From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (EUR02-AM5-obe.outbound.protection.outlook.com [40.107.0.64]) by mx.groups.io with SMTP id smtpd.web08.2768.1635282531842542032 for ; Tue, 26 Oct 2021 14:08:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=D6+j5MeJ; spf=pass (domain: arm.com, ip: 40.107.0.64, mailfrom: samer.el-haj-mahmoud@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NFrex0BncvPVwkwYpb2QfTTLTmaHm1WKa8+lC9Bzvk0=; b=D6+j5MeJsHkchRi/8dQ4sDjNfaw4GIGT/IfFjVILFhLowW6zSYkfA9PN7iRVePh760/eXV2deKjLh0fRZYV7f2o/TA+7I8pnS95sgSj9u8L20UyeWlZGvHn9Xa1Bj9sfpXThzSbXoO+kk7YBwILgDOuozJb1r/kE874Gx8ukmqU= Received: from AS8P251CA0013.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:2f2::28) by AM6PR08MB3718.eurprd08.prod.outlook.com (2603:10a6:20b:81::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Tue, 26 Oct 2021 21:08:48 +0000 Received: from VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:2f2:cafe::c7) by AS8P251CA0013.outlook.office365.com (2603:10a6:20b:2f2::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18 via Frontend Transport; Tue, 26 Oct 2021 21:08:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT019.mail.protection.outlook.com (10.152.18.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16 via Frontend Transport; Tue, 26 Oct 2021 21:08:47 +0000 Received: ("Tessian outbound f1898412aff1:v103"); Tue, 26 Oct 2021 21:08:47 +0000 X-CR-MTA-TID: 64aa7808 Received: from 9f662da8b398.3 by 64aa7808-outbound-1.mta.getcheckrecipient.com id D8EEAD05-419A-412B-AEF9-C493B57F9FC1.1; Tue, 26 Oct 2021 21:08:36 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9f662da8b398.3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 26 Oct 2021 21:08:36 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RkO/D13gGWdVoE9FwfHlg19wnltlRz2mfUI3sGGcddEiFH5PmJDBGcd3YfxvVtoRNS0K96PFFT+805Z6Tlk9QAlz44uxMBHKuJqHnOyjHgPjVdr83JloJ/ELXFcdTnhC7C0orOFbUx1BV77PLMYucoUfSE5nkkRv1PFGl7jdKEgVCvtgHWL724CzBkPVAEZdhi8uFqMReYQSSElYl98eZROoaCdXnFvk6KvzP/aM773cBghPxcXLxzTxL4DtgwnNz5ZaDlk7aTXHyns+eYOVS213k1Lmc5YlicaFT3+tkrIEdZyybNCP6gwEjXs7Yo82uEd+/ysiaIb85N9ZVFZHhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NFrex0BncvPVwkwYpb2QfTTLTmaHm1WKa8+lC9Bzvk0=; b=eS8a1dtle+KrCOklTGDkSL4v00/BAuOY14a3HZ74B6lf8c6r8v1FZI8x+P7J70c04zpBxq7fRFFymEuyduxR1lXekueruEDV8g5ZGPcX9u4C3QBRlx9jX5UwujWWPBVZ7oeKNjMhq23Zj/tNHitLeyu8MzhIfyVosgRdeUxtdhg9btd8yhnsZXmJ5v/Ej4lVUs0h6xIMlH1oehiUKhaDhihtizKd6++RWofQ3QxIim+VNaDrxh5V80h1NjnUMsmURXpURDoCLkGUwF+ow7KtGJGblprMQlijssH9VuIVyR0fWHILQ/5YcaFCVaCh97+ZKzQn+QTp7iG5fXWNPob/IA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NFrex0BncvPVwkwYpb2QfTTLTmaHm1WKa8+lC9Bzvk0=; b=D6+j5MeJsHkchRi/8dQ4sDjNfaw4GIGT/IfFjVILFhLowW6zSYkfA9PN7iRVePh760/eXV2deKjLh0fRZYV7f2o/TA+7I8pnS95sgSj9u8L20UyeWlZGvHn9Xa1Bj9sfpXThzSbXoO+kk7YBwILgDOuozJb1r/kE874Gx8ukmqU= Received: from VI1PR08MB5312.eurprd08.prod.outlook.com (2603:10a6:803:139::24) by VE1PR08MB5869.eurprd08.prod.outlook.com (2603:10a6:800:1b2::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Tue, 26 Oct 2021 21:08:35 +0000 Received: from VI1PR08MB5312.eurprd08.prod.outlook.com ([fe80::4110:f4ce:6049:b378]) by VI1PR08MB5312.eurprd08.prod.outlook.com ([fe80::4110:f4ce:6049:b378%8]) with mapi id 15.20.4628.020; Tue, 26 Oct 2021 21:08:35 +0000 From: "Samer El-Haj-Mahmoud" To: "devel@edk2.groups.io" , Joseph Hemann CC: nd , Jiewen Yao , Jian J Wang , Min Xu , Samer El-Haj-Mahmoud Subject: Re: [edk2-devel] [PATCH 1/1] SecurityPkg/DxeImageVerificationLib: Set Action for failed unsigned image Thread-Topic: [edk2-devel] [PATCH 1/1] SecurityPkg/DxeImageVerificationLib: Set Action for failed unsigned image Thread-Index: AQHXv4o/GE3isb8JXkypU+oZZLzpbavl3CWQ Date: Tue, 26 Oct 2021 21:08:35 +0000 Message-ID: References: <20211012165701.52619-1-joseph.hemann@arm.com> In-Reply-To: <20211012165701.52619-1-joseph.hemann@arm.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 65072007AFE21F4F85E0C7FEB2C0C3F5.0 x-checkrecipientchecked: true Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: 933950cc-e00b-4baa-66a0-08d998c4cd90 x-ms-traffictypediagnostic: VE1PR08MB5869:|AM6PR08MB3718: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: k8XdE9eA5nyStX0VR3YfmMVQb0PxWZcIivvVJ4TTqfFvdocLLjXYjLkpctywnnok6P6qp2ttT+YEfdokH+v4RApf4bczheXrfRZ+5toxax9t/LOLzsW+h9PvzIw8QxO5hQkWY0r2IhNe13+WhYYFWnDSPnuBgzag4AZOHHIW2tzkgLCPcoONhu6KB7omt1YVZsggMTviNKJLo7kVeO8hRxyjUv4Kp8cbPkZchuLp9KD4wDAzXwge8LtWpsRoejFNQKOpiyXZ8DV7+2UK3lTWPnQngCkByOtYORyGUPh8q8lF0PxgIJcIR/isL0CE37mWhBO5zCypPclrwDVEowAh7fGqzAzg+zoeN6q5MWO8D7w2HEyGWH6iUfWaOh+g8Wga7Iwpw/hXhThai3Hr9kECsygjdj/E6WkkTP605BM4+igkh9eIQf/6Tc0EKnqcCjbuu83WPq5oDhXs8N1YQi6CQWEuOZOcFwwXu/6PRRvXz5Z4ZgkKVFRUqgH6dgeMg4e8rB2dSpyW+hi6pV5vZFSht5oQSnJ0BwZpxMh6JRSFeeCv86zo4fKNeb0XAnlg15HGvB0UMVbdcCj3GL36uTts4IhekgYztfNc6zfr5pV+QIJ3t2P+vFFaV0xKdY6I1FGSEpjdSUU03EZ26rneEZ7zbOsqkGYj4zCrawFwFCu63ibUgkgVn1FKB5t3VyUMPefS/oXmkMzuXD18LnHr2dwa0NdF0fMuFY5rhuBx63n8lT84ycsPo1T4s5U7Ei3Uc7FDE3kYlCEQYk7YfcR11oLi5LhbhKDLwR172JETstQzcl3DvNLcpJqhf/TbAtuIdIDlvaaVlNdvN/nkjYo6yzouIQ== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR08MB5312.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(26005)(186003)(9686003)(55016002)(71200400001)(7696005)(8936002)(38070700005)(4326008)(52536014)(6636002)(5660300002)(6506007)(53546011)(316002)(2906002)(66556008)(122000001)(83380400001)(76116006)(8676002)(64756008)(66476007)(33656002)(86362001)(508600001)(54906003)(110136005)(66946007)(66446008)(15650500001)(38100700002)(966005);DIR:OUT;SFP:1101; MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5869 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Return-Path: Samer.El-Haj-Mahmoud@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 1f74cafd-dccc-4b01-7819-08d998c4c636 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: crwAXgAUeNK3xWnynolEnWvVB590ujNKqwtC1hZ3MWSys3MT7SLb3BnBNlvvx5Yxasc0pMaCuR0PkRcHJfZazb4Oe2jI19cwe80ItLQ6dIrtuCRu6EJHgiUhZ3D7bA0r7PRfnyo/nk7pVfMKuYtd7DVkR3VNQcCt93NzEHKMMR6cOD310w83ZFRL/YkG6BTeKtBfTbXFxQfA0wA8uP480ZVkdeSHP/5HSxJzp+3xmzFL4sIBlocjHf4t5/UWgzV7Zg9/105bT0q7yEAkYxAtvvhIUHlTRWpgvHIXu8oxx6rRZjs/0Hfa80fAwc+5Z7ULIjXxQeb/XymU839vqHinf1NElKJToDAs06qxZ2+Jjl6FqPItpnOSX7S//TX2IxpJ0DqJ5GAeT6xOomRkP5TmbNscJTddCEXF+ZAFQYKHXOQePxh5JSLs/yQBCIqBmr8PIgq0GlBbTpfbPXEldAZaSZqEUnDh3wXdd57pGTXrYVJ3OQk5OFP0vWu/SxMaT+55IrAq06fpkD20xUEam4q9pbX9sMU4w/oBtUbixmi8w1lRO9IQ91/mH64Oc57QuJfI9mJ+w9sSrSAZEGH/tvD2+7BUZbbvpEcVIcCSQr/vTrE1jce9dYxjJNWvfts9XIjnKDOtwIq3saLYbo1K0Qd13PGT54KCLijzX5BvpBnJz4xu9HEFNaDC4LDGX1rGfs5Umf5jNrULUkOp9jR23I5PnZ8vaEcgAKPHhXO1QdPjjsD7nvZ2XZCJA20veehuzjH0ZDJeTgKOfJKrEMH2jWxdMmpinzBvz04YdstD1+vKkc1wBun070ft8g89y+nvlEJ/ppu0TmDOFzq5sU3zQ2HQHg== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(46966006)(36840700001)(53546011)(81166007)(26005)(9686003)(356005)(52536014)(54906003)(33656002)(83380400001)(316002)(110136005)(5660300002)(6506007)(82310400003)(8676002)(15650500001)(70586007)(186003)(7696005)(8936002)(2906002)(508600001)(4326008)(55016002)(966005)(6636002)(336012)(47076005)(36860700001)(70206006)(86362001);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Oct 2021 21:08:47.8381 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 933950cc-e00b-4baa-66a0-08d998c4cd90 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT019.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3718 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jiewen, Jian, and Min, Can you please review this patch? We have a corresponding UEFI Spec "code f= irst" ECR (https://bugzilla.tianocore.org/show_bug.cgi?id=3D3561), and need= to clarify a couple of cases in the code. Thanks, --Samer > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Joseph > Hemann via groups.io > Sent: Tuesday, October 12, 2021 12:57 PM > To: devel@edk2.groups.io > Cc: nd ; Joseph Hemann ; Jiewen > Yao ; Jian J Wang ; Min Xu > ; Joseph Hemann > Subject: [edk2-devel] [PATCH 1/1] SecurityPkg/DxeImageVerificationLib: Se= t > Action for failed unsigned image >=20 > If the image is not signed and the hash of image is not found > in DB/DBX, then the EFI_IMAGE_INFO_ACTION of the load of said > image should be set to, > EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND, rather then being left > unset as EFI_IMAGE_EXECUTION_AUTH_UNTESTED. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu >=20 > Signed-off-by: Joseph Hemann > Change-Id: Ia432ebf4ec811e36d67b80bc438a6aff60bc9b67 > --- > .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 1 + > 1 file changed, 1 insertion(+) >=20 > diff --git > a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > index 0a804af2162f..e5fae732bb1f 100644 > --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib= .c > +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib= .c > @@ -1848,6 +1848,7 @@ DxeImageVerificationHandler ( > // > // Image Hash is not found in both forbidden and allowed database. > // > + Action =3D EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND; > DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed an= d %s > hash of image is not found in DB/DBX.\n", mHashTypeStr)); > goto Failed; > } > -- > 2.17.1 >=20 >=20 >=20 >=20 >=20