From: "Zhang, Chao B" <chao.b.zhang@intel.com>
To: edk2-devel@lists.01.org
Cc: qin.long@intel.com, star.zeng@intel.com,
Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support
Date: Tue, 31 Oct 2017 14:34:37 +0800 [thread overview]
Message-ID: <20171031063439.6232-1-chao.b.zhang@intel.com> (raw)
Remove counter based auth variable support. also modify several function
descriptors to accommodate the change
Cc: Long Qin <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 501 +--------------------
.../Library/AuthVariableLib/AuthServiceInternal.h | 67 +--
.../Library/AuthVariableLib/AuthVariableLib.c | 89 +---
.../MemoryOverwriteRequestControlLock/TcgMorLock.c | 2 +-
.../MemoryOverwriteRequestControlLock/TcgMorLock.h | 4 +-
.../TcgMorLockSmm.c | 2 +-
6 files changed, 37 insertions(+), 628 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7188ff6..aafc057 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -144,50 +144,6 @@ AuthServiceInternalUpdateVariable (
@param[in] Data Data pointer.
@param[in] DataSize Size of Data.
@param[in] Attributes Attribute value of the variable.
- @param[in] KeyIndex Index of associated public key.
- @param[in] MonotonicCount Value of associated monotonic count.
-
- @retval EFI_SUCCESS The update operation is success.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
- @retval EFI_WRITE_PROTECTED Variable is write-protected.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource.
-
-**/
-EFI_STATUS
-AuthServiceInternalUpdateVariableWithMonotonicCount (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes,
- IN UINT32 KeyIndex,
- IN UINT64 MonotonicCount
- )
-{
- AUTH_VARIABLE_INFO AuthVariableInfo;
-
- ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
- AuthVariableInfo.VariableName = VariableName;
- AuthVariableInfo.VendorGuid = VendorGuid;
- AuthVariableInfo.Data = Data;
- AuthVariableInfo.DataSize = DataSize;
- AuthVariableInfo.Attributes = Attributes;
- AuthVariableInfo.PubKeyIndex = KeyIndex;
- AuthVariableInfo.MonotonicCount = MonotonicCount;
-
- return mAuthVarLibContextIn->UpdateVariable (
- &AuthVariableInfo
- );
-}
-
-/**
- Update the variable region with Variable information.
-
- @param[in] VariableName Name of variable.
- @param[in] VendorGuid Guid of variable.
- @param[in] Data Data pointer.
- @param[in] DataSize Size of Data.
- @param[in] Attributes Attribute value of the variable.
@param[in] TimeStamp Value of associated TimeStamp.
@retval EFI_SUCCESS The update operation is success.
@@ -300,306 +256,6 @@ InCustomMode (
}
/**
- Get available public key index.
-
- @param[in] PubKey Pointer to Public Key data.
-
- @return Public key index, 0 if no any public key index available.
-
-**/
-UINT32
-GetAvailableKeyIndex (
- IN UINT8 *PubKey
- )
-{
- EFI_STATUS Status;
- UINT8 *Data;
- UINTN DataSize;
- UINT8 *Ptr;
- UINT32 Index;
- BOOLEAN IsFound;
- EFI_GUID VendorGuid;
- CHAR16 Name[1];
- AUTH_VARIABLE_INFO AuthVariableInfo;
- UINT32 KeyIndex;
-
- Status = AuthServiceInternalFindVariable (
- AUTHVAR_KEYDB_NAME,
- &gEfiAuthenticatedVariableGuid,
- (VOID **) &Data,
- &DataSize
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Get public key database variable failure, Status = %r\n", Status));
- return 0;
- }
-
- if (mPubKeyNumber == mMaxKeyNumber) {
- Name[0] = 0;
- AuthVariableInfo.VariableName = Name;
- ZeroMem (&VendorGuid, sizeof (VendorGuid));
- AuthVariableInfo.VendorGuid = &VendorGuid;
- mPubKeyNumber = 0;
- //
- // Collect valid key data.
- //
- do {
- Status = mAuthVarLibContextIn->FindNextVariable (AuthVariableInfo.VariableName, AuthVariableInfo.VendorGuid, &AuthVariableInfo);
- if (!EFI_ERROR (Status)) {
- if (AuthVariableInfo.PubKeyIndex != 0) {
- for (Ptr = Data; Ptr < (Data + DataSize); Ptr += sizeof (AUTHVAR_KEY_DB_DATA)) {
- if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex)) == AuthVariableInfo.PubKeyIndex) {
- //
- // Check if the key data has been collected.
- //
- for (Index = 0; Index < mPubKeyNumber; Index++) {
- if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex)) == AuthVariableInfo.PubKeyIndex) {
- break;
- }
- }
- if (Index == mPubKeyNumber) {
- //
- // New key data.
- //
- CopyMem ((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber, Ptr, sizeof (AUTHVAR_KEY_DB_DATA));
- mPubKeyNumber++;
- }
- break;
- }
- }
- }
- }
- } while (Status != EFI_NOT_FOUND);
-
- //
- // No available space to add new public key.
- //
- if (mPubKeyNumber == mMaxKeyNumber) {
- return 0;
- }
- }
-
- //
- // Find available public key index.
- //
- for (KeyIndex = 1; KeyIndex <= mMaxKeyNumber; KeyIndex++) {
- IsFound = FALSE;
- for (Ptr = mPubKeyStore; Ptr < (mPubKeyStore + mPubKeyNumber * sizeof (AUTHVAR_KEY_DB_DATA)); Ptr += sizeof (AUTHVAR_KEY_DB_DATA)) {
- if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex)) == KeyIndex) {
- IsFound = TRUE;
- break;
- }
- }
- if (!IsFound) {
- break;
- }
- }
-
- return KeyIndex;
-}
-
-/**
- Add public key in store and return its index.
-
- @param[in] PubKey Input pointer to Public Key data.
- @param[in] VariableDataEntry The variable data entry.
-
- @return Index of new added public key.
-
-**/
-UINT32
-AddPubKeyInStore (
- IN UINT8 *PubKey,
- IN VARIABLE_ENTRY_CONSISTENCY *VariableDataEntry
- )
-{
- EFI_STATUS Status;
- UINT32 Index;
- VARIABLE_ENTRY_CONSISTENCY PublicKeyEntry;
- UINT32 Attributes;
- UINT32 KeyIndex;
-
- if (PubKey == NULL) {
- return 0;
- }
-
- //
- // Check whether the public key entry does exist.
- //
- for (Index = 0; Index < mPubKeyNumber; Index++) {
- if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
- return ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex));
- }
- }
-
- KeyIndex = GetAvailableKeyIndex (PubKey);
- if (KeyIndex == 0) {
- return 0;
- }
-
- //
- // Check the variable space for both public key and variable data.
- //
- PublicKeyEntry.VariableSize = (mPubKeyNumber + 1) * sizeof (AUTHVAR_KEY_DB_DATA);
- PublicKeyEntry.Guid = &gEfiAuthenticatedVariableGuid;
- PublicKeyEntry.Name = AUTHVAR_KEYDB_NAME;
- Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
-
- if (!mAuthVarLibContextIn->CheckRemainingSpaceForConsistency (Attributes, &PublicKeyEntry, VariableDataEntry, NULL)) {
- //
- // No enough variable space.
- //
- return 0;
- }
-
- WriteUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber)->KeyIndex), KeyIndex);
- CopyMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
- mPubKeyNumber++;
-
- //
- // Update public key database variable.
- //
- Status = AuthServiceInternalUpdateVariable (
- AUTHVAR_KEYDB_NAME,
- &gEfiAuthenticatedVariableGuid,
- mPubKeyStore,
- mPubKeyNumber * sizeof (AUTHVAR_KEY_DB_DATA),
- Attributes
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Update public key database variable failure, Status = %r\n", Status));
- return 0;
- }
-
- return KeyIndex;
-}
-
-/**
- Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID type.
- Follow the steps in UEFI2.2.
-
- Caution: This function may receive untrusted input.
- This function may be invoked in SMM mode, and datasize and data are external input.
- This function will do basic validation, before parse the data.
- This function will parse the authentication carefully to avoid security issues, like
- buffer overflow, integer overflow.
-
- @param[in] Data Pointer to data with AuthInfo.
- @param[in] DataSize Size of Data.
- @param[in] PubKey Public key used for verification.
-
- @retval EFI_INVALID_PARAMETER Invalid parameter.
- @retval EFI_SECURITY_VIOLATION If authentication failed.
- @retval EFI_SUCCESS Authentication successful.
-
-**/
-EFI_STATUS
-VerifyCounterBasedPayload (
- IN UINT8 *Data,
- IN UINTN DataSize,
- IN UINT8 *PubKey
- )
-{
- BOOLEAN Status;
- EFI_VARIABLE_AUTHENTICATION *CertData;
- EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;
- UINT8 Digest[SHA256_DIGEST_SIZE];
- VOID *Rsa;
- UINTN PayloadSize;
-
- PayloadSize = DataSize - AUTHINFO_SIZE;
- Rsa = NULL;
- CertData = NULL;
- CertBlock = NULL;
-
- if (Data == NULL || PubKey == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
- CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
-
- //
- // wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
- // Cert type should be EFI_CERT_TYPE_RSA2048_SHA256_GUID.
- //
- if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
- !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertTypeRsa2048Sha256Guid)) {
- //
- // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
- //
- return EFI_SECURITY_VIOLATION;
- }
- //
- // Hash data payload with SHA256.
- //
- ZeroMem (Digest, SHA256_DIGEST_SIZE);
- Status = Sha256Init (mHashCtx);
- if (!Status) {
- goto Done;
- }
- Status = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, PayloadSize);
- if (!Status) {
- goto Done;
- }
- //
- // Hash Size.
- //
- Status = Sha256Update (mHashCtx, &PayloadSize, sizeof (UINTN));
- if (!Status) {
- goto Done;
- }
- //
- // Hash Monotonic Count.
- //
- Status = Sha256Update (mHashCtx, &CertData->MonotonicCount, sizeof (UINT64));
- if (!Status) {
- goto Done;
- }
- Status = Sha256Final (mHashCtx, Digest);
- if (!Status) {
- goto Done;
- }
- //
- // Generate & Initialize RSA Context.
- //
- Rsa = RsaNew ();
- ASSERT (Rsa != NULL);
- //
- // Set RSA Key Components.
- // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
- //
- Status = RsaSetKey (Rsa, RsaKeyN, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
- if (!Status) {
- goto Done;
- }
- Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
- if (!Status) {
- goto Done;
- }
- //
- // Verify the signature.
- //
- Status = RsaPkcs1Verify (
- Rsa,
- Digest,
- SHA256_DIGEST_SIZE,
- CertBlock->Signature,
- EFI_CERT_TYPE_RSA2048_SHA256_SIZE
- );
-
-Done:
- if (Rsa != NULL) {
- RsaFree (Rsa);
- }
- if (Status) {
- return EFI_SUCCESS;
- } else {
- return EFI_SECURITY_VIOLATION;
- }
-}
-
-/**
Update platform mode.
@param[in] Mode SETUP_MODE or USER_MODE.
@@ -1146,7 +802,7 @@ IsDeleteAuthVariable (
}
/**
- Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode, and datasize and data are external input.
@@ -1163,9 +819,9 @@ IsDeleteAuthVariable (
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
- EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
@return EFI_OUT_OF_RESOURCES The Database to save the public key is full.
- @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
@@ -1181,22 +837,8 @@ ProcessVariable (
)
{
EFI_STATUS Status;
- BOOLEAN IsDeletion;
- BOOLEAN IsFirstTime;
- UINT8 *PubKey;
- EFI_VARIABLE_AUTHENTICATION *CertData;
- EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;
- UINT32 KeyIndex;
- UINT64 MonotonicCount;
- VARIABLE_ENTRY_CONSISTENCY VariableDataEntry;
- UINT32 Index;
AUTH_VARIABLE_INFO OrgVariableInfo;
- KeyIndex = 0;
- CertData = NULL;
- CertBlock = NULL;
- PubKey = NULL;
- IsDeletion = FALSE;
Status = EFI_SUCCESS;
ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo));
@@ -1208,7 +850,7 @@ ProcessVariable (
if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {
//
- // Allow the delete operation of common authenticated variable at user physical presence.
+ // Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.
//
Status = AuthServiceInternalUpdateVariable (
VariableName,
@@ -1232,25 +874,15 @@ ProcessVariable (
}
//
- // A time-based authenticated variable and a count-based authenticated variable
- // can't be updated by each other.
- //
- if (OrgVariableInfo.Data != NULL) {
- if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) &&
- ((OrgVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {
- return EFI_SECURITY_VIOLATION;
- }
-
- if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) &&
- ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) {
- return EFI_SECURITY_VIOLATION;
- }
- }
-
- //
- // Process Time-based Authenticated variable.
- //
- if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ //
+ // Reject Counter Based Auth Variable processing request.
+ //
+ return EFI_UNSUPPORTED;
+ } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ //
+ // Process Time-based Authenticated variable.
+ //
return VerifyTimeBasedPayloadAndUpdate (
VariableName,
VendorGuid,
@@ -1262,117 +894,20 @@ ProcessVariable (
);
}
- //
- // Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS.
- //
- if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
- //
- // Determine current operation type.
- //
- if (DataSize == AUTHINFO_SIZE) {
- IsDeletion = TRUE;
- }
- //
- // Determine whether this is the first time with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
- //
- if (OrgVariableInfo.Data == NULL) {
- IsFirstTime = TRUE;
- } else if ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
- IsFirstTime = TRUE;
- } else {
- KeyIndex = OrgVariableInfo.PubKeyIndex;
- IsFirstTime = FALSE;
- }
- } else if ((OrgVariableInfo.Data != NULL) &&
- ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)
- ) {
+ if ((OrgVariableInfo.Data != NULL) &&
+ ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
//
// If the variable is already write-protected, it always needs authentication before update.
//
return EFI_WRITE_PROTECTED;
- } else {
- //
- // If without EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, set and attributes collision.
- // That means it is not authenticated variable, just update variable as usual.
- //
- Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
- return Status;
}
//
- // Get PubKey and check Monotonic Count value corresponding to the variable.
- //
- CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
- CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
- PubKey = CertBlock->PublicKey;
-
- //
- // Update Monotonic Count value.
+ // Not authenticated variable, just update variable as usual.
//
- MonotonicCount = CertData->MonotonicCount;
-
- if (!IsFirstTime) {
- //
- // 2 cases need to check here
- // 1. Internal PubKey variable. PubKeyIndex is always 0
- // 2. Other counter-based AuthVariable. Check input PubKey.
- //
- if (KeyIndex == 0) {
- return EFI_SECURITY_VIOLATION;
- }
- for (Index = 0; Index < mPubKeyNumber; Index++) {
- if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex)) == KeyIndex) {
- if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
- break;
- } else {
- return EFI_SECURITY_VIOLATION;
- }
- }
- }
- if (Index == mPubKeyNumber) {
- return EFI_SECURITY_VIOLATION;
- }
-
- //
- // Compare the current monotonic count and ensure that it is greater than the last SetVariable
- // operation with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.
- //
- if (MonotonicCount <= OrgVariableInfo.MonotonicCount) {
- //
- // Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
- //
- return EFI_SECURITY_VIOLATION;
- }
- }
- //
- // Verify the certificate in Data payload.
- //
- Status = VerifyCounterBasedPayload (Data, DataSize, PubKey);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Now, the signature has been verified!
- //
- if (IsFirstTime && !IsDeletion) {
- VariableDataEntry.VariableSize = DataSize - AUTHINFO_SIZE;
- VariableDataEntry.Guid = VendorGuid;
- VariableDataEntry.Name = VariableName;
-
- //
- // Update public key database variable if need.
- //
- KeyIndex = AddPubKeyInStore (PubKey, &VariableDataEntry);
- if (KeyIndex == 0) {
- return EFI_OUT_OF_RESOURCES;
- }
- }
+ Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
+ return Status;
- //
- // Verification pass.
- //
- return AuthServiceInternalUpdateVariableWithMonotonicCount (VariableName, VendorGuid, (UINT8*)Data + AUTHINFO_SIZE, DataSize - AUTHINFO_SIZE, Attributes, KeyIndex, MonotonicCount);
}
/**
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
index e9b7cf3..2886260 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
+++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
@@ -59,35 +59,6 @@ typedef enum {
} AUTHVAR_TYPE;
///
-/// "AuthVarKeyDatabase" variable for the Public Key store
-/// of variables with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
-///
-/// GUID: gEfiAuthenticatedVariableGuid
-///
-/// We need maintain atomicity.
-///
-/// Format:
-/// +----------------------------+
-/// | AUTHVAR_KEY_DB_DATA | <-- First AuthVarKey
-/// +----------------------------+
-/// | ...... |
-/// +----------------------------+
-/// | AUTHVAR_KEY_DB_DATA | <-- Last AuthKey
-/// +----------------------------+
-///
-#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
-
-#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
-#define EFI_CERT_TYPE_RSA2048_SIZE 256
-
-#pragma pack(1)
-typedef struct {
- UINT32 KeyIndex;
- UINT8 KeyData[EFI_CERT_TYPE_RSA2048_SIZE];
-} AUTHVAR_KEY_DB_DATA;
-#pragma pack()
-
-///
/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS|EFI_VARIABLE_NON_VOLATILE set.
/// "certdbv" variable stores the signer's certificates for non PK/KEK/DB/DBX
@@ -122,10 +93,6 @@ typedef struct {
} AUTH_CERT_DB_DATA;
#pragma pack()
-extern UINT8 *mPubKeyStore;
-extern UINT32 mPubKeyNumber;
-extern UINT32 mMaxKeyNumber;
-extern UINT32 mMaxKeyDbSize;
extern UINT8 *mCertDbStore;
extern UINT32 mMaxCertDbSize;
extern UINT32 mPlatformMode;
@@ -295,7 +262,7 @@ ProcessVarWithKek (
);
/**
- Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode, and datasize and data are external input.
@@ -312,9 +279,9 @@ ProcessVarWithKek (
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
- EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
@return EFI_OUT_OF_RESOURCES The Database to save the public key is full.
- @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
@@ -387,34 +354,6 @@ AuthServiceInternalUpdateVariable (
@param[in] Data Data pointer.
@param[in] DataSize Size of Data.
@param[in] Attributes Attribute value of the variable.
- @param[in] KeyIndex Index of associated public key.
- @param[in] MonotonicCount Value of associated monotonic count.
-
- @retval EFI_SUCCESS The update operation is success.
- @retval EFI_INVALID_PARAMETER Invalid parameter.
- @retval EFI_WRITE_PROTECTED Variable is write-protected.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource.
-
-**/
-EFI_STATUS
-AuthServiceInternalUpdateVariableWithMonotonicCount (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes,
- IN UINT32 KeyIndex,
- IN UINT64 MonotonicCount
- );
-
-/**
- Update the variable region with Variable information.
-
- @param[in] VariableName Name of variable.
- @param[in] VendorGuid Guid of variable.
- @param[in] Data Data pointer.
- @param[in] DataSize Size of Data.
- @param[in] Attributes Attribute value of the variable.
@param[in] TimeStamp Value of associated TimeStamp.
@retval EFI_SUCCESS The update operation is success.
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
index 792a123..00917eb 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -27,10 +27,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
///
/// Global database array for scratch
///
-UINT8 *mPubKeyStore;
-UINT32 mPubKeyNumber;
-UINT32 mMaxKeyNumber;
-UINT32 mMaxKeyDbSize;
UINT8 *mCertDbStore;
UINT32 mMaxCertDbSize;
UINT32 mPlatformMode;
@@ -78,17 +74,6 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
}
},
{
- &gEfiAuthenticatedVariableGuid,
- AUTHVAR_KEYDB_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_NV_BS_RT_AW,
- sizeof (UINT8),
- MAX_UINTN
- }
- },
- {
&gEfiCertDbGuid,
EFI_CERT_DB_NAME,
{
@@ -112,7 +97,7 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
},
};
-VOID **mAuthVarAddressPointer[10];
+VOID **mAuthVarAddressPointer[9];
AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
@@ -138,7 +123,6 @@ AuthVariableLibInitialize (
)
{
EFI_STATUS Status;
- UINT8 VarValue;
UINT32 VarAttr;
UINT8 *Data;
UINTN DataSize;
@@ -164,16 +148,6 @@ AuthVariableLibInitialize (
}
//
- // Reserve runtime buffer for public key database. The size excludes variable header and name size.
- //
- mMaxKeyDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (AUTHVAR_KEYDB_NAME));
- mMaxKeyNumber = mMaxKeyDbSize / sizeof (AUTHVAR_KEY_DB_DATA);
- mPubKeyStore = AllocateRuntimePool (mMaxKeyDbSize);
- if (mPubKeyStore == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
// Reserve runtime buffer for certificate database. The size excludes variable header and name size.
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
//
@@ -183,43 +157,6 @@ AuthVariableLibInitialize (
return EFI_OUT_OF_RESOURCES;
}
- //
- // Check "AuthVarKeyDatabase" variable's existence.
- // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
- //
- Status = AuthServiceInternalFindVariable (
- AUTHVAR_KEYDB_NAME,
- &gEfiAuthenticatedVariableGuid,
- (VOID **) &Data,
- &DataSize
- );
- if (EFI_ERROR (Status)) {
- VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
- VarValue = 0;
- mPubKeyNumber = 0;
- Status = AuthServiceInternalUpdateVariable (
- AUTHVAR_KEYDB_NAME,
- &gEfiAuthenticatedVariableGuid,
- &VarValue,
- sizeof(UINT8),
- VarAttr
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
- } else {
- //
- // Load database in global variable for cache.
- //
- ASSERT ((DataSize != 0) && (Data != NULL));
- //
- // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
- // Therefore, there is no memory overflow in underlying CopyMem.
- //
- CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
- mPubKeyNumber = (UINT32) (DataSize / sizeof (AUTHVAR_KEY_DB_DATA));
- }
-
Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
@@ -422,16 +359,15 @@ AuthVariableLibInitialize (
AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
- mAuthVarAddressPointer[0] = (VOID **) &mPubKeyStore;
- mAuthVarAddressPointer[1] = (VOID **) &mCertDbStore;
- mAuthVarAddressPointer[2] = (VOID **) &mHashCtx;
- mAuthVarAddressPointer[3] = (VOID **) &mAuthVarLibContextIn;
- mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
- mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
- mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
- mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
- mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
- mAuthVarAddressPointer[9] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
+ mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;
+ mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;
+ mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;
+ mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
+ mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
+ mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
+ mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
+ mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
+ mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);
@@ -439,7 +375,7 @@ AuthVariableLibInitialize (
}
/**
- Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
@param[in] VariableName Name of the variable.
@param[in] VendorGuid Variable vendor GUID.
@@ -452,8 +388,7 @@ AuthVariableLibInitialize (
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_WRITE_PROTECTED Variable is write-protected.
@retval EFI_OUT_OF_RESOURCES There is not enough resource.
- @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
- or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
index c6f3edc..7763b13 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
@@ -101,7 +101,7 @@ IsMorLockVariable (
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
set but the AuthInfo does NOT pass the validation check carried
out by the firmware.
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
index 50a656a..af30357 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
@@ -67,7 +67,7 @@ InternalGetVariable (
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
set but the AuthInfo does NOT pass the validation check carried
out by the firmware.
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
@@ -103,7 +103,7 @@ InternalSetVariable (
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
set but the AuthInfo does NOT pass the validation check carried
out by the firmware.
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
index 019cb8b..e5db98c 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
@@ -82,7 +82,7 @@ InternalGetVariable (
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
set but the AuthInfo does NOT pass the validation check carried
out by the firmware.
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
--
1.9.5.msysgit.1
next reply other threads:[~2017-10-31 6:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-31 6:34 Zhang, Chao B [this message]
2017-10-31 6:34 ` [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS Zhang, Chao B
2017-11-01 8:47 ` Long, Qin
2017-10-31 6:34 ` [PATCH 3/3] MdeModulePkg: " Zhang, Chao B
2017-11-01 8:47 ` Long, Qin
2017-11-01 8:47 ` [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support Long, Qin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171031063439.6232-1-chao.b.zhang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox