[Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr

[Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr

[Kinney, Michael D]

https://bugzilla.tianocore.org/show_bug.cgi?id=890
https://bugzilla.tianocore.org/show_bug.cgi?id=891

* Update BinToPcd to support multiple one or more -i INPUTFILE arguments
* Update BinToPcd to support -x, --xdr flags to encode PCD using the
  Variable-Length Opaque Data of RFC 4506 External Data Representation
  Standard (XDR).
* Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates
  encoded using the Variable-Length Opaque Data format of RFC 4506 External
  Data Representation Standard (XDR).  
* Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate
  capsules.
* Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
  of the test key.

Branch for review:
https://github.com/mdkinney/edk2/tree/Bug_890_891_BinToPcdMultipleInputFiles
  
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>

Kinney, Michael D (4):
  BaseTools/BinToPcd: Add support for multiple binary input files
  SecurityPkg: Add PcdPkcs7CertBufferXdr
  SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr
  QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

Michael D Kinney (1):
  Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

 BaseTools/Scripts/BinToPcd.py                      | 83 ++++++++++++++--------
 .../PlatformBootManagerLib/PlatformBootManager.c   | 51 ++++++++++++-
 .../PlatformBootManagerLib.inf                     |  3 +-
 SecurityPkg/SecurityPkg.dec                        |  8 +++
 SecurityPkg/SecurityPkg.uni                        |  6 ++
 .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 77 +++++++++++++++++---
 .../EdkiiSystemCapsuleLib.inf                      |  3 +-
 .../Library/PlatformBdsLib/BdsPlatform.c           | 57 ++++++++++++++-
 .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++---
 9 files changed, 258 insertions(+), 52 deletions(-)

-- 
2.14.2.windows.3

[Patch 1/5] BaseTools/BinToPcd: Add support for multiple binary input files

[Kinney, Michael D]

https://bugzilla.tianocore.org/show_bug.cgi?id=890

There are use cases where a VOID * PCD needs to be generated from multiple
binary input files.  This can be in the form of an array of fixed size
elements or a set of variable sized elements.

Update BinToPcd to support multiple one or more -i INPUTFILE arguments.
By default, the contents of each binary input file are concatenated in
the order provided.  This supports generating a PCD that is an array of
fixed size elements

Add -x, --xdr flags to BinToPcd  to encodes the PCD using the
Variable-Length Opaque Data of RFC 4506 External Data Representation
Standard (XDR).

    https://tools.ietf.org/html/rfc4506
    https://tools.ietf.org/html/rfc4506#section-4.10

The data format from RFC 4506 meets the requirements for a PCD that is a
set of variable sized elements in the Variable-Length Opaque Data format.
The overhead of this format is a 32-bit length and 0 to 3 bytes of padding
to align the next element at a 32-bit boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 BaseTools/Scripts/BinToPcd.py | 83 ++++++++++++++++++++++++++++---------------
 1 file changed, 54 insertions(+), 29 deletions(-)

diff --git a/BaseTools/Scripts/BinToPcd.py b/BaseTools/Scripts/BinToPcd.py
index 68a7ac652d..f2485a27fa 100644
--- a/BaseTools/Scripts/BinToPcd.py
+++ b/BaseTools/Scripts/BinToPcd.py
@@ -1,7 +1,7 @@
 ## @file
 # Convert a binary file to a VOID* PCD value or DSC file VOID* PCD statement.
 #
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution.  The full text of the license may be found at
@@ -18,14 +18,15 @@ BinToPcd
 import sys
 import argparse
 import re
+import xdrlib
 
 #
 # Globals for help information
 #
 __prog__        = 'BinToPcd'
-__version__     = '%s Version %s' % (__prog__, '0.9 ')
-__copyright__   = 'Copyright (c) 2016, Intel Corporation. All rights reserved.'
-__description__ = 'Convert a binary file to a VOID* PCD value or DSC file VOID* PCD statement.\n'
+__version__     = '%s Version %s' % (__prog__, '0.91 ')
+__copyright__   = 'Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.'
+__description__ = 'Convert one or more binary files to a VOID* PCD value or DSC file VOID* PCD statement.\n'
 
 if __name__ == '__main__':
   def ValidateUnsignedInteger (Argument):
@@ -50,21 +51,35 @@ if __name__ == '__main__':
       Message = '%s is not a valid GUID C name' % (Argument)
       raise argparse.ArgumentTypeError(Message)
     return Argument
-    
-  def ByteArray (Buffer):
+
+  def ByteArray (Buffer, Xdr = False):
+    if Xdr:
+      #
+      # If Xdr flag is set then encode data using the Variable-Length Opaque
+      # Data format of RFC 4506 External Data Representation Standard (XDR).
+      #
+      XdrEncoder = xdrlib.Packer()
+      for Item in Buffer:
+        XdrEncoder.pack_bytes(Item)
+      Buffer = XdrEncoder.get_buffer()
+    else:
+      #
+      # If Xdr flag is not set, then concatenate all the data
+      #
+      Buffer = ''.join(Buffer)
     #
-    # Append byte array of values of the form '{0x01, 0x02, ...}'
+    # Return a PCD value of the form '{0x01, 0x02, ...}' along with the PCD length in bytes
     #
-    return '{%s}' % (', '.join(['0x%02x' % (ord(Item)) for Item in Buffer]))
-    
+    return '{%s}' % (', '.join(['0x%02x' % (ord(Item)) for Item in Buffer])), len (Buffer)
+
   #
   # Create command line argument parser object
   #
   parser = argparse.ArgumentParser(prog = __prog__, version = __version__,
                                    description = __description__ + __copyright__,
                                    conflict_handler = 'resolve')
-  parser.add_argument("-i", "--input", dest = 'InputFile', type = argparse.FileType('rb'),
-                      help = "Input binary filename", required = True)
+  parser.add_argument("-i", "--input", dest = 'InputFile', type = argparse.FileType('rb'), action='append', required = True,
+                      help = "Input binary filename.  Multiple input files are combined into a single PCD.")
   parser.add_argument("-o", "--output", dest = 'OutputFile', type = argparse.FileType('wb'),
                       help = "Output filename for PCD value or PCD statement")
   parser.add_argument("-p", "--pcd", dest = 'PcdName', type = ValidatePcdName,
@@ -79,6 +94,8 @@ if __name__ == '__main__':
                       help = "UEFI variable name.  Only used with --type HII.")
   parser.add_argument("-g", "--variable-guid", type = ValidateGuidName, dest = 'VariableGuid',
                       help = "UEFI variable GUID C name.  Only used with --type HII.")
+  parser.add_argument("-x", "--xdr", dest = 'Xdr', action = "store_true",
+                      help = "Encode PCD using the Variable-Length Opaque Data format of RFC 4506 External Data Representation Standard (XDR)")
   parser.add_argument("-v", "--verbose", dest = 'Verbose', action = "store_true",
                       help = "Increase output messages")
   parser.add_argument("-q", "--quiet", dest = 'Quiet', action = "store_true",
@@ -92,14 +109,22 @@ if __name__ == '__main__':
   args = parser.parse_args()
 
   #
-  # Read binary input file
+  # Read all binary input files
   #
-  try:
-    Buffer = args.InputFile.read()
-    args.InputFile.close()
-  except:
-    print 'BinToPcd: error: can not read binary input file'
-    sys.exit()
+  Buffer = []
+  for File in args.InputFile:
+    try:
+      Buffer.append(File.read())
+      File.close()
+    except:
+      print 'BinToPcd: error: can not read binary input file', File
+      sys.exit()
+
+  #
+  # Convert PCD to an encoded string of hex values and determine the size of
+  # the encoded PCD in bytes.
+  #
+  PcdValue, PcdSize = ByteArray (Buffer, args.Xdr)
 
   #
   # Convert binary buffer to a DSC file PCD statement
@@ -107,7 +132,8 @@ if __name__ == '__main__':
   if args.PcdName is None:
     #
     # If PcdName is None, then only a PCD value is being requested.
-    Pcd = ByteArray (Buffer)
+    #
+    Pcd = PcdValue
     if args.Verbose:
       print 'PcdToBin: Convert binary file to PCD Value'
   elif args.PcdType is None:
@@ -121,14 +147,13 @@ if __name__ == '__main__':
       # If --max-size is not provided, then do not generate the syntax that
       # includes the maximum size.
       #
-      Pcd = '  %s|%s' % (args.PcdName, ByteArray (Buffer))
-    elif args.MaxSize < len(Buffer):
+      Pcd = '  %s|%s' % (args.PcdName, PcdValue)
+    elif args.MaxSize < PcdSize:
       print 'BinToPcd: error: argument --max-size is smaller than input file.'
       sys.exit()
     else:
-      Pcd = '  %s|%s|VOID*|%d' % (args.PcdName, ByteArray (Buffer), args.MaxSize)
-      args.MaxSize = len(Buffer)
-    
+      Pcd = '  %s|%s|VOID*|%d' % (args.PcdName, PcdValue, args.MaxSize)
+
     if args.Verbose:
       print 'PcdToBin: Convert binary file to PCD statement compatible with PCD sections:'
       print '    [PcdsFixedAtBuild]'
@@ -141,8 +166,8 @@ if __name__ == '__main__':
       # If --max-size is not provided, then set maximum size to the size of the
       # binary input file
       #
-      args.MaxSize = len(Buffer)
-    if args.MaxSize < len(Buffer):
+      args.MaxSize = PcdSize
+    if args.MaxSize < PcdSize:
       print 'BinToPcd: error: argument --max-size is smaller than input file.'
       sys.exit()
     if args.Offset is None:
@@ -150,12 +175,12 @@ if __name__ == '__main__':
       # if --offset is not provided, then set offset field to '*' so build
       # tools will compute offset of PCD in VPD region.
       #
-      Pcd = '  %s|*|%d|%s' % (args.PcdName, args.MaxSize, ByteArray (Buffer))
+      Pcd = '  %s|*|%d|%s' % (args.PcdName, args.MaxSize, PcdValue)
     else:
       #
       # Use the --offset value provided.
       #
-      Pcd = '  %s|%d|%d|%s' % (args.PcdName, args.Offset, args.MaxSize, ByteArray (Buffer))
+      Pcd = '  %s|%d|%d|%s' % (args.PcdName, args.Offset, args.MaxSize, PcdValue)
     if args.Verbose:
       print 'PcdToBin: Convert binary file to PCD statement compatible with PCD sections'
       print '    [PcdsDynamicVpd]'
@@ -172,7 +197,7 @@ if __name__ == '__main__':
       # Use UEFI Variable offset of 0 if --offset is not provided
       #
       args.Offset = 0
-    Pcd = '  %s|L"%s"|%s|%d|%s' % (args.PcdName, args.VariableName, args.VariableGuid, args.Offset, ByteArray (Buffer))
+    Pcd = '  %s|L"%s"|%s|%d|%s' % (args.PcdName, args.VariableName, args.VariableGuid, args.Offset, PcdValue)
     if args.Verbose:
       print 'PcdToBin: Convert binary file to PCD statement compatible with PCD sections'
       print '    [PcdsDynamicHii]'
-- 
2.14.2.windows.3

[Patch 2/5] SecurityPkg: Add PcdPkcs7CertBufferXdr

[Kinney, Michael D]

https://bugzilla.tianocore.org/show_bug.cgi?id=891

Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates
encoded using the Variable-Length Opaque Data format of RFC 4506 External
Data Representation Standard (XDR).

    https://tools.ietf.org/html/rfc4506
    https://tools.ietf.org/html/rfc4506#section-4.10

The default value for this new PCD is {0}.

The enhancements to the BaseTools BinToPcd tool can be used to generate
a PCD from multiple input certificate files.

    https://bugzilla.tianocore.org/show_bug.cgi?id=890

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 SecurityPkg/SecurityPkg.dec | 8 ++++++++
 SecurityPkg/SecurityPkg.uni | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 77d6b073d4..bafc7dddaa 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -411,6 +411,14 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   #
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer|{0x30, 0x82, 0x03, 0xec, 0x30, 0x82, 0x02, 0xd4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc0, 0x91, 0xc5, 0xe2, 0xb7, 0x66, 0xc0, 0xf8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x69, 0x61, 0x6e, 0x6f, 0x43, 0x6f, 0x72, 0x65, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x05, 0x45, 0x44, 0x4b, 0x49, 0x49, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x65, 0x64, 0x6b, 0x69, 0x69, 0x40, 0x74, 0x69, 0x61, 0x6e, 0x6f, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x34, 0x31, 0x30, 0x30, 0x38, 0x32, 0x37, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x35, 0x31, 0x30, 0x30, 0x38, 0x32, 0x37, 0x34, 0x30, 0x5a, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x69, 0x61, 0x6e, 0x6f, 0x43, 0x6f, 0x72, 0x65, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x05, 0x45, 0x44, 0x4b, 0x49, 0x49, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x65, 0x64, 0x6b, 0x69, 0x69, 0x40, 0x74, 0x69, 0x61, 0x6e, 0x6f, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0x29, 0x29, 0x6c, 0x60, 0x0c, 0xd7, 0x23, 0xf6, 0x7d, 0xee, 0xf0, 0x62, 0xff, 0xd9, 0xc9, 0xaa, 0x55, 0x8c, 0x81, 0x95, 0x56, 0x3f, 0xb7, 0x56, 0x53, 0xb0, 0xc2, 0x82, 0x12, 0xc5, 0x3b, 0x75, 0x23, 0xb9, 0x4d, 0xd6, 0xc4, 0x55, 0x73, 0xf3, 0xaa, 0x95, 0xa8, 0x1b, 0xf3, 0x93, 0x7e, 0x9e, 0x40, 0xe4, 0x1d, 0x22, 0x9c, 0x93, 0x07, 0x0b, 0xd7, 0xaa, 0x5b, 0xd7, 0xe4, 0x1a, 0x21, 0x84, 0xd7, 0x63, 0x59, 0x03, 0x50, 0x1f, 0xf5, 0x14, 0x55, 0x93, 0x91, 0x9b, 0xf5, 0x52, 0xb0, 0xbf, 0x0e, 0x5c, 0x68, 0x3b, 0x59, 0x52, 0x98, 0x96, 0x56, 0xe1, 0xab, 0xc4, 0x43, 0xbb, 0x05, 0x57, 0x78, 0x45, 0x01, 0x9f, 0x58, 0x15, 0x53, 0x0e, 0x11, 0x94, 0x2f, 0x0e, 0xf1, 0xa6, 0x19, 0xa2, 0x6e, 0x86, 0x39, 0x2b, 0x33, 0x8d, 0xc7, 0xc5, 0xeb, 0xee, 0x1e, 0x33, 0xd3, 0x32, 0x94, 0xc1, 0x59, 0xc4, 0x0c, 0x97, 0x0b, 0x12, 0x48, 0x5f, 0x33, 0xf6, 0x60, 0x74, 0x7d, 0x57, 0xc2, 0x13, 0x2d, 0x7d, 0xa9, 0x87, 0xa3, 0x35, 0xea, 0x91, 0x83, 0x3f, 0x67, 0x7a, 0x92, 0x1f, 0x01, 0x53, 0x9f, 0x62, 0x5f, 0x99, 0x12, 0xfd, 0x73, 0x1b, 0x2d, 0x9e, 0x2b, 0x6c, 0x34, 0x49, 0xaf, 0x4f, 0x07, 0x8f, 0xc0, 0xe9, 0x6b, 0x9e, 0x5f, 0x79, 0x35, 0xda, 0x2a, 0x5c, 0x88, 0xee, 0xf6, 0x48, 0x61, 0xda, 0x96, 0xe3, 0x48, 0x46, 0xa0, 0x94, 0x1c, 0x9d, 0xf6, 0x5c, 0x87, 0x0e, 0xef, 0x74, 0x09, 0x91, 0x0d, 0x3d, 0x5a, 0xe7, 0xc5, 0x4c, 0x8a, 0x7a, 0xac, 0xa1, 0x85, 0xb6, 0x67, 0x44, 0x17, 0x55, 0x52, 0x3a, 0xe8, 0x11, 0x4d, 0x58, 0xa2, 0x93, 0x00, 0x62, 0xea, 0x7b, 0x80, 0xed, 0xcf, 0xbd, 0xdf, 0x75, 0x80, 0x4b, 0xb9, 0x65, 0x63, 0xad, 0x0b, 0x4d, 0x74, 0xfa, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x16, 0xaa, 0xd6, 0x8e, 0x1b, 0x2d, 0x43, 0xf3, 0x2d, 0xb0, 0x24, 0xad, 0x36, 0x65, 0x3f, 0xb2, 0xfa, 0xb1, 0x2c, 0xed, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x16, 0xaa, 0xd6, 0x8e, 0x1b, 0x2d, 0x43, 0xf3, 0x2d, 0xb0, 0x24, 0xad, 0x36, 0x65, 0x3f, 0xb2, 0xfa, 0xb1, 0x2c, 0xed, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x95, 0xde, 0xdf, 0xa4, 0x14, 0xdb, 0x92, 0x22, 0x78, 0x1a, 0xbd, 0x31, 0x9d, 0x1e, 0xd7, 0x2f, 0x0a, 0x10, 0x11, 0x5d, 0x74, 0x61, 0xe8, 0x30, 0xc4, 0xf3, 0x15, 0xe9, 0x30, 0x54, 0xf4, 0xbb, 0x0c, 0x04, 0x78, 0x13, 0x5d, 0x2c, 0xdd, 0x8c, 0x92, 0x90, 0xd1, 0x9c, 0xd0, 0xd0, 0x18, 0xa3, 0xa3, 0xfc, 0x8c, 0x28, 0x5a, 0xd4, 0x91, 0x4d, 0x08, 0xc3, 0xf6, 0x1a, 0xc8, 0xdd, 0xa6, 0x08, 0x58, 0xe2, 0x15, 0x95, 0xfb, 0x2d, 0x2d, 0x8a, 0xb1, 0x30, 0x80, 0xbd, 0x9a, 0xb6, 0xe1, 0x2c, 0x20, 0x3e, 0xdd, 0xc4, 0xc7, 0x55, 0x65, 0xcf, 0x28, 0x17, 0xf4, 0xee, 0xda, 0xbe, 0x77, 0x70, 0xd5, 0x52, 0xd6, 0x15, 0x7a, 0xfb, 0xad, 0xaf, 0xfd, 0xd5, 0x45, 0x90, 0x5a, 0xe6, 0x31, 0x42, 0xd7, 0x84, 0xb3, 0x49, 0x56, 0x6a, 0xd3, 0x47, 0xf3, 0xbf, 0x68, 0x60, 0x8b, 0x0f, 0xe2, 0xaf, 0xf4, 0xe3, 0xec, 0x12, 0xb9, 0xe2, 0x3a, 0x16, 0x11, 0x4e, 0x4d, 0x73, 0x79, 0xaf, 0x47, 0x85, 0x4c, 0x76, 0x26, 0x9e, 0x8b, 0x32, 0xc0, 0x8e, 0xc2, 0xdc, 0x27, 0xa6, 0xef, 0xac, 0x93, 0x9e, 0xa1, 0x5e, 0xcf, 0x34, 0x45, 0xe0, 0x2a, 0xc7, 0x9d, 0x4d, 0xd7, 0xd7, 0x37, 0x72, 0x97, 0xf8, 0x58, 0xf9, 0xb6, 0x35, 0x48, 0xf1, 0xd1, 0x0a, 0x72, 0x7f, 0xfd, 0x4d, 0x7c, 0xe9, 0xcc, 0xd8, 0x48, 0x1b, 0x49, 0x52, 0x53, 0xde, 0x51, 0x01, 0x53, 0x35, 0xbc, 0x90, 0xcd, 0x8c, 0x8a, 0xcc, 0x43, 0x20, 0xa7, 0x45, 0xff, 0x2b, 0x55, 0xb0, 0x8b, 0x2d, 0xff, 0x55, 0x15, 0x4b, 0x84, 0xd0, 0xc3, 0xd3, 0x90, 0x9c, 0x94, 0x4b, 0x55, 0xd5, 0x62, 0xea, 0x22, 0xab, 0x62, 0x68, 0xdd, 0x53, 0xc6, 0xdc, 0xa5, 0xdd, 0x9a, 0x2d, 0x8e, 0x79, 0x7c, 0x2e, 0x9c, 0xe4, 0x66, 0x80, 0x8c, 0x1d}|VOID*|0x00010014
 
+  ## Provides one or more PKCS7 certs used to verify Recovery and Capsule Update images.
+  #  This PCD is encoded using the Variable-Length Opaque Data format of RFC 4506
+  #  External Data Representation Standard (XDR).
+  #  The default value is empty with no keys.
+  # @Prompt One or more XDR encoded PKCS7 certs used to verify Recovery and Capsule Update images
+  #
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr|{0x0}|VOID*|0x0001001E
+
   ## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).
   #  For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB.
   # @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML).
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index aaf77269a3..90d806137a 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -228,6 +228,12 @@
 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_HELP  #language en-US "Provides one PKCS7 cert used to verify Recovery and Capsule Update images\n"
                                                                                    "WARNING: The default value is treated as test key. Please do not use default value in the production."
 
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBufferXdr_PROMPT  #language en-US "One or more XDR encoded PKCS7 certs used to verify Recovery and Capsule Update imagesOne or more XDR encoded PKCS7 certs used to verify Recovery and Capsule Update images"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBufferXdr_HELP  #language en-US "Provides one or more PKCS7 certs used to verify Recovery and Capsule Update images\n"
+                                                                                      "This PCD is encoded using the Variable-Length Opaque Data format of RFC 4506 External Data Representation Standard (XDR).\n"
+                                                                                      "The default value is empty with no keys."
+
 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_PROMPT  #language en-US " Initial setting of TCG2 Persistent Firmware Management Flags"
 
 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_HELP  #language en-US "This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\n"
-- 
2.14.2.windows.3

[Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr

[Kinney, Michael D]

https://bugzilla.tianocore.org/show_bug.cgi?id=891

Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate
a capsule.  The capsule fails authentication if none of the certificates
in PcdPkcs7CertBuffer or PcdPkcs7CertBufferXdr pass.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 77 +++++++++++++++++++---
 .../EdkiiSystemCapsuleLib.inf                      |  3 +-
 2 files changed, 70 insertions(+), 10 deletions(-)

diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
index 876d2257b3..5217a63082 100644
--- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
@@ -6,7 +6,7 @@
   CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive
   untrusted input and do basic validation.
 
-  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
@@ -370,6 +370,8 @@ ExtractAuthenticatedImage (
   GUID                                      *CertType;
   VOID                                      *PublicKeyData;
   UINTN                                     PublicKeyDataLength;
+  UINT8                                     *PublicKeyDataXdr;
+  UINT8                                     *PublicKeyDataXdrEnd;
 
   DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
 
@@ -410,21 +412,78 @@ ExtractAuthenticatedImage (
   if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {
     PublicKeyData   = PcdGetPtr(PcdPkcs7CertBuffer);
     PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);
+
+    ASSERT (PublicKeyData != NULL);
+    ASSERT (PublicKeyDataLength != 0);
+
+    Status = AuthenticateFmpImage(
+               ImageAuth,
+               ImageSize,
+               PublicKeyData,
+               PublicKeyDataLength
+               );
+    if (EFI_ERROR (Status)) {
+      PublicKeyDataXdr    = PcdGetPtr (PcdPkcs7CertBufferXdr);
+      PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr);
+
+      ASSERT (PublicKeyDataXdr != NULL);
+      ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd);
+
+      //
+      // Try each key from PcdPkcs7CertBufferXdr
+      //
+      while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
+        if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
+          //
+          // Key data extends beyond end of PCD
+          //
+          break;
+        }
+        //
+        // Read key length stored in big endian format
+        //
+        PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
+        //
+        // Point to the start of the key data
+        //
+        PublicKeyDataXdr += sizeof (UINT32);
+        if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
+          //
+          // Key data extends beyond end of PCD
+          //
+          break;
+        }
+        PublicKeyData = PublicKeyDataXdr;
+        Status = AuthenticateFmpImage (
+                   ImageAuth,
+                   ImageSize,
+                   PublicKeyData,
+                   PublicKeyDataLength
+                   );
+        if (!EFI_ERROR (Status)) {
+          break;
+        }
+        PublicKeyDataXdr += PublicKeyDataLength;
+        PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32));
+      }
+    }
   } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
     PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);
     PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);
+
+    ASSERT (PublicKeyData != NULL);
+    ASSERT (PublicKeyDataLength != 0);
+
+    Status = AuthenticateFmpImage(
+               ImageAuth,
+               ImageSize,
+               PublicKeyData,
+               PublicKeyDataLength
+               );
   } else {
     return FALSE;
   }
-  ASSERT (PublicKeyData != NULL);
-  ASSERT (PublicKeyDataLength != 0);
 
-  Status = AuthenticateFmpImage(
-             ImageAuth,
-             ImageSize,
-             PublicKeyData,
-             PublicKeyDataLength
-             );
   switch (Status) {
   case RETURN_SUCCESS:
     *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
index a721619a67..2b18d918d1 100644
--- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
@@ -3,7 +3,7 @@
 #
 #  EDKII System Capsule library instance for DXE/PEI post memory phase.
 #
-#  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@@ -52,6 +52,7 @@ [Pcd]
   gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid           ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer               ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer                            ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr                         ## CONSUMES
 
 [Guids]
   gEdkiiSystemFirmwareImageDescriptorFileGuid          ## SOMETIMES_CONSUMES   ## GUID
-- 
2.14.2.windows.3

[Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

[Kinney, Michael D]

From: Michael D Kinney <michael.d.kinney@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=891

Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
of the test key.  If the test key is found in either PCD, then the warning
messages for the use of a test key must be presented.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .../Library/PlatformBdsLib/BdsPlatform.c           | 57 +++++++++++++++++++++-
 .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++++----
 2 files changed, 68 insertions(+), 11 deletions(-)

diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 7f91777ea1..4aac7a2487 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -1,6 +1,6 @@
 /** @file
 
-  Copyright (c) 2004  - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2004  - 2018, Intel Corporation. All rights reserved.<BR>
                                                                                    
   This program and the accompanying materials are licensed and made available under
   the terms and conditions of the BSD License that accompanies this distribution.  
@@ -2417,6 +2417,10 @@ ShowProgressHotKey (
   UINTN                         TmpStrSize;
   VOID                          *Buffer;
   UINTN                         Size;
+  VOID                          *PublicKeyData;
+  UINTN                         PublicKeyDataLength;
+  UINT8                         *PublicKeyDataXdr;
+  UINT8                         *PublicKeyDataXdrEnd;
 
   if (TimeoutDefault == 0) {
     return EFI_TIMEOUT;
@@ -2484,6 +2488,57 @@ ShowProgressHotKey (
       }
       PcdSetBoolS(PcdTestKeyUsed, TRUE);
     }
+
+    //
+    // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key
+    //
+    PublicKeyDataXdr    = PcdGetPtr (PcdPkcs7CertBufferXdr);
+    PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr);
+
+    ASSERT (PublicKeyDataXdr != NULL);
+    ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd);
+
+    //
+    // Try each key from PcdPkcs7CertBufferXdr
+    //
+    while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
+      if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      //
+      // Read key length stored in big endian format
+      //
+      PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
+      //
+      // Point to the start of the key data
+      //
+      PublicKeyDataXdr += sizeof (UINT32);
+      if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      PublicKeyData = PublicKeyDataXdr;
+
+      if ((Size == PublicKeyDataLength) &&
+          (CompareMem(Buffer, PublicKeyData, Size) == 0)) {
+        TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n";
+        if (DebugAssertEnabled()) {
+          DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n"));
+        } else {
+          SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used."));
+        }
+        PcdSetBoolS(PcdTestKeyUsed, TRUE);
+      }
+
+      PublicKeyDataXdr += PublicKeyDataLength;
+      PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32));
+    }
+
     FreePool(Buffer);
   }
 
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 7512556bb7..9f84d7b2e0 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -1,16 +1,17 @@
 #/** @file
 # Component name for module PlatformBootManagerLib
 #
-# Copyright (c) 2008  - 2016, Intel Corporation. All rights reserved.<BR>
-#                                                                                  

-# This program and the accompanying materials are licensed and made available under

-# the terms and conditions of the BSD License that accompanies this distribution.  

-# The full text of the license may be found at                                     

-# http://opensource.org/licenses/bsd-license.php.                                  

-#                                                                                  

-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            

-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    

-#                                                                                  

+# Copyright (c) 2008  - 2018, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
 #
 #
 #
@@ -108,6 +109,7 @@ [Pcd]
   gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr
   gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
   gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base
   gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
-- 
2.14.2.windows.3

[Patch 5/5] QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

[Kinney, Michael D]

https://bugzilla.tianocore.org/show_bug.cgi?id=891

Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
of the test key.  If the test key is found in either PCD, then the warning
messages for the use of a test key must be presented.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Kelly Steele <kelly.steele@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .../PlatformBootManagerLib/PlatformBootManager.c   | 51 +++++++++++++++++++++-
 .../PlatformBootManagerLib.inf                     |  3 +-
 2 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
index 53391c6077..829f852b61 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManager.c
@@ -2,7 +2,7 @@
 This file include all platform action which can be customized
 by IBV/OEM.
 
-Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -347,6 +347,10 @@ PlatformBootManagerAfterConsole (
   ESRT_MANAGEMENT_PROTOCOL       *EsrtManagement;
   VOID                           *Buffer;
   UINTN                          Size;
+  VOID                           *PublicKeyData;
+  UINTN                          PublicKeyDataLength;
+  UINT8                          *PublicKeyDataXdr;
+  UINT8                          *PublicKeyDataXdrEnd;
 
   Status = gBS->LocateProtocol(&gEsrtManagementProtocolGuid, NULL, (VOID **)&EsrtManagement);
   if (EFI_ERROR(Status)) {
@@ -433,6 +437,51 @@ PlatformBootManagerAfterConsole (
       Print(L"WARNING: Capsule Test Key is used.\n");
       PcdSetBoolS(PcdTestKeyUsed, TRUE);
     }
+
+    //
+    // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key
+    //
+    PublicKeyDataXdr    = PcdGetPtr (PcdPkcs7CertBufferXdr);
+    PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr);
+
+    ASSERT (PublicKeyDataXdr != NULL);
+    ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd);
+
+    //
+    // Try each key from PcdPkcs7CertBufferXdr
+    //
+    while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
+      if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      //
+      // Read key length stored in big endian format
+      //
+      PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
+      //
+      // Point to the start of the key data
+      //
+      PublicKeyDataXdr += sizeof (UINT32);
+      if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      PublicKeyData = PublicKeyDataXdr;
+      if ((Size == PublicKeyDataLength) &&
+          (CompareMem(Buffer, PublicKeyData, Size) == 0)) {
+        Print(L"WARNING: Capsule Test Key is used.\n");
+        PcdSetBoolS(PcdTestKeyUsed, TRUE);
+      }
+
+      PublicKeyDataXdr += PublicKeyDataLength;
+      PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32));
+    }
+
     FreePool(Buffer);
   }
 
diff --git a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 25394d8ca0..95a65ca88a 100644
--- a/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/QuarkPlatformPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Include all platform action which can be customized by IBV/OEM.
 #
-#  Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution.  The full text of the license may be found at
@@ -85,5 +85,6 @@ [Pcd]
   gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr
   gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
 
-- 
2.14.2.windows.3

Re: [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr

[Steele, Kelly]

Reviewed-by: Kelly Steele <Kelly.steele@intel.com>

Thanks,
Kelly

> -----Original Message-----
> From: Kinney, Michael D
> Sent: March 12, 2018 12:30
> To: edk2-devel@lists.01.org
> Cc: Sean Brogan <sean.brogan@microsoft.com>; Zhu, Yonghong
> <yonghong.zhu@intel.com>; Gao, Liming <liming.gao@intel.com>; Zhang,
> Chao B <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Steele, Kelly <kelly.steele@intel.com>; Wei, David <david.wei@intel.com>;
> Guo, Mang <mang.guo@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=890
> https://bugzilla.tianocore.org/show_bug.cgi?id=891
> 
> * Update BinToPcd to support multiple one or more -i INPUTFILE arguments
> * Update BinToPcd to support -x, --xdr flags to encode PCD using the
>   Variable-Length Opaque Data of RFC 4506 External Data Representation
>   Standard (XDR).
> * Add PcdPkcs7CertBufferXdr that supports one or more PKCS7 certificates
>   encoded using the Variable-Length Opaque Data format of RFC 4506
> External
>   Data Representation Standard (XDR).
> * Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate
>   capsules.
> * Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
>   of the test key.
> 
> Branch for review:
> https://github.com/mdkinney/edk2/tree/Bug_890_891_BinToPcdMultipleIn
> putFiles
> 
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Yonghong Zhu <yonghong.zhu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: David Wei <david.wei@intel.com>
> Cc: Mang Guo <mang.guo@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> 
> Kinney, Michael D (4):
>   BaseTools/BinToPcd: Add support for multiple binary input files
>   SecurityPkg: Add PcdPkcs7CertBufferXdr
>   SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr
>   QuarkPlatformPkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
> 
> Michael D Kinney (1):
>   Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
> 
>  BaseTools/Scripts/BinToPcd.py                      | 83 ++++++++++++++--------
>  .../PlatformBootManagerLib/PlatformBootManager.c   | 51 ++++++++++++-
>  .../PlatformBootManagerLib.inf                     |  3 +-
>  SecurityPkg/SecurityPkg.dec                        |  8 +++
>  SecurityPkg/SecurityPkg.uni                        |  6 ++
>  .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 77
> +++++++++++++++++---
>  .../EdkiiSystemCapsuleLib.inf                      |  3 +-
>  .../Library/PlatformBdsLib/BdsPlatform.c           | 57 ++++++++++++++-
>  .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++---
>  9 files changed, 258 insertions(+), 52 deletions(-)
> 
> --
> 2.14.2.windows.3

Re: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

[Wei, David]

Reviewed-by: david wei <david.wei@intel.com> 

Thanks,
David  Wei

Intel SSG/STO/UEFI BIOS                                 


-----Original Message-----
From: Kinney, Michael D 
Sent: Tuesday, March 13, 2018 3:30 AM
To: edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Wei, David <david.wei@intel.com>; Guo, Mang <mang.guo@intel.com>
Subject: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr

From: Michael D Kinney <michael.d.kinney@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=891

Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
of the test key.  If the test key is found in either PCD, then the warning
messages for the use of a test key must be presented.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .../Library/PlatformBdsLib/BdsPlatform.c           | 57 +++++++++++++++++++++-
 .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++++----
 2 files changed, 68 insertions(+), 11 deletions(-)

diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 7f91777ea1..4aac7a2487 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -1,6 +1,6 @@
 /** @file
 
-  Copyright (c) 2004  - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2004  - 2018, Intel Corporation. All rights reserved.<BR>
                                                                                    
   This program and the accompanying materials are licensed and made available under
   the terms and conditions of the BSD License that accompanies this distribution.  
@@ -2417,6 +2417,10 @@ ShowProgressHotKey (
   UINTN                         TmpStrSize;
   VOID                          *Buffer;
   UINTN                         Size;
+  VOID                          *PublicKeyData;
+  UINTN                         PublicKeyDataLength;
+  UINT8                         *PublicKeyDataXdr;
+  UINT8                         *PublicKeyDataXdrEnd;
 
   if (TimeoutDefault == 0) {
     return EFI_TIMEOUT;
@@ -2484,6 +2488,57 @@ ShowProgressHotKey (
       }
       PcdSetBoolS(PcdTestKeyUsed, TRUE);
     }
+
+    //
+    // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key
+    //
+    PublicKeyDataXdr    = PcdGetPtr (PcdPkcs7CertBufferXdr);
+    PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr);
+
+    ASSERT (PublicKeyDataXdr != NULL);
+    ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd);
+
+    //
+    // Try each key from PcdPkcs7CertBufferXdr
+    //
+    while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
+      if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      //
+      // Read key length stored in big endian format
+      //
+      PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
+      //
+      // Point to the start of the key data
+      //
+      PublicKeyDataXdr += sizeof (UINT32);
+      if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      PublicKeyData = PublicKeyDataXdr;
+
+      if ((Size == PublicKeyDataLength) &&
+          (CompareMem(Buffer, PublicKeyData, Size) == 0)) {
+        TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n";
+        if (DebugAssertEnabled()) {
+          DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n"));
+        } else {
+          SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used."));
+        }
+        PcdSetBoolS(PcdTestKeyUsed, TRUE);
+      }
+
+      PublicKeyDataXdr += PublicKeyDataLength;
+      PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32));
+    }
+
     FreePool(Buffer);
   }
 
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 7512556bb7..9f84d7b2e0 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -1,16 +1,17 @@
 #/** @file
 # Component name for module PlatformBootManagerLib
 #
-# Copyright (c) 2008  - 2016, Intel Corporation. All rights reserved.<BR>
-#                                                                                  

-# This program and the accompanying materials are licensed and made available under

-# the terms and conditions of the BSD License that accompanies this distribution.  

-# The full text of the license may be found at                                     

-# http://opensource.org/licenses/bsd-license.php.                                  

-#                                                                                  

-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,            

-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.    

-#                                                                                  

+# Copyright (c) 2008  - 2018, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
 #
 #
 #
@@ -108,6 +109,7 @@ [Pcd]
   gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr
   gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
   gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base
   gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
-- 
2.14.2.windows.3

Re: [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr

[Gao, Liming]

Mike: 
  The title should be SignedCapsulePkg EdkiiSystemCapsuleLib instead of SecurityPkg. 
  

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Kinney, Michael D
> Sent: Tuesday, March 13, 2018 3:30 AM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [edk2] [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=891
> 
> Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate
> a capsule.  The capsule fails authentication if none of the certificates
> in PcdPkcs7CertBuffer or PcdPkcs7CertBufferXdr pass.
> 
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 77 +++++++++++++++++++---
>  .../EdkiiSystemCapsuleLib.inf                      |  3 +-
>  2 files changed, 70 insertions(+), 10 deletions(-)
> 
> diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> index 876d2257b3..5217a63082 100644
> --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> @@ -6,7 +6,7 @@
>    CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive
>    untrusted input and do basic validation.
> 
> -  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions of the BSD License
>    which accompanies this distribution.  The full text of the license may be found at
> @@ -370,6 +370,8 @@ ExtractAuthenticatedImage (
>    GUID                                      *CertType;
>    VOID                                      *PublicKeyData;
>    UINTN                                     PublicKeyDataLength;
> +  UINT8                                     *PublicKeyDataXdr;
> +  UINT8                                     *PublicKeyDataXdrEnd;
> 
>    DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));
> 
> @@ -410,21 +412,78 @@ ExtractAuthenticatedImage (
>    if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {
>      PublicKeyData   = PcdGetPtr(PcdPkcs7CertBuffer);
>      PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);
> +
> +    ASSERT (PublicKeyData != NULL);
> +    ASSERT (PublicKeyDataLength != 0);
> +
> +    Status = AuthenticateFmpImage(
> +               ImageAuth,
> +               ImageSize,
> +               PublicKeyData,
> +               PublicKeyDataLength
> +               );
> +    if (EFI_ERROR (Status)) {
> +      PublicKeyDataXdr    = PcdGetPtr (PcdPkcs7CertBufferXdr);
> +      PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr);
> +
> +      ASSERT (PublicKeyDataXdr != NULL);
> +      ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd);
> +
> +      //
> +      // Try each key from PcdPkcs7CertBufferXdr
> +      //
> +      while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
> +        if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
> +          //
> +          // Key data extends beyond end of PCD
> +          //
> +          break;
> +        }
> +        //
> +        // Read key length stored in big endian format
> +        //
> +        PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
> +        //
> +        // Point to the start of the key data
> +        //
> +        PublicKeyDataXdr += sizeof (UINT32);
> +        if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
> +          //
> +          // Key data extends beyond end of PCD
> +          //
> +          break;
> +        }
> +        PublicKeyData = PublicKeyDataXdr;
> +        Status = AuthenticateFmpImage (
> +                   ImageAuth,
> +                   ImageSize,
> +                   PublicKeyData,
> +                   PublicKeyDataLength
> +                   );
> +        if (!EFI_ERROR (Status)) {
> +          break;
> +        }
> +        PublicKeyDataXdr += PublicKeyDataLength;
> +        PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32));
> +      }
> +    }
>    } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {
>      PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);
>      PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);
> +
> +    ASSERT (PublicKeyData != NULL);
> +    ASSERT (PublicKeyDataLength != 0);
> +
> +    Status = AuthenticateFmpImage(
> +               ImageAuth,
> +               ImageSize,
> +               PublicKeyData,
> +               PublicKeyDataLength
> +               );
>    } else {
>      return FALSE;
>    }
> -  ASSERT (PublicKeyData != NULL);
> -  ASSERT (PublicKeyDataLength != 0);
> 
> -  Status = AuthenticateFmpImage(
> -             ImageAuth,
> -             ImageSize,
> -             PublicKeyData,
> -             PublicKeyDataLength
> -             );
>    switch (Status) {
>    case RETURN_SUCCESS:
>      *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
> diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> index a721619a67..2b18d918d1 100644
> --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> @@ -3,7 +3,7 @@
>  #
>  #  EDKII System Capsule library instance for DXE/PEI post memory phase.
>  #
> -#  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +#  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
>  #  This program and the accompanying materials
>  #  are licensed and made available under the terms and conditions of the BSD License
>  #  which accompanies this distribution.  The full text of the license may be found at
> @@ -52,6 +52,7 @@ [Pcd]
>    gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid           ## CONSUMES
>    gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer               ## CONSUMES
>    gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer                            ## CONSUMES
> +  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr                         ## CONSUMES
> 
>  [Guids]
>    gEdkiiSystemFirmwareImageDescriptorFileGuid          ## SOMETIMES_CONSUMES   ## GUID
> --
> 2.14.2.windows.3
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel