public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Long, Qin" <qin.long@intel.com>
To: "Zhang, Chao B" <chao.b.zhang@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>,
	"Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support
Date: Wed, 1 Nov 2017 08:47:02 +0000	[thread overview]
Message-ID: <BF2CCE9263284D428840004653A28B6E5401C06B@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <20171031063439.6232-1-chao.b.zhang@intel.com>

Reviewed-by: Long Qin <qin.long@intel.com>


-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhang, Chao B
Sent: Tuesday, October 31, 2017 2:35 PM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Zeng, Star <star.zeng@intel.com>; Long, Qin <qin.long@intel.com>
Subject: [edk2] [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support

Remove counter based auth variable support. also modify several function descriptors to accommodate the change

Cc: Long Qin <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
---
 SecurityPkg/Library/AuthVariableLib/AuthService.c  | 501 +--------------------  .../Library/AuthVariableLib/AuthServiceInternal.h  |  67 +--
 .../Library/AuthVariableLib/AuthVariableLib.c      |  89 +---
 .../MemoryOverwriteRequestControlLock/TcgMorLock.c |   2 +-
 .../MemoryOverwriteRequestControlLock/TcgMorLock.h |   4 +-
 .../TcgMorLockSmm.c                                |   2 +-
 6 files changed, 37 insertions(+), 628 deletions(-)

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7188ff6..aafc057 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -144,50 +144,6 @@ AuthServiceInternalUpdateVariable (
   @param[in] Data                   Data pointer.
   @param[in] DataSize               Size of Data.
   @param[in] Attributes             Attribute value of the variable.
-  @param[in] KeyIndex               Index of associated public key.
-  @param[in] MonotonicCount         Value of associated monotonic count.
-
-  @retval EFI_SUCCESS               The update operation is success.
-  @retval EFI_INVALID_PARAMETER     Invalid parameter.
-  @retval EFI_WRITE_PROTECTED       Variable is write-protected.
-  @retval EFI_OUT_OF_RESOURCES      There is not enough resource.
-
-**/
-EFI_STATUS
-AuthServiceInternalUpdateVariableWithMonotonicCount (
-  IN CHAR16             *VariableName,
-  IN EFI_GUID           *VendorGuid,
-  IN VOID               *Data,
-  IN UINTN              DataSize,
-  IN UINT32             Attributes,
-  IN UINT32             KeyIndex,
-  IN UINT64             MonotonicCount
-  )
-{
-  AUTH_VARIABLE_INFO    AuthVariableInfo;
-
-  ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
-  AuthVariableInfo.VariableName = VariableName;
-  AuthVariableInfo.VendorGuid = VendorGuid;
-  AuthVariableInfo.Data = Data;
-  AuthVariableInfo.DataSize = DataSize;
-  AuthVariableInfo.Attributes = Attributes;
-  AuthVariableInfo.PubKeyIndex = KeyIndex;
-  AuthVariableInfo.MonotonicCount = MonotonicCount;
-
-  return mAuthVarLibContextIn->UpdateVariable (
-           &AuthVariableInfo
-           );
-}
-
-/**
-  Update the variable region with Variable information.
-
-  @param[in] VariableName           Name of variable.
-  @param[in] VendorGuid             Guid of variable.
-  @param[in] Data                   Data pointer.
-  @param[in] DataSize               Size of Data.
-  @param[in] Attributes             Attribute value of the variable.
   @param[in] TimeStamp              Value of associated TimeStamp.
 
   @retval EFI_SUCCESS               The update operation is success.
@@ -300,306 +256,6 @@ InCustomMode (
 }
 
 /**
-  Get available public key index.
-
-  @param[in] PubKey     Pointer to Public Key data.
-
-  @return Public key index, 0 if no any public key index available.
-
-**/
-UINT32
-GetAvailableKeyIndex (
-  IN  UINT8             *PubKey
-  )
-{
-  EFI_STATUS            Status;
-  UINT8                 *Data;
-  UINTN                 DataSize;
-  UINT8                 *Ptr;
-  UINT32                Index;
-  BOOLEAN               IsFound;
-  EFI_GUID              VendorGuid;
-  CHAR16                Name[1];
-  AUTH_VARIABLE_INFO    AuthVariableInfo;
-  UINT32                KeyIndex;
-
-  Status = AuthServiceInternalFindVariable (
-             AUTHVAR_KEYDB_NAME,
-             &gEfiAuthenticatedVariableGuid,
-             (VOID **) &Data,
-             &DataSize
-             );
-  if (EFI_ERROR (Status)) {
-    DEBUG ((EFI_D_ERROR, "Get public key database variable failure, Status = %r\n", Status));
-    return 0;
-  }
-
-  if (mPubKeyNumber == mMaxKeyNumber) {
-    Name[0] = 0;
-    AuthVariableInfo.VariableName = Name;
-    ZeroMem (&VendorGuid, sizeof (VendorGuid));
-    AuthVariableInfo.VendorGuid = &VendorGuid;
-    mPubKeyNumber = 0;
-    //
-    // Collect valid key data.
-    //
-    do {
-      Status = mAuthVarLibContextIn->FindNextVariable (AuthVariableInfo.VariableName, AuthVariableInfo.VendorGuid, &AuthVariableInfo);
-      if (!EFI_ERROR (Status)) {
-        if (AuthVariableInfo.PubKeyIndex != 0) {
-          for (Ptr = Data; Ptr < (Data + DataSize); Ptr += sizeof (AUTHVAR_KEY_DB_DATA)) {
-            if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex)) == AuthVariableInfo.PubKeyIndex) {
-              //
-              // Check if the key data has been collected.
-              //
-              for (Index = 0; Index < mPubKeyNumber; Index++) {
-                if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex)) == AuthVariableInfo.PubKeyIndex) {
-                  break;
-                }
-              }
-              if (Index == mPubKeyNumber) {
-                //
-                // New key data.
-                //
-                CopyMem ((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber, Ptr, sizeof (AUTHVAR_KEY_DB_DATA));
-                mPubKeyNumber++;
-              }
-              break;
-            }
-          }
-        }
-      }
-    } while (Status != EFI_NOT_FOUND);
-
-    //
-    // No available space to add new public key.
-    //
-    if (mPubKeyNumber == mMaxKeyNumber) {
-      return 0;
-    }
-  }
-
-  //
-  // Find available public key index.
-  //
-  for (KeyIndex = 1; KeyIndex <= mMaxKeyNumber; KeyIndex++) {
-    IsFound = FALSE;
-    for (Ptr = mPubKeyStore; Ptr < (mPubKeyStore + mPubKeyNumber * sizeof (AUTHVAR_KEY_DB_DATA)); Ptr += sizeof (AUTHVAR_KEY_DB_DATA)) {
-      if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex)) == KeyIndex) {
-        IsFound = TRUE;
-        break;
-      }
-    }
-    if (!IsFound) {
-      break;
-    }
-  }
-
-  return KeyIndex;
-}
-
-/**
-  Add public key in store and return its index.
-
-  @param[in] PubKey             Input pointer to Public Key data.
-  @param[in] VariableDataEntry  The variable data entry.
-
-  @return Index of new added public key.
-
-**/
-UINT32
-AddPubKeyInStore (
-  IN  UINT8                        *PubKey,
-  IN  VARIABLE_ENTRY_CONSISTENCY   *VariableDataEntry
-  )
-{
-  EFI_STATUS                       Status;
-  UINT32                           Index;
-  VARIABLE_ENTRY_CONSISTENCY       PublicKeyEntry;
-  UINT32                           Attributes;
-  UINT32                           KeyIndex;
-
-  if (PubKey == NULL) {
-    return 0;
-  }
-
-  //
-  // Check whether the public key entry does exist.
-  //
-  for (Index = 0; Index < mPubKeyNumber; Index++) {
-    if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
-      return ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex));
-    }
-  }
-
-  KeyIndex = GetAvailableKeyIndex (PubKey);
-  if (KeyIndex == 0) {
-    return 0;
-  }
-
-  //
-  // Check the variable space for both public key and variable data.
-  //
-  PublicKeyEntry.VariableSize = (mPubKeyNumber + 1) * sizeof (AUTHVAR_KEY_DB_DATA);
-  PublicKeyEntry.Guid         = &gEfiAuthenticatedVariableGuid;
-  PublicKeyEntry.Name         = AUTHVAR_KEYDB_NAME;
-  Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
-
-  if (!mAuthVarLibContextIn->CheckRemainingSpaceForConsistency (Attributes, &PublicKeyEntry, VariableDataEntry, NULL)) {
-    //
-    // No enough variable space.
-    //
-    return 0;
-  }
-
-  WriteUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber)->KeyIndex), KeyIndex);
-  CopyMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
-  mPubKeyNumber++;
-
-  //
-  // Update public key database variable.
-  //
-  Status = AuthServiceInternalUpdateVariable (
-             AUTHVAR_KEYDB_NAME,
-             &gEfiAuthenticatedVariableGuid,
-             mPubKeyStore,
-             mPubKeyNumber * sizeof (AUTHVAR_KEY_DB_DATA),
-             Attributes
-             );
-  if (EFI_ERROR (Status)) {
-    DEBUG ((EFI_D_ERROR, "Update public key database variable failure, Status = %r\n", Status));
-    return 0;
-  }
-
-  return KeyIndex;
-}
-
-/**
-  Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID type.
-  Follow the steps in UEFI2.2.
-
-  Caution: This function may receive untrusted input.
-  This function may be invoked in SMM mode, and datasize and data are external input.
-  This function will do basic validation, before parse the data.
-  This function will parse the authentication carefully to avoid security issues, like
-  buffer overflow, integer overflow.
-
-  @param[in]      Data                    Pointer to data with AuthInfo.
-  @param[in]      DataSize                Size of Data.
-  @param[in]      PubKey                  Public key used for verification.
-
-  @retval EFI_INVALID_PARAMETER       Invalid parameter.
-  @retval EFI_SECURITY_VIOLATION      If authentication failed.
-  @retval EFI_SUCCESS                 Authentication successful.
-
-**/
-EFI_STATUS
-VerifyCounterBasedPayload (
-  IN     UINT8          *Data,
-  IN     UINTN          DataSize,
-  IN     UINT8          *PubKey
-  )
-{
-  BOOLEAN                         Status;
-  EFI_VARIABLE_AUTHENTICATION     *CertData;
-  EFI_CERT_BLOCK_RSA_2048_SHA256  *CertBlock;
-  UINT8                           Digest[SHA256_DIGEST_SIZE];
-  VOID                            *Rsa;
-  UINTN                           PayloadSize;
-
-  PayloadSize = DataSize - AUTHINFO_SIZE;
-  Rsa         = NULL;
-  CertData    = NULL;
-  CertBlock   = NULL;
-
-  if (Data == NULL || PubKey == NULL) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  CertData  = (EFI_VARIABLE_AUTHENTICATION *) Data;
-  CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
-
-  //
-  // wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
-  // Cert type should be EFI_CERT_TYPE_RSA2048_SHA256_GUID.
-  //
-  if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
-      !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertTypeRsa2048Sha256Guid)) {
-    //
-    // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
-    //
-    return EFI_SECURITY_VIOLATION;
-  }
-  //
-  // Hash data payload with SHA256.
-  //
-  ZeroMem (Digest, SHA256_DIGEST_SIZE);
-  Status  = Sha256Init (mHashCtx);
-  if (!Status) {
-    goto Done;
-  }
-  Status  = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, PayloadSize);
-  if (!Status) {
-    goto Done;
-  }
-  //
-  // Hash Size.
-  //
-  Status  = Sha256Update (mHashCtx, &PayloadSize, sizeof (UINTN));
-  if (!Status) {
-    goto Done;
-  }
-  //
-  // Hash Monotonic Count.
-  //
-  Status  = Sha256Update (mHashCtx, &CertData->MonotonicCount, sizeof (UINT64));
-  if (!Status) {
-    goto Done;
-  }
-  Status  = Sha256Final (mHashCtx, Digest);
-  if (!Status) {
-    goto Done;
-  }
-  //
-  // Generate & Initialize RSA Context.
-  //
-  Rsa = RsaNew ();
-  ASSERT (Rsa != NULL);
-  //
-  // Set RSA Key Components.
-  // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
-  //
-  Status = RsaSetKey (Rsa, RsaKeyN, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
-  if (!Status) {
-    goto Done;
-  }
-  Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
-  if (!Status) {
-    goto Done;
-  }
-  //
-  // Verify the signature.
-  //
-  Status = RsaPkcs1Verify (
-             Rsa,
-             Digest,
-             SHA256_DIGEST_SIZE,
-             CertBlock->Signature,
-             EFI_CERT_TYPE_RSA2048_SHA256_SIZE
-             );
-
-Done:
-  if (Rsa != NULL) {
-    RsaFree (Rsa);
-  }
-  if (Status) {
-    return EFI_SUCCESS;
-  } else {
-    return EFI_SECURITY_VIOLATION;
-  }
-}
-
-/**
   Update platform mode.
 
   @param[in]      Mode                    SETUP_MODE or USER_MODE.
@@ -1146,7 +802,7 @@ IsDeleteAuthVariable (  }
 
 /**
-  Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+  Process variable with 
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
 
   Caution: This function may receive untrusted input.
   This function may be invoked in SMM mode, and datasize and data are external input.
@@ -1163,9 +819,9 @@ IsDeleteAuthVariable (
 
   @return EFI_INVALID_PARAMETER           Invalid parameter.
   @return EFI_WRITE_PROTECTED             Variable is write-protected and needs authentication with
-                                          EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+                                          EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
   @return EFI_OUT_OF_RESOURCES            The Database to save the public key is full.
-  @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
                                           set, but the AuthInfo does NOT pass the validation
                                           check carried out by the firmware.
   @return EFI_SUCCESS                     Variable is not write-protected or pass validation successfully.
@@ -1181,22 +837,8 @@ ProcessVariable (
   )
 {
   EFI_STATUS                      Status;
-  BOOLEAN                         IsDeletion;
-  BOOLEAN                         IsFirstTime;
-  UINT8                           *PubKey;
-  EFI_VARIABLE_AUTHENTICATION     *CertData;
-  EFI_CERT_BLOCK_RSA_2048_SHA256  *CertBlock;
-  UINT32                          KeyIndex;
-  UINT64                          MonotonicCount;
-  VARIABLE_ENTRY_CONSISTENCY      VariableDataEntry;
-  UINT32                          Index;
   AUTH_VARIABLE_INFO              OrgVariableInfo;
 
-  KeyIndex    = 0;
-  CertData    = NULL;
-  CertBlock   = NULL;
-  PubKey      = NULL;
-  IsDeletion  = FALSE;
   Status      = EFI_SUCCESS;
 
   ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo)); @@ -1208,7 +850,7 @@ ProcessVariable (
 
   if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {
     //
-    // Allow the delete operation of common authenticated variable at user physical presence.
+    // Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.
     //
     Status = AuthServiceInternalUpdateVariable (
               VariableName,
@@ -1232,25 +874,15 @@ ProcessVariable (
   }
 
   //
-  // A time-based authenticated variable and a count-based authenticated variable
-  // can't be updated by each other.
-  //
-  if (OrgVariableInfo.Data != NULL) {
-    if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) &&
-        ((OrgVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {
-      return EFI_SECURITY_VIOLATION;
-    }
-
-    if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) &&
-        ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) {
-      return EFI_SECURITY_VIOLATION;
-    }
-  }
-
-  //
-  // Process Time-based Authenticated variable.
-  //
-  if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+  if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+    //
+    // Reject Counter Based Auth Variable processing request.
+    //
+    return EFI_UNSUPPORTED;
+  } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+    //
+    // Process Time-based Authenticated variable.
+    //
     return VerifyTimeBasedPayloadAndUpdate (
              VariableName,
              VendorGuid,
@@ -1262,117 +894,20 @@ ProcessVariable (
              );
   }
 
-  //
-  // Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS.
-  //
-  if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
-    //
-    // Determine current operation type.
-    //
-    if (DataSize == AUTHINFO_SIZE) {
-      IsDeletion = TRUE;
-    }
-    //
-    // Determine whether this is the first time with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
-    //
-    if (OrgVariableInfo.Data == NULL) {
-      IsFirstTime = TRUE;
-    } else if ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
-      IsFirstTime = TRUE;
-    } else {
-      KeyIndex   = OrgVariableInfo.PubKeyIndex;
-      IsFirstTime = FALSE;
-    }
-  } else if ((OrgVariableInfo.Data != NULL) &&
-             ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)
-            ) {
+  if ((OrgVariableInfo.Data != NULL) &&
+     ((OrgVariableInfo.Attributes & 
+ (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | 
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
     //
     // If the variable is already write-protected, it always needs authentication before update.
     //
     return EFI_WRITE_PROTECTED;
-  } else {
-    //
-    // If without EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, set and attributes collision.
-    // That means it is not authenticated variable, just update variable as usual.
-    //
-    Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
-    return Status;
   }
 
   //
-  // Get PubKey and check Monotonic Count value corresponding to the variable.
-  //
-  CertData  = (EFI_VARIABLE_AUTHENTICATION *) Data;
-  CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
-  PubKey    = CertBlock->PublicKey;
-
-  //
-  // Update Monotonic Count value.
+  // Not authenticated variable, just update variable as usual.
   //
-  MonotonicCount = CertData->MonotonicCount;
-
-  if (!IsFirstTime) {
-    //
-    // 2 cases need to check here
-    //   1. Internal PubKey variable. PubKeyIndex is always 0
-    //   2. Other counter-based AuthVariable. Check input PubKey.
-    //
-    if (KeyIndex == 0) {
-      return EFI_SECURITY_VIOLATION;
-    }
-    for (Index = 0; Index < mPubKeyNumber; Index++) {
-      if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex)) == KeyIndex) {
-        if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
-          break;
-        } else {
-          return EFI_SECURITY_VIOLATION;
-        }
-      }
-    }
-    if (Index == mPubKeyNumber) {
-      return EFI_SECURITY_VIOLATION;
-    }
-
-    //
-    // Compare the current monotonic count and ensure that it is greater than the last SetVariable
-    // operation with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.
-    //
-    if (MonotonicCount <= OrgVariableInfo.MonotonicCount) {
-      //
-      // Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
-      //
-      return EFI_SECURITY_VIOLATION;
-    }
-  }
-  //
-  // Verify the certificate in Data payload.
-  //
-  Status = VerifyCounterBasedPayload (Data, DataSize, PubKey);
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  //
-  // Now, the signature has been verified!
-  //
-  if (IsFirstTime && !IsDeletion) {
-    VariableDataEntry.VariableSize = DataSize - AUTHINFO_SIZE;
-    VariableDataEntry.Guid         = VendorGuid;
-    VariableDataEntry.Name         = VariableName;
-
-    //
-    // Update public key database variable if need.
-    //
-    KeyIndex = AddPubKeyInStore (PubKey, &VariableDataEntry);
-    if (KeyIndex == 0) {
-      return EFI_OUT_OF_RESOURCES;
-    }
-  }
+  Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, 
+ Data, DataSize, Attributes);  return Status;
 
-  //
-  // Verification pass.
-  //
-  return AuthServiceInternalUpdateVariableWithMonotonicCount (VariableName, VendorGuid, (UINT8*)Data + AUTHINFO_SIZE, DataSize - AUTHINFO_SIZE, Attributes, KeyIndex, MonotonicCount);  }
 
 /**
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
index e9b7cf3..2886260 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
+++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
@@ -59,35 +59,6 @@ typedef enum {
 } AUTHVAR_TYPE;
 
 ///
-/// "AuthVarKeyDatabase" variable for the Public Key store -/// of variables with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
-///
-/// GUID: gEfiAuthenticatedVariableGuid -/// -/// We need maintain atomicity.
-///
-/// Format:
-/// +----------------------------+
-/// | AUTHVAR_KEY_DB_DATA        | <-- First AuthVarKey
-/// +----------------------------+
-/// | ......                     |
-/// +----------------------------+
-/// | AUTHVAR_KEY_DB_DATA        | <-- Last AuthKey
-/// +----------------------------+
-///
-#define AUTHVAR_KEYDB_NAME      L"AuthVarKeyDatabase"
-
-#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
-#define EFI_CERT_TYPE_RSA2048_SIZE        256
-
-#pragma pack(1)
-typedef struct {
-  UINT32    KeyIndex;
-  UINT8     KeyData[EFI_CERT_TYPE_RSA2048_SIZE];
-} AUTHVAR_KEY_DB_DATA;
-#pragma pack()
-
-///
 ///  "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX  /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS|EFI_VARIABLE_NON_VOLATILE set.
 ///  "certdbv" variable stores the signer's certificates for non PK/KEK/DB/DBX @@ -122,10 +93,6 @@ typedef struct {  } AUTH_CERT_DB_DATA;  #pragma pack()
 
-extern UINT8    *mPubKeyStore;
-extern UINT32   mPubKeyNumber;
-extern UINT32   mMaxKeyNumber;
-extern UINT32   mMaxKeyDbSize;
 extern UINT8    *mCertDbStore;
 extern UINT32   mMaxCertDbSize;
 extern UINT32   mPlatformMode;
@@ -295,7 +262,7 @@ ProcessVarWithKek (
   );
 
 /**
-  Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+  Process variable with 
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
 
   Caution: This function may receive untrusted input.
   This function may be invoked in SMM mode, and datasize and data are external input.
@@ -312,9 +279,9 @@ ProcessVarWithKek (
 
   @return EFI_INVALID_PARAMETER           Invalid parameter.
   @return EFI_WRITE_PROTECTED             Variable is write-protected and needs authentication with
-                                          EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+                                          EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
   @return EFI_OUT_OF_RESOURCES            The Database to save the public key is full.
-  @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  @return EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
                                           set, but the AuthInfo does NOT pass the validation
                                           check carried out by the firmware.
   @return EFI_SUCCESS                     Variable is not write-protected or pass validation successfully.
@@ -387,34 +354,6 @@ AuthServiceInternalUpdateVariable (
   @param[in] Data                   Data pointer.
   @param[in] DataSize               Size of Data.
   @param[in] Attributes             Attribute value of the variable.
-  @param[in] KeyIndex               Index of associated public key.
-  @param[in] MonotonicCount         Value of associated monotonic count.
-
-  @retval EFI_SUCCESS               The update operation is success.
-  @retval EFI_INVALID_PARAMETER     Invalid parameter.
-  @retval EFI_WRITE_PROTECTED       Variable is write-protected.
-  @retval EFI_OUT_OF_RESOURCES      There is not enough resource.
-
-**/
-EFI_STATUS
-AuthServiceInternalUpdateVariableWithMonotonicCount (
-  IN CHAR16         *VariableName,
-  IN EFI_GUID       *VendorGuid,
-  IN VOID           *Data,
-  IN UINTN          DataSize,
-  IN UINT32         Attributes,
-  IN UINT32         KeyIndex,
-  IN UINT64         MonotonicCount
-  );
-
-/**
-  Update the variable region with Variable information.
-
-  @param[in] VariableName           Name of variable.
-  @param[in] VendorGuid             Guid of variable.
-  @param[in] Data                   Data pointer.
-  @param[in] DataSize               Size of Data.
-  @param[in] Attributes             Attribute value of the variable.
   @param[in] TimeStamp              Value of associated TimeStamp.
 
   @retval EFI_SUCCESS               The update operation is success.
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
index 792a123..00917eb 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -27,10 +27,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 ///
 /// Global database array for scratch
 ///
-UINT8    *mPubKeyStore;
-UINT32   mPubKeyNumber;
-UINT32   mMaxKeyNumber;
-UINT32   mMaxKeyDbSize;
 UINT8    *mCertDbStore;
 UINT32   mMaxCertDbSize;
 UINT32   mPlatformMode;
@@ -78,17 +74,6 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
     }
   },
   {
-    &gEfiAuthenticatedVariableGuid,
-    AUTHVAR_KEYDB_NAME,
-    {
-      VAR_CHECK_VARIABLE_PROPERTY_REVISION,
-      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
-      VARIABLE_ATTRIBUTE_NV_BS_RT_AW,
-      sizeof (UINT8),
-      MAX_UINTN
-    }
-  },
-  {
     &gEfiCertDbGuid,
     EFI_CERT_DB_NAME,
     {
@@ -112,7 +97,7 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
   },
 };
 
-VOID **mAuthVarAddressPointer[10];
+VOID **mAuthVarAddressPointer[9];
 
 AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
 
@@ -138,7 +123,6 @@ AuthVariableLibInitialize (
   )
 {
   EFI_STATUS            Status;
-  UINT8                 VarValue;
   UINT32                VarAttr;
   UINT8                 *Data;
   UINTN                 DataSize;
@@ -164,16 +148,6 @@ AuthVariableLibInitialize (
   }
 
   //
-  // Reserve runtime buffer for public key database. The size excludes variable header and name size.
-  //
-  mMaxKeyDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (AUTHVAR_KEYDB_NAME));
-  mMaxKeyNumber = mMaxKeyDbSize / sizeof (AUTHVAR_KEY_DB_DATA);
-  mPubKeyStore  = AllocateRuntimePool (mMaxKeyDbSize);
-  if (mPubKeyStore == NULL) {
-    return EFI_OUT_OF_RESOURCES;
-  }
-
-  //
   // Reserve runtime buffer for certificate database. The size excludes variable header and name size.
   // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
   //
@@ -183,43 +157,6 @@ AuthVariableLibInitialize (
     return EFI_OUT_OF_RESOURCES;
   }
 
-  //
-  // Check "AuthVarKeyDatabase" variable's existence.
-  // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
-  //
-  Status = AuthServiceInternalFindVariable (
-             AUTHVAR_KEYDB_NAME,
-             &gEfiAuthenticatedVariableGuid,
-             (VOID **) &Data,
-             &DataSize
-             );
-  if (EFI_ERROR (Status)) {
-    VarAttr       = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
-    VarValue      = 0;
-    mPubKeyNumber = 0;
-    Status        = AuthServiceInternalUpdateVariable (
-                      AUTHVAR_KEYDB_NAME,
-                      &gEfiAuthenticatedVariableGuid,
-                      &VarValue,
-                      sizeof(UINT8),
-                      VarAttr
-                      );
-    if (EFI_ERROR (Status)) {
-      return Status;
-    }
-  } else {
-    //
-    // Load database in global variable for cache.
-    //
-    ASSERT ((DataSize != 0) && (Data != NULL));
-    //
-    // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
-    //  Therefore, there is no memory overflow in underlying CopyMem.
-    //
-    CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
-    mPubKeyNumber = (UINT32) (DataSize / sizeof (AUTHVAR_KEY_DB_DATA));
-  }
-
   Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
   if (EFI_ERROR (Status)) {
     DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME)); @@ -422,16 +359,15 @@ AuthVariableLibInitialize (
   AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
   AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
   AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
-  mAuthVarAddressPointer[0] = (VOID **) &mPubKeyStore;
-  mAuthVarAddressPointer[1] = (VOID **) &mCertDbStore;
-  mAuthVarAddressPointer[2] = (VOID **) &mHashCtx;
-  mAuthVarAddressPointer[3] = (VOID **) &mAuthVarLibContextIn;
-  mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
-  mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
-  mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
-  mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
-  mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
-  mAuthVarAddressPointer[9] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
+  mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;  
+ mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;  
+ mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;  
+ mAuthVarAddressPointer[3] = (VOID **) 
+ &(mAuthVarLibContextIn->FindVariable),
+  mAuthVarAddressPointer[4] = (VOID **) 
+ &(mAuthVarLibContextIn->FindNextVariable),
+  mAuthVarAddressPointer[5] = (VOID **) 
+ &(mAuthVarLibContextIn->UpdateVariable),
+  mAuthVarAddressPointer[6] = (VOID **) 
+ &(mAuthVarLibContextIn->GetScratchBuffer),
+  mAuthVarAddressPointer[7] = (VOID **) 
+ &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
+  mAuthVarAddressPointer[8] = (VOID **) 
+ &(mAuthVarLibContextIn->AtRuntime),
   AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
   AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);
 
@@ -439,7 +375,7 @@ AuthVariableLibInitialize (  }
 
 /**
-  Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+  Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
 
   @param[in] VariableName           Name of the variable.
   @param[in] VendorGuid             Variable vendor GUID.
@@ -452,8 +388,7 @@ AuthVariableLibInitialize (
   @retval EFI_INVALID_PARAMETER     Invalid parameter.
   @retval EFI_WRITE_PROTECTED       Variable is write-protected.
   @retval EFI_OUT_OF_RESOURCES      There is not enough resource.
-  @retval EFI_SECURITY_VIOLATION    The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
-                                    or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
+  @retval EFI_SECURITY_VIOLATION    The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
                                     set, but the AuthInfo does NOT pass the validation
                                     check carried out by the firmware.
   @retval EFI_UNSUPPORTED           Unsupported to process authenticated variable.
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
index c6f3edc..7763b13 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
@@ -101,7 +101,7 @@ IsMorLockVariable (
   @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
   @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
   @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  @retval  EFI_SECURITY_VIOLATION The variable could not be written due 
+ to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
                                   set but the AuthInfo does NOT pass the validation check carried
                                   out by the firmware.
   @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
index 50a656a..af30357 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
@@ -67,7 +67,7 @@ InternalGetVariable (
   @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
   @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
   @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  @retval  EFI_SECURITY_VIOLATION The variable could not be written due 
+ to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
                                   set but the AuthInfo does NOT pass the validation check carried
                                   out by the firmware.
   @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
@@ -103,7 +103,7 @@ InternalSetVariable (
   @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
   @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
   @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  @retval  EFI_SECURITY_VIOLATION The variable could not be written due 
+ to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
                                   set but the AuthInfo does NOT pass the validation check carried
                                   out by the firmware.
   @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
index 019cb8b..e5db98c 100644
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
+++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
@@ -82,7 +82,7 @@ InternalGetVariable (
   @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
   @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
   @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+  @retval  EFI_SECURITY_VIOLATION The variable could not be written due 
+ to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
                                   set but the AuthInfo does NOT pass the validation check carried
                                   out by the firmware.
   @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
--
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel


      parent reply	other threads:[~2017-11-01  8:43 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-31  6:34 [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support Zhang, Chao B
2017-10-31  6:34 ` [PATCH 2/3] MdePkg: Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS Zhang, Chao B
2017-11-01  8:47   ` Long, Qin
2017-10-31  6:34 ` [PATCH 3/3] MdeModulePkg: " Zhang, Chao B
2017-11-01  8:47   ` Long, Qin
2017-11-01  8:47 ` Long, Qin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BF2CCE9263284D428840004653A28B6E5401C06B@SHSMSX103.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox