From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web09.5727.1621920689457513997 for ; Mon, 24 May 2021 22:31:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=tm1eoPrg; spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14P53leU051071; Tue, 25 May 2021 01:31:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=tOgjILEr/x0Kx1YHjsZxo6bFEyYdYCTGakLHMAOVIMI=; b=tm1eoPrgmuRws8uf+p/OXf55v63J7h453cTLjau7uOOhsCsmldqkcNRq5+VS4VW03VNY ITQU4/ly6xe+3tO/m9c48eueFHcoTV96BDNYc8a5Lr73ULRYZyUbTl1TGdQ3DOMBYzgo sh5TcJjRL9dv18A0LtVdudBrHXVAXhY909rfA0DLR45Svl3udcvBTN2vEKUhPGFuF4HT Gf9lsm6oHib4pOMcsHcLpbFqWYDalt6SKQO/JXPk5b7R4F2xz13pcSuzA0nviw5y35O7 UQa/k08sj/hivPlF83chfE1HYHjTpr+9Nd/t7aHEKJ31cdcBUIzMBcnwrNrn2G2lM00n GQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 38rtjy8y9g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 May 2021 01:31:26 -0400 Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 14P54MBV055173; Tue, 25 May 2021 01:31:26 -0400 Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 38rtjy8y8p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 May 2021 01:31:26 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.0.43/8.16.0.43) with SMTP id 14P5ReRX027652; Tue, 25 May 2021 05:31:24 GMT Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by ppma02wdc.us.ibm.com with ESMTP id 38psk9cdpy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 25 May 2021 05:31:24 +0000 Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 14P5VOfl32637418 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 25 May 2021 05:31:24 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1226F2805A; Tue, 25 May 2021 05:31:24 +0000 (GMT) Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C25D328065; Tue, 25 May 2021 05:31:23 +0000 (GMT) Received: from localhost.localdomain (unknown [9.2.130.16]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 25 May 2021 05:31:23 +0000 (GMT) From: Dov Murik To: devel@edk2.groups.io Cc: Dov Murik , Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , Jim Cadden , James Bottomley , Hubertus Franke , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Ashish Kalra , Brijesh Singh , Erdem Aktas , Jiewen Yao , Min Xu , Tom Lendacky Subject: [PATCH v1 4/8] OvmfPkg/QemuKernelLoaderFsDxe: Add ability to verify loaded items Date: Tue, 25 May 2021 05:31:12 +0000 Message-Id: <20210525053116.1533673-5-dovmurik@linux.ibm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210525053116.1533673-1-dovmurik@linux.ibm.com> References: <20210525053116.1533673-1-dovmurik@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: y20SaL_xzb7oM7AgNX25xVmNdAQJxA0L X-Proofpoint-ORIG-GUID: MoZ_3YB3uSNudDdIywdqbXCKMUsH4fvC X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.761 definitions=2021-05-25_02:2021-05-24,2021-05-25 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 phishscore=0 adultscore=0 bulkscore=0 lowpriorityscore=0 mlxscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105250034 Content-Transfer-Encoding: quoted-printable From: James Bottomley Allow registering a verifier which is then called for each blob passed via QEMU's fw_cfg. Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Ashish Kalra Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Signed-off-by: James Bottomley --- OvmfPkg/Include/Library/QemuFwCfgLib.h | 35 +++++++++++++++= +++++ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 31 +++++++++++++++= ++ 2 files changed, 66 insertions(+) diff --git a/OvmfPkg/Include/Library/QemuFwCfgLib.h b/OvmfPkg/Include/Libra= ry/QemuFwCfgLib.h index 68002bb654e6..1095efad5878 100644 --- a/OvmfPkg/Include/Library/QemuFwCfgLib.h +++ b/OvmfPkg/Include/Library/QemuFwCfgLib.h @@ -173,5 +173,40 @@ QemuFwCfgFindFile ( OUT UINTN *Size=0D );=0D =0D +/**=0D + The verifier is used to abstract a hash verification operation when=0D + A firmware config item is accessed via a filesystem and has some type=0D + of integrity information passed in.=0D +=0D + @param[in] Name The name of the config file to verify.=0D + @param[in] Buffer A pointer to the loaded config information.=0D + @param[in] Size The size of the buffer.=0D +=0D + @retval EFI_SUCCESS The buffer verified OK.=0D +=0D + @retval EFI_ACCESS_DENIED The buffer failed the integrity check.=0D +=0D +**/=0D +typedef=0D +RETURN_STATUS=0D +(EFIAPI *FW_CFG_VERIFIER) (=0D + IN CONST CHAR16 *Name,=0D + IN VOID *Buffer,=0D + IN UINTN Size=0D + );=0D +=0D +/**=0D + Register a verifier for the Firmware Configuration Filesystem to use=0D +=0D + @param[in] Verifier The verifier to register=0D +=0D + @retval EFI_SUCCESS The verifier was successfully registered=0D +**/=0D +RETURN_STATUS=0D +EFIAPI=0D +RegisterFwCfgVerifier (=0D + IN FW_CFG_VERIFIER Verifier=0D + );=0D +=0D #endif=0D =0D diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPk= g/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c index b09ff6a3590d..9823d23d1005 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c @@ -982,6 +982,27 @@ FetchBlob ( return EFI_SUCCESS;=0D }=0D =0D +STATIC FW_CFG_VERIFIER mVerifier =3D NULL;=0D +=0D +/**=0D + Register a verifier for the Firmware Configuration Filesystem to use=0D +=0D + @param[in] Verifier The verifier to register=0D +=0D + @retval EFI_SUCCESS The verifier was successfully registered=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +RegisterFwCfgVerifier (=0D + IN FW_CFG_VERIFIER Verifier=0D + )=0D +{=0D + if (mVerifier !=3D NULL) {=0D + return EFI_OUT_OF_RESOURCES;=0D + }=0D + mVerifier =3D Verifier;=0D + return EFI_SUCCESS;=0D +}=0D =0D //=0D // The entry point of the feature.=0D @@ -1033,6 +1054,16 @@ QemuKernelLoaderFsDxeEntrypoint ( if (EFI_ERROR (Status)) {=0D goto FreeBlobs;=0D }=0D + if (mVerifier !=3D NULL) {=0D + Status =3D mVerifier (=0D + CurrentBlob->Name,=0D + CurrentBlob->Data,=0D + CurrentBlob->Size=0D + );=0D + if (EFI_ERROR (Status)) {=0D + goto FreeBlobs;=0D + }=0D + }=0D mTotalBlobBytes +=3D CurrentBlob->Size;=0D }=0D KernelBlob =3D &mKernelBlob[KernelBlobTypeKernel];=0D --=20 2.25.1