From: "Wang, Jian J" <jian.j.wang@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"philmd@redhat.com" <philmd@redhat.com>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
"Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/1] SecurityPkg: Fix incorrect return value in documentation
Date: Wed, 5 Feb 2020 14:18:58 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C510003625A08191@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <da4893ce-89bf-d0de-a3e9-61aac8ce31e6@redhat.com>
Hi,
I agree with Laszlo. The updated comment still doesn't match the code. I'd suggest
to fix the code as well as comment to make sure it confirms to the prototype.
Regards,
Jian
> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Wednesday, February 05, 2020 7:28 AM
> To: devel@edk2.groups.io; philmd@redhat.com
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: Re: [edk2-devel] [PATCH 1/1] SecurityPkg: Fix incorrect return value in
> documentation
>
> Hi Phil,
>
> On 02/04/20 23:26, Philippe Mathieu-Daudé wrote:
> > The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers
> > are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype
> > can not return EFI_INVALID_PARAMETER.
> >
> > The prototype documentation states it returns EFI_ACCESS_DENIED if:
> >
> > "The file specified by File and FileBuffer did not authenticate,
> > and the platform policy dictates that the DXE Foundation may not
> > use File."
> >
> > Note in practice both functions return EFI_SECURITY_VIOLATION:
> >
> > "The file specified by DevicePath and FileBuffer did not
> > authenticate, and the platform policy dictates that the file
> > should be placed in the untrusted state. The image has been
> > added to the file execution table."
> >
> > Noticed while reviewing commit 6d57592740cdd0b6868baeef7929d6e6fef.
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Chao Zhang <chao.b.zhang@intel.com>
> > Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
> > ---
> > .../Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c | 2 +-
> > SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 2
> +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git
> a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
> b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
> > index 04b9b0d7fbf3..0c07f65c6835 100644
> > ---
> a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
> > +++
> b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
> > @@ -384,7 +384,7 @@ Finish:
> > and other exception operations. The File parameter allows for possible
> logging
> > within the SAP of the driver.
> >
> > - If File is NULL, then EFI_INVALID_PARAMETER is returned.
> > + If File is NULL, then EFI_ACCESS_DENIED is returned.
> >
> > If the file specified by File with an authentication status specified by
> > AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is
> returned.
>
> I've tried seeing where this code actually returns
> EFI_INVALID_PARAMETER, but I can't find it. If File is NULL in
> DxeTpm2MeasureBootHandler(), then first we seem to do:
>
> OrigDevicePathNode = DuplicateDevicePath (File);
>
> which I believe will produce a NULL. Then we seem to pass this NULL
> around a little bit, so I think there's a fair chance of crashing there.
>
> I wonder if this code should be fixed, to check "File" in the first
> place, and then return EFI_ACCESS_DENIED.
>
> There are also some other places in the function that could apparently
> return a wide array of error codes -- FvbProtocol->GetPhysicalAddress()
> (EFI_UNSUPPORTED?), PeCoffLoaderGetImageInfo(), etc.
>
> I do agree this patch is an improvement, however; at least it says what
> *should* be returned. So with that in mind:
>
> Acked-by: Laszlo Ersek <lersek@redhat.com>
>
> Thanks
> Laszlo
>
> > diff --git
> a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
> b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
> > index 1f2eed29a1df..0dccbb66eb26 100644
> > --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
> > +++
> b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
> > @@ -678,7 +678,7 @@ Finish:
> > and other exception operations. The File parameter allows for possible
> logging
> > within the SAP of the driver.
> >
> > - If File is NULL, then EFI_INVALID_PARAMETER is returned.
> > + If File is NULL, then EFI_ACCESS_DENIED is returned.
> >
> > If the file specified by File with an authentication status specified by
> > AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is
> returned.
> >
prev parent reply other threads:[~2020-02-05 14:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-04 22:26 [PATCH 1/1] SecurityPkg: Fix incorrect return value in documentation Philippe Mathieu-Daudé
2020-02-04 23:28 ` [edk2-devel] " Laszlo Ersek
2020-02-05 14:18 ` Wang, Jian J [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C510003625A08191@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox