From nobody Mon Feb 9 18:44:13 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89510+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89510+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1651687494; cv=none; d=zohomail.com; s=zohoarc; b=eYG/8s7w9BXKbgXqwKm3nL9uKurgpbifwhN8RHhaKFOo2euqasp8q3iPlHreCqP/bhjHSNyNOc+f3CiNNr2Cyu0VhWnQPu0XeOoePaEfwJKDmsBF7Qlsn0q0B8zrAEXedwL7pgD7DRRAa4cj/6GgA2NnC0WvPvsVytlFSIhOiJs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1651687494; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=kMLXMHlBkDw169SNqzTT2CW+lEkZAAJePoCNsyqbW3Q=; b=Hc8pt8KOJAQUXd1d4LXqtCCzUiaXBzJDsdy3CPY1IxHcfpgaBjQxVSdDVqE2tPrYhrWWwTF121OKUI0sxGSFhjZCM8xchz0J/aiStieX46fT3NgLkItRGBoM68NqqtWBBhxpOCtn/uw0MIfCM00Yji5bfPIZ0RvPapogQvMhjp0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89510+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1651687494575459.1776297033823; Wed, 4 May 2022 11:04:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id w2FMYY1788612x6XdJqXhMqG; Wed, 04 May 2022 11:04:54 -0700 X-Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web08.732.1651687493686187181 for ; Wed, 04 May 2022 11:04:53 -0700 X-Received: by mail-pf1-f175.google.com with SMTP id d25so1728585pfo.10 for ; Wed, 04 May 2022 11:04:53 -0700 (PDT) X-Gm-Message-State: qIdhlVUvjVnXKplTyk6VpGfCx1787277AA= X-Google-Smtp-Source: ABdhPJy8C5DIcNPh3bcNDS1OKd39q3ITUXKmqHCI7UP7USZcJziiStwer83FANE1t4ZNeCNrLKtEoQ== X-Received: by 2002:a65:6d1b:0:b0:3c2:649d:4c9 with SMTP id bf27-20020a656d1b000000b003c2649d04c9mr9344353pgb.202.1651687493142; Wed, 04 May 2022 11:04:53 -0700 (PDT) X-Received: from localhost.localdomain ([50.47.82.110]) by smtp.gmail.com with ESMTPSA id n5-20020aa79045000000b0050dc7628143sm8496347pfo.29.2022.05.04.11.04.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 May 2022 11:04:52 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu Subject: [edk2-devel] [PATCH v1 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator Date: Wed, 4 May 2022 11:04:29 -0700 Message-Id: <20220504180438.1321-4-kuqin12@gmail.com> In-Reply-To: <20220504180438.1321-1-kuqin12@gmail.com> References: <20220504180438.1321-1-kuqin12@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kuqin12@gmail.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1651687494; bh=P3dCjGQmpzAnw+S4Gw2dhQ/MbD/prabsSM5Q2MgatVs=; h=Cc:Date:From:Reply-To:Subject:To; b=czXnyjNHByZ4718y4niTkUM4jaUvlVXdCIm2rLWzPwXksZ1BBnkaWBbhsclFsJ2avIi ehFX8BCZaKUWnBE92jsslQCnLQliMZGV8pWckjEgmSGOrY7dQGOX4d9DNdbMkjitlKgX5 LusHhjBgknvuP23j0U/KkFTddN/EkzDlaZs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1651688397510100001 Content-Type: text/plain; charset="utf-8" From: Kun Qin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3909 This change updated the interface of 'CreateTimeBasedPayload' by requiring the caller to provide a timestamp, instead of relying on time protocol to be ready during runtime. It intends to extend the library availability during boot environment. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin --- SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 53 += +++++++++++-------- SecurityPkg/Include/Library/SecureBootVariableLib.h | 9 += ++- SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf | 8 += -- 3 files changed, 40 insertions(+), 30 deletions(-) diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLi= b.c b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c index e0d137666e0e..3b33a356aba3 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c +++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c @@ -6,8 +6,10 @@ (C) Copyright 2018 Hewlett Packard Enterprise Development LP
Copyright (c) 2021, ARM Ltd. All rights reserved.
Copyright (c) 2021, Semihalf All rights reserved.
+ Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ +#include #include #include #include @@ -21,6 +23,21 @@ #include #include "Library/DxeServicesLib.h" =20 +// This time can be used when deleting variables, as it should be greater = than any variable time. +EFI_TIME mMaxTimestamp =3D { + 0xFFFF, // Year + 0xFF, // Month + 0xFF, // Day + 0xFF, // Hour + 0xFF, // Minute + 0xFF, // Second + 0x00, + 0x00000000, // Nanosecond + 0, + 0, + 0x00 +}; + /** Creates EFI Signature List structure. =20 @param[in] Data A pointer to signature data. @@ -118,7 +135,7 @@ ConcatenateSigList ( =20 @param[in] KeyFileGuid A pointer to to the FFS filename GUID @param[out] SigListsSize A pointer to size of signature list - @param[out] SigListOut a pointer to a callee-allocated buffer w= ith signature lists + @param[out] SigListsOut a pointer to a callee-allocated buffer = with signature lists =20 @retval EFI_SUCCESS Create time based payload successfully. @retval EFI_NOT_FOUND Section with key has not been found. @@ -210,28 +227,30 @@ SecureBootFetchData ( pointer to NULL to wrap an empty payloa= d. On output, Pointer to the new payload d= ate buffer allocated from pool, it's caller's responsibility to free th= e memory when finish using it. + @param[in] Time Pointer to time information to created = time based payload. =20 @retval EFI_SUCCESS Create time based payload successfully. @retval EFI_OUT_OF_RESOURCES There are not enough memory resources t= o create time based payload. @retval EFI_INVALID_PARAMETER The parameter is invalid. @retval Others Unexpected error happens. =20 -**/ +--*/ EFI_STATUS +EFIAPI CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data + IN OUT UINTN *DataSize, + IN OUT UINT8 **Data, + IN EFI_TIME *Time ) { - EFI_STATUS Status; UINT8 *NewData; UINT8 *Payload; UINTN PayloadSize; EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; UINTN DescriptorSize; - EFI_TIME Time; =20 - if ((Data =3D=3D NULL) || (DataSize =3D=3D NULL)) { + if ((Data =3D=3D NULL) || (DataSize =3D=3D NULL) || (Time =3D=3D NULL)) { + DEBUG ((DEBUG_ERROR, "%a(), invalid arg\n", __FUNCTION__)); return EFI_INVALID_PARAMETER; } =20 @@ -247,6 +266,7 @@ CreateTimeBasedPayload ( DescriptorSize =3D OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) += OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); NewData =3D (UINT8 *)AllocateZeroPool (DescriptorSize + PayloadSi= ze); if (NewData =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "%a() Out of resources.\n", __FUNCTION__)); return EFI_OUT_OF_RESOURCES; } =20 @@ -256,19 +276,7 @@ CreateTimeBasedPayload ( =20 DescriptorData =3D (EFI_VARIABLE_AUTHENTICATION_2 *)(NewData); =20 - ZeroMem (&Time, sizeof (EFI_TIME)); - Status =3D gRT->GetTime (&Time, NULL); - if (EFI_ERROR (Status)) { - FreePool (NewData); - return Status; - } - - Time.Pad1 =3D 0; - Time.Nanosecond =3D 0; - Time.TimeZone =3D 0; - Time.Daylight =3D 0; - Time.Pad2 =3D 0; - CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME)); + CopyMem (&DescriptorData->TimeStamp, Time, sizeof (EFI_TIME)); =20 DescriptorData->AuthInfo.Hdr.dwLength =3D OFFSET_OF (WIN_CERTIFI= CATE_UEFI_GUID, CertData); DescriptorData->AuthInfo.Hdr.wRevision =3D 0x0200; @@ -277,6 +285,7 @@ CreateTimeBasedPayload ( =20 if (Payload !=3D NULL) { FreePool (Payload); + Payload =3D NULL; } =20 *DataSize =3D DescriptorSize + PayloadSize; @@ -296,6 +305,7 @@ CreateTimeBasedPayload ( =20 **/ EFI_STATUS +EFIAPI DeleteVariable ( IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid @@ -319,7 +329,7 @@ DeleteVariable ( Attr =3D EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | E= FI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; =20 - Status =3D CreateTimeBasedPayload (&DataSize, &Data); + Status =3D CreateTimeBasedPayload (&DataSize, &Data, &mMaxTimestamp); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Sta= tus)); return Status; @@ -351,6 +361,7 @@ DeleteVariable ( =20 **/ EFI_STATUS +EFIAPI SetSecureBootMode ( IN UINT8 SecureBootMode ) diff --git a/SecurityPkg/Include/Library/SecureBootVariableLib.h b/Security= Pkg/Include/Library/SecureBootVariableLib.h index 7b7afd9cde7c..9f2d41220b70 100644 --- a/SecurityPkg/Include/Library/SecureBootVariableLib.h +++ b/SecurityPkg/Include/Library/SecureBootVariableLib.h @@ -6,6 +6,7 @@ Copyright (c) 2011 - 2018, Intel Corporation. All rights re= served.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
Copyright (c) 2021, ARM Ltd. All rights reserved.
Copyright (c) 2021, Semihalf All rights reserved.
+Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -24,6 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 --*/ EFI_STATUS +EFIAPI SetSecureBootMode ( IN UINT8 SecureBootMode ); @@ -73,6 +75,7 @@ SecureBootFetchData ( pointer to NULL to wrap an empty payloa= d. On output, Pointer to the new payload d= ate buffer allocated from pool, it's caller's responsibility to free th= e memory when finish using it. + @param[in] Time Pointer to time information to created = time based payload. =20 @retval EFI_SUCCESS Create time based payload successfully. @retval EFI_OUT_OF_RESOURCES There are not enough memory resources t= o create time based payload. @@ -81,9 +84,11 @@ SecureBootFetchData ( =20 --*/ EFI_STATUS +EFIAPI CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data + IN OUT UINTN *DataSize, + IN OUT UINT8 **Data, + IN EFI_TIME *Time ); =20 /** diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLi= b.inf b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf index ed7af3dd9cd5..87db5a258021 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf @@ -4,6 +4,7 @@ # # Copyright (c) 2021, ARM Ltd. All rights reserved.
# Copyright (c) 2021, Semihalf All rights reserved.
+# Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -68,12 +69,5 @@ [Guids] ## PRODUCES ## Variable:L"CustomMode" gEfiCustomModeEnableGuid =20 - gEfiCertTypeRsa2048Sha256Guid ## CONSUMES gEfiCertX509Guid ## CONSUMES gEfiCertPkcs7Guid ## CONSUMES - - gDefaultPKFileGuid - gDefaultKEKFileGuid - gDefaultdbFileGuid - gDefaultdbxFileGuid - gDefaultdbtFileGuid --=20 2.34.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89510): https://edk2.groups.io/g/devel/message/89510 Mute This Topic: https://groups.io/mt/90893931/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-