From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5426C81E6A for ; Mon, 7 Nov 2016 04:40:21 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP; 07 Nov 2016 04:40:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,606,1473145200"; d="scan'208";a="28578763" Received: from jyao1-mobl.ccr.corp.intel.com ([10.254.208.25]) by orsmga004.jf.intel.com with ESMTP; 07 Nov 2016 04:40:22 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Feng Tian , Star Zeng , Michael D Kinney , Liming Gao , Chao Zhang Date: Mon, 7 Nov 2016 20:39:59 +0800 Message-Id: <1478522403-9300-9-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 In-Reply-To: <1478522403-9300-1-git-send-email-jiewen.yao@intel.com> References: <1478522403-9300-1-git-send-email-jiewen.yao@intel.com> Subject: [PATCH V9 08/12] SignedCapsulePkg/EdkiiSystemCapsuleLib: Add EdkiiSystemCapsuleLib. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2016 12:40:21 -0000 This library is used to abstract the action for EDKII system FMP capsule, such as extracting a component from capsule, or authenticate the capsule. Cc: Feng Tian Cc: Star Zeng Cc: Michael D Kinney Cc: Liming Gao Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Reviewed-by: Liming Gao --- SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 671 ++++++++++++++++++++ SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf | 61 ++ SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni | 22 + 3 files changed, 754 insertions(+) diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c new file mode 100644 index 0000000..27c6f4c --- /dev/null +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c @@ -0,0 +1,671 @@ +/** @file + EDKII System Capsule library. + + EDKII System Capsule library instance. + + CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive + untrusted input and do basic validation. + + Copyright (c) 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *mImageFmpInfo; +UINTN mImageFmpInfoSize; +EFI_GUID mEdkiiSystemFirmwareFileGuid; + +/** + Check if a block of buffer is erased. + + @param[in] ErasePolarity Erase polarity attribute of the firmware volume + @param[in] InBuffer The buffer to be checked + @param[in] BufferSize Size of the buffer in bytes + + @retval TRUE The block of buffer is erased + @retval FALSE The block of buffer is not erased +**/ +BOOLEAN +IsBufferErased ( + IN UINT8 ErasePolarity, + IN VOID *InBuffer, + IN UINTN BufferSize + ) +{ + UINTN Count; + UINT8 EraseByte; + UINT8 *Buffer; + + if(ErasePolarity == 1) { + EraseByte = 0xFF; + } else { + EraseByte = 0; + } + + Buffer = InBuffer; + for (Count = 0; Count < BufferSize; Count++) { + if (Buffer[Count] != EraseByte) { + return FALSE; + } + } + + return TRUE; +} + +/** + Get Section buffer pointer by SectionType and SectionInstance. + + @param[in] SectionBuffer The buffer of section + @param[in] SectionBufferSize The size of SectionBuffer in bytes + @param[in] SectionType The SectionType of Section to be found + @param[in] SectionInstance The Instance of Section to be found + @param[out] OutSectionBuffer The section found, including SECTION_HEADER + @param[out] OutSectionSize The size of section found, including SECTION_HEADER + + @retval TRUE The FFS buffer is found. + @retval FALSE The FFS buffer is not found. +**/ +BOOLEAN +GetSectionByType ( + IN VOID *SectionBuffer, + IN UINT32 SectionBufferSize, + IN EFI_SECTION_TYPE SectionType, + IN UINTN SectionInstance, + OUT VOID **OutSectionBuffer, + OUT UINTN *OutSectionSize + ) +{ + EFI_COMMON_SECTION_HEADER *SectionHeader; + UINTN SectionSize; + UINTN Instance; + + DEBUG ((DEBUG_INFO, "GetSectionByType - Buffer: 0x%08x - 0x%08x\n", SectionBuffer, SectionBufferSize)); + + // + // Find Section + // + SectionHeader = SectionBuffer; + + Instance = 0; + while ((UINTN)SectionHeader < (UINTN)SectionBuffer + SectionBufferSize) { + DEBUG ((DEBUG_INFO, "GetSectionByType - Section: 0x%08x\n", SectionHeader)); + if (IS_SECTION2(SectionHeader)) { + SectionSize = SECTION2_SIZE(SectionHeader); + } else { + SectionSize = SECTION_SIZE(SectionHeader); + } + + if (SectionHeader->Type == SectionType) { + if (Instance == SectionInstance) { + *OutSectionBuffer = (UINT8 *)SectionHeader; + *OutSectionSize = SectionSize; + DEBUG((DEBUG_INFO, "GetSectionByType - 0x%x - 0x%x\n", *OutSectionBuffer, *OutSectionSize)); + return TRUE; + } else { + DEBUG((DEBUG_INFO, "GetSectionByType - find section instance %x\n", Instance)); + Instance++; + } + } else { + // + // Skip other section type + // + DEBUG ((DEBUG_INFO, "GetSectionByType - other section type 0x%x\n", SectionHeader->Type)); + } + + // + // Next Section + // + SectionHeader = (EFI_COMMON_SECTION_HEADER *)((UINTN)SectionHeader + ALIGN_VALUE(SectionSize, 4)); + } + + return FALSE; +} + +/** + Get FFS buffer pointer by FileName GUID and FileType. + + @param[in] FdStart The System Firmware FD image + @param[in] FdSize The size of System Firmware FD image + @param[in] FileName The FileName GUID of FFS to be found + @param[in] Type The FileType of FFS to be found + @param[out] OutFfsBuffer The FFS buffer found, including FFS_FILE_HEADER + @param[out] OutFfsBufferSize The size of FFS buffer found, including FFS_FILE_HEADER + + @retval TRUE The FFS buffer is found. + @retval FALSE The FFS buffer is not found. +**/ +BOOLEAN +GetFfsByName ( + IN VOID *FdStart, + IN UINTN FdSize, + IN EFI_GUID *FileName, + IN EFI_FV_FILETYPE Type, + OUT VOID **OutFfsBuffer, + OUT UINTN *OutFfsBufferSize + ) +{ + UINTN FvSize; + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + EFI_FFS_FILE_HEADER *FfsHeader; + UINT32 FfsSize; + UINTN TestLength; + BOOLEAN FvFound; + + DEBUG ((DEBUG_INFO, "GetFfsByName - FV: 0x%08x - 0x%08x\n", (UINTN)FdStart, (UINTN)FdSize)); + + FvFound = FALSE; + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)FdStart; + while ((UINTN)FvHeader < (UINTN)FdStart + FdSize - 1) { + FvSize = (UINTN)FdStart + FdSize - (UINTN)FvHeader; + + if (FvHeader->Signature != EFI_FVH_SIGNATURE) { + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB); + continue; + } + DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength)); + FvFound = TRUE; + if (FvHeader->FvLength > FvSize) { + DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize)); + return FALSE; + } + FvSize = (UINTN)FvHeader->FvLength; + + // + // Find FFS + // + if (FvHeader->ExtHeaderOffset != 0) { + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)((UINT8 *)FvHeader + FvHeader->ExtHeaderOffset); + FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvExtHeader + FvExtHeader->ExtHeaderSize); + } else { + FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvHeader + FvHeader->HeaderLength); + } + FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FvHeader + ALIGN_VALUE((UINTN)FfsHeader - (UINTN)FvHeader, 8)); + + while ((UINTN)FfsHeader < (UINTN)FvHeader + FvSize - 1) { + DEBUG((DEBUG_INFO, "GetFfsByName - FFS: 0x%08x\n", FfsHeader)); + TestLength = (UINTN)((UINTN)FvHeader + FvSize - (UINTN)FfsHeader); + if (TestLength > sizeof(EFI_FFS_FILE_HEADER)) { + TestLength = sizeof(EFI_FFS_FILE_HEADER); + } + if (IsBufferErased(1, FfsHeader, TestLength)) { + break; + } + + if (IS_FFS_FILE2(FfsHeader)) { + FfsSize = FFS_FILE2_SIZE(FfsHeader); + } else { + FfsSize = FFS_FILE_SIZE(FfsHeader); + } + + if (CompareGuid(FileName, &FfsHeader->Name) && + ((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) { + // + // Check section + // + *OutFfsBuffer = FfsHeader; + *OutFfsBufferSize = FfsSize; + return TRUE; + } else { + // + // Any other type is not allowed + // + DEBUG((DEBUG_INFO, "GetFfsByName - other FFS type 0x%x, name %g\n", FfsHeader->Type, &FfsHeader->Name)); + } + + // + // Next File + // + FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FfsHeader + ALIGN_VALUE(FfsSize, 8)); + } + + // + // Next FV + // + FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength); + DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength)); + } + + if (!FvFound) { + DEBUG((DEBUG_ERROR, "GetFfsByName - NO FV Found\n")); + } + return FALSE; +} + +/** + Extract the driver FV from an authenticated image. + + @param[in] AuthenticatedImage The authenticated capsule image. + @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes. + @param[out] DriverFvImage The driver FV image. + @param[out] DriverFvImageSize The size of the driver FV image in bytes. + + @retval TRUE The driver Fv is extracted. + @retval FALSE The driver Fv is not extracted. +**/ +BOOLEAN +EFIAPI +ExtractDriverFvImage ( + IN VOID *AuthenticatedImage, + IN UINTN AuthenticatedImageSize, + OUT VOID **DriverFvImage, + OUT UINTN *DriverFvImageSize + ) +{ + BOOLEAN Result; + UINT32 FileHeaderSize; + + *DriverFvImage = NULL; + *DriverFvImageSize = 0; + + Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleDriverFvFileGuid, EFI_FV_FILETYPE_RAW, DriverFvImage, DriverFvImageSize); + if (!Result) { + return FALSE; + } + + if (IS_FFS_FILE2(*DriverFvImage)) { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2); + } else { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER); + } + *DriverFvImage = (UINT8 *)*DriverFvImage + FileHeaderSize; + *DriverFvImageSize = *DriverFvImageSize - FileHeaderSize; + + return Result; +} + +/** + Extract the config image from an authenticated image. + + @param[in] AuthenticatedImage The authenticated capsule image. + @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes. + @param[out] ConfigImage The config image. + @param[out] ConfigImageSize The size of the config image in bytes. + + @retval TRUE The config image is extracted. + @retval FALSE The config image is not extracted. +**/ +BOOLEAN +EFIAPI +ExtractConfigImage ( + IN VOID *AuthenticatedImage, + IN UINTN AuthenticatedImageSize, + OUT VOID **ConfigImage, + OUT UINTN *ConfigImageSize + ) +{ + BOOLEAN Result; + UINT32 FileHeaderSize; + + *ConfigImage = NULL; + *ConfigImageSize = 0; + + Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleConfigFileGuid, EFI_FV_FILETYPE_RAW, ConfigImage, ConfigImageSize); + if (!Result) { + return FALSE; + } + + if (IS_FFS_FILE2(*ConfigImage)) { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2); + } else { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER); + } + *ConfigImage = (UINT8 *)*ConfigImage + FileHeaderSize; + *ConfigImageSize = *ConfigImageSize - FileHeaderSize; + + return Result; +} + +/** + Extract the authenticated image from an FMP capsule image. + + Caution: This function may receive untrusted input. + + @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[in] ImageSize The size of FMP capsule image in bytes. + @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR. + @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes. + + @retval TRUE The authenticated image is extracted. + @retval FALSE The authenticated image is not extracted. +**/ +BOOLEAN +EFIAPI +ExtractAuthenticatedImage ( + IN VOID *Image, + IN UINTN ImageSize, + OUT UINT32 *LastAttemptStatus, + OUT VOID **AuthenticatedImage, + OUT UINTN *AuthenticatedImageSize + ) +{ + EFI_FIRMWARE_IMAGE_AUTHENTICATION *ImageAuth; + EFI_STATUS Status; + GUID *CertType; + VOID *PublicKeyData; + UINTN PublicKeyDataLength; + + DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); + + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT; + if ((Image == NULL) || (ImageSize == 0)) { + return FALSE; + } + + ImageAuth = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image; + if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { + DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n")); + return FALSE; + } + if (ImageAuth->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { + DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n")); + return FALSE; + } + if (ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) { + DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n")); + return FALSE; + } + if (ImageSize <= sizeof(ImageAuth->MonotonicCount) + ImageAuth->AuthInfo.Hdr.dwLength) { + DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n")); + return FALSE; + } + if (ImageAuth->AuthInfo.Hdr.wRevision != 0x0200) { + DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); + return FALSE; + } + if (ImageAuth->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { + DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); + return FALSE; + } + + CertType = &ImageAuth->AuthInfo.CertType; + DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - CertType: %g\n", CertType)); + + if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) { + PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer); + PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer); + } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) { + PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer); + PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer); + } else { + return FALSE; + } + + Status = AuthenticateFmpImage( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + switch (Status) { + case RETURN_SUCCESS: + *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; + break; + case RETURN_SECURITY_VIOLATION: + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR; + break; + case RETURN_INVALID_PARAMETER: + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT; + break; + case RETURN_UNSUPPORTED: + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT; + break; + case RETURN_OUT_OF_RESOURCES: + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES; + break; + default: + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL; + break; + } + if (EFI_ERROR(Status)) { + return FALSE; + } + + if (AuthenticatedImage != NULL) { + *AuthenticatedImage = (UINT8 *)ImageAuth + ImageAuth->AuthInfo.Hdr.dwLength + sizeof(ImageAuth->MonotonicCount); + } + if (AuthenticatedImageSize != NULL) { + *AuthenticatedImageSize = ImageSize - ImageAuth->AuthInfo.Hdr.dwLength - sizeof(ImageAuth->MonotonicCount); + } + return TRUE; +} + +/** + Extract ImageFmpInfo from system firmware. + + @param[in] SystemFirmwareImage The System Firmware image. + @param[in] SystemFirmwareImageSize The size of the System Firmware image in bytes. + @param[out] ImageFmpInfo The ImageFmpInfo. + @param[out] ImageFmpInfoSize The size of the ImageFmpInfo in bytes. + + @retval TRUE The ImageFmpInfo is extracted. + @retval FALSE The ImageFmpInfo is not extracted. +**/ +BOOLEAN +EFIAPI +ExtractSystemFirmwareImageFmpInfo ( + IN VOID *SystemFirmwareImage, + IN UINTN SystemFirmwareImageSize, + OUT EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR **ImageFmpInfo, + OUT UINTN *ImageFmpInfoSize + ) +{ + BOOLEAN Result; + UINT32 SectionHeaderSize; + UINT32 FileHeaderSize; + + *ImageFmpInfo = NULL; + *ImageFmpInfoSize = 0; + + Result = GetFfsByName(SystemFirmwareImage, SystemFirmwareImageSize, &gEdkiiSystemFirmwareImageDescriptorFileGuid, EFI_FV_FILETYPE_ALL, (VOID **)ImageFmpInfo, ImageFmpInfoSize); + if (!Result) { + return FALSE; + } + if (IS_FFS_FILE2 (*ImageFmpInfo)) { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2); + } else { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER); + } + *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + FileHeaderSize); + *ImageFmpInfoSize = *ImageFmpInfoSize - FileHeaderSize; + + Result = GetSectionByType(*ImageFmpInfo, (UINT32)*ImageFmpInfoSize, EFI_SECTION_RAW, 0, (VOID **)ImageFmpInfo, ImageFmpInfoSize); + if (!Result) { + return FALSE; + } + if (IS_SECTION2(*ImageFmpInfo)) { + SectionHeaderSize = sizeof(EFI_RAW_SECTION2); + } else { + SectionHeaderSize = sizeof(EFI_RAW_SECTION); + } + *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + SectionHeaderSize); + *ImageFmpInfoSize = *ImageFmpInfoSize - SectionHeaderSize; + + return TRUE; +} + +/** + Extract the System Firmware image from an authenticated image. + + @param[in] AuthenticatedImage The authenticated capsule image. + @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes. + @param[out] SystemFirmwareImage The System Firmware image. + @param[out] SystemFirmwareImageSize The size of the System Firmware image in bytes. + + @retval TRUE The System Firmware image is extracted. + @retval FALSE The System Firmware image is not extracted. +**/ +BOOLEAN +EFIAPI +ExtractSystemFirmwareImage ( + IN VOID *AuthenticatedImage, + IN UINTN AuthenticatedImageSize, + OUT VOID **SystemFirmwareImage, + OUT UINTN *SystemFirmwareImageSize + ) +{ + BOOLEAN Result; + UINT32 FileHeaderSize; + + *SystemFirmwareImage = NULL; + *SystemFirmwareImageSize = 0; + + Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &mEdkiiSystemFirmwareFileGuid, EFI_FV_FILETYPE_RAW, SystemFirmwareImage, SystemFirmwareImageSize); + if (!Result) { + // no nested FV, just return all data. + *SystemFirmwareImage = AuthenticatedImage; + *SystemFirmwareImageSize = AuthenticatedImageSize; + + return TRUE; + } + if (IS_FFS_FILE2 (*SystemFirmwareImage)) { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2); + } else { + FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER); + } + *SystemFirmwareImage = (UINT8 *)*SystemFirmwareImage + FileHeaderSize; + *SystemFirmwareImageSize = *SystemFirmwareImageSize - FileHeaderSize; + + return Result; +} + +/** + Authenticated system firmware FMP capsule image. + + Caution: This function may receive untrusted input. + + @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[in] ImageSize The size of FMP capsule image in bytes. + @param[in] ForceVersionMatch TRUE: The version of capsule must be as same as the version of current image. + FALSE: The version of capsule must be as same as greater than the lowest + supported version of current image. + @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR. + @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR. + @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes. + + @retval TRUE Authentication passes and the authenticated image is extracted. + @retval FALSE Authentication fails and the authenticated image is not extracted. +**/ +EFI_STATUS +EFIAPI +CapsuleAuthenticateSystemFirmware ( + IN VOID *Image, + IN UINTN ImageSize, + IN BOOLEAN ForceVersionMatch, + OUT UINT32 *LastAttemptVersion, + OUT UINT32 *LastAttemptStatus, + OUT VOID **AuthenticatedImage, + OUT UINTN *AuthenticatedImageSize + ) +{ + BOOLEAN Result; + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *ImageFmpInfo; + UINTN ImageFmpInfoSize; + EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *CurrentImageFmpInfo; + UINTN CurrentImageFmpInfoSize; + VOID *SystemFirmwareImage; + UINTN SystemFirmwareImageSize; + + *LastAttemptVersion = 0; + + // + // NOTE: This function need run in an isolated environment. + // Do not touch FMP protocol and its private structure. + // + + Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize); + if (!Result) { + DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - fail\n")); + return EFI_SECURITY_VIOLATION; + } + + DEBUG((DEBUG_INFO, "AuthenticatedImage - 0x%x - 0x%x\n", *AuthenticatedImage, *AuthenticatedImageSize)); + + Result = ExtractSystemFirmwareImage(*AuthenticatedImage, *AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize); + if (!Result) { + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT; + DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage - fail\n")); + return EFI_SECURITY_VIOLATION; + } + DEBUG((DEBUG_INFO, "SystemFirmwareImage - 0x%x - 0x%x\n", SystemFirmwareImage, SystemFirmwareImageSize)); + + Result = ExtractSystemFirmwareImageFmpInfo(SystemFirmwareImage, SystemFirmwareImageSize, &ImageFmpInfo, &ImageFmpInfoSize); + if (!Result) { + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT; + DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImageFmpInfo - fail\n")); + return EFI_SECURITY_VIOLATION; + } + + *LastAttemptVersion = ImageFmpInfo->Version; + DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", ImageFmpInfo, ImageFmpInfoSize)); + DEBUG((DEBUG_INFO, "NewImage Version - 0x%x\n", ImageFmpInfo->Version)); + DEBUG((DEBUG_INFO, "NewImage LowestSupportedImageVersion - 0x%x\n", ImageFmpInfo->LowestSupportedImageVersion)); + + CurrentImageFmpInfo = mImageFmpInfo; + CurrentImageFmpInfoSize = mImageFmpInfoSize; + + DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", CurrentImageFmpInfo, CurrentImageFmpInfoSize)); + DEBUG((DEBUG_INFO, "Current Version - 0x%x\n", CurrentImageFmpInfo->Version)); + DEBUG((DEBUG_INFO, "Current LowestSupportedImageVersion - 0x%x\n", CurrentImageFmpInfo->LowestSupportedImageVersion)); + + if (ForceVersionMatch) { + if (CurrentImageFmpInfo->Version != ImageFmpInfo->Version) { + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION; + DEBUG((DEBUG_INFO, "ForceVersionMatch check - fail\n")); + return EFI_SECURITY_VIOLATION; + } + } else { + if (CurrentImageFmpInfo->Version < ImageFmpInfo->LowestSupportedImageVersion) { + *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION; + DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n")); + return EFI_SECURITY_VIOLATION; + } + } + + *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; + return EFI_SUCCESS; +} + +/** + The constructor function. + + @retval EFI_SUCCESS The constructor successfully . +**/ +EFI_STATUS +EFIAPI +EdkiiSystemCapsuleLibConstructor ( + VOID + ) +{ + mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor); + mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor)); + ASSERT(mImageFmpInfo != NULL); + CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid)); + return EFI_SUCCESS; +} diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf new file mode 100644 index 0000000..3c629ee --- /dev/null +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf @@ -0,0 +1,61 @@ +## @file +# EDKII System Capsule library. +# +# EDKII System Capsule library instance for DXE/PEI post memory phase. +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = EdkiiSystemCapsuleLib + MODULE_UNI_FILE = EdkiiSystemCapsuleLib.uni + FILE_GUID = 109D5FC6-56E6-481A-88EF-0CB828FBE0F6 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = EdkiiSystemCapsuleLib + CONSTRUCTOR = EdkiiSystemCapsuleLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + EdkiiSystemCapsuleLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + SignedCapsulePkg/SignedCapsulePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + FmpAuthenticationLib + +[Pcd] + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareImageDescriptor + gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer + +[Guids] + gEdkiiSystemFirmwareImageDescriptorFileGuid + gEdkiiSystemFmpCapsuleConfigFileGuid + gEdkiiSystemFmpCapsuleDriverFvFileGuid + gEfiCertPkcs7Guid + gEfiCertTypeRsa2048Sha256Guid + diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni new file mode 100644 index 0000000..93e959e --- /dev/null +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.uni @@ -0,0 +1,22 @@ +// /** @file +// EDKII System Capsule library. +// +// EDKII System Capsule library instance for DXE/PEI post memory phase. +// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "EDKII System Capsule library." + +#string STR_MODULE_DESCRIPTION #language en-US "EDKII System Capsule library instance for DXE/PEI post memory phase." + -- 2.7.4.windows.1