diff options
Diffstat (limited to 'SecurityPkg')
12 files changed, 977 insertions, 342 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 3b4fc57c..5bc29cf1 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -12,7 +12,7 @@ DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
untrusted PE/COFF image and validate its data structure within this image buffer before use.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -837,7 +837,7 @@ IsSignatureFoundInDatabase ( //
CertList = (EFI_SIGNATURE_LIST *) Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) {
for (Index = 0; Index < CertCount; Index++) {
@@ -967,43 +967,6 @@ Done: }
/**
- Verify certificate in WIN_CERT_TYPE_PKCS_SIGNED_DATA format.
-
- @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image.
- @param[in] AuthDataSize Size of the Authenticode Signature in bytes.
-
- @retval EFI_SUCCESS Image pass verification.
- @retval EFI_SECURITY_VIOLATION Image fail verification.
-
-**/
-EFI_STATUS
-VerifyCertPkcsSignedData (
- IN UINT8 *AuthData,
- IN UINTN AuthDataSize
- )
-{
- //
- // 1: Find certificate from DBX forbidden database for revoked certificate.
- //
- if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {
- //
- // DBX is forbidden database, if Authenticode verification pass with
- // one of the certificate in DBX, this image should be rejected.
- //
- return EFI_SECURITY_VIOLATION;
- }
-
- //
- // 2: Find certificate from DB database and try to verify authenticode struct.
- //
- if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {
- return EFI_SUCCESS;
- } else {
- return EFI_SECURITY_VIOLATION;
- }
-}
-
-/**
Provide verification service for signed images, which include both signature validation
and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and
MSFT Authenticode type signatures are supported.
@@ -1011,25 +974,14 @@ VerifyCertPkcsSignedData ( In this implementation, only verify external executables when in USER MODE.
Executables from FV is bypass, so pass in AuthenticationStatus is ignored.
- The image verification process is:
+ The image verification policy is:
If the image is signed,
- If the image's certificate verifies against a certificate (root or intermediate) in the allowed
- database (DB) and not in the forbidden database (DBX), the certificate verification is passed.
- If the image's hash digest is in DBX,
- deny execution.
- If not,
- run it.
- If the Image's certificate verification failed.
- If the Image's Hash is in DB and not in DBX,
- run it.
- Otherwise,
- deny execution.
+ At least one valid signature or at least one hash value of the image must match a record
+ in the security database "db", and no valid signature nor any hash value of the image may
+ be reflected in the security database "dbx".
Otherwise, the image is not signed,
- Is the Image's Hash in DBX?
- If yes, deny execution.
- If not, is the Image's Hash in DB?
- If yes, run it.
- If not, deny execution.
+ The SHA256 hash value of the image must match a record in the security database "db", and
+ not be reflected in the security data base "dbx".
Caution: This function may receive untrusted input.
PE/COFF image is external input, so this function will validate its data structure
@@ -1084,12 +1036,12 @@ DxeImageVerificationHandler ( UINT8 *SecureBoot;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
UINT32 NumberOfRvaAndSizes;
- UINT32 CertSize;
WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid;
UINT8 *AuthData;
UINTN AuthDataSize;
EFI_IMAGE_DATA_DIRECTORY *SecDataDir;
+ UINT32 OffSet;
SignatureList = NULL;
SignatureListSize = 0;
@@ -1098,6 +1050,8 @@ DxeImageVerificationHandler ( PkcsCertData = NULL;
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
Status = EFI_ACCESS_DENIED;
+ VerifyStatus = EFI_ACCESS_DENIED;
+
//
// Check the image type and get policy setting.
//
@@ -1230,9 +1184,13 @@ DxeImageVerificationHandler ( }
}
- if ((SecDataDir == NULL) || ((SecDataDir != NULL) && (SecDataDir->Size == 0))) {
+ //
+ // Start Image Validation.
+ //
+ if (SecDataDir == NULL || SecDataDir->Size == 0) {
//
- // This image is not signed.
+ // This image is not signed. The SHA256 hash value of the image must match a record in the security database "db",
+ // and not be reflected in the security data base "dbx".
//
if (!HashPeImage (HASHALG_SHA256)) {
goto Done;
@@ -1259,109 +1217,118 @@ DxeImageVerificationHandler ( }
//
- // Verify signature of executables.
+ // Verify the signature of the image, multiple signatures are allowed as per PE/COFF Section 4.7
+ // "Attribute Certificate Table".
+ // The first certificate starts at offset (SecDataDir->VirtualAddress) from the start of the file.
//
- WinCertificate = (WIN_CERTIFICATE *) (mImageBase + SecDataDir->VirtualAddress);
-
- CertSize = sizeof (WIN_CERTIFICATE);
-
- if ((SecDataDir->Size <= CertSize) || (SecDataDir->Size < WinCertificate->dwLength)) {
- goto Done;
- }
-
- //
- // Verify the image's Authenticode signature, only DER-encoded PKCS#7 signed data is supported.
- //
- if (WinCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
+ for (OffSet = SecDataDir->VirtualAddress;
+ OffSet < (SecDataDir->VirtualAddress + SecDataDir->Size);
+ OffSet += WinCertificate->dwLength, OffSet += ALIGN_SIZE (OffSet)) {
+ WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
+ if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <= sizeof (WIN_CERTIFICATE) ||
+ (SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) < WinCertificate->dwLength) {
+ break;
+ }
+
//
- // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the
- // Authenticode specification.
+ // Verify the image's Authenticode signature, only DER-encoded PKCS#7 signed data is supported.
//
- PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;
- if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
- goto Done;
+ if (WinCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
+ //
+ // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the
+ // Authenticode specification.
+ //
+ PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;
+ if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
+ break;
+ }
+ AuthData = PkcsCertData->CertData;
+ AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);
+ } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
+ //
+ // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
+ //
+ WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;
+ if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+ break;
+ }
+ if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {
+ continue;
+ }
+ AuthData = WinCertUefiGuid->CertData;
+ AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
+ } else {
+ if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
+ break;
+ }
+ continue;
}
- AuthData = PkcsCertData->CertData;
- AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);
-
+
Status = HashPeImageByType (AuthData, AuthDataSize);
if (EFI_ERROR (Status)) {
- goto Done;
+ continue;
}
-
- VerifyStatus = VerifyCertPkcsSignedData (AuthData, AuthDataSize);
- } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
+
//
- // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
+ // Check the digital signature against the revoked certificate in forbidden database (dbx).
//
- WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;
- if (!CompareGuid(&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid) ||
- (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData))) {
- goto Done;
- }
- AuthData = WinCertUefiGuid->CertData;
- AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
-
- Status = HashPeImageByType (AuthData, AuthDataSize);
- if (EFI_ERROR (Status)) {
- goto Done;
+ if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
+ VerifyStatus = EFI_ACCESS_DENIED;
+ break;
}
- VerifyStatus = VerifyCertPkcsSignedData (AuthData, AuthDataSize);
- } else {
- goto Done;
- }
- if (!EFI_ERROR (VerifyStatus)) {
//
- // Verification is passed.
- // Continue to check the image digest in signature database.
+ // Check the digital signature against the valid certificate in allowed database (db).
//
- if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
- //
- // Executable signature verification passes, but is found in forbidden signature database.
- //
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
- Status = EFI_ACCESS_DENIED;
- } else {
- //
- // For image verification against enrolled X.509 certificate(root or intermediate),
- // no need to check image's hash in the allowed database.
- //
- return EFI_SUCCESS;
+ if (EFI_ERROR (VerifyStatus)) {
+ if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {
+ VerifyStatus = EFI_SUCCESS;
+ }
}
- } else {
+
//
- // Verification failure.
+ // Check the image's hash value.
//
- if (!IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize) &&
- IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
- //
- // Verification fail, Image Hash is not in forbidden database (DBX),
- // and Image Hash is in allowed database (DB).
- //
- Status = EFI_SUCCESS;
- } else {
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
- Status = EFI_ACCESS_DENIED;
+ if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
+ VerifyStatus = EFI_ACCESS_DENIED;
+ break;
+ } else if (EFI_ERROR (VerifyStatus)) {
+ if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
+ VerifyStatus = EFI_SUCCESS;
+ }
}
}
- if (EFI_ERROR (Status)) {
+ if (OffSet != (SecDataDir->VirtualAddress + SecDataDir->Size)) {
//
- // Get image hash value as executable's signature.
+ // The Size in Certificate Table or the attribute certicate table is corrupted.
//
- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
- SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
- if (SignatureList == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Done;
+ VerifyStatus = EFI_ACCESS_DENIED;
+ }
+
+ if (!EFI_ERROR (VerifyStatus)) {
+ return EFI_SUCCESS;
+ } else {
+ Status = EFI_ACCESS_DENIED;
+ if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
+ //
+ // Get image hash value as executable's signature.
+ //
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
+ SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
+ if (SignatureList == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Done;
+ }
+ SignatureList->SignatureHeaderSize = 0;
+ SignatureList->SignatureListSize = (UINT32) SignatureListSize;
+ SignatureList->SignatureSize = (UINT32) mImageDigestSize;
+ CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
+ Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
+ CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
}
- SignatureList->SignatureHeaderSize = 0;
- SignatureList->SignatureListSize = (UINT32) SignatureListSize;
- SignatureList->SignatureSize = (UINT32) mImageDigestSize;
- CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
- Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
- CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
}
Done:
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h index 55371e90..9aef601c 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h @@ -2,7 +2,7 @@ The internal header file includes the common header files, defines
internal structure and functions used by ImageVerificationLib.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -43,6 +43,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define MAX_NOTIFY_STRING_LEN 64
#define TWO_BYTE_ENCODE 0x82
+#define ALIGNMENT_SIZE 8
+#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
+
//
// Image type definitions
//
diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c index 44845b0f..3414cd2e 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c @@ -8,7 +8,7 @@ ExecutePendingTpmRequest() will receive untrusted input and do validation.
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -1010,13 +1010,6 @@ ExecutePendingTpmRequest ( UINTN DataSize;
BOOLEAN RequestConfirmed;
- if (TcgPpData->PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
- //
- // No operation request
- //
- return;
- }
-
if (!HaveValidTpmRequest(TcgPpData, &RequestConfirmed)) {
//
// Invalid operation request.
@@ -1165,6 +1158,13 @@ TcgPhysicalPresenceLibProcessRequest ( DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));
+ if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
+ //
+ // No operation request
+ //
+ return;
+ }
+
Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
if (EFI_ERROR (Status)) {
return ;
diff --git a/SecurityPkg/VariableAuthenticated/Pei/Variable.c b/SecurityPkg/VariableAuthenticated/Pei/Variable.c index d27f6790..38b9170a 100644 --- a/SecurityPkg/VariableAuthenticated/Pei/Variable.c +++ b/SecurityPkg/VariableAuthenticated/Pei/Variable.c @@ -3,7 +3,7 @@ ReadOnly Varaiable2 PPI. These services operates the non-volatile
storage space.
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -428,6 +428,7 @@ FindVariableEx ( UINTN Index;
UINTN Offset;
BOOLEAN StopRecord;
+ VARIABLE_HEADER *InDeletedVariable;
if (VariableStoreHeader == NULL) {
return EFI_INVALID_PARAMETER;
@@ -444,6 +445,8 @@ FindVariableEx ( PtrTrack->StartPtr = GetStartPointer (VariableStoreHeader);
PtrTrack->EndPtr = GetEndPointer (VariableStoreHeader);
+ InDeletedVariable = NULL;
+
//
// No Variable Address equals zero, so 0 as initial value is safe.
//
@@ -459,15 +462,20 @@ FindVariableEx ( Offset += IndexTable->Index[Index];
MaxIndex = (VARIABLE_HEADER *) ((UINT8 *) IndexTable->StartPtr + Offset);
if (CompareWithValidVariable (MaxIndex, VariableName, VendorGuid, PtrTrack) == EFI_SUCCESS) {
- return EFI_SUCCESS;
+ if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ InDeletedVariable = PtrTrack->CurrPtr;
+ } else {
+ return EFI_SUCCESS;
+ }
}
}
if (IndexTable->GoneThrough != 0) {
//
- // If the table has all the existing variables indexed and we still cannot find it.
+ // If the table has all the existing variables indexed, return.
//
- return EFI_NOT_FOUND;
+ PtrTrack->CurrPtr = InDeletedVariable;
+ return (PtrTrack->CurrPtr == NULL) ? EFI_NOT_FOUND : EFI_SUCCESS;
}
}
@@ -488,11 +496,11 @@ FindVariableEx ( }
//
- // Find the variable by walk through non-volatile variable store
+ // Find the variable by walk through variable store
//
StopRecord = FALSE;
while ((Variable < PtrTrack->EndPtr) && IsValidVariableHeader (Variable)) {
- if (Variable->State == VAR_ADDED) {
+ if (Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
//
// Record Variable in VariableIndex HOB
//
@@ -511,7 +519,11 @@ FindVariableEx ( }
if (CompareWithValidVariable (Variable, VariableName, VendorGuid, PtrTrack) == EFI_SUCCESS) {
- return EFI_SUCCESS;
+ if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ InDeletedVariable = PtrTrack->CurrPtr;
+ } else {
+ return EFI_SUCCESS;
+ }
}
}
@@ -524,9 +536,9 @@ FindVariableEx ( IndexTable->GoneThrough = 1;
}
- PtrTrack->CurrPtr = NULL;
+ PtrTrack->CurrPtr = InDeletedVariable;
- return EFI_NOT_FOUND;
+ return (PtrTrack->CurrPtr == NULL) ? EFI_NOT_FOUND : EFI_SUCCESS;
}
/**
@@ -689,6 +701,8 @@ PeiGetNextVariableName ( VARIABLE_STORE_TYPE Type;
VARIABLE_POINTER_TRACK Variable;
VARIABLE_POINTER_TRACK VariableInHob;
+ VARIABLE_POINTER_TRACK VariablePtrTrack;
+ VARIABLE_INDEX_TABLE *IndexTable;
UINTN VarNameSize;
EFI_STATUS Status;
VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax];
@@ -750,7 +764,32 @@ PeiGetNextVariableName ( Variable.CurrPtr = Variable.StartPtr;
}
- if (Variable.CurrPtr->State == VAR_ADDED) {
+ if (Variable.CurrPtr->State == VAR_ADDED || Variable.CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ if (Variable.CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ //
+ // If it is a IN_DELETED_TRANSITION variable,
+ // and there is also a same ADDED one at the same time,
+ // don't return it.
+ //
+ for (Type = (VARIABLE_STORE_TYPE) 0; Type < VariableStoreTypeMax; Type++) {
+ if ((VariableStoreHeader[Type] != NULL) && (Variable.StartPtr == GetStartPointer (VariableStoreHeader[Type]))) {
+ break;
+ }
+ }
+ ASSERT (Type < VariableStoreTypeMax);
+ GetVariableStore (Type, &IndexTable);
+ Status = FindVariableEx (
+ VariableStoreHeader[Type],
+ IndexTable,
+ GetVariableNamePtr (Variable.CurrPtr),
+ &Variable.CurrPtr->VendorGuid,
+ &VariablePtrTrack
+ );
+ if (!EFI_ERROR (Status) && VariablePtrTrack.CurrPtr->State == VAR_ADDED) {
+ Variable.CurrPtr = GetNextVariablePtr (Variable.CurrPtr);
+ continue;
+ }
+ }
//
// Don't return NV variable when HOB overrides it
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 64ce968a..6f8808a7 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -15,7 +15,7 @@ They will do basic validation for authentication data structure, then call crypto library
to verify the signature.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -356,30 +356,23 @@ AutenticatedVariableServiceInitialize ( DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));
//
- // Check "CustomMode" variable's existence.
+ // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.
//
FindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
- if (Variable.CurrPtr != NULL) {
- CustomMode = *(GetVariableDataPtr (Variable.CurrPtr));
- } else {
- //
- // "CustomMode" not exist, initialize it in STANDARD_SECURE_BOOT_MODE.
- //
- CustomMode = STANDARD_SECURE_BOOT_MODE;
- Status = UpdateVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- &CustomMode,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
- 0,
- 0,
- &Variable,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
+ CustomMode = STANDARD_SECURE_BOOT_MODE;
+ Status = UpdateVariable (
+ EFI_CUSTOM_MODE_NAME,
+ &gEfiCustomModeEnableGuid,
+ &CustomMode,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ 0,
+ 0,
+ &Variable,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
}
DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));
@@ -437,6 +430,8 @@ AddPubKeyInStore ( UINT32 Index;
VARIABLE_POINTER_TRACK Variable;
UINT8 *Ptr;
+ UINT8 *Data;
+ UINTN DataSize;
if (PubKey == NULL) {
return 0;
@@ -450,6 +445,10 @@ AddPubKeyInStore ( FALSE
);
ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return 0;
+ }
+
//
// Check whether the public key entry does exist.
//
@@ -468,9 +467,48 @@ AddPubKeyInStore ( //
if (mPubKeyNumber == MAX_KEY_NUM) {
//
- // Notes: Database is full, need enhancement here, currently just return 0.
+ // Public key dadatase is full, try to reclaim invalid key.
//
- return 0;
+ if (AtRuntime ()) {
+ //
+ // NV storage can't reclaim at runtime.
+ //
+ return 0;
+ }
+
+ Status = Reclaim (
+ mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
+ &mVariableModuleGlobal->NonVolatileLastVariableOffset,
+ FALSE,
+ NULL,
+ TRUE,
+ TRUE
+ );
+ if (EFI_ERROR (Status)) {
+ return 0;
+ }
+
+ Status = FindVariable (
+ AUTHVAR_KEYDB_NAME,
+ &gEfiAuthenticatedVariableGuid,
+ &Variable,
+ &mVariableModuleGlobal->VariableGlobal,
+ FALSE
+ );
+ ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return 0;
+ }
+
+ DataSize = DataSizeOfVariable (Variable.CurrPtr);
+ Data = GetVariableDataPtr (Variable.CurrPtr);
+ ASSERT ((DataSize != 0) && (Data != NULL));
+ CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
+ mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
+
+ if (mPubKeyNumber == MAX_KEY_NUM) {
+ return 0;
+ }
}
CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index 5f023dfd..1595c8c2 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -16,7 +16,7 @@ VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
integer overflow. It should also check attribute to avoid authentication bypass.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -511,30 +511,168 @@ GetEndPointer ( return (VARIABLE_HEADER *) HEADER_ALIGN ((UINTN) VarStoreHeader + VarStoreHeader->Size);
}
+/**
+
+ Check the PubKeyIndex is a valid key or not.
+
+ This function will iterate the NV storage to see if this PubKeyIndex is still referenced
+ by any valid count-based auth variabe.
+
+ @param[in] PubKeyIndex Index of the public key in public key store.
+
+ @retval TRUE The PubKeyIndex is still in use.
+ @retval FALSE The PubKeyIndex is not referenced by any count-based auth variabe.
+
+**/
+BOOLEAN
+IsValidPubKeyIndex (
+ IN UINT32 PubKeyIndex
+ )
+{
+ VARIABLE_HEADER *Variable;
+
+ if (PubKeyIndex > mPubKeyNumber) {
+ return FALSE;
+ }
+
+ Variable = GetStartPointer (mNvVariableCache);
+
+ while (IsValidVariableHeader (Variable)) {
+ if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) &&
+ Variable->PubKeyIndex == PubKeyIndex) {
+ return TRUE;
+ }
+ Variable = GetNextVariablePtr (Variable);
+ }
+
+ return FALSE;
+}
/**
- Variable store garbage collection and reclaim operation.
+ Get the number of valid public key in PubKeyStore.
+
+ @param[in] PubKeyNumber Number of the public key in public key store.
+
+ @return Number of valid public key in PubKeyStore.
+
+**/
+UINT32
+GetValidPubKeyNumber (
+ IN UINT32 PubKeyNumber
+ )
+{
+ UINT32 PubKeyIndex;
+ UINT32 Counter;
+
+ Counter = 0;
+
+ for (PubKeyIndex = 1; PubKeyIndex <= PubKeyNumber; PubKeyIndex++) {
+ if (IsValidPubKeyIndex (PubKeyIndex)) {
+ Counter++;
+ }
+ }
+
+ return Counter;
+}
+
+/**
+
+ Filter the useless key in public key store.
+
+ This function will find out all valid public keys in public key database, save them in new allocated
+ buffer NewPubKeyStore, and give the new PubKeyIndex. The caller is responsible for freeing buffer
+ NewPubKeyIndex and NewPubKeyStore with FreePool().
+
+ @param[in] PubKeyStore Point to the public key database.
+ @param[in] PubKeyNumber Number of the public key in PubKeyStore.
+ @param[out] NewPubKeyIndex Point to an array of new PubKeyIndex corresponds to NewPubKeyStore.
+ @param[out] NewPubKeyStore Saved all valid public keys in PubKeyStore.
+ @param[out] NewPubKeySize Buffer size of the NewPubKeyStore.
+
+ @retval EFI_SUCCESS Trim operation is complete successfully.
+ @retval EFI_OUT_OF_RESOURCES No enough memory resources, or no useless key in PubKeyStore.
+
+**/
+EFI_STATUS
+PubKeyStoreFilter (
+ IN UINT8 *PubKeyStore,
+ IN UINT32 PubKeyNumber,
+ OUT UINT32 **NewPubKeyIndex,
+ OUT UINT8 **NewPubKeyStore,
+ OUT UINT32 *NewPubKeySize
+ )
+{
+ UINT32 PubKeyIndex;
+ UINT32 CopiedKey;
+ UINT32 NewPubKeyNumber;
+
+ NewPubKeyNumber = GetValidPubKeyNumber (PubKeyNumber);
+ if (NewPubKeyNumber == PubKeyNumber) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ if (NewPubKeyNumber != 0) {
+ *NewPubKeySize = NewPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE;
+ } else {
+ *NewPubKeySize = sizeof (UINT8);
+ }
+
+ *NewPubKeyStore = AllocatePool (*NewPubKeySize);
+ if (*NewPubKeyStore == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
- @param VariableBase Base address of variable store.
- @param LastVariableOffset Offset of last variable.
- @param IsVolatile The variable store is volatile or not;
- if it is non-volatile, need FTW.
- @param UpdatingVariable Pointer to updating variable.
- @param ReclaimAnyway If TRUE, do reclaim anyway.
+ *NewPubKeyIndex = AllocateZeroPool ((PubKeyNumber + 1) * sizeof (UINT32));
+ if (*NewPubKeyIndex == NULL) {
+ FreePool (*NewPubKeyStore);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopiedKey = 0;
+ for (PubKeyIndex = 1; PubKeyIndex <= PubKeyNumber; PubKeyIndex++) {
+ if (IsValidPubKeyIndex (PubKeyIndex)) {
+ CopyMem (
+ *NewPubKeyStore + CopiedKey * EFI_CERT_TYPE_RSA2048_SIZE,
+ PubKeyStore + (PubKeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE,
+ EFI_CERT_TYPE_RSA2048_SIZE
+ );
+ (*NewPubKeyIndex)[PubKeyIndex] = ++CopiedKey;
+ }
+ }
+ return EFI_SUCCESS;
+}
- @return EFI_OUT_OF_RESOURCES
- @return EFI_SUCCESS
- @return Others
+/**
+
+ Variable store garbage collection and reclaim operation.
+
+ If ReclaimPubKeyStore is FALSE, reclaim variable space by deleting the obsoleted varaibles.
+ If ReclaimPubKeyStore is TRUE, reclaim invalid key in public key database and update the PubKeyIndex
+ for all the count-based authenticate variable in NV storage.
+
+ @param[in] VariableBase Base address of variable store.
+ @param[out] LastVariableOffset Offset of last variable.
+ @param[in] IsVolatile The variable store is volatile or not;
+ if it is non-volatile, need FTW.
+ @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure.
+ @param[in] ReclaimPubKeyStore Reclaim for public key database or not.
+ @param[in] ReclaimAnyway If TRUE, do reclaim anyway.
+
+ @return EFI_SUCCESS Reclaim operation has finished successfully.
+ @return EFI_OUT_OF_RESOURCES No enough memory resources.
+ @return EFI_DEVICE_ERROR The public key database doesn't exist.
+ @return Others Unexpect error happened during reclaim operation.
**/
EFI_STATUS
Reclaim (
- IN EFI_PHYSICAL_ADDRESS VariableBase,
- OUT UINTN *LastVariableOffset,
- IN BOOLEAN IsVolatile,
- IN VARIABLE_HEADER *UpdatingVariable,
- IN BOOLEAN ReclaimAnyway
+ IN EFI_PHYSICAL_ADDRESS VariableBase,
+ OUT UINTN *LastVariableOffset,
+ IN BOOLEAN IsVolatile,
+ IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
+ IN BOOLEAN ReclaimPubKeyStore,
+ IN BOOLEAN ReclaimAnyway
)
{
VARIABLE_HEADER *Variable;
@@ -557,14 +695,28 @@ Reclaim ( CHAR16 *UpdatingVariableNamePtr;
UINTN CommonVariableTotalSize;
UINTN HwErrVariableTotalSize;
+ UINT32 *NewPubKeyIndex;
+ UINT8 *NewPubKeyStore;
+ UINT32 NewPubKeySize;
+ VARIABLE_HEADER *PubKeyHeader;
BOOLEAN NeedDoReclaim;
+ VARIABLE_HEADER *UpdatingVariable;
+
+ UpdatingVariable = NULL;
+ if (UpdatingPtrTrack != NULL) {
+ UpdatingVariable = UpdatingPtrTrack->CurrPtr;
+ }
NeedDoReclaim = FALSE;
VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINTN) VariableBase);
CommonVariableTotalSize = 0;
HwErrVariableTotalSize = 0;
-
+ NewPubKeyIndex = NULL;
+ NewPubKeyStore = NULL;
+ NewPubKeySize = 0;
+ PubKeyHeader = NULL;
+
//
// Start Pointers for the variable.
//
@@ -608,95 +760,97 @@ Reclaim ( CopyMem (ValidBuffer, VariableStoreHeader, sizeof (VARIABLE_STORE_HEADER));
CurrPtr = (UINT8 *) GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer);
- //
- // Reinstall all ADDED variables as long as they are not identical to Updating Variable.
- //
- Variable = GetStartPointer (VariableStoreHeader);
- while (IsValidVariableHeader (Variable)) {
- NextVariable = GetNextVariablePtr (Variable);
- if (Variable->State == VAR_ADDED) {
- if (UpdatingVariable != NULL) {
- if (UpdatingVariable == Variable) {
- Variable = NextVariable;
- continue;
- }
-
- VariableNameSize = NameSizeOfVariable(Variable);
- UpdatingVariableNameSize = NameSizeOfVariable(UpdatingVariable);
+ if (ReclaimPubKeyStore) {
+ //
+ // Trim the PubKeyStore and get new PubKeyIndex.
+ //
+ Status = PubKeyStoreFilter (
+ mPubKeyStore,
+ mPubKeyNumber,
+ &NewPubKeyIndex,
+ &NewPubKeyStore,
+ &NewPubKeySize
+ );
+ if (EFI_ERROR (Status)) {
+ FreePool (ValidBuffer);
+ return Status;
+ }
- VariableNamePtr = GetVariableNamePtr (Variable);
- UpdatingVariableNamePtr = GetVariableNamePtr (UpdatingVariable);
- if (CompareGuid (&Variable->VendorGuid, &UpdatingVariable->VendorGuid) &&
- VariableNameSize == UpdatingVariableNameSize &&
- CompareMem (VariableNamePtr, UpdatingVariableNamePtr, VariableNameSize) == 0 ) {
+ //
+ // Refresh the PubKeyIndex for all valid variables (ADDED and IN_DELETED_TRANSITION).
+ //
+ Variable = GetStartPointer (mNvVariableCache);
+ while (IsValidVariableHeader (Variable)) {
+ NextVariable = GetNextVariablePtr (Variable);
+ if (Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ if ((StrCmp (GetVariableNamePtr (Variable), AUTHVAR_KEYDB_NAME) == 0) &&
+ (CompareGuid (&Variable->VendorGuid, &gEfiAuthenticatedVariableGuid))) {
+ //
+ // Skip the public key database, it will be reinstalled later.
+ //
+ PubKeyHeader = Variable;
Variable = NextVariable;
continue;
}
+
+ VariableSize = (UINTN) NextVariable - (UINTN) Variable;
+ CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize);
+ ((VARIABLE_HEADER*) CurrPtr)->PubKeyIndex = NewPubKeyIndex[Variable->PubKeyIndex];
+ CurrPtr += VariableSize;
+ if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
+ HwErrVariableTotalSize += VariableSize;
+ } else if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
+ CommonVariableTotalSize += VariableSize;
+ }
}
- VariableSize = (UINTN) NextVariable - (UINTN) Variable;
- CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize);
- CurrPtr += VariableSize;
- if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
- HwErrVariableTotalSize += VariableSize;
- } else if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
- CommonVariableTotalSize += VariableSize;
- }
+ Variable = NextVariable;
}
- Variable = NextVariable;
- }
- //
- // Reinstall the variable being updated if it is not NULL.
- //
- if (UpdatingVariable != NULL) {
- VariableSize = (UINTN)(GetNextVariablePtr (UpdatingVariable)) - (UINTN)UpdatingVariable;
- CopyMem (CurrPtr, (UINT8 *) UpdatingVariable, VariableSize);
- CurrPtr += VariableSize;
- if ((!IsVolatile) && ((UpdatingVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
- HwErrVariableTotalSize += VariableSize;
- } else if ((!IsVolatile) && ((UpdatingVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
- CommonVariableTotalSize += VariableSize;
+ //
+ // Reinstall the new public key database.
+ //
+ ASSERT (PubKeyHeader != NULL);
+ if (PubKeyHeader == NULL) {
+ FreePool (ValidBuffer);
+ FreePool (NewPubKeyIndex);
+ FreePool (NewPubKeyStore);
+ return EFI_DEVICE_ERROR;
}
- }
-
- //
- // Reinstall all in delete transition variables.
- //
- Variable = GetStartPointer (VariableStoreHeader);
- while (IsValidVariableHeader (Variable)) {
- NextVariable = GetNextVariablePtr (Variable);
- if (Variable != UpdatingVariable && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ CopyMem (CurrPtr, (UINT8*) PubKeyHeader, sizeof (VARIABLE_HEADER));
+ Variable = (VARIABLE_HEADER*) CurrPtr;
+ Variable->DataSize = NewPubKeySize;
+ StrCpy (GetVariableNamePtr (Variable), GetVariableNamePtr (PubKeyHeader));
+ CopyMem (GetVariableDataPtr (Variable), NewPubKeyStore, NewPubKeySize);
+ CurrPtr = (UINT8*) GetNextVariablePtr (Variable);
+ CommonVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable;
+ } else {
+ //
+ // Reinstall all ADDED variables as long as they are not identical to Updating Variable.
+ //
+ Variable = GetStartPointer (VariableStoreHeader);
+ while (IsValidVariableHeader (Variable)) {
+ NextVariable = GetNextVariablePtr (Variable);
+ if (Variable->State == VAR_ADDED) {
+ if (UpdatingVariable != NULL) {
+ if (UpdatingVariable == Variable) {
+ Variable = NextVariable;
+ continue;
+ }
- //
- // Buffer has cached all ADDED variable.
- // Per IN_DELETED variable, we have to guarantee that
- // no ADDED one in previous buffer.
- //
+ VariableNameSize = NameSizeOfVariable(Variable);
+ UpdatingVariableNameSize = NameSizeOfVariable(UpdatingVariable);
- FoundAdded = FALSE;
- AddedVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer);
- while (IsValidVariableHeader (AddedVariable)) {
- NextAddedVariable = GetNextVariablePtr (AddedVariable);
- NameSize = NameSizeOfVariable (AddedVariable);
- if (CompareGuid (&AddedVariable->VendorGuid, &Variable->VendorGuid) &&
- NameSize == NameSizeOfVariable (Variable)
- ) {
- Point0 = (VOID *) GetVariableNamePtr (AddedVariable);
- Point1 = (VOID *) GetVariableNamePtr (Variable);
- if (CompareMem (Point0, Point1, NameSizeOfVariable (AddedVariable)) == 0) {
- FoundAdded = TRUE;
- break;
+ VariableNamePtr = GetVariableNamePtr (Variable);
+ UpdatingVariableNamePtr = GetVariableNamePtr (UpdatingVariable);
+ if (CompareGuid (&Variable->VendorGuid, &UpdatingVariable->VendorGuid) &&
+ VariableNameSize == UpdatingVariableNameSize &&
+ CompareMem (VariableNamePtr, UpdatingVariableNamePtr, VariableNameSize) == 0 ) {
+ Variable = NextVariable;
+ continue;
}
}
- AddedVariable = NextAddedVariable;
- }
- if (!FoundAdded) {
- //
- // Promote VAR_IN_DELETED_TRANSITION to VAR_ADDED.
- //
VariableSize = (UINTN) NextVariable - (UINTN) Variable;
CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize);
- ((VARIABLE_HEADER *) CurrPtr)->State = VAR_ADDED;
CurrPtr += VariableSize;
if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
HwErrVariableTotalSize += VariableSize;
@@ -704,9 +858,74 @@ Reclaim ( CommonVariableTotalSize += VariableSize;
}
}
+ Variable = NextVariable;
}
- Variable = NextVariable;
+ //
+ // Reinstall the variable being updated if it is not NULL.
+ //
+ if (UpdatingVariable != NULL) {
+ VariableSize = (UINTN)(GetNextVariablePtr (UpdatingVariable)) - (UINTN)UpdatingVariable;
+ CopyMem (CurrPtr, (UINT8 *) UpdatingVariable, VariableSize);
+ UpdatingPtrTrack->CurrPtr = (VARIABLE_HEADER *)((UINTN)UpdatingPtrTrack->StartPtr + ((UINTN)CurrPtr - (UINTN)GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer)));
+ UpdatingPtrTrack->InDeletedTransitionPtr = NULL;
+ CurrPtr += VariableSize;
+ if ((!IsVolatile) && ((UpdatingVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
+ HwErrVariableTotalSize += VariableSize;
+ } else if ((!IsVolatile) && ((UpdatingVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
+ CommonVariableTotalSize += VariableSize;
+ }
+ }
+
+ //
+ // Reinstall all in delete transition variables.
+ //
+ Variable = GetStartPointer (VariableStoreHeader);
+ while (IsValidVariableHeader (Variable)) {
+ NextVariable = GetNextVariablePtr (Variable);
+ if (Variable != UpdatingVariable && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+
+ //
+ // Buffer has cached all ADDED variable.
+ // Per IN_DELETED variable, we have to guarantee that
+ // no ADDED one in previous buffer.
+ //
+
+ FoundAdded = FALSE;
+ AddedVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer);
+ while (IsValidVariableHeader (AddedVariable)) {
+ NextAddedVariable = GetNextVariablePtr (AddedVariable);
+ NameSize = NameSizeOfVariable (AddedVariable);
+ if (CompareGuid (&AddedVariable->VendorGuid, &Variable->VendorGuid) &&
+ NameSize == NameSizeOfVariable (Variable)
+ ) {
+ Point0 = (VOID *) GetVariableNamePtr (AddedVariable);
+ Point1 = (VOID *) GetVariableNamePtr (Variable);
+ if (CompareMem (Point0, Point1, NameSize) == 0) {
+ FoundAdded = TRUE;
+ break;
+ }
+ }
+ AddedVariable = NextAddedVariable;
+ }
+ if (!FoundAdded) {
+ //
+ // Promote VAR_IN_DELETED_TRANSITION to VAR_ADDED.
+ //
+ VariableSize = (UINTN) NextVariable - (UINTN) Variable;
+ CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize);
+ ((VARIABLE_HEADER *) CurrPtr)->State = VAR_ADDED;
+ CurrPtr += VariableSize;
+ if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
+ HwErrVariableTotalSize += VariableSize;
+ } else if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
+ CommonVariableTotalSize += VariableSize;
+ }
+ }
+ }
+
+ Variable = NextVariable;
+ }
}
if (IsVolatile) {
@@ -748,6 +967,14 @@ Reclaim ( *LastVariableOffset = (UINTN) NextVariable - (UINTN) VariableBase;
}
+ if (NewPubKeyStore != NULL) {
+ FreePool (NewPubKeyStore);
+ }
+
+ if (NewPubKeyIndex != NULL) {
+ FreePool (NewPubKeyIndex);
+ }
+
FreePool (ValidBuffer);
return Status;
@@ -776,6 +1003,8 @@ FindVariableEx ( VARIABLE_HEADER *InDeletedVariable;
VOID *Point;
+ PtrTrack->InDeletedTransitionPtr = NULL;
+
//
// Find the variable by walk through HOB, volatile and non-volatile variable store.
//
@@ -793,6 +1022,7 @@ FindVariableEx ( if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
InDeletedVariable = PtrTrack->CurrPtr;
} else {
+ PtrTrack->InDeletedTransitionPtr = InDeletedVariable;
return EFI_SUCCESS;
}
} else {
@@ -804,6 +1034,7 @@ FindVariableEx ( if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
InDeletedVariable = PtrTrack->CurrPtr;
} else {
+ PtrTrack->InDeletedTransitionPtr = InDeletedVariable;
return EFI_SUCCESS;
}
}
@@ -1395,7 +1626,7 @@ AutoUpdateLangVariable ( @param[in] Attributes Attributes of the variable.
@param[in] KeyIndex Index of associated public key.
@param[in] MonotonicCount Value of associated monotonic count.
- @param[in] CacheVariable The variable information which is used to keep track of variable usage.
+ @param[in, out] CacheVariable The variable information which is used to keep track of variable usage.
@param[in] TimeStamp Value of associated TimeStamp.
@retval EFI_SUCCESS The update operation is success.
@@ -1411,7 +1642,7 @@ UpdateVariable ( IN UINT32 Attributes OPTIONAL,
IN UINT32 KeyIndex OPTIONAL,
IN UINT64 MonotonicCount OPTIONAL,
- IN VARIABLE_POINTER_TRACK *CacheVariable,
+ IN OUT VARIABLE_POINTER_TRACK *CacheVariable,
IN EFI_TIME *TimeStamp OPTIONAL
)
{
@@ -1427,7 +1658,6 @@ UpdateVariable ( BOOLEAN Volatile;
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb;
UINT8 State;
- BOOLEAN Reclaimed;
VARIABLE_POINTER_TRACK *Variable;
VARIABLE_POINTER_TRACK NvVariable;
VARIABLE_STORE_HEADER *VariableStoreHeader;
@@ -1467,11 +1697,15 @@ UpdateVariable ( Variable->StartPtr = GetStartPointer (VariableStoreHeader);
Variable->EndPtr = GetEndPointer (VariableStoreHeader);
Variable->CurrPtr = (VARIABLE_HEADER *)((UINTN)Variable->StartPtr + ((UINTN)CacheVariable->CurrPtr - (UINTN)CacheVariable->StartPtr));
+ if (CacheVariable->InDeletedTransitionPtr != NULL) {
+ Variable->InDeletedTransitionPtr = (VARIABLE_HEADER *)((UINTN)Variable->StartPtr + ((UINTN)CacheVariable->InDeletedTransitionPtr - (UINTN)CacheVariable->StartPtr));
+ } else {
+ Variable->InDeletedTransitionPtr = NULL;
+ }
Variable->Volatile = FALSE;
}
Fvb = mVariableModuleGlobal->FvbInstance;
- Reclaimed = FALSE;
//
// Tricky part: Use scratch data area at the end of volatile variable store
@@ -1519,6 +1753,32 @@ UpdateVariable ( // not delete the variable.
//
if ((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0))|| ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0)) {
+ if (Variable->InDeletedTransitionPtr != NULL) {
+ //
+ // Both ADDED and IN_DELETED_TRANSITION variable are present,
+ // set IN_DELETED_TRANSITION one to DELETED state first.
+ //
+ State = Variable->InDeletedTransitionPtr->State;
+ State &= VAR_DELETED;
+ Status = UpdateVariableStore (
+ &mVariableModuleGlobal->VariableGlobal,
+ Variable->Volatile,
+ FALSE,
+ Fvb,
+ (UINTN) &Variable->InDeletedTransitionPtr->State,
+ sizeof (UINT8),
+ &State
+ );
+ if (!EFI_ERROR (Status)) {
+ if (!Variable->Volatile) {
+ ASSERT (CacheVariable->InDeletedTransitionPtr != NULL);
+ CacheVariable->InDeletedTransitionPtr->State = State;
+ }
+ } else {
+ goto Done;
+ }
+ }
+
State = Variable->CurrPtr->State;
State &= VAR_DELETED;
@@ -1567,11 +1827,11 @@ UpdateVariable ( DataOffset = sizeof (VARIABLE_HEADER) + Variable->CurrPtr->NameSize + GET_PAD_SIZE (Variable->CurrPtr->NameSize);
CopyMem (mStorageArea, (UINT8*)((UINTN) Variable->CurrPtr + DataOffset), Variable->CurrPtr->DataSize);
- if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) ||
- (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
+ if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) ||
+ (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
//
- // For variables with the GUID EFI_IMAGE_SECURITY_DATABASE_GUID (i.e. where the data
- // buffer is formatted as EFI_SIGNATURE_LIST), the driver shall not perform an append of
+ // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
// EFI_SIGNATURE_DATA values that are already part of the existing variable value.
//
BufSize = AppendSignatureList (mStorageArea, Variable->CurrPtr->DataSize, Data, DataSize);
@@ -1744,8 +2004,14 @@ UpdateVariable ( //
// Perform garbage collection & reclaim operation.
//
- Status = Reclaim (mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
- &mVariableModuleGlobal->NonVolatileLastVariableOffset, FALSE, Variable->CurrPtr, FALSE);
+ Status = Reclaim (
+ mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
+ &mVariableModuleGlobal->NonVolatileLastVariableOffset,
+ FALSE,
+ Variable,
+ FALSE,
+ FALSE
+ );
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1759,7 +2025,10 @@ UpdateVariable ( Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
- Reclaimed = TRUE;
+ if (Variable->CurrPtr != NULL) {
+ CacheVariable->CurrPtr = (VARIABLE_HEADER *)((UINTN) CacheVariable->StartPtr + ((UINTN) Variable->CurrPtr - (UINTN) Variable->StartPtr));
+ CacheVariable->InDeletedTransitionPtr = NULL;
+ }
}
//
// Four steps
@@ -1859,8 +2128,14 @@ UpdateVariable ( //
// Perform garbage collection & reclaim operation.
//
- Status = Reclaim (mVariableModuleGlobal->VariableGlobal.VolatileVariableBase,
- &mVariableModuleGlobal->VolatileLastVariableOffset, TRUE, Variable->CurrPtr, FALSE);
+ Status = Reclaim (
+ mVariableModuleGlobal->VariableGlobal.VolatileVariableBase,
+ &mVariableModuleGlobal->VolatileLastVariableOffset,
+ TRUE,
+ Variable,
+ FALSE,
+ FALSE
+ );
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1873,7 +2148,10 @@ UpdateVariable ( Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
- Reclaimed = TRUE;
+ if (Variable->CurrPtr != NULL) {
+ CacheVariable->CurrPtr = (VARIABLE_HEADER *)((UINTN) CacheVariable->StartPtr + ((UINTN) Variable->CurrPtr - (UINTN) Variable->StartPtr));
+ CacheVariable->InDeletedTransitionPtr = NULL;
+ }
}
NextVariable->State = VAR_ADDED;
@@ -1897,7 +2175,33 @@ UpdateVariable ( //
// Mark the old variable as deleted.
//
- if (!Reclaimed && !EFI_ERROR (Status) && Variable->CurrPtr != NULL) {
+ if (!EFI_ERROR (Status) && Variable->CurrPtr != NULL) {
+ if (Variable->InDeletedTransitionPtr != NULL) {
+ //
+ // Both ADDED and IN_DELETED_TRANSITION old variable are present,
+ // set IN_DELETED_TRANSITION one to DELETED state first.
+ //
+ State = Variable->InDeletedTransitionPtr->State;
+ State &= VAR_DELETED;
+ Status = UpdateVariableStore (
+ &mVariableModuleGlobal->VariableGlobal,
+ Variable->Volatile,
+ FALSE,
+ Fvb,
+ (UINTN) &Variable->InDeletedTransitionPtr->State,
+ sizeof (UINT8),
+ &State
+ );
+ if (!EFI_ERROR (Status)) {
+ if (!Variable->Volatile) {
+ ASSERT (CacheVariable->InDeletedTransitionPtr != NULL);
+ CacheVariable->InDeletedTransitionPtr->State = State;
+ }
+ } else {
+ goto Done;
+ }
+ }
+
State = Variable->CurrPtr->State;
State &= VAR_DELETED;
@@ -2119,6 +2423,7 @@ VariableServiceGetNextVariableName ( VARIABLE_STORE_TYPE Type;
VARIABLE_POINTER_TRACK Variable;
VARIABLE_POINTER_TRACK VariableInHob;
+ VARIABLE_POINTER_TRACK VariablePtrTrack;
UINTN VarNameSize;
EFI_STATUS Status;
VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax];
@@ -2192,8 +2497,27 @@ VariableServiceGetNextVariableName ( //
// Variable is found
//
- if (Variable.CurrPtr->State == VAR_ADDED) {
- if ((AtRuntime () && ((Variable.CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0)) == 0) {
+ if (Variable.CurrPtr->State == VAR_ADDED || Variable.CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ if (!AtRuntime () || ((Variable.CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) {
+ if (Variable.CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
+ //
+ // If it is a IN_DELETED_TRANSITION variable,
+ // and there is also a same ADDED one at the same time,
+ // don't return it.
+ //
+ VariablePtrTrack.StartPtr = Variable.StartPtr;
+ VariablePtrTrack.EndPtr = Variable.EndPtr;
+ Status = FindVariableEx (
+ GetVariableNamePtr (Variable.CurrPtr),
+ &Variable.CurrPtr->VendorGuid,
+ FALSE,
+ &VariablePtrTrack
+ );
+ if (!EFI_ERROR (Status) && VariablePtrTrack.CurrPtr->State == VAR_ADDED) {
+ Variable.CurrPtr = GetNextVariablePtr (Variable.CurrPtr);
+ continue;
+ }
+ }
//
// Don't return NV variable when HOB overrides it
@@ -2629,6 +2953,7 @@ ReclaimForOS( &mVariableModuleGlobal->NonVolatileLastVariableOffset,
FALSE,
NULL,
+ FALSE,
FALSE
);
ASSERT_EFI_ERROR (Status);
@@ -2760,6 +3085,7 @@ VariableWriteServiceInitialize ( &mVariableModuleGlobal->NonVolatileLastVariableOffset,
FALSE,
NULL,
+ FALSE,
TRUE
);
if (EFI_ERROR (Status)) {
@@ -2898,6 +3224,11 @@ VariableCommonInitialize ( ASSERT(VariableStoreHeader->Size == VariableStoreLength);
//
+ // The max variable or hardware error variable size should be < variable store size.
+ //
+ ASSERT(MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) < VariableStoreLength);
+
+ //
// Parse non-volatile variable data and get last variable offset.
//
NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase);
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h index 6a51bcce..45015836 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h @@ -2,7 +2,7 @@ The internal header file includes the common header files, defines
internal structure and functions used by Variable modules.
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -65,6 +65,13 @@ typedef enum { typedef struct {
VARIABLE_HEADER *CurrPtr;
+ //
+ // If both ADDED and IN_DELETED_TRANSITION variable are present,
+ // InDeletedTransitionPtr will point to the IN_DELETED_TRANSITION one.
+ // Otherwise, CurrPtr will point to the ADDED or IN_DELETED_TRANSITION one,
+ // and InDeletedTransitionPtr will be NULL at the same time.
+ //
+ VARIABLE_HEADER *InDeletedTransitionPtr;
VARIABLE_HEADER *EndPtr;
VARIABLE_HEADER *StartPtr;
BOOLEAN Volatile;
@@ -209,7 +216,7 @@ DataSizeOfVariable ( @param[in] Attributes Attributes of the variable.
@param[in] KeyIndex Index of associated public key.
@param[in] MonotonicCount Value of associated monotonic count.
- @param[in] Variable The variable information that is used to keep track of variable usage.
+ @param[in, out] Variable The variable information that is used to keep track of variable usage.
@param[in] TimeStamp Value of associated TimeStamp.
@@ -226,7 +233,7 @@ UpdateVariable ( IN UINT32 Attributes OPTIONAL,
IN UINT32 KeyIndex OPTIONAL,
IN UINT64 MonotonicCount OPTIONAL,
- IN VARIABLE_POINTER_TRACK *Variable,
+ IN OUT VARIABLE_POINTER_TRACK *Variable,
IN EFI_TIME *TimeStamp OPTIONAL
);
@@ -367,6 +374,38 @@ VariableCommonInitialize ( );
/**
+
+ Variable store garbage collection and reclaim operation.
+
+ If ReclaimPubKeyStore is FALSE, reclaim variable space by deleting the obsoleted varaibles.
+ If ReclaimPubKeyStore is TRUE, reclaim invalid key in public key database and update the PubKeyIndex
+ for all the count-based authenticate variable in NV storage.
+
+ @param[in] VariableBase Base address of variable store.
+ @param[out] LastVariableOffset Offset of last variable.
+ @param[in] IsVolatile The variable store is volatile or not;
+ if it is non-volatile, need FTW.
+ @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure.
+ @param[in] ReclaimPubKeyStore Reclaim for public key database or not.
+ @param[in] ReclaimAnyway If TRUE, do reclaim anyway.
+
+ @return EFI_SUCCESS Reclaim operation has finished successfully.
+ @return EFI_OUT_OF_RESOURCES No enough memory resources.
+ @return EFI_DEVICE_ERROR The public key database doesn't exist.
+ @return Others Unexpect error happened during reclaim operation.
+
+**/
+EFI_STATUS
+Reclaim (
+ IN EFI_PHYSICAL_ADDRESS VariableBase,
+ OUT UINTN *LastVariableOffset,
+ IN BOOLEAN IsVolatile,
+ IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
+ IN BOOLEAN ReclaimPubKeyStore,
+ IN BOOLEAN ReclaimAnyway
+ );
+
+/**
This function reclaims variable storage if free size is below the threshold.
**/
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c index 2ef44e3a..103a1291 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -13,7 +13,7 @@ InitCommunicateBuffer() is really function to check the variable data size.
-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -52,7 +52,51 @@ EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL; UINT8 *mVariableBuffer = NULL;
UINT8 *mVariableBufferPhysical = NULL;
UINTN mVariableBufferSize;
+EFI_LOCK mVariableServicesLock;
+/**
+ Acquires lock only at boot time. Simply returns at runtime.
+
+ This is a temperary function that will be removed when
+ EfiAcquireLock() in UefiLib can handle the call in UEFI
+ Runtimer driver in RT phase.
+ It calls EfiAcquireLock() at boot time, and simply returns
+ at runtime.
+
+ @param Lock A pointer to the lock to acquire.
+
+**/
+VOID
+AcquireLockOnlyAtBootTime (
+ IN EFI_LOCK *Lock
+ )
+{
+ if (!EfiAtRuntime ()) {
+ EfiAcquireLock (Lock);
+ }
+}
+
+/**
+ Releases lock only at boot time. Simply returns at runtime.
+
+ This is a temperary function which will be removed when
+ EfiReleaseLock() in UefiLib can handle the call in UEFI
+ Runtimer driver in RT phase.
+ It calls EfiReleaseLock() at boot time and simply returns
+ at runtime.
+
+ @param Lock A pointer to the lock to release.
+
+**/
+VOID
+ReleaseLockOnlyAtBootTime (
+ IN EFI_LOCK *Lock
+ )
+{
+ if (!EfiAtRuntime ()) {
+ EfiReleaseLock (Lock);
+ }
+}
/**
Initialize the communicate buffer using DataSize and Function.
@@ -169,15 +213,27 @@ RuntimeServiceGetVariable ( if ((*DataSize != 0) && (Data == NULL)) {
return EFI_INVALID_PARAMETER;
}
-
+
+ if (*DataSize >= mVariableBufferSize) {
+ //
+ // DataSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to
+ // overflow to a small value and pass the check in InitCommunicateBuffer().
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if DataSize is >= mVariableBufferSize.
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
- // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize + DataSize.
+ // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
//
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + StrSize (VariableName) + *DataSize;
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize, SMM_VARIABLE_FUNCTION_GET_VARIABLE);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmVariableHeader != NULL);
@@ -205,11 +261,13 @@ RuntimeServiceGetVariable ( }
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
CopyMem (Data, (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize, SmmVariableHeader->DataSize);
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -242,7 +300,19 @@ RuntimeServiceGetNextVariableName ( if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
return EFI_INVALID_PARAMETER;
}
-
+
+ if (*VariableNameSize >= mVariableBufferSize) {
+ //
+ // VariableNameSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to
+ // overflow to a small value and pass the check in InitCommunicateBuffer().
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if VariableNameSize is >= mVariableBufferSize.
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
@@ -250,7 +320,7 @@ RuntimeServiceGetNextVariableName ( PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + *VariableNameSize;
Status = InitCommunicateBuffer ((VOID **)&SmmGetNextVariableName, PayloadSize, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmGetNextVariableName != NULL);
@@ -268,12 +338,14 @@ RuntimeServiceGetNextVariableName ( //
*VariableNameSize = SmmGetNextVariableName->NameSize;
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
CopyGuid (VendorGuid, &SmmGetNextVariableName->Guid);
CopyMem (VariableName, SmmGetNextVariableName->Name, SmmGetNextVariableName->NameSize);
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -321,7 +393,19 @@ RuntimeServiceSetVariable ( if (DataSize != 0 && Data == NULL) {
return EFI_INVALID_PARAMETER;
}
-
+
+ if (DataSize >= mVariableBufferSize) {
+ //
+ // DataSize may be near MAX_ADDRESS incorrectly, this can cause the computed PayLoadSize to
+ // overflow to a small value and pass the check in InitCommunicateBuffer().
+ // To protect against this vulnerability, return EFI_INVALID_PARAMETER if DataSize is >= mVariableBufferSize.
+ // And there will be further check to ensure the total size is also not > mVariableBufferSize.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
@@ -329,7 +413,7 @@ RuntimeServiceSetVariable ( PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + StrSize (VariableName) + DataSize;
Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize, SMM_VARIABLE_FUNCTION_SET_VARIABLE);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmVariableHeader != NULL);
@@ -344,7 +428,9 @@ RuntimeServiceSetVariable ( // Send data to SMM.
//
Status = SendCommunicateBuffer (PayloadSize);
-
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
@@ -382,7 +468,9 @@ RuntimeServiceQueryVariableInfo ( if(MaximumVariableStorageSize == NULL || RemainingVariableStorageSize == NULL || MaximumVariableSize == NULL || Attributes == 0) {
return EFI_INVALID_PARAMETER;
}
-
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize;
@@ -390,7 +478,7 @@ RuntimeServiceQueryVariableInfo ( PayloadSize = sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
Status = InitCommunicateBuffer ((VOID **)&SmmQueryVariableInfo, PayloadSize, SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
ASSERT (SmmQueryVariableInfo != NULL);
@@ -401,7 +489,7 @@ RuntimeServiceQueryVariableInfo ( //
Status = SendCommunicateBuffer (PayloadSize);
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
//
@@ -410,8 +498,10 @@ RuntimeServiceQueryVariableInfo ( *MaximumVariableSize = SmmQueryVariableInfo->MaximumVariableSize;
*MaximumVariableStorageSize = SmmQueryVariableInfo->MaximumVariableStorageSize;
*RemainingVariableStorageSize = SmmQueryVariableInfo->RemainingVariableStorageSize;
-
- return EFI_SUCCESS;
+
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+ return Status;
}
@@ -608,7 +698,9 @@ VariableSmmRuntimeInitialize ( VOID *SmmVariableWriteRegistration;
EFI_EVENT OnReadyToBootEvent;
EFI_EVENT ExitBootServiceEvent;
-
+
+ EfiInitializeLock (&mVariableServicesLock, TPL_NOTIFY);
+
//
// Smm variable service is ready
//
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index df7ff37a..ae4b71bf 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,7 +1,7 @@ /** @file
VFR file used by the SecureBoot configuration component.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -32,7 +32,12 @@ formset title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
-
+
+ text
+ help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP),
+ text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT),
+ text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT);
+
//
// Define of Check Box: Attempt Secure Boot
//
@@ -47,7 +52,7 @@ formset // Display of Check Box: Attempt Secure Boot
//
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
- checkbox varid = SECUREBOOT_CONFIGURATION.SecureBootState,
+ checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot,
questionid = KEY_SECURE_BOOT_ENABLE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index c56a3117..51da86b6 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1,7 +1,7 @@ /** @file
HII Config Access protocol implementation of SecureBoot configuration module.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -253,6 +253,7 @@ DeleteVariable ( if (Variable == NULL) {
return EFI_SUCCESS;
}
+ FreePool (Variable);
Data = NULL;
DataSize = 0;
@@ -279,6 +280,31 @@ DeleteVariable ( }
/**
+
+ Set the platform secure boot mode into "Custom" or "Standard" mode.
+
+ @param[in] SecureBootMode New secure boot mode: STANDARD_SECURE_BOOT_MODE or
+ CUSTOM_SECURE_BOOT_MODE.
+
+ @return EFI_SUCCESS The platform has switched to the special mode successfully.
+ @return other Fail to operate the secure boot mode.
+
+**/
+EFI_STATUS
+SetSecureBootMode (
+ IN UINT8 SecureBootMode
+ )
+{
+ return gRT->SetVariable (
+ EFI_CUSTOM_MODE_NAME,
+ &gEfiCustomModeEnableGuid,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof (UINT8),
+ &SecureBootMode
+ );
+}
+
+/**
Generate the PK signature list from the X509 Certificate storing file (.cer)
@param[in] X509File FileHandle of X509 Certificate storing file.
@@ -380,6 +406,11 @@ EnrollPlatformKey ( PkCert = NULL;
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Parse the file's postfix. Only support DER encoded X.509 certificate files.
//
@@ -457,6 +488,11 @@ DeletePlatformKey ( {
EFI_STATUS Status;
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
Status = DeleteVariable (
EFI_PLATFORM_KEY_NAME,
&gEfiGlobalVariableGuid
@@ -766,11 +802,17 @@ EnrollKeyExchangeKey ( )
{
UINT16* FilePostFix;
+ EFI_STATUS Status;
if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
}
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Parse the file's postfix. Supports DER-encoded X509 certificate,
// and .pbk as RSA public key file.
@@ -1508,11 +1550,17 @@ EnrollSignatureDatabase ( )
{
UINT16* FilePostFix;
+ EFI_STATUS Status;
if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {
return EFI_INVALID_PARAMETER;
}
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Parse the file's postfix.
//
@@ -1659,6 +1707,8 @@ UpdateDeletePage ( //
// The signature type is not supported in current implementation.
//
+ ItemDataSize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
continue;
}
@@ -1756,6 +1806,11 @@ DeleteKeyExchangeKey ( Cert = NULL;
Attr = 0;
DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID;
+
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
//
// Get original KEK variable.
@@ -1944,6 +1999,11 @@ DeleteSignature ( Cert = NULL;
Attr = 0;
+ Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
//
// Get original signature list data.
//
@@ -2103,23 +2163,25 @@ SecureBootExtractConfigFromVariable ( {
UINT8 *SecureBootEnable;
UINT8 *SetupMode;
- UINT8 *SecureBoot;
UINT8 *SecureBootMode;
SecureBootEnable = NULL;
SetupMode = NULL;
- SecureBoot = NULL;
SecureBootMode = NULL;
//
// If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
// Checkbox.
//
+ ConfigData->AttemptSecureBoot = FALSE;
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (SecureBootEnable == NULL) {
ConfigData->HideSecureBoot = TRUE;
} else {
ConfigData->HideSecureBoot = FALSE;
+ if ((*SecureBootEnable) == SECURE_BOOT_ENABLE) {
+ ConfigData->AttemptSecureBoot = TRUE;
+ }
}
//
@@ -2140,16 +2202,6 @@ SecureBootExtractConfigFromVariable ( } else {
ConfigData->HasPk = TRUE;
}
-
- //
- // If the value of SecureBoot variable is 1, the platform is operating in secure boot mode.
- //
- GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);
- if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
- ConfigData->SecureBootState = TRUE;
- } else {
- ConfigData->SecureBootState = FALSE;
- }
//
// Get the SecureBootMode from CustomMode variable.
@@ -2160,7 +2212,16 @@ SecureBootExtractConfigFromVariable ( } else {
ConfigData->SecureBootMode = *(SecureBootMode);
}
-
+
+ if (SecureBootEnable != NULL) {
+ FreePool (SecureBootEnable);
+ }
+ if (SetupMode != NULL) {
+ FreePool (SetupMode);
+ }
+ if (SecureBootMode != NULL) {
+ FreePool (SecureBootMode);
+ }
}
/**
@@ -2206,6 +2267,7 @@ SecureBootExtractConfig ( EFI_STRING ConfigRequestHdr;
SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
BOOLEAN AllocatedRequest;
+ UINT8 *SecureBoot;
if (Progress == NULL || Results == NULL) {
return EFI_INVALID_PARAMETER;
@@ -2215,6 +2277,7 @@ SecureBootExtractConfig ( ConfigRequestHdr = NULL;
ConfigRequest = NULL;
Size = 0;
+ SecureBoot = NULL;
ZeroMem (&Configuration, sizeof (Configuration));
PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
@@ -2228,6 +2291,19 @@ SecureBootExtractConfig ( // Get Configuration from Variable.
//
SecureBootExtractConfigFromVariable (&Configuration);
+
+ //
+ // Update current secure boot state.
+ //
+ GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL);
+ if (SecureBoot != NULL && *SecureBoot == SECURE_BOOT_MODE_ENABLE) {
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL);
+ } else {
+ HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL);
+ }
+ if (SecureBoot != NULL) {
+ FreePool (SecureBoot);
+ }
BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
ConfigRequest = Request;
@@ -2355,15 +2431,21 @@ SecureBootCallback ( SECUREBOOT_CONFIGURATION *IfrNvData;
UINT16 LabelId;
UINT8 *SecureBootEnable;
+ UINT8 *SecureBootMode;
+ UINT8 *SetupMode;
CHAR16 PromptString[100];
SecureBootEnable = NULL;
+ SecureBootMode = NULL;
+ SetupMode = NULL;
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
}
- if ((Action != EFI_BROWSER_ACTION_CHANGED) && (Action != EFI_BROWSER_ACTION_CHANGING)) {
+ if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
+ (Action != EFI_BROWSER_ACTION_CHANGING) &&
+ (Action != EFI_BROWSER_ACTION_FORM_CLOSE)) {
return EFI_UNSUPPORTED;
}
@@ -2388,6 +2470,7 @@ SecureBootCallback ( case KEY_SECURE_BOOT_ENABLE:
GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);
if (NULL != SecureBootEnable) {
+ FreePool (SecureBootEnable);
if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
@@ -2400,11 +2483,10 @@ SecureBootCallback ( CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
- L"Secure boot configuration is changed, please reset the platform to take effect!",
+ L"Configuration changed, please reset the platform to take effect!",
NULL
);
}
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
break;
@@ -2461,10 +2543,26 @@ SecureBootCallback ( break;
case KEY_SECURE_BOOT_DELETE_PK:
- if (Value->u8) {
+ if (Value->u8) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Are you sure you want to delete PK? Secure boot will be disabled!",
+ L"Press 'Y' to delete PK and exit, 'N' to discard change and return",
+ NULL
+ );
+ if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') {
Status = DeletePlatformKey ();
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"Only Physical Presence User could delete PK in custom mode!",
+ NULL
+ );
+ }
}
+ }
break;
case KEY_DELETE_KEK:
@@ -2547,7 +2645,7 @@ SecureBootCallback ( } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (QuestionId) {
case KEY_SECURE_BOOT_ENABLE:
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
break;
case KEY_VALUE_SAVE_AND_EXIT_PK:
Status = EnrollPlatformKey (Private);
@@ -2588,8 +2686,8 @@ SecureBootCallback ( break;
case KEY_SECURE_BOOT_MODE:
- GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootEnable, NULL);
- if (NULL != SecureBootEnable) {
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);
+ if (NULL != SecureBootMode) {
Status = gRT->SetVariable (
EFI_CUSTOM_MODE_NAME,
&gEfiCustomModeEnableGuid,
@@ -2599,6 +2697,7 @@ SecureBootCallback ( );
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
IfrNvData->SecureBootMode = Value->u8;
+ FreePool (SecureBootMode);
}
break;
@@ -2619,11 +2718,33 @@ SecureBootCallback ( break;
case KEY_SECURE_BOOT_DELETE_PK:
- if (Value->u8) {
+ GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL);
+ if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) {
+ IfrNvData->DeletePk = TRUE;
+ IfrNvData->HasPk = FALSE;
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
+ } else {
+ IfrNvData->DeletePk = FALSE;
+ IfrNvData->HasPk = TRUE;
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
+ }
+ if (SetupMode != NULL) {
+ FreePool (SetupMode);
}
break;
}
+ } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) {
+ //
+ // Force the platform back to Standard Mode once user leave the setup screen.
+ //
+ GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL);
+ if (NULL != SecureBootMode && *SecureBootMode == CUSTOM_SECURE_BOOT_MODE) {
+ IfrNvData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;
+ SetSecureBootMode(STANDARD_SECURE_BOOT_MODE);
+ }
+ if (SecureBootMode != NULL) {
+ FreePool (SecureBootMode);
+ }
}
if (!EFI_ERROR (Status)) {
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h index 6015dd63..ea431929 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -1,7 +1,7 @@ /** @file
Header file for NV data structure definition.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -106,7 +106,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // Nv Data structure referenced by IFR
//
typedef struct {
- BOOLEAN SecureBootState; //Secure Boot Disable/Enable;
+ BOOLEAN AttemptSecureBoot; //Attempt to enable/disable Secure Boot.
BOOLEAN HideSecureBoot; //Hiden Attempt Secure Boot
CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
BOOLEAN PhysicalPresent; //If a Physical Present User;
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni Binary files differindex ed4db131..8a4cb36f 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni |