DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept\r
untrusted PE/COFF image and validate its data structure within this image buffer before use.\r
\r
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
//\r
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;\r
UINT32 mPeCoffHeaderOffset;\r
-EFI_IMAGE_DATA_DIRECTORY *mSecDataDir = NULL;\r
EFI_GUID mCertType;\r
\r
//\r
// OID ASN.1 Value for Hash Algorithms\r
//\r
UINT8 mHashOidValue[] = {\r
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5\r
0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1\r
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224\r
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256\r
};\r
\r
HASH_TABLE mHash[] = {\r
- { L"SHA1", 20, &mHashOidValue[8], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },\r
- { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL },\r
- { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize,Sha256Init, Sha256Update, Sha256Final},\r
- { L"SHA384", 48, &mHashOidValue[31], 9, NULL, NULL, NULL, NULL },\r
- { L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }\r
+ { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },\r
+ { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL },\r
+ { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize,Sha256Init, Sha256Update, Sha256Final},\r
+ { L"SHA384", 48, &mHashOidValue[23], 9, NULL, NULL, NULL, NULL },\r
+ { L"SHA512", 64, &mHashOidValue[32], 9, NULL, NULL, NULL, NULL }\r
};\r
\r
+/**\r
+ SecureBoot Hook for processing image verification.\r
+\r
+ @param[in] VariableName Name of Variable to be found.\r
+ @param[in] VendorGuid Variable vendor GUID.\r
+ @param[in] DataSize Size of Data found. If size is less than the\r
+ data, this value contains the required size.\r
+ @param[in] Data Data pointer.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+SecureBootHook (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINTN DataSize,\r
+ IN VOID *Data\r
+ );\r
+\r
/**\r
Reads contents of a PE/COFF image in memory buffer.\r
\r
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;\r
EFI_BLOCK_IO_PROTOCOL *BlockIo;\r
\r
+ if (File == NULL) {\r
+ return IMAGE_UNKNOWN;\r
+ }\r
+\r
//\r
// First check to see if File is from a Firmware Volume\r
//\r
PE/COFF image is external input, so this function will validate its data structure\r
within this image buffer before use.\r
\r
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image.\r
+ @param[in] AuthDataSize Size of the Authenticode Signature in bytes.\r
+ \r
@retval EFI_UNSUPPORTED Hash algorithm is not supported.\r
@retval EFI_SUCCESS Hash successfully.\r
\r
**/\r
EFI_STATUS\r
HashPeImageByType (\r
- VOID\r
+ IN UINT8 *AuthData,\r
+ IN UINTN AuthDataSize\r
)\r
{\r
UINT8 Index;\r
- WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;\r
-\r
- PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);\r
-\r
- if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32) {\r
- return EFI_UNSUPPORTED;\r
- }\r
\r
for (Index = 0; Index < HASHALG_MAX; Index++) {\r
//\r
// This field has the fixed offset (+32) in final Authenticode ASN.1 data.\r
// Fixed offset (+32) is calculated based on two bytes of length encoding.\r
//\r
- if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {\r
+ if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {\r
//\r
// Only support two bytes of Long Form of Length Encoding.\r
//\r
continue;\r
}\r
\r
- if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32 + mHash[Index].OidLength) {\r
+ if (AuthDataSize < 32 + mHash[Index].OidLength) {\r
return EFI_UNSUPPORTED;\r
}\r
\r
- if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {\r
+ if (CompareMem (AuthData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {\r
break;\r
}\r
}\r
\r
if (Name != NULL) {\r
NameStringLen = StrSize (Name);\r
+ } else {\r
+ NameStringLen = sizeof (CHAR16);\r
}\r
\r
- ImageExeInfoTable = NULL;\r
EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);\r
if (ImageExeInfoTable != NULL) {\r
//\r
// The table has been found!\r
- // We must enlarge the table to accmodate the new exe info entry.\r
+ // We must enlarge the table to accomodate the new exe info entry.\r
//\r
ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable);\r
} else {\r
NewImageExeInfoTable->NumberOfImages++;\r
ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize);\r
//\r
- // Update new item's infomation.\r
+ // Update new item's information.\r
//\r
- WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action);\r
- WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize);\r
+ WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action);\r
+ WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize);\r
\r
if (Name != NULL) {\r
- CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name, NameStringLen);\r
+ CopyMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), Name, NameStringLen);\r
+ } else {\r
+ ZeroMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), sizeof (CHAR16));\r
}\r
CopyMem (\r
- (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen,\r
+ (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen,\r
DevicePath,\r
DevicePathSize\r
);\r
if (Signature != NULL) {\r
CopyMem (\r
- (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen + DevicePathSize,\r
+ (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen + DevicePathSize,\r
Signature,\r
SignatureSize\r
);\r
}\r
}\r
\r
-/**\r
- Discover if the UEFI image is authorized by user's policy setting.\r
-\r
- @param[in] Policy Specify platform's policy setting.\r
-\r
- @retval EFI_ACCESS_DENIED Image is not allowed to run.\r
- @retval EFI_SECURITY_VIOLATION Image is deferred.\r
- @retval EFI_SUCCESS Image is authorized to run.\r
-\r
-**/\r
-EFI_STATUS\r
-ImageAuthorization (\r
- IN UINT32 Policy\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_INPUT_KEY Key;\r
-\r
- Status = EFI_ACCESS_DENIED;\r
-\r
- switch (Policy) {\r
-\r
- case QUERY_USER_ON_SECURITY_VIOLATION:\r
- do {\r
- CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, mNotifyString1, mNotifyString2, NULL);\r
- if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {\r
- Status = EFI_SUCCESS;\r
- break;\r
- } else if (Key.UnicodeChar == L'N' || Key.UnicodeChar == L'n') {\r
- Status = EFI_ACCESS_DENIED;\r
- break;\r
- } else if (Key.UnicodeChar == L'D' || Key.UnicodeChar == L'd') {\r
- Status = EFI_SECURITY_VIOLATION;\r
- break;\r
- }\r
- } while (TRUE);\r
- break;\r
-\r
- case ALLOW_EXECUTE_ON_SECURITY_VIOLATION:\r
- Status = EFI_SUCCESS;\r
- break;\r
-\r
- case DEFER_EXECUTE_ON_SECURITY_VIOLATION:\r
- Status = EFI_SECURITY_VIOLATION;\r
- break;\r
-\r
- case DENY_EXECUTE_ON_SECURITY_VIOLATION:\r
- Status = EFI_ACCESS_DENIED;\r
- break;\r
- }\r
-\r
- return Status;\r
-}\r
-\r
/**\r
Check whether signature is in specified database.\r
\r
//\r
CertList = (EFI_SIGNATURE_LIST *) Data;\r
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {\r
- CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r
if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) {\r
for (Index = 0; Index < CertCount; Index++) {\r
// Find the signature in database.\r
//\r
IsFound = TRUE;\r
+ SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);\r
break;\r
}\r
\r
Verify PKCS#7 SignedData using certificate found in Variable which formatted\r
as EFI_SIGNATURE_LIST. The Variable may be PK, KEK, DB or DBX.\r
\r
- @param VariableName Name of Variable to search for Certificate.\r
- @param VendorGuid Variable vendor GUID.\r
+ @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image.\r
+ @param[in] AuthDataSize Size of the Authenticode Signature in bytes.\r
+ @param[in] VariableName Name of Variable to search for Certificate.\r
+ @param[in] VendorGuid Variable vendor GUID.\r
\r
@retval TRUE Image pass verification.\r
@retval FALSE Image fail verification.\r
**/\r
BOOLEAN\r
IsPkcsSignedDataVerifiedBySignatureList (\r
+ IN UINT8 *AuthData,\r
+ IN UINTN AuthDataSize,\r
IN CHAR16 *VariableName,\r
IN EFI_GUID *VendorGuid\r
)\r
{\r
EFI_STATUS Status;\r
BOOLEAN VerifyStatus;\r
- WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;\r
EFI_SIGNATURE_LIST *CertList;\r
EFI_SIGNATURE_DATA *Cert;\r
UINTN DataSize;\r
RootCert = NULL;\r
RootCertSize = 0;\r
VerifyStatus = FALSE;\r
- PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);\r
\r
DataSize = 0;\r
Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);\r
// Iterate each Signature Data Node within this CertList for verify.\r
//\r
RootCert = Cert->SignatureData;\r
- RootCertSize = CertList->SignatureSize;\r
+ RootCertSize = CertList->SignatureSize - sizeof (EFI_GUID);\r
\r
//\r
// Call AuthenticodeVerify library to Verify Authenticode struct.\r
//\r
VerifyStatus = AuthenticodeVerify (\r
- PkcsCertData->CertData,\r
- PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr),\r
+ AuthData,\r
+ AuthDataSize,\r
RootCert,\r
RootCertSize,\r
mImageDigest,\r
mImageDigestSize\r
);\r
if (VerifyStatus) {\r
+ SecureBootHook (VariableName, VendorGuid, CertList->SignatureSize, Cert);\r
goto Done;\r
}\r
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r
return VerifyStatus;\r
}\r
\r
-/**\r
- Verify certificate in WIN_CERT_TYPE_PKCS_SIGNED_DATA format.\r
-\r
- @retval EFI_SUCCESS Image pass verification.\r
- @retval EFI_SECURITY_VIOLATION Image fail verification.\r
-\r
-**/\r
-EFI_STATUS\r
-VerifyCertPkcsSignedData (\r
- VOID\r
- )\r
-{\r
- //\r
- // 1: Find certificate from DBX forbidden database for revoked certificate.\r
- //\r
- if (IsPkcsSignedDataVerifiedBySignatureList (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {\r
- //\r
- // DBX is forbidden database, if Authenticode verification pass with\r
- // one of the certificate in DBX, this image should be rejected.\r
- //\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-\r
- //\r
- // 2: Find certificate from KEK database and try to verify authenticode struct.\r
- //\r
- if (IsPkcsSignedDataVerifiedBySignatureList (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid)) {\r
- return EFI_SUCCESS;\r
- }\r
-\r
- //\r
- // 3: Find certificate from DB database and try to verify authenticode struct.\r
- //\r
- if (IsPkcsSignedDataVerifiedBySignatureList (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {\r
- return EFI_SUCCESS;\r
- } else {\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-}\r
-\r
-/**\r
- Verify certificate in WIN_CERTIFICATE_UEFI_GUID format.\r
-\r
- @retval EFI_SUCCESS Image pass verification.\r
- @retval EFI_SECURITY_VIOLATION Image fail verification.\r
- @retval other error value\r
-\r
-**/\r
-EFI_STATUS\r
-VerifyCertUefiGuid (\r
- VOID\r
- )\r
-{\r
- BOOLEAN Status;\r
- WIN_CERTIFICATE_UEFI_GUID *EfiCert;\r
- EFI_SIGNATURE_LIST *KekList;\r
- EFI_SIGNATURE_DATA *KekItem;\r
- EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;\r
- VOID *Rsa;\r
- UINTN KekCount;\r
- UINTN Index;\r
- UINTN KekDataSize;\r
- BOOLEAN IsFound;\r
- EFI_STATUS Result;\r
-\r
- EfiCert = NULL;\r
- KekList = NULL;\r
- KekItem = NULL;\r
- CertBlock = NULL;\r
- Rsa = NULL;\r
- Status = FALSE;\r
- IsFound = FALSE;\r
- KekDataSize = 0;\r
-\r
- EfiCert = (WIN_CERTIFICATE_UEFI_GUID *) (mImageBase + mSecDataDir->VirtualAddress);\r
- CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) EfiCert->CertData;\r
- if (!CompareGuid (&EfiCert->CertType, &gEfiCertTypeRsa2048Sha256Guid)) {\r
- //\r
- // Invalid Certificate Data Type.\r
- //\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-\r
- //\r
- // Get KEK database variable data size\r
- //\r
- Result = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &KekDataSize, NULL);\r
- if (Result != EFI_BUFFER_TOO_SMALL) {\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-\r
- //\r
- // Get KEK database variable.\r
- //\r
- GetEfiGlobalVariable2 (EFI_KEY_EXCHANGE_KEY_NAME, (VOID**)&KekList, NULL);\r
- if (KekList == NULL) {\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-\r
- //\r
- // Enumerate all Kek items in this list to verify the variable certificate data.\r
- // If anyone is authenticated successfully, it means the variable is correct!\r
- //\r
- while ((KekDataSize > 0) && (KekDataSize >= KekList->SignatureListSize)) {\r
- if (CompareGuid (&KekList->SignatureType, &gEfiCertRsa2048Guid)) {\r
- KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize);\r
- KekCount = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize;\r
- for (Index = 0; Index < KekCount; Index++) {\r
- if (CompareMem (KekItem->SignatureData, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {\r
- IsFound = TRUE;\r
- break;\r
- }\r
- KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekItem + KekList->SignatureSize);\r
- }\r
- }\r
- KekDataSize -= KekList->SignatureListSize;\r
- KekList = (EFI_SIGNATURE_LIST *) ((UINT8 *) KekList + KekList->SignatureListSize);\r
- }\r
-\r
- if (!IsFound) {\r
- //\r
- // Signed key is not a trust one.\r
- //\r
- goto Done;\r
- }\r
-\r
- //\r
- // Now, we found the corresponding security policy.\r
- // Verify the data payload.\r
- //\r
- Rsa = RsaNew ();\r
- if (Rsa == NULL) {\r
- Status = FALSE;\r
- goto Done;\r
- }\r
-\r
- //\r
- // Set RSA Key Components.\r
- // NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r
- //\r
- Status = RsaSetKey (Rsa, RsaKeyN, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE);\r
- if (!Status) {\r
- goto Done;\r
- }\r
- Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));\r
- if (!Status) {\r
- goto Done;\r
- }\r
- //\r
- // Verify the signature.\r
- //\r
- Status = RsaPkcs1Verify (\r
- Rsa,\r
- mImageDigest,\r
- mImageDigestSize,\r
- CertBlock->Signature,\r
- EFI_CERT_TYPE_RSA2048_SHA256_SIZE\r
- );\r
-\r
-Done:\r
- if (KekList != NULL) {\r
- FreePool (KekList);\r
- }\r
- if (Rsa != NULL ) {\r
- RsaFree (Rsa);\r
- }\r
- if (Status) {\r
- return EFI_SUCCESS;\r
- } else {\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-}\r
-\r
/**\r
Provide verification service for signed images, which include both signature validation\r
and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and\r
In this implementation, only verify external executables when in USER MODE.\r
Executables from FV is bypass, so pass in AuthenticationStatus is ignored.\r
\r
- The image verification process is:\r
- Is the Image signed?\r
- If yes,\r
- Does the image verify against a certificate (root or intermediate) in the allowed db?\r
- Run it\r
- Image verification fail\r
- Is the Image's Hash not in forbidden database and the Image's Hash in allowed db?\r
- Run it\r
- If no,\r
- Is the Image's Hash in the forbidden database (DBX)?\r
- if yes,\r
- Error out\r
- Is the Image's Hash in the allowed database (DB)?\r
- If yes,\r
- Run it\r
- If no,\r
- Error out\r
+ The image verification policy is:\r
+ If the image is signed,\r
+ At least one valid signature or at least one hash value of the image must match a record\r
+ in the security database "db", and no valid signature nor any hash value of the image may\r
+ be reflected in the security database "dbx".\r
+ Otherwise, the image is not signed,\r
+ The SHA256 hash value of the image must match a record in the security database "db", and\r
+ not be reflected in the security data base "dbx".\r
\r
Caution: This function may receive untrusted input.\r
PE/COFF image is external input, so this function will validate its data structure\r
being dispatched. This will optionally be used for logging.\r
@param[in] FileBuffer File buffer matches the input file device path.\r
@param[in] FileSize Size of File buffer matches the input file device path.\r
-\r
- @retval EFI_SUCCESS The file specified by File did authenticate, and the\r
- platform policy dictates that the DXE Core may use File.\r
- @retval EFI_INVALID_PARAMETER Input argument is incorrect.\r
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
+\r
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
+ FileBuffer did authenticate, and the platform policy dictates\r
+ that the DXE Foundation may use the file.\r
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r
+ and non-NULL FileBuffer did authenticate, and the platform\r
+ policy dictates that the DXE Foundation may execute the image in\r
+ FileBuffer.\r
@retval EFI_OUT_RESOURCE Fail to allocate memory.\r
@retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and\r
the platform policy dictates that File should be placed\r
- in the untrusted state. A file may be promoted from\r
- the untrusted to the trusted state at a future time\r
- with a call to the Trust() DXE Service.\r
- @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and\r
- the platform policy dictates that File should not be\r
- used for any purpose.\r
+ in the untrusted state. The image has been added to the file\r
+ execution table.\r
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the DXE\r
+ Foundation many not use File.\r
\r
**/\r
EFI_STATUS\r
IN UINT32 AuthenticationStatus,\r
IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
IN VOID *FileBuffer,\r
- IN UINTN FileSize\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
)\r
{\r
EFI_STATUS Status;\r
UINT8 *SecureBoot;\r
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
UINT32 NumberOfRvaAndSizes;\r
- UINT32 CertSize;\r
-\r
- if (File == NULL) {\r
- return EFI_INVALID_PARAMETER;\r
- }\r
+ WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;\r
+ WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid;\r
+ UINT8 *AuthData;\r
+ UINTN AuthDataSize;\r
+ EFI_IMAGE_DATA_DIRECTORY *SecDataDir;\r
+ UINT32 OffSet;\r
\r
SignatureList = NULL;\r
SignatureListSize = 0;\r
WinCertificate = NULL;\r
+ SecDataDir = NULL;\r
+ PkcsCertData = NULL;\r
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;\r
Status = EFI_ACCESS_DENIED;\r
+ VerifyStatus = EFI_ACCESS_DENIED;\r
+\r
//\r
// Check the image type and get policy setting.\r
//\r
return EFI_ACCESS_DENIED;\r
}\r
\r
+ //\r
+ // The policy QUERY_USER_ON_SECURITY_VIOLATION and ALLOW_EXECUTE_ON_SECURITY_VIOLATION \r
+ // violates the UEFI spec and has been removed.\r
+ //\r
+ ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);\r
+ if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) {\r
+ CpuDeadLoop ();\r
+ }\r
+\r
GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);\r
//\r
// Skip verification if SecureBoot variable doesn't exist.\r
//\r
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;\r
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
- mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];\r
+ SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];\r
} \r
} else {\r
//\r
//\r
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;\r
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
- mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];\r
+ SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];\r
}\r
}\r
\r
- if ((mSecDataDir == NULL) || ((mSecDataDir != NULL) && (mSecDataDir->Size == 0))) {\r
+ //\r
+ // Start Image Validation.\r
+ //\r
+ if (SecDataDir == NULL || SecDataDir->Size == 0) {\r
//\r
- // This image is not signed.\r
+ // This image is not signed. The SHA256 hash value of the image must match a record in the security database "db", \r
+ // and not be reflected in the security data base "dbx".\r
//\r
if (!HashPeImage (HASHALG_SHA256)) {\r
goto Done;\r
}\r
\r
//\r
- // Verify signature of executables.\r
+ // Verify the signature of the image, multiple signatures are allowed as per PE/COFF Section 4.7 \r
+ // "Attribute Certificate Table".\r
+ // The first certificate starts at offset (SecDataDir->VirtualAddress) from the start of the file.\r
//\r
- WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress);\r
-\r
- CertSize = sizeof (WIN_CERTIFICATE);\r
-\r
- if ((mSecDataDir->Size <= CertSize) || (mSecDataDir->Size < WinCertificate->dwLength)) {\r
- goto Done;\r
- }\r
-\r
- switch (WinCertificate->wCertificateType) {\r
-\r
- case WIN_CERT_TYPE_EFI_GUID:\r
- CertSize = sizeof (WIN_CERTIFICATE_UEFI_GUID) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256) - sizeof (UINT8);\r
- if (WinCertificate->dwLength < CertSize) {\r
- goto Done;\r
+ for (OffSet = SecDataDir->VirtualAddress;\r
+ OffSet < (SecDataDir->VirtualAddress + SecDataDir->Size);\r
+ OffSet += WinCertificate->dwLength, OffSet += ALIGN_SIZE (OffSet)) {\r
+ WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);\r
+ if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <= sizeof (WIN_CERTIFICATE) ||\r
+ (SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) < WinCertificate->dwLength) {\r
+ break;\r
}\r
-\r
+ \r
//\r
- // Verify UEFI GUID type.\r
+ // Verify the image's Authenticode signature, only DER-encoded PKCS#7 signed data is supported.\r
//\r
- if (!HashPeImage (HASHALG_SHA256)) {\r
- goto Done;\r
+ if (WinCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {\r
+ //\r
+ // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the \r
+ // Authenticode specification.\r
+ //\r
+ PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;\r
+ if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {\r
+ break;\r
+ }\r
+ AuthData = PkcsCertData->CertData;\r
+ AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);\r
+ } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {\r
+ //\r
+ // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.\r
+ //\r
+ WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;\r
+ if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r
+ break;\r
+ }\r
+ if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {\r
+ continue;\r
+ }\r
+ AuthData = WinCertUefiGuid->CertData;\r
+ AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);\r
+ } else {\r
+ if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {\r
+ break;\r
+ }\r
+ continue;\r
}\r
\r
- VerifyStatus = VerifyCertUefiGuid ();\r
- break;\r
-\r
- case WIN_CERT_TYPE_PKCS_SIGNED_DATA:\r
+ Status = HashPeImageByType (AuthData, AuthDataSize);\r
+ if (EFI_ERROR (Status)) {\r
+ continue;\r
+ }\r
+ \r
//\r
- // Verify Pkcs signed data type.\r
+ // Check the digital signature against the revoked certificate in forbidden database (dbx).\r
//\r
- Status = HashPeImageByType();\r
- if (EFI_ERROR (Status)) {\r
- goto Done;\r
+ if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {\r
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;\r
+ VerifyStatus = EFI_ACCESS_DENIED;\r
+ break;\r
}\r
\r
- VerifyStatus = VerifyCertPkcsSignedData ();\r
-\r
//\r
- // For image verification against enrolled certificate(root or intermediate),\r
- // no need to check image's hash in the allowed database.\r
+ // Check the digital signature against the valid certificate in allowed database (db).\r
//\r
- if (!EFI_ERROR (VerifyStatus)) {\r
- if (!IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {\r
- return EFI_SUCCESS;\r
+ if (EFI_ERROR (VerifyStatus)) {\r
+ if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {\r
+ VerifyStatus = EFI_SUCCESS;\r
}\r
}\r
- break;\r
\r
- default:\r
- goto Done;\r
- }\r
- //\r
- // Get image hash value as executable's signature.\r
- //\r
- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;\r
- SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);\r
- if (SignatureList == NULL) {\r
- Status = EFI_OUT_OF_RESOURCES;\r
- goto Done;\r
- }\r
- SignatureList->SignatureHeaderSize = 0;\r
- SignatureList->SignatureListSize = (UINT32) SignatureListSize;\r
- SignatureList->SignatureSize = (UINT32) mImageDigestSize;\r
- CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));\r
- Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));\r
- CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);\r
- //\r
- // Signature database check after verification.\r
- //\r
- if (EFI_ERROR (VerifyStatus)) {\r
//\r
- // Verification failure.\r
+ // Check the image's hash value.\r
//\r
- if (!IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize) &&\r
- IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {\r
- //\r
- // Verification fail, Image Hash is not in forbidden database (DBX),\r
- // and Image Hash is in allowed database (DB).\r
- //\r
- Status = EFI_SUCCESS;\r
- } else {\r
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;\r
- Status = EFI_ACCESS_DENIED;\r
+ if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {\r
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;\r
+ VerifyStatus = EFI_ACCESS_DENIED;\r
+ break;\r
+ } else if (EFI_ERROR (VerifyStatus)) {\r
+ if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {\r
+ VerifyStatus = EFI_SUCCESS;\r
+ }\r
}\r
- } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, Signature->SignatureData, &mCertType, mImageDigestSize)) {\r
- //\r
- // Executable signature verification passes, but is found in forbidden signature database.\r
- //\r
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;\r
- Status = EFI_ACCESS_DENIED;\r
- } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, Signature->SignatureData, &mCertType, mImageDigestSize)) {\r
+ }\r
+\r
+ if (OffSet != (SecDataDir->VirtualAddress + SecDataDir->Size)) {\r
//\r
- // Executable signature is found in authorized signature database.\r
+ // The Size in Certificate Table or the attribute certicate table is corrupted.\r
//\r
- Status = EFI_SUCCESS;\r
+ VerifyStatus = EFI_ACCESS_DENIED;\r
+ }\r
+ \r
+ if (!EFI_ERROR (VerifyStatus)) {\r
+ return EFI_SUCCESS;\r
} else {\r
- //\r
- // Executable signature verification passes, but cannot be found in authorized signature database.\r
- // Get platform policy to determine the action.\r
- //\r
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED;\r
- Status = ImageAuthorization (Policy);\r
+ Status = EFI_ACCESS_DENIED;\r
+ if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {\r
+ //\r
+ // Get image hash value as executable's signature.\r
+ //\r
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;\r
+ SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);\r
+ if (SignatureList == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Done;\r
+ }\r
+ SignatureList->SignatureHeaderSize = 0;\r
+ SignatureList->SignatureListSize = (UINT32) SignatureListSize;\r
+ SignatureList->SignatureSize = (UINT32) mImageDigestSize;\r
+ CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));\r
+ Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));\r
+ CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);\r
+ }\r
}\r
\r
Done:\r
// Policy decides to defer or reject the image; add its information in image executable information table.\r
//\r
AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);\r
+ Status = EFI_SECURITY_VIOLATION;\r
}\r
\r
if (SignatureList != NULL) {\r
}\r
\r
/**\r
- When VariableWriteArchProtocol install, create "SecureBoot" variable.\r
+ On Ready To Boot Services Event notification handler.\r
+\r
+ Add the image execution information table if it is not in system configuration table.\r
\r
- @param[in] Event Event whose notification function is being invoked.\r
- @param[in] Context Pointer to the notification function's context.\r
+ @param[in] Event Event whose notification function is being invoked\r
+ @param[in] Context Pointer to the notification function's context\r
\r
**/\r
VOID\r
EFIAPI\r
-VariableWriteCallBack (\r
- IN EFI_EVENT Event,\r
- IN VOID *Context\r
+OnReadyToBoot (\r
+ IN EFI_EVENT Event,\r
+ IN VOID *Context\r
)\r
{\r
- UINT8 SecureBootMode;\r
- UINT8 *SecureBootModePtr;\r
- EFI_STATUS Status;\r
- VOID *ProtocolPointer;\r
+ EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable;\r
+ UINTN ImageExeInfoTableSize;\r
\r
- Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);\r
- if (EFI_ERROR (Status)) {\r
+ EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);\r
+ if (ImageExeInfoTable != NULL) {\r
return;\r
}\r
\r
- //\r
- // Check whether "SecureBoot" variable exists.\r
- // If this library is built-in, it means firmware has capability to perform\r
- // driver signing verification.\r
- //\r
- GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);\r
- if (SecureBootModePtr == NULL) {\r
- SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
- //\r
- // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.\r
- //\r
- gRT->SetVariable (\r
- EFI_SECURE_BOOT_MODE_NAME,\r
- &gEfiGlobalVariableGuid,\r
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r
- sizeof (UINT8),\r
- &SecureBootMode\r
- );\r
- } else {\r
- FreePool (SecureBootModePtr);\r
+ ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);\r
+ ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize);\r
+ if (ImageExeInfoTable == NULL) {\r
+ return ;\r
}\r
+\r
+ ImageExeInfoTable->NumberOfImages = 0; \r
+ gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable);\r
+\r
}\r
\r
/**\r
IN EFI_SYSTEM_TABLE *SystemTable\r
)\r
{\r
- VOID *Registration;\r
+ EFI_EVENT Event;\r
\r
//\r
- // Register callback function upon VariableWriteArchProtocol.\r
+ // Register the event to publish the image execution table.\r
//\r
- EfiCreateProtocolNotifyEvent (\r
- &gEfiVariableWriteArchProtocolGuid,\r
+ EfiCreateEventReadyToBootEx (\r
TPL_CALLBACK,\r
- VariableWriteCallBack,\r
- NULL,\r
- &Registration\r
- );\r
+ OnReadyToBoot, \r
+ NULL, \r
+ &Event\r
+ ); \r
\r
- return RegisterSecurityHandler (\r
+ return RegisterSecurity2Handler (\r
DxeImageVerificationHandler,\r
EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
);\r
projects / mirror_edk2.git / blobdiff