From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.5443.1686257862746496347 for ; Thu, 08 Jun 2023 13:57:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=E9NwAWB/; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from [192.168.4.22] (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id D8B5720C145C; Thu, 8 Jun 2023 13:57:41 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com D8B5720C145C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1686257862; bh=xESkuHiXN+vUr/RkN42VTlno0CuZg7xnALUfs9ODqSg=; h=Date:Subject:To:References:From:In-Reply-To:From; b=E9NwAWB/wMH7112FSq2Z1GXEnaMa8ZDagMQzVgCYyiPLxMY0perOsZnCMebj3Tpk3 1CkyzabG5kuSM18gvdn6budiVKd8IcQrIUXROpO0aFFvDklxeCX4YCPF5Bz3rXvjGy y91pMWIjKg7bF/P72fMnu3oGFCnAUnZzcsyUg3mY= Message-ID: Date: Thu, 8 Jun 2023 16:57:40 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 Subject: Re: [edk2-devel] [PATCH v1 1/1] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state To: devel@edk2.groups.io, Abhi.Singh@arm.com References: <20230412212505.538013-1-Abhi.Singh@arm.com> From: "Michael Kubacki" In-Reply-To: <20230412212505.538013-1-Abhi.Singh@arm.com> Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Acked-by: Michael Kubacki Inline code comment below. On 4/12/2023 5:25 PM, Abhimanyu Singh wrote: > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4410 > > Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function > contains a scenario to prevent a possible dictionary attack on the MorLock > Key in accordance with the TCG Platform Reset Mitigation Spec v1.10. > > The mechanism to prevent this attack must also change the MorLock Variable > Value to 0x01 to indicate Locked Without Key. > > Cc: Jian J Wang > Cc: Liming Gao > Signed-off-by: Abhi Singh > --- > MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c > index da1105ff073e..a76db18ef877 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c > @@ -312,6 +312,10 @@ SetVariableCheckHandlerMorLock ( > mMorLockState = MorLockStateLocked; > > mMorLockKeyEmpty = TRUE; > > ZeroMem (mMorLockKey, sizeof (mMorLockKey)); > > + // > > + // Update value to reflect locked without key > > + // > > + SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY); I know the TCG Reset Attack Mitigation Specification requires EFI_ACCESS_DENIED to be returned from this function in this case but SetMorLockVariable() returns a status code. I suggest capturing that followed by an ASSERT_EFI_ERROR (Status) to at least help raise visibility of unexpected errors in builds with asserts enabled. > > return EFI_ACCESS_DENIED; > > } > > } >