From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CA62E1A1E43 for ; Tue, 25 Oct 2016 16:54:21 -0700 (PDT) Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP; 25 Oct 2016 16:54:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,548,1473145200"; d="scan'208";a="183823409" Received: from orsmsx108.amr.corp.intel.com ([10.22.240.6]) by fmsmga004.fm.intel.com with ESMTP; 25 Oct 2016 16:54:21 -0700 Received: from orsmsx163.amr.corp.intel.com (10.22.240.88) by ORSMSX108.amr.corp.intel.com (10.22.240.6) with Microsoft SMTP Server (TLS) id 14.3.248.2; Tue, 25 Oct 2016 16:54:20 -0700 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.50]) by ORSMSX163.amr.corp.intel.com ([10.22.240.88]) with mapi id 14.03.0248.002; Tue, 25 Oct 2016 16:54:20 -0700 From: "Kinney, Michael D" To: "Yao, Jiewen" , "edk2-devel@lists.01.org" , "Kinney, Michael D" CC: "Tian, Feng" , "Zeng, Star" , "Gao, Liming" , "Zhang, Chao B" Thread-Topic: [PATCH V4 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header. Thread-Index: AQHSLNQVMIfje84h9Eus5ZUdWoaz5qC524+g Date: Tue, 25 Oct 2016 23:54:19 +0000 Message-ID: References: <1477189240-11336-1-git-send-email-jiewen.yao@intel.com> <1477189240-11336-2-git-send-email-jiewen.yao@intel.com> In-Reply-To: <1477189240-11336-2-git-send-email-jiewen.yao@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODk0ODU3NTItNjFhNS00NmM2LTg5MmEtNDQ4ODgxNzM5Mzg4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6Ik5VaFEzNmNsNVROK3BHUlF6eGxGdkU1UnJ2VkpzZ1p0a3M2SjI5MlRZOHc9In0= x-originating-ip: [10.22.254.138] MIME-Version: 1.0 Subject: Re: [PATCH V4 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Oct 2016 23:54:21 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Jiewen, I am confused by the description of this API. I refers to the LastAttemptStatus field, but that field is not in=20 EFI_FIRMWARE_IMAGE_AUTHENTICATION structure. Instead, it is in the EFI_FIRMWARE_IMAGE_DESCRIPTOR structure. Is the prototype to this function correct? Can you also update the description to include which structure the=20 LastAttemptStatus field is in and how it is found from the input=20 parameters? One typo noted inline below. Thanks, Mike > -----Original Message----- > From: Yao, Jiewen > Sent: Saturday, October 22, 2016 7:20 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; Zeng, Star ; K= inney, Michael > D ; Gao, Liming ; Zhang= , Chao B > > Subject: [PATCH V4 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib = header. >=20 > This library is used to authenticate a UEFI defined FMP Capsule. >=20 > Cc: Feng Tian > Cc: Star Zeng > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > Reviewed-by: Liming Gao > --- > MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 57 +++++++++++++++= +++++ > 1 file changed, 57 insertions(+) >=20 > diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > new file mode 100644 > index 0000000..ed098d4 > --- /dev/null > +++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > @@ -0,0 +1,57 @@ > +/** @file > + FMP capsule authenitcation Library. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.
> +This program and the accompanying materials > +are licensed and made available under the terms and conditions of the BS= D License > +which accompanies this distribution. The full text of the license may b= e found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. > + > +**/ > + > + > +#ifndef __FMP_AUTHENTICATION_LIB_H__ > +#define __FMP_AUTHENTICATION_LIB_H__ > + > +#include > + > +/** > + The fucntion is used to do the authentication for FMP capsule based up= on Typo. Should be "The function is". > + EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + > + The caller may convert the RETURN_STATUS to ESRT/FMP LastAttemptStatus= . > + > + Caution: This function may receive untrusted input. > + > + @param[in] Image Points to an FMP authentication im= age, started > from EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + @param[in] ImageSize Size of the authentication image i= n bytes. > + @param[in] PublicKeyData The public key data used to valida= te the > signature. > + @param[in] PublicKeyDataLength The length of the public key data. > + > + @retval RETURN_SUCCESS Authentication pass. > + The LastAttemptStatus should be > LAST_ATTEMPT_STATUS_SUCCESS. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The LastAttemptStatus should be > LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR. > + @retval RETURN_INVALID_PARAMETER The image is in an invalid format. > + The LastAttemptStatus should be > LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. > + @retval RETURN_UNSUPPORTED No Authentication handler associated= with > CertType. > + The LastAttemptStatus should be > LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. > + @retval RETURN_UNSUPPORTED Image or ImageSize is invalid. > + The LastAttemptStatus should be > LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. > + @retval RETURN_OUT_OF_RESOURCES No Authentication handler associated= with > CertType. > + The LastAttemptStatus should be > LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES. > +**/ > +RETURN_STATUS > +EFIAPI > +AuthenticateFmpImage ( > + IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, > + IN UINTN ImageSize, > + IN CONST UINT8 *PublicKeyData, > + IN UINTN PublicKeyDataLength > + ); > + > +#endif > + > -- > 2.7.4.windows.1