From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, zhichao.gao@intel.com
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>,
Jian J Wang <jian.j.wang@intel.com>,
Hao A Wu <hao.a.wu@intel.com>, Ray Ni <ray.ni@intel.com>,
Star Zeng <star.zeng@intel.com>,
Liming gao <liming.gao@intel.com>,
Sean Brogan <sean.brogan@microsoft.com>,
Michael Turner <Michael.Turner@microsoft.com>
Subject: Re: [edk2-devel] [PATCH 2/5] MdeModulePkg/SecurityLockAuditDebugLib: Add lib instance
Date: Mon, 22 Jul 2019 22:45:11 +0200 [thread overview]
Message-ID: <c8df8660-c302-6044-18fb-400954becf49@redhat.com> (raw)
In-Reply-To: <13dd9cad-5328-c219-4222-10f90d30593c@redhat.com>
(apologies for the separate message, for this patch:)
On 07/22/19 22:34, Laszlo Ersek wrote:
> On 07/22/19 06:02, Gao, Zhichao wrote:
>> From: Bret Barkelew <Bret.Barkelew@microsoft.com>
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2006
>>
>> Add the instance of SecurityLockAuditLib. This instance
>> has one interface SecurityLockReportEvent to log hardware
>> and software security locks info.
>>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Liming gao <liming.gao@intel.com>
>> Cc: Sean Brogan <sean.brogan@microsoft.com>
>> Cc: Michael Turner <Michael.Turner@microsoft.com>
>> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
>> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>> ---
>> .../SecurityLockAuditDebugLib.c | 53 +++++++++++++++++++
>> .../SecurityLockAuditDebugLib.inf | 29 ++++++++++
>> 2 files changed, 82 insertions(+)
>> create mode 100644 MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c
>> create mode 100644 MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf
The edk2 nomenclature usually puts the "implementation hints" of a
library instance after the "Lib" word. For example, in
"SecurityLockAuditLibNull", the word "Null" comes after "Lib" -- and
that's correct. (From patch#3.)
(2) In order to stick with this naming, I'd suggest renaming this lib
instance to "SecurityLockAuditLibDebug". (Note that commit messages and
subject lines should be updated too, not just code, and file names.)
If the MdeModulePkg maintainers think the current name is OK, I won't
insist on the rename.
Thanks!
Laszlo
>>
>> diff --git a/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c
>> new file mode 100644
>> index 0000000000..c1872bc023
>> --- /dev/null
>> +++ b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.c
>> @@ -0,0 +1,53 @@
>> +/** @file
>> + This library implements the necessary functions
>> + to log hardware and software security locks for post-processing
>> +
>> + Copyright (c) 2018, Microsoft Corporation
>> +
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> +**/
>> +
>> +#include <Base.h>
>> +#include <Library/SecurityLockAuditLib.h>
>> +#include <Library/DebugLib.h>
>> +
>> +//
>> +// Used to look up lock name from LOCK_TYPE enum
>> +//
>> +CHAR8* mLockName[] = {
>> + "SOFTWARE_LOCK",
>> + "HARDWARE_LOCK"
>> +};
>> +
>> +
>> +/**
>> + Function for security Lock event logging and reporting
>> +
>> + @param[in] Module GUID of calling module
>> + @param[in] Function Name of calling function
>> + @param[in] LockEventText Debug message explaining what is locked
>> + @param[in] LockType Enumerated lock type for differentiation
>> +
>> +**/
>> +VOID
>> +EFIAPI
>> +SecurityLockReportEvent (
>> + IN GUID *Module,
>> + IN CONST CHAR8 *Function,
>> + IN CONST CHAR8 *LockEventText,
>> + IN LOCK_TYPE LockType
>> + )
>> +{
>> + UINTN LockTypeIndex;
>> + UINTN LockNameCount;
>> +
>> + LockTypeIndex = (UINTN)LockType;
>> + LockNameCount = sizeof (mLockName) / sizeof (mLockName[0]);
>> +
>> + if (LockTypeIndex < LockNameCount) {
>> + DEBUG ((DEBUG_ERROR, "SecurityLock::LockType: %a, Module: %g, Function: %a, Output: %a\n", mLockName[LockTypeIndex], Module, Function, LockEventText));
>> + } else {
>> + DEBUG ((DEBUG_ERROR, "SecurityLock::LockType: %d, Module: %g, Function: %a, Output: %a\n", LockType, Module, Function, LockEventText));
>> + }
>> +}
>
> I disagree with this implementation. Security log messages are
> important, but they are not necessarily errors. DEBUG_ERROR should be
> used for errors, preferably for such that cannot be recovered from
> (DEBUG_WARN is OK for recoverable errors).
>
> If DEBUG_INFO is deemed too "quiet" for logging security events, then we
> should introduce a new bit value for the debug bitmask, such as
> DEBUG_SECURITY. We have a number of "special purpose" bits already:
>
> - DEBUG_LOAD
> - DEBUG_FS
> - DEBUG_POOL
> - DEBUG_PAGE
> - DEBUG_DISPATCH
> - etc
>
> and I think we have room for DEBUG_SECURITY.
>
> (1) And then, the log mask in this library instance should be
>
> DEBUG_SECURITY | DEBUG_INFO
>
> I believe.
>
> Thanks
> Laszlo
>
>
>
>> diff --git a/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf
>> new file mode 100644
>> index 0000000000..b641016087
>> --- /dev/null
>> +++ b/MdeModulePkg/Library/SecurityLockAuditDebugLib/SecurityLockAuditDebugLib.inf
>> @@ -0,0 +1,29 @@
>> +## @file
>> +#
>> +# Library that implements logging and reporting for security locks
>> +# Using DebugLib
>> +#
>> +#
>> +# Copyright (c) 2018, Microsoft Corporation
>> +#
>> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>> +##
>> +
>> +[Defines]
>> + INF_VERSION = 0x00010005
>> + BASE_NAME = SecurityLockAuditDebugLib
>> + FILE_GUID = 459d0456-d6be-458e-9cc8-e9b21745f9aa
>> + MODULE_TYPE = BASE
>> + VERSION_STRING = 1.0
>> + LIBRARY_CLASS = SecurityLockAuditLib
>> +
>> +[Sources.common]
>> + SecurityLockAuditDebugLib.c
>> +
>> +[Packages]
>> + MdePkg/MdePkg.dec
>> + MdeModulePkg/MdeModulePkg.dec
>> +
>> +[LibraryClasses]
>> + BaseLib
>> + DebugLib
>>
>
next prev parent reply other threads:[~2019-07-22 20:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-22 4:01 [PATCH 0/5] Add new lib SecurityLockAuditLib to log message for security event Gao, Zhichao
2019-07-22 4:02 ` [PATCH 1/5] MdeModulePkg: Add header file for SecurityLockAuditLib Gao, Zhichao
2019-07-22 20:27 ` [edk2-devel] " Laszlo Ersek
2019-07-22 4:02 ` [PATCH 2/5] MdeModulePkg/SecurityLockAuditDebugLib: Add lib instance Gao, Zhichao
2019-07-22 20:34 ` [edk2-devel] " Laszlo Ersek
2019-07-22 20:45 ` Laszlo Ersek [this message]
2019-07-22 21:06 ` Michael D Kinney
2019-07-23 3:26 ` Wu, Hao A
2019-07-22 4:02 ` [PATCH 3/5] MdeModulePkg/SecurityLockAuditLibNull: Add null version lib Gao, Zhichao
2019-07-22 4:02 ` [PATCH 4/5] MdeModulePkg: Add SecuritAuditLib to dec file Gao, Zhichao
2019-07-22 20:27 ` [edk2-devel] " Laszlo Ersek
2019-07-22 4:02 ` [PATCH 5/5] MdeModulePkg/PiSmmIpl: Use SecurityLockAuditLib for debug Gao, Zhichao
2019-07-22 20:40 ` [edk2-devel] " Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c8df8660-c302-6044-18fb-400954becf49@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox