From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 39FBE20D2C3B9 for ; Thu, 30 Mar 2017 01:26:24 -0700 (PDT) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP; 30 Mar 2017 01:26:23 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,245,1486454400"; d="scan'208";a="82218309" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga005.fm.intel.com with ESMTP; 30 Mar 2017 01:26:23 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 30 Mar 2017 01:26:22 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.253]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.82]) with mapi id 14.03.0248.002; Thu, 30 Mar 2017 16:26:20 +0800 From: "Long, Qin" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Fu, Siyuan" Thread-Topic: [PATCH] SecureBoot UI Update Thread-Index: AQHSqPl7oRH0p5gibk2slGqKJ5IgWaGtCohg Date: Thu, 30 Mar 2017 08:26:20 +0000 Message-ID: References: <20170330020045.21452-1-chao.b.zhang@intel.com> In-Reply-To: <20170330020045.21452-1-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] SecureBoot UI Update X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Mar 2017 08:26:24 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Long Qin And some typos need to be corrected when check-in: +EnrollAuthenication2Descriptor ( --> EnrollAuthentication2Description ( + return EnrollAuthenication2Descriptor(Private, VariableName); --> EnrollAuthentication2Descriptor + IfrNvData->FileEnrollType =3D AUTHENCIATION_2_FILE_TYPE; = --> AUTHENTICATION_2_FILE_TYPE; +#define AUTHENCIATION_2_FILE_TYPE 2 --> AUTHENTICATION_2_FILE_TYPE + UINT8 FileEnrollType; // File type of sigunature enroll = --> Signature +#string STR_DBX_AUTH_2_FORMAT #language en-US "VARIABLE_AUTHE= NICATION_2" = --> VARIABLE_AUTHENTICATION_2" > -----Original Message----- > From: Zhang, Chao B > Sent: Thursday, March 30, 2017 10:01 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin; Fu, Siyuan > Subject: [PATCH] SecureBoot UI Update >=20 > --- > .../SecureBootConfigDxe/SecureBootConfig.vfr | 38 +++- > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 196 > ++++++++++++++++++++- > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 32 ++++ > .../SecureBootConfigDxe/SecureBootConfigNvData.h | 5 + > .../SecureBootConfigStrings.uni | 13 +- > 5 files changed, 268 insertions(+), 16 deletions(-) >=20 > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > fig.vfr > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > fig.vfr > index 02ddf4a..e153eca 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > fig.vfr > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfig.vfr > @@ -455,15 +455,35 @@ formset > maxsize =3D SECURE_BOOT_GUID_SIZE, > endstring; >=20 > - oneof name =3D SignatureFormatInDbx, > - varid =3D SECUREBOOT_CONFIGURATION.CertificateFormat, > - prompt =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), > - help =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), > - option text =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value =3D 0x2, > flags =3D DEFAULT; > - option text =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value =3D 0x3, > flags =3D 0; > - option text =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value =3D 0x4, > flags =3D 0; > - option text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), > value =3D 0x5, flags =3D 0; > - endoneof; > + disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType =3D=3D= 1; > + oneof name =3D X509SignatureFormatInDbx, > + varid =3D SECUREBOOT_CONFIGURATION.CertificateFormat, > + prompt =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), > + help =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP= ), > + option text =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value =3D 0x2, > flags =3D DEFAULT; > + option text =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value =3D 0x3, > flags =3D 0; > + option text =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value =3D 0x4, > flags =3D 0; > + option text =3D > STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value =3D 0x5, flags =3D > 0; > + endoneof; > + endif; > + > + disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType =3D=3D= 2; > + grayoutif TRUE; > + text > + help =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), > // Help string > + text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), > // Prompt string > + text =3D STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); = // > TextTwo > + endif; > + endif; > + > + suppressif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType =3D=3D 3; > + grayoutif TRUE; > + text > + help =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), > // Help string > + text =3D STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), > // Prompt string > + text =3D STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); = // > TextTwo > + endif; > + endif; >=20 > suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat =3D=3D= 5; > checkbox varid =3D SECUREBOOT_CONFIGURATION.AlwaysRevocation, > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.c > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.c > index 6f58729..17fe120 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.c > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigImpl.c > @@ -120,6 +120,61 @@ IsDerEncodeCertificate ( } >=20 > /** > + This code checks if the file content complies with > +EFI_VARIABLE_AUTHENTICATION_2 format The function reads file content > but won't open/close given FileHandle. > + > + @param[in] FileHandle The FileHandle to be checked > + > + @retval TRUE The content is EFI_VARIABLE_AUTHENTICATION_= 2 > format. > + @retval FALSE The content is NOT a > EFI_VARIABLE_AUTHENTICATION_2 format. > + > +**/ > +BOOLEAN > +IsAuthentication2Format ( > + IN EFI_FILE_HANDLE FileHandle > +) > +{ > + EFI_STATUS Status; > + EFI_VARIABLE_AUTHENTICATION_2 *Auth2; > + BOOLEAN IsAuth2Format; > + > + IsAuth2Format =3D FALSE; > + > + // > + // Read the whole file content > + // > + Status =3D ReadFileContent( > + FileHandle, > + (VOID **) &mImageBase, > + &mImageSize, > + 0 > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + > + Auth2 =3D (EFI_VARIABLE_AUTHENTICATION_2 *)mImageBase; if > + (Auth2->AuthInfo.Hdr.wCertificateType !=3D WIN_CERT_TYPE_EFI_GUID) { > + goto ON_EXIT; > + } > + > + if (CompareGuid(&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) { > + IsAuth2Format =3D TRUE; > + } > + > +ON_EXIT: > + // > + // Do not close File. simply check file content > + // > + if (mImageBase !=3D NULL) { > + FreePool (mImageBase); > + mImageBase =3D NULL; > + } > + > + return IsAuth2Format; > +} > + > +/** > Set Secure Boot option into variable space. >=20 > @param[in] VarValue The option of Secure Boot. > @@ -2081,6 +2136,115 @@ HashPeImageByType ( >=20 > **/ > EFI_STATUS > +EnrollAuthenication2Descriptor ( > + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, > + IN CHAR16 *VariableName > + ) > +{ > + EFI_STATUS Status; > + VOID *Data; > + UINTN DataSize; > + UINT32 Attr; > + > + Data =3D NULL; > + > + // > + // DBT only support DER-X509 Cert Enrollment // if (StrCmp > + (VariableName, EFI_IMAGE_SECURITY_DATABASE2) =3D=3D 0) { > + return EFI_UNSUPPORTED; > + } > + > + // > + // Read the whole file content > + // > + Status =3D ReadFileContent( > + Private->FileContext->FHandle, > + (VOID **) &mImageBase, > + &mImageSize, > + 0 > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > + ASSERT (mImageBase !=3D NULL); > + > + Attr =3D EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS > + | EFI_VARIABLE_BOOTSERVICE_ACCESS | > + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; > + > + // > + // Check if SigDB variable has been already existed. > + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the // > + new signature data to original variable // DataSize =3D 0; Status = =3D > + gRT->GetVariable( > + VariableName, > + &gEfiImageSecurityDatabaseGuid, > + NULL, > + &DataSize, > + NULL > + ); > + if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + Attr |=3D EFI_VARIABLE_APPEND_WRITE; > + } else if (Status !=3D EFI_NOT_FOUND) { > + goto ON_EXIT; > + } > + > + > + DEBUG((DEBUG_ERROR, "DBX update binary %s %x %Attr > + %x\n",VariableName, mImageSize, Attr)); // // Diretly set > + AUTHENTICATION_2 data to SetVariable // Status =3D gRT->SetVariable( > + VariableName, > + &gEfiImageSecurityDatabaseGuid, > + Attr, > + mImageSize, > + mImageBase > + ); > + > + DEBUG((DEBUG_ERROR, "DBX update binary status %x\n", Status)); > + > +ON_EXIT: > + > + CloseFile (Private->FileContext->FHandle); > + Private->FileContext->FHandle =3D NULL; > + > + if (Private->FileContext->FileName !=3D NULL){ > + FreePool(Private->FileContext->FileName); > + Private->FileContext->FileName =3D NULL; } > + > + if (Data !=3D NULL) { > + FreePool (Data); > + } > + > + if (mImageBase !=3D NULL) { > + FreePool (mImageBase); > + mImageBase =3D NULL; > + } > + > + return Status; > + > +} > + > + > +/** > + Enroll a new executable's signature into Signature Database. > + > + @param[in] PrivateData The module's private data. > + @param[in] VariableName Variable name of signature database, must b= e > + EFI_IMAGE_SECURITY_DATABASE, > EFI_IMAGE_SECURITY_DATABASE1 > + or EFI_IMAGE_SECURITY_DATABASE2. > + > + @retval EFI_SUCCESS New signature is enrolled successfull= y. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED Unsupported command. > + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. > + > +**/ > +EFI_STATUS > EnrollImageSignatureToSigDB ( > IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, > IN CHAR16 *VariableName > @@ -2305,10 +2469,12 @@ EnrollSignatureDatabase ( > // Supports DER-encoded X509 certificate. > // > return EnrollX509toSigDB (Private, VariableName); > + } else if (IsAuthentication2Format(Private->FileContext->FHandle)){ > + return EnrollAuthenication2Descriptor(Private, VariableName); } > + else { > + return EnrollImageSignatureToSigDB (Private, VariableName); > } > - > - return EnrollImageSignatureToSigDB (Private, VariableName); -} > +} >=20 > /** > List all signatures in specified signature database (e.g. KEK/DB/DBX/D= BT) > @@ -2957,6 +3123,7 @@ SecureBootExtractConfigFromVariable ( > // Initilize the Date and Time using system time. > // > ConfigData->CertificateFormat =3D HASHALG_RAW; > + ConfigData->FileEnrollType =3D UNKNOWN_FILE_TYPE; > ConfigData->AlwaysRevocation =3D TRUE; > gRT->GetTime (&CurrTime, NULL); > ConfigData->RevocationDate.Year =3D CurrTime.Year; > @@ -3258,6 +3425,8 @@ SecureBootCallback ( > UINT8 *SetupMode; > CHAR16 PromptString[100]; > EFI_DEVICE_PATH_PROTOCOL *File; > + UINTN NameLength; > + UINT16 *FilePostFix; >=20 > Status =3D EFI_SUCCESS; > SecureBootEnable =3D NULL; > @@ -3393,6 +3562,27 @@ SecureBootCallback ( >=20 > case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX: > ChooseFile (NULL, NULL, UpdateDBXFromFile, &File); > + // > + // Parse the file's postfix. > + // > + NameLength =3D StrLen (Private->FileContext->FileName); > + if (NameLength <=3D 4) { > + return FALSE; > + } > + FilePostFix =3D Private->FileContext->FileName + NameLength - 4; > + > + if (IsDerEncodeCertificate (FilePostFix)) { > + // > + // Supports DER-encoded X509 certificate. > + // > + IfrNvData->FileEnrollType =3D X509_CERT_FILE_TYPE; > + } else if (IsAuthentication2Format(gSecureBootPrivateData- > >FileContext->FHandle)){ > + IfrNvData->FileEnrollType =3D AUTHENCIATION_2_FILE_TYPE; > + } else { > + IfrNvData->FileEnrollType =3D PE_IMAGE_FILE_TYPE; > + } > + DEBUG((DEBUG_ERROR, "IfrNvData->FileEnrollType %d\n", IfrNvData- > >FileEnrollType)); > + HiiSetBrowserData(&gSecureBootConfigFormSetGuid, > + mSecureBootStorageName, sizeof > (SECUREBOOT_CONFIGURATION),(UINT8 > + *)IfrNvData, NULL); > break; >=20 > case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT: > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.h > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.h > index bea9470..f9b75e6 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.h > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigImpl.h > @@ -47,6 +47,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > #include > #include > #include > +#include >=20 > #include "SecureBootConfigNvData.h" >=20 > @@ -582,4 +583,35 @@ UpdateDBTFromFile ( > IN EFI_DEVICE_PATH_PROTOCOL *FilePath > ); >=20 > +/** > + This code checks if the FileSuffix is one of the possible DER-encoded > certificate suffix. > + > + @param[in] FileSuffix The suffix of the input certificate f= ile > + > + @retval TRUE It's a DER-encoded certificate. > + @retval FALSE It's NOT a DER-encoded certificate. > + > +**/ > +BOOLEAN > +IsDerEncodeCertificate ( > + IN CONST CHAR16 *FileSuffix > +); > + > + > +/** > + This code checks if the file content complies with > +EFI_VARIABLE_AUTHENTICATION_2 format The function reads file content > but won't open/close given FileHandle. > + > + @param[in] FileHandle The FileHandle to be checked > + > + @retval TRUE The content is EFI_VARIABLE_AUTHENTICATION_= 2 > format. > + @retval FALSE The content is NOT a > EFI_VARIABLE_AUTHENTICATION_2 format. > + > +**/ > +BOOLEAN > +IsAuthentication2Format ( > + IN EFI_FILE_HANDLE FileHandle > +); > + > + > #endif > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figNvData.h > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figNvData.h > index df4d72e..c3dc92c 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figNvData.h > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigNvData.h > @@ -107,6 +107,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #define SECURE_BOOT_GUID_SIZE 36 > #define SECURE_BOOT_GUID_STORAGE_SIZE 37 >=20 > +#define UNKNOWN_FILE_TYPE 0 > +#define X509_CERT_FILE_TYPE 1 > +#define AUTHENCIATION_2_FILE_TYPE 2 > +#define PE_IMAGE_FILE_TYPE 3 >=20 > // > // Nv Data structure referenced by IFR > @@ -123,6 +127,7 @@ typedef struct { > UINT8 CertificateFormat; // The type of the certificate > EFI_HII_DATE RevocationDate; // The revocation date of the certificate > EFI_HII_TIME RevocationTime; // The revocation time of the certificate > + UINT8 FileEnrollType; // File type of sigunature enroll > } SECUREBOOT_CONFIGURATION; >=20 > #endif > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figStrings.uni > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figStrings.uni > index af6d83b..96a02b3 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figStrings.uni > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigStrings.uni > @@ -35,10 +35,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. >=20 > #string STR_DBX_CERTIFICATE_FORMAT_PROMPT #language en-US > "Signature Format" > #string STR_DBX_CERTIFICATE_FORMAT_HELP #language en-US "Select > the certificate format used to enroll certificate into database." > -#string STR_DBX_CERTIFICATE_FORMAT_SHA256 #language en-US > "SHA256" > -#string STR_DBX_CERTIFICATE_FORMAT_SHA384 #language en-US > "SHA384" > -#string STR_DBX_CERTIFICATE_FORMAT_SHA512 #language en-US > "SHA512" > -#string STR_DBX_CERTIFICATE_FORMAT_RAW #language en-US "RAW" > +#string STR_DBX_CERTIFICATE_FORMAT_SHA256 #language en-US "X509 > CERT SHA256" > +#string STR_DBX_CERTIFICATE_FORMAT_SHA384 #language en-US "X509 > CERT SHA384" > +#string STR_DBX_CERTIFICATE_FORMAT_SHA512 #language en-US "X509 > CERT SHA512" > +#string STR_DBX_CERTIFICATE_FORMAT_RAW #language en-US "X509 > CERT" > + > +#string STR_DBX_PE_FORMAT_SHA256 #language en-US "PE Image > SHA256" > + > +#string STR_DBX_AUTH_2_FORMAT #language en-US > "VARIABLE_AUTHENICATION_2" > + >=20 > #string STR_CERTIFICATE_REVOCATION_TIME_PROMPT #language en-US " > Revocation Time" > #string STR_CERTIFICATE_REVOCATION_TIME_HELP #language en-US > "Input the revocation time of the certificate" > -- > 1.9.5.msysgit.1