From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.92.5.55]) by mx.groups.io with SMTP id smtpd.web11.3113.1590101099706012957 for ; Thu, 21 May 2020 15:44:59 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@outlook.com header.s=selector1 header.b=pgVW3orx; spf=pass (domain: outlook.com, ip: 40.92.5.55, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SHmkR8iW9HI7QyVABTRazUx0cu5bdjjdo/4Hi0CWfmgza3w/H6aN+iktu92CnBwbM8xG8APWmIrauOPs6J+1kk0VSfthRQ9B5EnZXL4rpBPWQyHmh3+4OcKBZTdxr9V39XW2S59TkjgNj5siw8bDg5yx2tUuCSOt58nSL+9k+iu2qVv8KX7yJjYOa8EWTXHUkNWjx1ewbk30KPIUkeEEKnlvsGTdAu5vIaSUMV6KCL8L1pPQCmvMoDnacKPuJh665mge09mntslD1iSYnqAb/ZeIgDPjUYIRCuOvcyHmm1eebq2n2dcKvewwQE5tPWdoOWSPFK4sIlstxPjQhxQXdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ecVU5xipHX/Odo+G08t9Ihy/Vv6su+ZBiiFOCzv9hKo=; b=cdiXigoqsu+qQFLzx+d5oQsujXHjLSIoBHdwEYc2XOuX1S5s2j4TV++5nX5sk96aVDyt6yOyYw4jeJT7SwurGuXzfs+n2GelXXUtPBFYWRRHwihLg6BfCcIf6Kf9VJrtWd8CjcuX85E0p8pdZLz2DMzuK3Fn808FMiVTa5RKhAEa9+78OfiFiLNg9GsqUNUUWKtJhbfbFpYpFnD4rKnuZiovdTlfhffpnkEfMAT4Wk/tnxfpdOMlatlqYd9nhLc27+QjgWMg36HUHOWAfgw2WWnWbTTbla7MsoUbp8aH46XuTd2+/Lyx5lcmEQ56gzEFb+qOZ3pWAxXxcNoLKNxP9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=outlook.com; dmarc=pass action=none header.from=outlook.com; dkim=pass header.d=outlook.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ecVU5xipHX/Odo+G08t9Ihy/Vv6su+ZBiiFOCzv9hKo=; b=pgVW3orxAWDeeQwENLWIbPKN8xePcF/Y9I6vflUs78VoOveNHzsuxpg71G2DK5APFwgLd1iSrk2ya1G7teDwDFAQVuJ4qTID9pcDJIQ2LPAptmuvNC6oZZ95Ko6qHYtkmlxy8Hlqq3EH6PtgFfDtyE3Th9ojFDMqzL3VkapWVwv+9Qc2fmkyaPBfBBJMBAjZTkVh5ibxZe5uYDyVqWaMPZxd4V3PUE+eoHxRRTgPEgSBq7i/MweutfQveO1ibE0aYLCCBcoZ7j4WyYqDEQKPht7/7VAOdmUUO5bSNaZEv1ULY1hIRNpmbG5adWUEkqf4J/GpUlUsBjMcvvRA+KtP/w== Received: from CY1NAM02FT003.eop-nam02.prod.protection.outlook.com (10.152.74.55) by CY1NAM02HT265.eop-nam02.prod.protection.outlook.com (10.152.75.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23; Thu, 21 May 2020 22:44:58 +0000 Received: from MWHPR07MB3440.namprd07.prod.outlook.com (2a01:111:e400:7e45::53) by CY1NAM02FT003.mail.protection.outlook.com (2a01:111:e400:7e45::151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 21 May 2020 22:44:58 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:E1A689B75B89C3DBB47512C4A3C094CE6FA16EBE857502CC44405FA3C33F28DB;UpperCasedChecksum:F5EB9D875F91DEA6A6C817544B67793ADA1AFA4016F79AE108D45A29837D1F55;SizeAsReceived:7879;Count:50 Received: from MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3]) by MWHPR07MB3440.namprd07.prod.outlook.com ([fe80::bcc9:271b:20db:52e3%6]) with mapi id 15.20.3021.020; Thu, 21 May 2020 22:44:58 +0000 From: "Michael Kubacki" To: devel@edk2.groups.io CC: Jiewen Yao , Jian J Wang , Chao Zhang , Bret Barkelew Subject: [PATCH v3 11/14] SecurityPkg: Allow VariablePolicy state to delete authenticated variables Date: Thu, 21 May 2020 15:43:28 -0700 Message-ID: X-Mailer: git-send-email 2.16.3.windows.1 In-Reply-To: <20200521224331.15616-1-michael.kubacki@outlook.com> References: <20200521224331.15616-1-michael.kubacki@outlook.com> X-ClientProxiedBy: MWHPR12CA0071.namprd12.prod.outlook.com (2603:10b6:300:103::33) To MWHPR07MB3440.namprd07.prod.outlook.com (2603:10b6:301:69::28) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <20200521224331.15616-12-michael.kubacki@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2001:4898:80e8:1:2c94:8481:fffa:8ac5) by MWHPR12CA0071.namprd12.prod.outlook.com (2603:10b6:300:103::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 21 May 2020 22:44:57 +0000 X-Mailer: git-send-email 2.16.3.windows.1 X-Microsoft-Original-Message-ID: <20200521224331.15616-12-michael.kubacki@outlook.com> X-TMN: [6YE1HyDsQUnZJUOV0GziJE+6XRRja2UkKRx9KkrK+mx8ZSwSazULMDPGYuytkm0C] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 50 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 1f46b089-2bec-449c-92da-08d7fdd896b7 X-MS-TrafficTypeDiagnostic: CY1NAM02HT265: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8OenR4+UylnbI/BTXtz/CD3p5TCrQNoHAJPIjv92GJ7J0eYybYAqw3kzmsZUDPUKVObH+j4aFO5IM48xBayhoy/SZ+cXuAeiXoM3geRAgnh/gYMx+brIFbigVJbnIhK8t/pqf98cAys8RmJXxVk0m/9+Z2lEsTh1NwWdkKT07q5jMx1WMoyHfsfuGsyZmt2fYX5xcR5wZs+lN7rjMfrhEUzUI/q1uuQ7uMNKpYEI41vKa9qg5yU3cU6jswSu3Pat X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR07MB3440.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901; X-MS-Exchange-AntiSpam-MessageData: 6p+jd0+slLjtqkqu2b4Q56amYVXQJJH9oRK8cmN5GXK7YYsYwGKKEOYX6mUQRdrSVmn2E+FPOObqCDh7iHxvH40L6cbr7DNCPjsjQJRIEg7jB8HgFpDreHEg7zPBnZySNG5ioJtRwZU24q2+pHlGENd7vlM4oyNOGrqJUDk6NDFi8xCf4oPUseoIpPEX0Mt0mdX0w3Chb/b+3rrmhSh18Q== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1f46b089-2bec-449c-92da-08d7fdd896b7 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2020 22:44:58.7056 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT265 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Bret Barkelew https://bugzilla.tianocore.org/show_bug.cgi?id=3D2522 Causes AuthService to check IsVariablePolicyEnabled() before enforcing write protections to allow variable deletion when policy engine is disabled. Only allows deletion, not modification. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Cc: Bret Barkelew Signed-off-by: Michael Kubacki --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 24 +++++++++++++= +++---- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 2 ++ 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPk= g/Library/AuthVariableLib/AuthService.c index 2f60331f2c04..ebce1aacec95 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -19,12 +19,16 @@ to verify the signature. =20 Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 #include "AuthServiceInternal.h" =20 +#include +#include + // // Public Exponent of RSA Key. // @@ -217,9 +221,12 @@ NeedPhysicallyPresent( IN EFI_GUID *VendorGuid ) { - if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrC= mp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) =3D=3D 0)) - || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (Va= riableName, EFI_CUSTOM_MODE_NAME) =3D=3D 0))) { - return TRUE; + // If the VariablePolicy engine is disabled, allow deletion of any authe= nticated variables. + if (IsVariablePolicyEnabled ()) { + if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (St= rCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) =3D=3D 0)) + || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (= VariableName, EFI_CUSTOM_MODE_NAME) =3D=3D 0))) { + return TRUE; + } } =20 return FALSE; @@ -842,7 +849,10 @@ ProcessVariable ( &OrgVariableInfo ); =20 - if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attri= butes, Data, DataSize, Attributes) && UserPhysicalPresent()) { + // If the VariablePolicy engine is disabled, allow deletion of any authe= nticated variables. + if (!EFI_ERROR (Status) && + IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attr= ibutes) && + (UserPhysicalPresent () || !IsVariablePolicyEnabled ())) { // // Allow the delete operation of common authenticated variable(AT or A= W) at user physical presence. // @@ -1960,6 +1970,12 @@ VerifyTimeBasedPayload ( =20 CopyMem (Buffer, PayloadPtr, PayloadSize); =20 + // If the VariablePolicy engine is disabled, allow deletion of any authe= nticated variables. + if (PayloadSize =3D=3D 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) =3D= =3D 0 && !IsVariablePolicyEnabled ()) { + VerifyStatus =3D TRUE; + goto Exit; + } + if (AuthVarType =3D=3D AuthVarTypePk) { // // Verify that the signature has been made with the current Platform K= ey (no chaining for PK). diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/Secu= rityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 8d4ce14df494..460991bdd8b7 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -3,6 +3,7 @@ # # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
# Copyright (c) 2018, ARM Limited. All rights reserved.
+# Copyright (c) Microsoft Corporation.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -41,6 +42,7 @@ [LibraryClasses] MemoryAllocationLib BaseCryptLib PlatformSecureLib + VariablePolicyLib =20 [Guids] ## CONSUMES ## Variable:L"SetupMode" --=20 2.16.3.windows.1