From nobody Mon Feb 9 21:19:55 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90494+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90494+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1655152804; cv=none; d=zohomail.com; s=zohoarc; b=B9TlLDkLCOVn4XgIKwgbiKyyRBTMr9xcFl5oCB/Ih5Wmoyx6YpFIvkAT8czyLTP7L8TTwZM1/oFZoY8mXcPx9fymmvm+zLQL0LhQitiYuq1Gul+XnJ++pyGwQxYjz7IXlayGSM1v5OWmEqx2zAfz5bl91/PM6cwuhOiGAqGfsk0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1655152804; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=GsUmkv5iyxkXYe69St5weHYkGS38SieOTZAgYALE8Pc=; b=Bf888oxsgmjjkgmapCf24nXMmU+w9+9gBMobEtacy9i7WR3Xk3MUerMDy4P5lkNd/zDxtFvAUQUCaTtEkgPbnWrxqccIT2UoGmXa+vjthZpLRmtaKd+OQoxbSqBsr31OuYy/Gews7iM9hf/w5vSOc8E2JDFlloXCgPCK52Hf82k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90494+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1655152804027791.4799671819321; Mon, 13 Jun 2022 13:40:04 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fj9xYY1788612xKTIVYnhH2P; Mon, 13 Jun 2022 13:40:03 -0700 X-Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web10.10958.1655152800432763979 for ; Mon, 13 Jun 2022 13:40:00 -0700 X-Received: by mail-pg1-f173.google.com with SMTP id 184so6567487pga.12 for ; Mon, 13 Jun 2022 13:40:00 -0700 (PDT) X-Gm-Message-State: bPGzqSdAXimFyoMjnoiHNQpFx1787277AA= X-Google-Smtp-Source: ABdhPJymRbd61Ed63Uf30rg/50KrRiTGN62YoYYqcqvYp4p+AxHLf+sGdo2xim+2PivbRUeQzxx3Fw== X-Received: by 2002:a05:6a00:1805:b0:51c:3a7:54dc with SMTP id y5-20020a056a00180500b0051c03a754dcmr761267pfa.15.1655152799668; Mon, 13 Jun 2022 13:39:59 -0700 (PDT) X-Received: from localhost.localdomain ([50.35.66.9]) by smtp.gmail.com with ESMTPSA id g14-20020a17090a578e00b001ea90dada74sm5603239pji.12.2022.06.13.13.39.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jun 2022 13:39:59 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu Subject: [edk2-devel] [PATCH v2 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator Date: Mon, 13 Jun 2022 13:39:34 -0700 Message-Id: <20220613203943.704-4-kuqin12@gmail.com> In-Reply-To: <20220613203943.704-1-kuqin12@gmail.com> References: <20220613203943.704-1-kuqin12@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kuqin12@gmail.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1655152803; bh=iqOmCFkxJcRruiFSSbuAbf+TsCgy+/MEhzpG42RYfGE=; h=Cc:Date:From:Reply-To:Subject:To; b=hG1ZEz3BtUqX6zxQgjB88JBGcVGwYsT/Sv1tb9If/6WOWIZPaue00UY+H2t20aF1oFU BdI0RWUsWtHtuU4tsOt8+B/ZO/Js/DxIfvjVPBOY7vyU1sP2lIQ4iU7oge7yhrW8OZBR8 +vhGqKzzbTC+Gy+w5KH0ecEKdxZZ6Koe/NY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1655152804690100001 Content-Type: text/plain; charset="utf-8" From: Kun Qin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3909 This change updated the interface of 'CreateTimeBasedPayload' by requiring the caller to provide a timestamp, instead of relying on time protocol to be ready during runtime. It intends to extend the library availability during boot environment. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin --- SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 53 += +++++++++++-------- SecurityPkg/Include/Library/SecureBootVariableLib.h | 9 += ++- SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf | 8 += -- 3 files changed, 40 insertions(+), 30 deletions(-) diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLi= b.c b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c index e0d137666e0e..3b33a356aba3 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c +++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c @@ -6,8 +6,10 @@ (C) Copyright 2018 Hewlett Packard Enterprise Development LP
Copyright (c) 2021, ARM Ltd. All rights reserved.
Copyright (c) 2021, Semihalf All rights reserved.
+ Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ +#include #include #include #include @@ -21,6 +23,21 @@ #include #include "Library/DxeServicesLib.h" =20 +// This time can be used when deleting variables, as it should be greater = than any variable time. +EFI_TIME mMaxTimestamp =3D { + 0xFFFF, // Year + 0xFF, // Month + 0xFF, // Day + 0xFF, // Hour + 0xFF, // Minute + 0xFF, // Second + 0x00, + 0x00000000, // Nanosecond + 0, + 0, + 0x00 +}; + /** Creates EFI Signature List structure. =20 @param[in] Data A pointer to signature data. @@ -118,7 +135,7 @@ ConcatenateSigList ( =20 @param[in] KeyFileGuid A pointer to to the FFS filename GUID @param[out] SigListsSize A pointer to size of signature list - @param[out] SigListOut a pointer to a callee-allocated buffer w= ith signature lists + @param[out] SigListsOut a pointer to a callee-allocated buffer = with signature lists =20 @retval EFI_SUCCESS Create time based payload successfully. @retval EFI_NOT_FOUND Section with key has not been found. @@ -210,28 +227,30 @@ SecureBootFetchData ( pointer to NULL to wrap an empty payloa= d. On output, Pointer to the new payload d= ate buffer allocated from pool, it's caller's responsibility to free th= e memory when finish using it. + @param[in] Time Pointer to time information to created = time based payload. =20 @retval EFI_SUCCESS Create time based payload successfully. @retval EFI_OUT_OF_RESOURCES There are not enough memory resources t= o create time based payload. @retval EFI_INVALID_PARAMETER The parameter is invalid. @retval Others Unexpected error happens. =20 -**/ +--*/ EFI_STATUS +EFIAPI CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data + IN OUT UINTN *DataSize, + IN OUT UINT8 **Data, + IN EFI_TIME *Time ) { - EFI_STATUS Status; UINT8 *NewData; UINT8 *Payload; UINTN PayloadSize; EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; UINTN DescriptorSize; - EFI_TIME Time; =20 - if ((Data =3D=3D NULL) || (DataSize =3D=3D NULL)) { + if ((Data =3D=3D NULL) || (DataSize =3D=3D NULL) || (Time =3D=3D NULL)) { + DEBUG ((DEBUG_ERROR, "%a(), invalid arg\n", __FUNCTION__)); return EFI_INVALID_PARAMETER; } =20 @@ -247,6 +266,7 @@ CreateTimeBasedPayload ( DescriptorSize =3D OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) += OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); NewData =3D (UINT8 *)AllocateZeroPool (DescriptorSize + PayloadSi= ze); if (NewData =3D=3D NULL) { + DEBUG ((DEBUG_ERROR, "%a() Out of resources.\n", __FUNCTION__)); return EFI_OUT_OF_RESOURCES; } =20 @@ -256,19 +276,7 @@ CreateTimeBasedPayload ( =20 DescriptorData =3D (EFI_VARIABLE_AUTHENTICATION_2 *)(NewData); =20 - ZeroMem (&Time, sizeof (EFI_TIME)); - Status =3D gRT->GetTime (&Time, NULL); - if (EFI_ERROR (Status)) { - FreePool (NewData); - return Status; - } - - Time.Pad1 =3D 0; - Time.Nanosecond =3D 0; - Time.TimeZone =3D 0; - Time.Daylight =3D 0; - Time.Pad2 =3D 0; - CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME)); + CopyMem (&DescriptorData->TimeStamp, Time, sizeof (EFI_TIME)); =20 DescriptorData->AuthInfo.Hdr.dwLength =3D OFFSET_OF (WIN_CERTIFI= CATE_UEFI_GUID, CertData); DescriptorData->AuthInfo.Hdr.wRevision =3D 0x0200; @@ -277,6 +285,7 @@ CreateTimeBasedPayload ( =20 if (Payload !=3D NULL) { FreePool (Payload); + Payload =3D NULL; } =20 *DataSize =3D DescriptorSize + PayloadSize; @@ -296,6 +305,7 @@ CreateTimeBasedPayload ( =20 **/ EFI_STATUS +EFIAPI DeleteVariable ( IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid @@ -319,7 +329,7 @@ DeleteVariable ( Attr =3D EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | E= FI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; =20 - Status =3D CreateTimeBasedPayload (&DataSize, &Data); + Status =3D CreateTimeBasedPayload (&DataSize, &Data, &mMaxTimestamp); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Sta= tus)); return Status; @@ -351,6 +361,7 @@ DeleteVariable ( =20 **/ EFI_STATUS +EFIAPI SetSecureBootMode ( IN UINT8 SecureBootMode ) diff --git a/SecurityPkg/Include/Library/SecureBootVariableLib.h b/Security= Pkg/Include/Library/SecureBootVariableLib.h index 7b7afd9cde7c..9f2d41220b70 100644 --- a/SecurityPkg/Include/Library/SecureBootVariableLib.h +++ b/SecurityPkg/Include/Library/SecureBootVariableLib.h @@ -6,6 +6,7 @@ Copyright (c) 2011 - 2018, Intel Corporation. All rights re= served.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
Copyright (c) 2021, ARM Ltd. All rights reserved.
Copyright (c) 2021, Semihalf All rights reserved.
+Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -24,6 +25,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 --*/ EFI_STATUS +EFIAPI SetSecureBootMode ( IN UINT8 SecureBootMode ); @@ -73,6 +75,7 @@ SecureBootFetchData ( pointer to NULL to wrap an empty payloa= d. On output, Pointer to the new payload d= ate buffer allocated from pool, it's caller's responsibility to free th= e memory when finish using it. + @param[in] Time Pointer to time information to created = time based payload. =20 @retval EFI_SUCCESS Create time based payload successfully. @retval EFI_OUT_OF_RESOURCES There are not enough memory resources t= o create time based payload. @@ -81,9 +84,11 @@ SecureBootFetchData ( =20 --*/ EFI_STATUS +EFIAPI CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data + IN OUT UINTN *DataSize, + IN OUT UINT8 **Data, + IN EFI_TIME *Time ); =20 /** diff --git a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLi= b.inf b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf index ed7af3dd9cd5..87db5a258021 100644 --- a/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf +++ b/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf @@ -4,6 +4,7 @@ # # Copyright (c) 2021, ARM Ltd. All rights reserved.
# Copyright (c) 2021, Semihalf All rights reserved.
+# Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -68,12 +69,5 @@ [Guids] ## PRODUCES ## Variable:L"CustomMode" gEfiCustomModeEnableGuid =20 - gEfiCertTypeRsa2048Sha256Guid ## CONSUMES gEfiCertX509Guid ## CONSUMES gEfiCertPkcs7Guid ## CONSUMES - - gDefaultPKFileGuid - gDefaultKEKFileGuid - gDefaultdbFileGuid - gDefaultdbxFileGuid - gDefaultdbtFileGuid --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90494): https://edk2.groups.io/g/devel/message/90494 Mute This Topic: https://groups.io/mt/91735871/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-