From: "Wei, David" <david.wei@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
Date: Thu, 15 Mar 2018 02:20:16 +0000 [thread overview]
Message-ID: <89954A0B46707A448411A627AD4EEE346901EAF4@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <20180312193017.15156-5-michael.d.kinney@intel.com>
Reviewed-by: david wei <david.wei@intel.com>
Thanks,
David Wei
Intel SSG/STO/UEFI BIOS
-----Original Message-----
From: Kinney, Michael D
Sent: Tuesday, March 13, 2018 3:30 AM
To: edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Wei, David <david.wei@intel.com>; Guo, Mang <mang.guo@intel.com>
Subject: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
From: Michael D Kinney <michael.d.kinney@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=891
Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
of the test key. If the test key is found in either PCD, then the warning
messages for the use of a test key must be presented.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
.../Library/PlatformBdsLib/BdsPlatform.c | 57 +++++++++++++++++++++-
.../Library/PlatformBdsLib/PlatformBdsLib.inf | 22 +++++----
2 files changed, 68 insertions(+), 11 deletions(-)
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 7f91777ea1..4aac7a2487 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -1,6 +1,6 @@
/** @file
- Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
@@ -2417,6 +2417,10 @@ ShowProgressHotKey (
UINTN TmpStrSize;
VOID *Buffer;
UINTN Size;
+ VOID *PublicKeyData;
+ UINTN PublicKeyDataLength;
+ UINT8 *PublicKeyDataXdr;
+ UINT8 *PublicKeyDataXdrEnd;
if (TimeoutDefault == 0) {
return EFI_TIMEOUT;
@@ -2484,6 +2488,57 @@ ShowProgressHotKey (
}
PcdSetBoolS(PcdTestKeyUsed, TRUE);
}
+
+ //
+ // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key
+ //
+ PublicKeyDataXdr = PcdGetPtr (PcdPkcs7CertBufferXdr);
+ PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBufferXdr);
+
+ ASSERT (PublicKeyDataXdr != NULL);
+ ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd);
+
+ //
+ // Try each key from PcdPkcs7CertBufferXdr
+ //
+ while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
+ if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
+ //
+ // Key data extends beyond end of PCD
+ //
+ break;
+ }
+ //
+ // Read key length stored in big endian format
+ //
+ PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
+ //
+ // Point to the start of the key data
+ //
+ PublicKeyDataXdr += sizeof (UINT32);
+ if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
+ //
+ // Key data extends beyond end of PCD
+ //
+ break;
+ }
+ PublicKeyData = PublicKeyDataXdr;
+
+ if ((Size == PublicKeyDataLength) &&
+ (CompareMem(Buffer, PublicKeyData, Size) == 0)) {
+ TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n";
+ if (DebugAssertEnabled()) {
+ DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n"));
+ } else {
+ SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", sizeof("\n\nWARNING: Capsule Test Key is used."));
+ }
+ PcdSetBoolS(PcdTestKeyUsed, TRUE);
+ }
+
+ PublicKeyDataXdr += PublicKeyDataLength;
+ PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeof(UINT32));
+ }
+
FreePool(Buffer);
}
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 7512556bb7..9f84d7b2e0 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -1,16 +1,17 @@
#/** @file
# Component name for module PlatformBootManagerLib
#
-# Copyright (c) 2008 - 2016, Intel Corporation. All rights reserved.<BR>
-#
-# This program and the accompanying materials are licensed and made available under
-# the terms and conditions of the BSD License that accompanies this distribution.
-# The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php.
-#
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
+# Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available under
+# the terms and conditions of the BSD License that accompanies this distribution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
#
#
#
@@ -108,6 +109,7 @@ [Pcd]
gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+ gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr
gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base
gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
--
2.14.2.windows.3
next prev parent reply other threads:[~2018-03-15 2:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 19:30 [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Kinney, Michael D
2018-03-12 19:30 ` [Patch 1/5] BaseTools/BinToPcd: Add support for multiple binary input files Kinney, Michael D
2018-03-12 19:30 ` [Patch 2/5] SecurityPkg: Add PcdPkcs7CertBufferXdr Kinney, Michael D
2018-03-12 19:30 ` [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr Kinney, Michael D
2018-03-15 6:36 ` Gao, Liming
2018-03-12 19:30 ` [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr Kinney, Michael D
2018-03-15 2:20 ` Wei, David [this message]
2018-03-12 19:30 ` [Patch 5/5] QuarkPlatformPkg/PlatformBootManagerLib: " Kinney, Michael D
2018-03-14 15:29 ` [Patch 0/5] Add multi-cert PcdPkcs7CertBufferXdr Steele, Kelly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89954A0B46707A448411A627AD4EEE346901EAF4@SHSMSX101.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox