From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0714.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe40::714]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5A66B1A1DEB for ; Tue, 11 Oct 2016 02:22:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=5z4gMBgFUytDTPz1rsECS+OevBebCglzhbDx54fffCU=; b=OSfq/3owSjCLW0gTK334OEwWBS82MPWTIj2hFkURsUcB/bYWgwNodhWkfeoQKdXFwWtV6nyhdgVqT9tkxcZIoy+5EYZEhhfvhE29Hg/knxHU+BmSFWoS3RA+FblmAAOMNrD0f0wTWQOb3Q59LapHe95z5nqWkngvpgnM3CYOqdk= Received: from BY1PR03MB1355.namprd03.prod.outlook.com (10.162.109.25) by BY1PR03MB1353.namprd03.prod.outlook.com (10.162.109.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.659.11; Tue, 11 Oct 2016 09:21:57 +0000 Received: from BY1PR03MB1355.namprd03.prod.outlook.com ([10.162.109.25]) by BY1PR03MB1355.namprd03.prod.outlook.com ([10.162.109.25]) with mapi id 15.01.0659.018; Tue, 11 Oct 2016 09:21:57 +0000 From: Sean Brogan To: Jiewen Yao , "edk2-devel@lists.01.org" CC: Michael D Kinney , Feng Tian , Chao Zhang , Liming Gao , Star Zeng Thread-Topic: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add FmpAuthenticationLib header. Thread-Index: AQHSGxVWDnB2ujQ5Vk+MVFqPm8/446CjBNiw Date: Tue, 11 Oct 2016 09:21:57 +0000 Message-ID: References: <1475238128-22448-1-git-send-email-jiewen.yao@intel.com> <1475238128-22448-4-git-send-email-jiewen.yao@intel.com> In-Reply-To: <1475238128-22448-4-git-send-email-jiewen.yao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=sean.brogan@microsoft.com; x-originating-ip: [50.46.222.147] x-ms-office365-filtering-correlation-id: 39c53c93-5db6-4d3a-e199-08d3f1b80cbb x-microsoft-exchange-diagnostics: 1; BY1PR03MB1353; 7:VxQ3FEVLjTZKN6EjiBIk9gMQWvf90I+43XPzFUQ2v5t0ivxi8dSPpChSKHfIpWk6dQa+j7M4Y4GwEbCMn6Z0EZfOTLY4iGh0eTsWDTkNLfEMHf1ou9euCmeEF12Sq+u6Upz9BTdHEUvMQiFWT/2k62qMc5I4gyJWSoaRmA8d/mZ5Iq/vAUnRArXfQohkaEal6oXIDQeYcowy5j8ibpPqUI+xmYtnN5GlMhaTRXJbN8jRFY/AVgvv6sIVZnI+bAsiQnlCPcSBStB6MDNu0EpSgbSjTCkl2g1NRTH+8Cspw5HvsU9o8mV5he9atWBN92XbKRSvS74QXgO0wwI8it6VQkhOKDHBicWdIJM31HPVyLnAsMgbVocLyXMQvmDdXNVB x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR03MB1353; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(162533806227266)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038); SRVR:BY1PR03MB1353; BCL:0; PCL:0; RULEID:; SRVR:BY1PR03MB1353; x-forefront-prvs: 00922518D8 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(377454003)(13464003)(189002)(199003)(33656002)(9686002)(77096005)(15975445007)(15395725005)(2950100002)(92566002)(8936002)(305945005)(74316002)(4326007)(7736002)(7696004)(7846002)(2501003)(11100500001)(76576001)(3660700001)(5001770100001)(97736004)(3280700002)(122556002)(68736007)(2900100001)(99286002)(19580395003)(54356999)(101416001)(105586002)(87936001)(106116001)(106356001)(50986999)(76176999)(5002640100001)(16799955002)(86362001)(15188155005)(86612001)(19580405001)(5005710100001)(189998001)(8990500004)(2906002)(5660300001)(10400500002)(10290500002)(8676002)(10090500001)(66066001)(586003)(3846002)(6116002)(102836003)(81166006)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR03MB1353; H:BY1PR03MB1355.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Oct 2016 09:21:57.7366 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR03MB1353 Subject: Re: [PATCH V2 03/50] MdeModulePkg/Include: Add FmpAuthenticationLib header. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2016 09:22:00 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I think this library and the design of registering different auth handlers = is not the right design for FMP auth verification. This isn't something t= hat needs extension thru registration. This is a controlled environment. I= also don't think the capsule runtime should be using these auth services. = How I see it the design abstraction of FMP is that the FMP instance does t= he verification and unwrapping of the capsule in its checkimage/set image r= outines. By keeping FMP self-contained a platform gains a lot of flexibili= ty. FMP SetImage can be called from the UEFI shell or other application be= fore exit boot services so it must always verify the image before applying = anyway. =20 =20 I would ask that this too be moved to your new sample package or removed fr= om the design. =20 Thanks Sean =20 > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jiewen Yao > Sent: Friday, September 30, 2016 5:21 AM > To: edk2-devel@lists.01.org > Cc: Michael D Kinney ; Feng Tian > ; Chao Zhang ; Liming Gao > ; Star Zeng > Subject: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add > FmpAuthenticationLib header. >=20 > This library is used to authenticate a UEFI defined FMP Capsule. >=20 > Cc: Feng Tian > Cc: Star Zeng > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > Reviewed-by: Liming Gao > --- > MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 91 > ++++++++++++++++++++ > 1 file changed, 91 insertions(+) >=20 > diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > new file mode 100644 > index 0000000..895698e > --- /dev/null > +++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > @@ -0,0 +1,91 @@ > +/** @file > + FMP capsule authenitcation Library. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
This > +program and the accompanying materials are licensed and made available > +under the terms and conditions of the BSD License which accompanies > +this distribution. The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > + > +**/ > + > + > +#ifndef __FMP_AUTHENTICATION_LIB_H__ > +#define __FMP_AUTHENTICATION_LIB_H__ > + > +/** > + The handler is used to do the authentication for FMP capsule based > +upon > + EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + > + Caution: This function may receive untrusted input. > + > + @param[in] Image Points to the new FMP authentication = image, > + start from EFI_FIRMWARE_IMAGE_AUTHENT= ICATION. > + @param[in] ImageSize Size of the authentication image in b= ytes. > + @param[out] LastAttemptStatus The last attempt status, which will b= e > recorded > + in ESRT and FMP EFI_FIRMWARE_IMAGE_DE= SCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in Last= AttemptStatus. > +**/ > +typedef > +RETURN_STATUS > +(EFIAPI *FMP_AUTHENTICATION_HANDLER) ( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +/** > + Register FMP authentication handler with CertType. > + > + If CertType is NULL, then ASSERT(). > + If FmpAuthenticationHandler is NULL, then ASSERT(). > + > + @param[in] CertType The certificate type associated= with the > FMP auth handler. > + @param[in] FmpAuthenticationHandler The FMP authentication handler = to > be registered. > + > + @retval RETURN_SUCCESS The handlers were registered. > + @retval RETURN_OUT_OF_RESOURCES There are not enough resources > available to register the handlers. > +**/ > +RETURN_STATUS > +EFIAPI > +RegisterFmpAuthenticationHandler( > + IN GUID *CertType, > + IN FMP_AUTHENTICATION_HANDLER FmpAuthenticationHandler > + ); > + > +/** > + Execute FMP authentication handlers. > + > + Caution: This function may receive untrusted input. > + > + If Image is NULL, then ASSERT(). > + If ImageSize is 0, then ASSERT(). > + If LastAttemptStatus is NULL, then ASSERT(). > + > + @param[in] Image Points to the new FMP authentication = image, > + start from EFI_FIRMWARE_IMAGE_AUTHENT= ICATION. > + @param[in] ImageSize Size of the authentication image in b= ytes. > + @param[out] LastAttemptStatus The last attempt status, which will b= e > recorded > + in ESRT and FMP EFI_FIRMWARE_IMAGE_DE= SCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in Last= AttemptStatus. > + @retval RETURN_UNSUPPORTED No Authentication handler associated > with CertType. > +**/ > +RETURN_STATUS > +EFIAPI > +ExecuteFmpAuthenticationHandler( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +#endif > + > -- > 2.7.4.windows.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel