVarCheckAsciiString
+ },
+ {
+ EFI_PLATFORM_LANG_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ InternalVarCheckAsciiString
+ },
+ {
+ EFI_CON_IN_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (EFI_DEVICE_PATH_PROTOCOL),
+ MAX_UINTN
+ },
+ InternalVarCheckDevicePath
+ },
+ {
+ EFI_CON_OUT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (EFI_DEVICE_PATH_PROTOCOL),
+ MAX_UINTN
+ },
+ InternalVarCheckDevicePath
+ },
+ {
+ EFI_ERR_OUT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (EFI_DEVICE_PATH_PROTOCOL),
+ MAX_UINTN
+ },
+ InternalVarCheckDevicePath
+ },
+ {
+ EFI_CON_IN_DEV_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (EFI_DEVICE_PATH_PROTOCOL),
+ MAX_UINTN
+ },
+ InternalVarCheckDevicePath
+ },
+ {
+ EFI_CON_OUT_DEV_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (EFI_DEVICE_PATH_PROTOCOL),
+ MAX_UINTN
+ },
+ InternalVarCheckDevicePath
+ },
+ {
+ EFI_ERR_OUT_DEV_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (EFI_DEVICE_PATH_PROTOCOL),
+ MAX_UINTN
+ },
+ InternalVarCheckDevicePath
+ },
+ {
+ EFI_BOOT_ORDER_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (UINT16),
+ MAX_UINTN
+ },
+ InternalVarCheckSizeArray
+ },
+ {
+ EFI_BOOT_NEXT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (UINT16),
+ sizeof (UINT16)
+ },
+ NULL
+ },
+ {
+ EFI_BOOT_CURRENT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (UINT16),
+ sizeof (UINT16)
+ },
+ NULL
+ },
+ {
+ EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (UINT32),
+ sizeof (UINT32)
+ },
+ NULL
+ },
+ {
+ EFI_DRIVER_ORDER_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (UINT16),
+ MAX_UINTN
+ },
+ InternalVarCheckSizeArray
+ },
+ {
+ EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (UINT16),
+ sizeof (UINT16)
+ },
+ NULL
+ },
+ {
+ EFI_SETUP_MODE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ },
+ NULL
+ },
+ {
+ EFI_KEY_EXCHANGE_KEY_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_PLATFORM_KEY_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_SIGNATURE_SUPPORT_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (EFI_GUID),
+ MAX_UINTN
+ },
+ InternalVarCheckSizeArray
+ },
+ {
+ EFI_SECURE_BOOT_MODE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ },
+ NULL
+ },
+ {
+ EFI_KEK_DEFAULT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_PK_DEFAULT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_DB_DEFAULT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_DBX_DEFAULT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_DBT_DEFAULT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (UINT64),
+ sizeof (UINT64)
+ },
+ NULL
+ },
+ {
+ EFI_OS_INDICATIONS_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (UINT64),
+ sizeof (UINT64)
+ },
+ NULL
+ },
+ {
+ EFI_VENDOR_KEYS_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_BS_RT,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ },
+ NULL
+ },
+};
+UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList2[] = {
+ {
+ L"Boot####",
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (EFI_LOAD_OPTION),
+ MAX_UINTN
+ },
+ InternalVarCheckLoadOption
+ },
+ {
+ L"Driver####",
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (EFI_LOAD_OPTION),
+ MAX_UINTN
+ },
+ InternalVarCheckLoadOption
+ },
+ {
+ L"Key####",
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (EFI_KEY_OPTION),
+ sizeof (EFI_KEY_OPTION) + 3 * sizeof (EFI_INPUT_KEY)
+ },
+ InternalVarCheckKeyOption
+ },
+};
+
+//
+// EFI_IMAGE_SECURITY_DATABASE_GUID
+//
+UEFI_DEFINED_VARIABLE_ENTRY mImageSecurityVariableList[] = {
+ {
+ EFI_IMAGE_SECURITY_DATABASE,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_IMAGE_SECURITY_DATABASE1,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_IMAGE_SECURITY_DATABASE2,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+};
+
+typedef struct {
+ EFI_GUID *Guid;
+ CHAR16 *Name;
+ VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
+ INTERNAL_VAR_CHECK_FUNCTION CheckFunction;
+} VARIABLE_DRIVER_VARIABLE_ENTRY;
+
+VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = {
+ {
+ &gEfiSecureBootEnableDisableGuid,
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ },
+ NULL
+ },
+ {
+ &gEfiCustomModeEnableGuid,
+ EFI_CUSTOM_MODE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ },
+ NULL
+ },
+ {
+ &gEfiVendorKeysNvGuid,
+ EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ },
+ NULL
+ },
+ {
+ &gEfiAuthenticatedVariableGuid,
+ L"AuthVarKeyDatabase",
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AW,
+ sizeof (UINT8),
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ &gEfiCertDbGuid,
+ L"certdb",
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ sizeof (UINT32),
+ MAX_UINTN
+ },
+ NULL
+ },
+};
+
+/**
+ Get UEFI defined global variable or image security database variable property.
+ The code will check if variable guid is global variable or image security database guid first.
+ If yes, further check if variable name is in mGlobalVariableList, mGlobalVariableList2 or mImageSecurityVariableList.
+
+ @param[in] VariableName Pointer to variable name.
+ @param[in] VendorGuid Variable Vendor Guid.
+ @param[in] WildcardMatch Try wildcard match or not.
+ @param[out] VariableProperty Pointer to variable property.
+ @param[out] VarCheckFunction Pointer to check function.
+
+ @retval EFI_SUCCESS Variable is not global variable or image security database variable.
+ @retval EFI_INVALID_PARAMETER Variable is global variable or image security database variable, but variable name is not in the lists.
+
+**/
+EFI_STATUS
+GetUefiDefinedVariableProperty (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN BOOLEAN WildcardMatch,
+ OUT VAR_CHECK_VARIABLE_PROPERTY **VariableProperty,
+ OUT INTERNAL_VAR_CHECK_FUNCTION *VarCheckFunction OPTIONAL
+ )
+{
+ UINTN Index;
+ UINTN NameLength;
+
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)){
+ //
+ // Try list 1, exactly match.
+ //
+ for (Index = 0; Index < sizeof (mGlobalVariableList)/sizeof (mGlobalVariableList[0]); Index++) {
+ if (StrCmp (mGlobalVariableList[Index].Name, VariableName) == 0) {
+ if (VarCheckFunction != NULL) {
+ *VarCheckFunction = mGlobalVariableList[Index].CheckFunction;
+ }
+ *VariableProperty = &mGlobalVariableList[Index].VariableProperty;
+ return EFI_SUCCESS;
+ }
+ }
+
+ //
+ // Try list 2.
+ //
+ NameLength = StrLen (VariableName) - 4;
+ for (Index = 0; Index < sizeof (mGlobalVariableList2)/sizeof (mGlobalVariableList2[0]); Index++) {
+ if (WildcardMatch) {
+ if ((StrLen (VariableName) == StrLen (mGlobalVariableList2[Index].Name)) &&
+ (StrnCmp (mGlobalVariableList2[Index].Name, VariableName, NameLength) == 0) &&
+ IsHexaDecimalDigitCharacter (VariableName[NameLength]) &&
+ IsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) &&
+ IsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) &&
+ IsHexaDecimalDigitCharacter (VariableName[NameLength + 3])) {
+ if (VarCheckFunction != NULL) {
+ *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction;
+ }
+ *VariableProperty = &mGlobalVariableList2[Index].VariableProperty;
+ return EFI_SUCCESS;
+ }
+ } else {
+ if (StrCmp (mGlobalVariableList2[Index].Name, VariableName) == 0) {
+ if (VarCheckFunction != NULL) {
+ *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction;
+ }
+ *VariableProperty = &mGlobalVariableList2[Index].VariableProperty;
+ return EFI_SUCCESS;
+ }
+ }
+ }
+
+ //
+ // The variable name is not in the lists.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)){
+ for (Index = 0; Index < sizeof (mImageSecurityVariableList)/sizeof (mImageSecurityVariableList[0]); Index++) {
+ if (StrCmp (mImageSecurityVariableList[Index].Name, VariableName) == 0) {
+ if (VarCheckFunction != NULL) {
+ *VarCheckFunction = mImageSecurityVariableList[Index].CheckFunction;
+ }
+ *VariableProperty = &mImageSecurityVariableList[Index].VariableProperty;
+ return EFI_SUCCESS;
+ }
+ }
+
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // It is not global variable or image security database variable.
+ //
+ return EFI_SUCCESS;
+}
+
+/**
+ Get variable property for variables managed by Varaible driver.
+
+ @param[in] VariableName Pointer to variable name.
+ @param[in] VendorGuid Variable Vendor Guid.
+ @param[out] VarCheckFunction Pointer to check function.
+
+ @return Pointer to variable property.
+
+**/
+VAR_CHECK_VARIABLE_PROPERTY *
+GetVariableDriverVariableProperty (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT INTERNAL_VAR_CHECK_FUNCTION *VarCheckFunction OPTIONAL
+ )
+{
+ UINTN Index;
+
+ for (Index = 0; Index < sizeof (mVariableDriverVariableList)/sizeof (mVariableDriverVariableList[0]); Index++) {
+ if ((CompareGuid (mVariableDriverVariableList[Index].Guid, VendorGuid)) && (StrCmp (mVariableDriverVariableList[Index].Name, VariableName) == 0)) {
+ if (VarCheckFunction != NULL) {
+ *VarCheckFunction = mVariableDriverVariableList[Index].CheckFunction;
+ }
+ return &mVariableDriverVariableList[Index].VariableProperty;
+ }
+ }
+
+ return NULL;
+}
+
+/**
+ Internal SetVariable check.
+
+ @param[in] VariableName Name of Variable to set.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] DataSize Size of Data to set.
+ @param[in] Data Data pointer.
+
+ @retval EFI_SUCCESS The SetVariable check result was success.
+ @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied,
+ or the DataSize exceeds the minimum or maximum allowed,
+ or the Data value is not following UEFI spec for UEFI defined variables.
+ @retval EFI_WRITE_PROTECTED The variable in question is read-only.
+ @retval Others The return status from check handler.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckSetVariableCheck (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+ LIST_ENTRY *Link;
+ VAR_CHECK_VARIABLE_ENTRY *Entry;
+ CHAR16 *Name;
+ VAR_CHECK_VARIABLE_PROPERTY *Property;
+ INTERNAL_VAR_CHECK_FUNCTION VarCheckFunction;
+
+ if (!mEndOfDxe) {
+ //
+ // Only do check after End Of Dxe.
+ //
+ return EFI_SUCCESS;
+ }
+
+ Property = NULL;
+ Status = GetUefiDefinedVariableProperty (VariableName, VendorGuid, TRUE, &Property, &VarCheckFunction);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_INFO, "[Variable]: Var Check UEFI defined variable fail %r - %g:%s\n", Status, VendorGuid, VariableName));
+ return Status;
+ }
+ if (Property == NULL) {
+ Property = GetVariableDriverVariableProperty (VariableName, VendorGuid, &VarCheckFunction);
+ }
+ if (Property == NULL) {
+ VarCheckFunction = NULL;
+ for ( Link = GetFirstNode (&mVarCheckVariableList)
+ ; !IsNull (&mVarCheckVariableList, Link)
+ ; Link = GetNextNode (&mVarCheckVariableList, Link)
+ ) {
+ Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link);
+ Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
+ if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) {
+ Property = &Entry->VariableProperty;
+ break;
+ }
+ }
+ }
+ if (Property != NULL) {
+ if (mEnableLocking && ((Property->Property & VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY) != 0)) {
+ DEBUG ((EFI_D_INFO, "[Variable]: Var Check ReadOnly variable fail %r - %g:%s\n", EFI_WRITE_PROTECTED, VendorGuid, VariableName));
+ return EFI_WRITE_PROTECTED;
+ }
+ if ((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0)) {
+ //
+ // Do not check delete variable.
+ //
+ return EFI_SUCCESS;
+ }
+ if ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Property->Attributes) {
+ DEBUG ((EFI_D_INFO, "[Variable]: Var Check Attributes fail %r - %g:%s\n", EFI_INVALID_PARAMETER, VendorGuid, VariableName));
+ return EFI_INVALID_PARAMETER;
+ }
+ if (DataSize != 0) {
+ if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) {
+ DEBUG ((EFI_D_INFO, "[Variable]: Var Check DataSize fail %r - %g:%s\n", EFI_INVALID_PARAMETER, VendorGuid, VariableName));
+ return EFI_INVALID_PARAMETER;
+ }
+ if (VarCheckFunction != NULL) {
+ Status = VarCheckFunction (
+ Property,
+ DataSize,
+ Data
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_INFO, "[Variable]: Internal Var Check function fail %r - %g:%s\n", Status, VendorGuid, VariableName));
+ return Status;
+ }
+ }
+ }
+ }
+
+ for (Index = 0; Index < mNumberOfHandler; Index ++) {
+ Status = mHandlerTable[Index] (
+ VariableName,
+ VendorGuid,
+ Attributes,
+ DataSize,
+ Data
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_INFO, "[Variable]: Var Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));
+ return Status;
+ }
+ }
+ return EFI_SUCCESS;
+}
+
+/**
+ Reallocates more global memory to store the registered handler list.
+
+ @retval RETURN_SUCCESS Reallocate memory successfully.
+ @retval RETURN_OUT_OF_RESOURCES No enough memory to allocate.
+
+**/
+RETURN_STATUS
+EFIAPI
+ReallocateHandlerTable (
+ VOID
+ )
+{
+ VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *HandlerTable;
+
+ //
+ // Reallocate memory for check handler table.
+ //
+ HandlerTable = ReallocateRuntimePool (
+ mMaxNumberOfHandler * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER),
+ (mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE) * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER),
+ mHandlerTable
+ );
+
+ //
+ // No enough resource to allocate.
+ //
+ if (HandlerTable == NULL) {
+ return RETURN_OUT_OF_RESOURCES;
+ }
+
+ mHandlerTable = HandlerTable;
+ //
+ // Increase max handler number.
+ //
+ mMaxNumberOfHandler = mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE;
+ return RETURN_SUCCESS;
+}
+
+/**
+ Register SetVariable check handler.
+
+ @param[in] Handler Pointer to check handler.
+
+ @retval EFI_SUCCESS The SetVariable check handler was registered successfully.
+ @retval EFI_INVALID_PARAMETER Handler is NULL.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
+ @retval EFI_UNSUPPORTED This interface is not implemented.
+ For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckRegisterSetVariableCheckHandler (
+ IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
+ )
+{
+ EFI_STATUS Status;
+
+ if (Handler == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (mEndOfDxe) {
+ return EFI_ACCESS_DENIED;
+ }
+
+ DEBUG ((EFI_D_INFO, "RegisterSetVariableCheckHandler - 0x%x\n", Handler));
+
+ //
+ // Check whether the handler list is enough to store new handler.
+ //
+ if (mNumberOfHandler == mMaxNumberOfHandler) {
+ //
+ // Allocate more resources for new handler.
+ //
+ Status = ReallocateHandlerTable();
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+
+ //
+ // Register new handler into the handler list.
+ //
+ mHandlerTable[mNumberOfHandler] = Handler;
+ mNumberOfHandler ++;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Internal variable property get.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+
+ @return Pointer to the property of variable specified by the Name and Guid.
+
+**/
+VAR_CHECK_VARIABLE_PROPERTY *
+InternalVarCheckVariablePropertyGet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid
+ )
+{
+ LIST_ENTRY *Link;
+ VAR_CHECK_VARIABLE_ENTRY *Entry;
+ CHAR16 *VariableName;
+ VAR_CHECK_VARIABLE_PROPERTY *Property;
+
+ Property = NULL;
+ GetUefiDefinedVariableProperty (Name, Guid, FALSE, &Property, NULL);
+ if (Property == NULL) {
+ Property = GetVariableDriverVariableProperty (Name, Guid, NULL);
+ }
+ if (Property != NULL) {
+ return Property;
+ } else {
+ for ( Link = GetFirstNode (&mVarCheckVariableList)
+ ; !IsNull (&mVarCheckVariableList, Link)
+ ; Link = GetNextNode (&mVarCheckVariableList, Link)
+ ) {
+ Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link);
+ VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
+ if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) {
+ return &Entry->VariableProperty;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+/**
+ Variable property set.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[in] VariableProperty Pointer to the input variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
+ @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
+ or the fields of VariableProperty are not valid.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckVariablePropertySet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ )
+{
+ EFI_STATUS Status;
+ VAR_CHECK_VARIABLE_ENTRY *Entry;
+ CHAR16 *VariableName;
+ VAR_CHECK_VARIABLE_PROPERTY *Property;
+
+ if (Name == NULL || Name[0] == 0 || Guid == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (VariableProperty == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (mEndOfDxe) {
+ return EFI_ACCESS_DENIED;
+ }
+
+ Status = EFI_SUCCESS;
+
+ AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ Property = InternalVarCheckVariablePropertyGet (Name, Guid);
+ if (Property != NULL) {
+ CopyMem (Property, VariableProperty, sizeof (*VariableProperty));
+ } else {
+ Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name));
+ if (Entry == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Done;
+ }
+ VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
+ StrnCpy (VariableName, Name, StrLen (Name));
+ CopyGuid (&Entry->Guid, Guid);
+ CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty));
+ InsertTailList (&mVarCheckVariableList, &Entry->Link);
+ }
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ return Status;
+}
+
+/**
+ Variable property get.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[out] VariableProperty Pointer to the output variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
+ @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
+ @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckVariablePropertyGet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ )
+{
+ LIST_ENTRY *Link;
+ VARIABLE_ENTRY *Entry;
+ CHAR16 *VariableName;
+ BOOLEAN Found;
+ VAR_CHECK_VARIABLE_PROPERTY *Property;
+
+ if (Name == NULL || Name[0] == 0 || Guid == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (VariableProperty == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Found = FALSE;
+
+ AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ Property = InternalVarCheckVariablePropertyGet (Name, Guid);
+ if (Property != NULL) {
+ CopyMem (VariableProperty, Property, sizeof (*VariableProperty));
+ Found = TRUE;
+ }
+
+ for ( Link = GetFirstNode (&mLockedVariableList)
+ ; !IsNull (&mLockedVariableList, Link)
+ ; Link = GetNextNode (&mLockedVariableList, Link)
+ ) {
+ Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
+ VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
+ if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) {
+ VariableProperty->Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
+ if (!Found) {
+ VariableProperty->Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
+ Found = TRUE;
+ }
+ }
+ }
+
+ ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ return (Found ? EFI_SUCCESS : EFI_NOT_FOUND);
+}
+
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index ac043d9a17..86e3616e30 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -16,7 +16,7 @@ VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
integer overflow. It should also check attribute to avoid authentication bypass.
-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -58,52 +58,6 @@ BOOLEAN mEndOfDxe = FALSE; ///
BOOLEAN mEnableLocking = TRUE;
-//
-// To prevent name collisions with possible future globally defined variables,
-// other internal firmware data variables that are not defined here must be
-// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
-// any other GUID defined by the UEFI Specification. Implementations must
-// only permit the creation of variables with a UEFI Specification-defined
-// VendorGuid when these variables are documented in the UEFI Specification.
-//
-GLOBAL_VARIABLE_ENTRY mGlobalVariableList[] = {
- {EFI_LANG_CODES_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_LANG_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_TIME_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_PLATFORM_LANG_CODES_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_PLATFORM_LANG_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_CON_IN_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_CON_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_ERR_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_CON_IN_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_CON_OUT_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_ERR_OUT_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_BOOT_ORDER_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_BOOT_NEXT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_BOOT_CURRENT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_DRIVER_ORDER_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_SETUP_MODE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_KEY_EXCHANGE_KEY_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT_AT},
- {EFI_PLATFORM_KEY_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT_AT},
- {EFI_SIGNATURE_SUPPORT_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_SECURE_BOOT_MODE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_KEK_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_PK_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_DB_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_DBX_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_DBT_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
- {EFI_OS_INDICATIONS_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
- {EFI_VENDOR_KEYS_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
-};
-GLOBAL_VARIABLE_ENTRY mGlobalVariableList2[] = {
- {L"Boot####", VARIABLE_ATTRIBUTE_NV_BS_RT},
- {L"Driver####", VARIABLE_ATTRIBUTE_NV_BS_RT},
- {L"Key####", VARIABLE_ATTRIBUTE_NV_BS_RT},
-};
-
/**
SecureBoot Hook for auth variable update.
@@ -891,8 +845,8 @@ Reclaim ( HwErrVariableTotalSize += VariableSize;
} else if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
CommonVariableTotalSize += VariableSize;
+ }
}
- }
Variable = NextVariable;
}
@@ -926,8 +880,8 @@ Reclaim ( HwErrVariableTotalSize += VariableSize;
} else if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
CommonVariableTotalSize += VariableSize;
+ }
}
- }
Variable = NextVariable;
}
@@ -974,9 +928,9 @@ Reclaim ( HwErrVariableTotalSize += VariableSize;
} else if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
CommonVariableTotalSize += VariableSize;
+ }
}
}
- }
Variable = NextVariable;
}
@@ -997,7 +951,7 @@ Reclaim ( HwErrVariableTotalSize += NewVariableSize;
} else if ((NewVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
CommonVariableTotalSize += NewVariableSize;
- }
+ }
if ((HwErrVariableTotalSize > PcdGet32 (PcdHwErrStorageSize)) ||
(CommonVariableTotalSize > VariableStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER) - PcdGet32 (PcdHwErrStorageSize))) {
//
@@ -1046,7 +1000,7 @@ Reclaim ( mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize);
} else if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
mVariableModuleGlobal->CommonVariableTotalSize += HEADER_ALIGN (VariableSize);
- }
+ }
NextVariable = GetNextVariablePtr (NextVariable);
}
@@ -2329,7 +2283,7 @@ UpdateVariable ( }
UpdateVariableInfo (VariableName, VendorGuid, FALSE, FALSE, TRUE, FALSE, FALSE);
FlushHobVariableToFlash (VariableName, VendorGuid);
- }
+ }
goto Done;
}
//
@@ -2414,7 +2368,7 @@ UpdateVariable ( mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VarSize);
} else {
mVariableModuleGlobal->CommonVariableTotalSize += HEADER_ALIGN (VarSize);
- }
+ }
//
// update the memory copy of Flash region.
//
@@ -2586,63 +2540,6 @@ IsHwErrRecVariable ( }
/**
- This code checks if variable guid is global variable guid first.
- If yes, further check if variable name is in mGlobalVariableList or mGlobalVariableList2 and attributes matched.
-
- @param[in] VariableName Pointer to variable name.
- @param[in] VendorGuid Variable Vendor Guid.
- @param[in] Attributes Attributes of the variable.
-
- @retval EFI_SUCCESS Variable is not global variable, or Variable is global variable, variable name is in the lists and attributes matched.
- @retval EFI_INVALID_PARAMETER Variable is global variable, but variable name is not in the lists or attributes unmatched.
-
-**/
-EFI_STATUS
-EFIAPI
-CheckEfiGlobalVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes
- )
-{
- UINTN Index;
- UINTN NameLength;
-
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)){
- //
- // Try list 1, exactly match.
- //
- for (Index = 0; Index < sizeof (mGlobalVariableList)/sizeof (mGlobalVariableList[0]); Index++) {
- if ((StrCmp (mGlobalVariableList[Index].Name, VariableName) == 0) &&
- (Attributes == 0 || (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) == mGlobalVariableList[Index].Attributes)) {
- return EFI_SUCCESS;
- }
- }
-
- //
- // Try list 2.
- //
- NameLength = StrLen (VariableName) - 4;
- for (Index = 0; Index < sizeof (mGlobalVariableList2)/sizeof (mGlobalVariableList2[0]); Index++) {
- if ((StrLen (VariableName) == StrLen (mGlobalVariableList2[Index].Name)) &&
- (StrnCmp (mGlobalVariableList2[Index].Name, VariableName, NameLength) == 0) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength]) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength + 3]) &&
- (Attributes == 0 || (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) == mGlobalVariableList2[Index].Attributes)) {
- return EFI_SUCCESS;
- }
- }
-
- DEBUG ((EFI_D_INFO, "[Variable]: set global variable with invalid variable name or attributes - %g:%s:%x\n", VendorGuid, VariableName, Attributes));
- return EFI_INVALID_PARAMETER;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
Mark a variable that will become read-only after leaving the DXE phase of execution.
@param[in] This The VARIABLE_LOCK_PROTOCOL instance.
@@ -2666,6 +2563,7 @@ VariableLockRequestToLock ( )
{
VARIABLE_ENTRY *Entry;
+ CHAR16 *Name;
if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
return EFI_INVALID_PARAMETER;
@@ -2675,7 +2573,7 @@ VariableLockRequestToLock ( return EFI_ACCESS_DENIED;
}
- Entry = AllocateRuntimePool (sizeof (*Entry) + StrSize (VariableName));
+ Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (VariableName));
if (Entry == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -2684,8 +2582,8 @@ VariableLockRequestToLock ( AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
- Entry->Name = (CHAR16 *) (Entry + 1);
- StrCpy (Entry->Name, VariableName);
+ Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
+ StrnCpy (Name, VariableName, StrLen (VariableName));
CopyGuid (&Entry->Guid, VendorGuid);
InsertTailList (&mLockedVariableList, &Entry->Link);
@@ -2695,39 +2593,6 @@ VariableLockRequestToLock ( }
/**
- This code checks if variable should be treated as read-only variable.
-
- @param[in] VariableName Name of the Variable.
- @param[in] VendorGuid GUID of the Variable.
-
- @retval TRUE This variable is read-only variable.
- @retval FALSE This variable is NOT read-only variable.
-
-**/
-BOOLEAN
-IsReadOnlyVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)) {
- if ((StrCmp (VariableName, EFI_SETUP_MODE_NAME) == 0) ||
- (StrCmp (VariableName, EFI_SIGNATURE_SUPPORT_NAME) == 0) ||
- (StrCmp (VariableName, EFI_SECURE_BOOT_MODE_NAME) == 0) ||
- (StrCmp (VariableName, EFI_VENDOR_KEYS_VARIABLE_NAME) == 0) ||
- (StrCmp (VariableName, EFI_KEK_DEFAULT_VARIABLE_NAME) == 0) ||
- (StrCmp (VariableName, EFI_PK_DEFAULT_VARIABLE_NAME) == 0) ||
- (StrCmp (VariableName, EFI_DB_DEFAULT_VARIABLE_NAME) == 0) ||
- (StrCmp (VariableName, EFI_DBX_DEFAULT_VARIABLE_NAME) == 0) ||
- (StrCmp (VariableName, EFI_DBT_DEFAULT_VARIABLE_NAME) == 0)) {
- return TRUE;
- }
- }
-
- return FALSE;
-}
-
-/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
@@ -3015,6 +2880,7 @@ VariableServiceSetVariable ( UINTN PayloadSize;
LIST_ENTRY *Link;
VARIABLE_ENTRY *Entry;
+ CHAR16 *Name;
//
// Check input parameters.
@@ -3023,10 +2889,6 @@ VariableServiceSetVariable ( return EFI_INVALID_PARAMETER;
}
- if (IsReadOnlyVariable (VariableName, VendorGuid)) {
- return EFI_WRITE_PROTECTED;
- }
-
if (DataSize != 0 && Data == NULL) {
return EFI_INVALID_PARAMETER;
}
@@ -3105,11 +2967,6 @@ VariableServiceSetVariable ( }
}
- Status = CheckEfiGlobalVariable (VariableName, VendorGuid, Attributes);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
//
@@ -3136,7 +2993,8 @@ VariableServiceSetVariable ( ; Link = GetNextNode (&mLockedVariableList, Link)
) {
Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
- if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Entry->Name, VariableName) == 0)) {
+ Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
+ if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) {
Status = EFI_WRITE_PROTECTED;
DEBUG ((EFI_D_INFO, "[Variable]: Changing readonly variable after leaving DXE phase - %g:%s\n", VendorGuid, VariableName));
goto Done;
@@ -3144,6 +3002,11 @@ VariableServiceSetVariable ( }
}
+ Status = InternalVarCheckSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+
//
// Check whether the input variable is already existed.
//
@@ -3161,6 +3024,7 @@ VariableServiceSetVariable ( // 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE
//
Status = EFI_INVALID_PARAMETER;
+ DEBUG ((EFI_D_INFO, "[Variable]: Rewritten a preexisting variable with different attributes - %g:%s\n", VendorGuid, VariableName));
goto Done;
}
}
@@ -3883,8 +3747,9 @@ GetFvbInfoByAddress ( UINTN Index;
EFI_PHYSICAL_ADDRESS FvbBaseAddress;
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb;
- EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader;
EFI_FVB_ATTRIBUTES_2 Attributes;
+ UINTN BlockSize;
+ UINTN NumberOfBlocks;
HandleBuffer = NULL;
//
@@ -3922,8 +3787,15 @@ GetFvbInfoByAddress ( continue;
}
- FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *) ((UINTN) FvbBaseAddress);
- if ((Address >= FvbBaseAddress) && (Address < (FvbBaseAddress + FwVolHeader->FvLength))) {
+ //
+ // Assume one FVB has one type of BlockSize.
+ //
+ Status = Fvb->GetBlockSize (Fvb, 0, &BlockSize, &NumberOfBlocks);
+ if (EFI_ERROR (Status)) {
+ continue;
+ }
+
+ if ((Address >= FvbBaseAddress) && (Address < (FvbBaseAddress + BlockSize * NumberOfBlocks))) {
if (FvbHandle != NULL) {
*FvbHandle = HandleBuffer[Index];
}
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h index c0497afe5e..8591001f8b 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h @@ -2,7 +2,7 @@ The internal header file includes the common header files, defines
internal structure and functions used by Variable modules.
-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -22,6 +22,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/FirmwareVolumeBlock.h>
#include <Protocol/Variable.h>
#include <Protocol/VariableLock.h>
+#include <Protocol/VarCheck.h>
#include <Library/PcdLib.h>
#include <Library/HobLib.h>
#include <Library/UefiDriverEntryPoint.h>
@@ -52,15 +53,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
EFI_VARIABLE_APPEND_WRITE)
+#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
-
-typedef struct {
- CHAR16 *Name;
- UINT32 Attributes;
-} GLOBAL_VARIABLE_ENTRY;
-
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+
///
/// The size of a 3 character ISO639 language code.
///
@@ -115,9 +114,9 @@ typedef struct { } VARIABLE_ENTRY_CONSISTENCY;
typedef struct {
- EFI_GUID Guid;
- CHAR16 *Name;
LIST_ENTRY Link;
+ EFI_GUID Guid;
+ //CHAR16 *Name;
} VARIABLE_ENTRY;
/**
@@ -669,6 +668,116 @@ VariableLockRequestToLock ( IN EFI_GUID *VendorGuid
);
+/**
+ Check if a Unicode character is a hexadecimal character.
+
+ This function checks if a Unicode character is a
+ hexadecimal character. The valid hexadecimal character is
+ L'0' to L'9', L'a' to L'f', or L'A' to L'F'.
+
+
+ @param Char The character to check against.
+
+ @retval TRUE If the Char is a hexadecmial character.
+ @retval FALSE If the Char is not a hexadecmial character.
+
+**/
+BOOLEAN
+EFIAPI
+IsHexaDecimalDigitCharacter (
+ IN CHAR16 Char
+ );
+
+/**
+ Internal SetVariable check.
+
+ @param[in] VariableName Name of Variable to set.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] DataSize Size of Data to set.
+ @param[in] Data Data pointer.
+
+ @retval EFI_SUCCESS The SetVariable check result was success.
+ @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID were supplied,
+ or the DataSize exceeds the minimum or maximum allowed,
+ or the Data value is not following UEFI spec for UEFI defined variables.
+ @retval EFI_WRITE_PROTECTED The variable in question is read-only.
+ @retval Others The return status from check handler.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckSetVariableCheck (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
+ );
+
+/**
+ Register SetVariable check handler.
+
+ @param[in] Handler Pointer to check handler.
+
+ @retval EFI_SUCCESS The SetVariable check handler was registered successfully.
+ @retval EFI_INVALID_PARAMETER Handler is NULL.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
+ @retval EFI_UNSUPPORTED This interface is not implemented.
+ For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckRegisterSetVariableCheckHandler (
+ IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
+ );
+
+/**
+ Variable property set.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[in] VariableProperty Pointer to the input variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
+ @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
+ or the fields of VariableProperty are not valid.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckVariablePropertySet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ );
+
+/**
+ Variable property get.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[out] VariableProperty Pointer to the output variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
+ @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
+ @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckVariablePropertyGet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ );
+
extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal;
#endif
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c index 9d9d6abc52..a1352510eb 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c @@ -3,7 +3,7 @@ and volatile storage space and install variable architecture protocol.
Copyright (C) 2013, Red Hat, Inc.
-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -23,8 +23,14 @@ EFI_HANDLE mHandle = NULL; EFI_EVENT mVirtualAddressChangeEvent = NULL;
EFI_EVENT mFtwRegistration = NULL;
extern LIST_ENTRY mLockedVariableList;
+extern LIST_ENTRY mVarCheckVariableList;
+extern UINT32 mNumberOfHandler;
+extern VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable;
extern BOOLEAN mEndOfDxe;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
+EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler,
+ VarCheckVariablePropertySet,
+ VarCheckVariablePropertyGet };
/**
Return TRUE if ExitBootServices () has been called.
@@ -222,9 +228,8 @@ VariableClassAddressChangeEvent ( IN VOID *Context
)
{
- LIST_ENTRY *Link;
- VARIABLE_ENTRY *Entry;
EFI_STATUS Status;
+ UINTN Index;
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetBlockSize);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetPhysicalAddress);
@@ -239,29 +244,23 @@ VariableClassAddressChangeEvent ( EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->PlatformLang);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.VolatileVariableBase);
+ EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);
EfiConvertPointer (0x0, (VOID **) &mHashCtx);
EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
EfiConvertPointer (0x0, (VOID **) &mPubKeyStore);
EfiConvertPointer (0x0, (VOID **) &mCertDbStore);
-
- //
- // in the list of locked variables, convert the name pointers first
- //
- for ( Link = GetFirstNode (&mLockedVariableList)
- ; !IsNull (&mLockedVariableList, Link)
- ; Link = GetNextNode (&mLockedVariableList, Link)
- ) {
- Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
- Status = EfiConvertPointer (0x0, (VOID **) &Entry->Name);
- ASSERT_EFI_ERROR (Status);
+ EfiConvertPointer (0x0, (VOID **) &mHandlerTable);
+ for (Index = 0; Index < mNumberOfHandler; Index++) {
+ EfiConvertPointer (0x0, (VOID **) &mHandlerTable[Index]);
}
- //
- // second, convert the list itself using UefiRuntimeLib
- //
+
Status = EfiConvertList (0x0, &mLockedVariableList);
ASSERT_EFI_ERROR (Status);
+
+ Status = EfiConvertList (0x0, &mVarCheckVariableList);
+ ASSERT_EFI_ERROR (Status);
}
@@ -447,6 +446,14 @@ VariableServiceInitialize ( );
ASSERT_EFI_ERROR (Status);
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mHandle,
+ &gEdkiiVarCheckProtocolGuid,
+ &mVarCheck,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
SystemTable->RuntimeServices->GetVariable = VariableServiceGetVariable;
SystemTable->RuntimeServices->GetNextVariableName = VariableServiceGetNextVariableName;
SystemTable->RuntimeServices->SetVariable = VariableServiceSetVariable;
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf index 593c906085..8a8d4adef5 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf @@ -9,7 +9,7 @@ # This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -44,6 +44,7 @@ AuthService.c
AuthService.h
Measurement.c
+ VarCheck.c
[Packages]
MdePkg/MdePkg.dec
@@ -67,6 +68,7 @@ PlatformSecureLib
HobLib
TpmMeasurementLib
+ DevicePathLib
[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -76,6 +78,7 @@ gEfiVariableWriteArchProtocolGuid ## PRODUCES
gEfiVariableArchProtocolGuid ## PRODUCES
gEdkiiVariableLockProtocolGuid ## PRODUCES
+ gEdkiiVarCheckProtocolGuid ## PRODUCES
[Guids]
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c index 63ac436150..dd1f794cff 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c @@ -14,7 +14,7 @@ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
SmmVariableGetStatistics() should also do validation based on its own knowledge.
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/SmmFaultTolerantWrite.h>
#include <Protocol/SmmAccess2.h>
#include <Protocol/SmmEndOfDxe.h>
+#include <Protocol/SmmVarCheck.h>
#include <Library/SmmServicesTableLib.h>
@@ -119,6 +120,10 @@ EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = { VariableServiceQueryVariableInfo
};
+EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,
+ VarCheckVariablePropertySet,
+ VarCheckVariablePropertyGet };
+
/**
Return TRUE if ExitBootServices () has been called.
@@ -520,6 +525,7 @@ SmmVariableHandler ( SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
VARIABLE_INFO_ENTRY *VariableInfo;
SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
+ SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
UINTN InfoSize;
UINTN NameBufferSize;
UINTN CommBufferPayloadSize;
@@ -754,6 +760,61 @@ SmmVariableHandler ( );
}
break;
+ case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:
+ if (mEndOfDxe) {
+ Status = EFI_ACCESS_DENIED;
+ } else {
+ CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;
+ Status = VarCheckVariablePropertySet (
+ CommVariableProperty->Name,
+ &CommVariableProperty->Guid,
+ &CommVariableProperty->VariableProperty
+ );
+ }
+ break;
+ case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:
+ if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
+ DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
+ //
+ // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
+ //
+ CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
+ CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;
+ if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
+ //
+ // Prevent InfoSize overflow happen
+ //
+ Status = EFI_ACCESS_DENIED;
+ goto EXIT;
+ }
+ InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;
+
+ //
+ // SMRAM range check already covered before
+ //
+ if (InfoSize > CommBufferPayloadSize) {
+ DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
+ Status = EFI_ACCESS_DENIED;
+ goto EXIT;
+ }
+
+ if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
+ //
+ // Make sure VariableName is A Null-terminated string.
+ //
+ Status = EFI_ACCESS_DENIED;
+ goto EXIT;
+ }
+
+ Status = VarCheckVariablePropertyGet (
+ CommVariableProperty->Name,
+ &CommVariableProperty->Guid,
+ &CommVariableProperty->VariableProperty
+ );
+ CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
+ break;
default:
Status = EFI_UNSUPPORTED;
@@ -911,6 +972,14 @@ VariableServiceInitialize ( );
ASSERT_EFI_ERROR (Status);
+ Status = gSmst->SmmInstallProtocolInterface (
+ &VariableHandle,
+ &gEdkiiSmmVarCheckProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &mSmmVarCheck
+ );
+ ASSERT_EFI_ERROR (Status);
+
//
// Get SMRAM information
//
@@ -934,7 +1003,7 @@ VariableServiceInitialize ( mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);
+ OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
Status = gSmst->SmmAllocatePool (
EfiRuntimeServicesData,
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf index 1987764d80..a7d0505e21 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources,
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
-# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -50,6 +50,7 @@ Variable.c
VariableSmm.c
AuthService.c
+ VarCheck.c
Variable.h
AuthService.h
@@ -72,6 +73,8 @@ BaseCryptLib
PlatformSecureLib
HobLib
+ PcdLib
+ DevicePathLib
[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -84,7 +87,8 @@ ## CONSUMES
## NOTIFY
gEfiSmmFaultTolerantWriteProtocolGuid
- gEfiSmmEndOfDxeProtocolGuid ## NOTIFY
+ gEfiSmmEndOfDxeProtocolGuid ## NOTIFY
+ gEdkiiSmmVarCheckProtocolGuid ## PRODUCES
[Guids]
## PRODUCES ## GUID # Variable store header
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c index 7f4380be42..3e2ed08972 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -13,7 +13,7 @@ InitCommunicateBuffer() is really function to check the variable data size.
-Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/SmmCommunication.h>
#include <Protocol/SmmVariable.h>
#include <Protocol/VariableLock.h>
+#include <Protocol/VarCheck.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
@@ -56,6 +57,7 @@ UINTN mVariableBufferSize; UINTN mVariableBufferPayloadSize;
EFI_LOCK mVariableServicesLock;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
+EDKII_VAR_CHECK_PROTOCOL mVarCheck;
/**
SecureBoot Hook for SetVariable.
@@ -259,6 +261,180 @@ Done: }
/**
+ Register SetVariable check handler.
+
+ @param[in] Handler Pointer to check handler.
+
+ @retval EFI_SUCCESS The SetVariable check handler was registered successfully.
+ @retval EFI_INVALID_PARAMETER Handler is NULL.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
+ @retval EFI_UNSUPPORTED This interface is not implemented.
+ For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckRegisterSetVariableCheckHandler (
+ IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Variable property set.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[in] VariableProperty Pointer to the input variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
+ @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
+ or the fields of VariableProperty are not valid.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckVariablePropertySet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ )
+{
+ EFI_STATUS Status;
+ UINTN VariableNameSize;
+ UINTN PayloadSize;
+ SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
+
+ if (Name == NULL || Name[0] == 0 || Guid == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (VariableProperty == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ VariableNameSize = StrSize (Name);
+ CommVariableProperty = NULL;
+
+ //
+ // If VariableName exceeds SMM payload limit. Return failure
+ //
+ if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime (&mVariableServicesLock);
+
+ //
+ // Init the communicate buffer. The buffer data size is:
+ // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
+ //
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + VariableNameSize;
+ Status = InitCommunicateBuffer ((VOID **) &CommVariableProperty, PayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET);
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+ ASSERT (CommVariableProperty != NULL);
+
+ CopyGuid (&CommVariableProperty->Guid, Guid);
+ CopyMem (&CommVariableProperty->VariableProperty, VariableProperty, sizeof (*VariableProperty));
+ CommVariableProperty->NameSize = VariableNameSize;
+ CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSize);
+
+ //
+ // Send data to SMM.
+ //
+ Status = SendCommunicateBuffer (PayloadSize);
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+ return Status;
+}
+
+/**
+ Variable property get.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[out] VariableProperty Pointer to the output variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
+ @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
+ @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
+
+**/
+EFI_STATUS
+EFIAPI
+VarCheckVariablePropertyGet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ )
+{
+ EFI_STATUS Status;
+ UINTN VariableNameSize;
+ UINTN PayloadSize;
+ SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
+
+ if (Name == NULL || Name[0] == 0 || Guid == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (VariableProperty == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ VariableNameSize = StrSize (Name);
+ CommVariableProperty = NULL;
+
+ //
+ // If VariableName exceeds SMM payload limit. Return failure
+ //
+ if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime (&mVariableServicesLock);
+
+ //
+ // Init the communicate buffer. The buffer data size is:
+ // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
+ //
+ PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + VariableNameSize;
+ Status = InitCommunicateBuffer ((VOID **) &CommVariableProperty, PayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET);
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+ ASSERT (CommVariableProperty != NULL);
+
+ CopyGuid (&CommVariableProperty->Guid, Guid);
+ CommVariableProperty->NameSize = VariableNameSize;
+ CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSize);
+
+ //
+ // Send data to SMM.
+ //
+ Status = SendCommunicateBuffer (PayloadSize);
+ if (Status == EFI_SUCCESS) {
+ CopyMem (VariableProperty, &CommVariableProperty->VariableProperty, sizeof (*VariableProperty));
+ }
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+ return Status;
+}
+
+/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
Caution: This function may receive untrusted input.
@@ -756,7 +932,7 @@ SmmVariableReady ( // Allocate memory for variable communicate buffer.
//
mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);
+ OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
mVariableBufferSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + mVariableBufferPayloadSize;
mVariableBuffer = AllocateRuntimePool (mVariableBufferSize);
ASSERT (mVariableBuffer != NULL);
@@ -855,6 +1031,17 @@ VariableSmmRuntimeInitialize ( );
ASSERT_EFI_ERROR (Status);
+ mVarCheck.RegisterSetVariableCheckHandler = VarCheckRegisterSetVariableCheckHandler;
+ mVarCheck.VariablePropertySet = VarCheckVariablePropertySet;
+ mVarCheck.VariablePropertyGet = VarCheckVariablePropertyGet;
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mHandle,
+ &gEdkiiVarCheckProtocolGuid,
+ &mVarCheck,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
//
// Smm variable service is ready
//
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf index ca60274339..e48a0f16f6 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -13,7 +13,7 @@ # may not be modified without authorization. If platform fails to protect these resources,
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
-# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -70,6 +70,7 @@ ## NOTIFY
## UNDEFINED # Used to do smm communication
gEfiSmmVariableProtocolGuid
+ gEdkiiVarCheckProtocolGuid ## PRODUCES
[Guids]
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
@@ -92,7 +93,6 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## CONSUMES
[Depex]
gEfiSmmCommunicationProtocolGuid
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 517d9d9904..5b8ae7e8d8 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1073,6 +1073,8 @@ CalculateCertHash ( BOOLEAN Status;
VOID *HashCtx;
UINTN CtxSize;
+ UINT8 *TBSCert;
+ UINTN TBSCertSize;
HashCtx = NULL;
Status = FALSE;
@@ -1082,6 +1084,13 @@ CalculateCertHash ( }
//
+ // Retrieve the TBSCertificate for Hash Calculation.
+ //
+ if (!X509GetTBSCert (CertData, CertSize, &TBSCert, &TBSCertSize)) {
+ return FALSE;
+ }
+
+ //
// 1. Initialize context of hash.
//
CtxSize = mHash[HashAlg].GetContextSize ();
@@ -1099,7 +1108,7 @@ CalculateCertHash ( //
// 3. Calculate the hash.
//
- Status = mHash[HashAlg].HashUpdate (HashCtx, CertData, CertSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);
if (!Status) {
goto Done;
}
|