| | 1 | /** @file\r |
| | 2 | Implement authentication services for the authenticated variable\r |
| | 3 | service in UEFI2.2.\r |
| | 4 | \r |
| | 5 | Caution: This module requires additional review when modified.\r |
| | 6 | This driver will have external input - variable data. It may be input in SMM mode.\r |
| | 7 | This external input must be validated carefully to avoid security issue like\r |
| | 8 | buffer overflow, integer overflow.\r |
| | 9 | Variable attribute should also be checked to avoid authentication bypass.\r |
| | 10 | \r |
| | 11 | ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do\r |
| | 12 | variable authentication.\r |
| | 13 | \r |
| | 14 | VerifyTimeBasedPayload() and VerifyCounterBasedPayload() are sub function to do verification.\r |
| | 15 | They will do basic validation for authentication data structure, then call crypto library\r |
| | 16 | to verify the signature.\r |
| | 17 | \r |
| | 18 | Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r |
| | 19 | This program and the accompanying materials\r |
| | 20 | are licensed and made available under the terms and conditions of the BSD License\r |
| | 21 | which accompanies this distribution. The full text of the license may be found at\r |
| | 22 | http://opensource.org/licenses/bsd-license.php\r |
| | 23 | \r |
| | 24 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r |
| | 25 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r |
| | 26 | \r |
| | 27 | **/\r |
| | 28 | \r |
| | 29 | #include "Variable.h"\r |
| | 30 | #include "AuthService.h"\r |
| | 31 | \r |
| | 32 | ///\r |
| | 33 | /// Global database array for scratch\r |
| | 34 | ///\r |
| | 35 | UINT8 mPubKeyStore[MAX_KEYDB_SIZE];\r |
| | 36 | UINT32 mPubKeyNumber;\r |
| | 37 | UINT32 mPlatformMode;\r |
| | 38 | EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};\r |
| | 39 | //\r |
| | 40 | // Public Exponent of RSA Key.\r |
| | 41 | //\r |
| | 42 | CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r |
| | 43 | //\r |
| | 44 | // Hash context pointer\r |
| | 45 | //\r |
| | 46 | VOID *mHashCtx = NULL;\r |
| | 47 | \r |
| | 48 | //\r |
| | 49 | // Pointer to runtime buffer.\r |
| | 50 | // For "Append" operation to an existing variable, a read/modify/write operation\r |
| | 51 | // is supported by firmware internally. Reserve runtime buffer to cache previous\r |
| | 52 | // variable data in runtime phase because memory allocation is forbidden in virtual mode.\r |
| | 53 | //\r |
| | 54 | VOID *mStorageArea = NULL;\r |
| | 55 | \r |
| | 56 | //\r |
| | 57 | // The serialization of the values of the VariableName, VendorGuid and Attributes\r |
| | 58 | // parameters of the SetVariable() call and the TimeStamp component of the\r |
| | 59 | // EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value\r |
| | 60 | // i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data)\r |
| | 61 | //\r |
| | 62 | UINT8 *mSerializationRuntimeBuffer = NULL;\r |
| | 63 | \r |
| | 64 | //\r |
| | 65 | // Requirement for different signature type which have been defined in UEFI spec.\r |
| | 66 | // These data are used to peform SignatureList format check while setting PK/KEK variable.\r |
| | 67 | //\r |
| | 68 | EFI_SIGNATURE_ITEM mSupportSigItem[] = {\r |
| | 69 | //{SigType, SigHeaderSize, SigDataSize }\r |
| | 70 | {EFI_CERT_SHA256_GUID, 0, 32 },\r |
| | 71 | {EFI_CERT_RSA2048_GUID, 0, 256 },\r |
| | 72 | {EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },\r |
| | 73 | {EFI_CERT_SHA1_GUID, 0, 20 },\r |
| | 74 | {EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },\r |
| | 75 | {EFI_CERT_X509_GUID, 0, ((UINT32) ~0)},\r |
| | 76 | {EFI_CERT_SHA224_GUID, 0, 28 },\r |
| | 77 | {EFI_CERT_SHA384_GUID, 0, 48 },\r |
| | 78 | {EFI_CERT_SHA512_GUID, 0, 64 }\r |
| | 79 | };\r |
| | 80 | \r |
| | 81 | /**\r |
| | 82 | Determine whether this operation needs a physical present user.\r |
| | 83 | \r |
| | 84 | @param[in] VariableName Name of the Variable.\r |
| | 85 | @param[in] VendorGuid GUID of the Variable.\r |
| | 86 | \r |
| | 87 | @retval TRUE This variable is protected, only a physical present user could set this variable.\r |
| | 88 | @retval FALSE This variable is not protected.\r |
| | 89 | \r |
| | 90 | **/\r |
| | 91 | BOOLEAN\r |
| | 92 | NeedPhysicallyPresent(\r |
| | 93 | IN CHAR16 *VariableName,\r |
| | 94 | IN EFI_GUID *VendorGuid\r |
| | 95 | )\r |
| | 96 | {\r |
| | 97 | if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))\r |
| | 98 | || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {\r |
| | 99 | return TRUE;\r |
| | 100 | }\r |
| | 101 | \r |
| | 102 | return FALSE;\r |
| | 103 | }\r |
| | 104 | \r |
| | 105 | /**\r |
| | 106 | Determine whether the platform is operating in Custom Secure Boot mode.\r |
| | 107 | \r |
| | 108 | @retval TRUE The platform is operating in Custom mode.\r |
| | 109 | @retval FALSE The platform is operating in Standard mode.\r |
| | 110 | \r |
| | 111 | **/\r |
| | 112 | BOOLEAN\r |
| | 113 | InCustomMode (\r |
| | 114 | VOID\r |
| | 115 | )\r |
| | 116 | {\r |
| | 117 | VARIABLE_POINTER_TRACK Variable;\r |
| | 118 | \r |
| | 119 | FindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r |
| | 120 | if (Variable.CurrPtr != NULL && *(GetVariableDataPtr (Variable.CurrPtr)) == CUSTOM_SECURE_BOOT_MODE) {\r |
| | 121 | return TRUE;\r |
| | 122 | }\r |
| | 123 | \r |
| | 124 | return FALSE;\r |
| | 125 | }\r |
| | 126 | \r |
| | 127 | \r |
| | 128 | /**\r |
| | 129 | Internal function to delete a Variable given its name and GUID, no authentication\r |
| | 130 | required.\r |
| | 131 | \r |
| | 132 | @param[in] VariableName Name of the Variable.\r |
| | 133 | @param[in] VendorGuid GUID of the Variable.\r |
| | 134 | \r |
| | 135 | @retval EFI_SUCCESS Variable deleted successfully.\r |
| | 136 | @retval Others The driver failded to start the device.\r |
| | 137 | \r |
| | 138 | **/\r |
| | 139 | EFI_STATUS\r |
| | 140 | DeleteVariable (\r |
| | 141 | IN CHAR16 *VariableName,\r |
| | 142 | IN EFI_GUID *VendorGuid\r |
| | 143 | )\r |
| | 144 | {\r |
| | 145 | EFI_STATUS Status;\r |
| | 146 | VARIABLE_POINTER_TRACK Variable;\r |
| | 147 | \r |
| | 148 | Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r |
| | 149 | if (EFI_ERROR (Status)) {\r |
| | 150 | return EFI_SUCCESS;\r |
| | 151 | }\r |
| | 152 | \r |
| | 153 | ASSERT (Variable.CurrPtr != NULL);\r |
| | 154 | return UpdateVariable (VariableName, VendorGuid, NULL, 0, 0, 0, 0, &Variable, NULL);\r |
| | 155 | }\r |
| | 156 | \r |
| | 157 | /**\r |
| | 158 | Initializes for authenticated varibale service.\r |
| | 159 | \r |
| | 160 | @retval EFI_SUCCESS Function successfully executed.\r |
| | 161 | @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resources.\r |
| | 162 | \r |
| | 163 | **/\r |
| | 164 | EFI_STATUS\r |
| | 165 | AutenticatedVariableServiceInitialize (\r |
| | 166 | VOID\r |
| | 167 | )\r |
| | 168 | {\r |
| | 169 | EFI_STATUS Status;\r |
| | 170 | VARIABLE_POINTER_TRACK Variable;\r |
| | 171 | VARIABLE_POINTER_TRACK PkVariable;\r |
| | 172 | UINT8 VarValue;\r |
| | 173 | UINT32 VarAttr;\r |
| | 174 | UINT8 *Data;\r |
| | 175 | UINTN DataSize;\r |
| | 176 | UINTN CtxSize;\r |
| | 177 | UINT8 SecureBootMode;\r |
| | 178 | UINT8 SecureBootEnable;\r |
| | 179 | UINT8 CustomMode;\r |
| | 180 | UINT32 ListSize;\r |
| | 181 | \r |
| | 182 | //\r |
| | 183 | // Initialize hash context.\r |
| | 184 | //\r |
| | 185 | CtxSize = Sha256GetContextSize ();\r |
| | 186 | mHashCtx = AllocateRuntimePool (CtxSize);\r |
| | 187 | if (mHashCtx == NULL) {\r |
| | 188 | return EFI_OUT_OF_RESOURCES;\r |
| | 189 | }\r |
| | 190 | \r |
| | 191 | //\r |
| | 192 | // Reserved runtime buffer for "Append" operation in virtual mode.\r |
| | 193 | //\r |
| | 194 | mStorageArea = AllocateRuntimePool (PcdGet32 (PcdMaxVariableSize));\r |
| | 195 | if (mStorageArea == NULL) {\r |
| | 196 | return EFI_OUT_OF_RESOURCES;\r |
| | 197 | }\r |
| | 198 | \r |
| | 199 | //\r |
| | 200 | // Prepare runtime buffer for serialized data of time-based authenticated\r |
| | 201 | // Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).\r |
| | 202 | //\r |
| | 203 | mSerializationRuntimeBuffer = AllocateRuntimePool (PcdGet32 (PcdMaxVariableSize) + sizeof (EFI_GUID) + sizeof (UINT32) + sizeof (EFI_TIME));\r |
| | 204 | if (mSerializationRuntimeBuffer == NULL) {\r |
| | 205 | return EFI_OUT_OF_RESOURCES;\r |
| | 206 | }\r |
| | 207 | \r |
| | 208 | //\r |
| | 209 | // Check "AuthVarKeyDatabase" variable's existence.\r |
| | 210 | // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r |
| | 211 | //\r |
| | 212 | Status = FindVariable (\r |
| | 213 | AUTHVAR_KEYDB_NAME,\r |
| | 214 | &gEfiAuthenticatedVariableGuid,\r |
| | 215 | &Variable,\r |
| | 216 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 217 | FALSE\r |
| | 218 | );\r |
| | 219 | \r |
| | 220 | if (Variable.CurrPtr == NULL) {\r |
| | 221 | VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r |
| | 222 | VarValue = 0;\r |
| | 223 | mPubKeyNumber = 0;\r |
| | 224 | Status = UpdateVariable (\r |
| | 225 | AUTHVAR_KEYDB_NAME,\r |
| | 226 | &gEfiAuthenticatedVariableGuid,\r |
| | 227 | &VarValue,\r |
| | 228 | sizeof(UINT8),\r |
| | 229 | VarAttr,\r |
| | 230 | 0,\r |
| | 231 | 0,\r |
| | 232 | &Variable,\r |
| | 233 | NULL\r |
| | 234 | );\r |
| | 235 | if (EFI_ERROR (Status)) {\r |
| | 236 | return Status;\r |
| | 237 | }\r |
| | 238 | } else {\r |
| | 239 | //\r |
| | 240 | // Load database in global variable for cache.\r |
| | 241 | //\r |
| | 242 | DataSize = DataSizeOfVariable (Variable.CurrPtr);\r |
| | 243 | Data = GetVariableDataPtr (Variable.CurrPtr);\r |
| | 244 | ASSERT ((DataSize != 0) && (Data != NULL));\r |
| | 245 | CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);\r |
| | 246 | mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);\r |
| | 247 | }\r |
| | 248 | \r |
| | 249 | FindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, &PkVariable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r |
| | 250 | if (PkVariable.CurrPtr == NULL) {\r |
| | 251 | DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));\r |
| | 252 | } else {\r |
| | 253 | DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));\r |
| | 254 | }\r |
| | 255 | \r |
| | 256 | //\r |
| | 257 | // Check "SetupMode" variable's existence.\r |
| | 258 | // If it doesn't exist, check PK database's existence to determine the value.\r |
| | 259 | // Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r |
| | 260 | //\r |
| | 261 | Status = FindVariable (\r |
| | 262 | EFI_SETUP_MODE_NAME,\r |
| | 263 | &gEfiGlobalVariableGuid,\r |
| | 264 | &Variable,\r |
| | 265 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 266 | FALSE\r |
| | 267 | );\r |
| | 268 | \r |
| | 269 | if (Variable.CurrPtr == NULL) {\r |
| | 270 | if (PkVariable.CurrPtr == NULL) {\r |
| | 271 | mPlatformMode = SETUP_MODE;\r |
| | 272 | } else {\r |
| | 273 | mPlatformMode = USER_MODE;\r |
| | 274 | }\r |
| | 275 | \r |
| | 276 | VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r |
| | 277 | Status = UpdateVariable (\r |
| | 278 | EFI_SETUP_MODE_NAME,\r |
| | 279 | &gEfiGlobalVariableGuid,\r |
| | 280 | &mPlatformMode,\r |
| | 281 | sizeof(UINT8),\r |
| | 282 | VarAttr,\r |
| | 283 | 0,\r |
| | 284 | 0,\r |
| | 285 | &Variable,\r |
| | 286 | NULL\r |
| | 287 | );\r |
| | 288 | if (EFI_ERROR (Status)) {\r |
| | 289 | return Status;\r |
| | 290 | }\r |
| | 291 | } else {\r |
| | 292 | mPlatformMode = *(GetVariableDataPtr (Variable.CurrPtr));\r |
| | 293 | }\r |
| | 294 | //\r |
| | 295 | // Check "SignatureSupport" variable's existence.\r |
| | 296 | // If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r |
| | 297 | //\r |
| | 298 | Status = FindVariable (\r |
| | 299 | EFI_SIGNATURE_SUPPORT_NAME,\r |
| | 300 | &gEfiGlobalVariableGuid,\r |
| | 301 | &Variable,\r |
| | 302 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 303 | FALSE\r |
| | 304 | );\r |
| | 305 | \r |
| | 306 | if (Variable.CurrPtr == NULL) {\r |
| | 307 | VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r |
| | 308 | Status = UpdateVariable (\r |
| | 309 | EFI_SIGNATURE_SUPPORT_NAME,\r |
| | 310 | &gEfiGlobalVariableGuid,\r |
| | 311 | mSignatureSupport,\r |
| | 312 | sizeof(mSignatureSupport),\r |
| | 313 | VarAttr,\r |
| | 314 | 0,\r |
| | 315 | 0,\r |
| | 316 | &Variable,\r |
| | 317 | NULL\r |
| | 318 | );\r |
| | 319 | }\r |
| | 320 | \r |
| | 321 | //\r |
| | 322 | // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r |
| | 323 | // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r |
| | 324 | // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r |
| | 325 | //\r |
| | 326 | SecureBootEnable = SECURE_BOOT_MODE_DISABLE;\r |
| | 327 | FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r |
| | 328 | if (Variable.CurrPtr != NULL) {\r |
| | 329 | SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));\r |
| | 330 | } else if (mPlatformMode == USER_MODE) {\r |
| | 331 | //\r |
| | 332 | // "SecureBootEnable" not exist, initialize it in USER_MODE.\r |
| | 333 | //\r |
| | 334 | SecureBootEnable = SECURE_BOOT_MODE_ENABLE;\r |
| | 335 | Status = UpdateVariable (\r |
| | 336 | EFI_SECURE_BOOT_ENABLE_NAME,\r |
| | 337 | &gEfiSecureBootEnableDisableGuid,\r |
| | 338 | &SecureBootEnable,\r |
| | 339 | sizeof (UINT8),\r |
| | 340 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r |
| | 341 | 0,\r |
| | 342 | 0,\r |
| | 343 | &Variable,\r |
| | 344 | NULL\r |
| | 345 | );\r |
| | 346 | if (EFI_ERROR (Status)) {\r |
| | 347 | return Status;\r |
| | 348 | }\r |
| | 349 | }\r |
| | 350 | \r |
| | 351 | if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {\r |
| | 352 | SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r |
| | 353 | } else {\r |
| | 354 | SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r |
| | 355 | }\r |
| | 356 | FindVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r |
| | 357 | Status = UpdateVariable (\r |
| | 358 | EFI_SECURE_BOOT_MODE_NAME,\r |
| | 359 | &gEfiGlobalVariableGuid,\r |
| | 360 | &SecureBootMode,\r |
| | 361 | sizeof (UINT8),\r |
| | 362 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,\r |
| | 363 | 0,\r |
| | 364 | 0,\r |
| | 365 | &Variable,\r |
| | 366 | NULL\r |
| | 367 | );\r |
| | 368 | if (EFI_ERROR (Status)) {\r |
| | 369 | return Status;\r |
| | 370 | }\r |
| | 371 | \r |
| | 372 | DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));\r |
| | 373 | DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));\r |
| | 374 | DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));\r |
| | 375 | \r |
| | 376 | //\r |
| | 377 | // Check "CustomMode" variable's existence.\r |
| | 378 | //\r |
| | 379 | FindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);\r |
| | 380 | if (Variable.CurrPtr != NULL) {\r |
| | 381 | CustomMode = *(GetVariableDataPtr (Variable.CurrPtr));\r |
| | 382 | } else {\r |
| | 383 | //\r |
| | 384 | // "CustomMode" not exist, initialize it in STANDARD_SECURE_BOOT_MODE.\r |
| | 385 | //\r |
| | 386 | CustomMode = STANDARD_SECURE_BOOT_MODE;\r |
| | 387 | Status = UpdateVariable (\r |
| | 388 | EFI_CUSTOM_MODE_NAME,\r |
| | 389 | &gEfiCustomModeEnableGuid,\r |
| | 390 | &CustomMode,\r |
| | 391 | sizeof (UINT8),\r |
| | 392 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r |
| | 393 | 0,\r |
| | 394 | 0,\r |
| | 395 | &Variable,\r |
| | 396 | NULL\r |
| | 397 | );\r |
| | 398 | if (EFI_ERROR (Status)) {\r |
| | 399 | return Status;\r |
| | 400 | }\r |
| | 401 | }\r |
| | 402 | \r |
| | 403 | DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));\r |
| | 404 | \r |
| | 405 | //\r |
| | 406 | // Check "certdb" variable's existence.\r |
| | 407 | // If it doesn't exist, then create a new one with \r |
| | 408 | // EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r |
| | 409 | //\r |
| | 410 | Status = FindVariable (\r |
| | 411 | EFI_CERT_DB_NAME,\r |
| | 412 | &gEfiCertDbGuid,\r |
| | 413 | &Variable,\r |
| | 414 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 415 | FALSE\r |
| | 416 | );\r |
| | 417 | \r |
| | 418 | if (Variable.CurrPtr == NULL) {\r |
| | 419 | VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r |
| | 420 | ListSize = 0;\r |
| | 421 | Status = UpdateVariable (\r |
| | 422 | EFI_CERT_DB_NAME,\r |
| | 423 | &gEfiCertDbGuid,\r |
| | 424 | &ListSize,\r |
| | 425 | sizeof (UINT32),\r |
| | 426 | VarAttr,\r |
| | 427 | 0,\r |
| | 428 | 0,\r |
| | 429 | &Variable,\r |
| | 430 | NULL\r |
| | 431 | );\r |
| | 432 | \r |
| | 433 | } \r |
| | 434 | \r |
| | 435 | return Status;\r |
| | 436 | }\r |
| | 437 | \r |
| | 438 | /**\r |
| | 439 | Add public key in store and return its index.\r |
| | 440 | \r |
| | 441 | @param[in] PubKey Input pointer to Public Key data\r |
| | 442 | \r |
| | 443 | @return Index of new added item\r |
| | 444 | \r |
| | 445 | **/\r |
| | 446 | UINT32\r |
| | 447 | AddPubKeyInStore (\r |
| | 448 | IN UINT8 *PubKey\r |
| | 449 | )\r |
| | 450 | {\r |
| | 451 | EFI_STATUS Status;\r |
| | 452 | BOOLEAN IsFound;\r |
| | 453 | UINT32 Index;\r |
| | 454 | VARIABLE_POINTER_TRACK Variable;\r |
| | 455 | UINT8 *Ptr;\r |
| | 456 | \r |
| | 457 | if (PubKey == NULL) {\r |
| | 458 | return 0;\r |
| | 459 | }\r |
| | 460 | \r |
| | 461 | Status = FindVariable (\r |
| | 462 | AUTHVAR_KEYDB_NAME,\r |
| | 463 | &gEfiAuthenticatedVariableGuid,\r |
| | 464 | &Variable,\r |
| | 465 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 466 | FALSE\r |
| | 467 | );\r |
| | 468 | ASSERT_EFI_ERROR (Status);\r |
| | 469 | //\r |
| | 470 | // Check whether the public key entry does exist.\r |
| | 471 | //\r |
| | 472 | IsFound = FALSE;\r |
| | 473 | for (Ptr = mPubKeyStore, Index = 1; Index <= mPubKeyNumber; Index++) {\r |
| | 474 | if (CompareMem (Ptr, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {\r |
| | 475 | IsFound = TRUE;\r |
| | 476 | break;\r |
| | 477 | }\r |
| | 478 | Ptr += EFI_CERT_TYPE_RSA2048_SIZE;\r |
| | 479 | }\r |
| | 480 | \r |
| | 481 | if (!IsFound) {\r |
| | 482 | //\r |
| | 483 | // Add public key in database.\r |
| | 484 | //\r |
| | 485 | if (mPubKeyNumber == MAX_KEY_NUM) {\r |
| | 486 | //\r |
| | 487 | // Notes: Database is full, need enhancement here, currently just return 0.\r |
| | 488 | //\r |
| | 489 | return 0;\r |
| | 490 | }\r |
| | 491 | \r |
| | 492 | CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);\r |
| | 493 | Index = ++mPubKeyNumber;\r |
| | 494 | //\r |
| | 495 | // Update public key database variable.\r |
| | 496 | //\r |
| | 497 | Status = UpdateVariable (\r |
| | 498 | AUTHVAR_KEYDB_NAME,\r |
| | 499 | &gEfiAuthenticatedVariableGuid,\r |
| | 500 | mPubKeyStore,\r |
| | 501 | mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE,\r |
| | 502 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,\r |
| | 503 | 0,\r |
| | 504 | 0,\r |
| | 505 | &Variable,\r |
| | 506 | NULL\r |
| | 507 | );\r |
| | 508 | ASSERT_EFI_ERROR (Status);\r |
| | 509 | }\r |
| | 510 | \r |
| | 511 | return Index;\r |
| | 512 | }\r |
| | 513 | \r |
| | 514 | /**\r |
| | 515 | Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID type.\r |
| | 516 | Follow the steps in UEFI2.2.\r |
| | 517 | \r |
| | 518 | Caution: This function may receive untrusted input.\r |
| | 519 | This function may be invoked in SMM mode, and datasize and data are external input.\r |
| | 520 | This function will do basic validation, before parse the data.\r |
| | 521 | This function will parse the authentication carefully to avoid security issues, like\r |
| | 522 | buffer overflow, integer overflow.\r |
| | 523 | \r |
| | 524 | @param[in] Data Pointer to data with AuthInfo.\r |
| | 525 | @param[in] DataSize Size of Data.\r |
| | 526 | @param[in] PubKey Public key used for verification.\r |
| | 527 | \r |
| | 528 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r |
| | 529 | @retval EFI_SECURITY_VIOLATION If authentication failed.\r |
| | 530 | @retval EFI_SUCCESS Authentication successful.\r |
| | 531 | \r |
| | 532 | **/\r |
| | 533 | EFI_STATUS\r |
| | 534 | VerifyCounterBasedPayload (\r |
| | 535 | IN UINT8 *Data,\r |
| | 536 | IN UINTN DataSize,\r |
| | 537 | IN UINT8 *PubKey\r |
| | 538 | )\r |
| | 539 | {\r |
| | 540 | BOOLEAN Status;\r |
| | 541 | EFI_VARIABLE_AUTHENTICATION *CertData;\r |
| | 542 | EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;\r |
| | 543 | UINT8 Digest[SHA256_DIGEST_SIZE];\r |
| | 544 | VOID *Rsa;\r |
| | 545 | \r |
| | 546 | Rsa = NULL;\r |
| | 547 | CertData = NULL;\r |
| | 548 | CertBlock = NULL;\r |
| | 549 | \r |
| | 550 | if (Data == NULL || PubKey == NULL) {\r |
| | 551 | return EFI_INVALID_PARAMETER;\r |
| | 552 | }\r |
| | 553 | \r |
| | 554 | CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;\r |
| | 555 | CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);\r |
| | 556 | \r |
| | 557 | //\r |
| | 558 | // wCertificateType should be WIN_CERT_TYPE_EFI_GUID.\r |
| | 559 | // Cert type should be EFI_CERT_TYPE_RSA2048_SHA256_GUID.\r |
| | 560 | //\r |
| | 561 | if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||\r |
| | 562 | !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertTypeRsa2048Sha256Guid)\r |
| | 563 | ) {\r |
| | 564 | //\r |
| | 565 | // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.\r |
| | 566 | //\r |
| | 567 | return EFI_SECURITY_VIOLATION;\r |
| | 568 | }\r |
| | 569 | //\r |
| | 570 | // Hash data payload with SHA256.\r |
| | 571 | //\r |
| | 572 | ZeroMem (Digest, SHA256_DIGEST_SIZE);\r |
| | 573 | Status = Sha256Init (mHashCtx);\r |
| | 574 | if (!Status) {\r |
| | 575 | goto Done;\r |
| | 576 | }\r |
| | 577 | Status = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, (UINTN) (DataSize - AUTHINFO_SIZE));\r |
| | 578 | if (!Status) {\r |
| | 579 | goto Done;\r |
| | 580 | }\r |
| | 581 | //\r |
| | 582 | // Hash Monotonic Count.\r |
| | 583 | //\r |
| | 584 | Status = Sha256Update (mHashCtx, &CertData->MonotonicCount, sizeof (UINT64));\r |
| | 585 | if (!Status) {\r |
| | 586 | goto Done;\r |
| | 587 | }\r |
| | 588 | Status = Sha256Final (mHashCtx, Digest);\r |
| | 589 | if (!Status) {\r |
| | 590 | goto Done;\r |
| | 591 | }\r |
| | 592 | //\r |
| | 593 | // Generate & Initialize RSA Context.\r |
| | 594 | //\r |
| | 595 | Rsa = RsaNew ();\r |
| | 596 | ASSERT (Rsa != NULL);\r |
| | 597 | //\r |
| | 598 | // Set RSA Key Components.\r |
| | 599 | // NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r |
| | 600 | //\r |
| | 601 | Status = RsaSetKey (Rsa, RsaKeyN, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);\r |
| | 602 | if (!Status) {\r |
| | 603 | goto Done;\r |
| | 604 | }\r |
| | 605 | Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));\r |
| | 606 | if (!Status) {\r |
| | 607 | goto Done;\r |
| | 608 | }\r |
| | 609 | //\r |
| | 610 | // Verify the signature.\r |
| | 611 | //\r |
| | 612 | Status = RsaPkcs1Verify (\r |
| | 613 | Rsa,\r |
| | 614 | Digest,\r |
| | 615 | SHA256_DIGEST_SIZE,\r |
| | 616 | CertBlock->Signature,\r |
| | 617 | EFI_CERT_TYPE_RSA2048_SHA256_SIZE\r |
| | 618 | );\r |
| | 619 | \r |
| | 620 | Done:\r |
| | 621 | if (Rsa != NULL) {\r |
| | 622 | RsaFree (Rsa);\r |
| | 623 | }\r |
| | 624 | if (Status) {\r |
| | 625 | return EFI_SUCCESS;\r |
| | 626 | } else {\r |
| | 627 | return EFI_SECURITY_VIOLATION;\r |
| | 628 | }\r |
| | 629 | }\r |
| | 630 | \r |
| | 631 | /**\r |
| | 632 | Update platform mode.\r |
| | 633 | \r |
| | 634 | @param[in] Mode SETUP_MODE or USER_MODE.\r |
| | 635 | \r |
| | 636 | @return EFI_INVALID_PARAMETER Invalid parameter.\r |
| | 637 | @return EFI_SUCCESS Update platform mode successfully.\r |
| | 638 | \r |
| | 639 | **/\r |
| | 640 | EFI_STATUS\r |
| | 641 | UpdatePlatformMode (\r |
| | 642 | IN UINT32 Mode\r |
| | 643 | )\r |
| | 644 | {\r |
| | 645 | EFI_STATUS Status;\r |
| | 646 | VARIABLE_POINTER_TRACK Variable;\r |
| | 647 | UINT32 VarAttr;\r |
| | 648 | UINT8 SecureBootMode;\r |
| | 649 | UINT8 SecureBootEnable;\r |
| | 650 | UINTN VariableDataSize;\r |
| | 651 | \r |
| | 652 | Status = FindVariable (\r |
| | 653 | EFI_SETUP_MODE_NAME,\r |
| | 654 | &gEfiGlobalVariableGuid,\r |
| | 655 | &Variable,\r |
| | 656 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 657 | FALSE\r |
| | 658 | );\r |
| | 659 | if (EFI_ERROR (Status)) {\r |
| | 660 | return Status;\r |
| | 661 | }\r |
| | 662 | \r |
| | 663 | mPlatformMode = Mode;\r |
| | 664 | VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r |
| | 665 | Status = UpdateVariable (\r |
| | 666 | EFI_SETUP_MODE_NAME,\r |
| | 667 | &gEfiGlobalVariableGuid,\r |
| | 668 | &mPlatformMode,\r |
| | 669 | sizeof(UINT8),\r |
| | 670 | VarAttr,\r |
| | 671 | 0,\r |
| | 672 | 0,\r |
| | 673 | &Variable,\r |
| | 674 | NULL\r |
| | 675 | );\r |
| | 676 | if (EFI_ERROR (Status)) {\r |
| | 677 | return Status;\r |
| | 678 | }\r |
| | 679 | \r |
| | 680 | if (AtRuntime ()) {\r |
| | 681 | //\r |
| | 682 | // SecureBoot Variable indicates whether the platform firmware is operating\r |
| | 683 | // in Secure boot mode (1) or not (0), so we should not change SecureBoot\r |
| | 684 | // Variable in runtime.\r |
| | 685 | //\r |
| | 686 | return Status;\r |
| | 687 | }\r |
| | 688 | \r |
| | 689 | //\r |
| | 690 | // Check "SecureBoot" variable's existence.\r |
| | 691 | // If it doesn't exist, firmware has no capability to perform driver signing verification,\r |
| | 692 | // then set "SecureBoot" to 0.\r |
| | 693 | //\r |
| | 694 | Status = FindVariable (\r |
| | 695 | EFI_SECURE_BOOT_MODE_NAME,\r |
| | 696 | &gEfiGlobalVariableGuid,\r |
| | 697 | &Variable,\r |
| | 698 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 699 | FALSE\r |
| | 700 | );\r |
| | 701 | //\r |
| | 702 | // If "SecureBoot" variable exists, then check "SetupMode" variable update.\r |
| | 703 | // If "SetupMode" variable is USER_MODE, "SecureBoot" variable is set to 1.\r |
| | 704 | // If "SetupMode" variable is SETUP_MODE, "SecureBoot" variable is set to 0.\r |
| | 705 | //\r |
| | 706 | if (Variable.CurrPtr == NULL) {\r |
| | 707 | SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r |
| | 708 | } else {\r |
| | 709 | if (mPlatformMode == USER_MODE) {\r |
| | 710 | SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r |
| | 711 | } else if (mPlatformMode == SETUP_MODE) {\r |
| | 712 | SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r |
| | 713 | } else {\r |
| | 714 | return EFI_NOT_FOUND;\r |
| | 715 | }\r |
| | 716 | }\r |
| | 717 | \r |
| | 718 | VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;\r |
| | 719 | Status = UpdateVariable (\r |
| | 720 | EFI_SECURE_BOOT_MODE_NAME,\r |
| | 721 | &gEfiGlobalVariableGuid,\r |
| | 722 | &SecureBootMode,\r |
| | 723 | sizeof(UINT8),\r |
| | 724 | VarAttr,\r |
| | 725 | 0,\r |
| | 726 | 0,\r |
| | 727 | &Variable,\r |
| | 728 | NULL\r |
| | 729 | );\r |
| | 730 | if (EFI_ERROR (Status)) {\r |
| | 731 | return Status;\r |
| | 732 | }\r |
| | 733 | \r |
| | 734 | //\r |
| | 735 | // Check "SecureBootEnable" variable's existence. It can enable/disable secure boot feature.\r |
| | 736 | //\r |
| | 737 | Status = FindVariable (\r |
| | 738 | EFI_SECURE_BOOT_ENABLE_NAME,\r |
| | 739 | &gEfiSecureBootEnableDisableGuid,\r |
| | 740 | &Variable,\r |
| | 741 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 742 | FALSE\r |
| | 743 | );\r |
| | 744 | \r |
| | 745 | if (SecureBootMode == SECURE_BOOT_MODE_ENABLE) {\r |
| | 746 | //\r |
| | 747 | // Create the "SecureBootEnable" variable as secure boot is enabled.\r |
| | 748 | //\r |
| | 749 | SecureBootEnable = SECURE_BOOT_ENABLE;\r |
| | 750 | VariableDataSize = sizeof (SecureBootEnable);\r |
| | 751 | } else {\r |
| | 752 | //\r |
| | 753 | // Delete the "SecureBootEnable" variable if this variable exist as "SecureBoot"\r |
| | 754 | // variable is not in secure boot state.\r |
| | 755 | //\r |
| | 756 | if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {\r |
| | 757 | return EFI_SUCCESS;\r |
| | 758 | }\r |
| | 759 | SecureBootEnable = SECURE_BOOT_DISABLE;\r |
| | 760 | VariableDataSize = 0;\r |
| | 761 | }\r |
| | 762 | \r |
| | 763 | Status = UpdateVariable (\r |
| | 764 | EFI_SECURE_BOOT_ENABLE_NAME,\r |
| | 765 | &gEfiSecureBootEnableDisableGuid,\r |
| | 766 | &SecureBootEnable,\r |
| | 767 | VariableDataSize,\r |
| | 768 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r |
| | 769 | 0,\r |
| | 770 | 0,\r |
| | 771 | &Variable,\r |
| | 772 | NULL\r |
| | 773 | );\r |
| | 774 | return Status;\r |
| | 775 | }\r |
| | 776 | \r |
| | 777 | /**\r |
| | 778 | Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK variable.\r |
| | 779 | \r |
| | 780 | @param[in] VariableName Name of Variable to be check.\r |
| | 781 | @param[in] VendorGuid Variable vendor GUID.\r |
| | 782 | @param[in] Data Point to the variable data to be checked.\r |
| | 783 | @param[in] DataSize Size of Data.\r |
| | 784 | \r |
| | 785 | @return EFI_INVALID_PARAMETER Invalid signature list format.\r |
| | 786 | @return EFI_SUCCESS Passed signature list format check successfully.\r |
| | 787 | \r |
| | 788 | **/\r |
| | 789 | EFI_STATUS\r |
| | 790 | CheckSignatureListFormat(\r |
| | 791 | IN CHAR16 *VariableName,\r |
| | 792 | IN EFI_GUID *VendorGuid,\r |
| | 793 | IN VOID *Data,\r |
| | 794 | IN UINTN DataSize\r |
| | 795 | )\r |
| | 796 | {\r |
| | 797 | EFI_SIGNATURE_LIST *SigList;\r |
| | 798 | UINTN SigDataSize;\r |
| | 799 | UINT32 Index;\r |
| | 800 | UINT32 SigCount;\r |
| | 801 | BOOLEAN IsPk;\r |
| | 802 | \r |
| | 803 | if (DataSize == 0) {\r |
| | 804 | return EFI_SUCCESS;\r |
| | 805 | }\r |
| | 806 | \r |
| | 807 | ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL);\r |
| | 808 | \r |
| | 809 | if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){\r |
| | 810 | IsPk = TRUE;\r |
| | 811 | } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {\r |
| | 812 | IsPk = FALSE;\r |
| | 813 | } else {\r |
| | 814 | return EFI_SUCCESS;\r |
| | 815 | }\r |
| | 816 | \r |
| | 817 | SigCount = 0;\r |
| | 818 | SigList = (EFI_SIGNATURE_LIST *) Data;\r |
| | 819 | SigDataSize = DataSize;\r |
| | 820 | \r |
| | 821 | //\r |
| | 822 | // Walk throuth the input signature list and check the data format.\r |
| | 823 | // If any signature is incorrectly formed, the whole check will fail.\r |
| | 824 | //\r |
| | 825 | while ((SigDataSize > 0) && (SigDataSize >= SigList->SignatureListSize)) {\r |
| | 826 | for (Index = 0; Index < (sizeof (mSupportSigItem) / sizeof (EFI_SIGNATURE_ITEM)); Index++ ) {\r |
| | 827 | if (CompareGuid (&SigList->SignatureType, &mSupportSigItem[Index].SigType)) {\r |
| | 828 | //\r |
| | 829 | // The value of SignatureSize should always be 16 (size of SignatureOwner \r |
| | 830 | // component) add the data length according to signature type.\r |
| | 831 | //\r |
| | 832 | if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) && \r |
| | 833 | (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {\r |
| | 834 | return EFI_INVALID_PARAMETER;\r |
| | 835 | }\r |
| | 836 | if (mSupportSigItem[Index].SigHeaderSize != ((UINTN) ~0) &&\r |
| | 837 | SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) {\r |
| | 838 | return EFI_INVALID_PARAMETER;\r |
| | 839 | }\r |
| | 840 | break;\r |
| | 841 | }\r |
| | 842 | }\r |
| | 843 | \r |
| | 844 | if (Index == (sizeof (mSupportSigItem) / sizeof (EFI_SIGNATURE_ITEM))) {\r |
| | 845 | //\r |
| | 846 | // Undefined signature type.\r |
| | 847 | //\r |
| | 848 | return EFI_INVALID_PARAMETER;\r |
| | 849 | }\r |
| | 850 | \r |
| | 851 | if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {\r |
| | 852 | return EFI_INVALID_PARAMETER;\r |
| | 853 | }\r |
| | 854 | SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;\r |
| | 855 | \r |
| | 856 | SigDataSize -= SigList->SignatureListSize;\r |
| | 857 | SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize);\r |
| | 858 | }\r |
| | 859 | \r |
| | 860 | if (((UINTN) SigList - (UINTN) Data) != DataSize) {\r |
| | 861 | return EFI_INVALID_PARAMETER;\r |
| | 862 | }\r |
| | 863 | \r |
| | 864 | if (IsPk && SigCount > 1) {\r |
| | 865 | return EFI_INVALID_PARAMETER;\r |
| | 866 | }\r |
| | 867 | \r |
| | 868 | return EFI_SUCCESS;\r |
| | 869 | }\r |
| | 870 | \r |
| | 871 | /**\r |
| | 872 | Process variable with platform key for verification.\r |
| | 873 | \r |
| | 874 | Caution: This function may receive untrusted input.\r |
| | 875 | This function may be invoked in SMM mode, and datasize and data are external input.\r |
| | 876 | This function will do basic validation, before parse the data.\r |
| | 877 | This function will parse the authentication carefully to avoid security issues, like\r |
| | 878 | buffer overflow, integer overflow.\r |
| | 879 | This function will check attribute carefully to avoid authentication bypass.\r |
| | 880 | \r |
| | 881 | @param[in] VariableName Name of Variable to be found.\r |
| | 882 | @param[in] VendorGuid Variable vendor GUID.\r |
| | 883 | @param[in] Data Data pointer.\r |
| | 884 | @param[in] DataSize Size of Data found. If size is less than the\r |
| | 885 | data, this value contains the required size.\r |
| | 886 | @param[in] Variable The variable information which is used to keep track of variable usage.\r |
| | 887 | @param[in] Attributes Attribute value of the variable\r |
| | 888 | @param[in] IsPk Indicate whether it is to process pk.\r |
| | 889 | \r |
| | 890 | @return EFI_INVALID_PARAMETER Invalid parameter.\r |
| | 891 | @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation.\r |
| | 892 | check carried out by the firmware.\r |
| | 893 | @return EFI_SUCCESS Variable passed validation successfully.\r |
| | 894 | \r |
| | 895 | **/\r |
| | 896 | EFI_STATUS\r |
| | 897 | ProcessVarWithPk (\r |
| | 898 | IN CHAR16 *VariableName,\r |
| | 899 | IN EFI_GUID *VendorGuid,\r |
| | 900 | IN VOID *Data,\r |
| | 901 | IN UINTN DataSize,\r |
| | 902 | IN VARIABLE_POINTER_TRACK *Variable,\r |
| | 903 | IN UINT32 Attributes OPTIONAL,\r |
| | 904 | IN BOOLEAN IsPk\r |
| | 905 | )\r |
| | 906 | {\r |
| | 907 | EFI_STATUS Status;\r |
| | 908 | BOOLEAN Del;\r |
| | 909 | UINT8 *Payload;\r |
| | 910 | UINTN PayloadSize;\r |
| | 911 | \r |
| | 912 | if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || \r |
| | 913 | (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {\r |
| | 914 | //\r |
| | 915 | // PK and KEK should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based\r |
| | 916 | // authenticated variable.\r |
| | 917 | //\r |
| | 918 | return EFI_INVALID_PARAMETER;\r |
| | 919 | }\r |
| | 920 | \r |
| | 921 | if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {\r |
| | 922 | //\r |
| | 923 | // Verify against X509 Cert PK.\r |
| | 924 | //\r |
| | 925 | Del = FALSE;\r |
| | 926 | Status = VerifyTimeBasedPayload (\r |
| | 927 | VariableName,\r |
| | 928 | VendorGuid,\r |
| | 929 | Data,\r |
| | 930 | DataSize,\r |
| | 931 | Variable,\r |
| | 932 | Attributes,\r |
| | 933 | AuthVarTypePk,\r |
| | 934 | &Del\r |
| | 935 | );\r |
| | 936 | if (!EFI_ERROR (Status)) {\r |
| | 937 | //\r |
| | 938 | // If delete PK in user mode, need change to setup mode.\r |
| | 939 | //\r |
| | 940 | if (Del && IsPk) {\r |
| | 941 | Status = UpdatePlatformMode (SETUP_MODE);\r |
| | 942 | }\r |
| | 943 | }\r |
| | 944 | return Status;\r |
| | 945 | } else {\r |
| | 946 | //\r |
| | 947 | // Process PK or KEK in Setup mode or Custom Secure Boot mode.\r |
| | 948 | //\r |
| | 949 | Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);\r |
| | 950 | PayloadSize = DataSize - AUTHINFO2_SIZE (Data);\r |
| | 951 | \r |
| | 952 | Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);\r |
| | 953 | if (EFI_ERROR (Status)) {\r |
| | 954 | return Status;\r |
| | 955 | }\r |
| | 956 | \r |
| | 957 | Status = UpdateVariable (\r |
| | 958 | VariableName,\r |
| | 959 | VendorGuid,\r |
| | 960 | Payload,\r |
| | 961 | PayloadSize,\r |
| | 962 | Attributes,\r |
| | 963 | 0,\r |
| | 964 | 0,\r |
| | 965 | Variable,\r |
| | 966 | &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp\r |
| | 967 | );\r |
| | 968 | \r |
| | 969 | if (IsPk) {\r |
| | 970 | if (PayloadSize != 0) {\r |
| | 971 | //\r |
| | 972 | // If enroll PK in setup mode, need change to user mode.\r |
| | 973 | //\r |
| | 974 | Status = UpdatePlatformMode (USER_MODE);\r |
| | 975 | } else {\r |
| | 976 | //\r |
| | 977 | // If delete PK in custom mode, need change to setup mode.\r |
| | 978 | //\r |
| | 979 | UpdatePlatformMode (SETUP_MODE);\r |
| | 980 | }\r |
| | 981 | } \r |
| | 982 | }\r |
| | 983 | \r |
| | 984 | return Status;\r |
| | 985 | }\r |
| | 986 | \r |
| | 987 | /**\r |
| | 988 | Process variable with key exchange key for verification.\r |
| | 989 | \r |
| | 990 | Caution: This function may receive untrusted input.\r |
| | 991 | This function may be invoked in SMM mode, and datasize and data are external input.\r |
| | 992 | This function will do basic validation, before parse the data.\r |
| | 993 | This function will parse the authentication carefully to avoid security issues, like\r |
| | 994 | buffer overflow, integer overflow.\r |
| | 995 | This function will check attribute carefully to avoid authentication bypass.\r |
| | 996 | \r |
| | 997 | @param[in] VariableName Name of Variable to be found.\r |
| | 998 | @param[in] VendorGuid Variable vendor GUID.\r |
| | 999 | @param[in] Data Data pointer.\r |
| | 1000 | @param[in] DataSize Size of Data found. If size is less than the\r |
| | 1001 | data, this value contains the required size.\r |
| | 1002 | @param[in] Variable The variable information which is used to keep track of variable usage.\r |
| | 1003 | @param[in] Attributes Attribute value of the variable.\r |
| | 1004 | \r |
| | 1005 | @return EFI_INVALID_PARAMETER Invalid parameter.\r |
| | 1006 | @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r |
| | 1007 | check carried out by the firmware.\r |
| | 1008 | @return EFI_SUCCESS Variable pass validation successfully.\r |
| | 1009 | \r |
| | 1010 | **/\r |
| | 1011 | EFI_STATUS\r |
| | 1012 | ProcessVarWithKek (\r |
| | 1013 | IN CHAR16 *VariableName,\r |
| | 1014 | IN EFI_GUID *VendorGuid,\r |
| | 1015 | IN VOID *Data,\r |
| | 1016 | IN UINTN DataSize,\r |
| | 1017 | IN VARIABLE_POINTER_TRACK *Variable,\r |
| | 1018 | IN UINT32 Attributes OPTIONAL\r |
| | 1019 | )\r |
| | 1020 | {\r |
| | 1021 | EFI_STATUS Status;\r |
| | 1022 | UINT8 *Payload;\r |
| | 1023 | UINTN PayloadSize;\r |
| | 1024 | \r |
| | 1025 | if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||\r |
| | 1026 | (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {\r |
| | 1027 | //\r |
| | 1028 | // DB and DBX should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based\r |
| | 1029 | // authenticated variable.\r |
| | 1030 | //\r |
| | 1031 | return EFI_INVALID_PARAMETER;\r |
| | 1032 | }\r |
| | 1033 | \r |
| | 1034 | Status = EFI_SUCCESS;\r |
| | 1035 | if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {\r |
| | 1036 | //\r |
| | 1037 | // Time-based, verify against X509 Cert KEK.\r |
| | 1038 | //\r |
| | 1039 | return VerifyTimeBasedPayload (\r |
| | 1040 | VariableName,\r |
| | 1041 | VendorGuid,\r |
| | 1042 | Data,\r |
| | 1043 | DataSize,\r |
| | 1044 | Variable,\r |
| | 1045 | Attributes,\r |
| | 1046 | AuthVarTypeKek,\r |
| | 1047 | NULL\r |
| | 1048 | );\r |
| | 1049 | } else {\r |
| | 1050 | //\r |
| | 1051 | // If in setup mode or custom secure boot mode, no authentication needed.\r |
| | 1052 | //\r |
| | 1053 | Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);\r |
| | 1054 | PayloadSize = DataSize - AUTHINFO2_SIZE (Data);\r |
| | 1055 | \r |
| | 1056 | Status = UpdateVariable (\r |
| | 1057 | VariableName,\r |
| | 1058 | VendorGuid,\r |
| | 1059 | Payload,\r |
| | 1060 | PayloadSize,\r |
| | 1061 | Attributes,\r |
| | 1062 | 0,\r |
| | 1063 | 0,\r |
| | 1064 | Variable,\r |
| | 1065 | &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp\r |
| | 1066 | );\r |
| | 1067 | }\r |
| | 1068 | \r |
| | 1069 | return Status;\r |
| | 1070 | }\r |
| | 1071 | \r |
| | 1072 | /**\r |
| | 1073 | Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r |
| | 1074 | \r |
| | 1075 | Caution: This function may receive untrusted input.\r |
| | 1076 | This function may be invoked in SMM mode, and datasize and data are external input.\r |
| | 1077 | This function will do basic validation, before parse the data.\r |
| | 1078 | This function will parse the authentication carefully to avoid security issues, like\r |
| | 1079 | buffer overflow, integer overflow.\r |
| | 1080 | This function will check attribute carefully to avoid authentication bypass.\r |
| | 1081 | \r |
| | 1082 | @param[in] VariableName Name of Variable to be found.\r |
| | 1083 | @param[in] VendorGuid Variable vendor GUID.\r |
| | 1084 | \r |
| | 1085 | @param[in] Data Data pointer.\r |
| | 1086 | @param[in] DataSize Size of Data found. If size is less than the\r |
| | 1087 | data, this value contains the required size.\r |
| | 1088 | @param[in] Variable The variable information which is used to keep track of variable usage.\r |
| | 1089 | @param[in] Attributes Attribute value of the variable.\r |
| | 1090 | \r |
| | 1091 | @return EFI_INVALID_PARAMETER Invalid parameter.\r |
| | 1092 | @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with\r |
| | 1093 | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r |
| | 1094 | @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r |
| | 1095 | set, but the AuthInfo does NOT pass the validation\r |
| | 1096 | check carried out by the firmware.\r |
| | 1097 | @return EFI_SUCCESS Variable is not write-protected or pass validation successfully.\r |
| | 1098 | \r |
| | 1099 | **/\r |
| | 1100 | EFI_STATUS\r |
| | 1101 | ProcessVariable (\r |
| | 1102 | IN CHAR16 *VariableName,\r |
| | 1103 | IN EFI_GUID *VendorGuid,\r |
| | 1104 | IN VOID *Data,\r |
| | 1105 | IN UINTN DataSize,\r |
| | 1106 | IN VARIABLE_POINTER_TRACK *Variable,\r |
| | 1107 | IN UINT32 Attributes\r |
| | 1108 | )\r |
| | 1109 | {\r |
| | 1110 | EFI_STATUS Status;\r |
| | 1111 | BOOLEAN IsDeletion;\r |
| | 1112 | BOOLEAN IsFirstTime;\r |
| | 1113 | UINT8 *PubKey;\r |
| | 1114 | EFI_VARIABLE_AUTHENTICATION *CertData;\r |
| | 1115 | EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;\r |
| | 1116 | UINT32 KeyIndex;\r |
| | 1117 | UINT64 MonotonicCount;\r |
| | 1118 | \r |
| | 1119 | KeyIndex = 0;\r |
| | 1120 | CertData = NULL;\r |
| | 1121 | CertBlock = NULL;\r |
| | 1122 | PubKey = NULL;\r |
| | 1123 | IsDeletion = FALSE;\r |
| | 1124 | \r |
| | 1125 | if (NeedPhysicallyPresent(VariableName, VendorGuid) && !UserPhysicalPresent()) {\r |
| | 1126 | //\r |
| | 1127 | // This variable is protected, only physical present user could modify its value.\r |
| | 1128 | //\r |
| | 1129 | return EFI_SECURITY_VIOLATION;\r |
| | 1130 | }\r |
| | 1131 | \r |
| | 1132 | //\r |
| | 1133 | // Process Time-based Authenticated variable.\r |
| | 1134 | //\r |
| | 1135 | if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r |
| | 1136 | return VerifyTimeBasedPayload (\r |
| | 1137 | VariableName,\r |
| | 1138 | VendorGuid,\r |
| | 1139 | Data,\r |
| | 1140 | DataSize,\r |
| | 1141 | Variable,\r |
| | 1142 | Attributes,\r |
| | 1143 | AuthVarTypePriv,\r |
| | 1144 | NULL\r |
| | 1145 | );\r |
| | 1146 | }\r |
| | 1147 | \r |
| | 1148 | //\r |
| | 1149 | // Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS.\r |
| | 1150 | //\r |
| | 1151 | if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r |
| | 1152 | //\r |
| | 1153 | // Determine current operation type.\r |
| | 1154 | //\r |
| | 1155 | if (DataSize == AUTHINFO_SIZE) {\r |
| | 1156 | IsDeletion = TRUE;\r |
| | 1157 | }\r |
| | 1158 | //\r |
| | 1159 | // Determine whether this is the first time with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r |
| | 1160 | //\r |
| | 1161 | if (Variable->CurrPtr == NULL) {\r |
| | 1162 | IsFirstTime = TRUE;\r |
| | 1163 | } else if ((Variable->CurrPtr->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {\r |
| | 1164 | IsFirstTime = TRUE;\r |
| | 1165 | } else {\r |
| | 1166 | KeyIndex = Variable->CurrPtr->PubKeyIndex;\r |
| | 1167 | IsFirstTime = FALSE;\r |
| | 1168 | }\r |
| | 1169 | } else if ((Variable->CurrPtr != NULL) && \r |
| | 1170 | ((Variable->CurrPtr->Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)\r |
| | 1171 | ) {\r |
| | 1172 | //\r |
| | 1173 | // If the variable is already write-protected, it always needs authentication before update.\r |
| | 1174 | //\r |
| | 1175 | return EFI_WRITE_PROTECTED;\r |
| | 1176 | } else {\r |
| | 1177 | //\r |
| | 1178 | // If without EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, set and attributes collision.\r |
| | 1179 | // That means it is not authenticated variable, just update variable as usual.\r |
| | 1180 | //\r |
| | 1181 | Status = UpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes, 0, 0, Variable, NULL);\r |
| | 1182 | return Status;\r |
| | 1183 | }\r |
| | 1184 | \r |
| | 1185 | //\r |
| | 1186 | // Get PubKey and check Monotonic Count value corresponding to the variable.\r |
| | 1187 | //\r |
| | 1188 | CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;\r |
| | 1189 | CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);\r |
| | 1190 | PubKey = CertBlock->PublicKey;\r |
| | 1191 | \r |
| | 1192 | //\r |
| | 1193 | // Update Monotonic Count value.\r |
| | 1194 | //\r |
| | 1195 | MonotonicCount = CertData->MonotonicCount;\r |
| | 1196 | \r |
| | 1197 | if (!IsFirstTime) {\r |
| | 1198 | //\r |
| | 1199 | // Check input PubKey.\r |
| | 1200 | //\r |
| | 1201 | if (CompareMem (PubKey, mPubKeyStore + (KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {\r |
| | 1202 | return EFI_SECURITY_VIOLATION;\r |
| | 1203 | }\r |
| | 1204 | //\r |
| | 1205 | // Compare the current monotonic count and ensure that it is greater than the last SetVariable\r |
| | 1206 | // operation with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.\r |
| | 1207 | //\r |
| | 1208 | if (CertData->MonotonicCount <= Variable->CurrPtr->MonotonicCount) {\r |
| | 1209 | //\r |
| | 1210 | // Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.\r |
| | 1211 | //\r |
| | 1212 | return EFI_SECURITY_VIOLATION;\r |
| | 1213 | }\r |
| | 1214 | }\r |
| | 1215 | //\r |
| | 1216 | // Verify the certificate in Data payload.\r |
| | 1217 | //\r |
| | 1218 | Status = VerifyCounterBasedPayload (Data, DataSize, PubKey);\r |
| | 1219 | if (EFI_ERROR (Status)) {\r |
| | 1220 | return Status;\r |
| | 1221 | }\r |
| | 1222 | \r |
| | 1223 | //\r |
| | 1224 | // Now, the signature has been verified!\r |
| | 1225 | //\r |
| | 1226 | if (IsFirstTime && !IsDeletion) {\r |
| | 1227 | //\r |
| | 1228 | // Update public key database variable if need.\r |
| | 1229 | //\r |
| | 1230 | KeyIndex = AddPubKeyInStore (PubKey);\r |
| | 1231 | if (KeyIndex == 0) {\r |
| | 1232 | return EFI_SECURITY_VIOLATION;\r |
| | 1233 | }\r |
| | 1234 | }\r |
| | 1235 | \r |
| | 1236 | //\r |
| | 1237 | // Verification pass.\r |
| | 1238 | //\r |
| | 1239 | return UpdateVariable (VariableName, VendorGuid, (UINT8*)Data + AUTHINFO_SIZE, DataSize - AUTHINFO_SIZE, Attributes, KeyIndex, MonotonicCount, Variable, NULL);\r |
| | 1240 | }\r |
| | 1241 | \r |
| | 1242 | /**\r |
| | 1243 | Merge two buffers which formatted as EFI_SIGNATURE_LIST. Only the new EFI_SIGNATURE_DATA\r |
| | 1244 | will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA\r |
| | 1245 | will be ignored.\r |
| | 1246 | \r |
| | 1247 | @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.\r |
| | 1248 | @param[in] DataSize Size of Data buffer.\r |
| | 1249 | @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.\r |
| | 1250 | @param[in] NewDataSize Size of NewData buffer.\r |
| | 1251 | \r |
| | 1252 | @return Size of the merged buffer.\r |
| | 1253 | \r |
| | 1254 | **/\r |
| | 1255 | UINTN\r |
| | 1256 | AppendSignatureList (\r |
| | 1257 | IN OUT VOID *Data,\r |
| | 1258 | IN UINTN DataSize,\r |
| | 1259 | IN VOID *NewData,\r |
| | 1260 | IN UINTN NewDataSize\r |
| | 1261 | )\r |
| | 1262 | {\r |
| | 1263 | EFI_SIGNATURE_LIST *CertList;\r |
| | 1264 | EFI_SIGNATURE_DATA *Cert;\r |
| | 1265 | UINTN CertCount;\r |
| | 1266 | EFI_SIGNATURE_LIST *NewCertList;\r |
| | 1267 | EFI_SIGNATURE_DATA *NewCert;\r |
| | 1268 | UINTN NewCertCount;\r |
| | 1269 | UINTN Index;\r |
| | 1270 | UINTN Index2;\r |
| | 1271 | UINTN Size;\r |
| | 1272 | UINT8 *Tail;\r |
| | 1273 | UINTN CopiedCount;\r |
| | 1274 | UINTN SignatureListSize;\r |
| | 1275 | BOOLEAN IsNewCert;\r |
| | 1276 | \r |
| | 1277 | Tail = (UINT8 *) Data + DataSize;\r |
| | 1278 | \r |
| | 1279 | NewCertList = (EFI_SIGNATURE_LIST *) NewData;\r |
| | 1280 | while ((NewDataSize > 0) && (NewDataSize >= NewCertList->SignatureListSize)) {\r |
| | 1281 | NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);\r |
| | 1282 | NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize;\r |
| | 1283 | \r |
| | 1284 | CopiedCount = 0;\r |
| | 1285 | for (Index = 0; Index < NewCertCount; Index++) {\r |
| | 1286 | IsNewCert = TRUE;\r |
| | 1287 | \r |
| | 1288 | Size = DataSize;\r |
| | 1289 | CertList = (EFI_SIGNATURE_LIST *) Data;\r |
| | 1290 | while ((Size > 0) && (Size >= CertList->SignatureListSize)) {\r |
| | 1291 | if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&\r |
| | 1292 | (CertList->SignatureSize == NewCertList->SignatureSize)) {\r |
| | 1293 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r |
| | 1294 | CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r |
| | 1295 | for (Index2 = 0; Index2 < CertCount; Index2++) {\r |
| | 1296 | //\r |
| | 1297 | // Iterate each Signature Data in this Signature List.\r |
| | 1298 | //\r |
| | 1299 | if (CompareMem (NewCert, Cert, CertList->SignatureSize) == 0) {\r |
| | 1300 | IsNewCert = FALSE;\r |
| | 1301 | break;\r |
| | 1302 | }\r |
| | 1303 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r |
| | 1304 | }\r |
| | 1305 | }\r |
| | 1306 | \r |
| | 1307 | if (!IsNewCert) {\r |
| | 1308 | break;\r |
| | 1309 | }\r |
| | 1310 | Size -= CertList->SignatureListSize;\r |
| | 1311 | CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r |
| | 1312 | }\r |
| | 1313 | \r |
| | 1314 | if (IsNewCert) {\r |
| | 1315 | //\r |
| | 1316 | // New EFI_SIGNATURE_DATA, append it.\r |
| | 1317 | //\r |
| | 1318 | if (CopiedCount == 0) {\r |
| | 1319 | //\r |
| | 1320 | // Copy EFI_SIGNATURE_LIST header for only once.\r |
| | 1321 | //\r |
| | 1322 | CopyMem (Tail, NewCertList, sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);\r |
| | 1323 | Tail = Tail + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize;\r |
| | 1324 | }\r |
| | 1325 | \r |
| | 1326 | CopyMem (Tail, NewCert, NewCertList->SignatureSize);\r |
| | 1327 | Tail += NewCertList->SignatureSize;\r |
| | 1328 | CopiedCount++;\r |
| | 1329 | }\r |
| | 1330 | \r |
| | 1331 | NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize);\r |
| | 1332 | }\r |
| | 1333 | \r |
| | 1334 | //\r |
| | 1335 | // Update SignatureListSize in newly appended EFI_SIGNATURE_LIST.\r |
| | 1336 | //\r |
| | 1337 | if (CopiedCount != 0) {\r |
| | 1338 | SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);\r |
| | 1339 | CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize);\r |
| | 1340 | CertList->SignatureListSize = (UINT32) SignatureListSize;\r |
| | 1341 | }\r |
| | 1342 | \r |
| | 1343 | NewDataSize -= NewCertList->SignatureListSize;\r |
| | 1344 | NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize);\r |
| | 1345 | }\r |
| | 1346 | \r |
| | 1347 | return (Tail - (UINT8 *) Data);\r |
| | 1348 | }\r |
| | 1349 | \r |
| | 1350 | /**\r |
| | 1351 | Compare two EFI_TIME data.\r |
| | 1352 | \r |
| | 1353 | \r |
| | 1354 | @param FirstTime A pointer to the first EFI_TIME data.\r |
| | 1355 | @param SecondTime A pointer to the second EFI_TIME data.\r |
| | 1356 | \r |
| | 1357 | @retval TRUE The FirstTime is not later than the SecondTime.\r |
| | 1358 | @retval FALSE The FirstTime is later than the SecondTime.\r |
| | 1359 | \r |
| | 1360 | **/\r |
| | 1361 | BOOLEAN\r |
| | 1362 | CompareTimeStamp (\r |
| | 1363 | IN EFI_TIME *FirstTime,\r |
| | 1364 | IN EFI_TIME *SecondTime\r |
| | 1365 | )\r |
| | 1366 | {\r |
| | 1367 | if (FirstTime->Year != SecondTime->Year) {\r |
| | 1368 | return (BOOLEAN) (FirstTime->Year < SecondTime->Year);\r |
| | 1369 | } else if (FirstTime->Month != SecondTime->Month) {\r |
| | 1370 | return (BOOLEAN) (FirstTime->Month < SecondTime->Month);\r |
| | 1371 | } else if (FirstTime->Day != SecondTime->Day) {\r |
| | 1372 | return (BOOLEAN) (FirstTime->Day < SecondTime->Day);\r |
| | 1373 | } else if (FirstTime->Hour != SecondTime->Hour) {\r |
| | 1374 | return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour);\r |
| | 1375 | } else if (FirstTime->Minute != SecondTime->Minute) {\r |
| | 1376 | return (BOOLEAN) (FirstTime->Minute < FirstTime->Minute);\r |
| | 1377 | }\r |
| | 1378 | \r |
| | 1379 | return (BOOLEAN) (FirstTime->Second <= SecondTime->Second);\r |
| | 1380 | }\r |
| | 1381 | \r |
| | 1382 | /**\r |
| | 1383 | Find matching signer's certificates for common authenticated variable\r |
| | 1384 | by corresponding VariableName and VendorGuid from "certdb".\r |
| | 1385 | \r |
| | 1386 | The data format of "certdb":\r |
| | 1387 | //\r |
| | 1388 | // UINT32 CertDbListSize;\r |
| | 1389 | // /// AUTH_CERT_DB_DATA Certs1[];\r |
| | 1390 | // /// AUTH_CERT_DB_DATA Certs2[];\r |
| | 1391 | // /// ...\r |
| | 1392 | // /// AUTH_CERT_DB_DATA Certsn[];\r |
| | 1393 | //\r |
| | 1394 | \r |
| | 1395 | @param[in] VariableName Name of authenticated Variable.\r |
| | 1396 | @param[in] VendorGuid Vendor GUID of authenticated Variable.\r |
| | 1397 | @param[in] Data Pointer to variable "certdb".\r |
| | 1398 | @param[in] DataSize Size of variable "certdb".\r |
| | 1399 | @param[out] CertOffset Offset of matching CertData, from starting of Data.\r |
| | 1400 | @param[out] CertDataSize Length of CertData in bytes.\r |
| | 1401 | @param[out] CertNodeOffset Offset of matching AUTH_CERT_DB_DATA , from\r |
| | 1402 | starting of Data.\r |
| | 1403 | @param[out] CertNodeSize Length of AUTH_CERT_DB_DATA in bytes.\r |
| | 1404 | \r |
| | 1405 | @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r |
| | 1406 | @retval EFI_NOT_FOUND Fail to find matching certs.\r |
| | 1407 | @retval EFI_SUCCESS Find matching certs and output parameters.\r |
| | 1408 | \r |
| | 1409 | **/\r |
| | 1410 | EFI_STATUS\r |
| | 1411 | FindCertsFromDb (\r |
| | 1412 | IN CHAR16 *VariableName,\r |
| | 1413 | IN EFI_GUID *VendorGuid,\r |
| | 1414 | IN UINT8 *Data,\r |
| | 1415 | IN UINTN DataSize,\r |
| | 1416 | OUT UINT32 *CertOffset, OPTIONAL\r |
| | 1417 | OUT UINT32 *CertDataSize, OPTIONAL\r |
| | 1418 | OUT UINT32 *CertNodeOffset,OPTIONAL\r |
| | 1419 | OUT UINT32 *CertNodeSize OPTIONAL\r |
| | 1420 | )\r |
| | 1421 | {\r |
| | 1422 | UINT32 Offset;\r |
| | 1423 | AUTH_CERT_DB_DATA *Ptr;\r |
| | 1424 | UINT32 CertSize;\r |
| | 1425 | UINT32 NameSize;\r |
| | 1426 | UINT32 NodeSize;\r |
| | 1427 | UINT32 CertDbListSize;\r |
| | 1428 | \r |
| | 1429 | if ((VariableName == NULL) || (VendorGuid == NULL) || (Data == NULL)) {\r |
| | 1430 | return EFI_INVALID_PARAMETER;\r |
| | 1431 | }\r |
| | 1432 | \r |
| | 1433 | //\r |
| | 1434 | // Check whether DataSize matches recorded CertDbListSize.\r |
| | 1435 | //\r |
| | 1436 | if (DataSize < sizeof (UINT32)) {\r |
| | 1437 | return EFI_INVALID_PARAMETER;\r |
| | 1438 | }\r |
| | 1439 | \r |
| | 1440 | CertDbListSize = ReadUnaligned32 ((UINT32 *) Data);\r |
| | 1441 | \r |
| | 1442 | if (CertDbListSize != (UINT32) DataSize) {\r |
| | 1443 | return EFI_INVALID_PARAMETER;\r |
| | 1444 | }\r |
| | 1445 | \r |
| | 1446 | Offset = sizeof (UINT32);\r |
| | 1447 | \r |
| | 1448 | //\r |
| | 1449 | // Get corresponding certificates by VendorGuid and VariableName.\r |
| | 1450 | //\r |
| | 1451 | while (Offset < (UINT32) DataSize) {\r |
| | 1452 | Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);\r |
| | 1453 | //\r |
| | 1454 | // Check whether VendorGuid matches.\r |
| | 1455 | //\r |
| | 1456 | if (CompareGuid (&Ptr->VendorGuid, VendorGuid)) {\r |
| | 1457 | NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);\r |
| | 1458 | NameSize = ReadUnaligned32 (&Ptr->NameSize);\r |
| | 1459 | CertSize = ReadUnaligned32 (&Ptr->CertDataSize);\r |
| | 1460 | \r |
| | 1461 | if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +\r |
| | 1462 | sizeof (CHAR16) * NameSize) {\r |
| | 1463 | return EFI_INVALID_PARAMETER;\r |
| | 1464 | }\r |
| | 1465 | \r |
| | 1466 | Offset = Offset + sizeof (EFI_GUID) + sizeof (UINT32) * 3;\r |
| | 1467 | //\r |
| | 1468 | // Check whether VariableName matches.\r |
| | 1469 | //\r |
| | 1470 | if ((NameSize == StrLen (VariableName)) && \r |
| | 1471 | (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {\r |
| | 1472 | Offset = Offset + NameSize * sizeof (CHAR16);\r |
| | 1473 | \r |
| | 1474 | if (CertOffset != NULL) {\r |
| | 1475 | *CertOffset = Offset;\r |
| | 1476 | }\r |
| | 1477 | \r |
| | 1478 | if (CertDataSize != NULL) {\r |
| | 1479 | *CertDataSize = CertSize; \r |
| | 1480 | }\r |
| | 1481 | \r |
| | 1482 | if (CertNodeOffset != NULL) {\r |
| | 1483 | *CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data);\r |
| | 1484 | }\r |
| | 1485 | \r |
| | 1486 | if (CertNodeSize != NULL) {\r |
| | 1487 | *CertNodeSize = NodeSize;\r |
| | 1488 | }\r |
| | 1489 | \r |
| | 1490 | return EFI_SUCCESS;\r |
| | 1491 | } else {\r |
| | 1492 | Offset = Offset + NameSize * sizeof (CHAR16) + CertSize;\r |
| | 1493 | }\r |
| | 1494 | } else {\r |
| | 1495 | NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);\r |
| | 1496 | Offset = Offset + NodeSize;\r |
| | 1497 | }\r |
| | 1498 | }\r |
| | 1499 | \r |
| | 1500 | return EFI_NOT_FOUND; \r |
| | 1501 | }\r |
| | 1502 | \r |
| | 1503 | /**\r |
| | 1504 | Retrieve signer's certificates for common authenticated variable\r |
| | 1505 | by corresponding VariableName and VendorGuid from "certdb".\r |
| | 1506 | \r |
| | 1507 | @param[in] VariableName Name of authenticated Variable.\r |
| | 1508 | @param[in] VendorGuid Vendor GUID of authenticated Variable.\r |
| | 1509 | @param[out] CertData Pointer to signer's certificates.\r |
| | 1510 | @param[out] CertDataSize Length of CertData in bytes.\r |
| | 1511 | \r |
| | 1512 | @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r |
| | 1513 | @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.\r |
| | 1514 | @retval EFI_SUCCESS Get signer's certificates successfully.\r |
| | 1515 | \r |
| | 1516 | **/\r |
| | 1517 | EFI_STATUS\r |
| | 1518 | GetCertsFromDb (\r |
| | 1519 | IN CHAR16 *VariableName,\r |
| | 1520 | IN EFI_GUID *VendorGuid,\r |
| | 1521 | OUT UINT8 **CertData,\r |
| | 1522 | OUT UINT32 *CertDataSize\r |
| | 1523 | )\r |
| | 1524 | {\r |
| | 1525 | VARIABLE_POINTER_TRACK CertDbVariable;\r |
| | 1526 | EFI_STATUS Status;\r |
| | 1527 | UINT8 *Data;\r |
| | 1528 | UINTN DataSize;\r |
| | 1529 | UINT32 CertOffset;\r |
| | 1530 | \r |
| | 1531 | if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL) || (CertDataSize == NULL)) {\r |
| | 1532 | return EFI_INVALID_PARAMETER;\r |
| | 1533 | }\r |
| | 1534 | \r |
| | 1535 | //\r |
| | 1536 | // Get variable "certdb".\r |
| | 1537 | //\r |
| | 1538 | Status = FindVariable (\r |
| | 1539 | EFI_CERT_DB_NAME,\r |
| | 1540 | &gEfiCertDbGuid,\r |
| | 1541 | &CertDbVariable,\r |
| | 1542 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 1543 | FALSE\r |
| | 1544 | ); \r |
| | 1545 | if (EFI_ERROR (Status)) {\r |
| | 1546 | return Status;\r |
| | 1547 | }\r |
| | 1548 | \r |
| | 1549 | DataSize = DataSizeOfVariable (CertDbVariable.CurrPtr);\r |
| | 1550 | Data = GetVariableDataPtr (CertDbVariable.CurrPtr);\r |
| | 1551 | if ((DataSize == 0) || (Data == NULL)) {\r |
| | 1552 | ASSERT (FALSE);\r |
| | 1553 | return EFI_NOT_FOUND;\r |
| | 1554 | }\r |
| | 1555 | \r |
| | 1556 | Status = FindCertsFromDb (\r |
| | 1557 | VariableName,\r |
| | 1558 | VendorGuid,\r |
| | 1559 | Data,\r |
| | 1560 | DataSize,\r |
| | 1561 | &CertOffset,\r |
| | 1562 | CertDataSize,\r |
| | 1563 | NULL,\r |
| | 1564 | NULL\r |
| | 1565 | );\r |
| | 1566 | \r |
| | 1567 | if (EFI_ERROR (Status)) {\r |
| | 1568 | return Status;\r |
| | 1569 | }\r |
| | 1570 | \r |
| | 1571 | *CertData = Data + CertOffset;\r |
| | 1572 | return EFI_SUCCESS;\r |
| | 1573 | }\r |
| | 1574 | \r |
| | 1575 | /**\r |
| | 1576 | Delete matching signer's certificates when deleting common authenticated\r |
| | 1577 | variable by corresponding VariableName and VendorGuid from "certdb".\r |
| | 1578 | \r |
| | 1579 | @param[in] VariableName Name of authenticated Variable.\r |
| | 1580 | @param[in] VendorGuid Vendor GUID of authenticated Variable.\r |
| | 1581 | \r |
| | 1582 | @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r |
| | 1583 | @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.\r |
| | 1584 | @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r |
| | 1585 | @retval EFI_SUCCESS The operation is completed successfully.\r |
| | 1586 | \r |
| | 1587 | **/\r |
| | 1588 | EFI_STATUS\r |
| | 1589 | DeleteCertsFromDb (\r |
| | 1590 | IN CHAR16 *VariableName,\r |
| | 1591 | IN EFI_GUID *VendorGuid\r |
| | 1592 | )\r |
| | 1593 | {\r |
| | 1594 | VARIABLE_POINTER_TRACK CertDbVariable;\r |
| | 1595 | EFI_STATUS Status;\r |
| | 1596 | UINT8 *Data;\r |
| | 1597 | UINTN DataSize;\r |
| | 1598 | UINT32 VarAttr;\r |
| | 1599 | UINT32 CertNodeOffset;\r |
| | 1600 | UINT32 CertNodeSize;\r |
| | 1601 | UINT8 *NewCertDb;\r |
| | 1602 | UINT32 NewCertDbSize;\r |
| | 1603 | \r |
| | 1604 | if ((VariableName == NULL) || (VendorGuid == NULL)) {\r |
| | 1605 | return EFI_INVALID_PARAMETER;\r |
| | 1606 | }\r |
| | 1607 | \r |
| | 1608 | //\r |
| | 1609 | // Get variable "certdb".\r |
| | 1610 | //\r |
| | 1611 | Status = FindVariable (\r |
| | 1612 | EFI_CERT_DB_NAME,\r |
| | 1613 | &gEfiCertDbGuid,\r |
| | 1614 | &CertDbVariable,\r |
| | 1615 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 1616 | FALSE\r |
| | 1617 | ); \r |
| | 1618 | if (EFI_ERROR (Status)) {\r |
| | 1619 | return Status;\r |
| | 1620 | }\r |
| | 1621 | \r |
| | 1622 | DataSize = DataSizeOfVariable (CertDbVariable.CurrPtr);\r |
| | 1623 | Data = GetVariableDataPtr (CertDbVariable.CurrPtr);\r |
| | 1624 | if ((DataSize == 0) || (Data == NULL)) {\r |
| | 1625 | ASSERT (FALSE);\r |
| | 1626 | return EFI_NOT_FOUND;\r |
| | 1627 | }\r |
| | 1628 | \r |
| | 1629 | if (DataSize == sizeof (UINT32)) {\r |
| | 1630 | //\r |
| | 1631 | // There is no certs in certdb.\r |
| | 1632 | //\r |
| | 1633 | return EFI_SUCCESS;\r |
| | 1634 | }\r |
| | 1635 | \r |
| | 1636 | //\r |
| | 1637 | // Get corresponding cert node from certdb.\r |
| | 1638 | //\r |
| | 1639 | Status = FindCertsFromDb (\r |
| | 1640 | VariableName,\r |
| | 1641 | VendorGuid,\r |
| | 1642 | Data,\r |
| | 1643 | DataSize,\r |
| | 1644 | NULL,\r |
| | 1645 | NULL,\r |
| | 1646 | &CertNodeOffset,\r |
| | 1647 | &CertNodeSize\r |
| | 1648 | );\r |
| | 1649 | \r |
| | 1650 | if (EFI_ERROR (Status)) {\r |
| | 1651 | return Status;\r |
| | 1652 | }\r |
| | 1653 | \r |
| | 1654 | if (DataSize < (CertNodeOffset + CertNodeSize)) {\r |
| | 1655 | return EFI_NOT_FOUND;\r |
| | 1656 | }\r |
| | 1657 | \r |
| | 1658 | //\r |
| | 1659 | // Construct new data content of variable "certdb".\r |
| | 1660 | //\r |
| | 1661 | NewCertDbSize = (UINT32) DataSize - CertNodeSize;\r |
| | 1662 | NewCertDb = AllocateZeroPool (NewCertDbSize);\r |
| | 1663 | if (NewCertDb == NULL) {\r |
| | 1664 | return EFI_OUT_OF_RESOURCES;\r |
| | 1665 | }\r |
| | 1666 | \r |
| | 1667 | //\r |
| | 1668 | // Copy the DB entries before deleting node.\r |
| | 1669 | //\r |
| | 1670 | CopyMem (NewCertDb, Data, CertNodeOffset);\r |
| | 1671 | //\r |
| | 1672 | // Update CertDbListSize.\r |
| | 1673 | //\r |
| | 1674 | CopyMem (NewCertDb, &NewCertDbSize, sizeof (UINT32));\r |
| | 1675 | //\r |
| | 1676 | // Copy the DB entries after deleting node.\r |
| | 1677 | //\r |
| | 1678 | if (DataSize > (CertNodeOffset + CertNodeSize)) {\r |
| | 1679 | CopyMem (\r |
| | 1680 | NewCertDb + CertNodeOffset,\r |
| | 1681 | Data + CertNodeOffset + CertNodeSize,\r |
| | 1682 | DataSize - CertNodeOffset - CertNodeSize\r |
| | 1683 | );\r |
| | 1684 | }\r |
| | 1685 | \r |
| | 1686 | //\r |
| | 1687 | // Set "certdb".\r |
| | 1688 | // \r |
| | 1689 | VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; \r |
| | 1690 | Status = UpdateVariable (\r |
| | 1691 | EFI_CERT_DB_NAME,\r |
| | 1692 | &gEfiCertDbGuid,\r |
| | 1693 | NewCertDb,\r |
| | 1694 | NewCertDbSize,\r |
| | 1695 | VarAttr,\r |
| | 1696 | 0,\r |
| | 1697 | 0,\r |
| | 1698 | &CertDbVariable,\r |
| | 1699 | NULL\r |
| | 1700 | );\r |
| | 1701 | \r |
| | 1702 | FreePool (NewCertDb);\r |
| | 1703 | return Status;\r |
| | 1704 | }\r |
| | 1705 | \r |
| | 1706 | /**\r |
| | 1707 | Insert signer's certificates for common authenticated variable with VariableName\r |
| | 1708 | and VendorGuid in AUTH_CERT_DB_DATA to "certdb".\r |
| | 1709 | \r |
| | 1710 | @param[in] VariableName Name of authenticated Variable.\r |
| | 1711 | @param[in] VendorGuid Vendor GUID of authenticated Variable.\r |
| | 1712 | @param[in] CertData Pointer to signer's certificates.\r |
| | 1713 | @param[in] CertDataSize Length of CertData in bytes.\r |
| | 1714 | \r |
| | 1715 | @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r |
| | 1716 | @retval EFI_ACCESS_DENIED An AUTH_CERT_DB_DATA entry with same VariableName\r |
| | 1717 | and VendorGuid already exists.\r |
| | 1718 | @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r |
| | 1719 | @retval EFI_SUCCESS Insert an AUTH_CERT_DB_DATA entry to "certdb"\r |
| | 1720 | \r |
| | 1721 | **/\r |
| | 1722 | EFI_STATUS\r |
| | 1723 | InsertCertsToDb (\r |
| | 1724 | IN CHAR16 *VariableName,\r |
| | 1725 | IN EFI_GUID *VendorGuid,\r |
| | 1726 | IN UINT8 *CertData,\r |
| | 1727 | IN UINTN CertDataSize\r |
| | 1728 | )\r |
| | 1729 | {\r |
| | 1730 | VARIABLE_POINTER_TRACK CertDbVariable;\r |
| | 1731 | EFI_STATUS Status;\r |
| | 1732 | UINT8 *Data;\r |
| | 1733 | UINTN DataSize;\r |
| | 1734 | UINT32 VarAttr;\r |
| | 1735 | UINT8 *NewCertDb;\r |
| | 1736 | UINT32 NewCertDbSize;\r |
| | 1737 | UINT32 CertNodeSize;\r |
| | 1738 | UINT32 NameSize;\r |
| | 1739 | AUTH_CERT_DB_DATA *Ptr;\r |
| | 1740 | \r |
| | 1741 | if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL)) {\r |
| | 1742 | return EFI_INVALID_PARAMETER;\r |
| | 1743 | }\r |
| | 1744 | \r |
| | 1745 | //\r |
| | 1746 | // Get variable "certdb".\r |
| | 1747 | //\r |
| | 1748 | Status = FindVariable (\r |
| | 1749 | EFI_CERT_DB_NAME,\r |
| | 1750 | &gEfiCertDbGuid,\r |
| | 1751 | &CertDbVariable,\r |
| | 1752 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 1753 | FALSE\r |
| | 1754 | ); \r |
| | 1755 | if (EFI_ERROR (Status)) {\r |
| | 1756 | return Status;\r |
| | 1757 | }\r |
| | 1758 | \r |
| | 1759 | DataSize = DataSizeOfVariable (CertDbVariable.CurrPtr);\r |
| | 1760 | Data = GetVariableDataPtr (CertDbVariable.CurrPtr);\r |
| | 1761 | if ((DataSize == 0) || (Data == NULL)) {\r |
| | 1762 | ASSERT (FALSE);\r |
| | 1763 | return EFI_NOT_FOUND;\r |
| | 1764 | }\r |
| | 1765 | \r |
| | 1766 | //\r |
| | 1767 | // Find whether matching cert node already exists in "certdb".\r |
| | 1768 | // If yes return error.\r |
| | 1769 | //\r |
| | 1770 | Status = FindCertsFromDb (\r |
| | 1771 | VariableName,\r |
| | 1772 | VendorGuid,\r |
| | 1773 | Data,\r |
| | 1774 | DataSize,\r |
| | 1775 | NULL,\r |
| | 1776 | NULL,\r |
| | 1777 | NULL,\r |
| | 1778 | NULL\r |
| | 1779 | );\r |
| | 1780 | \r |
| | 1781 | if (!EFI_ERROR (Status)) {\r |
| | 1782 | ASSERT (FALSE);\r |
| | 1783 | return EFI_ACCESS_DENIED;\r |
| | 1784 | }\r |
| | 1785 | \r |
| | 1786 | //\r |
| | 1787 | // Construct new data content of variable "certdb".\r |
| | 1788 | //\r |
| | 1789 | NameSize = (UINT32) StrLen (VariableName);\r |
| | 1790 | CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); \r |
| | 1791 | NewCertDbSize = (UINT32) DataSize + CertNodeSize; \r |
| | 1792 | NewCertDb = AllocateZeroPool (NewCertDbSize);\r |
| | 1793 | if (NewCertDb == NULL) {\r |
| | 1794 | return EFI_OUT_OF_RESOURCES;\r |
| | 1795 | }\r |
| | 1796 | \r |
| | 1797 | //\r |
| | 1798 | // Copy the DB entries before deleting node.\r |
| | 1799 | //\r |
| | 1800 | CopyMem (NewCertDb, Data, DataSize);\r |
| | 1801 | //\r |
| | 1802 | // Update CertDbListSize.\r |
| | 1803 | //\r |
| | 1804 | CopyMem (NewCertDb, &NewCertDbSize, sizeof (UINT32));\r |
| | 1805 | //\r |
| | 1806 | // Construct new cert node.\r |
| | 1807 | //\r |
| | 1808 | Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize);\r |
| | 1809 | CopyGuid (&Ptr->VendorGuid, VendorGuid);\r |
| | 1810 | CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32));\r |
| | 1811 | CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32));\r |
| | 1812 | CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32));\r |
| | 1813 | \r |
| | 1814 | CopyMem (\r |
| | 1815 | (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA),\r |
| | 1816 | VariableName,\r |
| | 1817 | NameSize * sizeof (CHAR16)\r |
| | 1818 | );\r |
| | 1819 | \r |
| | 1820 | CopyMem (\r |
| | 1821 | (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),\r |
| | 1822 | CertData,\r |
| | 1823 | CertDataSize\r |
| | 1824 | );\r |
| | 1825 | \r |
| | 1826 | //\r |
| | 1827 | // Set "certdb".\r |
| | 1828 | // \r |
| | 1829 | VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; \r |
| | 1830 | Status = UpdateVariable (\r |
| | 1831 | EFI_CERT_DB_NAME,\r |
| | 1832 | &gEfiCertDbGuid,\r |
| | 1833 | NewCertDb,\r |
| | 1834 | NewCertDbSize,\r |
| | 1835 | VarAttr,\r |
| | 1836 | 0,\r |
| | 1837 | 0,\r |
| | 1838 | &CertDbVariable,\r |
| | 1839 | NULL\r |
| | 1840 | );\r |
| | 1841 | \r |
| | 1842 | FreePool (NewCertDb);\r |
| | 1843 | return Status;\r |
| | 1844 | }\r |
| | 1845 | \r |
| | 1846 | /**\r |
| | 1847 | Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r |
| | 1848 | \r |
| | 1849 | Caution: This function may receive untrusted input.\r |
| | 1850 | This function may be invoked in SMM mode, and datasize and data are external input.\r |
| | 1851 | This function will do basic validation, before parse the data.\r |
| | 1852 | This function will parse the authentication carefully to avoid security issues, like\r |
| | 1853 | buffer overflow, integer overflow.\r |
| | 1854 | \r |
| | 1855 | @param[in] VariableName Name of Variable to be found.\r |
| | 1856 | @param[in] VendorGuid Variable vendor GUID.\r |
| | 1857 | @param[in] Data Data pointer.\r |
| | 1858 | @param[in] DataSize Size of Data found. If size is less than the\r |
| | 1859 | data, this value contains the required size.\r |
| | 1860 | @param[in] Variable The variable information which is used to keep track of variable usage.\r |
| | 1861 | @param[in] Attributes Attribute value of the variable.\r |
| | 1862 | @param[in] AuthVarType Verify against PK or KEK database or private database.\r |
| | 1863 | @param[out] VarDel Delete the variable or not.\r |
| | 1864 | \r |
| | 1865 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r |
| | 1866 | @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r |
| | 1867 | check carried out by the firmware.\r |
| | 1868 | @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack\r |
| | 1869 | of resources.\r |
| | 1870 | @retval EFI_SUCCESS Variable pass validation successfully.\r |
| | 1871 | \r |
| | 1872 | **/\r |
| | 1873 | EFI_STATUS\r |
| | 1874 | VerifyTimeBasedPayload (\r |
| | 1875 | IN CHAR16 *VariableName,\r |
| | 1876 | IN EFI_GUID *VendorGuid,\r |
| | 1877 | IN VOID *Data,\r |
| | 1878 | IN UINTN DataSize,\r |
| | 1879 | IN VARIABLE_POINTER_TRACK *Variable,\r |
| | 1880 | IN UINT32 Attributes,\r |
| | 1881 | IN AUTHVAR_TYPE AuthVarType,\r |
| | 1882 | OUT BOOLEAN *VarDel\r |
| | 1883 | )\r |
| | 1884 | {\r |
| | 1885 | UINT8 *RootCert;\r |
| | 1886 | UINT8 *SigData;\r |
| | 1887 | UINT8 *PayloadPtr;\r |
| | 1888 | UINTN RootCertSize;\r |
| | 1889 | UINTN Index;\r |
| | 1890 | UINTN CertCount;\r |
| | 1891 | UINTN PayloadSize;\r |
| | 1892 | UINT32 Attr;\r |
| | 1893 | UINT32 SigDataSize;\r |
| | 1894 | UINT32 KekDataSize;\r |
| | 1895 | BOOLEAN VerifyStatus;\r |
| | 1896 | EFI_STATUS Status;\r |
| | 1897 | EFI_SIGNATURE_LIST *CertList;\r |
| | 1898 | EFI_SIGNATURE_DATA *Cert;\r |
| | 1899 | VARIABLE_POINTER_TRACK KekVariable;\r |
| | 1900 | EFI_VARIABLE_AUTHENTICATION_2 *CertData;\r |
| | 1901 | UINT8 *NewData;\r |
| | 1902 | UINTN NewDataSize;\r |
| | 1903 | VARIABLE_POINTER_TRACK PkVariable;\r |
| | 1904 | UINT8 *Buffer;\r |
| | 1905 | UINTN Length;\r |
| | 1906 | UINT8 *SignerCerts;\r |
| | 1907 | UINT8 *WrapSigData;\r |
| | 1908 | UINTN CertStackSize;\r |
| | 1909 | UINT8 *CertsInCertDb;\r |
| | 1910 | UINT32 CertsSizeinDb;\r |
| | 1911 | \r |
| | 1912 | VerifyStatus = FALSE;\r |
| | 1913 | CertData = NULL;\r |
| | 1914 | NewData = NULL;\r |
| | 1915 | Attr = Attributes;\r |
| | 1916 | WrapSigData = NULL;\r |
| | 1917 | SignerCerts = NULL;\r |
| | 1918 | RootCert = NULL;\r |
| | 1919 | \r |
| | 1920 | //\r |
| | 1921 | // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is\r |
| | 1922 | // set, then the Data buffer shall begin with an instance of a complete (and serialized)\r |
| | 1923 | // EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be followed by the new\r |
| | 1924 | // variable value and DataSize shall reflect the combined size of the descriptor and the new\r |
| | 1925 | // variable value. The authentication descriptor is not part of the variable data and is not\r |
| | 1926 | // returned by subsequent calls to GetVariable().\r |
| | 1927 | //\r |
| | 1928 | CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;\r |
| | 1929 | \r |
| | 1930 | //\r |
| | 1931 | // Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the\r |
| | 1932 | // TimeStamp value are set to zero.\r |
| | 1933 | //\r |
| | 1934 | if ((CertData->TimeStamp.Pad1 != 0) ||\r |
| | 1935 | (CertData->TimeStamp.Nanosecond != 0) ||\r |
| | 1936 | (CertData->TimeStamp.TimeZone != 0) ||\r |
| | 1937 | (CertData->TimeStamp.Daylight != 0) ||\r |
| | 1938 | (CertData->TimeStamp.Pad2 != 0)) {\r |
| | 1939 | return EFI_SECURITY_VIOLATION;\r |
| | 1940 | }\r |
| | 1941 | \r |
| | 1942 | if ((Variable->CurrPtr != NULL) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {\r |
| | 1943 | if (CompareTimeStamp (&CertData->TimeStamp, &Variable->CurrPtr->TimeStamp)) {\r |
| | 1944 | //\r |
| | 1945 | // TimeStamp check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.\r |
| | 1946 | //\r |
| | 1947 | return EFI_SECURITY_VIOLATION;\r |
| | 1948 | }\r |
| | 1949 | }\r |
| | 1950 | \r |
| | 1951 | //\r |
| | 1952 | // wCertificateType should be WIN_CERT_TYPE_EFI_GUID.\r |
| | 1953 | // Cert type should be EFI_CERT_TYPE_PKCS7_GUID.\r |
| | 1954 | //\r |
| | 1955 | if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||\r |
| | 1956 | !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) {\r |
| | 1957 | //\r |
| | 1958 | // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.\r |
| | 1959 | //\r |
| | 1960 | return EFI_SECURITY_VIOLATION;\r |
| | 1961 | }\r |
| | 1962 | \r |
| | 1963 | //\r |
| | 1964 | // Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor.\r |
| | 1965 | // AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.\r |
| | 1966 | //\r |
| | 1967 | SigData = CertData->AuthInfo.CertData;\r |
| | 1968 | SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));\r |
| | 1969 | \r |
| | 1970 | //\r |
| | 1971 | // Find out the new data payload which follows Pkcs7 SignedData directly.\r |
| | 1972 | //\r |
| | 1973 | PayloadPtr = SigData + SigDataSize;\r |
| | 1974 | PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;\r |
| | 1975 | \r |
| | 1976 | //\r |
| | 1977 | // Construct a buffer to fill with (VariableName, VendorGuid, Attributes, TimeStamp, Data).\r |
| | 1978 | //\r |
| | 1979 | NewDataSize = PayloadSize + sizeof (EFI_TIME) + sizeof (UINT32) +\r |
| | 1980 | sizeof (EFI_GUID) + StrSize (VariableName) - sizeof (CHAR16);\r |
| | 1981 | NewData = mSerializationRuntimeBuffer;\r |
| | 1982 | \r |
| | 1983 | Buffer = NewData;\r |
| | 1984 | Length = StrLen (VariableName) * sizeof (CHAR16);\r |
| | 1985 | CopyMem (Buffer, VariableName, Length);\r |
| | 1986 | Buffer += Length;\r |
| | 1987 | \r |
| | 1988 | Length = sizeof (EFI_GUID);\r |
| | 1989 | CopyMem (Buffer, VendorGuid, Length);\r |
| | 1990 | Buffer += Length;\r |
| | 1991 | \r |
| | 1992 | Length = sizeof (UINT32);\r |
| | 1993 | CopyMem (Buffer, &Attr, Length);\r |
| | 1994 | Buffer += Length;\r |
| | 1995 | \r |
| | 1996 | Length = sizeof (EFI_TIME);\r |
| | 1997 | CopyMem (Buffer, &CertData->TimeStamp, Length);\r |
| | 1998 | Buffer += Length;\r |
| | 1999 | \r |
| | 2000 | CopyMem (Buffer, PayloadPtr, PayloadSize);\r |
| | 2001 | \r |
| | 2002 | if (AuthVarType == AuthVarTypePk) {\r |
| | 2003 | //\r |
| | 2004 | // Get platform key from variable.\r |
| | 2005 | //\r |
| | 2006 | Status = FindVariable (\r |
| | 2007 | EFI_PLATFORM_KEY_NAME,\r |
| | 2008 | &gEfiGlobalVariableGuid,\r |
| | 2009 | &PkVariable,\r |
| | 2010 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 2011 | FALSE\r |
| | 2012 | );\r |
| | 2013 | if (EFI_ERROR (Status)) {\r |
| | 2014 | return Status;\r |
| | 2015 | }\r |
| | 2016 | \r |
| | 2017 | CertList = (EFI_SIGNATURE_LIST *) GetVariableDataPtr (PkVariable.CurrPtr);\r |
| | 2018 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r |
| | 2019 | RootCert = Cert->SignatureData;\r |
| | 2020 | RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);\r |
| | 2021 | \r |
| | 2022 | \r |
| | 2023 | //\r |
| | 2024 | // Verify Pkcs7 SignedData via Pkcs7Verify library.\r |
| | 2025 | //\r |
| | 2026 | VerifyStatus = Pkcs7Verify (\r |
| | 2027 | SigData,\r |
| | 2028 | SigDataSize,\r |
| | 2029 | RootCert,\r |
| | 2030 | RootCertSize,\r |
| | 2031 | NewData,\r |
| | 2032 | NewDataSize\r |
| | 2033 | );\r |
| | 2034 | \r |
| | 2035 | } else if (AuthVarType == AuthVarTypeKek) {\r |
| | 2036 | \r |
| | 2037 | //\r |
| | 2038 | // Get KEK database from variable.\r |
| | 2039 | //\r |
| | 2040 | Status = FindVariable (\r |
| | 2041 | EFI_KEY_EXCHANGE_KEY_NAME,\r |
| | 2042 | &gEfiGlobalVariableGuid,\r |
| | 2043 | &KekVariable,\r |
| | 2044 | &mVariableModuleGlobal->VariableGlobal,\r |
| | 2045 | FALSE\r |
| | 2046 | );\r |
| | 2047 | if (EFI_ERROR (Status)) {\r |
| | 2048 | return Status;\r |
| | 2049 | }\r |
| | 2050 | \r |
| | 2051 | //\r |
| | 2052 | // Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList.\r |
| | 2053 | //\r |
| | 2054 | KekDataSize = KekVariable.CurrPtr->DataSize;\r |
| | 2055 | CertList = (EFI_SIGNATURE_LIST *) GetVariableDataPtr (KekVariable.CurrPtr);\r |
| | 2056 | while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {\r |
| | 2057 | if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r |
| | 2058 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r |
| | 2059 | CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r |
| | 2060 | for (Index = 0; Index < CertCount; Index++) {\r |
| | 2061 | //\r |
| | 2062 | // Iterate each Signature Data Node within this CertList for a verify\r |
| | 2063 | //\r |
| | 2064 | RootCert = Cert->SignatureData;\r |
| | 2065 | RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);\r |
| | 2066 | \r |
| | 2067 | //\r |
| | 2068 | // Verify Pkcs7 SignedData via Pkcs7Verify library.\r |
| | 2069 | //\r |
| | 2070 | VerifyStatus = Pkcs7Verify (\r |
| | 2071 | SigData,\r |
| | 2072 | SigDataSize,\r |
| | 2073 | RootCert,\r |
| | 2074 | RootCertSize,\r |
| | 2075 | NewData,\r |
| | 2076 | NewDataSize\r |
| | 2077 | );\r |
| | 2078 | if (VerifyStatus) {\r |
| | 2079 | goto Exit;\r |
| | 2080 | }\r |
| | 2081 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r |
| | 2082 | }\r |
| | 2083 | }\r |
| | 2084 | KekDataSize -= CertList->SignatureListSize;\r |
| | 2085 | CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r |
| | 2086 | }\r |
| | 2087 | } else if (AuthVarType == AuthVarTypePriv) {\r |
| | 2088 | \r |
| | 2089 | //\r |
| | 2090 | // Process common authenticated variable except PK/KEK/DB/DBX.\r |
| | 2091 | // Get signer's certificates from SignedData.\r |
| | 2092 | //\r |
| | 2093 | VerifyStatus = Pkcs7GetSigners (\r |
| | 2094 | SigData,\r |
| | 2095 | SigDataSize,\r |
| | 2096 | &SignerCerts,\r |
| | 2097 | &CertStackSize,\r |
| | 2098 | &RootCert,\r |
| | 2099 | &RootCertSize\r |
| | 2100 | );\r |
| | 2101 | if (!VerifyStatus) {\r |
| | 2102 | goto Exit;\r |
| | 2103 | }\r |
| | 2104 | \r |
| | 2105 | //\r |
| | 2106 | // Get previously stored signer's certificates from certdb for existing\r |
| | 2107 | // variable. Check whether they are identical with signer's certificates\r |
| | 2108 | // in SignedData. If not, return error immediately.\r |
| | 2109 | //\r |
| | 2110 | if ((Variable->CurrPtr != NULL)) {\r |
| | 2111 | VerifyStatus = FALSE;\r |
| | 2112 | \r |
| | 2113 | Status = GetCertsFromDb (VariableName, VendorGuid, &CertsInCertDb, &CertsSizeinDb);\r |
| | 2114 | if (EFI_ERROR (Status)) {\r |
| | 2115 | goto Exit;\r |
| | 2116 | }\r |
| | 2117 | \r |
| | 2118 | if ((CertStackSize != CertsSizeinDb) ||\r |
| | 2119 | (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {\r |
| | 2120 | goto Exit;\r |
| | 2121 | }\r |
| | 2122 | }\r |
| | 2123 | \r |
| | 2124 | VerifyStatus = Pkcs7Verify (\r |
| | 2125 | SigData,\r |
| | 2126 | SigDataSize,\r |
| | 2127 | RootCert,\r |
| | 2128 | RootCertSize,\r |
| | 2129 | NewData,\r |
| | 2130 | NewDataSize\r |
| | 2131 | );\r |
| | 2132 | if (!VerifyStatus) {\r |
| | 2133 | goto Exit;\r |
| | 2134 | }\r |
| | 2135 | \r |
| | 2136 | //\r |
| | 2137 | // Delete signer's certificates when delete the common authenticated variable.\r |
| | 2138 | //\r |
| | 2139 | if ((PayloadSize == 0) && (Variable->CurrPtr != NULL)) {\r |
| | 2140 | Status = DeleteCertsFromDb (VariableName, VendorGuid);\r |
| | 2141 | if (EFI_ERROR (Status)) {\r |
| | 2142 | VerifyStatus = FALSE;\r |
| | 2143 | goto Exit;\r |
| | 2144 | }\r |
| | 2145 | } else if (Variable->CurrPtr == NULL) {\r |
| | 2146 | //\r |
| | 2147 | // Insert signer's certificates when adding a new common authenticated variable.\r |
| | 2148 | //\r |
| | 2149 | Status = InsertCertsToDb (VariableName, VendorGuid, SignerCerts, CertStackSize);\r |
| | 2150 | if (EFI_ERROR (Status)) {\r |
| | 2151 | VerifyStatus = FALSE;\r |
| | 2152 | goto Exit;\r |
| | 2153 | }\r |
| | 2154 | }\r |
| | 2155 | } else {\r |
| | 2156 | return EFI_SECURITY_VIOLATION;\r |
| | 2157 | }\r |
| | 2158 | \r |
| | 2159 | Exit:\r |
| | 2160 | \r |
| | 2161 | if (AuthVarType == AuthVarTypePriv) {\r |
| | 2162 | Pkcs7FreeSigners (RootCert);\r |
| | 2163 | Pkcs7FreeSigners (SignerCerts);\r |
| | 2164 | }\r |
| | 2165 | \r |
| | 2166 | if (!VerifyStatus) {\r |
| | 2167 | return EFI_SECURITY_VIOLATION;\r |
| | 2168 | }\r |
| | 2169 | \r |
| | 2170 | Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize);\r |
| | 2171 | if (EFI_ERROR (Status)) {\r |
| | 2172 | return Status;\r |
| | 2173 | }\r |
| | 2174 | \r |
| | 2175 | if ((PayloadSize == 0) && (VarDel != NULL)) {\r |
| | 2176 | *VarDel = TRUE;\r |
| | 2177 | }\r |
| | 2178 | \r |
| | 2179 | //\r |
| | 2180 | // Final step: Update/Append Variable if it pass Pkcs7Verify\r |
| | 2181 | //\r |
| | 2182 | return UpdateVariable (\r |
| | 2183 | VariableName,\r |
| | 2184 | VendorGuid,\r |
| | 2185 | PayloadPtr,\r |
| | 2186 | PayloadSize,\r |
| | 2187 | Attributes,\r |
| | 2188 | 0,\r |
| | 2189 | 0,\r |
| | 2190 | Variable,\r |
| | 2191 | &CertData->TimeStamp\r |
| | 2192 | );\r |
| | 2193 | }\r |
| | 2194 | \r |
projects / mirror_edk2.git / blame_incremental