From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.24; helo=mga09.intel.com; envelope-from=qin.long@intel.com; receiver=edk2-devel@lists.01.org Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 34C5021C913C5 for ; Wed, 1 Nov 2017 01:43:36 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Nov 2017 01:47:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.44,327,1505804400"; d="scan'208";a="1032002074" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga003.jf.intel.com with ESMTP; 01 Nov 2017 01:47:28 -0700 Received: from fmsmsx101.amr.corp.intel.com (10.18.124.199) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 1 Nov 2017 01:47:27 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by fmsmsx101.amr.corp.intel.com (10.18.124.199) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 1 Nov 2017 01:47:27 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by shsmsx102.ccr.corp.intel.com ([169.254.2.175]) with mapi id 14.03.0319.002; Wed, 1 Nov 2017 16:47:03 +0800 From: "Long, Qin" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" , "Zeng, Star" Thread-Topic: [edk2] [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support Thread-Index: AQHTUhJkniP7YnRW30yYKMsys2LXbaL/N75w Date: Wed, 1 Nov 2017 08:47:02 +0000 Message-ID: References: <20171031063439.6232-1-chao.b.zhang@intel.com> In-Reply-To: <20171031063439.6232-1-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Nov 2017 08:43:36 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Long Qin -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zhan= g, Chao B Sent: Tuesday, October 31, 2017 2:35 PM To: edk2-devel@lists.01.org Cc: Zhang, Chao B ; Zeng, Star ; Long, Qin Subject: [edk2] [PATCH 1/3] SecurityPkg: Remove Counter Based AuthVariable = support Remove counter based auth variable support. also modify several function de= scriptors to accommodate the change Cc: Long Qin Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 501 +----------------= ---- .../Library/AuthVariableLib/AuthServiceInternal.h | 67 +-- .../Library/AuthVariableLib/AuthVariableLib.c | 89 +--- .../MemoryOverwriteRequestControlLock/TcgMorLock.c | 2 +- .../MemoryOverwriteRequestControlLock/TcgMorLock.h | 4 +- .../TcgMorLockSmm.c | 2 +- 6 files changed, 37 insertions(+), 628 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPk= g/Library/AuthVariableLib/AuthService.c index 7188ff6..aafc057 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -144,50 +144,6 @@ AuthServiceInternalUpdateVariable ( @param[in] Data Data pointer. @param[in] DataSize Size of Data. @param[in] Attributes Attribute value of the variable. - @param[in] KeyIndex Index of associated public key. - @param[in] MonotonicCount Value of associated monotonic count. - - @retval EFI_SUCCESS The update operation is success. - @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_WRITE_PROTECTED Variable is write-protected. - @retval EFI_OUT_OF_RESOURCES There is not enough resource. - -**/ -EFI_STATUS -AuthServiceInternalUpdateVariableWithMonotonicCount ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN UINT32 KeyIndex, - IN UINT64 MonotonicCount - ) -{ - AUTH_VARIABLE_INFO AuthVariableInfo; - - ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); - AuthVariableInfo.VariableName =3D VariableName; - AuthVariableInfo.VendorGuid =3D VendorGuid; - AuthVariableInfo.Data =3D Data; - AuthVariableInfo.DataSize =3D DataSize; - AuthVariableInfo.Attributes =3D Attributes; - AuthVariableInfo.PubKeyIndex =3D KeyIndex; - AuthVariableInfo.MonotonicCount =3D MonotonicCount; - - return mAuthVarLibContextIn->UpdateVariable ( - &AuthVariableInfo - ); -} - -/** - Update the variable region with Variable information. - - @param[in] VariableName Name of variable. - @param[in] VendorGuid Guid of variable. - @param[in] Data Data pointer. - @param[in] DataSize Size of Data. - @param[in] Attributes Attribute value of the variable. @param[in] TimeStamp Value of associated TimeStamp. =20 @retval EFI_SUCCESS The update operation is success. @@ -300,306 +256,6 @@ InCustomMode ( } =20 /** - Get available public key index. - - @param[in] PubKey Pointer to Public Key data. - - @return Public key index, 0 if no any public key index available. - -**/ -UINT32 -GetAvailableKeyIndex ( - IN UINT8 *PubKey - ) -{ - EFI_STATUS Status; - UINT8 *Data; - UINTN DataSize; - UINT8 *Ptr; - UINT32 Index; - BOOLEAN IsFound; - EFI_GUID VendorGuid; - CHAR16 Name[1]; - AUTH_VARIABLE_INFO AuthVariableInfo; - UINT32 KeyIndex; - - Status =3D AuthServiceInternalFindVariable ( - AUTHVAR_KEYDB_NAME, - &gEfiAuthenticatedVariableGuid, - (VOID **) &Data, - &DataSize - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Get public key database variable failure, Status= =3D %r\n", Status)); - return 0; - } - - if (mPubKeyNumber =3D=3D mMaxKeyNumber) { - Name[0] =3D 0; - AuthVariableInfo.VariableName =3D Name; - ZeroMem (&VendorGuid, sizeof (VendorGuid)); - AuthVariableInfo.VendorGuid =3D &VendorGuid; - mPubKeyNumber =3D 0; - // - // Collect valid key data. - // - do { - Status =3D mAuthVarLibContextIn->FindNextVariable (AuthVariableInfo.= VariableName, AuthVariableInfo.VendorGuid, &AuthVariableInfo); - if (!EFI_ERROR (Status)) { - if (AuthVariableInfo.PubKeyIndex !=3D 0) { - for (Ptr =3D Data; Ptr < (Data + DataSize); Ptr +=3D sizeof (AUT= HVAR_KEY_DB_DATA)) { - if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex= )) =3D=3D AuthVariableInfo.PubKeyIndex) { - // - // Check if the key data has been collected. - // - for (Index =3D 0; Index < mPubKeyNumber; Index++) { - if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeySto= re + Index)->KeyIndex)) =3D=3D AuthVariableInfo.PubKeyIndex) { - break; - } - } - if (Index =3D=3D mPubKeyNumber) { - // - // New key data. - // - CopyMem ((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNum= ber, Ptr, sizeof (AUTHVAR_KEY_DB_DATA)); - mPubKeyNumber++; - } - break; - } - } - } - } - } while (Status !=3D EFI_NOT_FOUND); - - // - // No available space to add new public key. - // - if (mPubKeyNumber =3D=3D mMaxKeyNumber) { - return 0; - } - } - - // - // Find available public key index. - // - for (KeyIndex =3D 1; KeyIndex <=3D mMaxKeyNumber; KeyIndex++) { - IsFound =3D FALSE; - for (Ptr =3D mPubKeyStore; Ptr < (mPubKeyStore + mPubKeyNumber * sizeo= f (AUTHVAR_KEY_DB_DATA)); Ptr +=3D sizeof (AUTHVAR_KEY_DB_DATA)) { - if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex)) =3D= =3D KeyIndex) { - IsFound =3D TRUE; - break; - } - } - if (!IsFound) { - break; - } - } - - return KeyIndex; -} - -/** - Add public key in store and return its index. - - @param[in] PubKey Input pointer to Public Key data. - @param[in] VariableDataEntry The variable data entry. - - @return Index of new added public key. - -**/ -UINT32 -AddPubKeyInStore ( - IN UINT8 *PubKey, - IN VARIABLE_ENTRY_CONSISTENCY *VariableDataEntry - ) -{ - EFI_STATUS Status; - UINT32 Index; - VARIABLE_ENTRY_CONSISTENCY PublicKeyEntry; - UINT32 Attributes; - UINT32 KeyIndex; - - if (PubKey =3D=3D NULL) { - return 0; - } - - // - // Check whether the public key entry does exist. - // - for (Index =3D 0; Index < mPubKeyNumber; Index++) { - if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyDat= a, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) =3D=3D 0) { - return ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + In= dex)->KeyIndex)); - } - } - - KeyIndex =3D GetAvailableKeyIndex (PubKey); - if (KeyIndex =3D=3D 0) { - return 0; - } - - // - // Check the variable space for both public key and variable data. - // - PublicKeyEntry.VariableSize =3D (mPubKeyNumber + 1) * sizeof (AUTHVAR_KE= Y_DB_DATA); - PublicKeyEntry.Guid =3D &gEfiAuthenticatedVariableGuid; - PublicKeyEntry.Name =3D AUTHVAR_KEYDB_NAME; - Attributes =3D VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_= WRITE_ACCESS; - - if (!mAuthVarLibContextIn->CheckRemainingSpaceForConsistency (Attributes= , &PublicKeyEntry, VariableDataEntry, NULL)) { - // - // No enough variable space. - // - return 0; - } - - WriteUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumbe= r)->KeyIndex), KeyIndex); - CopyMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber)->KeyData= , PubKey, EFI_CERT_TYPE_RSA2048_SIZE); - mPubKeyNumber++; - - // - // Update public key database variable. - // - Status =3D AuthServiceInternalUpdateVariable ( - AUTHVAR_KEYDB_NAME, - &gEfiAuthenticatedVariableGuid, - mPubKeyStore, - mPubKeyNumber * sizeof (AUTHVAR_KEY_DB_DATA), - Attributes - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Update public key database variable failure, Sta= tus =3D %r\n", Status)); - return 0; - } - - return KeyIndex; -} - -/** - Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID t= ype. - Follow the steps in UEFI2.2. - - Caution: This function may receive untrusted input. - This function may be invoked in SMM mode, and datasize and data are exte= rnal input. - This function will do basic validation, before parse the data. - This function will parse the authentication carefully to avoid security = issues, like - buffer overflow, integer overflow. - - @param[in] Data Pointer to data with AuthInfo. - @param[in] DataSize Size of Data. - @param[in] PubKey Public key used for verification= . - - @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_SECURITY_VIOLATION If authentication failed. - @retval EFI_SUCCESS Authentication successful. - -**/ -EFI_STATUS -VerifyCounterBasedPayload ( - IN UINT8 *Data, - IN UINTN DataSize, - IN UINT8 *PubKey - ) -{ - BOOLEAN Status; - EFI_VARIABLE_AUTHENTICATION *CertData; - EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock; - UINT8 Digest[SHA256_DIGEST_SIZE]; - VOID *Rsa; - UINTN PayloadSize; - - PayloadSize =3D DataSize - AUTHINFO_SIZE; - Rsa =3D NULL; - CertData =3D NULL; - CertBlock =3D NULL; - - if (Data =3D=3D NULL || PubKey =3D=3D NULL) { - return EFI_INVALID_PARAMETER; - } - - CertData =3D (EFI_VARIABLE_AUTHENTICATION *) Data; - CertBlock =3D (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.Cer= tData); - - // - // wCertificateType should be WIN_CERT_TYPE_EFI_GUID. - // Cert type should be EFI_CERT_TYPE_RSA2048_SHA256_GUID. - // - if ((CertData->AuthInfo.Hdr.wCertificateType !=3D WIN_CERT_TYPE_EFI_GUID= ) || - !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertTypeRsa2048Sha2= 56Guid)) { - // - // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION. - // - return EFI_SECURITY_VIOLATION; - } - // - // Hash data payload with SHA256. - // - ZeroMem (Digest, SHA256_DIGEST_SIZE); - Status =3D Sha256Init (mHashCtx); - if (!Status) { - goto Done; - } - Status =3D Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, PayloadSize); - if (!Status) { - goto Done; - } - // - // Hash Size. - // - Status =3D Sha256Update (mHashCtx, &PayloadSize, sizeof (UINTN)); - if (!Status) { - goto Done; - } - // - // Hash Monotonic Count. - // - Status =3D Sha256Update (mHashCtx, &CertData->MonotonicCount, sizeof (U= INT64)); - if (!Status) { - goto Done; - } - Status =3D Sha256Final (mHashCtx, Digest); - if (!Status) { - goto Done; - } - // - // Generate & Initialize RSA Context. - // - Rsa =3D RsaNew (); - ASSERT (Rsa !=3D NULL); - // - // Set RSA Key Components. - // NOTE: Only N and E are needed to be set as RSA public key for signatu= re verification. - // - Status =3D RsaSetKey (Rsa, RsaKeyN, PubKey, EFI_CERT_TYPE_RSA2048_SIZE); - if (!Status) { - goto Done; - } - Status =3D RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); - if (!Status) { - goto Done; - } - // - // Verify the signature. - // - Status =3D RsaPkcs1Verify ( - Rsa, - Digest, - SHA256_DIGEST_SIZE, - CertBlock->Signature, - EFI_CERT_TYPE_RSA2048_SHA256_SIZE - ); - -Done: - if (Rsa !=3D NULL) { - RsaFree (Rsa); - } - if (Status) { - return EFI_SUCCESS; - } else { - return EFI_SECURITY_VIOLATION; - } -} - -/** Update platform mode. =20 @param[in] Mode SETUP_MODE or USER_MODE. @@ -1146,7 +802,7 @@ IsDeleteAuthVariable ( } =20 /** - Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIAB= LE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set + Process variable with=20 + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set =20 Caution: This function may receive untrusted input. This function may be invoked in SMM mode, and datasize and data are exte= rnal input. @@ -1163,9 +819,9 @@ IsDeleteAuthVariable ( =20 @return EFI_INVALID_PARAMETER Invalid parameter. @return EFI_WRITE_PROTECTED Variable is write-protected and = needs authentication with - EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS set. + EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. @return EFI_OUT_OF_RESOURCES The Database to save the public = key is full. - @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABL= E_AUTHENTICATED_WRITE_ACCESS + @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABL= E_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set, but the AuthInfo does NOT p= ass the validation check carried out by the firmwar= e. @return EFI_SUCCESS Variable is not write-protected = or pass validation successfully. @@ -1181,22 +837,8 @@ ProcessVariable ( ) { EFI_STATUS Status; - BOOLEAN IsDeletion; - BOOLEAN IsFirstTime; - UINT8 *PubKey; - EFI_VARIABLE_AUTHENTICATION *CertData; - EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock; - UINT32 KeyIndex; - UINT64 MonotonicCount; - VARIABLE_ENTRY_CONSISTENCY VariableDataEntry; - UINT32 Index; AUTH_VARIABLE_INFO OrgVariableInfo; =20 - KeyIndex =3D 0; - CertData =3D NULL; - CertBlock =3D NULL; - PubKey =3D NULL; - IsDeletion =3D FALSE; Status =3D EFI_SUCCESS; =20 ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo)); @@ -1208,7 +850,7 = @@ ProcessVariable ( =20 if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attri= butes, Data, DataSize, Attributes) && UserPhysicalPresent()) { // - // Allow the delete operation of common authenticated variable at user= physical presence. + // Allow the delete operation of common authenticated variable(AT or A= W) at user physical presence. // Status =3D AuthServiceInternalUpdateVariable ( VariableName, @@ -1232,25 +874,15 @@ ProcessVariable ( } =20 // - // A time-based authenticated variable and a count-based authenticated v= ariable - // can't be updated by each other. - // - if (OrgVariableInfo.Data !=3D NULL) { - if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) !=3D 0) && - ((OrgVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICAT= ED_WRITE_ACCESS) !=3D 0)) { - return EFI_SECURITY_VIOLATION; - } - - if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)= !=3D 0) && - ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_AC= CESS) !=3D 0)) { - return EFI_SECURITY_VIOLATION; - } - } - - // - // Process Time-based Authenticated variable. - // - if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != =3D 0) { + if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) !=3D 0) { + // + // Reject Counter Based Auth Variable processing request. + // + return EFI_UNSUPPORTED; + } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACC= ESS) !=3D 0) { + // + // Process Time-based Authenticated variable. + // return VerifyTimeBasedPayloadAndUpdate ( VariableName, VendorGuid, @@ -1262,117 +894,20 @@ ProcessVariable ( ); } =20 - // - // Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICAT= ED_WRITE_ACCESS. - // - if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) !=3D 0) { - // - // Determine current operation type. - // - if (DataSize =3D=3D AUTHINFO_SIZE) { - IsDeletion =3D TRUE; - } - // - // Determine whether this is the first time with EFI_VARIABLE_AUTHENTI= CATED_WRITE_ACCESS set. - // - if (OrgVariableInfo.Data =3D=3D NULL) { - IsFirstTime =3D TRUE; - } else if ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WR= ITE_ACCESS) =3D=3D 0) { - IsFirstTime =3D TRUE; - } else { - KeyIndex =3D OrgVariableInfo.PubKeyIndex; - IsFirstTime =3D FALSE; - } - } else if ((OrgVariableInfo.Data !=3D NULL) && - ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WR= ITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) !=3D 0) - ) { + if ((OrgVariableInfo.Data !=3D NULL) && + ((OrgVariableInfo.Attributes &=20 + (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS |=20 + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) !=3D 0)) { // // If the variable is already write-protected, it always needs authent= ication before update. // return EFI_WRITE_PROTECTED; - } else { - // - // If without EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, set and attribu= tes collision. - // That means it is not authenticated variable, just update variable a= s usual. - // - Status =3D AuthServiceInternalUpdateVariable (VariableName, VendorGuid= , Data, DataSize, Attributes); - return Status; } =20 // - // Get PubKey and check Monotonic Count value corresponding to the varia= ble. - // - CertData =3D (EFI_VARIABLE_AUTHENTICATION *) Data; - CertBlock =3D (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.Cer= tData); - PubKey =3D CertBlock->PublicKey; - - // - // Update Monotonic Count value. + // Not authenticated variable, just update variable as usual. // - MonotonicCount =3D CertData->MonotonicCount; - - if (!IsFirstTime) { - // - // 2 cases need to check here - // 1. Internal PubKey variable. PubKeyIndex is always 0 - // 2. Other counter-based AuthVariable. Check input PubKey. - // - if (KeyIndex =3D=3D 0) { - return EFI_SECURITY_VIOLATION; - } - for (Index =3D 0; Index < mPubKeyNumber; Index++) { - if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index= )->KeyIndex)) =3D=3D KeyIndex) { - if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->Ke= yData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) =3D=3D 0) { - break; - } else { - return EFI_SECURITY_VIOLATION; - } - } - } - if (Index =3D=3D mPubKeyNumber) { - return EFI_SECURITY_VIOLATION; - } - - // - // Compare the current monotonic count and ensure that it is greater t= han the last SetVariable - // operation with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribut= e set. - // - if (MonotonicCount <=3D OrgVariableInfo.MonotonicCount) { - // - // Monotonic count check fail, suspicious replay attack, return EFI_= SECURITY_VIOLATION. - // - return EFI_SECURITY_VIOLATION; - } - } - // - // Verify the certificate in Data payload. - // - Status =3D VerifyCounterBasedPayload (Data, DataSize, PubKey); - if (EFI_ERROR (Status)) { - return Status; - } - - // - // Now, the signature has been verified! - // - if (IsFirstTime && !IsDeletion) { - VariableDataEntry.VariableSize =3D DataSize - AUTHINFO_SIZE; - VariableDataEntry.Guid =3D VendorGuid; - VariableDataEntry.Name =3D VariableName; - - // - // Update public key database variable if need. - // - KeyIndex =3D AddPubKeyInStore (PubKey, &VariableDataEntry); - if (KeyIndex =3D=3D 0) { - return EFI_OUT_OF_RESOURCES; - } - } + Status =3D AuthServiceInternalUpdateVariable (VariableName, VendorGuid,= =20 + Data, DataSize, Attributes); return Status; =20 - // - // Verification pass. - // - return AuthServiceInternalUpdateVariableWithMonotonicCount (VariableName= , VendorGuid, (UINT8*)Data + AUTHINFO_SIZE, DataSize - AUTHINFO_SIZE, Attri= butes, KeyIndex, MonotonicCount); } =20 /** diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/Se= curityPkg/Library/AuthVariableLib/AuthServiceInternal.h index e9b7cf3..2886260 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -59,35 +59,6 @@ typedef enum { } AUTHVAR_TYPE; =20 /// -/// "AuthVarKeyDatabase" variable for the Public Key store -/// of variabl= es with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. -/// -/// GUID: gEfiAuthenticatedVariableGuid -/// -/// We need maintain atomici= ty. -/// -/// Format: -/// +----------------------------+ -/// | AUTHVAR_KEY_DB_DATA | <-- First AuthVarKey -/// +----------------------------+ -/// | ...... | -/// +----------------------------+ -/// | AUTHVAR_KEY_DB_DATA | <-- Last AuthKey -/// +----------------------------+ -/// -#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase" - -#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 -#define EFI_CERT_TYPE_RSA2048_SIZE 256 - -#pragma pack(1) -typedef struct { - UINT32 KeyIndex; - UINT8 KeyData[EFI_CERT_TYPE_RSA2048_SIZE]; -} AUTHVAR_KEY_DB_DATA; -#pragma pack() - -/// /// "certdb" variable stores the signer's certificates for non PK/KEK/DB/= DBX /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS|= EFI_VARIABLE_NON_VOLATILE set. /// "certdbv" variable stores the signer's certificates for non PK/KEK/DB= /DBX @@ -122,10 +93,6 @@ typedef struct { } AUTH_CERT_DB_DATA; #pragma pa= ck() =20 -extern UINT8 *mPubKeyStore; -extern UINT32 mPubKeyNumber; -extern UINT32 mMaxKeyNumber; -extern UINT32 mMaxKeyDbSize; extern UINT8 *mCertDbStore; extern UINT32 mMaxCertDbSize; extern UINT32 mPlatformMode; @@ -295,7 +262,7 @@ ProcessVarWithKek ( ); =20 /** - Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIAB= LE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set + Process variable with=20 + EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set =20 Caution: This function may receive untrusted input. This function may be invoked in SMM mode, and datasize and data are exte= rnal input. @@ -312,9 +279,9 @@ ProcessVarWithKek ( =20 @return EFI_INVALID_PARAMETER Invalid parameter. @return EFI_WRITE_PROTECTED Variable is write-protected and = needs authentication with - EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS set. + EFI_VARIABLE_AUTHENTICATED_WRITE= _ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. @return EFI_OUT_OF_RESOURCES The Database to save the public = key is full. - @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABL= E_AUTHENTICATED_WRITE_ACCESS + @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABL= E_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set, but the AuthInfo does NOT p= ass the validation check carried out by the firmwar= e. @return EFI_SUCCESS Variable is not write-protected = or pass validation successfully. @@ -387,34 +354,6 @@ AuthServiceInternalUpdateVariable ( @param[in] Data Data pointer. @param[in] DataSize Size of Data. @param[in] Attributes Attribute value of the variable. - @param[in] KeyIndex Index of associated public key. - @param[in] MonotonicCount Value of associated monotonic count. - - @retval EFI_SUCCESS The update operation is success. - @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_WRITE_PROTECTED Variable is write-protected. - @retval EFI_OUT_OF_RESOURCES There is not enough resource. - -**/ -EFI_STATUS -AuthServiceInternalUpdateVariableWithMonotonicCount ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN VOID *Data, - IN UINTN DataSize, - IN UINT32 Attributes, - IN UINT32 KeyIndex, - IN UINT64 MonotonicCount - ); - -/** - Update the variable region with Variable information. - - @param[in] VariableName Name of variable. - @param[in] VendorGuid Guid of variable. - @param[in] Data Data pointer. - @param[in] DataSize Size of Data. - @param[in] Attributes Attribute value of the variable. @param[in] TimeStamp Value of associated TimeStamp. =20 @retval EFI_SUCCESS The update operation is success. diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/Securi= tyPkg/Library/AuthVariableLib/AuthVariableLib.c index 792a123..00917eb 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -27,10 +27,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHE= R EXPRESS OR IMPLIED. /// /// Global database array for scratch /// -UINT8 *mPubKeyStore; -UINT32 mPubKeyNumber; -UINT32 mMaxKeyNumber; -UINT32 mMaxKeyDbSize; UINT8 *mCertDbStore; UINT32 mMaxCertDbSize; UINT32 mPlatformMode; @@ -78,17 +74,6 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] =3D { } }, { - &gEfiAuthenticatedVariableGuid, - AUTHVAR_KEYDB_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_NV_BS_RT_AW, - sizeof (UINT8), - MAX_UINTN - } - }, - { &gEfiCertDbGuid, EFI_CERT_DB_NAME, { @@ -112,7 +97,7 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] =3D { }, }; =20 -VOID **mAuthVarAddressPointer[10]; +VOID **mAuthVarAddressPointer[9]; =20 AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn =3D NULL; =20 @@ -138,7 +123,6 @@ AuthVariableLibInitialize ( ) { EFI_STATUS Status; - UINT8 VarValue; UINT32 VarAttr; UINT8 *Data; UINTN DataSize; @@ -164,16 +148,6 @@ AuthVariableLibInitialize ( } =20 // - // Reserve runtime buffer for public key database. The size excludes var= iable header and name size. - // - mMaxKeyDbSize =3D (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - = sizeof (AUTHVAR_KEYDB_NAME)); - mMaxKeyNumber =3D mMaxKeyDbSize / sizeof (AUTHVAR_KEY_DB_DATA); - mPubKeyStore =3D AllocateRuntimePool (mMaxKeyDbSize); - if (mPubKeyStore =3D=3D NULL) { - return EFI_OUT_OF_RESOURCES; - } - - // // Reserve runtime buffer for certificate database. The size excludes va= riable header and name size. // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer. // @@ -183,43 +157,6 @@ AuthVariableLibInitialize ( return EFI_OUT_OF_RESOURCES; } =20 - // - // Check "AuthVarKeyDatabase" variable's existence. - // If it doesn't exist, create a new one with initial value of 0 and EFI= _VARIABLE_AUTHENTICATED_WRITE_ACCESS set. - // - Status =3D AuthServiceInternalFindVariable ( - AUTHVAR_KEYDB_NAME, - &gEfiAuthenticatedVariableGuid, - (VOID **) &Data, - &DataSize - ); - if (EFI_ERROR (Status)) { - VarAttr =3D EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACC= ESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_AC= CESS; - VarValue =3D 0; - mPubKeyNumber =3D 0; - Status =3D AuthServiceInternalUpdateVariable ( - AUTHVAR_KEYDB_NAME, - &gEfiAuthenticatedVariableGuid, - &VarValue, - sizeof(UINT8), - VarAttr - ); - if (EFI_ERROR (Status)) { - return Status; - } - } else { - // - // Load database in global variable for cache. - // - ASSERT ((DataSize !=3D 0) && (Data !=3D NULL)); - // - // "AuthVarKeyDatabase" is an internal variable. Its DataSize is alway= s ensured not to exceed mPubKeyStore buffer size(See definition before) - // Therefore, there is no memory overflow in underlying CopyMem. - // - CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize); - mPubKeyNumber =3D (UINT32) (DataSize / sizeof (AUTHVAR_KEY_DB_DATA)); - } - Status =3D AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfi= GlobalVariableGuid, (VOID **) &Data, &DataSize); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_= NAME)); @@ -422,16 +359,15 @@ AuthVariableLibInitialize ( AuthVarLibContextOut->StructSize =3D sizeof (AUTH_VAR_LIB_CONTEXT_OUT); AuthVarLibContextOut->AuthVarEntry =3D mAuthVarEntry; AuthVarLibContextOut->AuthVarEntryCount =3D ARRAY_SIZE (mAuthVarEntry); - mAuthVarAddressPointer[0] =3D (VOID **) &mPubKeyStore; - mAuthVarAddressPointer[1] =3D (VOID **) &mCertDbStore; - mAuthVarAddressPointer[2] =3D (VOID **) &mHashCtx; - mAuthVarAddressPointer[3] =3D (VOID **) &mAuthVarLibContextIn; - mAuthVarAddressPointer[4] =3D (VOID **) &(mAuthVarLibContextIn->FindVari= able), - mAuthVarAddressPointer[5] =3D (VOID **) &(mAuthVarLibContextIn->FindNext= Variable), - mAuthVarAddressPointer[6] =3D (VOID **) &(mAuthVarLibContextIn->UpdateVa= riable), - mAuthVarAddressPointer[7] =3D (VOID **) &(mAuthVarLibContextIn->GetScrat= chBuffer), - mAuthVarAddressPointer[8] =3D (VOID **) &(mAuthVarLibContextIn->CheckRem= ainingSpaceForConsistency), - mAuthVarAddressPointer[9] =3D (VOID **) &(mAuthVarLibContextIn->AtRuntim= e), + mAuthVarAddressPointer[0] =3D (VOID **) &mCertDbStore; =20 + mAuthVarAddressPointer[1] =3D (VOID **) &mHashCtx; =20 + mAuthVarAddressPointer[2] =3D (VOID **) &mAuthVarLibContextIn; =20 + mAuthVarAddressPointer[3] =3D (VOID **)=20 + &(mAuthVarLibContextIn->FindVariable), + mAuthVarAddressPointer[4] =3D (VOID **)=20 + &(mAuthVarLibContextIn->FindNextVariable), + mAuthVarAddressPointer[5] =3D (VOID **)=20 + &(mAuthVarLibContextIn->UpdateVariable), + mAuthVarAddressPointer[6] =3D (VOID **)=20 + &(mAuthVarLibContextIn->GetScratchBuffer), + mAuthVarAddressPointer[7] =3D (VOID **)=20 + &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency), + mAuthVarAddressPointer[8] =3D (VOID **)=20 + &(mAuthVarLibContextIn->AtRuntime), AuthVarLibContextOut->AddressPointer =3D mAuthVarAddressPointer; AuthVarLibContextOut->AddressPointerCount =3D ARRAY_SIZE (mAuthVarAddres= sPointer); =20 @@ -439,7 +375,7 @@ AuthVariableLibInitialize ( } =20 /** - Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIAB= LE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS= set. =20 @param[in] VariableName Name of the variable. @param[in] VendorGuid Variable vendor GUID. @@ -452,8 +388,7 @@ AuthVariableLibInitialize ( @retval EFI_INVALID_PARAMETER Invalid parameter. @retval EFI_WRITE_PROTECTED Variable is write-protected. @retval EFI_OUT_OF_RESOURCES There is not enough resource. - @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTH= ENTICATED_WRITE_ACCESS - or EFI_VARIABLE_TIME_BASED_AUTHENTICAT= ED_WRITE_ACESS + @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME= _BASED_AUTHENTICATED_WRITE_ACESS set, but the AuthInfo does NOT pass th= e validation check carried out by the firmware. @retval EFI_UNSUPPORTED Unsupported to process authenticated v= ariable. diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c= b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c index c6f3edc..7763b13 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c @@ -101,7 +101,7 @@ IsMorLockVariable ( @retval EFI_DEVICE_ERROR The variable could not be saved due to a= hardware failure. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delet= ed. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to= EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + @retval EFI_SECURITY_VIOLATION The variable could not be written due=20 + to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set but the AuthInfo does NOT pass the v= alidation check carried out by the firmware. @retval EFI_NOT_FOUND The variable trying to be updated or del= eted was not found. diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h= b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h index 50a656a..af30357 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h @@ -67,7 +67,7 @@ InternalGetVariable ( @retval EFI_DEVICE_ERROR The variable could not be saved due to a= hardware failure. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delet= ed. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to= EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + @retval EFI_SECURITY_VIOLATION The variable could not be written due=20 + to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set but the AuthInfo does NOT pass the v= alidation check carried out by the firmware. @retval EFI_NOT_FOUND The variable trying to be updated or del= eted was not found. @@ -103,7 +103,7 @@ InternalSetVariable ( @retval EFI_DEVICE_ERROR The variable could not be saved due to a= hardware failure. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delet= ed. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to= EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + @retval EFI_SECURITY_VIOLATION The variable could not be written due=20 + to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set but the AuthInfo does NOT pass the v= alidation check carried out by the firmware. @retval EFI_NOT_FOUND The variable trying to be updated or del= eted was not found. diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSm= m.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c index 019cb8b..e5db98c 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c @@ -82,7 +82,7 @@ InternalGetVariable ( @retval EFI_DEVICE_ERROR The variable could not be saved due to a= hardware failure. @retval EFI_WRITE_PROTECTED The variable in question is read-only. @retval EFI_WRITE_PROTECTED The variable in question cannot be delet= ed. - @retval EFI_SECURITY_VIOLATION The variable could not be written due to= EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + @retval EFI_SECURITY_VIOLATION The variable could not be written due=20 + to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set but the AuthInfo does NOT pass the v= alidation check carried out by the firmware. @retval EFI_NOT_FOUND The variable trying to be updated or del= eted was not found. -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel