From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8E1BC226462EF for ; Mon, 12 Mar 2018 12:24:06 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Mar 2018 12:30:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,462,1515484800"; d="scan'208";a="210877333" Received: from mdkinney-mobl2.amr.corp.intel.com ([10.241.98.52]) by fmsmga005.fm.intel.com with ESMTP; 12 Mar 2018 12:30:26 -0700 From: "Kinney, Michael D" To: edk2-devel@lists.01.org Cc: Sean Brogan , Chao Zhang , Jiewen Yao , Michael D Kinney Date: Mon, 12 Mar 2018 12:30:15 -0700 Message-Id: <20180312193017.15156-4-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.14.2.windows.3 In-Reply-To: <20180312193017.15156-1-michael.d.kinney@intel.com> References: <20180312193017.15156-1-michael.d.kinney@intel.com> Subject: [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2018 19:24:07 -0000 https://bugzilla.tianocore.org/show_bug.cgi?id=891 Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate a capsule. The capsule fails authentication if none of the certificates in PcdPkcs7CertBuffer or PcdPkcs7CertBufferXdr pass. Cc: Sean Brogan Cc: Chao Zhang Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney --- .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 77 +++++++++++++++++++--- .../EdkiiSystemCapsuleLib.inf | 3 +- 2 files changed, 70 insertions(+), 10 deletions(-) diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c index 876d2257b3..5217a63082 100644 --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c @@ -6,7 +6,7 @@ CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive untrusted input and do basic validation. - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -370,6 +370,8 @@ ExtractAuthenticatedImage ( GUID *CertType; VOID *PublicKeyData; UINTN PublicKeyDataLength; + UINT8 *PublicKeyDataXdr; + UINT8 *PublicKeyDataXdrEnd; DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); @@ -410,21 +412,78 @@ ExtractAuthenticatedImage ( if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) { PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer); PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer); + + ASSERT (PublicKeyData != NULL); + ASSERT (PublicKeyDataLength != 0); + + Status = AuthenticateFmpImage( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + if (EFI_ERROR (Status)) { + PublicKeyDataXdr = PcdGetPtr (PcdPkcs7CertBufferXdr); + PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr); + + ASSERT (PublicKeyDataXdr != NULL); + ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd); + + // + // Try each key from PcdPkcs7CertBufferXdr + // + while (PublicKeyDataXdr < PublicKeyDataXdrEnd) { + if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + // + // Read key length stored in big endian format + // + PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr)); + // + // Point to the start of the key data + // + PublicKeyDataXdr += sizeof (UINT32); + if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + PublicKeyData = PublicKeyDataXdr; + Status = AuthenticateFmpImage ( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + if (!EFI_ERROR (Status)) { + break; + } + PublicKeyDataXdr += PublicKeyDataLength; + PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32)); + } + } } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) { PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer); PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer); + + ASSERT (PublicKeyData != NULL); + ASSERT (PublicKeyDataLength != 0); + + Status = AuthenticateFmpImage( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); } else { return FALSE; } - ASSERT (PublicKeyData != NULL); - ASSERT (PublicKeyDataLength != 0); - Status = AuthenticateFmpImage( - ImageAuth, - ImageSize, - PublicKeyData, - PublicKeyDataLength - ); switch (Status) { case RETURN_SUCCESS: *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS; diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf index a721619a67..2b18d918d1 100644 --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf @@ -3,7 +3,7 @@ # # EDKII System Capsule library instance for DXE/PEI post memory phase. # -# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -52,6 +52,7 @@ [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr ## CONSUMES [Guids] gEdkiiSystemFirmwareImageDescriptorFileGuid ## SOMETIMES_CONSUMES ## GUID -- 2.14.2.windows.3