From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <david.wei@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com;
 envelope-from=david.wei@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 24BB021E49032
 for <edk2-devel@lists.01.org>; Wed, 14 Mar 2018 19:13:58 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 14 Mar 2018 19:20:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24795927"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by orsmga007.jf.intel.com with ESMTP; 14 Mar 2018 19:20:21 -0700
Received: from fmsmsx153.amr.corp.intel.com (10.18.125.6) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 14 Mar 2018 19:20:21 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 FMSMSX153.amr.corp.intel.com (10.18.125.6) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 14 Mar 2018 19:20:20 -0700
Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.166]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.235]) with mapi id 14.03.0319.002;
 Thu, 15 Mar 2018 10:20:18 +0800
From: "Wei, David" <david.wei@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
 "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Thread-Topic: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check
 PcdPkcs7CertBufferXdr
Thread-Index: AQHTujibEJfr6RkjGkKw/so89I8dFqPQk4/w
Date: Thu, 15 Mar 2018 02:20:16 +0000
Message-ID: <89954A0B46707A448411A627AD4EEE346901EAF4@SHSMSX101.ccr.corp.intel.com>
References: <20180312193017.15156-1-michael.d.kinney@intel.com>
 <20180312193017.15156-5-michael.d.kinney@intel.com>
In-Reply-To: <20180312193017.15156-5-michael.d.kinney@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzU3OWE3NTItYmU5MS00Y2Y0LTllOGYtN2RhZDI3ZTk2YjU0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiI4QnUyeFIzVHVxdldZNWJaMUJ6OXJuXC8waGJYMTdqRGJVXC8yXC92Q2ZvT016bFE1K2Fra1gyUlprOVBGRnd3Z045In0=
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkcs7CertBufferXdr
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Mar 2018 02:13:59 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: david wei <david.wei@intel.com>=20

Thanks,
David  Wei

Intel SSG/STO/UEFI BIOS                                =20


-----Original Message-----
From: Kinney, Michael D=20
Sent: Tuesday, March 13, 2018 3:30 AM
To: edk2-devel@lists.01.org
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Sean Brogan <sean.broga=
n@microsoft.com>; Wei, David <david.wei@intel.com>; Guo, Mang <mang.guo@int=
el.com>
Subject: [Patch 4/5] Vlv2TbltDevicePkg/PlatformBootManagerLib: Check PcdPkc=
s7CertBufferXdr

From: Michael D Kinney <michael.d.kinney@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=3D891

Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
of the test key.  If the test key is found in either PCD, then the warning
messages for the use of a test key must be presented.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: David Wei <david.wei@intel.com>
Cc: Mang Guo <mang.guo@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .../Library/PlatformBdsLib/BdsPlatform.c           | 57 ++++++++++++++++++=
+++-
 .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++++----
 2 files changed, 68 insertions(+), 11 deletions(-)

diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2T=
bltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 7f91777ea1..4aac7a2487 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -1,6 +1,6 @@
 /** @file
=20
-  Copyright (c) 2004  - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2004  - 2018, Intel Corporation. All rights reserved.<BR>
                                                                           =
        =20
   This program and the accompanying materials are licensed and made availa=
ble under
   the terms and conditions of the BSD License that accompanies this distri=
bution. =20
@@ -2417,6 +2417,10 @@ ShowProgressHotKey (
   UINTN                         TmpStrSize;
   VOID                          *Buffer;
   UINTN                         Size;
+  VOID                          *PublicKeyData;
+  UINTN                         PublicKeyDataLength;
+  UINT8                         *PublicKeyDataXdr;
+  UINT8                         *PublicKeyDataXdrEnd;
=20
   if (TimeoutDefault =3D=3D 0) {
     return EFI_TIMEOUT;
@@ -2484,6 +2488,57 @@ ShowProgressHotKey (
       }
       PcdSetBoolS(PcdTestKeyUsed, TRUE);
     }
+
+    //
+    // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test =
key
+    //
+    PublicKeyDataXdr    =3D PcdGetPtr (PcdPkcs7CertBufferXdr);
+    PublicKeyDataXdrEnd =3D PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertBuf=
ferXdr);
+
+    ASSERT (PublicKeyDataXdr !=3D NULL);
+    ASSERT (PublicKeyDataXdr !=3D PublicKeyDataXdrEnd);
+
+    //
+    // Try each key from PcdPkcs7CertBufferXdr
+    //
+    while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
+      if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      //
+      // Read key length stored in big endian format
+      //
+      PublicKeyDataLength =3D SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
+      //
+      // Point to the start of the key data
+      //
+      PublicKeyDataXdr +=3D sizeof (UINT32);
+      if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      PublicKeyData =3D PublicKeyDataXdr;
+
+      if ((Size =3D=3D PublicKeyDataLength) &&
+          (CompareMem(Buffer, PublicKeyData, Size) =3D=3D 0)) {
+        TmpStr3 =3D L"WARNING: Capsule Test Key is used.\r\n";
+        if (DebugAssertEnabled()) {
+          DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n"=
));
+        } else {
+          SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.=
", sizeof("\n\nWARNING: Capsule Test Key is used."));
+        }
+        PcdSetBoolS(PcdTestKeyUsed, TRUE);
+      }
+
+      PublicKeyDataXdr +=3D PublicKeyDataLength;
+      PublicKeyDataXdr =3D (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, sizeo=
f(UINT32));
+    }
+
     FreePool(Buffer);
   }
=20
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf b/=
Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 7512556bb7..9f84d7b2e0 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -1,16 +1,17 @@
 #/** @file
 # Component name for module PlatformBootManagerLib
 #
-# Copyright (c) 2008  - 2016, Intel Corporation. All rights reserved.<BR>
-#                                                                         =
        =20

-# This program and the accompanying materials are licensed and made availa=
ble under

-# the terms and conditions of the BSD License that accompanies this distri=
bution. =20

-# The full text of the license may be found at                            =
        =20

-# http://opensource.org/licenses/bsd-license.php.                         =
        =20

-#                                                                         =
        =20

-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,   =
        =20

-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.   =20

-#                                                                         =
        =20

+# Copyright (c) 2008  - 2018, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made availa=
ble under
+# the terms and conditions of the BSD License that accompanies this distri=
bution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
+#
 #
 #
 #
@@ -108,6 +109,7 @@ [Pcd]
   gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr
   gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
   gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base
   gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
--=20
2.14.2.windows.3