]>
Commit | Line | Data |
---|---|---|
e29caef2 JY |
1 | /** @file\r |
2 | EDKII System Capsule library.\r | |
3 | \r | |
4 | EDKII System Capsule library instance.\r | |
5 | \r | |
6 | CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive\r | |
7 | untrusted input and do basic validation.\r | |
8 | \r | |
ce5354d6 | 9 | Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>\r |
e29caef2 JY |
10 | This program and the accompanying materials\r |
11 | are licensed and made available under the terms and conditions of the BSD License\r | |
12 | which accompanies this distribution. The full text of the license may be found at\r | |
13 | http://opensource.org/licenses/bsd-license.php\r | |
14 | \r | |
15 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
16 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
17 | \r | |
18 | **/\r | |
19 | \r | |
20 | #include <PiDxe.h>\r | |
21 | \r | |
22 | #include <Guid/SystemResourceTable.h>\r | |
23 | #include <Guid/FirmwareContentsSigned.h>\r | |
24 | #include <Guid/WinCertificate.h>\r | |
25 | #include <Guid/EdkiiSystemFmpCapsule.h>\r | |
26 | #include <Guid/WinCertificate.h>\r | |
27 | #include <Guid/ImageAuthentication.h>\r | |
28 | \r | |
29 | #include <Library/BaseLib.h>\r | |
30 | #include <Library/BaseMemoryLib.h>\r | |
31 | #include <Library/DebugLib.h>\r | |
32 | #include <Library/MemoryAllocationLib.h>\r | |
33 | #include <Library/EdkiiSystemCapsuleLib.h>\r | |
34 | #include <Library/FmpAuthenticationLib.h>\r | |
35 | \r | |
36 | #include <Protocol/FirmwareManagement.h>\r | |
37 | \r | |
38 | EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *mImageFmpInfo;\r | |
39 | UINTN mImageFmpInfoSize;\r | |
40 | EFI_GUID mEdkiiSystemFirmwareFileGuid;\r | |
41 | \r | |
42 | /**\r | |
43 | Check if a block of buffer is erased.\r | |
44 | \r | |
45 | @param[in] ErasePolarity Erase polarity attribute of the firmware volume\r | |
46 | @param[in] InBuffer The buffer to be checked\r | |
47 | @param[in] BufferSize Size of the buffer in bytes\r | |
48 | \r | |
49 | @retval TRUE The block of buffer is erased\r | |
50 | @retval FALSE The block of buffer is not erased\r | |
51 | **/\r | |
52 | BOOLEAN\r | |
53 | IsBufferErased (\r | |
54 | IN UINT8 ErasePolarity,\r | |
55 | IN VOID *InBuffer,\r | |
56 | IN UINTN BufferSize\r | |
57 | )\r | |
58 | {\r | |
59 | UINTN Count;\r | |
60 | UINT8 EraseByte;\r | |
61 | UINT8 *Buffer;\r | |
62 | \r | |
63 | if(ErasePolarity == 1) {\r | |
64 | EraseByte = 0xFF;\r | |
65 | } else {\r | |
66 | EraseByte = 0;\r | |
67 | }\r | |
68 | \r | |
69 | Buffer = InBuffer;\r | |
70 | for (Count = 0; Count < BufferSize; Count++) {\r | |
71 | if (Buffer[Count] != EraseByte) {\r | |
72 | return FALSE;\r | |
73 | }\r | |
74 | }\r | |
75 | \r | |
76 | return TRUE;\r | |
77 | }\r | |
78 | \r | |
79 | /**\r | |
80 | Get Section buffer pointer by SectionType and SectionInstance.\r | |
81 | \r | |
82 | @param[in] SectionBuffer The buffer of section\r | |
83 | @param[in] SectionBufferSize The size of SectionBuffer in bytes\r | |
84 | @param[in] SectionType The SectionType of Section to be found\r | |
85 | @param[in] SectionInstance The Instance of Section to be found\r | |
86 | @param[out] OutSectionBuffer The section found, including SECTION_HEADER\r | |
87 | @param[out] OutSectionSize The size of section found, including SECTION_HEADER\r | |
88 | \r | |
89 | @retval TRUE The FFS buffer is found.\r | |
90 | @retval FALSE The FFS buffer is not found.\r | |
91 | **/\r | |
92 | BOOLEAN\r | |
93 | GetSectionByType (\r | |
94 | IN VOID *SectionBuffer,\r | |
95 | IN UINT32 SectionBufferSize,\r | |
96 | IN EFI_SECTION_TYPE SectionType,\r | |
97 | IN UINTN SectionInstance,\r | |
98 | OUT VOID **OutSectionBuffer,\r | |
99 | OUT UINTN *OutSectionSize\r | |
100 | )\r | |
101 | {\r | |
102 | EFI_COMMON_SECTION_HEADER *SectionHeader;\r | |
103 | UINTN SectionSize;\r | |
104 | UINTN Instance;\r | |
105 | \r | |
106 | DEBUG ((DEBUG_INFO, "GetSectionByType - Buffer: 0x%08x - 0x%08x\n", SectionBuffer, SectionBufferSize));\r | |
107 | \r | |
108 | //\r | |
109 | // Find Section\r | |
110 | //\r | |
111 | SectionHeader = SectionBuffer;\r | |
112 | \r | |
113 | Instance = 0;\r | |
114 | while ((UINTN)SectionHeader < (UINTN)SectionBuffer + SectionBufferSize) {\r | |
115 | DEBUG ((DEBUG_INFO, "GetSectionByType - Section: 0x%08x\n", SectionHeader));\r | |
116 | if (IS_SECTION2(SectionHeader)) {\r | |
117 | SectionSize = SECTION2_SIZE(SectionHeader);\r | |
118 | } else {\r | |
119 | SectionSize = SECTION_SIZE(SectionHeader);\r | |
120 | }\r | |
121 | \r | |
122 | if (SectionHeader->Type == SectionType) {\r | |
123 | if (Instance == SectionInstance) {\r | |
124 | *OutSectionBuffer = (UINT8 *)SectionHeader;\r | |
125 | *OutSectionSize = SectionSize;\r | |
126 | DEBUG((DEBUG_INFO, "GetSectionByType - 0x%x - 0x%x\n", *OutSectionBuffer, *OutSectionSize));\r | |
127 | return TRUE;\r | |
128 | } else {\r | |
129 | DEBUG((DEBUG_INFO, "GetSectionByType - find section instance %x\n", Instance));\r | |
130 | Instance++;\r | |
131 | }\r | |
132 | } else {\r | |
133 | //\r | |
134 | // Skip other section type\r | |
135 | //\r | |
136 | DEBUG ((DEBUG_INFO, "GetSectionByType - other section type 0x%x\n", SectionHeader->Type));\r | |
137 | }\r | |
138 | \r | |
139 | //\r | |
140 | // Next Section\r | |
141 | //\r | |
142 | SectionHeader = (EFI_COMMON_SECTION_HEADER *)((UINTN)SectionHeader + ALIGN_VALUE(SectionSize, 4));\r | |
143 | }\r | |
144 | \r | |
145 | return FALSE;\r | |
146 | }\r | |
147 | \r | |
148 | /**\r | |
149 | Get FFS buffer pointer by FileName GUID and FileType.\r | |
150 | \r | |
151 | @param[in] FdStart The System Firmware FD image\r | |
152 | @param[in] FdSize The size of System Firmware FD image\r | |
153 | @param[in] FileName The FileName GUID of FFS to be found\r | |
154 | @param[in] Type The FileType of FFS to be found\r | |
155 | @param[out] OutFfsBuffer The FFS buffer found, including FFS_FILE_HEADER\r | |
156 | @param[out] OutFfsBufferSize The size of FFS buffer found, including FFS_FILE_HEADER\r | |
157 | \r | |
158 | @retval TRUE The FFS buffer is found.\r | |
159 | @retval FALSE The FFS buffer is not found.\r | |
160 | **/\r | |
161 | BOOLEAN\r | |
162 | GetFfsByName (\r | |
163 | IN VOID *FdStart,\r | |
164 | IN UINTN FdSize,\r | |
165 | IN EFI_GUID *FileName,\r | |
166 | IN EFI_FV_FILETYPE Type,\r | |
167 | OUT VOID **OutFfsBuffer,\r | |
168 | OUT UINTN *OutFfsBufferSize\r | |
169 | )\r | |
170 | {\r | |
171 | UINTN FvSize;\r | |
172 | EFI_FIRMWARE_VOLUME_HEADER *FvHeader;\r | |
173 | EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;\r | |
174 | EFI_FFS_FILE_HEADER *FfsHeader;\r | |
175 | UINT32 FfsSize;\r | |
176 | UINTN TestLength;\r | |
177 | BOOLEAN FvFound;\r | |
178 | \r | |
179 | DEBUG ((DEBUG_INFO, "GetFfsByName - FV: 0x%08x - 0x%08x\n", (UINTN)FdStart, (UINTN)FdSize));\r | |
180 | \r | |
181 | FvFound = FALSE;\r | |
182 | FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)FdStart;\r | |
183 | while ((UINTN)FvHeader < (UINTN)FdStart + FdSize - 1) {\r | |
184 | FvSize = (UINTN)FdStart + FdSize - (UINTN)FvHeader;\r | |
185 | \r | |
186 | if (FvHeader->Signature != EFI_FVH_SIGNATURE) {\r | |
187 | FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB);\r | |
188 | continue;\r | |
189 | }\r | |
190 | DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r | |
191 | FvFound = TRUE;\r | |
192 | if (FvHeader->FvLength > FvSize) {\r | |
193 | DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize));\r | |
194 | return FALSE;\r | |
195 | }\r | |
196 | FvSize = (UINTN)FvHeader->FvLength;\r | |
197 | \r | |
198 | //\r | |
199 | // Find FFS\r | |
200 | //\r | |
201 | if (FvHeader->ExtHeaderOffset != 0) {\r | |
202 | FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)((UINT8 *)FvHeader + FvHeader->ExtHeaderOffset);\r | |
203 | FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvExtHeader + FvExtHeader->ExtHeaderSize);\r | |
204 | } else {\r | |
205 | FfsHeader = (EFI_FFS_FILE_HEADER *)((UINT8 *)FvHeader + FvHeader->HeaderLength);\r | |
206 | }\r | |
207 | FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FvHeader + ALIGN_VALUE((UINTN)FfsHeader - (UINTN)FvHeader, 8));\r | |
208 | \r | |
209 | while ((UINTN)FfsHeader < (UINTN)FvHeader + FvSize - 1) {\r | |
210 | DEBUG((DEBUG_INFO, "GetFfsByName - FFS: 0x%08x\n", FfsHeader));\r | |
211 | TestLength = (UINTN)((UINTN)FvHeader + FvSize - (UINTN)FfsHeader);\r | |
212 | if (TestLength > sizeof(EFI_FFS_FILE_HEADER)) {\r | |
213 | TestLength = sizeof(EFI_FFS_FILE_HEADER);\r | |
214 | }\r | |
215 | if (IsBufferErased(1, FfsHeader, TestLength)) {\r | |
216 | break;\r | |
217 | }\r | |
218 | \r | |
219 | if (IS_FFS_FILE2(FfsHeader)) {\r | |
220 | FfsSize = FFS_FILE2_SIZE(FfsHeader);\r | |
221 | } else {\r | |
222 | FfsSize = FFS_FILE_SIZE(FfsHeader);\r | |
223 | }\r | |
224 | \r | |
225 | if (CompareGuid(FileName, &FfsHeader->Name) &&\r | |
226 | ((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) {\r | |
227 | //\r | |
228 | // Check section\r | |
229 | //\r | |
230 | *OutFfsBuffer = FfsHeader;\r | |
231 | *OutFfsBufferSize = FfsSize;\r | |
232 | return TRUE;\r | |
233 | } else {\r | |
234 | //\r | |
235 | // Any other type is not allowed\r | |
236 | //\r | |
237 | DEBUG((DEBUG_INFO, "GetFfsByName - other FFS type 0x%x, name %g\n", FfsHeader->Type, &FfsHeader->Name));\r | |
238 | }\r | |
239 | \r | |
240 | //\r | |
241 | // Next File\r | |
242 | //\r | |
243 | FfsHeader = (EFI_FFS_FILE_HEADER *)((UINTN)FfsHeader + ALIGN_VALUE(FfsSize, 8));\r | |
244 | }\r | |
245 | \r | |
246 | //\r | |
247 | // Next FV\r | |
248 | //\r | |
249 | FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength);\r | |
250 | DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r | |
251 | }\r | |
252 | \r | |
253 | if (!FvFound) {\r | |
254 | DEBUG((DEBUG_ERROR, "GetFfsByName - NO FV Found\n"));\r | |
255 | }\r | |
256 | return FALSE;\r | |
257 | }\r | |
258 | \r | |
259 | /**\r | |
260 | Extract the driver FV from an authenticated image.\r | |
261 | \r | |
262 | @param[in] AuthenticatedImage The authenticated capsule image.\r | |
263 | @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r | |
264 | @param[out] DriverFvImage The driver FV image.\r | |
265 | @param[out] DriverFvImageSize The size of the driver FV image in bytes.\r | |
266 | \r | |
267 | @retval TRUE The driver Fv is extracted.\r | |
268 | @retval FALSE The driver Fv is not extracted.\r | |
269 | **/\r | |
270 | BOOLEAN\r | |
271 | EFIAPI\r | |
272 | ExtractDriverFvImage (\r | |
273 | IN VOID *AuthenticatedImage,\r | |
274 | IN UINTN AuthenticatedImageSize,\r | |
275 | OUT VOID **DriverFvImage,\r | |
276 | OUT UINTN *DriverFvImageSize\r | |
277 | )\r | |
278 | {\r | |
279 | BOOLEAN Result;\r | |
280 | UINT32 FileHeaderSize;\r | |
281 | \r | |
282 | *DriverFvImage = NULL;\r | |
283 | *DriverFvImageSize = 0;\r | |
284 | \r | |
285 | Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleDriverFvFileGuid, EFI_FV_FILETYPE_RAW, DriverFvImage, DriverFvImageSize);\r | |
286 | if (!Result) {\r | |
287 | return FALSE;\r | |
288 | }\r | |
289 | \r | |
290 | if (IS_FFS_FILE2(*DriverFvImage)) {\r | |
291 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r | |
292 | } else {\r | |
293 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r | |
294 | }\r | |
295 | *DriverFvImage = (UINT8 *)*DriverFvImage + FileHeaderSize;\r | |
296 | *DriverFvImageSize = *DriverFvImageSize - FileHeaderSize;\r | |
297 | \r | |
298 | return Result;\r | |
299 | }\r | |
300 | \r | |
301 | /**\r | |
302 | Extract the config image from an authenticated image.\r | |
303 | \r | |
304 | @param[in] AuthenticatedImage The authenticated capsule image.\r | |
305 | @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r | |
306 | @param[out] ConfigImage The config image.\r | |
307 | @param[out] ConfigImageSize The size of the config image in bytes.\r | |
308 | \r | |
309 | @retval TRUE The config image is extracted.\r | |
310 | @retval FALSE The config image is not extracted.\r | |
311 | **/\r | |
312 | BOOLEAN\r | |
313 | EFIAPI\r | |
314 | ExtractConfigImage (\r | |
315 | IN VOID *AuthenticatedImage,\r | |
316 | IN UINTN AuthenticatedImageSize,\r | |
317 | OUT VOID **ConfigImage,\r | |
318 | OUT UINTN *ConfigImageSize\r | |
319 | )\r | |
320 | {\r | |
321 | BOOLEAN Result;\r | |
322 | UINT32 FileHeaderSize;\r | |
323 | \r | |
324 | *ConfigImage = NULL;\r | |
325 | *ConfigImageSize = 0;\r | |
326 | \r | |
327 | Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &gEdkiiSystemFmpCapsuleConfigFileGuid, EFI_FV_FILETYPE_RAW, ConfigImage, ConfigImageSize);\r | |
328 | if (!Result) {\r | |
329 | return FALSE;\r | |
330 | }\r | |
331 | \r | |
332 | if (IS_FFS_FILE2(*ConfigImage)) {\r | |
333 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r | |
334 | } else {\r | |
335 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r | |
336 | }\r | |
337 | *ConfigImage = (UINT8 *)*ConfigImage + FileHeaderSize;\r | |
338 | *ConfigImageSize = *ConfigImageSize - FileHeaderSize;\r | |
339 | \r | |
340 | return Result;\r | |
341 | }\r | |
342 | \r | |
343 | /**\r | |
344 | Extract the authenticated image from an FMP capsule image.\r | |
345 | \r | |
346 | Caution: This function may receive untrusted input.\r | |
347 | \r | |
348 | @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r | |
349 | @param[in] ImageSize The size of FMP capsule image in bytes.\r | |
350 | @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r | |
351 | @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r | |
352 | @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r | |
353 | \r | |
354 | @retval TRUE The authenticated image is extracted.\r | |
355 | @retval FALSE The authenticated image is not extracted.\r | |
356 | **/\r | |
357 | BOOLEAN\r | |
358 | EFIAPI\r | |
359 | ExtractAuthenticatedImage (\r | |
360 | IN VOID *Image,\r | |
361 | IN UINTN ImageSize,\r | |
362 | OUT UINT32 *LastAttemptStatus,\r | |
363 | OUT VOID **AuthenticatedImage,\r | |
364 | OUT UINTN *AuthenticatedImageSize\r | |
365 | )\r | |
366 | {\r | |
367 | EFI_FIRMWARE_IMAGE_AUTHENTICATION *ImageAuth;\r | |
368 | EFI_STATUS Status;\r | |
369 | GUID *CertType;\r | |
370 | VOID *PublicKeyData;\r | |
371 | UINTN PublicKeyDataLength;\r | |
372 | \r | |
373 | DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize));\r | |
374 | \r | |
375 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r | |
376 | if ((Image == NULL) || (ImageSize == 0)) {\r | |
377 | return FALSE;\r | |
378 | }\r | |
379 | \r | |
380 | ImageAuth = (EFI_FIRMWARE_IMAGE_AUTHENTICATION *)Image;\r | |
381 | if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) {\r | |
382 | DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));\r | |
383 | return FALSE;\r | |
384 | }\r | |
385 | if (ImageAuth->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {\r | |
386 | DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n"));\r | |
387 | return FALSE;\r | |
388 | }\r | |
ce5354d6 | 389 | if ((UINTN) ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {\r |
e29caef2 JY |
390 | DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n"));\r |
391 | return FALSE;\r | |
392 | }\r | |
393 | if (ImageSize <= sizeof(ImageAuth->MonotonicCount) + ImageAuth->AuthInfo.Hdr.dwLength) {\r | |
394 | DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - ImageSize too small\n"));\r | |
395 | return FALSE;\r | |
396 | }\r | |
397 | if (ImageAuth->AuthInfo.Hdr.wRevision != 0x0200) {\r | |
398 | DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wRevision, (UINTN)0x0200));\r | |
399 | return FALSE;\r | |
400 | }\r | |
401 | if (ImageAuth->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {\r | |
402 | DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)ImageAuth->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));\r | |
403 | return FALSE;\r | |
404 | }\r | |
405 | \r | |
406 | CertType = &ImageAuth->AuthInfo.CertType;\r | |
407 | DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - CertType: %g\n", CertType));\r | |
408 | \r | |
409 | if (CompareGuid(&gEfiCertPkcs7Guid, CertType)) {\r | |
410 | PublicKeyData = PcdGetPtr(PcdPkcs7CertBuffer);\r | |
411 | PublicKeyDataLength = PcdGetSize(PcdPkcs7CertBuffer);\r | |
412 | } else if (CompareGuid(&gEfiCertTypeRsa2048Sha256Guid, CertType)) {\r | |
413 | PublicKeyData = PcdGetPtr(PcdRsa2048Sha256PublicKeyBuffer);\r | |
414 | PublicKeyDataLength = PcdGetSize(PcdRsa2048Sha256PublicKeyBuffer);\r | |
415 | } else {\r | |
416 | return FALSE;\r | |
417 | }\r | |
7e6e4f96 JY |
418 | ASSERT (PublicKeyData != NULL);\r |
419 | ASSERT (PublicKeyDataLength != 0);\r | |
e29caef2 JY |
420 | \r |
421 | Status = AuthenticateFmpImage(\r | |
422 | ImageAuth,\r | |
423 | ImageSize,\r | |
424 | PublicKeyData,\r | |
425 | PublicKeyDataLength\r | |
426 | );\r | |
427 | switch (Status) {\r | |
428 | case RETURN_SUCCESS:\r | |
429 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;\r | |
430 | break;\r | |
431 | case RETURN_SECURITY_VIOLATION:\r | |
432 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR;\r | |
433 | break;\r | |
434 | case RETURN_INVALID_PARAMETER:\r | |
435 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r | |
436 | break;\r | |
437 | case RETURN_UNSUPPORTED:\r | |
438 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r | |
439 | break;\r | |
440 | case RETURN_OUT_OF_RESOURCES:\r | |
441 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES;\r | |
442 | break;\r | |
443 | default:\r | |
444 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;\r | |
445 | break;\r | |
446 | }\r | |
447 | if (EFI_ERROR(Status)) {\r | |
448 | return FALSE;\r | |
449 | }\r | |
450 | \r | |
451 | if (AuthenticatedImage != NULL) {\r | |
452 | *AuthenticatedImage = (UINT8 *)ImageAuth + ImageAuth->AuthInfo.Hdr.dwLength + sizeof(ImageAuth->MonotonicCount);\r | |
453 | }\r | |
454 | if (AuthenticatedImageSize != NULL) {\r | |
455 | *AuthenticatedImageSize = ImageSize - ImageAuth->AuthInfo.Hdr.dwLength - sizeof(ImageAuth->MonotonicCount);\r | |
456 | }\r | |
457 | return TRUE;\r | |
458 | }\r | |
459 | \r | |
460 | /**\r | |
461 | Extract ImageFmpInfo from system firmware.\r | |
462 | \r | |
463 | @param[in] SystemFirmwareImage The System Firmware image.\r | |
464 | @param[in] SystemFirmwareImageSize The size of the System Firmware image in bytes.\r | |
465 | @param[out] ImageFmpInfo The ImageFmpInfo.\r | |
466 | @param[out] ImageFmpInfoSize The size of the ImageFmpInfo in bytes.\r | |
467 | \r | |
468 | @retval TRUE The ImageFmpInfo is extracted.\r | |
469 | @retval FALSE The ImageFmpInfo is not extracted.\r | |
470 | **/\r | |
471 | BOOLEAN\r | |
472 | EFIAPI\r | |
473 | ExtractSystemFirmwareImageFmpInfo (\r | |
474 | IN VOID *SystemFirmwareImage,\r | |
475 | IN UINTN SystemFirmwareImageSize,\r | |
476 | OUT EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR **ImageFmpInfo,\r | |
477 | OUT UINTN *ImageFmpInfoSize\r | |
478 | )\r | |
479 | {\r | |
480 | BOOLEAN Result;\r | |
481 | UINT32 SectionHeaderSize;\r | |
482 | UINT32 FileHeaderSize;\r | |
483 | \r | |
484 | *ImageFmpInfo = NULL;\r | |
485 | *ImageFmpInfoSize = 0;\r | |
486 | \r | |
487 | Result = GetFfsByName(SystemFirmwareImage, SystemFirmwareImageSize, &gEdkiiSystemFirmwareImageDescriptorFileGuid, EFI_FV_FILETYPE_ALL, (VOID **)ImageFmpInfo, ImageFmpInfoSize);\r | |
488 | if (!Result) {\r | |
489 | return FALSE;\r | |
490 | }\r | |
491 | if (IS_FFS_FILE2 (*ImageFmpInfo)) {\r | |
492 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r | |
493 | } else {\r | |
494 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r | |
495 | }\r | |
496 | *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + FileHeaderSize);\r | |
497 | *ImageFmpInfoSize = *ImageFmpInfoSize - FileHeaderSize;\r | |
498 | \r | |
499 | Result = GetSectionByType(*ImageFmpInfo, (UINT32)*ImageFmpInfoSize, EFI_SECTION_RAW, 0, (VOID **)ImageFmpInfo, ImageFmpInfoSize);\r | |
500 | if (!Result) {\r | |
501 | return FALSE;\r | |
502 | }\r | |
503 | if (IS_SECTION2(*ImageFmpInfo)) {\r | |
504 | SectionHeaderSize = sizeof(EFI_RAW_SECTION2);\r | |
505 | } else {\r | |
506 | SectionHeaderSize = sizeof(EFI_RAW_SECTION);\r | |
507 | }\r | |
508 | *ImageFmpInfo = (VOID *)((UINT8 *)*ImageFmpInfo + SectionHeaderSize);\r | |
509 | *ImageFmpInfoSize = *ImageFmpInfoSize - SectionHeaderSize;\r | |
510 | \r | |
511 | return TRUE;\r | |
512 | }\r | |
513 | \r | |
514 | /**\r | |
515 | Extract the System Firmware image from an authenticated image.\r | |
516 | \r | |
517 | @param[in] AuthenticatedImage The authenticated capsule image.\r | |
518 | @param[in] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r | |
519 | @param[out] SystemFirmwareImage The System Firmware image.\r | |
520 | @param[out] SystemFirmwareImageSize The size of the System Firmware image in bytes.\r | |
521 | \r | |
522 | @retval TRUE The System Firmware image is extracted.\r | |
523 | @retval FALSE The System Firmware image is not extracted.\r | |
524 | **/\r | |
525 | BOOLEAN\r | |
526 | EFIAPI\r | |
527 | ExtractSystemFirmwareImage (\r | |
528 | IN VOID *AuthenticatedImage,\r | |
529 | IN UINTN AuthenticatedImageSize,\r | |
530 | OUT VOID **SystemFirmwareImage,\r | |
531 | OUT UINTN *SystemFirmwareImageSize\r | |
532 | )\r | |
533 | {\r | |
534 | BOOLEAN Result;\r | |
535 | UINT32 FileHeaderSize;\r | |
536 | \r | |
537 | *SystemFirmwareImage = NULL;\r | |
538 | *SystemFirmwareImageSize = 0;\r | |
539 | \r | |
540 | Result = GetFfsByName(AuthenticatedImage, AuthenticatedImageSize, &mEdkiiSystemFirmwareFileGuid, EFI_FV_FILETYPE_RAW, SystemFirmwareImage, SystemFirmwareImageSize);\r | |
541 | if (!Result) {\r | |
542 | // no nested FV, just return all data.\r | |
543 | *SystemFirmwareImage = AuthenticatedImage;\r | |
544 | *SystemFirmwareImageSize = AuthenticatedImageSize;\r | |
545 | \r | |
546 | return TRUE;\r | |
547 | }\r | |
548 | if (IS_FFS_FILE2 (*SystemFirmwareImage)) {\r | |
549 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER2);\r | |
550 | } else {\r | |
551 | FileHeaderSize = sizeof(EFI_FFS_FILE_HEADER);\r | |
552 | }\r | |
553 | *SystemFirmwareImage = (UINT8 *)*SystemFirmwareImage + FileHeaderSize;\r | |
554 | *SystemFirmwareImageSize = *SystemFirmwareImageSize - FileHeaderSize;\r | |
555 | \r | |
556 | return Result;\r | |
557 | }\r | |
558 | \r | |
559 | /**\r | |
560 | Authenticated system firmware FMP capsule image.\r | |
561 | \r | |
562 | Caution: This function may receive untrusted input.\r | |
563 | \r | |
564 | @param[in] Image The FMP capsule image, including EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r | |
565 | @param[in] ImageSize The size of FMP capsule image in bytes.\r | |
566 | @param[in] ForceVersionMatch TRUE: The version of capsule must be as same as the version of current image.\r | |
567 | FALSE: The version of capsule must be as same as greater than the lowest\r | |
568 | supported version of current image.\r | |
569 | @param[out] LastAttemptVersion The last attempt version, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r | |
570 | @param[out] LastAttemptStatus The last attempt status, which will be recorded in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.\r | |
571 | @param[out] AuthenticatedImage The authenticated capsule image, excluding EFI_FIRMWARE_IMAGE_AUTHENTICATION.\r | |
572 | @param[out] AuthenticatedImageSize The size of the authenticated capsule image in bytes.\r | |
573 | \r | |
574 | @retval TRUE Authentication passes and the authenticated image is extracted.\r | |
575 | @retval FALSE Authentication fails and the authenticated image is not extracted.\r | |
576 | **/\r | |
577 | EFI_STATUS\r | |
578 | EFIAPI\r | |
579 | CapsuleAuthenticateSystemFirmware (\r | |
580 | IN VOID *Image,\r | |
581 | IN UINTN ImageSize,\r | |
582 | IN BOOLEAN ForceVersionMatch,\r | |
583 | OUT UINT32 *LastAttemptVersion,\r | |
584 | OUT UINT32 *LastAttemptStatus,\r | |
585 | OUT VOID **AuthenticatedImage,\r | |
586 | OUT UINTN *AuthenticatedImageSize\r | |
587 | )\r | |
588 | {\r | |
589 | BOOLEAN Result;\r | |
590 | EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *ImageFmpInfo;\r | |
591 | UINTN ImageFmpInfoSize;\r | |
592 | EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR *CurrentImageFmpInfo;\r | |
593 | UINTN CurrentImageFmpInfoSize;\r | |
594 | VOID *SystemFirmwareImage;\r | |
595 | UINTN SystemFirmwareImageSize;\r | |
596 | \r | |
597 | *LastAttemptVersion = 0;\r | |
598 | \r | |
599 | //\r | |
600 | // NOTE: This function need run in an isolated environment.\r | |
601 | // Do not touch FMP protocol and its private structure.\r | |
602 | //\r | |
603 | \r | |
604 | Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);\r | |
605 | if (!Result) {\r | |
606 | DEBUG((DEBUG_INFO, "ExtractAuthenticatedImage - fail\n"));\r | |
607 | return EFI_SECURITY_VIOLATION;\r | |
608 | }\r | |
609 | \r | |
610 | DEBUG((DEBUG_INFO, "AuthenticatedImage - 0x%x - 0x%x\n", *AuthenticatedImage, *AuthenticatedImageSize));\r | |
611 | \r | |
612 | Result = ExtractSystemFirmwareImage(*AuthenticatedImage, *AuthenticatedImageSize, &SystemFirmwareImage, &SystemFirmwareImageSize);\r | |
613 | if (!Result) {\r | |
614 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r | |
615 | DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImage - fail\n"));\r | |
616 | return EFI_SECURITY_VIOLATION;\r | |
617 | }\r | |
618 | DEBUG((DEBUG_INFO, "SystemFirmwareImage - 0x%x - 0x%x\n", SystemFirmwareImage, SystemFirmwareImageSize));\r | |
619 | \r | |
620 | Result = ExtractSystemFirmwareImageFmpInfo(SystemFirmwareImage, SystemFirmwareImageSize, &ImageFmpInfo, &ImageFmpInfoSize);\r | |
621 | if (!Result) {\r | |
622 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT;\r | |
623 | DEBUG((DEBUG_INFO, "ExtractSystemFirmwareImageFmpInfo - fail\n"));\r | |
624 | return EFI_SECURITY_VIOLATION;\r | |
625 | }\r | |
626 | \r | |
627 | *LastAttemptVersion = ImageFmpInfo->Version;\r | |
628 | DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", ImageFmpInfo, ImageFmpInfoSize));\r | |
629 | DEBUG((DEBUG_INFO, "NewImage Version - 0x%x\n", ImageFmpInfo->Version));\r | |
630 | DEBUG((DEBUG_INFO, "NewImage LowestSupportedImageVersion - 0x%x\n", ImageFmpInfo->LowestSupportedImageVersion));\r | |
631 | \r | |
632 | CurrentImageFmpInfo = mImageFmpInfo;\r | |
633 | CurrentImageFmpInfoSize = mImageFmpInfoSize;\r | |
634 | \r | |
635 | DEBUG((DEBUG_INFO, "ImageFmpInfo - 0x%x - 0x%x\n", CurrentImageFmpInfo, CurrentImageFmpInfoSize));\r | |
636 | DEBUG((DEBUG_INFO, "Current Version - 0x%x\n", CurrentImageFmpInfo->Version));\r | |
637 | DEBUG((DEBUG_INFO, "Current LowestSupportedImageVersion - 0x%x\n", CurrentImageFmpInfo->LowestSupportedImageVersion));\r | |
638 | \r | |
639 | if (ForceVersionMatch) {\r | |
640 | if (CurrentImageFmpInfo->Version != ImageFmpInfo->Version) {\r | |
641 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;\r | |
642 | DEBUG((DEBUG_INFO, "ForceVersionMatch check - fail\n"));\r | |
643 | return EFI_SECURITY_VIOLATION;\r | |
644 | }\r | |
645 | } else {\r | |
646 | if (CurrentImageFmpInfo->Version < ImageFmpInfo->LowestSupportedImageVersion) {\r | |
647 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;\r | |
648 | DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n"));\r | |
649 | return EFI_SECURITY_VIOLATION;\r | |
650 | }\r | |
651 | }\r | |
652 | \r | |
653 | *LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;\r | |
654 | return EFI_SUCCESS;\r | |
655 | }\r | |
656 | \r | |
657 | /**\r | |
658 | The constructor function.\r | |
659 | \r | |
660 | @retval EFI_SUCCESS The constructor successfully .\r | |
661 | **/\r | |
662 | EFI_STATUS\r | |
663 | EFIAPI\r | |
664 | EdkiiSystemCapsuleLibConstructor (\r | |
665 | VOID\r | |
666 | )\r | |
667 | {\r | |
668 | mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);\r | |
669 | mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));\r | |
670 | ASSERT(mImageFmpInfo != NULL);\r | |
671 | CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));\r | |
672 | return EFI_SUCCESS;\r | |
673 | }\r |