From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.2056.1681334710795236228 for ; Wed, 12 Apr 2023 14:25:11 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abhi.singh@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 49DD6D75 for ; Wed, 12 Apr 2023 14:25:54 -0700 (PDT) Received: from abhsin07-ThinkStation-P720.austin.arm.com (abhsin07-ThinkStation-P720.austin.arm.com [10.118.30.31]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CA0633F587 for ; Wed, 12 Apr 2023 14:25:09 -0700 (PDT) From: "Abhimanyu Singh" To: devel@edk2.groups.io Subject: [PATCH v1 1/1] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state Date: Wed, 12 Apr 2023 16:25:05 -0500 Message-Id: <20230412212505.538013-1-Abhi.Singh@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4410 Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function contains a scenario to prevent a possible dictionary attack on the MorLock Key in accordance with the TCG Platform Reset Mitigation Spec v1.10. The mechanism to prevent this attack must also change the MorLock Variable Value to 0x01 to indicate Locked Without Key. Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Abhi Singh --- MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/M= deModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c index da1105ff073e..a76db18ef877 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c @@ -312,6 +312,10 @@ SetVariableCheckHandlerMorLock ( mMorLockState =3D MorLockStateLocked;=0D mMorLockKeyEmpty =3D TRUE;=0D ZeroMem (mMorLockKey, sizeof (mMorLockKey));=0D + //=0D + // Update value to reflect locked without key=0D + //=0D + SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY);=0D return EFI_ACCESS_DENIED;=0D }=0D }=0D --=20 2.34.1