From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4F2171A1E8E for ; Tue, 11 Oct 2016 07:06:25 -0700 (PDT) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga103.jf.intel.com with ESMTP; 11 Oct 2016 07:06:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,329,1473145200"; d="scan'208,217";a="178726446" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga004.fm.intel.com with ESMTP; 11 Oct 2016 07:06:22 -0700 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 11 Oct 2016 07:06:22 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 11 Oct 2016 07:06:21 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.15]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.118]) with mapi id 14.03.0248.002; Tue, 11 Oct 2016 22:06:19 +0800 From: "Yao, Jiewen" To: Sean Brogan , "edk2-devel@lists.01.org" CC: "Kinney, Michael D" , "Zeng, Star" , "Tian, Feng" , "Gao, Liming" , "Zhang, Chao B" Thread-Topic: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add FmpAuthenticationLib header. Thread-Index: AQHSGxVWDnB2ujQ5Vk+MVFqPm8/446CjBNiwgABTV/A= Date: Tue, 11 Oct 2016 14:06:18 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386A13EA@shsmsx102.ccr.corp.intel.com> References: <1475238128-22448-1-git-send-email-jiewen.yao@intel.com> <1475238128-22448-4-git-send-email-jiewen.yao@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [PATCH V2 03/50] MdeModulePkg/Include: Add FmpAuthenticationLib header. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2016 14:06:25 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable HI Sean We need support PKCS7 authentication for capsule BIOS update, and we need s= upport RSA2048SHA256 authentication for recovery image. They are using same format, and the only difference is cert type. That is why we choose *registration*. A platform has the flexibility to cho= ose 1 or more algo for authenticating capsule update or recovery. If we choose to mix all those into one library, the recovery module size wi= ll be increased. We do not want to see that. As alternative, if we want to remove registration, we may implement one ins= tance for PKCS7, and another instance for RSA2048SHA256. The capsule update= one links PKCS7 instance and recovery one links RSA2048SHA256. What do you think? Thank you Yao Jiewen From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Sean= Brogan Sent: Tuesday, October 11, 2016 5:22 PM To: Yao, Jiewen ; edk2-devel@lists.01.org Cc: Kinney, Michael D ; Zeng, Star ; Tian, Feng ; Gao, Liming ; Zhang, Chao B Subject: Re: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add FmpAuthentic= ationLib header. I think this library and the design of registering different auth handlers = is not the right design for FMP auth verification. This isn't something t= hat needs extension thru registration. This is a controlled environment. I= also don't think the capsule runtime should be using these auth services. = How I see it the design abstraction of FMP is that the FMP instance does t= he verification and unwrapping of the capsule in its checkimage/set image r= outines. By keeping FMP self-contained a platform gains a lot of flexibili= ty. FMP SetImage can be called from the UEFI shell or other application be= fore exit boot services so it must always verify the image before applying = anyway. I would ask that this too be moved to your new sample package or removed fr= om the design. Thanks Sean > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jiewen Yao > Sent: Friday, September 30, 2016 5:21 AM > To: edk2-devel@lists.01.org > Cc: Michael D Kinney >; Feng Tian > >; Chao Zhang >; Liming Gao > >; Star Zeng > > Subject: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add > FmpAuthenticationLib header. > > This library is used to authenticate a UEFI defined FMP Capsule. > > Cc: Feng Tian > > Cc: Star Zeng > > Cc: Michael D Kinney > > Cc: Liming Gao > > Cc: Chao Zhang > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > > Reviewed-by: Liming Gao > > --- > MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 91 > ++++++++++++++++++++ > 1 file changed, 91 insertions(+) > > diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > new file mode 100644 > index 0000000..895698e > --- /dev/null > +++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > @@ -0,0 +1,91 @@ > +/** @file > + FMP capsule authenitcation Library. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
This > +program and the accompanying materials are licensed and made available > +under the terms and conditions of the BSD License which accompanies > +this distribution. The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > + > +**/ > + > + > +#ifndef __FMP_AUTHENTICATION_LIB_H__ > +#define __FMP_AUTHENTICATION_LIB_H__ > + > +/** > + The handler is used to do the authentication for FMP capsule based > +upon > + EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + > + Caution: This function may receive untrusted input. > + > + @param[in] Image Points to the new FMP authentication = image, > + start from EFI_FIRMWARE_IMAGE_AUTHENT= ICATION. > + @param[in] ImageSize Size of the authentication image in b= ytes. > + @param[out] LastAttemptStatus The last attempt status, which will b= e > recorded > + in ESRT and FMP EFI_FIRMWARE_IMAGE_DE= SCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in Last= AttemptStatus. > +**/ > +typedef > +RETURN_STATUS > +(EFIAPI *FMP_AUTHENTICATION_HANDLER) ( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +/** > + Register FMP authentication handler with CertType. > + > + If CertType is NULL, then ASSERT(). > + If FmpAuthenticationHandler is NULL, then ASSERT(). > + > + @param[in] CertType The certificate type associated= with the > FMP auth handler. > + @param[in] FmpAuthenticationHandler The FMP authentication handler = to > be registered. > + > + @retval RETURN_SUCCESS The handlers were registered. > + @retval RETURN_OUT_OF_RESOURCES There are not enough resources > available to register the handlers. > +**/ > +RETURN_STATUS > +EFIAPI > +RegisterFmpAuthenticationHandler( > + IN GUID *CertType, > + IN FMP_AUTHENTICATION_HANDLER FmpAuthenticationHandler > + ); > + > +/** > + Execute FMP authentication handlers. > + > + Caution: This function may receive untrusted input. > + > + If Image is NULL, then ASSERT(). > + If ImageSize is 0, then ASSERT(). > + If LastAttemptStatus is NULL, then ASSERT(). > + > + @param[in] Image Points to the new FMP authentication = image, > + start from EFI_FIRMWARE_IMAGE_AUTHENT= ICATION. > + @param[in] ImageSize Size of the authentication image in b= ytes. > + @param[out] LastAttemptStatus The last attempt status, which will b= e > recorded > + in ESRT and FMP EFI_FIRMWARE_IMAGE_DE= SCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in Last= AttemptStatus. > + @retval RETURN_UNSUPPORTED No Authentication handler associated > with CertType. > +**/ > +RETURN_STATUS > +EFIAPI > +ExecuteFmpAuthenticationHandler( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +#endif > + > -- > 2.7.4.windows.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel