From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=104.47.38.124; helo=nam02-bl2-obe.outbound.protection.outlook.com; envelope-from=bret.barkelew@microsoft.com; receiver=edk2-devel@lists.01.org Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0124.outbound.protection.outlook.com [104.47.38.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 64F7D223DB79A for ; Sat, 10 Feb 2018 16:12:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Wwh1M0MrukZ06i3dTQ2XcA+OYwQ6w+ZbBxQ6CZWhwkk=; b=J4g45Z2Rs9chwoShKBmHvxhY40/6nQsvwmOjKdj7oxPUCZLbu3aNCEqJeWeYZF0Rukogt4Ena0F/p94Ger4o60ayG5kApKHYQfTmDbd7xyVmnbNUDSW4utc780kC1SqnOuF6gmZl0WERBMQ8vQS4U3MJoMAKz3rcprkp+ihUsQw= Received: from MW2SPR01MB06.namprd21.prod.outlook.com (52.132.152.33) by MW2PR2101MB0921.namprd21.prod.outlook.com (52.132.152.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.527.2; Sun, 11 Feb 2018 00:18:41 +0000 Received: from MW2SPR01MB06.namprd21.prod.outlook.com ([fe80::4177:24b6:7ea1:48d7]) by MW2SPR01MB06.namprd21.prod.outlook.com ([fe80::4177:24b6:7ea1:48d7%4]) with mapi id 15.20.0527.002; Sun, 11 Feb 2018 00:18:41 +0000 From: Bret Barkelew To: "Zeng, Star" , "Yao, Jiewen" , "Kinney, Michael D" , "edk2-devel@lists.01.org" CC: "Dong, Eric" , "Zeng, Star" Thread-Topic: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP Thread-Index: AQHToHJCEVSILq+Xz0KsiNK2fC/yvqOZ+4oAgARfRBU= Date: Sun, 11 Feb 2018 00:18:41 +0000 Message-ID: References: <20180207184943.20324-1-michael.d.kinney@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503AABC058@shsmsx102.ccr.corp.intel.com>, <0C09AFA07DD0434D9E2A0C6AEB0483103BA3D80F@shsmsx102.ccr.corp.intel.com> In-Reply-To: <0C09AFA07DD0434D9E2A0C6AEB0483103BA3D80F@shsmsx102.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [71.212.3.235] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MW2PR2101MB0921; 7:qcVor2ZA9Skp8S0L7XUhDsCPkTa8q1jjso+jXanqXQxkp6reBZges1r1bboupxlERiLcg1f9hXWMNED/cA5JsDfluycv3SAJO54Ujg80s0B2x6Rqu8MDHp1XdC6XG3qMj4SIzHKmmTlTWsD6pMTg0cmgpWI6ckqTc/pHFpnTi4lqK37lbmm4vRxW/LPamVPicsVuuoW5o//asCVpQI2TSVFUF2rS3E8U8z9tU84ZFjUyViiKfuDqLf3lMMfrFpsD x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: d10837c3-8813-4f92-c49f-08d570e50120 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7193020); SRVR:MW2PR2101MB0921; x-ms-traffictypediagnostic: MW2PR2101MB0921: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(189930954265078)(162533806227266)(219752817060721)(21748063052155)(228905959029699); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(944501161)(6055026)(61426038)(61427038)(6041288)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:MW2PR2101MB0921; BCL:0; PCL:0; RULEID:; SRVR:MW2PR2101MB0921; x-forefront-prvs: 058043A388 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(39380400002)(396003)(376002)(366004)(39860400002)(13464003)(199004)(189003)(966005)(33656002)(66066001)(74316002)(106356001)(99286004)(4326008)(25786009)(8990500004)(10290500003)(478600001)(72206003)(97736004)(105586002)(76176011)(229853002)(6116002)(7696005)(3846002)(3280700002)(2906002)(3660700001)(68736007)(2420400007)(15650500001)(10710500007)(2900100001)(6246003)(22452003)(81156014)(110136005)(2950100002)(8936002)(6506007)(10090500001)(7736002)(2501003)(53546011)(5250100002)(54906003)(316002)(55016002)(8676002)(6436002)(59450400001)(53936002)(81166006)(186003)(5660300001)(102836004)(236005)(6346003)(6306002)(54896002)(9686003)(575784001)(26005)(86362001)(86612001)(606006)(7110500001)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR2101MB0921; H:MW2SPR01MB06.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Bret.Barkelew@microsoft.com; x-microsoft-antispam-message-info: 0vouPVbWq8jLTKRky4BfI7IKmWClsUg43ZcoJwC5UCuhxEk4N6/9nZo/KoYDrZrJd23qEywWzalQweGg+WX+EQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: d10837c3-8813-4f92-c49f-08d570e50120 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Feb 2018 00:18:41.0488 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR2101MB0921 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 Subject: Re: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule with FMP X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2018 00:12:57 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Approved. Reviewed-By: Bret Barkelew Bret.Barkelew@microsoft.com - Bret From: Zeng, Star Sent: Wednesday, February 7, 2018 9:32 PM To: Yao, Jiewen; Kinney, Michael D; edk2-devel@lists.01.org Cc: Dong, Eric; Zeng, Star Subject: Re: [edk2] [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested ca= psule with FMP Reviewed-by: Star Zeng Thanks, Star -----Original Message----- From: Yao, Jiewen Sent: Thursday, February 8, 2018 8:18 AM To: Kinney, Michael D ; edk2-devel@lists.01.org Cc: Zeng, Star ; Dong, Eric Subject: RE: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule w= ith FMP Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Kinney, Michael D > Sent: Thursday, February 8, 2018 2:50 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Zeng, Star > ; Dong, Eric ; Kinney, > Michael D > Subject: [Patch] MdeModulePkg/DxeCapsuleLibFmp: Verify nested capsule > with FMP > > https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzil= la.tianocore.org%2Fshow_bug.cgi%3Fid%3D873&data=3D04%7C01%7CBret.Barkelew%4= 0microsoft.com%7C9749c74b4d5b469499c208d56eb55fa0%7Cee3303d7fb734b0c8589bcd= 847f1c277%7C1%7C1%7C636536647662871396%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4w= LjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=3DG%2FH4%2BZYbZ= gDfCKZHW%2FoQ5DzcMS1q0zL%2FYp26NhnEz7o%3D&reserved=3D0 > > Update IsNestedFmpCapsule() to verify the CapsuleGuid in the > CapsuleHeader against the installed Firmware Management Protocol > instances. The current logic that uses the ESRT Table does not work > because capsules are processed before the ESRT Table is published at > the Ready To Boot event. > > Cc: Jiewen Yao > Cc: Star Zeng > Cc: Eric Dong > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Michael D Kinney > --- > .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c | 27 > ++++++++++++---------- > .../Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf | 3 +-- > 2 files changed, 16 insertions(+), 14 deletions(-) > > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > index 2f397789b5..87e1deec03 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.c > @@ -10,7 +10,7 @@ > ValidateFmpCapsule(), DisplayCapsuleImage(), ConvertBmpToGopBlt() will > receive untrusted input and do basic validation. > > - Copyright (c) 2016 - 2017, Intel Corporation. All rights > reserved.
> + Copyright (c) 2016 - 2018, Intel Corporation. All rights > + reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of > the BSD License > which accompanies this distribution. The full text of the license > may be found at @@ -1446,7 +1446,6 @@ IsNestedFmpCapsule ( > ) > { > EFI_STATUS Status; > - EFI_SYSTEM_RESOURCE_TABLE *Esrt; > EFI_SYSTEM_RESOURCE_ENTRY *EsrtEntry; > UINTN Index; > BOOLEAN EsrtGuidFound; > @@ -1454,6 +1453,8 @@ IsNestedFmpCapsule ( > UINTN NestedCapsuleSize; > ESRT_MANAGEMENT_PROTOCOL *EsrtProtocol; > EFI_SYSTEM_RESOURCE_ENTRY Entry; > + EFI_HANDLE *HandleBuffer; > + UINTN NumberOfHandles; > > EsrtGuidFound =3D FALSE; > if (mIsVirtualAddrConverted) { > @@ -1479,19 +1480,21 @@ IsNestedFmpCapsule ( > } > > // > - // Check ESRT configuration table > + // Check Firmware Management Protocols > // > if (!EsrtGuidFound) { > - Status =3D EfiGetSystemConfigurationTable(&gEfiSystemResourceTable= Guid, > (VOID **)&Esrt); > + HandleBuffer =3D NULL; > + Status =3D GetFmpHandleBufferByType ( > + &CapsuleHeader->CapsuleGuid, > + 0, > + &NumberOfHandles, > + &HandleBuffer > + ); > if (!EFI_ERROR(Status)) { > - ASSERT (Esrt !=3D NULL); > - EsrtEntry =3D (VOID *)(Esrt + 1); > - for (Index =3D 0; Index < Esrt->FwResourceCount; Index++, EsrtEn= try++) > { > - if (CompareGuid(&EsrtEntry->FwClass, > &CapsuleHeader->CapsuleGuid)) { > - EsrtGuidFound =3D TRUE; > - break; > - } > - } > + EsrtGuidFound =3D TRUE; > + } > + if (HandleBuffer !=3D NULL) { > + FreePool (HandleBuffer); > } > } > } > diff --git a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > index a7c36993c4..90edc52ee0 100644 > --- a/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > +++ b/MdeModulePkg/Library/DxeCapsuleLibFmp/DxeCapsuleLib.inf > @@ -3,7 +3,7 @@ > # > # Capsule library instance for DXE_DRIVER module types. > # > -# Copyright (c) 2016 - 2017, Intel Corporation. All rights > reserved.
> +# Copyright (c) 2016 - 2018, Intel Corporation. All rights > +reserved.
> # This program and the accompanying materials # are licensed and > made available under the terms and conditions of the BSD License # > which accompanies this distribution. The full text of the license may > be found at @@ -72,7 +72,6 @@ [Guids] > gEfiFmpCapsuleGuid ## SOMETIMES_CONSUMES > ## GUID > gWindowsUxCapsuleGuid ## SOMETIMES_CONSUMES > ## GUID > - gEfiSystemResourceTableGuid ## SOMETIMES_CONSUMES ## > GUID > ## SOMETIMES_CONSUMES ## Variable:L"CapsuleMax" > ## SOMETIMES_PRODUCES ## Variable:L"CapsuleMax" > gEfiCapsuleReportGuid > -- > 2.14.2.windows.3 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://na01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Flists.01= .org%2Fmailman%2Flistinfo%2Fedk2-devel&data=3D04%7C01%7CBret.Barkelew%40mic= rosoft.com%7C9749c74b4d5b469499c208d56eb55fa0%7Cee3303d7fb734b0c8589bcd847f= 1c277%7C1%7C1%7C636536647662871396%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw= MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=3D%2BqMy3769Z%2FTYu= SrFJDBvAsr5vCSahoUAFlVJ1cyQVqo%3D&reserved=3D0