From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <michael.d.kinney@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id CA62E1A1E43
 for <edk2-devel@lists.01.org>; Tue, 25 Oct 2016 16:54:21 -0700 (PDT)
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by orsmga101.jf.intel.com with ESMTP; 25 Oct 2016 16:54:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,548,1473145200"; d="scan'208";a="183823409"
Received: from orsmsx108.amr.corp.intel.com ([10.22.240.6])
 by fmsmga004.fm.intel.com with ESMTP; 25 Oct 2016 16:54:21 -0700
Received: from orsmsx163.amr.corp.intel.com (10.22.240.88) by
 ORSMSX108.amr.corp.intel.com (10.22.240.6) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Tue, 25 Oct 2016 16:54:20 -0700
Received: from orsmsx113.amr.corp.intel.com ([169.254.9.50]) by
 ORSMSX163.amr.corp.intel.com ([10.22.240.88]) with mapi id 14.03.0248.002;
 Tue, 25 Oct 2016 16:54:20 -0700
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>, "Kinney, Michael D" <michael.d.kinney@intel.com>
CC: "Tian, Feng" <feng.tian@intel.com>, "Zeng, Star" <star.zeng@intel.com>,
 "Gao, Liming" <liming.gao@intel.com>, "Zhang, Chao B"
 <chao.b.zhang@intel.com>
Thread-Topic: [PATCH V4 01/15] MdeModulePkg/Include: Add
 FmpAuthenticationLib header.
Thread-Index: AQHSLNQVMIfje84h9Eus5ZUdWoaz5qC524+g
Date: Tue, 25 Oct 2016 23:54:19 +0000
Message-ID: <E92EE9817A31E24EB0585FDF735412F56483AF05@ORSMSX113.amr.corp.intel.com>
References: <1477189240-11336-1-git-send-email-jiewen.yao@intel.com>
 <1477189240-11336-2-git-send-email-jiewen.yao@intel.com>
In-Reply-To: <1477189240-11336-2-git-send-email-jiewen.yao@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ctpclassification: CTP_IC
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODk0ODU3NTItNjFhNS00NmM2LTg5MmEtNDQ4ODgxNzM5Mzg4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6Ik5VaFEzNmNsNVROK3BHUlF6eGxGdkU1UnJ2VkpzZ1p0a3M2SjI5MlRZOHc9In0=
x-originating-ip: [10.22.254.138]
MIME-Version: 1.0
Subject: Re: [PATCH V4 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib header.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 23:54:21 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Jiewen,

I am confused by the description of this API.

I refers to the LastAttemptStatus field, but that field is not in=20
EFI_FIRMWARE_IMAGE_AUTHENTICATION structure.  Instead, it is in the
EFI_FIRMWARE_IMAGE_DESCRIPTOR structure.

Is the prototype to this function correct?

Can you also update the description to include which structure the=20
LastAttemptStatus field is in and how it is found from the input=20
parameters?

One typo noted inline below.

Thanks,

Mike


> -----Original Message-----
> From: Yao, Jiewen
> Sent: Saturday, October 22, 2016 7:20 PM
> To: edk2-devel@lists.01.org
> Cc: Tian, Feng <feng.tian@intel.com>; Zeng, Star <star.zeng@intel.com>; K=
inney, Michael
> D <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>; Zhang=
, Chao B
> <chao.b.zhang@intel.com>
> Subject: [PATCH V4 01/15] MdeModulePkg/Include: Add FmpAuthenticationLib =
header.
>=20
> This library is used to authenticate a UEFI defined FMP Capsule.
>=20
> Cc: Feng Tian <feng.tian@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> Reviewed-by: Liming Gao <liming.gao@intel.com>
> ---
>  MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 57 +++++++++++++++=
+++++
>  1 file changed, 57 insertions(+)
>=20
> diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h
> b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h
> new file mode 100644
> index 0000000..ed098d4
> --- /dev/null
> +++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h
> @@ -0,0 +1,57 @@
> +/** @file
> +  FMP capsule authenitcation Library.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BS=
D License
> +which accompanies this distribution.  The full text of the license may b=
e found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP=
LIED.
> +
> +**/
> +
> +
> +#ifndef __FMP_AUTHENTICATION_LIB_H__
> +#define __FMP_AUTHENTICATION_LIB_H__
> +
> +#include <Protocol/FirmwareManagement.h>
> +
> +/**
> +  The fucntion is used to do the authentication for FMP capsule based up=
on

Typo.  Should be "The function is".

> +  EFI_FIRMWARE_IMAGE_AUTHENTICATION.
> +
> +  The caller may convert the RETURN_STATUS to ESRT/FMP LastAttemptStatus=
.
> +
> +  Caution: This function may receive untrusted input.
> +
> +  @param[in]  Image                   Points to an FMP authentication im=
age, started
> from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
> +  @param[in]  ImageSize               Size of the authentication image i=
n bytes.
> +  @param[in]  PublicKeyData           The public key data used to valida=
te the
> signature.
> +  @param[in]  PublicKeyDataLength     The length of the public key data.
> +
> +  @retval RETURN_SUCCESS            Authentication pass.
> +                                    The LastAttemptStatus should be
> LAST_ATTEMPT_STATUS_SUCCESS.
> +  @retval RETURN_SECURITY_VIOLATION Authentication fail.
> +                                    The LastAttemptStatus should be
> LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR.
> +  @retval RETURN_INVALID_PARAMETER  The image is in an invalid format.
> +                                    The LastAttemptStatus should be
> LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
> +  @retval RETURN_UNSUPPORTED        No Authentication handler associated=
 with
> CertType.
> +                                    The LastAttemptStatus should be
> LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
> +  @retval RETURN_UNSUPPORTED        Image or ImageSize is invalid.
> +                                    The LastAttemptStatus should be
> LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT.
> +  @retval RETURN_OUT_OF_RESOURCES   No Authentication handler associated=
 with
> CertType.
> +                                    The LastAttemptStatus should be
> LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES.
> +**/
> +RETURN_STATUS
> +EFIAPI
> +AuthenticateFmpImage (
> +  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image,
> +  IN UINTN                             ImageSize,
> +  IN CONST UINT8                       *PublicKeyData,
> +  IN UINTN                             PublicKeyDataLength
> +  );
> +
> +#endif
> +
> --
> 2.7.4.windows.1