From nobody Thu May 16 09:33:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106027+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106027+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1686607064; cv=none; d=zohomail.com; s=zohoarc; b=eg9qCsHkygEvSdM7DCN96IunFY1eZy9JFb/vUXO/7RhJ5TXTM+kQ2omjNYNE3AJQvzErgwHpTgHOxBxCoU9cZgBdWD4iZ2bUVH5U+eJTyS6IV3nhvFTKW7GlK+eGGEoe+5jcLfjsdS1UDOAs2AfuwJ1KscRmY43LMXMa3sa337w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1686607064; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=wBjt212YImY60cdq4ehrjCy1uyduZcNMM33zTPSeo/E=; b=ghNPVOPQ6PxfRd+FVdpUkLAcyIyAwauMW/YRqdt9aJwTmwmAmCs81VQONmsJ5iWZ70Gn+/XfGV23mepDUkTGZ+lxrSx3Hqcau6/0QSsEBBC//EiGud8XzVmAOQbtuuIeBQ9MfKq0+OqEmV4XeF65n8XrdmpVj3GGe5yVEIY6wik= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106027+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1686607064253716.0623484301703; Mon, 12 Jun 2023 14:57:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id NUWjYY1788612xC9ZRQspilS; Mon, 12 Jun 2023 14:57:43 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.72950.1686607063270223432 for ; Mon, 12 Jun 2023 14:57:43 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 390F41FB; Mon, 12 Jun 2023 14:58:27 -0700 (PDT) X-Received: from abhsin07-ThinkStation-P720.austin.arm.com (abhsin07-ThinkStation-P720.austin.arm.com [10.118.30.31]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 20A533F587; Mon, 12 Jun 2023 14:57:42 -0700 (PDT) From: "Abhimanyu Singh" To: devel@edk2.groups.io Cc: Abhi Singh , Jian J Wang , Liming Gao , Michael Kubacki Subject: [edk2-devel] [PATCH v2] MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state Date: Mon, 12 Jun 2023 16:57:34 -0500 Message-Id: <20230612215734.77523-1-Abhi.Singh@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,Abhi.Singh@arm.com X-Gm-Message-State: dAkri9yWzbQkGuWZP63kVIdFx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1686607063; bh=3oLWAmZi40Xzhxx/fhsJXDL1/XpPUVqUB7o2bdJvCsw=; h=Cc:Date:From:Reply-To:Subject:To; b=c9Qg2HO7Lsh9ZEb3hNvpvh0hVdQy1+XznaW9AmIGTvZzxHcb8j9ImbkiHAK9qrbror3 zef0YlOD0MtBCMt3pcs9yv6pVpPLCU6pEggi+lKDUZgkPgrSTaioq3C2tYJJpAKW9DQxX RNkjO/MP27it3yc7HCPKhUwDF1z8zLk37SM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1686607066221100001 Content-Type: text/plain; charset="utf-8" From: Abhi Singh REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4410 REPO: https://github.com/tianocore/edk2/commit/7c9e1303fce5d49f8b597b4afd99= ed855faaffaa=20 Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function contains a scenario to prevent a possible dictionary attack on the MorLock Key in accordance with the TCG Platform Reset Mitigation Spec v1.10. The mechanism to prevent this attack must also change the MorLock Variable Value to 0x01 to indicate Locked Without Key. ASSERT_EFI_ERROR is added for error visibility since SetMorLockVariable returns a status code Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Abhi Singh Acked-by: Michael Kubacki --- Notes: v2: - capturing return status of SetMorLockVariable with ASSERT_EFI_ERROR for visibility [Michael] MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/M= deModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c index da1105ff07..28e8cc55d9 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c @@ -312,6 +312,11 @@ SetVariableCheckHandlerMorLock ( mMorLockState =3D MorLockStateLocked; mMorLockKeyEmpty =3D TRUE; ZeroMem (mMorLockKey, sizeof (mMorLockKey)); + // + // Update value to reflect locked without key + // + Status =3D SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY); + ASSERT_EFI_ERROR (Status); return EFI_ACCESS_DENIED; } } --=20 2.34.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106027): https://edk2.groups.io/g/devel/message/106027 Mute This Topic: https://groups.io/mt/99493783/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-