From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: Oliver Smith-Denny <osd@smith-denny.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Patel, Umang" <umang.patel@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [edk2-devel] [Patch 2/2] SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi
Date: Mon, 27 Mar 2023 15:19:31 +0000 [thread overview]
Message-ID: <CO1PR11MB49297E2214629D8AE18610A8D28B9@CO1PR11MB4929.namprd11.prod.outlook.com> (raw)
In-Reply-To: <d98d06c7-9523-56ea-a482-01a16f6402a1@smith-denny.com>
I agree with your comment. Can you please enter a new BZ to address it?
Thanks,
Mike
> -----Original Message-----
> From: Oliver Smith-Denny <osd@smith-denny.com>
> Sent: Wednesday, March 22, 2023 9:05 AM
> To: devel@edk2.groups.io; Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: Patel, Umang <umang.patel@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Subject: Re: [edk2-devel] [Patch 2/2] SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi
>
> One comment below, thanks!
>
> On 3/21/2023 7:06 PM, Michael D Kinney wrote:
> > From: Umang Patel <umang.patel@intel.com>
> >
> > If FirmwareVolumeShadow PPI is available, then use it to
> > shadow FVs to memory. Otherwise fallback to CopyMem().
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Signed-off-by: Patel Umang <umang.patel@intel.com>
> > ---
> > SecurityPkg/FvReportPei/FvReportPei.c | 37 ++++++++++++++++++++-----
> > SecurityPkg/FvReportPei/FvReportPei.h | 1 +
> > SecurityPkg/FvReportPei/FvReportPei.inf | 1 +
> > 3 files changed, 32 insertions(+), 7 deletions(-)
> >
> > diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c
> > index 846605cda1e4..6288dde16b2a 100644
> > --- a/SecurityPkg/FvReportPei/FvReportPei.c
> > +++ b/SecurityPkg/FvReportPei/FvReportPei.c
> > @@ -114,12 +114,13 @@ VerifyHashedFv (
> > IN EFI_BOOT_MODE BootMode
> > )
> > {
> > - UINTN FvIndex;
> > - CONST HASH_ALG_INFO *AlgInfo;
> > - UINT8 *HashValue;
> > - UINT8 *FvHashValue;
> > - VOID *FvBuffer;
> > - EFI_STATUS Status;
> > + UINTN FvIndex;
> > + CONST HASH_ALG_INFO *AlgInfo;
> > + UINT8 *HashValue;
> > + UINT8 *FvHashValue;
> > + VOID *FvBuffer;
> > + EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI *FvShadowPpi;
> > + EFI_STATUS Status;
> >
> > if ((HashInfo == NULL) ||
> > (HashInfo->HashSize == 0) ||
> > @@ -191,8 +192,30 @@ VerifyHashedFv (
> > // Copy FV to permanent memory to avoid potential TOC/TOU.
> > //
> > FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));
> > +
> > ASSERT (FvBuffer != NULL);
>
> While we are here, should we make this more robust (and amenable to
> static analysis) and add error handling if FvBuffer is NULL, not just
> assert?
>
> > - CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length);
> > + Status = PeiServicesLocatePpi (
> > + &gEdkiiPeiFirmwareVolumeShadowPpiGuid,
> > + 0,
> > + NULL,
> > + (VOID **)&FvShadowPpi
> > + );
> > +
> > + if (!EFI_ERROR (Status)) {
> > + Status = FvShadowPpi->FirmwareVolumeShadow (
> > + (EFI_PHYSICAL_ADDRESS)FvInfo[FvIndex].Base,
> > + FvBuffer,
> > + (UINTN)FvInfo[FvIndex].Length
> > + );
> > + }
> > +
> > + if (EFI_ERROR (Status)) {
> > + CopyMem (
> > + FvBuffer,
> > + (CONST VOID *)(UINTN)FvInfo[FvIndex].Base,
> > + (UINTN)FvInfo[FvIndex].Length
> > + );
> > + }
> >
> > if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) {
> > Status = EFI_ABORTED;
> > diff --git a/SecurityPkg/FvReportPei/FvReportPei.h b/SecurityPkg/FvReportPei/FvReportPei.h
> > index 92504a3c51e1..07ffb2f5768c 100644
> > --- a/SecurityPkg/FvReportPei/FvReportPei.h
> > +++ b/SecurityPkg/FvReportPei/FvReportPei.h
> > @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > #include <IndustryStandard/Tpm20.h>
> >
> > #include <Ppi/FirmwareVolumeInfoStoredHashFv.h>
> > +#include <Ppi/FirmwareVolumeShadowPpi.h>
> >
> > #include <Library/PeiServicesLib.h>
> > #include <Library/PcdLib.h>
> > diff --git a/SecurityPkg/FvReportPei/FvReportPei.inf b/SecurityPkg/FvReportPei/FvReportPei.inf
> > index 408406889765..4246fb75ebaa 100644
> > --- a/SecurityPkg/FvReportPei/FvReportPei.inf
> > +++ b/SecurityPkg/FvReportPei/FvReportPei.inf
> > @@ -46,6 +46,7 @@ [LibraryClasses]
> > [Ppis]
> > gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## PRODUCES
> > gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid ## CONSUMES
> > + gEdkiiPeiFirmwareVolumeShadowPpiGuid ## CONSUMES
> >
> > [Pcd]
> > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass
next prev parent reply other threads:[~2023-03-27 15:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-22 2:06 [Patch 0/2] Add and use FirmwareVolumeShadowPpi Michael D Kinney
2023-03-22 2:06 ` [Patch 1/2] MdeModulePkg/Include/Ppi: Add FirmwareVolumeShadowPpi Michael D Kinney
2023-03-22 2:06 ` [Patch 2/2] SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi Michael D Kinney
2023-03-22 16:04 ` [edk2-devel] " Oliver Smith-Denny
2023-03-27 15:19 ` Michael D Kinney [this message]
2023-03-22 16:05 ` [edk2-devel] [Patch 0/2] Add and use FirmwareVolumeShadowPpi Oliver Smith-Denny
2023-03-23 19:17 ` Michael D Kinney
2023-03-27 4:55 ` Wang, Jian J
2023-03-27 16:26 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO1PR11MB49297E2214629D8AE18610A8D28B9@CO1PR11MB4929.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox