* [PATCH v2] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state
@ 2023-06-12 21:57 Abhimanyu Singh
2023-06-14 15:44 ` [edk2-devel] " Abhimanyu Singh
0 siblings, 1 reply; 2+ messages in thread
From: Abhimanyu Singh @ 2023-06-12 21:57 UTC (permalink / raw)
To: devel; +Cc: Abhi Singh, Jian J Wang, Liming Gao, Michael Kubacki
From: Abhi Singh <Abhi.Singh@arm.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4410
REPO: https://github.com/tianocore/edk2/commit/7c9e1303fce5d49f8b597b4afd99ed855faaffaa
Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function
contains a scenario to prevent a possible dictionary attack on the MorLock
Key in accordance with the TCG Platform Reset Mitigation Spec v1.10.
The mechanism to prevent this attack must also change the MorLock Variable
Value to 0x01 to indicate Locked Without Key.
ASSERT_EFI_ERROR is added for error visibility since SetMorLockVariable
returns a status code
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Abhi Singh <Abhi.Singh@arm.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
Notes:
v2:
- capturing return status of SetMorLockVariable
with ASSERT_EFI_ERROR for visibility [Michael]
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index da1105ff07..28e8cc55d9 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -312,6 +312,11 @@ SetVariableCheckHandlerMorLock (
mMorLockState = MorLockStateLocked;
mMorLockKeyEmpty = TRUE;
ZeroMem (mMorLockKey, sizeof (mMorLockKey));
+ //
+ // Update value to reflect locked without key
+ //
+ Status = SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY);
+ ASSERT_EFI_ERROR (Status);
return EFI_ACCESS_DENIED;
}
}
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [edk2-devel] [PATCH v2] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state
2023-06-12 21:57 [PATCH v2] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state Abhimanyu Singh
@ 2023-06-14 15:44 ` Abhimanyu Singh
0 siblings, 0 replies; 2+ messages in thread
From: Abhimanyu Singh @ 2023-06-14 15:44 UTC (permalink / raw)
To: Abhimanyu Singh, devel
[-- Attachment #1: Type: text/plain, Size: 127 bytes --]
Hi Liming and Jian,
Could you please review this patch? Michael has taken a look over and given Acked-by.
Thanks,
Abhi
[-- Attachment #2: Type: text/html, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-06-14 15:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-12 21:57 [PATCH v2] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state Abhimanyu Singh
2023-06-14 15:44 ` [edk2-devel] " Abhimanyu Singh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox