From nobody Sat Apr 27 00:40:10 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56132+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56132+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585031728; cv=none; d=zohomail.com; s=zohoarc; b=GOinnrVoMLUss4x8D31xeEtFtapcWDYQhhI0n2f2EDkZvu9I4u0DeMe1d7kItk3J/o5dBsosdpjILf6Y5tF/Rm3Aw/pSGRI0YUbanIOUFQTr5Goj3DXfOhBmLzMY6E2S6FKbHHDhDJSh7X60p0aS9PLFnRb/WmwXnUb8HokamMs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585031728; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=K2Ups/FOaAd5N6vUJUtNXsyZLcerbPMeFSuFMYciwfE=; b=DOOYahueh6x/wAVp998CYuPBND16Y7EiupZc62zid5obTZ9Jlpyl/URcYlbyxP382NdLA056MUspcoi1qD3Bgu6WD4w5fdadR3Yw3WncYwX6bNllH3flr6fsFmZriJTtqG4MsyklntFvlHhDqa6brv+VOIEo9B40fH6u0FNDOBA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56132+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585031728749133.08152816320194; Mon, 23 Mar 2020 23:35:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KmRYYY1788612xBwVUESlPHP; Mon, 23 Mar 2020 23:35:28 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.904.1585031726443990374 for ; Mon, 23 Mar 2020 23:35:28 -0700 IronPort-SDR: FWA35FGR/an8BjK0yzq4uXhyzEVbIn9PQmhEg3qFP9P3O04msf0pszYH2mWLevfqNxZyqakosL GyszMgIa1/HA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2020 23:35:27 -0700 IronPort-SDR: VhctVUliIghjGWvSrKpq61vol6rw8qpxR0NAR8ywPKNmJWyRTfKlKaJQ+c/rC8sq9BNyaF/t4T fzD+YI1GtXug== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,299,1580803200"; d="scan'208";a="393178612" X-Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78]) by orsmga004.jf.intel.com with ESMTP; 23 Mar 2020 23:35:26 -0700 From: "Wang, Jian J" To: devel@edk2.groups.io Cc: Jiewen Yao , Chao Zhang , Nishant C Mistry Subject: [edk2-devel] [PATCH v4 1/3] SecurityPkg: add RpmcLib and VariableKeyLib public headers Date: Tue, 24 Mar 2020 14:35:21 +0800 Message-Id: <20200324063523.336-2-jian.j.wang@intel.com> In-Reply-To: <20200324063523.336-1-jian.j.wang@intel.com> References: <20200324063523.336-1-jian.j.wang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jian.j.wang@intel.com X-Gm-Message-State: UmaaVeTOoKzPC55Gb1i6HtFMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585031728; bh=w68Ks0LI0B4wW34AO3DfiviKgmQoA7YZ63hmh4FJ36c=; h=Cc:Date:From:Reply-To:Subject:To; b=DLLoghDFe9nix+ee+muBUdj8q67KdBF3l8X8UOjTaqyWhmnmS2zDefwJaeXgykbVQ+t MEclPA5JfykSEfd/cx/sCCkAYg0kR+J7mYX8ZLM4kLuq7CgDbWSelzXFr9X4pgzdnS58r mqvKHSKIZn0ZDoq3u4iRrhC86OUo+Nn5d2o= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" > v4: remove CounterId which should not be exposed REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 RpmcLib.h and VariableKeyLib.h are header files required to access RPMC device and Key generator from platform. They will be used to ensure the integrity and confidentiality of NV variables. Cc: Jiewen Yao Cc: Chao Zhang Cc: Nishant C Mistry Signed-off-by: Jian J Wang --- SecurityPkg/Include/Library/RpmcLib.h | 42 ++++++++++++++ SecurityPkg/Include/Library/VariableKeyLib.h | 59 ++++++++++++++++++++ SecurityPkg/SecurityPkg.dec | 8 +++ 3 files changed, 109 insertions(+) create mode 100644 SecurityPkg/Include/Library/RpmcLib.h create mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Li= brary/RpmcLib.h new file mode 100644 index 0000000000..8e3868516c --- /dev/null +++ b/SecurityPkg/Include/Library/RpmcLib.h @@ -0,0 +1,42 @@ +/** @file + Public definitions for the Replay Protected Monotonic Counter (RPMC) Lib= rary. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _RPMC_LIB_H_ +#define _RPMC_LIB_H_ + +#include + +/** + Requests the monotonic counter from the designated RPMC counter. + + @param[out] CounterValue A pointer to a buffer to store the= RPMC value. + + @retval EFI_SUCCESS The operation completed successful= ly. + @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +RequestMonotonicCounter ( + OUT UINT32 *CounterValue + ); + +/** + Increments the monotonic counter in the SPI flash device by 1. + + @retval EFI_SUCCESS The operation completed successful= ly. + @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +IncrementMonotonicCounter ( + VOID + ); + +#endif \ No newline at end of file diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Inc= lude/Library/VariableKeyLib.h new file mode 100644 index 0000000000..fe642b3d66 --- /dev/null +++ b/SecurityPkg/Include/Library/VariableKeyLib.h @@ -0,0 +1,59 @@ +/** @file + Public definitions for Variable Key Library. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _VARIABLE_KEY_LIB_H_ +#define _VARIABLE_KEY_LIB_H_ + +#include + +/** + Retrieves the variable root key. + + @param[out] VariableRootKey A pointer to pointer for the var= iable root key buffer. + @param[in,out] VariableRootKeySize The size in bytes of the variabl= e root key. + + @retval EFI_SUCCESS The variable root key was returned. + @retval EFI_DEVICE_ERROR An error occurred while attempting= to get the variable root key. + @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. + @retval EFI_UNSUPPORTED The variable root key is not suppo= rted in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +GetVariableRootKey ( + OUT VOID **VariableRootKey, + IN OUT UINTN *VariableRootKeySize + ); + +/** + Regenerates the variable root key. + + @retval EFI_SUCCESS The variable root key was regenera= ted successfully. + @retval EFI_DEVICE_ERROR An error occurred while attempting= to regenerate the root key. + @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. + @retval EFI_UNSUPPORTED Key regeneration is not supported = in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +RegenerateKey ( + VOID + ); + +/** + Locks the regenerate key interface. + + @retval EFI_SUCCESS The key interface was locked succe= ssfully. + @retval EFI_UNSUPPORTED Locking the key interface is not s= upported in the current boot configuration. + @retval Others An error occurred while attempting= to lock the key interface. +**/ +EFI_STATUS +EFIAPI +LockKeyInterface ( + VOID + ); + +#endif \ No newline at end of file diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 5335cc5397..2cdfb02cc5 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -76,6 +76,14 @@ # TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h =20 + ## @libraryclass Provides interfaces to access RPMC device. + # + RpmcLib|Include/Library/RpmcLib.h + + ## @libraryclass Provides interfaces to access variable root key. + # + VariableKeyLib|Include/Library/VariableKeyLib.h + [Guids] ## Security package token space guid. # Include/Guid/SecurityPkgTokenSpace.h --=20 2.24.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56132): https://edk2.groups.io/g/devel/message/56132 Mute This Topic: https://groups.io/mt/72512084/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 27 00:40:10 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56133+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56133+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585031730; cv=none; d=zohomail.com; s=zohoarc; b=WhwFtq5KNuauJEojV7jD1ee1fhjTeSU+3dy2kJ968PsSSpvixKoyLIMKpz8hu2ntvFFIVIC4ymrIIFxICgs7i0evOyyzhPwPs2Or+v4/XGbPZRSfyG4o2DFIyJuFo9FmpQoBPTc1aC3158rz2NKkVXnasDNs6AzIMqEeTwEtN+Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585031730; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=dASQYAKcRM5PiLgnHteaGz4VaBdLZqNWVCqbwOK77kQ=; b=FqLmvuVz1242/UrWeBz0M3GP2Ueq39lacBo4aPlfibDbiXfuYx8/S80B/SQzMO+jqcdr0S2CxzTANygZSZwh8dA1KBazUSwvGOtdzEefHrVj98vdckSJTuj47GcGJ5VvYfu1tpNdWTqoQTUX9+5MIdfVSDIbXi1TK+7OvtkLZv8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56133+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1585031730556261.2605074642264; Mon, 23 Mar 2020 23:35:30 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id UhVgYY1788612xQ068pcWSWM; Mon, 23 Mar 2020 23:35:30 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.904.1585031726443990374 for ; Mon, 23 Mar 2020 23:35:29 -0700 IronPort-SDR: wcVladnqtwtSbCUhTh0kWZtnSG3MuApHS0iQgYadNqq528/diNVKTInYdBoXhWV/MFP1AHCh4h tWIhImMiWBXg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2020 23:35:29 -0700 IronPort-SDR: VeGIo/OVjgH3WlL3HDXUy9wCblN5hIO511al2fUoF2nCTQlWsEemoKUlEMed1rjxu+kbxWG4HZ qD1n0q016iUA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,299,1580803200"; d="scan'208";a="393178624" X-Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78]) by orsmga004.jf.intel.com with ESMTP; 23 Mar 2020 23:35:28 -0700 From: "Wang, Jian J" To: devel@edk2.groups.io Cc: Jiewen Yao , Chao Zhang , Nishant C Mistry Subject: [edk2-devel] [PATCH v4 2/3] SecurityPkg: add null version of RpmcLib Date: Tue, 24 Mar 2020 14:35:22 +0800 Message-Id: <20200324063523.336-3-jian.j.wang@intel.com> In-Reply-To: <20200324063523.336-1-jian.j.wang@intel.com> References: <20200324063523.336-1-jian.j.wang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jian.j.wang@intel.com X-Gm-Message-State: 753yjPkvcx9QreVYtK0pU3qPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585031730; bh=nxV4jYA+9u92s4gBxAeMLKFWkIUfYFUybnOfZkTnOPQ=; h=Cc:Date:From:Reply-To:Subject:To; b=cv2Z1UPvvK3tC94hlaOchnN73h4DGNbFU+TTfZNT1L7CtFD+6ZPotm8PRdD5k2yJoe+ F3MuIjhMOxoQMycxWVIeoWW1MO354F6ruWbrOm3ySrSHmc1ZD9sV4tzunvPc1WrfSBasX 8tJTPMhsBqvt9xaKHHTkP9+0VIYYlTtE6Gw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" > v4: remove CounterId which should not be exposed REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Add null version of RpmcLib instance. The full version should be provided by platform which supports RPMC device. Cc: Jiewen Yao Cc: Chao Zhang Cc: Nishant C Mistry Signed-off-by: Jian J Wang --- SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 47 +++++++++++++++++++ .../Library/RpmcLibNull/RpmcLibNull.inf | 33 +++++++++++++ SecurityPkg/SecurityPkg.dsc | 6 +++ 3 files changed, 86 insertions(+) create mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c create mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c b/SecurityPkg/Li= brary/RpmcLibNull/RpmcLibNull.c new file mode 100644 index 0000000000..e1dd09eb10 --- /dev/null +++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c @@ -0,0 +1,47 @@ +/** @file + NULL RpmcLib instance for build purpose. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Requests the monotonic counter from the designated RPMC counter. + + @param[out] CounterValue A pointer to a buffer to store the= RPMC value. + + @retval EFI_SUCCESS The operation completed successful= ly. + @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +RequestMonotonicCounter ( + OUT UINT32 *CounterValue + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + Increments the monotonic counter in the SPI flash device by 1. + + @retval EFI_SUCCESS The operation completed successful= ly. + @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +IncrementMonotonicCounter ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf b/SecurityPkg/= Library/RpmcLibNull/RpmcLibNull.inf new file mode 100644 index 0000000000..500edfa87d --- /dev/null +++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf @@ -0,0 +1,33 @@ +## @file +# Provides Null version of RpmcLib for build purpose. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D RpmcLibNull + FILE_GUID =3D FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D RpmcLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 Arm AArch64 +# + +[Sources] + RpmcLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index a2eeadda7a..97e0e7ed6e 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -64,6 +64,7 @@ TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi= b.inf TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi= b.inf ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSyst= emLibNull.inf + RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf =20 [LibraryClasses.ARM] # @@ -217,6 +218,11 @@ SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf =20 + # + # Variable Confidentiality & Integrity + # + SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf + # # Other # --=20 2.24.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56133): https://edk2.groups.io/g/devel/message/56133 Mute This Topic: https://groups.io/mt/72512085/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 27 00:40:10 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+56134+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56134+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1585031732; cv=none; d=zohomail.com; s=zohoarc; b=PEW5GTN3/2oDptkBhXL3keBh4IdLAF9X60AjufGyL/YwO5rG9k6X6bZUu4LR9ZpY1AwTGqXIlKUlCM8NuVQ9RLBdSujVXPcQSMf9J6/rnju5TUp0t73v+tD2ZKsdR4yuqt4XYZfny1T8hGvwee/ZiK+ymJ2waZxUhfyTD2ECJO4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585031732; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=T6slM2Im0NLUf1ifDl/1rkHwBkc5Mf5H33BQFaNnqB8=; b=K9em9N0eVUi3aVuR+7lW0e+VH3aetJD+3b704tQg0ax1KH83X+IG2spRyAdkkQoK4d4CrIE0ReUCslpBAXyMMfWbtFpqHtESBPhamPiFbV3sa0tlNTkl6z9uHrz97iKuOMD7svd0wHXwUuMbVcBdThLeO/eSJpBQAGg/6JkeQ6Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+56134+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 158503173263279.92360382395157; Mon, 23 Mar 2020 23:35:32 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 2CwDYY1788612x8MkimGh97f; Mon, 23 Mar 2020 23:35:32 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web11.904.1585031726443990374 for ; Mon, 23 Mar 2020 23:35:31 -0700 IronPort-SDR: DVa+qVtiszfvoqxaOtyl6kRBPV3xMDcSYR2Pt/+XGEJ+udRxKwtymicik4cfyEjWmT7FjcoGSJ 9JWduvr/kcrg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2020 23:35:31 -0700 IronPort-SDR: 2Lfiw08LjIEzwHkoCMppNXUdTkhsh91LFUZyyZymP0Ey2is0IsVnfJnFvD0bCLktHRx6Es5HFB Wrh3NpRiCv/g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,299,1580803200"; d="scan'208";a="393178636" X-Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78]) by orsmga004.jf.intel.com with ESMTP; 23 Mar 2020 23:35:29 -0700 From: "Wang, Jian J" To: devel@edk2.groups.io Cc: Jiewen Yao , Chao Zhang , Nishant C Mistry Subject: [edk2-devel] [PATCH v4 3/3] SecurityPkg: add null version of VariableKeyLib Date: Tue, 24 Mar 2020 14:35:23 +0800 Message-Id: <20200324063523.336-4-jian.j.wang@intel.com> In-Reply-To: <20200324063523.336-1-jian.j.wang@intel.com> References: <20200324063523.336-1-jian.j.wang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jian.j.wang@intel.com X-Gm-Message-State: ZNIxGCDRrznww3TpCgJcaLapx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1585031732; bh=1UL20tXj9nrB4yNszCfeAoX1RmE/5b4eoAzhQxoumTk=; h=Cc:Date:From:Reply-To:Subject:To; b=NrDHnXJorgTEo9xDqOLKO6t8KlH61GbG7IvESmJJfUa1joD/CVdrcxvkZbSR0p4iqu4 VYuZH5TOz1eGMgMQrBrHLYjAip16TDVB0WNymM8fmb1cmSwa/1Iwv3P+VN2lE/VypSwoN zODHfFuR4rsLOelOXjXJ8wVZWFrz1PHH91k= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Add null version of VariableKeyLib instance. The full version should be provided by platforms which supports key generator. Cc: Jiewen Yao Cc: Chao Zhang Cc: Nishant C Mistry Signed-off-by: Jian J Wang --- .../VariableKeyLibNull/VariableKeyLibNull.c | 67 +++++++++++++++++++ .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 +++++++++ SecurityPkg/SecurityPkg.dsc | 2 + 3 files changed, 102 insertions(+) create mode 100644 SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNu= ll.c create mode 100644 SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNu= ll.inf diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c b/= SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c new file mode 100644 index 0000000000..2ef6a68ea0 --- /dev/null +++ b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c @@ -0,0 +1,67 @@ +/** @file + Null version of VariableKeyLib for build purpose. Don't use it in real p= roduct. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include +#include + +/** + Retrieves the variable root key. + + @param[out] VariableRootKey A pointer to pointer for the var= iable root key buffer. + @param[in,out] VariableRootKeySize The size in bytes of the variabl= e root key. + + @retval EFI_SUCCESS The variable root key was returned. + @retval EFI_DEVICE_ERROR An error occurred while attempting= to get the variable root key. + @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. + @retval EFI_UNSUPPORTED The variable root key is not suppo= rted in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +GetVariableRootKey ( + OUT VOID **VariableRootKey, + IN OUT UINTN *VariableRootKeySize + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + Regenerates the variable root key. + + @retval EFI_SUCCESS The variable root key was regenera= ted successfully. + @retval EFI_DEVICE_ERROR An error occurred while attempting= to regenerate the root key. + @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. + @retval EFI_UNSUPPORTED Key regeneration is not supported = in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +RegenerateKey ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + Locks the regenerate key interface. + + @retval EFI_SUCCESS The key interface was locked succe= ssfully. + @retval EFI_UNSUPPORTED Locking the key interface is not s= upported in the current boot configuration. + @retval Others An error occurred while attempting= to lock the key interface. +**/ +EFI_STATUS +EFIAPI +LockKeyInterface ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf = b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf new file mode 100644 index 0000000000..ea74e38cf9 --- /dev/null +++ b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf @@ -0,0 +1,33 @@ +## @file +# Provides Null version of VariableKeyLib for build only. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D VariableKeyLibNull + FILE_GUID =3D 2B640ED8-1E6A-4516-9F1D-25910E59BC4A + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D VariableKeyLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 Arm AArch64 +# + +[Sources] + VariableKeyLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 97e0e7ed6e..4b85f77b02 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -64,6 +64,7 @@ TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi= b.inf TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi= b.inf ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSyst= emLibNull.inf + VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull= .inf RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf =20 [LibraryClasses.ARM] @@ -221,6 +222,7 @@ # # Variable Confidentiality & Integrity # + SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf =20 # --=20 2.24.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#56134): https://edk2.groups.io/g/devel/message/56134 Mute This Topic: https://groups.io/mt/72512087/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-