From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web11.72950.1686607063270223432
 for <devel@edk2.groups.io>;
 Mon, 12 Jun 2023 14:57:43 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abhi.singh@arm.com)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 390F41FB;
	Mon, 12 Jun 2023 14:58:27 -0700 (PDT)
Received: from abhsin07-ThinkStation-P720.austin.arm.com (abhsin07-ThinkStation-P720.austin.arm.com [10.118.30.31])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 20A533F587;
	Mon, 12 Jun 2023 14:57:42 -0700 (PDT)
From: "Abhimanyu Singh" <Abhi.Singh@arm.com>
To: devel@edk2.groups.io
Cc: Abhi Singh <Abhi.Singh@arm.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Michael Kubacki <michael.kubacki@microsoft.com>
Subject: [PATCH v2] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state
Date: Mon, 12 Jun 2023 16:57:34 -0500
Message-Id: <20230612215734.77523-1-Abhi.Singh@arm.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Abhi Singh <Abhi.Singh@arm.com>

REF:  https://bugzilla.tianocore.org/show_bug.cgi?id=3D4410
REPO: https://github.com/tianocore/edk2/commit/7c9e1303fce5d49f8b597b4afd99=
ed855faaffaa=20

Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function
contains a scenario to prevent a possible dictionary attack on the MorLock
Key in accordance with the TCG Platform Reset Mitigation Spec v1.10.

The mechanism to prevent this attack must also change the MorLock Variable
Value to 0x01 to indicate Locked Without Key.

ASSERT_EFI_ERROR is added for error visibility since SetMorLockVariable
returns a status code

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Abhi Singh <Abhi.Singh@arm.com>

Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
---

Notes:
    v2:
    - capturing return status of SetMorLockVariable
      with ASSERT_EFI_ERROR for visibility [Michael]

 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/M=
deModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index da1105ff07..28e8cc55d9 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -312,6 +312,11 @@ SetVariableCheckHandlerMorLock (
       mMorLockState    =3D MorLockStateLocked;=0D
       mMorLockKeyEmpty =3D TRUE;=0D
       ZeroMem (mMorLockKey, sizeof (mMorLockKey));=0D
+      //=0D
+      // Update value to reflect locked without key=0D
+      //=0D
+      Status =3D SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY);=0D
+      ASSERT_EFI_ERROR (Status);=0D
       return EFI_ACCESS_DENIED;=0D
     }=0D
   }=0D
--=20
2.34.1