From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.92.40.23]) by mx.groups.io with SMTP id smtpd.web10.1163.1589266045367463669 for ; Mon, 11 May 2020 23:47:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=R7TAzLLe; spf=pass (domain: outlook.com, ip: 40.92.40.23, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QN1m8qy2J4iKb1c2v+tw7BwrEjs/t4HtvUbsjyAyl5Gxpl5pzA6WAIRlxWG88h99C3OWbtlOEaYfASG/+xMvg6kgN9zlx5hDDpvNU6ms6uIAbW7HUjBl4NzdMCkUXUhVv//lXspYhZiFfvx/3nC7HTtCY+xuEAKqZ6/f9X/Nyhggd787KSn1wSRjlzBvaoqBp4h0mi5GdxCXLrDEOTCEK3JgXK5YY3+/EWeNgg4cbE09tJN1vDRZXU0CPuErPL7Ax65+bIMa8u5V1+Yarbyb1V9I3a6KVWLkOpXdbbD45NXmuyXK3/70n7jdq3n1hfFWNKwY6i9dZPT0HsqqklJ7Pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=49fy9+aFX65Q/1k1KCDwFYi62tkeUqgk4IaP8Kjbou4=; b=SckDRR0sxP9QNsTLGMZ07acwxieAgGzYOi2oyVGxR8US1F3Nn4vfevimNd16MLUsqMeepzqiEYf/z8d95MmbBnpbXOFVCRFA5aiSmheRouQja1qKNUa4TEVdPlZEPJFJk8A7zQLfHrHb0V8FUCWlATJ+Qd/JLlJR3Pw2yXi8ybALgE1sQcyBbdqrXVClCBdksg9NKKelWVeQ3w+r7M5Svq/1Lfly2jxzBG0vvCj+Jb7x+HloHbk43b5iOCvxF2WhaovkCj4ni38vHXMpgTv6cEjFinMAUzHKxH+uA6cirQqxjtJeSB6c8gt64RQF0ACUMUU/PJDfpKHAVKW7W2Ezzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=49fy9+aFX65Q/1k1KCDwFYi62tkeUqgk4IaP8Kjbou4=; b=R7TAzLLeYaUf1CNGH0mD72ESF1jUv0GecUJm2/K8JRs8Oor4hXHi1eXshSY/rsHxET+vOj3QiPXsXOWat20nFUiLQ70So1340KQZkqTnsh8p+tycvBvccqafG02iwuKMO26d0muO0ehrAVks8pERKLY/wN8cBPC0Sf3BsBSXAgF8/JUr1Rohm5PY4HzqLKOVBZD1df+QDhxBrG3uQ05mtO/X7CuPSU9FmNRat6fp0Dm4ci/JisYXQl3te8xwBuIbzKsgxTpHR379jJuof2EPHh5runagfElfPOLO1FrT2T3oKZts5mEdUqzR0Md3VOjj0YiGheVlIYKnMZEpGW021A== Received: from BN7NAM10FT010.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e8f::52) by BN7NAM10HT101.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e8f::239) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27; Tue, 12 May 2020 06:47:24 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e8f::4b) by BN7NAM10FT010.mail.protection.outlook.com (2a01:111:e400:7e8f::421) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 06:47:24 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:A39049C9716E11301F57DE1AD1338E5A58D5A2D2C35E2B38478BCAF2612FC004;UpperCasedChecksum:F89A4DB706E10279C40DD1B4E4F5212E8ADA36226B16468B8FB00B88165F8791;SizeAsReceived:7760;Count:49 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.2979.033; Tue, 12 May 2020 06:47:24 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Chao Zhang Subject: [PATCH v2 07/12] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Date: Mon, 11 May 2020 23:46:30 -0700 Message-ID: X-Mailer: git-send-email 2.16.3.windows.1 In-Reply-To: <20200512064635.14640-1-michael.kubacki@outlook.com> References: <20200512064635.14640-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MW2PR16CA0022.namprd16.prod.outlook.com (2603:10b6:907::35) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200512064635.14640-8-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:b:422:2743:5e95:81bb) by MW2PR16CA0022.namprd16.prod.outlook.com (2603:10b6:907::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 06:47:23 +0000 X-Mailer: git-send-email 2.16.3.windows.1 X-Microsoft-Original-Message-ID: <20200512064635.14640-8-michael.kubacki@outlook.com> X-TMN: [1gzrq9Ft8+sxOoSN7+1Iw3JmeQvWnS7coVPIJrrGikLsoMBLwDbl1hBJA7sxM9ZP] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 49 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: f7634f89-5353-4518-23dc-08d7f64053b1 X-MS-TrafficTypeDiagnostic: BN7NAM10HT101: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ms7ZBracqeDAqghtui8Xv1cs7NMFJRZu5DUNk/HAFPD+GFyhQiPF9L88LXGTXwgpr1QLCDKW9LjzitTgXLd0jb5g2tMX2z+WYeB7Gfgi/40yMrHifY+76iv8HE8/j5qrXfcw4ngL3LlAzfhax91S6SsbY64O3Eh6rp0NRWgFwVsMnvqxOi1Obtwm3CSEtMz6sgWbQB/AQAEQMiDFDYbKZfDNnUDJJ+q+VBsq+1K3K64NkLLVdtnNBwLjC1x2kC/w X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: GnYrM7mEU0d0iBPm1lO7cns5TumeIUHnSlojQjebqnRBX+w19dHFvsdLI9voDOMcWYUPhj/74v/LfwW59A46Cg8CE/OEwciY4RIyGSvPvHj4TPL2jIi/u8O4VzPVjQ54kYHpMVm70cksOnl1fSEhuZZJeOaN2XvDVy8xtzO0mk/X/AGcc6qfHAltZgOw7Tjl+H/6uooGySEI94Bl2dqBVw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f7634f89-5353-4518-23dc-08d7f64053b1 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 06:47:24.0471 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7NAM10HT101 Content-Type: text/plain From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=2522 Causes AuthService to check IsVariablePolicyEnabled() before enforcing write protections to allow variable deletion when policy engine is disabled. Only allows deletion, not modification. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Michael Kubacki --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 22 ++++++++++++++++---- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 ++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 2f60331f2c04..aca9a5620c28 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -19,12 +19,16 @@ to verify the signature. Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ #include "AuthServiceInternal.h" +#include +#include + // // Public Exponent of RSA Key. // @@ -217,9 +221,12 @@ NeedPhysicallyPresent( IN EFI_GUID *VendorGuid ) { - if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0)) - || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) { - return TRUE; + // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. + if (IsVariablePolicyEnabled()) { + if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0)) + || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) { + return TRUE; + } } return FALSE; @@ -842,7 +849,8 @@ ProcessVariable ( &OrgVariableInfo ); - if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) { + // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. + if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) { // // Allow the delete operation of common authenticated variable(AT or AW) at user physical presence. // @@ -1960,6 +1968,12 @@ VerifyTimeBasedPayload ( CopyMem (Buffer, PayloadPtr, PayloadSize); + // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. + if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) { + VerifyStatus = TRUE; + goto Exit; + } + if (AuthVarType == AuthVarTypePk) { // // Verify that the signature has been made with the current Platform Key (no chaining for PK). diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 8d4ce14df494..8eadeebcebd7 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -3,6 +3,7 @@ # # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
# Copyright (c) 2018, ARM Limited. All rights reserved.
+# Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -41,6 +42,7 @@ MemoryAllocationLib BaseCryptLib PlatformSecureLib + VariablePolicyLib [Guids] ## CONSUMES ## Variable:L"SetupMode" -- 2.16.3.windows.1