From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Permerror (SPF Permanent Error: More than 10 MX records returned) identity=mailfrom; client-ip=192.55.52.136; helo=mga12.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B4C9B21B02833 for ; Thu, 7 Dec 2017 00:09:17 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Dec 2017 00:13:50 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,372,1508828400"; d="scan'208";a="156751094" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga004.jf.intel.com with ESMTP; 07 Dec 2017 00:13:49 -0800 Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 7 Dec 2017 00:13:49 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 7 Dec 2017 00:13:49 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.175]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.159]) with mapi id 14.03.0319.002; Thu, 7 Dec 2017 16:13:46 +0800 From: "Yao, Jiewen" To: "Gao, Liming" , "edk2-devel@lists.01.org" Thread-Topic: [Patch] SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check PCD value Thread-Index: AQHTZ/i16zJWjEV8jEq1crYj1dW0A6M3lp2A Date: Thu, 7 Dec 2017 08:13:46 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AA3CFD3@shsmsx102.ccr.corp.intel.com> References: <1511839594-6220-1-git-send-email-liming.gao@intel.com> In-Reply-To: <1511839594-6220-1-git-send-email-liming.gao@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYTA1NmYyZjUtYjNhMC00ZmFlLWI5YWMtMGNhMGY3OTUwNTA2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJQZzQ3dGdNV2RGU29DTU5VUmV1WDN3NDJ6cDdiK25weEN0cmkrZWI5N2tDZk5ieHJ5MzdQajhPdXRHdTMzbjVVIn0= x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [Patch] SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check PCD value X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 08:09:17 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Gao, Liming > Sent: Tuesday, November 28, 2017 11:27 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen > Subject: [Patch] SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check = PCD > value >=20 > If PCD value is not set, register PcdCallBack to hook PCD value set >=20 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Liming Gao > Cc: Jiewen Yao > --- > .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 86 > +++++++++++++++++++++- > .../EdkiiSystemCapsuleLib.inf | 3 + > 2 files changed, 87 insertions(+), 2 deletions(-) >=20 > diff --git > a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > index 62be8eb..876d225 100644 > --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLi= b.c > +++ > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c > @@ -29,6 +29,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -600,6 +601,10 @@ CapsuleAuthenticateSystemFirmware ( > // NOTE: This function need run in an isolated environment. > // Do not touch FMP protocol and its private structure. > // > + if (mImageFmpInfo =3D=3D NULL) { > + DEBUG((DEBUG_INFO, "ImageFmpInfo is not set\n")); > + return EFI_SECURITY_VIOLATION; > + } >=20 > Result =3D ExtractAuthenticatedImage((VOID *)Image, ImageSize, > LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize); > if (!Result) { > @@ -655,6 +660,53 @@ CapsuleAuthenticateSystemFirmware ( > } >=20 > /** > + PcdCallBack gets the real set PCD value > + > + @param[in] CallBackGuid The PCD token GUID being set. > + @param[in] CallBackToken The PCD token number being set. > + @param[in, out] TokenData A pointer to the token data being set. > + @param[in] TokenDataSize The size, in bytes, of the data being = set. > + > +**/ > +VOID > +EFIAPI > +EdkiiSystemCapsuleLibPcdCallBack ( > + IN CONST GUID *CallBackGuid, OPTIONAL > + IN UINTN CallBackToken, > + IN OUT VOID *TokenData, > + IN UINTN TokenDataSize > + ) > +{ > + if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) && > + CallBackToken =3D=3D PcdToken (PcdEdkiiSystemFirmwareImageDescript= or)) > { > + mImageFmpInfoSize =3D TokenDataSize; > + mImageFmpInfo =3D AllocateCopyPool (mImageFmpInfoSize, TokenData); > + ASSERT(mImageFmpInfo !=3D NULL); > + // > + // Cancel Callback after get the real set value > + // > + LibPcdCancelCallback ( > + &gEfiSignedCapsulePkgTokenSpaceGuid, > + PcdToken (PcdEdkiiSystemFirmwareImageDescriptor), > + EdkiiSystemCapsuleLibPcdCallBack > + ); > + } > + > + if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) && > + CallBackToken =3D=3D PcdToken (PcdEdkiiSystemFirmwareFileGuid)) { > + CopyGuid(&mEdkiiSystemFirmwareFileGuid, TokenData); > + // > + // Cancel Callback after get the real set value > + // > + LibPcdCancelCallback ( > + &gEfiSignedCapsulePkgTokenSpaceGuid, > + PcdToken (PcdEdkiiSystemFirmwareFileGuid), > + EdkiiSystemCapsuleLibPcdCallBack > + ); > + } > +} > + > +/** > The constructor function. >=20 > @retval EFI_SUCCESS The constructor successfully . > @@ -666,8 +718,38 @@ EdkiiSystemCapsuleLibConstructor ( > ) > { > mImageFmpInfoSize =3D > PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor); > - mImageFmpInfo =3D AllocateCopyPool (mImageFmpInfoSize, > PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor)); > - ASSERT(mImageFmpInfo !=3D NULL); > + mImageFmpInfo =3D > PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor); > + // > + // Verify Firmware Image Descriptor first > + // > + if (mImageFmpInfoSize < sizeof > (EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR) || > + mImageFmpInfo->Signature !=3D > EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) { > + // > + // SystemFirmwareImageDescriptor is not set. > + // Register PCD set callback to hook PCD value set. > + // > + mImageFmpInfo =3D NULL; > + mImageFmpInfoSize =3D 0; > + LibPcdCallbackOnSet ( > + &gEfiSignedCapsulePkgTokenSpaceGuid, > + PcdToken (PcdEdkiiSystemFirmwareImageDescriptor), > + EdkiiSystemCapsuleLibPcdCallBack > + ); > + } else { > + mImageFmpInfo =3D AllocateCopyPool (mImageFmpInfoSize, > mImageFmpInfo); > + ASSERT(mImageFmpInfo !=3D NULL); > + } > + > CopyGuid(&mEdkiiSystemFirmwareFileGuid, > PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid)); > + // > + // Verify GUID value first > + // > + if (CompareGuid (&mEdkiiSystemFirmwareFileGuid, &gZeroGuid)) { > + LibPcdCallbackOnSet ( > + &gEfiSignedCapsulePkgTokenSpaceGuid, > + PcdToken (PcdEdkiiSystemFirmwareFileGuid), > + EdkiiSystemCapsuleLibPcdCallBack > + ); > + } > return EFI_SUCCESS; > } > diff --git > a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.in= f > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.in= f > index a21e75c..a721619 100644 > --- > a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.in= f > +++ > b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.in= f > @@ -43,6 +43,7 @@ > BaseLib > BaseMemoryLib > DebugLib > + PcdLib > MemoryAllocationLib > FmpAuthenticationLib >=20 > @@ -58,4 +59,6 @@ > gEdkiiSystemFmpCapsuleDriverFvFileGuid ## > SOMETIMES_CONSUMES ## GUID > gEfiCertPkcs7Guid ## > SOMETIMES_CONSUMES ## GUID > gEfiCertTypeRsa2048Sha256Guid ## > SOMETIMES_CONSUMES ## GUID > + gEfiSignedCapsulePkgTokenSpaceGuid ## > SOMETIMES_CONSUMES ## GUID > + gZeroGuid ## > SOMETIMES_CONSUMES ## GUID >=20 > -- > 2.8.0.windows.1