From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.6808.1600841506022507222 for ; Tue, 22 Sep 2020 23:11:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Hnw3i3OD; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com) IronPort-SDR: zaK+8gkI/EmEXjQBNExw37MxhPdrerxmdYJCGbczDH2z/TDWDl8NddEWIBupqVscZGe0meCJ92 OsnGaASjgXWA== X-IronPort-AV: E=McAfee;i="6000,8403,9752"; a="222388578" X-IronPort-AV: E=Sophos;i="5.77,293,1596524400"; d="scan'208";a="222388578" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2020 23:11:45 -0700 IronPort-SDR: +ss0klnVIidsxcDaROGv1Mz1qUz5ibDfvpF3fMKbi9ZfB0lw7kaYF6jPiyJyb6KuqpDKRrfVVo pbey+lOSSVgg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,293,1596524400"; d="scan'208";a="412897909" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by fmsmga001.fm.intel.com with ESMTP; 22 Sep 2020 23:11:44 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 22 Sep 2020 23:11:44 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 22 Sep 2020 23:11:44 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.102) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Tue, 22 Sep 2020 23:11:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BFQwNt7qWdZMHVuqDfrMt4rJIpMRjsJRVetHV2B9Q0dzYRQu/d11wntInDK+lYTZ0/mGmBbCwBTNgim7cgWlFB6mIRXaj/EZzdfLkxmhzLPNvfYvgxmS05ljCJmVCdYFeQxKy7OWNEHjLyNXMFKOGjwxjpGGKHme/5PnvesfWRde/rXu5oH29Y1TWQDuLUHwFKjs08VkZFAoIlnieDbF2qzQr22b4tVNrY+H34WH87nzEv5le09dRnMvL8LLG5K1qs25rVngvmk/iY9mxTZk5o4p49uOihnvd5PcLskVagbXyqhV3JgMoMwa2J4YvLa8LijDFkV4Lav/eK5a9YjBPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FQAokowqICh6Mv7kYmEOslaa9SqBEQUx+uojPhEgmmg=; b=c1Xy3qTRDy0TRVa4M+m1NNhkrMQEblikisAQFzrZPbbqMcnfad1FIjarj9+GLBXTD48MPkQswvEoRrpcq8d0fi52bxdVD2QUnRpA2Le5oF1AaD67nNR/CKGL6Avc5tiZhjI8w0PBZ4BEK5NwzsTG4WBnN9KJZ6LeWm3uZ/6ivgNMFcuJbneZjLC/y0r2diNvuug3P8uE0fdE/C+xYgu33M6r1X/XS7ilkyMezhSQkMJX0SJa7UB7jSZCYKPwAzSVNT0w6kHGB1hgzNNkAgCBjg7vWMaEQfhJamEBDiufNG9tGIszuLqM5Z5oPqnEjGOn7atKh2Mt9GiFMJDNkFCihw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FQAokowqICh6Mv7kYmEOslaa9SqBEQUx+uojPhEgmmg=; b=Hnw3i3OD9IbPI5nMezgC5H8xqEn0zJvi6vCPwG5WMXM2S16wp1qFAszo4XE0J1mpSwZpK83tsObA84NhqcO28xtSdKm8aMM3ApTLdM/OrOfGu40w+UhE0fdVNpUXI81LK8+iV3jpuRoiN8fvhoUsJteyZmEMHHV0cGp4hH4R+qQ= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR1101MB2199.namprd11.prod.outlook.com (2603:10b6:910:1a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Wed, 23 Sep 2020 06:11:39 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::163:9209:a92d:812%6]) with mapi id 15.20.3391.024; Wed, 23 Sep 2020 06:11:39 +0000 From: "Yao, Jiewen" To: Bret Barkelew , "devel@edk2.groups.io" CC: "Wang, Jian J" , Chao Zhang , Bret Barkelew , "Bi, Dandan" Subject: Re: [PATCH v8 11/14] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Thread-Topic: [PATCH v8 11/14] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Thread-Index: AQHWkXAojx2/67wxVU+S+yXiYgiO2al1vcWQ Date: Wed, 23 Sep 2020 06:11:39 +0000 Message-ID: References: <20200923060748.3795-1-bret.barkelew@microsoft.com> <20200923060748.3795-12-bret.barkelew@microsoft.com> In-Reply-To: <20200923060748.3795-12-bret.barkelew@microsoft.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: corthon.com; dkim=none (message not signed) header.d=none;corthon.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.218] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9b3234ae-2547-4728-efda-08d85f8788e2 x-ms-traffictypediagnostic: CY4PR1101MB2199: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1169; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Bv4j1VB/Tz+gly8RAYxASFet8C6oy8i+RmvM2JPRnYXc1u9lrL11bXFzN9QqHMemlUBdqLBwg3Omo7n1xu8eYm0G1Q1osyXtwato21jyuAl2Jeiw5NWOhgo9QA00XNea7PxCee2s7Rsgxa03rVjxJ10NTii0feTE6tcSyMCXVzA/Xc6MG+blRIg8biGsRkcbUTXH8aqUzggchfn2dpy6JwX6q6I3LiTZrfHa+pTQZK8uRCQbIo6k3Zz+3BQoVmpBSCXflQUOE5AVLc6uwyQxWyiVnDZm7oVpSu3axJZJV9Lb0Sv3tiZAA8jVtk+3KNVscOVlRsz3/8tGX9k6nr1d915FqpE+H/3QCuOcMKA/6ALNNFoQ+E8v2fR6AdG2dP9f2BiezXHswEpspnH0gcBzUGI2Kq5NJrbNZKonEu+WMDyFsksDZi8bFeL+8z3ggvCPCO28V2W/B6pgIzViBn/3zA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(136003)(366004)(396003)(39860400002)(110136005)(33656002)(26005)(54906003)(966005)(8936002)(7696005)(53546011)(71200400001)(6506007)(8676002)(186003)(55016002)(9686003)(83380400001)(86362001)(2906002)(107886003)(5660300002)(15650500001)(66476007)(66556008)(64756008)(66446008)(316002)(45080400002)(478600001)(52536014)(66946007)(4326008)(76116006);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: lHdBILaeHi6HVPZfiVHZhvy2jcGIqmXI/dKelfyoSL/tN2QUX4mc558m6fpLjNaVbBDautVv4A5eW1SFOUZ4FDdQ8JJeCIj5OBBq0rNnI6Qux/AVvbqoAuGckYn23g4DbV+VzOKD8wISi/0dWiV5HpI40v5D2yjuzPqS/iXTufPohCLLsqKkbq8+mnSVxIZI7dc1zbTbCQuu9Kj/nLLWtF/T15B9TZotXF/2SovP5+22Y+vq4Q9B1nu6tYzJKVzH+nIvT45mM0mlVW7B+ou0FSZ6otnM7udpfGYXogaVRhqyvLEvQ2mI+PSNFHu+eGKHRHfDj3PplAI4zS3E1thusxTrht3K8RzfdFMarbNoc/4248epl0R61OXe9fcQxGa28Y+12uemrwP0/Yt2sBFehl1bkkbWbgw23EXxv/LeY4dFAK9yC4benCayKqdU5j0uBRv5MiTK7JZYZR3I1QEJjDIfuTGnT1j3r/RlEEbvty4rIeaPG64GsKCWPUu4CWce6F0K+KSN1EHJ+Unf/faiYxbaRId2JVYC+wUWnPHVVRFzbiqKn+CMuX7xQzKH1K+rd2trD9VG3IZ+CVtb6PHwGtztJ0TTzt0JQbvotSAbT4t9kfPfi5xZ9jj5BCw681sxzxXKoEdXW/17fBs93PHyNw== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9b3234ae-2547-4728-efda-08d85f8788e2 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2020 06:11:39.3213 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: egBcfXx9OixEFHz5QjgHm/hiXs1PEPC/IqDqpUVwQWE/DoGtRJT59mTY4GtYJN1Di7u1adqRAw86o2lY+oiX0A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2199 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Bret Barkelew > Sent: Wednesday, September 23, 2020 2:08 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Chao Zhang ; Bret Barkelew > ; Bi, Dandan > Subject: [PATCH v8 11/14] SecurityPkg: Allow VariablePolicy state to dele= te > authenticated variables >=20 > From: Bret Barkelew >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 >=20 > Causes AuthService to check > IsVariablePolicyEnabled() before enforcing > write protections to allow variable deletion > when policy engine is disabled. >=20 > Only allows deletion, not modification. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Chao Zhang > Cc: Bret Barkelew > Signed-off-by: Bret Barkelew > Reviewed-by: Dandan Bi > Acked-by: Jian J Wang > --- > SecurityPkg/Library/AuthVariableLib/AuthService.c | 30 +++++++++++= +++++- > --- > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 ++ > 2 files changed, 26 insertions(+), 6 deletions(-) >=20 > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c > b/SecurityPkg/Library/AuthVariableLib/AuthService.c > index 2f60331f2c04..4fb609504db7 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > @@ -19,12 +19,16 @@ > to verify the signature. >=20 >=20 >=20 > Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
>=20 > +Copyright (c) Microsoft Corporation. >=20 > SPDX-License-Identifier: BSD-2-Clause-Patent >=20 >=20 >=20 > **/ >=20 >=20 >=20 > #include "AuthServiceInternal.h" >=20 >=20 >=20 > +#include >=20 > +#include >=20 > + >=20 > // >=20 > // Public Exponent of RSA Key. >=20 > // >=20 > @@ -217,9 +221,12 @@ NeedPhysicallyPresent( > IN EFI_GUID *VendorGuid >=20 > ) >=20 > { >=20 > - if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && > (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) =3D=3D 0)) >=20 > - || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp > (VariableName, EFI_CUSTOM_MODE_NAME) =3D=3D 0))) { >=20 > - return TRUE; >=20 > + // If the VariablePolicy engine is disabled, allow deletion of any aut= henticated > variables. >=20 > + if (IsVariablePolicyEnabled()) { >=20 > + if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && > (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) =3D=3D 0)) >=20 > + || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp > (VariableName, EFI_CUSTOM_MODE_NAME) =3D=3D 0))) { >=20 > + return TRUE; >=20 > + } >=20 > } >=20 >=20 >=20 > return FALSE; >=20 > @@ -842,7 +849,8 @@ ProcessVariable ( > &OrgVariableInfo >=20 > ); >=20 >=20 >=20 > - if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Att= ributes, > Data, DataSize, Attributes) && UserPhysicalPresent()) { >=20 > + // If the VariablePolicy engine is disabled, allow deletion of any aut= henticated > variables. >=20 > + if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Att= ributes, > Data, DataSize, Attributes) && (UserPhysicalPresent() > || !IsVariablePolicyEnabled())) { >=20 > // >=20 > // Allow the delete operation of common authenticated variable(AT or= AW) at > user physical presence. >=20 > // >=20 > @@ -1920,6 +1928,12 @@ VerifyTimeBasedPayload ( > PayloadPtr =3D SigData + SigDataSize; >=20 > PayloadSize =3D DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) > SigDataSize; >=20 >=20 >=20 > + // If the VariablePolicy engine is disabled, allow deletion of any aut= henticated > variables. >=20 > + if (PayloadSize =3D=3D 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) = =3D=3D 0 > && !IsVariablePolicyEnabled()) { >=20 > + VerifyStatus =3D TRUE; >=20 > + goto Exit; >=20 > + } >=20 > + >=20 > // >=20 > // Construct a serialization buffer of the values of the VariableName, > VendorGuid and Attributes >=20 > // parameters of the SetVariable() call and the TimeStamp component of= the >=20 > @@ -2173,8 +2187,12 @@ VerifyTimeBasedPayload ( > Exit: >=20 >=20 >=20 > if (AuthVarType =3D=3D AuthVarTypePk || AuthVarType =3D=3D AuthVarType= Priv) { >=20 > - Pkcs7FreeSigners (TopLevelCert); >=20 > - Pkcs7FreeSigners (SignerCerts); >=20 > + if (TopLevelCert !=3D NULL) { >=20 > + Pkcs7FreeSigners (TopLevelCert); >=20 > + } >=20 > + if (SignerCerts !=3D NULL) { >=20 > + Pkcs7FreeSigners (SignerCerts); >=20 > + } >=20 > } >=20 >=20 >=20 > if (!VerifyStatus) { >=20 > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > index 8d4ce14df494..8eadeebcebd7 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > @@ -3,6 +3,7 @@ > # >=20 > # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. >=20 > # Copyright (c) 2018, ARM Limited. All rights reserved.
>=20 > +# Copyright (c) Microsoft Corporation. >=20 > # >=20 > # SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > # >=20 > @@ -41,6 +42,7 @@ [LibraryClasses] > MemoryAllocationLib >=20 > BaseCryptLib >=20 > PlatformSecureLib >=20 > + VariablePolicyLib >=20 >=20 >=20 > [Guids] >=20 > ## CONSUMES ## Variable:L"SetupMode" >=20 > -- > 2.28.0.windows.1