]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg: AuthVariableLib: Cache UserPhysicalPresent in AuthVariableLib
[mirror_edk2.git] / SecurityPkg / Library / AuthVariableLib / AuthVariableLib.c
1 /** @file
2 Implement authentication services for the authenticated variables.
3
4 Caution: This module requires additional review when modified.
5 This driver will have external input - variable data. It may be input in SMM mode.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
8 Variable attribute should also be checked to avoid authentication bypass.
9 The whole SMM authentication variable design relies on the integrity of flash part and SMM.
10 which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
11 may not be modified without authorization. If platform fails to protect these resources,
12 the authentication service provided in this driver will be broken, and the behavior is undefined.
13
14 Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
15 This program and the accompanying materials
16 are licensed and made available under the terms and conditions of the BSD License
17 which accompanies this distribution. The full text of the license may be found at
18 http://opensource.org/licenses/bsd-license.php
19
20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
21 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
22
23 **/
24
25 #include "AuthServiceInternal.h"
26
27 ///
28 /// Global database array for scratch
29 ///
30 UINT8 *mPubKeyStore;
31 UINT32 mPubKeyNumber;
32 UINT32 mMaxKeyNumber;
33 UINT32 mMaxKeyDbSize;
34 UINT8 *mCertDbStore;
35 UINT32 mMaxCertDbSize;
36 UINT32 mPlatformMode;
37 UINT8 mVendorKeyState;
38 BOOLEAN mUserPhysicalPresent;
39
40 EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
41
42 //
43 // Hash context pointer
44 //
45 VOID *mHashCtx = NULL;
46
47 VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
48 {
49 &gEfiSecureBootEnableDisableGuid,
50 EFI_SECURE_BOOT_ENABLE_NAME,
51 {
52 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
53 0,
54 VARIABLE_ATTRIBUTE_NV_BS,
55 sizeof (UINT8),
56 sizeof (UINT8)
57 }
58 },
59 {
60 &gEfiCustomModeEnableGuid,
61 EFI_CUSTOM_MODE_NAME,
62 {
63 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
64 0,
65 VARIABLE_ATTRIBUTE_NV_BS,
66 sizeof (UINT8),
67 sizeof (UINT8)
68 }
69 },
70 {
71 &gEfiVendorKeysNvGuid,
72 EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
73 {
74 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
75 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
76 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
77 sizeof (UINT8),
78 sizeof (UINT8)
79 }
80 },
81 {
82 &gEfiAuthenticatedVariableGuid,
83 AUTHVAR_KEYDB_NAME,
84 {
85 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
86 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
87 VARIABLE_ATTRIBUTE_NV_BS_RT_AW,
88 sizeof (UINT8),
89 MAX_UINTN
90 }
91 },
92 {
93 &gEfiCertDbGuid,
94 EFI_CERT_DB_NAME,
95 {
96 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
97 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
98 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
99 sizeof (UINT32),
100 MAX_UINTN
101 }
102 },
103 {
104 &gEfiCertDbGuid,
105 EFI_CERT_DB_VOLATILE_NAME,
106 {
107 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
108 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
109 VARIABLE_ATTRIBUTE_BS_RT_AT,
110 sizeof (UINT32),
111 MAX_UINTN
112 }
113 },
114 };
115
116 VOID **mAuthVarAddressPointer[10];
117
118 AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
119
120 /**
121 Initialization for authenticated varibale services.
122 If this initialization returns error status, other APIs will not work
123 and expect to be not called then.
124
125 @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.
126 @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.
127
128 @retval EFI_SUCCESS Function successfully executed.
129 @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.
130 @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.
131 @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
132
133 **/
134 EFI_STATUS
135 EFIAPI
136 AuthVariableLibInitialize (
137 IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,
138 OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
139 )
140 {
141 EFI_STATUS Status;
142 UINT8 VarValue;
143 UINT32 VarAttr;
144 UINT8 *Data;
145 UINTN DataSize;
146 UINTN CtxSize;
147 UINT8 SecureBootMode;
148 UINT8 SecureBootEnable;
149 UINT8 CustomMode;
150 UINT32 ListSize;
151
152 if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) {
153 return EFI_INVALID_PARAMETER;
154 }
155
156 mAuthVarLibContextIn = AuthVarLibContextIn;
157
158 //
159 // Initialize hash context.
160 //
161 CtxSize = Sha256GetContextSize ();
162 mHashCtx = AllocateRuntimePool (CtxSize);
163 if (mHashCtx == NULL) {
164 return EFI_OUT_OF_RESOURCES;
165 }
166
167 //
168 // Reserve runtime buffer for public key database. The size excludes variable header and name size.
169 //
170 mMaxKeyDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (AUTHVAR_KEYDB_NAME));
171 mMaxKeyNumber = mMaxKeyDbSize / sizeof (AUTHVAR_KEY_DB_DATA);
172 mPubKeyStore = AllocateRuntimePool (mMaxKeyDbSize);
173 if (mPubKeyStore == NULL) {
174 return EFI_OUT_OF_RESOURCES;
175 }
176
177 //
178 // Reserve runtime buffer for certificate database. The size excludes variable header and name size.
179 // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
180 //
181 mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
182 mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
183 if (mCertDbStore == NULL) {
184 return EFI_OUT_OF_RESOURCES;
185 }
186
187 //
188 // Check "AuthVarKeyDatabase" variable's existence.
189 // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
190 //
191 Status = AuthServiceInternalFindVariable (
192 AUTHVAR_KEYDB_NAME,
193 &gEfiAuthenticatedVariableGuid,
194 (VOID **) &Data,
195 &DataSize
196 );
197 if (EFI_ERROR (Status)) {
198 VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
199 VarValue = 0;
200 mPubKeyNumber = 0;
201 Status = AuthServiceInternalUpdateVariable (
202 AUTHVAR_KEYDB_NAME,
203 &gEfiAuthenticatedVariableGuid,
204 &VarValue,
205 sizeof(UINT8),
206 VarAttr
207 );
208 if (EFI_ERROR (Status)) {
209 return Status;
210 }
211 } else {
212 //
213 // Load database in global variable for cache.
214 //
215 ASSERT ((DataSize != 0) && (Data != NULL));
216 //
217 // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
218 // Therefore, there is no memory overflow in underlying CopyMem.
219 //
220 CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
221 mPubKeyNumber = (UINT32) (DataSize / sizeof (AUTHVAR_KEY_DB_DATA));
222 }
223
224 Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
225 if (EFI_ERROR (Status)) {
226 DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
227 } else {
228 DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));
229 }
230
231 //
232 // Create "SetupMode" variable with BS+RT attribute set.
233 //
234 if (EFI_ERROR (Status)) {
235 mPlatformMode = SETUP_MODE;
236 } else {
237 mPlatformMode = USER_MODE;
238 }
239 Status = AuthServiceInternalUpdateVariable (
240 EFI_SETUP_MODE_NAME,
241 &gEfiGlobalVariableGuid,
242 &mPlatformMode,
243 sizeof(UINT8),
244 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
245 );
246 if (EFI_ERROR (Status)) {
247 return Status;
248 }
249
250 //
251 // Create "SignatureSupport" variable with BS+RT attribute set.
252 //
253 Status = AuthServiceInternalUpdateVariable (
254 EFI_SIGNATURE_SUPPORT_NAME,
255 &gEfiGlobalVariableGuid,
256 mSignatureSupport,
257 sizeof(mSignatureSupport),
258 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
259 );
260 if (EFI_ERROR (Status)) {
261 return Status;
262 }
263
264 //
265 // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.
266 // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.
267 // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
268 //
269 SecureBootEnable = SECURE_BOOT_DISABLE;
270 Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);
271 if (!EFI_ERROR (Status)) {
272 if (mPlatformMode == USER_MODE){
273 SecureBootEnable = *(UINT8 *) Data;
274 }
275 } else if (mPlatformMode == USER_MODE) {
276 //
277 // "SecureBootEnable" not exist, initialize it in USER_MODE.
278 //
279 SecureBootEnable = SECURE_BOOT_ENABLE;
280 Status = AuthServiceInternalUpdateVariable (
281 EFI_SECURE_BOOT_ENABLE_NAME,
282 &gEfiSecureBootEnableDisableGuid,
283 &SecureBootEnable,
284 sizeof (UINT8),
285 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
286 );
287 if (EFI_ERROR (Status)) {
288 return Status;
289 }
290 }
291
292 //
293 // Create "SecureBoot" variable with BS+RT attribute set.
294 //
295 if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
296 SecureBootMode = SECURE_BOOT_MODE_ENABLE;
297 } else {
298 SecureBootMode = SECURE_BOOT_MODE_DISABLE;
299 }
300 Status = AuthServiceInternalUpdateVariable (
301 EFI_SECURE_BOOT_MODE_NAME,
302 &gEfiGlobalVariableGuid,
303 &SecureBootMode,
304 sizeof (UINT8),
305 EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
306 );
307 if (EFI_ERROR (Status)) {
308 return Status;
309 }
310
311 DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));
312 DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));
313 DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));
314
315 //
316 // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.
317 //
318 CustomMode = STANDARD_SECURE_BOOT_MODE;
319 Status = AuthServiceInternalUpdateVariable (
320 EFI_CUSTOM_MODE_NAME,
321 &gEfiCustomModeEnableGuid,
322 &CustomMode,
323 sizeof (UINT8),
324 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
325 );
326 if (EFI_ERROR (Status)) {
327 return Status;
328 }
329
330 DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));
331
332 //
333 // Check "certdb" variable's existence.
334 // If it doesn't exist, then create a new one with
335 // EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
336 //
337 Status = AuthServiceInternalFindVariable (
338 EFI_CERT_DB_NAME,
339 &gEfiCertDbGuid,
340 (VOID **) &Data,
341 &DataSize
342 );
343 if (EFI_ERROR (Status)) {
344 VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
345 ListSize = sizeof (UINT32);
346 Status = AuthServiceInternalUpdateVariable (
347 EFI_CERT_DB_NAME,
348 &gEfiCertDbGuid,
349 &ListSize,
350 sizeof (UINT32),
351 VarAttr
352 );
353 if (EFI_ERROR (Status)) {
354 return Status;
355 }
356 } else {
357 //
358 // Clean up Certs to make certDB & Time based auth variable consistent
359 //
360 Status = CleanCertsFromDb();
361 if (EFI_ERROR (Status)) {
362 DEBUG ((EFI_D_ERROR, "Clean up CertDB fail! Status %x\n", Status));
363 return Status;
364 }
365 }
366
367 //
368 // Create "certdbv" variable with RT+BS+AT set.
369 //
370 VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
371 ListSize = sizeof (UINT32);
372 Status = AuthServiceInternalUpdateVariable (
373 EFI_CERT_DB_VOLATILE_NAME,
374 &gEfiCertDbGuid,
375 &ListSize,
376 sizeof (UINT32),
377 VarAttr
378 );
379 if (EFI_ERROR (Status)) {
380 return Status;
381 }
382
383 //
384 // Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
385 //
386 Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);
387 if (!EFI_ERROR (Status)) {
388 mVendorKeyState = *(UINT8 *)Data;
389 } else {
390 //
391 // "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.
392 //
393 mVendorKeyState = VENDOR_KEYS_VALID;
394 Status = AuthServiceInternalUpdateVariable (
395 EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
396 &gEfiVendorKeysNvGuid,
397 &mVendorKeyState,
398 sizeof (UINT8),
399 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
400 );
401 if (EFI_ERROR (Status)) {
402 return Status;
403 }
404 }
405
406 //
407 // Create "VendorKeys" variable with BS+RT attribute set.
408 //
409 Status = AuthServiceInternalUpdateVariable (
410 EFI_VENDOR_KEYS_VARIABLE_NAME,
411 &gEfiGlobalVariableGuid,
412 &mVendorKeyState,
413 sizeof (UINT8),
414 EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
415 );
416 if (EFI_ERROR (Status)) {
417 return Status;
418 }
419
420 DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));
421
422 AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
423 AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
424 AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
425 AuthVarLibContextOut->AuthVarEntryCount = sizeof (mAuthVarEntry) / sizeof (mAuthVarEntry[0]);
426 mAuthVarAddressPointer[0] = (VOID **) &mPubKeyStore;
427 mAuthVarAddressPointer[1] = (VOID **) &mCertDbStore;
428 mAuthVarAddressPointer[2] = (VOID **) &mHashCtx;
429 mAuthVarAddressPointer[3] = (VOID **) &mAuthVarLibContextIn;
430 mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
431 mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
432 mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
433 mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
434 mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
435 mAuthVarAddressPointer[9] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
436 AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
437 AuthVarLibContextOut->AddressPointerCount = sizeof (mAuthVarAddressPointer) / sizeof (mAuthVarAddressPointer[0]);
438
439 //
440 // Cache UserPhysicalPresent State.
441 // Platform should report PhysicalPresent before this point
442 //
443 mUserPhysicalPresent = UserPhysicalPresent();
444
445 return Status;
446 }
447
448 /**
449 Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
450
451 @param[in] VariableName Name of the variable.
452 @param[in] VendorGuid Variable vendor GUID.
453 @param[in] Data Data pointer.
454 @param[in] DataSize Size of Data.
455 @param[in] Attributes Attribute value of the variable.
456
457 @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
458 defined by the Attributes.
459 @retval EFI_INVALID_PARAMETER Invalid parameter.
460 @retval EFI_WRITE_PROTECTED Variable is write-protected.
461 @retval EFI_OUT_OF_RESOURCES There is not enough resource.
462 @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
463 or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
464 set, but the AuthInfo does NOT pass the validation
465 check carried out by the firmware.
466 @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
467
468 **/
469 EFI_STATUS
470 EFIAPI
471 AuthVariableLibProcessVariable (
472 IN CHAR16 *VariableName,
473 IN EFI_GUID *VendorGuid,
474 IN VOID *Data,
475 IN UINTN DataSize,
476 IN UINT32 Attributes
477 )
478 {
479 EFI_STATUS Status;
480
481 if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
482 Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);
483 } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
484 Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
485 } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
486 ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
487 (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
488 (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
489 )) {
490 Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
491 if (EFI_ERROR (Status)) {
492 Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);
493 }
494 } else {
495 Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
496 }
497
498 return Status;
499 }
EFI Development Kit II mirror for PVE