* [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI
2024-05-24 5:44 Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
0 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
From: Ard Biesheuvel <ardb@kernel.org>
Currently, only TPM2 builds enable the PCD PEIM, which is a prerequisite
for being able to use dynamic PCDs already at the PEI stage. This
facility will be used for other reasons too so move those pieces out of
code block that are conditional on TPM2_ENABLE
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Committed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 6 +-----
ArmVirtPkg/ArmVirtQemu.fdf | 2 +-
2 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 1d3315ad3e..4498ca58a8 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -318,11 +318,7 @@
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM]
-!if $(TPM2_ENABLE) == TRUE
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
-!else
- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
-!endif
################################################################################
#
@@ -339,11 +335,11 @@
ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf
ArmPkg/Drivers/CpuPei/CpuPei.inf
-!if $(TPM2_ENABLE) == TRUE
MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
+!if $(TPM2_ENABLE) == TRUE
MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf {
<LibraryClasses>
ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 764f652afd..6073a31970 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -111,8 +111,8 @@ READ_LOCK_STATUS = TRUE
INF ArmPkg/Drivers/CpuPei/CpuPei.inf
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
-!if $(TPM2_ENABLE) == TRUE
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+!if $(TPM2_ENABLE) == TRUE
INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
--
2.34.1
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
@ 2024-05-24 5:44 Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
` (19 more replies)
0 siblings, 20 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Liming Gao
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation,
instead it uses EFI_RNG_PROTOCOL provided by the plaform to
generate random numbers.
- This change was made such that any future random number
generation vulnerabilities will be a result of the platforms
implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg
- NetworkPkg uses the TCP initial sequence number algorithm as described
in RFC 6528 to generate the initial sequence number for TCP connections.
- This change was made to ensure that the initial sequence number
is not predictable and therefore cannot be used in a TCP hijacking
attack.
In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
Hash2DxeCrypto driver to support TCP ISN generation using
EFI_HASH2_PROTOCOL
- EmulatorPkg was updated to include the
RngDxe driver to support random number generation using the
EFI_RNG_PROTOCOL
- OvmfPkg, and ArmVirtPkg were updated to include the
virtio-rng-pci device to support random number generation using the
EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver
- SecurityPkg was updated to fix an incorrect limitation on the
GetRng function in the RngDxe driver where the minimum amount of
random data that could be requested was 32 bytes (256 bits) instead
of what the caller requested
- MdePkg was updated to include MockUefiBootServicesTableLib,
MockRng, and MockHash2 protocols for testing
- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
due to underlying changes
- ArmPkg was updated to allow the SMC/HVC monitor conduit to be
specified at runtime
- MdePkg was updated to remove an overzealous ASSERT in BaseRngLib
- ArmVirtPkg was updated to permit the use of dynamic PCDs in PEI
- ArmVirtPkg was updated to use dynamic PCDs to set the SMCCC conduit
- ArmVirtPkg was updated to add the RngDxe driver
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Ard Biesheuvel (6):
ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()
ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI
ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit
ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and ArmVirt.dsc.inc
ArmVirtPkg/ArmVirtQemu: Add RngDxe driver
Doug Flick (8):
EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
NetworkPkg:: SECURITY PATCH CVE-2023-45237
NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
MdePkg: : Add MockUefiBootServicesTableLib
MdePkg: : Adds Protocol for MockRng
MdePkg: Add MockHash2 Protocol for testing
NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
Flickdm (6):
EmulatorPkg: : Add RngDxe to EmulatorPkg
OvmfPkg:PlatformCI: Support virtio-rng-pci
ArmVirtPkg:PlatformCI: Support virtio-rng-pci
ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
ArmVirtPkg: Move PcdMonitorConduitHvc
ArmPkg/ArmPkg.dec | 10 +-
NetworkPkg/NetworkPkg.dec | 7 +
ArmVirtPkg/ArmVirt.dsc.inc | 5 +-
ArmVirtPkg/ArmVirtCloudHv.dsc | 3 +
ArmVirtPkg/ArmVirtKvmTool.dsc | 4 +-
ArmVirtPkg/ArmVirtQemu.dsc | 20 +-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 12 +-
ArmVirtPkg/ArmVirtXen.dsc | 6 +-
EmulatorPkg/EmulatorPkg.dsc | 14 +-
MdePkg/Test/MdePkgHostTest.dsc | 1 +
NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 6 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 6 +-
OvmfPkg/OvmfPkgX64.dsc | 6 +-
OvmfPkg/OvmfXen.dsc | 5 +
ArmVirtPkg/ArmVirtQemu.fdf | 2 +-
EmulatorPkg/EmulatorPkg.fdf | 11 +-
OvmfPkg/OvmfPkgIa32.fdf | 5 +
OvmfPkg/OvmfPkgIa32X64.fdf | 5 +
OvmfPkg/OvmfPkgX64.fdf | 5 +
OvmfPkg/OvmfXen.fdf | 5 +
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 1 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf | 32 +++
NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 14 +-
NetworkPkg/TcpDxe/TcpDxe.inf | 11 +-
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf | 3 +-
MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h | 78 +++++++
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h | 67 ++++++
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48 ++++
NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +-
NetworkPkg/Include/Library/NetLib.h | 40 +++-
NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +-
NetworkPkg/TcpDxe/TcpFunc.h | 23 +-
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++-
ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c | 2 +-
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 14 ++
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 1 -
NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +-
NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +-
NetworkPkg/DnsDxe/DnsDhcp.c | 10 +-
NetworkPkg/DnsDxe/DnsImpl.c | 11 +-
NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +-
NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 +-
NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +-
NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +-
NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +-
NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 +-
NetworkPkg/Ip6Dxe/Ip6If.c | 12 +-
NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +-
NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++-
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 130 +++++++++--
NetworkPkg/TcpDxe/TcpDriver.c | 105 ++++++++-
NetworkPkg/TcpDxe/TcpInput.c | 13 +-
NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++--
NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +-
NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +-
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 -
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 6 +
ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp | 69 ++++++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 +++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 ++
NetworkPkg/SecurityFixes.yaml | 61 +++++
NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp | 102 +++++++-
OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 +
69 files changed, 1397 insertions(+), 173 deletions(-)
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119227): https://edk2.groups.io/g/devel/message/119227
Mute This Topic: https://groups.io/mt/106276830/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
` (18 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Andrew Fish, Ray Ni
This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
EmulatorPkg/EmulatorPkg.dsc | 7 ++++++-
EmulatorPkg/EmulatorPkg.fdf | 6 +++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 5fa1ed345a..0a66294cb7 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -127,9 +127,9 @@
ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
+ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -398,6 +398,11 @@
EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
EmulatorPkg/TimerDxe/Timer.inf
+ #
+ # Rng Protocol producer
+ #
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 5420756eaa..d756c144d9 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -193,6 +193,11 @@ INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
+#
+# Rng Protocol producer
+#
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
#
# Secure Boot Key Enroll
#
@@ -320,4 +325,3 @@ INF ShellPkg/Application/Shell/Shell.inf
UI STRING="$(MODULE_NAME)" Optional
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
}
-
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119228): https://edk2.groups.io/g/devel/message/119228
Mute This Topic: https://groups.io/mt/106276853/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
` (17 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Andrew Fish, Ray Ni
From: Doug Flick <dougflick@microsoft.com>
This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
EmulatorPkg/EmulatorPkg.dsc | 9 +++++++--
EmulatorPkg/EmulatorPkg.fdf | 5 +++++
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb7..1c356bc8c7 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@
FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -402,6 +403,10 @@
# Rng Protocol producer
#
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d9..73d5b0068d 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
#
INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Secure Boot Key Enroll
#
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119229): https://edk2.groups.io/g/devel/message/119229
Mute This Topic: https://groups.io/mt/106276854/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
` (16 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py b/OvmfPkg/PlatformCI/PlatformBuildLib.py
index 00d454954b..3fe80f5c1c 100644
--- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
+++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
@@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager):
args += " -net none" # turn off network
args += " -smp 4"
args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # Mount disk with startup.nsh
+ # Provides Rng services to the Guest VM
+ args += " -device virtio-rng-pci"
if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
args += " -display none" # no graphics
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119230): https://edk2.groups.io/g/devel/message/119230
Mute This Topic: https://groups.io/mt/106276855/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (2 preceding siblings ...)
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
` (15 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann
From: Doug Flick <dougflick@microsoft.com>
This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 6 +++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 6 +++++-
OvmfPkg/OvmfPkgX64.dsc | 6 +++++-
OvmfPkg/OvmfXen.dsc | 5 +++++
OvmfPkg/OvmfPkgIa32.fdf | 5 +++++
OvmfPkg/OvmfPkgIa32X64.fdf | 5 +++++
OvmfPkg/OvmfPkgX64.fdf | 5 +++++
OvmfPkg/OvmfXen.fdf | 5 +++++
8 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 1be021be71..2ca005d768 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -229,7 +229,6 @@
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
-
#
# Network libraries
#
@@ -858,6 +857,11 @@
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d27a4c7278..a39070a626 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -234,7 +234,6 @@
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
-
#
# Network libraries
#
@@ -872,6 +871,11 @@
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8f5cd23b2e..1b90aa8f57 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -250,7 +250,6 @@
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
-
#
# Network libraries
#
@@ -940,6 +939,11 @@
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index fa1a570e74..7fc340d1c1 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -667,6 +667,11 @@
MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network Support
#
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 6eb26f7d46..0d4abb50a8 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,6 +295,11 @@ INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 080784f722..23a825a012 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -296,6 +296,11 @@ INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b6e8f43566..4dcd6a033c 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -329,6 +329,11 @@ INF MdeModulePkg/Logo/LogoDxe.inf
INF OvmfPkg/TdxDxe/TdxDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index 5770b17316..41368f37e2 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -314,6 +314,11 @@ INF ShellPkg/Application/Shell/Shell.inf
INF MdeModulePkg/Logo/LogoDxe.inf
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# Network modules
#
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119231): https://edk2.groups.io/g/devel/message/119231
Mute This Topic: https://groups.io/mt/106276856/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (3 preceding siblings ...)
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
` (14 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
index 0ddaccf9c2..3abab09141 100644
--- a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
+++ b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
@@ -240,6 +240,8 @@ class PlatformBuilder(UefiBuilder, BuildSettingsManager):
args += " -serial stdio"
# Mount disk with startup.nsh
args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk"
+ # Provides Rng services to the Guest VM
+ args += " -device virtio-rng-pci"
# Conditional Args
if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119232): https://edk2.groups.io/g/devel/message/119232
Mute This Topic: https://groups.io/mt/106276857/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (4 preceding siblings ...)
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
` (13 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 +++++
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +++++
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +++++
3 files changed, 15 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7e2ff33ad1..1d3315ad3e 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -554,6 +554,11 @@
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # Hash2 Protocol Support
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# TPM2 support
#
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index efe2df97bd..94f48593c2 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -461,6 +461,11 @@
MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # Hash2 Protocol Support
+ #
+ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# ACPI Support
#
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index c5d097ffb9..80d420023e 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -177,6 +177,11 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ #
+ # Hash2 Protocol producer
+ #
+ INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
#
# TPM2 support
#
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119233): https://edk2.groups.io/g/devel/message/119233
Mute This Topic: https://groups.io/mt/106276858/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (5 preceding siblings ...)
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
@ 2024-05-24 5:44 ` Doug Flick via groups.io
2024-05-24 5:53 ` Yao, Jiewen
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
` (12 subsequent siblings)
19 siblings, 1 reply; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:44 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
> // When a DRBG is used on the output of a entropy source,
> // its security level must be at least 256 bits according to UEFI
Spec.
> //
> if (RNGValueLength < 32) {
> return EFI_INVALID_PARAMETER;
> }
>
AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16e4b..5723ed6957 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
// The "raw" algorithm is intended to provide entropy directly
//
if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
- //
- // When a DRBG is used on the output of a entropy source,
- // its security level must be at least 256 bits according to UEFI Spec.
- //
- if (RNGValueLength < 32) {
- return EFI_INVALID_PARAMETER;
- }
-
Status = GenerateEntropy (RNGValueLength, RNGValue);
return Status;
}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119234): https://edk2.groups.io/g/devel/message/119234
Mute This Topic: https://groups.io/mt/106276859/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (6 preceding siblings ...)
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
` (11 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Saloni Kasbekar, Zachary Clark-williams
From: Doug Flick <dougflick@microsoft.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542
Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of a Weak PseudoRandom Number Generator
Change Overview:
Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either
>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
> OUT UINT32 *Output
> );
>
or (depending on the use case)
>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
> OUT VOID *Output,
> IN UINTN OutputLength
> );
>
This is because the use of
Example:
The following code snippet PseudoRandomU32 () function is used:
>
> UINT32 Random;
>
> Status = PseudoRandomU32 (&Random);
> if (EFI_ERROR (Status)) {
> DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
> return Status;
> }
>
This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.
>
> PcdEnforceSecureRngAlgorithms
>
If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/NetworkPkg.dec | 7 ++
NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 14 ++-
NetworkPkg/TcpDxe/TcpDxe.inf | 3 +
NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +-
NetworkPkg/Include/Library/NetLib.h | 40 ++++--
NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +-
NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +-
NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +-
NetworkPkg/DnsDxe/DnsDhcp.c | 10 +-
NetworkPkg/DnsDxe/DnsImpl.c | 11 +-
NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +-
NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++-
NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +--
NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +-
NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +-
NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++-
NetworkPkg/Ip6Dxe/Ip6If.c | 12 +-
NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +-
NetworkPkg/Ip6Dxe/Ip6Nd.c | 33 ++++-
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 130 +++++++++++++++++---
NetworkPkg/TcpDxe/TcpDriver.c | 15 ++-
NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +-
NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +-
NetworkPkg/SecurityFixes.yaml | 39 ++++++
27 files changed, 410 insertions(+), 83 deletions(-)
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e774..7c4289b77b 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
#
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) Microsoft Corporation
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -130,6 +131,12 @@
# @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C
+ ## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections.
+ # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.
+ # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
+ # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
+
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
# 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec..a8f534a293 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
#
# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -49,7 +50,11 @@
gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable
gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable
gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
-
+ gEfiRngAlgorithmRaw ## CONSUMES
+ gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES
+ gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES
+ gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES
+ gEfiRngAlgorithmArmRndr ## CONSUMES
[Protocols]
gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES
@@ -59,3 +64,10 @@
gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES
gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiRngProtocolGuid ## CONSUMES
+
+[FixedPcd]
+ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES
+
+[Depex]
+ gEfiRngProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index c0acbdca57..cf5423f4c5 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -82,5 +82,8 @@
gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
+[Depex]
+ gEfiHash2ServiceBindingProtocolGuid
+
[UserExtensions.TianoCore."ExtraFiles"]
TcpDxeExtra.uni
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
index a951eee70e..91b2cd2261 100644
--- a/NetworkPkg/IScsiDxe/IScsiMisc.h
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
@@ -2,6 +2,7 @@
Miscellaneous definitions for iSCSI driver.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -202,8 +203,11 @@ IScsiNetNtoi (
@param[in, out] Rand The buffer to contain random numbers.
@param[in] RandLength The length of the Rand buffer.
+ @retval EFI_SUCCESS on success
+ @retval others on error
+
**/
-VOID
+EFI_STATUS
IScsiGenRandom (
IN OUT UINT8 *Rand,
IN UINTN RandLength
diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h
index 8c0e62b388..e8108b79db 100644
--- a/NetworkPkg/Include/Library/NetLib.h
+++ b/NetworkPkg/Include/Library/NetLib.h
@@ -3,6 +3,7 @@
It provides basic functions for the UEFI network stack.
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr;
#define TICKS_PER_MS 10000U
#define TICKS_PER_SECOND 10000000U
-#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % 4294967295UL)
-
/**
Extract a UINT32 from a byte stream.
@@ -580,19 +579,40 @@ NetPutUint32 (
);
/**
- Initialize a random seed using current time and monotonic count.
+ Generate a Random output data given a length.
- Get current time and monotonic count first. Then initialize a random seed
- based on some basic mathematics operation on the hour, day, minute, second,
- nanosecond and year of the current time and the monotonic count value.
+ @param[out] Output - The buffer to store the generated random data.
+ @param[in] OutputLength - The length of the output buffer.
- @return The random seed initialized with current time.
+ @retval EFI_SUCCESS On Success
+ @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+ @return Status code
**/
-UINT32
+EFI_STATUS
EFIAPI
-NetRandomInitSeed (
- VOID
+PseudoRandom (
+ OUT VOID *Output,
+ IN UINTN OutputLength
+ );
+
+/**
+ Generate a 32-bit pseudo-random number.
+
+ @param[out] Output - The buffer to store the generated random number.
+
+ @retval EFI_SUCCESS On Success
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+
+ @return Status code
+**/
+EFI_STATUS
+EFIAPI
+PseudoRandomU32 (
+ OUT UINT32 *Output
);
#define NET_LIST_USER_STRUCT(Entry, Type, Field) \
diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
index bf64e9114e..5795e23c7d 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Nd.h
+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h
@@ -2,7 +2,7 @@
Definition of Neighbor Discovery support routines.
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -780,10 +780,10 @@ Ip6OnArpResolved (
/**
Update the ReachableTime in IP6 service binding instance data, in milliseconds.
- @param[in, out] IpSb Points to the IP6_SERVICE.
-
+ @retval EFI_SUCCESS ReachableTime Updated
+ @retval others Failed to update ReachableTime
**/
-VOID
+EFI_STATUS
Ip6UpdateReachableTime (
IN OUT IP6_SERVICE *IpSb
);
diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
index 8c37e93be3..892caee368 100644
--- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
+++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
@@ -1,6 +1,7 @@
/** @file
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -189,6 +190,13 @@ Dhcp4CreateService (
{
DHCP_SERVICE *DhcpSb;
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
*Service = NULL;
DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE));
@@ -203,7 +211,7 @@ Dhcp4CreateService (
DhcpSb->Image = ImageHandle;
InitializeListHead (&DhcpSb->Children);
DhcpSb->DhcpState = Dhcp4Stopped;
- DhcpSb->Xid = NET_RANDOM (NetRandomInitSeed ());
+ DhcpSb->Xid = Random;
CopyMem (
&DhcpSb->ServiceBinding,
&mDhcp4ServiceBindingTemplate,
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
index b591a4605b..e7f2787a98 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
@@ -3,7 +3,7 @@
implementation for Dhcp6 Driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -123,6 +123,13 @@ Dhcp6CreateService (
{
DHCP6_SERVICE *Dhcp6Srv;
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
*Service = NULL;
Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE));
@@ -147,7 +154,7 @@ Dhcp6CreateService (
Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE;
Dhcp6Srv->Controller = Controller;
Dhcp6Srv->Image = ImageHandle;
- Dhcp6Srv->Xid = (0xffffff & NET_RANDOM (NetRandomInitSeed ()));
+ Dhcp6Srv->Xid = (0xffffff & Random);
CopyMem (
&Dhcp6Srv->ServiceBinding,
diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c
index 933565a32d..9eb3c1d2d8 100644
--- a/NetworkPkg/DnsDxe/DnsDhcp.c
+++ b/NetworkPkg/DnsDxe/DnsDhcp.c
@@ -2,6 +2,7 @@
Functions implementation related with DHCPv4/v6 for DNS driver.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 (
EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token;
BOOLEAN IsDone;
UINTN Index;
+ UINT32 Random;
Image = Instance->Service->ImageHandle;
Controller = Instance->Service->ControllerHandle;
@@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 (
Data = NULL;
InterfaceInfo = NULL;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
ZeroMem ((UINT8 *)ParaList, sizeof (ParaList));
ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA));
@@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 (
Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet);
- Token.Packet->Dhcp4.Header.Xid = HTONL (NET_RANDOM (NetRandomInitSeed ()));
+ Token.Packet->Dhcp4.Header.Xid = Random;
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000);
diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c
index d311812800..c2629bb8df 100644
--- a/NetworkPkg/DnsDxe/DnsImpl.c
+++ b/NetworkPkg/DnsDxe/DnsImpl.c
@@ -2,6 +2,7 @@
DnsDxe support functions implementation.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -1963,6 +1964,14 @@ ConstructDNSQuery (
NET_FRAGMENT Frag;
DNS_HEADER *DnsHeader;
DNS_QUERY_SECTION *DnsQuery;
+ EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Messages carried by UDP are restricted to 512 bytes (not counting the IP
@@ -1977,7 +1986,7 @@ ConstructDNSQuery (
// Fill header
//
DnsHeader = (DNS_HEADER *)Frag.Bulk;
- DnsHeader->Identification = (UINT16)NET_RANDOM (NetRandomInitSeed ());
+ DnsHeader->Identification = (UINT16)Random;
DnsHeader->Flags.Uint16 = 0x0000;
DnsHeader->Flags.Bits.RD = 1;
DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD;
diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
index b22cef4ff5..f964515b0f 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
+++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
@@ -2,6 +2,7 @@
Functions implementation related with DHCPv6 for HTTP boot driver.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -951,6 +952,7 @@ HttpBootDhcp6Sarr (
UINT32 OptCount;
UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE];
EFI_STATUS Status;
+ UINT32 Random;
Dhcp6 = Private->Dhcp6;
ASSERT (Dhcp6 != NULL);
@@ -961,6 +963,12 @@ HttpBootDhcp6Sarr (
OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer);
ASSERT (OptCount > 0);
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION));
if (Retransmit == NULL) {
return EFI_OUT_OF_RESOURCES;
@@ -976,7 +984,7 @@ HttpBootDhcp6Sarr (
Config.IaInfoEvent = NULL;
Config.RapidCommit = FALSE;
Config.ReconfigureAccept = FALSE;
- Config.IaDescriptor.IaId = NET_RANDOM (NetRandomInitSeed ());
+ Config.IaDescriptor.IaId = Random;
Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA;
Config.SolicitRetransmission = Retransmit;
Retransmit->Irt = 4;
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
index b507f11cd4..bebb1ac29b 100644
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
@@ -3,6 +3,7 @@
Configuration.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -576,16 +577,24 @@ IScsiCHAPToSendReq (
//
// CHAP_I=<I>
//
- IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
+ Status = IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1);
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier);
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr);
//
// CHAP_C=<C>
//
- IScsiGenRandom (
- (UINT8 *)AuthData->OutChallenge,
- AuthData->Hash->DigestSize
- );
+ Status = IScsiGenRandom (
+ (UINT8 *)AuthData->OutChallenge,
+ AuthData->Hash->DigestSize
+ );
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
BinToHexStatus = IScsiBinToHex (
(UINT8 *)AuthData->OutChallenge,
AuthData->Hash->DigestSize,
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
index 78dc5c73d3..2159b84949 100644
--- a/NetworkPkg/IScsiDxe/IScsiMisc.c
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
@@ -2,6 +2,7 @@
Miscellaneous routines for iSCSI driver.
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -474,20 +475,17 @@ IScsiNetNtoi (
@param[in, out] Rand The buffer to contain random numbers.
@param[in] RandLength The length of the Rand buffer.
+ @retval EFI_SUCCESS on success
+ @retval others on error
+
**/
-VOID
+EFI_STATUS
IScsiGenRandom (
IN OUT UINT8 *Rand,
IN UINTN RandLength
)
{
- UINT32 Random;
-
- while (RandLength > 0) {
- Random = NET_RANDOM (NetRandomInitSeed ());
- *Rand++ = (UINT8)(Random);
- RandLength--;
- }
+ return PseudoRandom (Rand, RandLength);
}
/**
diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c
index ec483ff01f..683423f38d 100644
--- a/NetworkPkg/Ip4Dxe/Ip4Driver.c
+++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c
@@ -2,6 +2,7 @@
The driver binding and service binding protocol for IP4 driver.
Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -549,11 +550,18 @@ Ip4DriverBindingStart (
EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2;
UINTN Index;
IP4_CONFIG2_DATA_ITEM *DataItem;
+ UINT32 Random;
IpSb = NULL;
Ip4Cfg2 = NULL;
DataItem = NULL;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
//
// Test for the Ip4 service binding protocol
//
@@ -653,7 +661,7 @@ Ip4DriverBindingStart (
//
// Initialize the IP4 ID
//
- mIp4Id = (UINT16)NET_RANDOM (NetRandomInitSeed ());
+ mIp4Id = (UINT16)Random;
return Status;
diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
index 70e232ce6c..4c1354d26c 100644
--- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
+++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
@@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance (
UINTN Index;
UINT16 IfIndex;
IP6_CONFIG_DATA_ITEM *DataItem;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance);
@@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance (
// The NV variable is not set, so generate a random IAID, and write down the
// fresh new configuration as the NV variable now.
//
- Instance->IaId = NET_RANDOM (NetRandomInitSeed ());
+ Instance->IaId = Random;
for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) {
Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31));
diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c
index b483a7d136..cbe011dad4 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Driver.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c
@@ -3,7 +3,7 @@
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -316,7 +316,11 @@ Ip6CreateService (
IpSb->CurHopLimit = IP6_HOP_LIMIT;
IpSb->LinkMTU = IP6_MIN_LINK_MTU;
IpSb->BaseReachableTime = IP6_REACHABLE_TIME;
- Ip6UpdateReachableTime (IpSb);
+ Status = Ip6UpdateReachableTime (IpSb);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
+
//
// RFC4861 RETRANS_TIMER: 1,000 milliseconds
//
@@ -516,11 +520,18 @@ Ip6DriverBindingStart (
EFI_STATUS Status;
EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg;
IP6_CONFIG_DATA_ITEM *DataItem;
+ UINT32 Random;
IpSb = NULL;
Ip6Cfg = NULL;
DataItem = NULL;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
//
// Test for the Ip6 service binding protocol
//
@@ -656,7 +667,7 @@ Ip6DriverBindingStart (
//
// Initialize the IP6 ID
//
- mIp6Id = NET_RANDOM (NetRandomInitSeed ());
+ mIp6Id = Random;
return EFI_SUCCESS;
diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c
index 4629c05f25..f3d11c4d21 100644
--- a/NetworkPkg/Ip6Dxe/Ip6If.c
+++ b/NetworkPkg/Ip6Dxe/Ip6If.c
@@ -2,7 +2,7 @@
Implement IP6 pseudo interface.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -89,6 +89,14 @@ Ip6SetAddress (
IP6_PREFIX_LIST_ENTRY *PrefixEntry;
UINT64 Delay;
IP6_DELAY_JOIN_LIST *DelayNode;
+ EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE);
@@ -164,7 +172,7 @@ Ip6SetAddress (
// Thus queue the address to be processed in Duplicate Address Detection module
// after the delay time (in milliseconds).
//
- Delay = (UINT64)NET_RANDOM (NetRandomInitSeed ());
+ Delay = (UINT64)Random;
Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS);
Delay = RShiftU64 (Delay, 32);
diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c
index e6b2b653e2..498a118543 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Mld.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c
@@ -696,7 +696,15 @@ Ip6UpdateDelayTimer (
IN OUT IP6_MLD_GROUP *Group
)
{
- UINT32 Delay;
+ UINT32 Delay;
+ EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// If the Query packet specifies a Maximum Response Delay of zero, perform timer
@@ -715,7 +723,7 @@ Ip6UpdateDelayTimer (
// is less than the remaining value of the running timer.
//
if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) {
- Group->DelayTimer = Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ());
+ Group->DelayTimer = Delay / 4294967295UL * Random;
}
return EFI_SUCCESS;
diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c
index c10c7017f8..72aa45c10f 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Nd.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c
@@ -2,7 +2,7 @@
Implementation of Neighbor Discovery support routines.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress;
@param[in, out] IpSb Points to the IP6_SERVICE.
+ @retval EFI_SUCCESS ReachableTime Updated
+ @retval others Failed to update ReachableTime
**/
-VOID
+EFI_STATUS
Ip6UpdateReachableTime (
IN OUT IP6_SERVICE *IpSb
)
{
- UINT32 Random;
+ UINT32 Random;
+ EFI_STATUS Status;
- Random = (NetRandomInitSeed () / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
+ Random = (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE;
Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED;
IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE;
+
+ return EFI_SUCCESS;
}
/**
@@ -972,10 +983,17 @@ Ip6InitDADProcess (
IP6_SERVICE *IpSb;
EFI_STATUS Status;
UINT32 MaxDelayTick;
+ UINT32 Random;
NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE);
ASSERT (AddressInfo != NULL);
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
//
// Do nothing if we have already started DAD on the address.
//
@@ -1014,7 +1032,7 @@ Ip6InitDADProcess (
Entry->Transmit = 0;
Entry->Receive = 0;
MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS;
- Entry->RetransTick = (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + 1)) / 5;
+ Entry->RetransTick = (MaxDelayTick * ((Random % 5) + 1)) / 5;
Entry->AddressInfo = AddressInfo;
Entry->Callback = Callback;
Entry->Context = Context;
@@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise (
// in BaseReachableTime and recompute a ReachableTime.
//
IpSb->BaseReachableTime = ReachableTime;
- Ip6UpdateReachableTime (IpSb);
+ Status = Ip6UpdateReachableTime (IpSb);
+ if (EFI_ERROR (Status)) {
+ goto Exit;
+ }
}
if (RetransTimer != 0) {
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index fd4a9e15a8..01c13c08d2 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -3,6 +3,7 @@
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DevicePathLib.h>
#include <Library/PrintLib.h>
#include <Library/UefiLib.h>
+#include <Protocol/Rng.h>
#define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE)
#define DEFAULT_ZERO_START ((UINTN) ~0)
@@ -127,6 +129,25 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = {
0
};
+//
+// These represent UEFI SPEC defined algorithms that should be supported by
+// the RNG protocol and are generally considered secure.
+//
+// The order of the algorithms in this array is important. This order is the order
+// in which the algorithms will be tried by the RNG protocol.
+// If your platform needs to use a specific algorithm for the random number generator,
+// then you should place that algorithm first in the array.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = {
+ &gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256
+ &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
+ &gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256
+ &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG via ARM RNDR register
+ &gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG)
+};
+
+#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))
+
/**
Locate the handles that support SNP, then open one of them
to send the syslog packets. The caller isn't required to close
@@ -884,34 +905,107 @@ Ip6Swap128 (
}
/**
- Initialize a random seed using current time and monotonic count.
+ Generate a Random output data given a length.
- Get current time and monotonic count first. Then initialize a random seed
- based on some basic mathematics operation on the hour, day, minute, second,
- nanosecond and year of the current time and the monotonic count value.
+ @param[out] Output - The buffer to store the generated random data.
+ @param[in] OutputLength - The length of the output buffer.
- @return The random seed initialized with current time.
+ @retval EFI_SUCCESS On Success
+ @retval EFI_INVALID_PARAMETER Pointer is null or size is zero
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+ @return Status code
**/
-UINT32
+EFI_STATUS
EFIAPI
-NetRandomInitSeed (
- VOID
+PseudoRandom (
+ OUT VOID *Output,
+ IN UINTN OutputLength
)
{
- EFI_TIME Time;
- UINT32 Seed;
- UINT64 MonotonicCount;
+ EFI_RNG_PROTOCOL *RngProtocol;
+ EFI_STATUS Status;
+ UINTN AlgorithmIndex;
+
+ if ((Output == NULL) || (OutputLength == 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status));
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+
+ if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
+ for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) {
+ Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output);
+ if (!EFI_ERROR (Status)) {
+ //
+ // Secure Algorithm was supported on this platform
+ //
+ return EFI_SUCCESS;
+ } else if (Status == EFI_UNSUPPORTED) {
+ //
+ // Secure Algorithm was not supported on this platform
+ //
+ DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+
+ //
+ // Try the next secure algorithm
+ //
+ continue;
+ } else {
+ //
+ // Some other error occurred
+ //
+ DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+ }
+
+ //
+ // If we get here, we failed to generate random data using any secure algorithm
+ // Platform owner should ensure that at least one secure algorithm is supported
+ //
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+
+ //
+ // Lets try using the default algorithm (which may not be secure)
+ //
+ Status = RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 *)Output);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status));
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
- gRT->GetTime (&Time, NULL);
- Seed = (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second);
- Seed ^= Time.Nanosecond;
- Seed ^= Time.Year << 7;
+ return EFI_SUCCESS;
+}
+
+/**
+ Generate a 32-bit pseudo-random number.
- gBS->GetNextMonotonicCount (&MonotonicCount);
- Seed += (UINT32)MonotonicCount;
+ @param[out] Output - The buffer to store the generated random number.
- return Seed;
+ @retval EFI_SUCCESS On Success
+ @retval EFI_NOT_FOUND RNG protocol not found
+ @retval Others Error from RngProtocol->GetRNG()
+
+ @return Status code
+**/
+EFI_STATUS
+EFIAPI
+PseudoRandomU32 (
+ OUT UINT32 *Output
+ )
+{
+ return PseudoRandom (Output, sizeof (*Output));
}
/**
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 98a90e0210..8fe6badd68 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -2,7 +2,7 @@
The driver binding and service binding protocol for the TCP driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -163,7 +163,13 @@ TcpDriverEntryPoint (
)
{
EFI_STATUS Status;
- UINT32 Seed;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Install the TCP Driver Binding Protocol
@@ -203,9 +209,8 @@ TcpDriverEntryPoint (
//
// Initialize ISS and random port.
//
- Seed = NetRandomInitSeed ();
- mTcpGlobalIss = NET_RANDOM (Seed) % mTcpGlobalIss;
- mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_PORT_KNOWN));
+ mTcpGlobalIss = Random % mTcpGlobalIss;
+ mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
mTcp6RandomPort = mTcp4RandomPort;
return EFI_SUCCESS;
diff --git a/NetworkPkg/Udp4Dxe/Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Driver.c
index cb917fcfc9..c7ea16f4cd 100644
--- a/NetworkPkg/Udp4Dxe/Udp4Driver.c
+++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c
@@ -1,6 +1,7 @@
/** @file
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -555,6 +556,13 @@ Udp4DriverEntryPoint (
)
{
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Install the Udp4DriverBinding and Udp4ComponentName protocols.
@@ -571,7 +579,7 @@ Udp4DriverEntryPoint (
//
// Initialize the UDP random port.
//
- mUdp4RandomPort = (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
+ mUdp4RandomPort = (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN);
}
return Status;
diff --git a/NetworkPkg/Udp6Dxe/Udp6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Driver.c
index ae96fb9966..edb758d57c 100644
--- a/NetworkPkg/Udp6Dxe/Udp6Driver.c
+++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c
@@ -2,7 +2,7 @@
Driver Binding functions and Service Binding functions for the Network driver module.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -596,6 +596,13 @@ Udp6DriverEntryPoint (
)
{
EFI_STATUS Status;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
//
// Install the Udp6DriverBinding and Udp6ComponentName protocols.
@@ -614,7 +621,7 @@ Udp6DriverEntryPoint (
// Initialize the UDP random port.
//
mUdp6RandomPort = (UINT16)(
- ((UINT16)NetRandomInitSeed ()) %
+ ((UINT16)Random) %
UDP6_PORT_KNOWN +
UDP6_PORT_KNOWN
);
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
index 91146b78cb..452038c219 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
@@ -2,7 +2,7 @@
Functions implementation related with DHCPv4 for UefiPxeBc Driver.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover (
UINT8 VendorOptLen;
UINT32 Xid;
+ Status = PseudoRandomU32 (&Xid);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
Mode = Private->PxeBc.Mode;
Dhcp4 = Private->Dhcp4;
Status = EFI_SUCCESS;
@@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover (
//
// Set fields of the token for the request packet.
//
- Xid = NET_RANDOM (NetRandomInitSeed ());
Token.Packet->Dhcp4.Header.Xid = HTONL (Xid);
Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0));
CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS));
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
index 7fd1281c11..bcabbd2219 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
@@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover (
UINTN ReadSize;
UINT16 OpCode;
UINT16 OpLen;
- UINT32 Xid;
+ UINT32 Random;
EFI_STATUS Status;
UINTN DiscoverLenNeeded;
@@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover (
return EFI_DEVICE_ERROR;
}
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
Discover = AllocateZeroPool (DiscoverLenNeeded);
if (Discover == NULL) {
@@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover (
//
// Build the discover packet by the cached request packet before.
//
- Xid = NET_RANDOM (NetRandomInitSeed ());
- Discover->TransactionId = HTONL (Xid);
+ Discover->TransactionId = HTONL (Random);
Discover->MessageType = Request->Dhcp6.Header.MessageType;
RequestOpt = Request->Dhcp6.Option;
DiscoverOpt = Discover->DhcpOptions;
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
index d84aca7e85..4cd915b411 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
@@ -3,6 +3,7 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -892,6 +893,13 @@ PxeBcCreateIp6Children (
PXEBC_PRIVATE_PROTOCOL *Id;
EFI_SIMPLE_NETWORK_PROTOCOL *Snp;
UINTN Index;
+ UINT32 Random;
+
+ Status = PseudoRandomU32 (&Random);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCOL: %r\n", Status));
+ return Status;
+ }
if (Private->Ip6Nic != NULL) {
//
@@ -935,9 +943,9 @@ PxeBcCreateIp6Children (
}
//
- // Generate a random IAID for the Dhcp6 assigned address.
+ // Set a random IAID for the Dhcp6 assigned address.
//
- Private->IaId = NET_RANDOM (NetRandomInitSeed ());
+ Private->IaId = Random;
if (Private->Snp != NULL) {
for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) {
Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31));
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
index fa42025e0d..20a4555019 100644
--- a/NetworkPkg/SecurityFixes.yaml
+++ b/NetworkPkg/SecurityFixes.yaml
@@ -122,3 +122,42 @@ CVE_2023_45235:
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45237:
+ commit_titles:
+ - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
+ cve: CVE-2023-45237
+ date_reported: 2023-08-28 13:56 UTC
+ description: "Bug 09 - Use of a Weak PseudoRandom Number Generator"
+ note:
+ files_impacted:
+ - NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
+ - NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
+ - NetworkPkg/DnsDxe/DnsDhcp.c
+ - NetworkPkg/DnsDxe/DnsImpl.c
+ - NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
+ - NetworkPkg/IScsiDxe/IScsiCHAP.c
+ - NetworkPkg/IScsiDxe/IScsiMisc.c
+ - NetworkPkg/IScsiDxe/IScsiMisc.h
+ - NetworkPkg/Include/Library/NetLib.h
+ - NetworkPkg/Ip4Dxe/Ip4Driver.c
+ - NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
+ - NetworkPkg/Ip6Dxe/Ip6Driver.c
+ - NetworkPkg/Ip6Dxe/Ip6If.c
+ - NetworkPkg/Ip6Dxe/Ip6Mld.c
+ - NetworkPkg/Ip6Dxe/Ip6Nd.c
+ - NetworkPkg/Ip6Dxe/Ip6Nd.h
+ - NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+ - NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+ - NetworkPkg/NetworkPkg.dec
+ - NetworkPkg/TcpDxe/TcpDriver.c
+ - NetworkPkg/Udp4Dxe/Udp4Driver.c
+ - NetworkPkg/Udp6Dxe/Udp6Driver.c
+ - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
+ - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+ - NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4542
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-45237
+ - http://www.openwall.com/lists/oss-security/2024/01/16/2
+ - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+ - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119235): https://edk2.groups.io/g/devel/message/119235
Mute This Topic: https://groups.io/mt/106276860/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (7 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
` (10 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Saloni Kasbekar, Zachary Clark-williams
From: Doug Flick <dougflick@microsoft.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
A TCP implementation MUST use the above type of "clock" for clock-
driven selection of initial sequence numbers (MUST-8), and SHOULD
generate its initial sequence numbers with the expression:
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
where M is the 4 microsecond timer, and F() is a pseudorandom
function (PRF) of the connection's identifying parameters ("localip,
localport, remoteip, remoteport") and a secret key ("secretkey")
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
an attacker could still guess at sequence numbers from the ISN used
for some other connection. The PRF could be implemented as a
cryptographic hash of the concatenation of the TCP connection
parameters and some secret data. For discussion of the selection of
a specific hash algorithm and management of the secret key data,
please see Section 3 of [42].
For each connection there is a send sequence number and a receive
sequence number. The initial send sequence number (ISS) is chosen by
the data sending TCP peer, and the initial receive sequence number
(IRS) is learned during the connection-establishing procedure.
For a connection to be established or initialized, the two TCP peers
must synchronize on each other's initial sequence numbers. This is
done in an exchange of connection-establishing segments carrying a
control bit called "SYN" (for synchronize) and the initial sequence
numbers. As a shorthand, segments carrying the SYN bit are also
called "SYNs". Hence, the solution requires a suitable mechanism for
picking an initial sequence number and a slightly involved handshake
to exchange the ISNs.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/TcpDxe/TcpDxe.inf | 8 +-
NetworkPkg/TcpDxe/TcpFunc.h | 23 +-
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++-
NetworkPkg/TcpDxe/TcpDriver.c | 92 +++++++-
NetworkPkg/TcpDxe/TcpInput.c | 13 +-
NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++--
NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
NetworkPkg/SecurityFixes.yaml | 22 ++
8 files changed, 415 insertions(+), 49 deletions(-)
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index cf5423f4c5..76de4cf9ec 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -6,6 +6,7 @@
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -68,7 +69,6 @@
NetLib
IpIoLib
-
[Protocols]
## SOMETIMES_CONSUMES
## SOMETIMES_PRODUCES
@@ -81,6 +81,12 @@
gEfiIp6ServiceBindingProtocolGuid ## TO_START
gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
+ gEfiHash2ProtocolGuid ## BY_START
+ gEfiHash2ServiceBindingProtocolGuid ## BY_START
+
+[Guids]
+ gEfiHashAlgorithmMD5Guid ## CONSUMES
+ gEfiHashAlgorithmSha256Guid ## CONSUMES
[Depex]
gEfiHash2ServiceBindingProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
index a7af01fff2..c707bee3e5 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
@@ -2,7 +2,7 @@
Declaration of external functions shared in TCP driver.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -36,8 +36,11 @@ VOID
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpInitTcbLocal (
IN OUT TCP_CB *Tcb
);
@@ -128,17 +131,6 @@ TcpCloneTcb (
IN TCP_CB *Tcb
);
-/**
- Compute an ISS to be used by a new connection.
-
- @return The result ISS.
-
-**/
-TCP_SEQNO
-TcpGetIss (
- VOID
- );
-
/**
Get the local mss.
@@ -202,8 +194,11 @@ TcpFormatNetbuf (
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
connection.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpOnAppConnect (
IN OUT TCP_CB *Tcb
);
diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
index c0c9b7f46e..4d5566ab93 100644
--- a/NetworkPkg/TcpDxe/TcpMain.h
+++ b/NetworkPkg/TcpDxe/TcpMain.h
@@ -3,7 +3,7 @@
It is the common head file for all Tcp*.c in TCP driver.
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -13,6 +13,7 @@
#include <Protocol/ServiceBinding.h>
#include <Protocol/DriverBinding.h>
+#include <Protocol/Hash2.h>
#include <Library/IpIoLib.h>
#include <Library/DevicePathLib.h>
#include <Library/PrintLib.h>
@@ -31,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable;
extern LIST_ENTRY mTcpRunQue;
extern LIST_ENTRY mTcpListenQue;
-extern TCP_SEQNO mTcpGlobalIss;
+extern TCP_SEQNO mTcpGlobalSecret;
extern UINT32 mTcpTick;
///
@@ -45,14 +46,6 @@ extern UINT32 mTcpTick;
#define TCP_EXPIRE_TIME 65535
-///
-/// The implementation selects the initial send sequence number and the unit to
-/// be added when it is increased.
-///
-#define TCP_BASE_ISS 0x4d7e980b
-#define TCP_ISS_INCREMENT_1 2048
-#define TCP_ISS_INCREMENT_2 100
-
typedef union {
EFI_TCP4_CONFIG_DATA Tcp4CfgData;
EFI_TCP6_CONFIG_DATA Tcp6CfgData;
@@ -774,4 +767,50 @@ Tcp6Poll (
IN EFI_TCP6_PROTOCOL *This
);
+/**
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
+ and remote IP addresses and ports.
+
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
+ Where the ISN is computed as follows:
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
+
+ Otherwise:
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
+
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
+ ISN used for some other connection. The PRF could be implemented as a
+ cryptographic hash of the concatenation of the TCP connection parameters and some
+ secret data. For discussion of the selection of a specific hash algorithm and
+ management of the secret key data."
+
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
+ @param[in] LocalPort The local port number of the TCP connection.
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
+ @param[in] RemotePort The remote port number of the TCP connection.
+ @param[out] Isn A pointer to the variable that will receive the Initial
+ Sequence Number (ISN).
+
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
+ retrieved.
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
+ @retval EFI_UNSUPPORTED The operation is not supported.
+
+**/
+EFI_STATUS
+TcpGetIsn (
+ IN UINT8 *LocalIp,
+ IN UINTN LocalIpSize,
+ IN UINT16 LocalPort,
+ IN UINT8 *RemoteIp,
+ IN UINTN RemoteIpSize,
+ IN UINT16 RemotePort,
+ OUT TCP_SEQNO *Isn
+ );
+
#endif
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 8fe6badd68..40bba4080c 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = {
TcpServiceBindingDestroyChild
};
+//
+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces
+// if the platform does not provide one.
+//
+EFI_HANDLE mHash2ServiceHandle = NULL;
+
/**
Create and start the heartbeat timer for the TCP driver.
@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
EFI_STATUS Status;
UINT32 Random;
+ //
+ // Initialize the Secret used for hashing TCP sequence numbers
+ //
+ // Normally this should be regenerated periodically, but since
+ // this is only used for UEFI networking and not a general purpose
+ // operating system, it is not necessary to regenerate it.
+ //
+ Status = PseudoRandomU32 (&mTcpGlobalSecret);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
+ return Status;
+ }
+
+ //
+ // Get a random number used to generate a random port number
+ // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret
+ //
Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
}
//
- // Initialize ISS and random port.
+ // Initialize the random port.
//
- mTcpGlobalIss = Random % mTcpGlobalIss;
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
mTcp6RandomPort = mTcp4RandomPort;
@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.
@retval EFI_OUT_OF_RESOURCES Failed to allocate some resources.
+ @retval EFI_UNSUPPORTED Service Binding Protocols are unavailable.
+ @retval EFI_ALREADY_STARTED The TCP driver is already started on the controller.
@retval EFI_SUCCESS A new IP6 service binding private was created.
**/
@@ -234,11 +258,13 @@ TcpCreateService (
IN UINT8 IpVersion
)
{
- EFI_STATUS Status;
- EFI_GUID *IpServiceBindingGuid;
- EFI_GUID *TcpServiceBindingGuid;
- TCP_SERVICE_DATA *TcpServiceData;
- IP_IO_OPEN_DATA OpenData;
+ EFI_STATUS Status;
+ EFI_GUID *IpServiceBindingGuid;
+ EFI_GUID *TcpServiceBindingGuid;
+ TCP_SERVICE_DATA *TcpServiceData;
+ IP_IO_OPEN_DATA OpenData;
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
if (IpVersion == IP_VERSION_4) {
IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid;
@@ -272,6 +298,33 @@ TcpCreateService (
return EFI_UNSUPPORTED;
}
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
+ if (EFI_ERROR (Status)) {
+ //
+ // If we can't find the Hashing protocol, then we need to create one.
+ //
+
+ //
+ // Platform is expected to publish the hash service binding protocol to support TCP.
+ //
+ Status = gBS->LocateProtocol (
+ &gEfiHash2ServiceBindingProtocolGuid,
+ NULL,
+ (VOID **)&Hash2ServiceBinding
+ );
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ //
+ // Create an instance of the hash protocol for this controller.
+ //
+ Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ if (EFI_ERROR (Status)) {
+ return EFI_UNSUPPORTED;
+ }
+ }
+
//
// Create the TCP service data.
//
@@ -423,6 +476,7 @@ TcpDestroyService (
EFI_STATUS Status;
LIST_ENTRY *List;
TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
@@ -439,6 +493,30 @@ TcpDestroyService (
return EFI_SUCCESS;
}
+ //
+ // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.
+ //
+ if (mHash2ServiceHandle != NULL) {
+ Status = gBS->LocateProtocol (
+ &gEfiHash2ServiceBindingProtocolGuid,
+ NULL,
+ (VOID **)&Hash2ServiceBinding
+ );
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ //
+ // Destroy the instance of the hashing protocol for this controller.
+ //
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ if (EFI_ERROR (Status)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ mHash2ServiceHandle = NULL;
+ }
+
Status = gBS->OpenProtocol (
NicHandle,
ServiceBindingGuid,
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
index 97633a3908..a5d575ccaf 100644
--- a/NetworkPkg/TcpDxe/TcpInput.c
+++ b/NetworkPkg/TcpDxe/TcpInput.c
@@ -724,6 +724,7 @@ TcpInput (
TCP_SEQNO Urg;
UINT16 Checksum;
INT32 Usable;
+ EFI_STATUS Status;
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
@@ -872,7 +873,17 @@ TcpInput (
Tcb->LocalEnd.Port = Head->DstPort;
Tcb->RemoteEnd.Port = Head->SrcPort;
- TcpInitTcbLocal (Tcb);
+ Status = TcpInitTcbLocal (Tcb);
+ if (EFI_ERROR (Status)) {
+ DEBUG (
+ (DEBUG_ERROR,
+ "TcpInput: discard a segment because failed to init local end for TCB %p\n",
+ Tcb)
+ );
+
+ goto DISCARD;
+ }
+
TcpInitTcbPeer (Tcb, Seg, &Option);
TcpSetState (Tcb, TCP_SYN_RCVD);
diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
index c93212d47d..3310306f63 100644
--- a/NetworkPkg/TcpDxe/TcpMisc.c
+++ b/NetworkPkg/TcpDxe/TcpMisc.c
@@ -3,7 +3,7 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -20,7 +20,34 @@ LIST_ENTRY mTcpListenQue = {
&mTcpListenQue
};
-TCP_SEQNO mTcpGlobalIss = TCP_BASE_ISS;
+//
+// The Session secret
+// This must be initialized to a random value at boot time
+//
+TCP_SEQNO mTcpGlobalSecret;
+
+//
+// Union to hold either an IPv4 or IPv6 address
+// This is used to simplify the ISN hash computation
+//
+typedef union {
+ UINT8 IPv4[4];
+ UINT8 IPv6[16];
+} NETWORK_ADDRESS;
+
+//
+// The ISN is computed by hashing this structure
+// It is initialized with the local and remote IP addresses and ports
+// and the secret
+//
+//
+typedef struct {
+ UINT16 LocalPort;
+ UINT16 RemotePort;
+ NETWORK_ADDRESS LocalAddress;
+ NETWORK_ADDRESS RemoteAddress;
+ TCP_SEQNO Secret;
+} ISN_HASH_CTX;
CHAR16 *mTcpStateName[] = {
L"TCP_CLOSED",
@@ -41,12 +68,18 @@ CHAR16 *mTcpStateName[] = {
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpInitTcbLocal (
IN OUT TCP_CB *Tcb
)
{
+ TCP_SEQNO Isn;
+ EFI_STATUS Status;
+
//
// Compute the checksum of the fixed parts of pseudo header
//
@@ -57,6 +90,16 @@ TcpInitTcbLocal (
0x06,
0
);
+
+ Status = TcpGetIsn (
+ Tcb->LocalEnd.Ip.v4.Addr,
+ sizeof (IPv4_ADDRESS),
+ Tcb->LocalEnd.Port,
+ Tcb->RemoteEnd.Ip.v4.Addr,
+ sizeof (IPv4_ADDRESS),
+ Tcb->RemoteEnd.Port,
+ &Isn
+ );
} else {
Tcb->HeadSum = NetIp6PseudoHeadChecksum (
&Tcb->LocalEnd.Ip.v6,
@@ -64,9 +107,25 @@ TcpInitTcbLocal (
0x06,
0
);
+
+ Status = TcpGetIsn (
+ Tcb->LocalEnd.Ip.v6.Addr,
+ sizeof (IPv6_ADDRESS),
+ Tcb->LocalEnd.Port,
+ Tcb->RemoteEnd.Ip.v6.Addr,
+ sizeof (IPv6_ADDRESS),
+ Tcb->RemoteEnd.Port,
+ &Isn
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));
+ ASSERT (FALSE);
+ return Status;
}
- Tcb->Iss = TcpGetIss ();
+ Tcb->Iss = Isn;
Tcb->SndUna = Tcb->Iss;
Tcb->SndNxt = Tcb->Iss;
@@ -82,6 +141,8 @@ TcpInitTcbLocal (
Tcb->RetxmitSeqMax = 0;
Tcb->ProbeTimerOn = FALSE;
+
+ return EFI_SUCCESS;
}
/**
@@ -506,18 +567,162 @@ TcpCloneTcb (
}
/**
- Compute an ISS to be used by a new connection.
-
- @return The resulting ISS.
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
+ and remote IP addresses and ports.
+
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
+ Where the ISN is computed as follows:
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
+
+ Otherwise:
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
+
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
+ ISN used for some other connection. The PRF could be implemented as a
+ cryptographic hash of the concatenation of the TCP connection parameters and some
+ secret data. For discussion of the selection of a specific hash algorithm and
+ management of the secret key data."
+
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
+ @param[in] LocalPort The local port number of the TCP connection.
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
+ @param[in] RemotePort The remote port number of the TCP connection.
+ @param[out] Isn A pointer to the variable that will receive the Initial
+ Sequence Number (ISN).
+
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
+ retrieved.
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
+ @retval EFI_UNSUPPORTED The operation is not supported.
**/
-TCP_SEQNO
-TcpGetIss (
- VOID
+EFI_STATUS
+TcpGetIsn (
+ IN UINT8 *LocalIp,
+ IN UINTN LocalIpSize,
+ IN UINT16 LocalPort,
+ IN UINT8 *RemoteIp,
+ IN UINTN RemoteIpSize,
+ IN UINT16 RemotePort,
+ OUT TCP_SEQNO *Isn
)
{
- mTcpGlobalIss += TCP_ISS_INCREMENT_1;
- return mTcpGlobalIss;
+ EFI_STATUS Status;
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
+ EFI_HASH2_OUTPUT HashResult;
+ ISN_HASH_CTX IsnHashCtx;
+ EFI_TIME TimeStamp;
+
+ //
+ // Check that the ISN pointer is valid
+ //
+ if (Isn == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // The local ip may be a v4 or v6 address and may not be NULL
+ //
+ if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // the local ip may be a v4 or v6 address
+ //
+ if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Locate the Hash Protocol
+ //
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));
+
+ //
+ // TcpCreateService(..) is expected to be called prior to this function
+ //
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+
+ //
+ // Initialize the hash algorithm
+ //
+ Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));
+ return Status;
+ }
+
+ IsnHashCtx.LocalPort = LocalPort;
+ IsnHashCtx.RemotePort = RemotePort;
+ IsnHashCtx.Secret = mTcpGlobalSecret;
+
+ //
+ // Check the IP address family and copy accordingly
+ //
+ if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {
+ CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);
+ } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {
+ CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);
+ } else {
+ return EFI_INVALID_PARAMETER; // Unsupported address size
+ }
+
+ //
+ // Repeat the process for the remote IP address
+ //
+ if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);
+ } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);
+ } else {
+ return EFI_INVALID_PARAMETER; // Unsupported address size
+ }
+
+ //
+ // Compute the hash
+ // Update the hash with the data
+ //
+ Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));
+ return Status;
+ }
+
+ //
+ // Finalize the hash and retrieve the result
+ //
+ Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));
+ return Status;
+ }
+
+ Status = gRT->GetTime (&TimeStamp, NULL);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // copy the first 4 bytes of the hash result into the ISN
+ //
+ CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));
+
+ //
+ // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)
+ //
+ *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;
+
+ return Status;
}
/**
@@ -721,17 +926,28 @@ TcpFormatNetbuf (
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
connection.
+ @retval EFI_SUCCESS The operation completed successfully
+ @retval others The underlying functions failed and could not complete the operation
+
**/
-VOID
+EFI_STATUS
TcpOnAppConnect (
IN OUT TCP_CB *Tcb
)
{
- TcpInitTcbLocal (Tcb);
+ EFI_STATUS Status;
+
+ Status = TcpInitTcbLocal (Tcb);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
TcpSetState (Tcb, TCP_SYN_SENT);
TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);
TcpToSendData (Tcb, 1);
+
+ return EFI_SUCCESS;
}
/**
diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
index 5d2e124977..065b1bdf5f 100644
--- a/NetworkPkg/TcpDxe/TcpTimer.c
+++ b/NetworkPkg/TcpDxe/TcpTimer.c
@@ -2,7 +2,7 @@
TCP timer related functions.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
+ Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -483,7 +483,6 @@ TcpTickingDpc (
INT16 Index;
mTcpTick++;
- mTcpGlobalIss += TCP_ISS_INCREMENT_2;
//
// Don't use LIST_FOR_EACH, which isn't delete safe.
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
index 20a4555019..4305328425 100644
--- a/NetworkPkg/SecurityFixes.yaml
+++ b/NetworkPkg/SecurityFixes.yaml
@@ -122,6 +122,28 @@ CVE_2023_45235:
- http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45236:
+ commit_titles:
+ - "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Patch"
+ cve: CVE-2023-45236
+ date_reported: 2023-08-28 13:56 UTC
+ description: "Bug 08 - edk2/NetworkPkg: Predictable TCP Initial Sequence Numbers"
+ note:
+ files_impacted:
+ - NetworkPkg/Include/Library/NetLib.h
+ - NetworkPkg/TcpDxe/TcpDriver.c
+ - NetworkPkg/TcpDxe/TcpDxe.inf
+ - NetworkPkg/TcpDxe/TcpFunc.h
+ - NetworkPkg/TcpDxe/TcpInput.c
+ - NetworkPkg/TcpDxe/TcpMain.h
+ - NetworkPkg/TcpDxe/TcpMisc.c
+ - NetworkPkg/TcpDxe/TcpTimer.c
+ links:
+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4541
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-45236
+ - http://www.openwall.com/lists/oss-security/2024/01/16/2
+ - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+ - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
CVE_2023_45237:
commit_titles:
- "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119236): https://edk2.groups.io/g/devel/message/119236
Mute This Topic: https://groups.io/mt/106276861/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (8 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
` (9 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
From: Doug Flick <dougflick@microsoft.com>
This commit adds a mock library for UefiBootServicesTableLib.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
MdePkg/Test/MdePkgHostTest.dsc | 1 +
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf | 32 ++++++++
MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h | 78 ++++++++++++++++++++
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp | 69 +++++++++++++++++
4 files changed, 180 insertions(+)
diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
index e666636b7c..6a85d02236 100644
--- a/MdePkg/Test/MdePkgHostTest.dsc
+++ b/MdePkg/Test/MdePkgHostTest.dsc
@@ -43,6 +43,7 @@
MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+ MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
MdePkg/Test/Mock/Library/GoogleTest/MockFdtLib/MockFdtLib.inf
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
new file mode 100644
index 0000000000..8b64fd195a
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
@@ -0,0 +1,32 @@
+## @file
+# Mock implementation of the UEFI Boot Services Table Library.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MockUefiBootServicesTableLib
+ FILE_GUID = 67EA4614-E276-49EC-9AE6-B97ACCEA676E
+ MODULE_TYPE = HOST_APPLICATION
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = UefiBootServicesTableLib|HOST_APPLICATION
+
+#
+# VALID_ARCHITECTURES = IA32 X64 EBC
+#
+
+[Sources]
+ MockUefiBootServicesTableLib.cpp
+
+[LibraryClasses]
+ GoogleTestLib
+
+[Packages]
+ MdePkg/MdePkg.dec
+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[BuildOptions]
+ MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
new file mode 100644
index 0000000000..d72b941323
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
@@ -0,0 +1,78 @@
+/** @file
+ Google Test mocks for UefiBootServicesTableLib
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+#define MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+extern "C" {
+ #include <Uefi.h>
+ #include <Library/UefiBootServicesTableLib.h>
+}
+
+//
+// Declarations to handle usage of the UefiBootServiceTableLib by creating mock
+//
+struct MockUefiBootServicesTableLib {
+ MOCK_INTERFACE_DECLARATION (MockUefiBootServicesTableLib);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_GetMemoryMap,
+ (IN OUT UINTN *MemoryMapSize,
+ OUT EFI_MEMORY_DESCRIPTOR *MemoryMap,
+ OUT UINTN *MapKey,
+ OUT UINTN *DescriptorSize,
+ OUT UINT32 *DescriptorVersion)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_CreateEvent,
+ (IN UINT32 Type,
+ IN EFI_TPL NotifyTpl,
+ IN EFI_EVENT_NOTIFY NotifyFunction,
+ IN VOID *NotifyContext,
+ OUT EFI_EVENT *Event)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_CloseEvent,
+ (IN EFI_EVENT Event)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_HandleProtocol,
+ (IN EFI_HANDLE Handle,
+ IN EFI_GUID *Protocol,
+ OUT VOID **Interface)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_LocateProtocol,
+ (IN EFI_GUID *Protocol,
+ IN VOID *Registration OPTIONAL,
+ OUT VOID **Interface)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ gBS_CreateEventEx,
+ (IN UINT32 Type,
+ IN EFI_TPL NotifyTpl,
+ IN EFI_EVENT_NOTIFY NotifyFunction OPTIONAL,
+ IN CONST VOID *NotifyContext OPTIONAL,
+ IN CONST EFI_GUID *EventGroup OPTIONAL,
+ OUT EFI_EVENT *Event)
+ );
+};
+
+#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
new file mode 100644
index 0000000000..ced6255418
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
@@ -0,0 +1,69 @@
+/** @file
+ Google Test mocks for UefiBootServicesTableLib
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <GoogleTest/Library/MockUefiBootServicesTableLib.h>
+
+MOCK_INTERFACE_DEFINITION (MockUefiBootServicesTableLib);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_GetMemoryMap, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CreateEvent, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CloseEvent, 1, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_HandleProtocol, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_LocateProtocol, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CreateEventEx, 6, EFIAPI);
+
+static EFI_BOOT_SERVICES LocalBs = {
+ { 0, 0, 0, 0, 0 }, // EFI_TABLE_HEADER
+ NULL, // EFI_RAISE_TPL
+ NULL, // EFI_RESTORE_TPL
+ NULL, // EFI_ALLOCATE_PAGES
+ NULL, // EFI_FREE_PAGES
+ gBS_GetMemoryMap, // EFI_GET_MEMORY_MAP
+ NULL, // EFI_ALLOCATE_POOL
+ NULL, // EFI_FREE_POOL
+ gBS_CreateEvent, // EFI_CREATE_EVENT
+ NULL, // EFI_SET_TIMER
+ NULL, // EFI_WAIT_FOR_EVENT
+ NULL, // EFI_SIGNAL_EVENT
+ gBS_CloseEvent, // EFI_CLOSE_EVENT
+ NULL, // EFI_CHECK_EVENT
+ NULL, // EFI_INSTALL_PROTOCOL_INTERFACE
+ NULL, // EFI_REINSTALL_PROTOCOL_INTERFACE
+ NULL, // EFI_UNINSTALL_PROTOCOL_INTERFACE
+ gBS_HandleProtocol, // EFI_HANDLE_PROTOCOL
+ NULL, // VOID
+ NULL, // EFI_REGISTER_PROTOCOL_NOTIFY
+ NULL, // EFI_LOCATE_HANDLE
+ NULL, // EFI_LOCATE_DEVICE_PATH
+ NULL, // EFI_INSTALL_CONFIGURATION_TABLE
+ NULL, // EFI_IMAGE_LOAD
+ NULL, // EFI_IMAGE_START
+ NULL, // EFI_EXIT
+ NULL, // EFI_IMAGE_UNLOAD
+ NULL, // EFI_EXIT_BOOT_SERVICES
+ NULL, // EFI_GET_NEXT_MONOTONIC_COUNT
+ NULL, // EFI_STALL
+ NULL, // EFI_SET_WATCHDOG_TIMER
+ NULL, // EFI_CONNECT_CONTROLLER
+ NULL, // EFI_DISCONNECT_CONTROLLER
+ NULL, // EFI_OPEN_PROTOCOL
+ NULL, // EFI_CLOSE_PROTOCOL
+ NULL, // EFI_OPEN_PROTOCOL_INFORMATION
+ NULL, // EFI_PROTOCOLS_PER_HANDLE
+ NULL, // EFI_LOCATE_HANDLE_BUFFER
+ gBS_LocateProtocol, // EFI_LOCATE_PROTOCOL
+ NULL, // EFI_INSTALL_MULTIPLE_PROTOCOL_INTERFACES
+ NULL, // EFI_UNINSTALL_MULTIPLE_PROTOCOL_INTERFACES
+ NULL, // EFI_CALCULATE_CRC32
+ NULL, // EFI_COPY_MEM
+ NULL, // EFI_SET_MEM
+ gBS_CreateEventEx // EFI_CREATE_EVENT_EX
+};
+
+extern "C" {
+ EFI_BOOT_SERVICES *gBS = &LocalBs;
+ EFI_HANDLE gImageHandle = NULL;
+ EFI_SYSTEM_TABLE *gST = NULL;
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119237): https://edk2.groups.io/g/devel/message/119237
Mute This Topic: https://groups.io/mt/106276862/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (9 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
` (8 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
From: Doug Flick <dougflick@microsoft.com>
This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h | 48 ++++++++++++++++++++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 +++++++++
2 files changed, 69 insertions(+)
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
new file mode 100644
index 0000000000..b54f8a234b
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
@@ -0,0 +1,48 @@
+/** @file
+ This file declares a mock of Rng Protocol.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_RNG_H_
+#define MOCK_RNG_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+
+extern "C" {
+ #include <Uefi.h>
+ #include <Protocol/Rng.h>
+}
+
+struct MockRng {
+ MOCK_INTERFACE_DECLARATION (MockRng);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ GetInfo,
+ (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ )
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ GetRng,
+ (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm,
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+ );
+};
+
+extern "C" {
+ extern EFI_RNG_PROTOCOL *gRngProtocol;
+}
+
+#endif // MOCK_RNG_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
new file mode 100644
index 0000000000..7d8b69cc86
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
@@ -0,0 +1,21 @@
+/** @file MockRng.cpp
+ Google Test mock for Rng Protocol
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <GoogleTest/Protocol/MockRng.h>
+
+MOCK_INTERFACE_DEFINITION (MockRng);
+MOCK_FUNCTION_DEFINITION (MockRng, GetInfo, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockRng, GetRng, 4, EFIAPI);
+
+EFI_RNG_PROTOCOL RNG_PROTOCOL_INSTANCE = {
+ GetInfo, // EFI_RNG_GET_INFO
+ GetRng // EFI_RNG_GET_RNG
+};
+
+extern "C" {
+ EFI_RNG_PROTOCOL *gRngProtocol = &RNG_PROTOCOL_INSTANCE;
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119238): https://edk2.groups.io/g/devel/message/119238
Mute This Topic: https://groups.io/mt/106276863/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (10 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
` (7 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
From: Doug Flick <dougflick@microsoft.com>
This commit adds a new MockHash2 protocol to the MdePkg. This allows
the unit tests to pick up the new protocol and use it for testing.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h | 67 ++++++++++++++++++++
MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 ++++++++
2 files changed, 94 insertions(+)
diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
new file mode 100644
index 0000000000..b44d341332
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
@@ -0,0 +1,67 @@
+/** @file
+ This file declares a mock of Hash2 Protocol.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_HASH2_H_
+#define MOCK_HASH2_H_
+
+#include <Library/GoogleTestLib.h>
+#include <Library/FunctionMockLib.h>
+
+extern "C" {
+ #include <Uefi.h>
+ #include <Protocol/Hash2.h>
+}
+
+struct MockHash2 {
+ MOCK_INTERFACE_DECLARATION (MockHash2);
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ GetHashSize,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST EFI_GUID *HashAlgorithm,
+ OUT UINTN *HashSize)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ Hash,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST EFI_GUID *HashAlgorithm,
+ IN CONST UINT8 *Message,
+ IN UINTN MessageSize,
+ IN OUT EFI_HASH2_OUTPUT *Hash)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ HashInit,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST EFI_GUID *HashAlgorithm)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ HashUpdate,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN CONST UINT8 *Message,
+ IN UINTN MessageSize)
+ );
+
+ MOCK_FUNCTION_DECLARATION (
+ EFI_STATUS,
+ HashFinal,
+ (IN CONST EFI_HASH2_PROTOCOL *This,
+ IN OUT EFI_HASH2_OUTPUT *Hash)
+ );
+};
+
+extern "C" {
+ extern EFI_HASH2_PROTOCOL *gHash2Protocol;
+}
+
+#endif // MOCK_HASH2_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
new file mode 100644
index 0000000000..5cf94c43b4
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
@@ -0,0 +1,27 @@
+/** @file MockHash2.cpp
+ Google Test mock for Hash2 Protocol
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <GoogleTest/Protocol/MockHash2.h>
+
+MOCK_INTERFACE_DEFINITION (MockHash2);
+MOCK_FUNCTION_DEFINITION (MockHash2, GetHashSize, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, Hash, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashInit, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashUpdate, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashFinal, 2, EFIAPI);
+
+EFI_HASH2_PROTOCOL HASH2_PROTOCOL_INSTANCE = {
+ GetHashSize, // EFI_HASH2_GET_HASH_SIZE
+ Hash, // EFI_HASH2_HASH
+ HashInit, // EFI_HASH2_HASH_INIT
+ HashUpdate, // EFI_HASH2_HASH_UPDATE
+ HashFinal // EFI_HASH2_HASH_FINAL
+};
+
+extern "C" {
+ EFI_HASH2_PROTOCOL *gHash2Protocol = &HASH2_PROTOCOL_INSTANCE;
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119239): https://edk2.groups.io/g/devel/message/119239
Mute This Topic: https://groups.io/mt/106276864/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (11 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime Doug Flick via groups.io
` (6 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Saloni Kasbekar, Zachary Clark-williams
From: Doug Flick <dougflick@microsoft.com>
This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
- Random now comes from the RngLib Protocol
- The TCP ISN is now generated by the hash function
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 +
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf | 3 +-
NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp | 102 +++++++++++++++++++-
3 files changed, 100 insertions(+), 6 deletions(-)
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index fa301a7a52..1772afb058 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -30,6 +30,7 @@
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
<LibraryClasses>
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+ UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
}
# Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
index 301dcdf611..8b092d9291 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -14,7 +14,7 @@ VERSION_STRING = 1.0
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
@@ -23,6 +23,7 @@ VERSION_STRING = 1.0
PxeBcDhcp6GoogleTest.h
../PxeBcDhcp6.c
../PxeBcSupport.c
+ ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
[Packages]
MdePkg/MdePkg.dec
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index bd423ebadf..61736ff79e 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -7,6 +7,8 @@
#include <Library/GoogleTestLib.h>
#include <GoogleTest/Library/MockUefiLib.h>
#include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>
+#include <GoogleTest/Library/MockUefiBootServicesTableLib.h>
+#include <GoogleTest/Protocol/MockRng.h>
extern "C" {
#include <Uefi.h>
@@ -165,7 +167,7 @@ protected:
// Note:
// Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
// properly setup Private structure. Attempting to properly test this function
-// without a signficant refactor is a fools errand. Instead, we will test
+// without a significant refactor is a fools errand. Instead, we will test
// that we can prevent an overflow in the function.
TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
PXEBC_DHCP6_PACKET_CACHE *Cache6 = NULL;
@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
FreePool (Option);
}
}
+
// Test Description
// Test that we can prevent an overflow in the function
TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, AttemptRequestOverFlowExpectFailure) {
class PxeBcDhcp6DiscoverTest : public ::testing::Test {
public:
PXEBC_PRIVATE_DATA Private = { 0 };
+ // create a mock md5 hash
+ UINT8 Md5Hash[16] = { 0 };
+
EFI_UDP6_PROTOCOL Udp6Read;
protected:
MockUefiRuntimeServicesTableLib RtServicesMock;
+ MockUefiBootServicesTableLib BsMock;
+ MockRng RngMock;
// Add any setup code if needed
virtual void
@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
- EXPECT_CALL (RtServicesMock, gRT_GetTime)
- .WillOnce (::testing::Return (0));
+ EXPECT_CALL (BsMock, gBS_LocateProtocol)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ EXPECT_CALL (RngMock, GetRng)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
ASSERT_EQ (
PxeBcDhcp6Discover (
@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
- EXPECT_CALL (RtServicesMock, gRT_GetTime)
- .WillOnce (::testing::Return (0));
+ EXPECT_CALL (BsMock, gBS_LocateProtocol)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ EXPECT_CALL (RngMock, GetRng)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
ASSERT_EQ (
PxeBcDhcp6Discover (
@@ -572,3 +606,61 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
EFI_SUCCESS
);
}
+
+TEST_F (PxeBcDhcp6DiscoverTest, MultipleRequestsAttemptOverflow) {
+ EFI_IPv6_ADDRESS DestIp = { 0 };
+ EFI_DHCP6_PACKET_OPTION RequestOpt = { 0 }; // the data section doesn't really matter
+
+ RequestOpt.OpCode = HTONS (0x1337);
+ RequestOpt.OpLen = HTONS (REQUEST_OPTION_LENGTH); // this length would overflow without a check
+ UINT8 RequestOptBuffer[REQUEST_OPTION_LENGTH] = { 0 };
+
+ // make sure we have enough space for 10 of these options
+ ASSERT_TRUE (REQUEST_OPTION_LENGTH * 10 <= PACKET_SIZE);
+
+ UINT8 Index = 0;
+ EFI_DHCP6_PACKET *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];
+ UINT8 *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
+
+ // let's add 10 of these options - this should overflow
+ for (UINT8 i = 0; i < 10; i++) {
+ CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
+ Cursor += sizeof (RequestOpt) - 1;
+ CopyMem (Cursor, RequestOptBuffer, REQUEST_OPTION_LENGTH);
+ Cursor += REQUEST_OPTION_LENGTH;
+ }
+
+ // Update the packet length
+ Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
+ Packet->Size = PACKET_SIZE;
+
+ // Make sure we're larger than the buffer we're trying to write into
+ ASSERT_TRUE (Packet->Length > sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));
+
+ EXPECT_CALL (BsMock, gBS_LocateProtocol)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ EXPECT_CALL (RngMock, GetRng)
+ .WillOnce (
+ ::testing::DoAll (
+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),
+ ::testing::Return (EFI_SUCCESS)
+ )
+ );
+
+ ASSERT_EQ (
+ PxeBcDhcp6Discover (
+ &(PxeBcDhcp6DiscoverTest::Private),
+ 0,
+ NULL,
+ FALSE,
+ (EFI_IP_ADDRESS *)&DestIp
+ ),
+ EFI_OUT_OF_RESOURCES
+ );
+}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119240): https://edk2.groups.io/g/devel/message/119240
Mute This Topic: https://groups.io/mt/106276865/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (12 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc Doug Flick via groups.io
` (5 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Leif Lindholm, Ard Biesheuvel, Sami Mujawar
From: Ard Biesheuvel <ardb@kernel.org>
ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC instructions instead of HVC instructions.
Whether or not this is the case can only be decided at runtime, and so
the associated PCD needs to be settable at runtime, if the platform
definition chooses so. This implies a boolean PCD, given that a feature
PCD is build-time configurable only.
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Committed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmPkg/ArmPkg.dec | 10 +++++-----
ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec
index 7fe2b9bca4..ac030e295b 100644
--- a/ArmPkg/ArmPkg.dec
+++ b/ArmPkg/ArmPkg.dec
@@ -139,11 +139,6 @@
# Define if the GICv3 controller should use the GICv2 legacy
gArmTokenSpaceGuid.PcdArmGicV3WithV2Legacy|FALSE|BOOLEAN|0x00000042
- ## Define the conduit to use for monitor calls.
- # Default PcdMonitorConduitHvc = FALSE, conduit = SMC
- # If PcdMonitorConduitHvc = TRUE, conduit = HVC
- gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x00000047
-
# Whether to remap all unused memory NX before installing the CPU arch
# protocol driver. This is needed on platforms that map all DRAM with RWX
# attributes initially, and can be disabled otherwise.
@@ -317,6 +312,11 @@
gArmTokenSpaceGuid.PcdSystemBiosRelease|0xFFFF|UINT16|0x30000058
gArmTokenSpaceGuid.PcdEmbeddedControllerFirmwareRelease|0xFFFF|UINT16|0x30000059
+ ## Define the conduit to use for monitor calls.
+ # Default PcdMonitorConduitHvc = FALSE, conduit = SMC
+ # If PcdMonitorConduitHvc = TRUE, conduit = HVC
+ gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x00000047
+
[PcdsFixedAtBuild.common, PcdsDynamic.common]
#
# ARM Architectural Timer
diff --git a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
index 741f5c6157..ec5b0b6619 100644
--- a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
+++ b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
@@ -26,7 +26,7 @@ ArmMonitorCall (
IN OUT ARM_MONITOR_ARGS *Args
)
{
- if (FeaturePcdGet (PcdMonitorConduitHvc)) {
+ if (PcdGetBool (PcdMonitorConduitHvc)) {
ArmCallHvc ((ARM_HVC_ARGS *)Args);
} else {
ArmCallSmc ((ARM_SMC_ARGS *)Args);
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119241): https://edk2.groups.io/g/devel/message/119241
Mute This Topic: https://groups.io/mt/106276866/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (13 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() Doug Flick via groups.io
` (4 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Leif Lindholm, Ard Biesheuvel, Sami Mujawar
This moves the PcdMonitorConduitHvc from PcdsFeatureFlag.Common to
PcdsFixedAtBuild.Common
This is a follow on to the previous commit:
ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC instructions instead of HVC instructions.
Whether or not this is the case can only be decided at runtime, and so
the associated PCD needs to be settable at runtime, if the platform
definition chooses so. This implies a boolean PCD, given that a feature
PCD is build-time configurable only.
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/ArmVirtKvmTool.dsc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc
index 20da331966..ae0dd1497f 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.dsc
+++ b/ArmVirtPkg/ArmVirtKvmTool.dsc
@@ -126,8 +126,6 @@
# Use MMIO for accessing RTC controller registers.
gPcAtChipsetPkgTokenSpaceGuid.PcdRtcUseMmio|TRUE
- gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
-
[PcdsFixedAtBuild.common]
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000000F
@@ -167,6 +165,8 @@
#
gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
+ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
[PcdsPatchableInModule.common]
#
# This will be overridden in the code
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119242): https://edk2.groups.io/g/devel/message/119242
Mute This Topic: https://groups.io/mt/106276867/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (14 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 6:47 ` 回复: " gaoliming via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI Doug Flick via groups.io
` (3 subsequent siblings)
19 siblings, 1 reply; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu
From: Ard Biesheuvel <ardb@kernel.org>
BaseRngLib on AARCH64 will discover whether or not RNDR instructions are
supported, by inspecting the ISAR0 identification register, and setting
a global boolean accordingly. This boolean is used in subsequent
execution to decide whether or not to issue the instruction.
The same discovery code also ASSERT()s that RNDR instructions are
implemented, which is unnecessary, and breaks execution on systems that
incorporate the library but don't implement the instruction (or fail to
expose it to the exception level that the firmware executes at).
So drop the ASSERT().
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Committed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
index d39db62153..3a556a2e3f 100644
--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
@@ -50,7 +50,6 @@ BaseRngLibConstructor (
// MSR. A non-zero value indicates that the processor supports the RNDR instruction.
//
Isar0 = ArmReadIdIsar0 ();
- ASSERT ((Isar0 & RNDR_MASK) != 0);
mRndrSupported = ((Isar0 & RNDR_MASK) != 0);
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119243): https://edk2.groups.io/g/devel/message/119243
Mute This Topic: https://groups.io/mt/106276868/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (15 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit Doug Flick via groups.io
` (2 subsequent siblings)
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
From: Ard Biesheuvel <ardb@kernel.org>
Currently, only TPM2 builds enable the PCD PEIM, which is a prerequisite
for being able to use dynamic PCDs already at the PEI stage. This
facility will be used for other reasons too so move those pieces out of
code block that are conditional on TPM2_ENABLE
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Committed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 6 +-----
ArmVirtPkg/ArmVirtQemu.fdf | 2 +-
2 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 1d3315ad3e..4498ca58a8 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -318,11 +318,7 @@
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM]
-!if $(TPM2_ENABLE) == TRUE
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
-!else
- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
-!endif
################################################################################
#
@@ -339,11 +335,11 @@
ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf
ArmPkg/Drivers/CpuPei/CpuPei.inf
-!if $(TPM2_ENABLE) == TRUE
MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
+!if $(TPM2_ENABLE) == TRUE
MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf {
<LibraryClasses>
ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 764f652afd..6073a31970 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -111,8 +111,8 @@ READ_LOCK_STATUS = TRUE
INF ArmPkg/Drivers/CpuPei/CpuPei.inf
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
-!if $(TPM2_ENABLE) == TRUE
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+!if $(TPM2_ENABLE) == TRUE
INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119244): https://edk2.groups.io/g/devel/message/119244
Mute This Topic: https://groups.io/mt/106276869/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* [edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (16 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI Doug Flick via groups.io
@ 2024-05-24 5:45 ` Doug Flick via groups.io
2024-05-24 7:01 ` 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
2024-05-29 13:09 ` Gerd Hoffmann
19 siblings, 0 replies; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 5:45 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Leif Lindholm, Sami Mujawar, Gerd Hoffmann
From: Ard Biesheuvel <ardb@kernel.org>
On ARM systems, whether SMC or HVC instructions need to be used to issue
monitor calls is typically dependent on the exception level, but there
are also cases where EL1 might use SMC instructions, so there is no hard
and fast rule.
For ArmVirtQemu, this does depend strictly on the exception level, so
set the default to HVC (for EL1 execution) and override it to SMC when
booted at EL2.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Committed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
ArmVirtPkg/ArmVirtCloudHv.dsc | 3 +++
ArmVirtPkg/ArmVirtQemu.dsc | 4 ++++
ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 ++
ArmVirtPkg/ArmVirtXen.dsc | 2 ++
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf | 1 +
ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 14 ++++++++++++++
6 files changed, 26 insertions(+)
diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc
index 5cb2a609b1..d5055a0341 100644
--- a/ArmVirtPkg/ArmVirtCloudHv.dsc
+++ b/ArmVirtPkg/ArmVirtCloudHv.dsc
@@ -201,6 +201,9 @@
[PcdsDynamicHii]
gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
+[PcdsPatchableInModule.common]
+ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 4498ca58a8..80dd4fbb14 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -293,6 +293,10 @@
gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+ # whether to use HVC or SMC to issue monitor calls - this typically depends
+ # on the exception level at which the UEFI system firmware executes
+ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
#
# TPM2 support
#
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 94f48593c2..2700b97d09 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -203,6 +203,8 @@
gArmTokenSpaceGuid.PcdFdBaseAddress|0x0
gArmTokenSpaceGuid.PcdFvBaseAddress|0x0
+ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
[PcdsDynamicDefault.common]
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 5809832e66..ceb37f8a2d 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -120,6 +120,8 @@
gArmTokenSpaceGuid.PcdFdBaseAddress|0x0
gArmTokenSpaceGuid.PcdFvBaseAddress|0x0
+ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
[PcdsDynamicDefault.common]
gArmTokenSpaceGuid.PcdArmArchTimerSecIntrNum|0x0
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
index e9a34b6e2e..a38b89c103 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
@@ -45,6 +45,7 @@
[Pcd]
gArmTokenSpaceGuid.PcdFvBaseAddress
+ gArmTokenSpaceGuid.PcdMonitorConduitHvc
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRODUCES
gUefiOvmfPkgTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
index 7ab4aa2d6b..b8e9208301 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
@@ -18,6 +18,8 @@
#include <Library/FdtSerialPortAddressLib.h>
#include <libfdt.h>
+#include <Chipset/AArch64.h>
+
#include <Guid/EarlyPL011BaseAddress.h>
#include <Guid/FdtHob.h>
@@ -224,5 +226,17 @@ PlatformPeim (
BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize));
+ #ifdef MDE_CPU_AARCH64
+ //
+ // Set the SMCCC conduit to SMC if executing at EL2, which is typically the
+ // exception level that services HVCs rather than the one that invokes them.
+ //
+ if (ArmReadCurrentEL () == AARCH64_EL2) {
+ Status = PcdSetBoolS (PcdMonitorConduitHvc, FALSE);
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ #endif
+
return EFI_SUCCESS;
}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119245): https://edk2.groups.io/g/devel/message/119245
Mute This Topic: https://groups.io/mt/106276870/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* Re: [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
@ 2024-05-24 5:53 ` Yao, Jiewen
0 siblings, 0 replies; 38+ messages in thread
From: Yao, Jiewen @ 2024-05-24 5:53 UTC (permalink / raw)
To: Flickdm, devel@edk2.groups.io
Acked-by: Jiewe Yao <Jiewen.yao@intel.com>
BTW: This patch is already got RB from below people. I suggest you can put them in commit directly.
Reviewed-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Flickdm <doug.edk2@gmail.com>
> Sent: Friday, May 24, 2024 1:45 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on
> GetRng
>
> Removed from gEfiRngAlgorithmRaw an incorrect assumption that
> Raw cannot return less than 256 bits. The DRNG Algorithms
> should always use a 256 bit seed as per nist standards
> however a caller is free to request less than 256 bits.
> >
> > //
> > // When a DRBG is used on the output of a entropy source,
> > // its security level must be at least 256 bits according to UEFI
> Spec.
> > //
> > if (RNGValueLength < 32) {
> > return EFI_INVALID_PARAMETER;
> > }
> >
>
> AARCH64 platforms do not have this limitation and this brings both
> implementations into alignment with each other and the spec.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>
> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 --------
> 1 file changed, 8 deletions(-)
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> index 7e06e16e4b..5723ed6957 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -116,14 +116,6 @@ RngGetRNG (
> // The "raw" algorithm is intended to provide entropy directly
>
> //
>
> if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
>
> - //
>
> - // When a DRBG is used on the output of a entropy source,
>
> - // its security level must be at least 256 bits according to UEFI Spec.
>
> - //
>
> - if (RNGValueLength < 32) {
>
> - return EFI_INVALID_PARAMETER;
>
> - }
>
> -
>
> Status = GenerateEntropy (RNGValueLength, RNGValue);
>
> return Status;
>
> }
>
> --
> 2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119246): https://edk2.groups.io/g/devel/message/119246
Mute This Topic: https://groups.io/mt/106276859/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* 回复: [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() Doug Flick via groups.io
@ 2024-05-24 6:47 ` gaoliming via groups.io
0 siblings, 0 replies; 38+ messages in thread
From: gaoliming via groups.io @ 2024-05-24 6:47 UTC (permalink / raw)
To: devel, dougflick; +Cc: 'Michael D Kinney', 'Zhiguang Liu'
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Doug Flick via
> groups.io
> 发送时间: 2024年5月24日 13:45
> 收件人: devel@edk2.groups.io
> 抄送: Michael D Kinney <michael.d.kinney@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>
> 主题: [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove
> overzealous ASSERT()
>
> From: Ard Biesheuvel <ardb@kernel.org>
>
> BaseRngLib on AARCH64 will discover whether or not RNDR instructions are
> supported, by inspecting the ISAR0 identification register, and setting
> a global boolean accordingly. This boolean is used in subsequent
> execution to decide whether or not to issue the instruction.
>
> The same discovery code also ASSERT()s that RNDR instructions are
> implemented, which is unnecessary, and breaks execution on systems that
> incorporate the library but don't implement the instruction (or fail to
> expose it to the exception level that the firmware executes at).
>
> So drop the ASSERT().
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>
> Committed-by: Ard Biesheuvel <ardb@kernel.org>
> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
> ---
> MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> index d39db62153..3a556a2e3f 100644
> --- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> +++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> @@ -50,7 +50,6 @@ BaseRngLibConstructor (
> // MSR. A non-zero value indicates that the processor supports the RNDR
> instruction.
>
> //
>
> Isar0 = ArmReadIdIsar0 ();
>
> - ASSERT ((Isar0 & RNDR_MASK) != 0);
>
>
>
> mRndrSupported = ((Isar0 & RNDR_MASK) != 0);
>
>
>
> --
> 2.34.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#119243): https://edk2.groups.io/g/devel/message/119243
> Mute This Topic: https://groups.io/mt/106276868/4905953
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub
> [gaoliming@byosoft.com.cn]
> -=-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119247): https://edk2.groups.io/g/devel/message/119247
Mute This Topic: https://groups.io/mt/106277273/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (17 preceding siblings ...)
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit Doug Flick via groups.io
@ 2024-05-24 7:01 ` gaoliming via groups.io
2024-05-24 7:07 ` Ard Biesheuvel
2024-05-29 13:09 ` Gerd Hoffmann
19 siblings, 1 reply; 38+ messages in thread
From: gaoliming via groups.io @ 2024-05-24 7:01 UTC (permalink / raw)
To: devel, dougflick, ardb, kraxel
Cc: 'Michael D Kinney', 'Andrew Fish', quic_llindhol
Ard and Gerd:
Doug updated this patch set based on your suggestion. Could you give
reviewed-by or acked-by for the changes in OvmfPkg and ArmVirtPkg if you
have no other comments?
Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Doug Flick via
> groups.io
> 发送时间: 2024年5月24日 13:45
> 收件人: devel@edk2.groups.io
> 抄送: Liming Gao <gaoliming@byosoft.com.cn>
> 主题: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
>
>
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-
edk-ii-
> ipv6-network-stack.html
>
> This patch series patches the following CVEs:
> - CVE-2023-45236: Predictable TCP Initial Sequence Numbers
> - CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
>
> In order to patch these CVEs, the following changes were made:
> - NetworkPkg no longer performs it's own random number generation,
> instead it uses EFI_RNG_PROTOCOL provided by the plaform to
> generate random numbers.
> - This change was made such that any future random number
> generation vulnerabilities will be a result of the platforms
> implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg
>
> - NetworkPkg uses the TCP initial sequence number algorithm as described
> in RFC 6528 to generate the initial sequence number for TCP connections.
> - This change was made to ensure that the initial sequence number
> is not predictable and therefore cannot be used in a TCP hijacking
> attack.
>
> In addition to the above changes, the following changes were made:
> - EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
> Hash2DxeCrypto driver to support TCP ISN generation using
> EFI_HASH2_PROTOCOL
>
> - EmulatorPkg was updated to include the
> RngDxe driver to support random number generation using the
> EFI_RNG_PROTOCOL
>
> - OvmfPkg, and ArmVirtPkg were updated to include the
> virtio-rng-pci device to support random number generation using the
> EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver
>
> - SecurityPkg was updated to fix an incorrect limitation on the
> GetRng function in the RngDxe driver where the minimum amount of
> random data that could be requested was 32 bytes (256 bits) instead
> of what the caller requested
>
> - MdePkg was updated to include MockUefiBootServicesTableLib,
> MockRng, and MockHash2 protocols for testing
>
> - NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
> due to underlying changes
>
> - ArmPkg was updated to allow the SMC/HVC monitor conduit to be
> specified at runtime
>
> - MdePkg was updated to remove an overzealous ASSERT in BaseRngLib
>
> - ArmVirtPkg was updated to permit the use of dynamic PCDs in PEI
>
> - ArmVirtPkg was updated to use dynamic PCDs to set the SMCCC conduit
>
> - ArmVirtPkg was updated to add the RngDxe driver
>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>
> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
>
> Ard Biesheuvel (6):
> ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
> MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()
> ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI
> ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit
> ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and ArmVirt.dsc.inc
> ArmVirtPkg/ArmVirtQemu: Add RngDxe driver
>
> Doug Flick (8):
> EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
> OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
> NetworkPkg:: SECURITY PATCH CVE-2023-45237
> NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
> MdePkg: : Add MockUefiBootServicesTableLib
> MdePkg: : Adds Protocol for MockRng
> MdePkg: Add MockHash2 Protocol for testing
> NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
>
> Flickdm (6):
> EmulatorPkg: : Add RngDxe to EmulatorPkg
> OvmfPkg:PlatformCI: Support virtio-rng-pci
> ArmVirtPkg:PlatformCI: Support virtio-rng-pci
> ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
> SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
> ArmVirtPkg: Move PcdMonitorConduitHvc
>
> ArmPkg/ArmPkg.dec
> | 10 +-
> NetworkPkg/NetworkPkg.dec
> | 7 +
> ArmVirtPkg/ArmVirt.dsc.inc
> | 5 +-
> ArmVirtPkg/ArmVirtCloudHv.dsc
> | 3 +
> ArmVirtPkg/ArmVirtKvmTool.dsc
> | 4 +-
> ArmVirtPkg/ArmVirtQemu.dsc
> | 20 +-
> ArmVirtPkg/ArmVirtQemuKernel.dsc
> | 12 +-
> ArmVirtPkg/ArmVirtXen.dsc
> | 6 +-
> EmulatorPkg/EmulatorPkg.dsc
> | 14 +-
> MdePkg/Test/MdePkgHostTest.dsc
> | 1 +
> NetworkPkg/Test/NetworkPkgHostTest.dsc
> | 1 +
> OvmfPkg/OvmfPkgIa32.dsc
> | 6 +-
> OvmfPkg/OvmfPkgIa32X64.dsc
> | 6 +-
> OvmfPkg/OvmfPkgX64.dsc
> | 6 +-
> OvmfPkg/OvmfXen.dsc
> | 5 +
> ArmVirtPkg/ArmVirtQemu.fdf
> | 2 +-
> EmulatorPkg/EmulatorPkg.fdf
> | 11 +-
> OvmfPkg/OvmfPkgIa32.fdf
> | 5 +
> OvmfPkg/OvmfPkgIa32X64.fdf
> | 5 +
> OvmfPkg/OvmfPkgX64.fdf
> | 5 +
> OvmfPkg/OvmfXen.fdf
> | 5 +
> ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
> | 1 +
>
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.inf | 32 +++
> NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
> | 14 +-
> NetworkPkg/TcpDxe/TcpDxe.inf
> | 11 +-
> NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
> | 3 +-
>
> MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.
> h | 78 +++++++
> MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
> | 67 ++++++
> MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
> | 48 ++++
> NetworkPkg/IScsiDxe/IScsiMisc.h
> | 6 +-
> NetworkPkg/Include/Library/NetLib.h
> | 40 +++-
> NetworkPkg/Ip6Dxe/Ip6Nd.h
> | 8 +-
> NetworkPkg/TcpDxe/TcpFunc.h
> | 23 +-
> NetworkPkg/TcpDxe/TcpMain.h
> | 59 ++++-
> ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
> | 2 +-
> ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
> | 14 ++
> MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> | 1 -
> NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c
> | 10 +-
> NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c
> | 11 +-
> NetworkPkg/DnsDxe/DnsDhcp.c
> | 10 +-
> NetworkPkg/DnsDxe/DnsImpl.c
> | 11 +-
> NetworkPkg/HttpBootDxe/HttpBootDhcp6.c
> | 10 +-
> NetworkPkg/IScsiDxe/IScsiCHAP.c
> | 19 +-
> NetworkPkg/IScsiDxe/IScsiMisc.c
> | 14 +-
> NetworkPkg/Ip4Dxe/Ip4Driver.c
> | 10 +-
> NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c
> | 9 +-
> NetworkPkg/Ip6Dxe/Ip6Driver.c
> | 17 +-
> NetworkPkg/Ip6Dxe/Ip6If.c
> | 12 +-
> NetworkPkg/Ip6Dxe/Ip6Mld.c
> | 12 +-
> NetworkPkg/Ip6Dxe/Ip6Nd.c
> | 33 ++-
> NetworkPkg/Library/DxeNetLib/DxeNetLib.c
> | 130 +++++++++--
> NetworkPkg/TcpDxe/TcpDriver.c
> | 105 ++++++++-
> NetworkPkg/TcpDxe/TcpInput.c
> | 13 +-
> NetworkPkg/TcpDxe/TcpMisc.c
> | 244 ++++++++++++++++++--
> NetworkPkg/TcpDxe/TcpTimer.c
> | 3 +-
> NetworkPkg/Udp4Dxe/Udp4Driver.c
> | 10 +-
> NetworkPkg/Udp6Dxe/Udp6Driver.c
> | 11 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c
> | 9 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
> | 11 +-
> NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c
> | 12 +-
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> | 8 -
> ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
> | 6 +
> ArmVirtPkg/PlatformCI/PlatformBuildLib.py
> | 2 +
>
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.cpp | 69 ++++++
> MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
> | 27 +++
> MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
> | 21 ++
> NetworkPkg/SecurityFixes.yaml
> | 61 +++++
> NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
> | 102 +++++++-
> OvmfPkg/PlatformCI/PlatformBuildLib.py
> | 2 +
> 69 files changed, 1397 insertions(+), 173 deletions(-)
> create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.inf
> create mode 100644
> MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.
> h
> create mode 100644
> MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
> create mode 100644
> MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
> create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUe
> fiBootServicesTableLib.cpp
> create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
> create mode 100644
> MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
>
> --
> 2.34.1
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119248): https://edk2.groups.io/g/devel/message/119248
Mute This Topic: https://groups.io/mt/106277402/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 7:01 ` 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
@ 2024-05-24 7:07 ` Ard Biesheuvel
2024-05-24 9:12 ` 回复: " gaoliming via groups.io
0 siblings, 1 reply; 38+ messages in thread
From: Ard Biesheuvel @ 2024-05-24 7:07 UTC (permalink / raw)
To: devel, gaoliming
Cc: dougflick, kraxel, Michael D Kinney, Andrew Fish, quic_llindhol
On Fri, 24 May 2024 at 09:01, gaoliming via groups.io
<gaoliming=byosoft.com.cn@groups.io> wrote:
>
> Ard and Gerd:
> Doug updated this patch set based on your suggestion. Could you give
> reviewed-by or acked-by for the changes in OvmfPkg and ArmVirtPkg if you
> have no other comments?
>
I see ~60 patches from Doug, seemingly 3 copies of the v3 series. I am
going to assume they are identical.
The changes I contributed should appear at the beginning of the
series, not the end, so that bisect does not get broken.
Perhaps Doug could send a v4 (only once!) that has everything in the
correct order, and I will look at it.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119249): https://edk2.groups.io/g/devel/message/119249
Mute This Topic: https://groups.io/mt/106277453/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 7:07 ` Ard Biesheuvel
@ 2024-05-24 9:12 ` gaoliming via groups.io
2024-05-24 9:41 ` Ard Biesheuvel
0 siblings, 1 reply; 38+ messages in thread
From: gaoliming via groups.io @ 2024-05-24 9:12 UTC (permalink / raw)
To: 'Ard Biesheuvel', devel
Cc: dougflick, kraxel, 'Michael D Kinney',
'Andrew Fish', quic_llindhol
Ard:
Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that includes 20 commits. You can check them.
Thanks
Liming
> -----邮件原件-----
> 发件人: Ard Biesheuvel <ardb@kernel.org>
> 发送时间: 2024年5月24日 15:07
> 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn
> 抄送: dougflick@microsoft.com; kraxel@redhat.com; Michael D Kinney
> <michael.d.kinney@intel.com>; Andrew Fish <afish@apple.com>;
> quic_llindhol@quicinc.com
> 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> On Fri, 24 May 2024 at 09:01, gaoliming via groups.io
> <gaoliming=byosoft.com.cn@groups.io> wrote:
> >
> > Ard and Gerd:
> > Doug updated this patch set based on your suggestion. Could you give
> > reviewed-by or acked-by for the changes in OvmfPkg and ArmVirtPkg if you
> > have no other comments?
> >
>
> I see ~60 patches from Doug, seemingly 3 copies of the v3 series. I am
> going to assume they are identical.
>
> The changes I contributed should appear at the beginning of the
> series, not the end, so that bisect does not get broken.
>
> Perhaps Doug could send a v4 (only once!) that has everything in the
> correct order, and I will look at it.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119252): https://edk2.groups.io/g/devel/message/119252
Mute This Topic: https://groups.io/mt/106278281/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 9:12 ` 回复: " gaoliming via groups.io
@ 2024-05-24 9:41 ` Ard Biesheuvel
2024-05-24 11:48 ` Gerd Hoffmann
0 siblings, 1 reply; 38+ messages in thread
From: Ard Biesheuvel @ 2024-05-24 9:41 UTC (permalink / raw)
To: devel, gaoliming
Cc: dougflick, kraxel, Michael D Kinney, Andrew Fish, quic_llindhol
On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
<gaoliming=byosoft.com.cn@groups.io> wrote:
>
> Ard:
> Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that includes 20 commits. You can check them.
>
This looks fine to me in principle.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
However, IIUC, the impact of this series is that all out-of-tree
platforms that lack the right implementation of the EFI_RNG_PROTOCOL
(i.e., using a GUID that appears in the allowlist) will lose the
ability to do network boot. If that is a tolerable result, I am fine
with that too, but I think it needs to be made very clear in the
stable tag release notes.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119253): https://edk2.groups.io/g/devel/message/119253
Mute This Topic: https://groups.io/mt/106278600/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 9:41 ` Ard Biesheuvel
@ 2024-05-24 11:48 ` Gerd Hoffmann
2024-05-24 14:51 ` 回复: " gaoliming via groups.io
[not found] ` <17D27450B424AC2B.30215@groups.io>
0 siblings, 2 replies; 38+ messages in thread
From: Gerd Hoffmann @ 2024-05-24 11:48 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: devel, gaoliming, dougflick, Michael D Kinney, Andrew Fish,
quic_llindhol
On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wrote:
> On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
> <gaoliming=byosoft.com.cn@groups.io> wrote:
> >
> > Ard:
> > Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that includes 20 commits. You can check them.
> >
>
> This looks fine to me in principle.
>
> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
>
> However, IIUC, the impact of this series is that all out-of-tree
> platforms that lack the right implementation of the EFI_RNG_PROTOCOL
> (i.e., using a GUID that appears in the allowlist) will lose the
> ability to do network boot. If that is a tolerable result, I am fine
> with that too, but I think it needs to be made very clear in the
> stable tag release notes.
Tested the v3 series with OVMF, results are as expected: Without
virtio-rng-pci network boot does not work. With virtio-rng-pci
everything is fine.
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Agree that this must be noted in the release notes.
Related: I'm working on patch series adding RngDxe to OVMF with
runtime rdrand detection:
https://github.com/kraxel/edk2/commits/devel/ovmf-rdrand/
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119254): https://edk2.groups.io/g/devel/message/119254
Mute This Topic: https://groups.io/mt/106278600/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 11:48 ` Gerd Hoffmann
@ 2024-05-24 14:51 ` gaoliming via groups.io
2024-05-24 16:50 ` [edk2-devel] " Doug Flick via groups.io
[not found] ` <17D27450B424AC2B.30215@groups.io>
1 sibling, 1 reply; 38+ messages in thread
From: gaoliming via groups.io @ 2024-05-24 14:51 UTC (permalink / raw)
To: devel, kraxel, 'Ard Biesheuvel'
Cc: dougflick, 'Michael D Kinney', 'Andrew Fish',
quic_llindhol
Gerd and Ard:
Thanks for your comments. I understand this CVE fix requires
EFI_RNG_PROTOCOL. I will add this requirement in the release note.
Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Gerd Hoffmann
> 发送时间: 2024年5月24日 19:49
> 收件人: Ard Biesheuvel <ardb@kernel.org>
> 抄送: devel@edk2.groups.io; gaoliming@byosoft.com.cn;
> dougflick@microsoft.com; Michael D Kinney <michael.d.kinney@intel.com>;
> Andrew Fish <afish@apple.com>; quic_llindhol@quicinc.com
> 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wrote:
> > On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
> > <gaoliming=byosoft.com.cn@groups.io> wrote:
> > >
> > > Ard:
> > > Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that
> includes 20 commits. You can check them.
> > >
> >
> > This looks fine to me in principle.
> >
> > Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
> >
> > However, IIUC, the impact of this series is that all out-of-tree
> > platforms that lack the right implementation of the EFI_RNG_PROTOCOL
> > (i.e., using a GUID that appears in the allowlist) will lose the
> > ability to do network boot. If that is a tolerable result, I am fine
> > with that too, but I think it needs to be made very clear in the
> > stable tag release notes.
>
> Tested the v3 series with OVMF, results are as expected: Without
> virtio-rng-pci network boot does not work. With virtio-rng-pci
> everything is fine.
>
> Tested-by: Gerd Hoffmann <kraxel@redhat.com>
> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
>
> Agree that this must be noted in the release notes.
>
> Related: I'm working on patch series adding RngDxe to OVMF with
> runtime rdrand detection:
> https://github.com/kraxel/edk2/commits/devel/ovmf-rdrand/
>
> take care,
> Gerd
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119256): https://edk2.groups.io/g/devel/message/119256
Mute This Topic: https://groups.io/mt/106282939/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
[not found] ` <17D27450B424AC2B.30215@groups.io>
@ 2024-05-24 16:00 ` gaoliming via groups.io
0 siblings, 0 replies; 38+ messages in thread
From: gaoliming via groups.io @ 2024-05-24 16:00 UTC (permalink / raw)
To: devel, gaoliming, kraxel, 'Ard Biesheuvel'
Cc: dougflick, 'Michael D Kinney', 'Andrew Fish',
quic_llindhol
Hi, all
Because this patch fixes two CVE, I decide to include them in this stable
tag 202405.
https://github.com/tianocore/edk2/pull/5582 has been merged.
Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 gaoliming via
> groups.io
> 发送时间: 2024年5月24日 22:51
> 收件人: devel@edk2.groups.io; kraxel@redhat.com; 'Ard Biesheuvel'
> <ardb@kernel.org>
> 抄送: dougflick@microsoft.com; 'Michael D Kinney'
> <michael.d.kinney@intel.com>; 'Andrew Fish' <afish@apple.com>;
> quic_llindhol@quicinc.com
> 主题: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> Gerd and Ard:
> Thanks for your comments. I understand this CVE fix requires
> EFI_RNG_PROTOCOL. I will add this requirement in the release note.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Gerd
> Hoffmann
> > 发送时间: 2024年5月24日 19:49
> > 收件人: Ard Biesheuvel <ardb@kernel.org>
> > 抄送: devel@edk2.groups.io; gaoliming@byosoft.com.cn;
> > dougflick@microsoft.com; Michael D Kinney <michael.d.kinney@intel.com>;
> > Andrew Fish <afish@apple.com>; quic_llindhol@quicinc.com
> > 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> > CVE-2023-45237
> >
> > On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wrote:
> > > On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
> > > <gaoliming=byosoft.com.cn@groups.io> wrote:
> > > >
> > > > Ard:
> > > > Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that
> > includes 20 commits. You can check them.
> > > >
> > >
> > > This looks fine to me in principle.
> > >
> > > Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
> > >
> > > However, IIUC, the impact of this series is that all out-of-tree
> > > platforms that lack the right implementation of the EFI_RNG_PROTOCOL
> > > (i.e., using a GUID that appears in the allowlist) will lose the
> > > ability to do network boot. If that is a tolerable result, I am fine
> > > with that too, but I think it needs to be made very clear in the
> > > stable tag release notes.
> >
> > Tested the v3 series with OVMF, results are as expected: Without
> > virtio-rng-pci network boot does not work. With virtio-rng-pci
> > everything is fine.
> >
> > Tested-by: Gerd Hoffmann <kraxel@redhat.com>
> > Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> >
> > Agree that this must be noted in the release notes.
> >
> > Related: I'm working on patch series adding RngDxe to OVMF with
> > runtime rdrand detection:
> > https://github.com/kraxel/edk2/commits/devel/ovmf-rdrand/
> >
> > take care,
> > Gerd
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119258): https://edk2.groups.io/g/devel/message/119258
Mute This Topic: https://groups.io/mt/106284249/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: [edk2-devel] 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 14:51 ` 回复: " gaoliming via groups.io
@ 2024-05-24 16:50 ` Doug Flick via groups.io
2024-05-25 4:33 ` 回复: " gaoliming via groups.io
0 siblings, 1 reply; 38+ messages in thread
From: Doug Flick via groups.io @ 2024-05-24 16:50 UTC (permalink / raw)
To: gaoliming, devel
[-- Attachment #1: Type: text/plain, Size: 479 bytes --]
To be clear, it requires EFI_RNG_PROTOCOL and EFI_HASH2_PROTOCOL. Both should be mentioned in the release notes
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119260): https://edk2.groups.io/g/devel/message/119260
Mute This Topic: https://groups.io/mt/106282939/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 898 bytes --]
^ permalink raw reply [flat|nested] 38+ messages in thread
* 回复: [edk2-devel] 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 16:50 ` [edk2-devel] " Doug Flick via groups.io
@ 2024-05-25 4:33 ` gaoliming via groups.io
0 siblings, 0 replies; 38+ messages in thread
From: gaoliming via groups.io @ 2024-05-25 4:33 UTC (permalink / raw)
To: devel, dougflick
[-- Attachment #1: Type: text/plain, Size: 910 bytes --]
Doug:
What’s impact if no EFI_HASH2_PROTOCOL? Does network boot work or not?
Thanks
Liming
发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Doug Flick via groups.io
发送时间: 2024年5月25日 0:51
收件人: gaoliming <gaoliming@byosoft.com.cn>; devel@edk2.groups.io
主题: Re: [edk2-devel] 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
To be clear, it requires EFI_RNG_PROTOCOL and EFI_HASH2_PROTOCOL. Both should be mentioned in the release notes
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119265): https://edk2.groups.io/g/devel/message/119265
Mute This Topic: https://groups.io/mt/106294144/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 4815 bytes --]
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
` (18 preceding siblings ...)
2024-05-24 7:01 ` 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
@ 2024-05-29 13:09 ` Gerd Hoffmann
2024-05-30 5:07 ` 回复: " gaoliming via groups.io
19 siblings, 1 reply; 38+ messages in thread
From: Gerd Hoffmann @ 2024-05-29 13:09 UTC (permalink / raw)
To: devel, dougflick; +Cc: Liming Gao, Ard Biesheuvel
On Thu, May 23, 2024 at 10:44:52PM GMT, Doug Flick via groups.io wrote:
>
> REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
>
> This patch series patches the following CVEs:
> - CVE-2023-45236: Predictable TCP Initial Sequence Numbers
> - CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
Ok, looks like there is some more fallout from this patch series which I
havn't seen in my initial testing. It does not always happen, didn't
figure yet what exactly triggers the behavior. But in some cases there
is quite some network stack activity, apparently done by
EVT_SIGNAL_EXIT_BOOT_SERVICES event handlers ...
With the debug patch below applied the tail of the ovmf log looks like
this:
VirtioRngExitBoot: Context=0x7D73D798
Hash2ServiceBindingDestroyChild - Invalid handle
MnpServiceBindingDestroyChild: Failed to uninstall the ManagedNetwork protocol, Invalid Parameter.
Support(): UNDI3.1 found on handle 7D461118
Support(): supported on 7D461118
Start(): UNDI3.1 found
snp->undi.start() 1h:8000h
InstallProtocolInterface: 7AB33A91-ACE5-4326-B572-E7EE33D39F16 7CE872C0
InstallProtocolInterface: F44C00EE-1F2C-4A00-AA09-1C9F3E0800A3 7CE7D020
Failed to generate random data using secure algorithm 0: Unsupported
Failed to generate random data using secure algorithm 1: Unsupported
Failed to generate random data using secure algorithm 2: Unsupported
Failed to generate random data using secure algorithm 3: Unsupported
VirtioRngGetRNG: not ready
Failed to generate random data using secure algorithm 4: Device Error
ASSERT_EFI_ERROR (Status = Device Error)
ASSERT /home/kraxel/projects/edk2/NetworkPkg/Library/DxeNetLib/DxeNetLib.c(965): !(((INTN)(RETURN_STATUS)(Status)) < 0)
The VirtioRngDxe EVT_SIGNAL_EXIT_BOOT_SERVICES handler resets the
device, to make sure it will stop any DMA.
Once the reset is done the device can't deliver random numbers any more,
but the network code wants some. So with the debug patch an assert is
triggered, without the debug patch the system simply hangs because the
virtio-rng device wouldn't answer request sent by the driver.
I'm wondering what the network code is actually doing here in the first
place? It apparently /installs/ protocols in the
EVT_SIGNAL_EXIT_BOOT_SERVICES handler? I don't think this is how things
are supposed to work ...
take care,
Gerd
------------------------- cut here -------------------------
diff --git a/OvmfPkg/VirtioRngDxe/VirtioRng.h b/OvmfPkg/VirtioRngDxe/VirtioRng.h
index 2da99540a208..3519521d6ab5 100644
--- a/OvmfPkg/VirtioRngDxe/VirtioRng.h
+++ b/OvmfPkg/VirtioRngDxe/VirtioRng.h
@@ -33,6 +33,7 @@ typedef struct {
VRING Ring; // VirtioRingInit 2
EFI_RNG_PROTOCOL Rng; // VirtioRngInit 1
VOID *RingMap; // VirtioRingMap 2
+ BOOLEAN Ready;
} VIRTIO_RNG_DEV;
#define VIRTIO_ENTROPY_SOURCE_FROM_RNG(RngPointer) \
diff --git a/OvmfPkg/VirtioNetDxe/Events.c b/OvmfPkg/VirtioNetDxe/Events.c
index 75a9644f749c..36e3eed4617c 100644
--- a/OvmfPkg/VirtioNetDxe/Events.c
+++ b/OvmfPkg/VirtioNetDxe/Events.c
@@ -77,7 +77,7 @@ VirtioNetExitBoot (
//
VNET_DEV *Dev;
- DEBUG ((DEBUG_VERBOSE, "%a: Context=0x%p\n", __func__, Context));
+ DEBUG ((DEBUG_INFO, "%a: Context=0x%p\n", __func__, Context));
Dev = Context;
if (Dev->Snm.State == EfiSimpleNetworkInitialized) {
Dev->VirtIo->SetDeviceStatus (Dev->VirtIo, 0);
diff --git a/OvmfPkg/VirtioRngDxe/VirtioRng.c b/OvmfPkg/VirtioRngDxe/VirtioRng.c
index 069aed148af1..370c9ac8f1de 100644
--- a/OvmfPkg/VirtioRngDxe/VirtioRng.c
+++ b/OvmfPkg/VirtioRngDxe/VirtioRng.c
@@ -156,6 +156,10 @@ VirtioRngGetRNG (
}
Dev = VIRTIO_ENTROPY_SOURCE_FROM_RNG (This);
+ if (!Dev->Ready) {
+ DEBUG ((DEBUG_INFO, "%a: not ready\n", __func__));
+ return EFI_DEVICE_ERROR;
+ }
//
// Map Buffer's system physical address to device address
//
@@ -382,6 +386,7 @@ VirtioRngInit (
//
Dev->Rng.GetInfo = VirtioRngGetInfo;
Dev->Rng.GetRNG = VirtioRngGetRNG;
+ Dev->Ready = TRUE;
return EFI_SUCCESS;
@@ -414,8 +419,8 @@ VirtioRngUninit (
// VIRTIO_CFG_WRITE() returns, the host will have learned to stay away from
// the old comms area.
//
+ Dev->Ready = FALSE;
Dev->VirtIo->SetDeviceStatus (Dev->VirtIo, 0);
-
Dev->VirtIo->UnmapSharedBuffer (Dev->VirtIo, Dev->RingMap);
VirtioRingUninit (Dev->VirtIo, &Dev->Ring);
@@ -435,7 +440,7 @@ VirtioRngExitBoot (
{
VIRTIO_RNG_DEV *Dev;
- DEBUG ((DEBUG_VERBOSE, "%a: Context=0x%p\n", __func__, Context));
+ DEBUG ((DEBUG_INFO, "%a: Context=0x%p\n", __func__, Context));
//
// Reset the device. This causes the hypervisor to forget about the virtio
// ring.
@@ -444,6 +449,7 @@ VirtioRngExitBoot (
// executing after ExitBootServices() is permitted to overwrite it.
//
Dev = Context;
+ Dev->Ready = FALSE;
Dev->VirtIo->SetDeviceStatus (Dev->VirtIo, 0);
}
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119343): https://edk2.groups.io/g/devel/message/119343
Mute This Topic: https://groups.io/mt/106276830/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 38+ messages in thread
* 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-29 13:09 ` Gerd Hoffmann
@ 2024-05-30 5:07 ` gaoliming via groups.io
2024-05-30 9:31 ` Gerd Hoffmann
0 siblings, 1 reply; 38+ messages in thread
From: gaoliming via groups.io @ 2024-05-30 5:07 UTC (permalink / raw)
To: 'Gerd Hoffmann', devel, dougflick; +Cc: 'Ard Biesheuvel'
If ASSERT trigs the exception, could call stack show each caller?
Thanks
Liming
> -----邮件原件-----
> 发件人: Gerd Hoffmann <kraxel@redhat.com>
> 发送时间: 2024年5月29日 21:09
> 收件人: devel@edk2.groups.io; dougflick@microsoft.com
> 抄送: Liming Gao <gaoliming@byosoft.com.cn>; Ard Biesheuvel
> <ardb@kernel.org>
> 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
>
> On Thu, May 23, 2024 at 10:44:52PM GMT, Doug Flick via groups.io wrote:
> >
> >
>
REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-
edk-ii-
> ipv6-network-stack.html
> >
> > This patch series patches the following CVEs:
> > - CVE-2023-45236: Predictable TCP Initial Sequence Numbers
> > - CVE-2023-45237: Use of a Weak PseudoRandom Number Generator
>
> Ok, looks like there is some more fallout from this patch series which I
> havn't seen in my initial testing. It does not always happen, didn't
> figure yet what exactly triggers the behavior. But in some cases there
> is quite some network stack activity, apparently done by
> EVT_SIGNAL_EXIT_BOOT_SERVICES event handlers ...
>
> With the debug patch below applied the tail of the ovmf log looks like
> this:
>
> VirtioRngExitBoot: Context=0x7D73D798
> Hash2ServiceBindingDestroyChild - Invalid handle
> MnpServiceBindingDestroyChild: Failed to uninstall the ManagedNetwork
> protocol, Invalid Parameter.
> Support(): UNDI3.1 found on handle 7D461118
> Support(): supported on 7D461118
> Start(): UNDI3.1 found
>
> snp->undi.start() 1h:8000h
> InstallProtocolInterface: 7AB33A91-ACE5-4326-B572-E7EE33D39F16
> 7CE872C0
> InstallProtocolInterface: F44C00EE-1F2C-4A00-AA09-1C9F3E0800A3
> 7CE7D020
> Failed to generate random data using secure algorithm 0: Unsupported
> Failed to generate random data using secure algorithm 1: Unsupported
> Failed to generate random data using secure algorithm 2: Unsupported
> Failed to generate random data using secure algorithm 3: Unsupported
> VirtioRngGetRNG: not ready
> Failed to generate random data using secure algorithm 4: Device Error
>
> ASSERT_EFI_ERROR (Status = Device Error)
> ASSERT
> /home/kraxel/projects/edk2/NetworkPkg/Library/DxeNetLib/DxeNetLib.c(965):
> !(((INTN)(RETURN_STATUS)(Status)) < 0)
>
> The VirtioRngDxe EVT_SIGNAL_EXIT_BOOT_SERVICES handler resets the
> device, to make sure it will stop any DMA.
>
> Once the reset is done the device can't deliver random numbers any more,
> but the network code wants some. So with the debug patch an assert is
> triggered, without the debug patch the system simply hangs because the
> virtio-rng device wouldn't answer request sent by the driver.
>
> I'm wondering what the network code is actually doing here in the first
> place? It apparently /installs/ protocols in the
> EVT_SIGNAL_EXIT_BOOT_SERVICES handler? I don't think this is how things
> are supposed to work ...
>
> take care,
> Gerd
>
> ------------------------- cut here -------------------------
> diff --git a/OvmfPkg/VirtioRngDxe/VirtioRng.h
> b/OvmfPkg/VirtioRngDxe/VirtioRng.h
> index 2da99540a208..3519521d6ab5 100644
> --- a/OvmfPkg/VirtioRngDxe/VirtioRng.h
> +++ b/OvmfPkg/VirtioRngDxe/VirtioRng.h
> @@ -33,6 +33,7 @@ typedef struct {
> VRING Ring; // VirtioRingInit 2
> EFI_RNG_PROTOCOL Rng; // VirtioRngInit 1
> VOID *RingMap; // VirtioRingMap
> 2
> + BOOLEAN Ready;
> } VIRTIO_RNG_DEV;
>
> #define VIRTIO_ENTROPY_SOURCE_FROM_RNG(RngPointer) \
> diff --git a/OvmfPkg/VirtioNetDxe/Events.c b/OvmfPkg/VirtioNetDxe/Events.c
> index 75a9644f749c..36e3eed4617c 100644
> --- a/OvmfPkg/VirtioNetDxe/Events.c
> +++ b/OvmfPkg/VirtioNetDxe/Events.c
> @@ -77,7 +77,7 @@ VirtioNetExitBoot (
> //
> VNET_DEV *Dev;
>
> - DEBUG ((DEBUG_VERBOSE, "%a: Context=0x%p\n", __func__, Context));
> + DEBUG ((DEBUG_INFO, "%a: Context=0x%p\n", __func__, Context));
> Dev = Context;
> if (Dev->Snm.State == EfiSimpleNetworkInitialized) {
> Dev->VirtIo->SetDeviceStatus (Dev->VirtIo, 0);
> diff --git a/OvmfPkg/VirtioRngDxe/VirtioRng.c
> b/OvmfPkg/VirtioRngDxe/VirtioRng.c
> index 069aed148af1..370c9ac8f1de 100644
> --- a/OvmfPkg/VirtioRngDxe/VirtioRng.c
> +++ b/OvmfPkg/VirtioRngDxe/VirtioRng.c
> @@ -156,6 +156,10 @@ VirtioRngGetRNG (
> }
>
> Dev = VIRTIO_ENTROPY_SOURCE_FROM_RNG (This);
> + if (!Dev->Ready) {
> + DEBUG ((DEBUG_INFO, "%a: not ready\n", __func__));
> + return EFI_DEVICE_ERROR;
> + }
> //
> // Map Buffer's system physical address to device address
> //
> @@ -382,6 +386,7 @@ VirtioRngInit (
> //
> Dev->Rng.GetInfo = VirtioRngGetInfo;
> Dev->Rng.GetRNG = VirtioRngGetRNG;
> + Dev->Ready = TRUE;
>
> return EFI_SUCCESS;
>
> @@ -414,8 +419,8 @@ VirtioRngUninit (
> // VIRTIO_CFG_WRITE() returns, the host will have learned to stay away
from
> // the old comms area.
> //
> + Dev->Ready = FALSE;
> Dev->VirtIo->SetDeviceStatus (Dev->VirtIo, 0);
> -
> Dev->VirtIo->UnmapSharedBuffer (Dev->VirtIo, Dev->RingMap);
>
> VirtioRingUninit (Dev->VirtIo, &Dev->Ring);
> @@ -435,7 +440,7 @@ VirtioRngExitBoot (
> {
> VIRTIO_RNG_DEV *Dev;
>
> - DEBUG ((DEBUG_VERBOSE, "%a: Context=0x%p\n", __func__, Context));
> + DEBUG ((DEBUG_INFO, "%a: Context=0x%p\n", __func__, Context));
> //
> // Reset the device. This causes the hypervisor to forget about the
virtio
> // ring.
> @@ -444,6 +449,7 @@ VirtioRngExitBoot (
> // executing after ExitBootServices() is permitted to overwrite it.
> //
> Dev = Context;
> + Dev->Ready = FALSE;
> Dev->VirtIo->SetDeviceStatus (Dev->VirtIo, 0);
> }
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119379): https://edk2.groups.io/g/devel/message/119379
Mute This Topic: https://groups.io/mt/106383321/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-30 5:07 ` 回复: " gaoliming via groups.io
@ 2024-05-30 9:31 ` Gerd Hoffmann
2024-05-30 10:08 ` Michael Brown
0 siblings, 1 reply; 38+ messages in thread
From: Gerd Hoffmann @ 2024-05-30 9:31 UTC (permalink / raw)
To: devel, gaoliming; +Cc: dougflick, 'Ard Biesheuvel'
On Thu, May 30, 2024 at 01:07:45PM GMT, gaoliming via groups.io wrote:
> If ASSERT trigs the exception, could call stack show each caller?
Turned out to be ipxe, apparently it has a exit-boot-services handler
which triggers all this.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119384): https://edk2.groups.io/g/devel/message/119384
Mute This Topic: https://groups.io/mt/106383321/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-30 9:31 ` Gerd Hoffmann
@ 2024-05-30 10:08 ` Michael Brown
2024-05-30 10:33 ` Gerd Hoffmann
0 siblings, 1 reply; 38+ messages in thread
From: Michael Brown @ 2024-05-30 10:08 UTC (permalink / raw)
To: devel, kraxel, gaoliming; +Cc: dougflick, 'Ard Biesheuvel'
On 30/05/2024 10:31, Gerd Hoffmann wrote:
> On Thu, May 30, 2024 at 01:07:45PM GMT, gaoliming via groups.io wrote:
>> If ASSERT trigs the exception, could call stack show each caller?
>
> Turned out to be ipxe, apparently it has a exit-boot-services handler
> which triggers all this.
iPXE shouldn't be triggering any protocol installations in response to
ExitBootServices.
We used to make a good-faith effort to clean up gracefully by
uninstalling protocols. This ended up exposing so many bugs in EDK2 and
third-party UEFI code (where the uninstallation paths seem to almost
never be tested) that we eventually gave up. As of commit
https://github.com/ipxe/ipxe/commit/6769a7c3c, we now deliberately leak
resources once ExitBootServices has been triggered by skipping the
cleanup calls to UninstallMultipleProtocolInterfaces etc.
Do you have any more details of the behaviour that you're observing?
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119386): https://edk2.groups.io/g/devel/message/119386
Mute This Topic: https://groups.io/mt/106383321/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-30 10:08 ` Michael Brown
@ 2024-05-30 10:33 ` Gerd Hoffmann
2024-05-30 10:49 ` Michael Brown
0 siblings, 1 reply; 38+ messages in thread
From: Gerd Hoffmann @ 2024-05-30 10:33 UTC (permalink / raw)
To: Michael Brown; +Cc: devel, gaoliming, dougflick, 'Ard Biesheuvel'
On Thu, May 30, 2024 at 10:08:26AM GMT, Michael Brown wrote:
> iPXE shouldn't be triggering any protocol installations in response to
> ExitBootServices.
>
> We used to make a good-faith effort to clean up gracefully by uninstalling
> protocols. This ended up exposing so many bugs in EDK2 and third-party UEFI
> code (where the uninstallation paths seem to almost never be tested) that we
> eventually gave up.
Most likely it is exactly this ...
> As of commit
> https://github.com/ipxe/ipxe/commit/6769a7c3c, we now deliberately leak
> resources once ExitBootServices has been triggered by skipping the cleanup
> calls to UninstallMultipleProtocolInterfaces etc.
... as the ipxe binaries shipped in upstream qemu repo are older
than that commit.
Time to run an update I guess. Trying to update to current ipxe master
gives me build errors though (with fedora 40 + gcc 14):
kraxel@sirius ~/projects/qemu/roms (sirius/ipxe)# make efirom
/usr/bin/gmake -C ipxe/src CONFIG=qemu \
CROSS_COMPILE=x86_64-linux-gnu- \
bin/8086100e.rom bin/808610d3.rom bin/80861209.rom bin/10500940.rom bin/10222000.rom bin/10ec8139.rom bin/1af41000.rom bin/15ad07b0.rom
gmake[1]: Entering directory '/home/kraxel/projects/qemu/roms/ipxe/src'
[BUILD] bin/etherfabric.o
In file included from drivers/net/etherfabric.c:36:
In function ‘falcon_xaui_link_ok’,
inlined from ‘falcon_init_xmac’ at drivers/net/etherfabric.c:2355:14,
inlined from ‘falcon_init_xmac’ at drivers/net/etherfabric.c:2314:1:
drivers/net/etherfabric.h:524:28: error: ‘reg.u32[0]’ may be used uninitialized [-Werror=maybe-uninitialized]
522 | (dword).u32[0] = ( ( (dword).u32[0] \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
523 | & ~EFAB_INPLACE_MASK32 ( 0, 31, field ) ) \
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
524 | | EFAB_INSERT_FIELD32 ( 0, 31, field, value ) ); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/etherfabric.c:2233:9: note: in expansion of macro ‘EFAB_SET_DWORD_FIELD’
2233 | EFAB_SET_DWORD_FIELD ( reg, FCN_XX_DISPERR, FCN_XX_DISPERR_RESET);
| ^~~~~~~~~~~~~~~~~~~~
drivers/net/etherfabric.c: In function ‘falcon_init_xmac’:
drivers/net/etherfabric.c:2213:22: note: ‘reg.u32[0]’ was declared here
2213 | efab_dword_t reg;
| ^~~
cc1: all warnings being treated as errors
gmake[1]: *** [Makefile.housekeeping:964: bin/etherfabric.o] Error 1
gmake[1]: Leaving directory '/home/kraxel/projects/qemu/roms/ipxe/src'
gmake: *** [Makefile:123: build-pxe-roms] Error 2
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119389): https://edk2.groups.io/g/devel/message/119389
Mute This Topic: https://groups.io/mt/106383321/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-30 10:33 ` Gerd Hoffmann
@ 2024-05-30 10:49 ` Michael Brown
2024-05-30 11:48 ` Gerd Hoffmann
0 siblings, 1 reply; 38+ messages in thread
From: Michael Brown @ 2024-05-30 10:49 UTC (permalink / raw)
To: devel, kraxel; +Cc: gaoliming, dougflick, 'Ard Biesheuvel'
On 30/05/2024 11:33, Gerd Hoffmann wrote:
> Most likely it is exactly this ...
>
>> As of commit
>> https://github.com/ipxe/ipxe/commit/6769a7c3c, we now deliberately leak
>> resources once ExitBootServices has been triggered by skipping the cleanup
>> calls to UninstallMultipleProtocolInterfaces etc.
>
> ... as the ipxe binaries shipped in upstream qemu repo are older
> than that commit.
>
> Time to run an update I guess. Trying to update to current ipxe master
> gives me build errors though (with fedora 40 + gcc 14):
Thank you for the report. I'm currently still on Fedora 39 locally, but
will aim to get this build issue sorted in the next few days. In the
meantime, if you build iPXE with "make ... NO_WERROR=1" then that should
work around this particular build failure.
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119390): https://edk2.groups.io/g/devel/message/119390
Mute This Topic: https://groups.io/mt/106383321/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
* Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
2024-05-30 10:49 ` Michael Brown
@ 2024-05-30 11:48 ` Gerd Hoffmann
0 siblings, 0 replies; 38+ messages in thread
From: Gerd Hoffmann @ 2024-05-30 11:48 UTC (permalink / raw)
To: Michael Brown; +Cc: devel, gaoliming, dougflick, 'Ard Biesheuvel'
On Thu, May 30, 2024 at 10:49:25AM GMT, Michael Brown wrote:
> On 30/05/2024 11:33, Gerd Hoffmann wrote:
> > Most likely it is exactly this ...
> >
> > > As of commit
> > > https://github.com/ipxe/ipxe/commit/6769a7c3c, we now deliberately leak
> > > resources once ExitBootServices has been triggered by skipping the cleanup
> > > calls to UninstallMultipleProtocolInterfaces etc.
> >
> > ... as the ipxe binaries shipped in upstream qemu repo are older
> > than that commit.
> >
> > Time to run an update I guess. Trying to update to current ipxe master
> > gives me build errors though (with fedora 40 + gcc 14):
>
> Thank you for the report. I'm currently still on Fedora 39 locally, but
> will aim to get this build issue sorted in the next few days. In the
> meantime, if you build iPXE with "make ... NO_WERROR=1" then that should
> work around this particular build failure.
Confirmed that with ipxe updated the issue is gone.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119391): https://edk2.groups.io/g/devel/message/119391
Mute This Topic: https://groups.io/mt/106383321/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 38+ messages in thread
end of thread, other threads:[~2024-05-30 11:48 UTC | newest]
Thread overview: 38+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-24 5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
2024-05-24 5:53 ` Yao, Jiewen
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() Doug Flick via groups.io
2024-05-24 6:47 ` 回复: " gaoliming via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI Doug Flick via groups.io
2024-05-24 5:45 ` [edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit Doug Flick via groups.io
2024-05-24 7:01 ` 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
2024-05-24 7:07 ` Ard Biesheuvel
2024-05-24 9:12 ` 回复: " gaoliming via groups.io
2024-05-24 9:41 ` Ard Biesheuvel
2024-05-24 11:48 ` Gerd Hoffmann
2024-05-24 14:51 ` 回复: " gaoliming via groups.io
2024-05-24 16:50 ` [edk2-devel] " Doug Flick via groups.io
2024-05-25 4:33 ` 回复: " gaoliming via groups.io
[not found] ` <17D27450B424AC2B.30215@groups.io>
2024-05-24 16:00 ` gaoliming via groups.io
2024-05-29 13:09 ` Gerd Hoffmann
2024-05-30 5:07 ` 回复: " gaoliming via groups.io
2024-05-30 9:31 ` Gerd Hoffmann
2024-05-30 10:08 ` Michael Brown
2024-05-30 10:33 ` Gerd Hoffmann
2024-05-30 10:49 ` Michael Brown
2024-05-30 11:48 ` Gerd Hoffmann
-- strict thread matches above, loose matches on Subject: below --
2024-05-24 5:44 Doug Flick via groups.io
2024-05-24 5:44 ` [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI Doug Flick via groups.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox