From nobody Tue Feb 10 12:58:25 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1520883040286376.86051394214803; Mon, 12 Mar 2018 12:30:40 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id AF9572264D22E; Mon, 12 Mar 2018 12:24:10 -0700 (PDT) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8E1BC226462EF for ; Mon, 12 Mar 2018 12:24:06 -0700 (PDT) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Mar 2018 12:30:26 -0700 Received: from mdkinney-mobl2.amr.corp.intel.com ([10.241.98.52]) by fmsmga005.fm.intel.com with ESMTP; 12 Mar 2018 12:30:26 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,462,1515484800"; d="scan'208";a="210877333" From: "Kinney, Michael D" To: edk2-devel@lists.01.org Date: Mon, 12 Mar 2018 12:30:15 -0700 Message-Id: <20180312193017.15156-4-michael.d.kinney@intel.com> X-Mailer: git-send-email 2.14.2.windows.3 In-Reply-To: <20180312193017.15156-1-michael.d.kinney@intel.com> References: <20180312193017.15156-1-michael.d.kinney@intel.com> Subject: [edk2] [Patch 3/5] SecurityPkg/EdkiiSystemCapsuleLib: Use PcdPkcs7CertBufferXdr X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael D Kinney , Jiewen Yao , Chao Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.tianocore.org/show_bug.cgi?id=3D891 Use both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr to authenticate a capsule. The capsule fails authentication if none of the certificates in PcdPkcs7CertBuffer or PcdPkcs7CertBufferXdr pass. Cc: Sean Brogan Cc: Chao Zhang Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney --- .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c | 77 ++++++++++++++++++= +--- .../EdkiiSystemCapsuleLib.inf | 3 +- 2 files changed, 70 insertions(+), 10 deletions(-) diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCaps= uleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsul= eLib.c index 876d2257b3..5217a63082 100644 --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c @@ -6,7 +6,7 @@ CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will re= ceive untrusted input and do basic validation. =20 - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BS= D License which accompanies this distribution. The full text of the license may b= e found at @@ -370,6 +370,8 @@ ExtractAuthenticatedImage ( GUID *CertType; VOID *PublicKeyData; UINTN PublicKeyDataLength; + UINT8 *PublicKeyDataXdr; + UINT8 *PublicKeyDataXdrEnd; =20 DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n= ", (UINTN)Image, (UINTN)ImageSize)); =20 @@ -410,21 +412,78 @@ ExtractAuthenticatedImage ( if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) { PublicKeyData =3D PcdGetPtr(PcdPkcs7CertBuffer); PublicKeyDataLength =3D PcdGetSize(PcdPkcs7CertBuffer); + + ASSERT (PublicKeyData !=3D NULL); + ASSERT (PublicKeyDataLength !=3D 0); + + Status =3D AuthenticateFmpImage( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + if (EFI_ERROR (Status)) { + PublicKeyDataXdr =3D PcdGetPtr (PcdPkcs7CertBufferXdr); + PublicKeyDataXdrEnd =3D PublicKeyDataXdr + PcdGetSize (PcdPkcs7CertB= ufferXdr); + + ASSERT (PublicKeyDataXdr !=3D NULL); + ASSERT (PublicKeyDataXdr !=3D PublicKeyDataXdrEnd); + + // + // Try each key from PcdPkcs7CertBufferXdr + // + while (PublicKeyDataXdr < PublicKeyDataXdrEnd) { + if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + // + // Read key length stored in big endian format + // + PublicKeyDataLength =3D SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr)= ); + // + // Point to the start of the key data + // + PublicKeyDataXdr +=3D sizeof (UINT32); + if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) { + // + // Key data extends beyond end of PCD + // + break; + } + PublicKeyData =3D PublicKeyDataXdr; + Status =3D AuthenticateFmpImage ( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + if (!EFI_ERROR (Status)) { + break; + } + PublicKeyDataXdr +=3D PublicKeyDataLength; + PublicKeyDataXdr =3D (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, siz= eof(UINT32)); + } + } } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) { PublicKeyData =3D PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer); PublicKeyDataLength =3D PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer); + + ASSERT (PublicKeyData !=3D NULL); + ASSERT (PublicKeyDataLength !=3D 0); + + Status =3D AuthenticateFmpImage( + ImageAuth, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); } else { return FALSE; } - ASSERT (PublicKeyData !=3D NULL); - ASSERT (PublicKeyDataLength !=3D 0); =20 - Status =3D AuthenticateFmpImage( - ImageAuth, - ImageSize, - PublicKeyData, - PublicKeyDataLength - ); switch (Status) { case RETURN_SUCCESS: *LastAttemptStatus =3D LAST_ATTEMPT_STATUS_SUCCESS; diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCaps= uleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCaps= uleLib.inf index a721619a67..2b18d918d1 100644 --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.= inf +++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.= inf @@ -3,7 +3,7 @@ # # EDKII System Capsule library instance for DXE/PEI post memory phase. # -# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the B= SD License # which accompanies this distribution. The full text of the license may = be found at @@ -52,6 +52,7 @@ [Pcd] gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiSystemFirmwareFileGuid = ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer = ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer = ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr = ## CONSUMES =20 [Guids] gEdkiiSystemFirmwareImageDescriptorFileGuid ## SOMETIMES_CONSUM= ES ## GUID --=20 2.14.2.windows.3 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel