CapsuleAuthenticateSystemFirmware(), ExtractAuthenticatedImage() will receive\r
untrusted input and do basic validation.\r
\r
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
- This program and the accompanying materials\r
- are licensed and made available under the terms and conditions of the BSD License\r
- which accompanies this distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/DebugLib.h>\r
+#include <Library/PcdLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/EdkiiSystemCapsuleLib.h>\r
#include <Library/FmpAuthenticationLib.h>\r
FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvHeader + SIZE_4KB);\r
continue;\r
}\r
- DEBUG((DEBUG_ERROR, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r
+ DEBUG((DEBUG_INFO, "checking FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r
FvFound = TRUE;\r
if (FvHeader->FvLength > FvSize) {\r
DEBUG((DEBUG_ERROR, "GetFfsByName - FvSize: 0x%08x, MaxSize - 0x%08x\n", (UINTN)FvHeader->FvLength, (UINTN)FvSize));\r
\r
if (CompareGuid(FileName, &FfsHeader->Name) &&\r
((Type == EFI_FV_FILETYPE_ALL) || (FfsHeader->Type == Type))) {\r
- //\r
- // Check section\r
- //\r
*OutFfsBuffer = FfsHeader;\r
*OutFfsBufferSize = FfsSize;\r
return TRUE;\r
// Next FV\r
//\r
FvHeader = (VOID *)(UINTN)((UINTN)FvHeader + FvHeader->FvLength);\r
- DEBUG((DEBUG_ERROR, "Next FV....0x%08x - 0x%x\n", FvHeader, FvHeader->FvLength));\r
}\r
\r
if (!FvFound) {\r
DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too small\n"));\r
return FALSE;\r
}\r
- if (ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {\r
+ if ((UINTN) ImageAuth->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) {\r
DEBUG((DEBUG_ERROR, "ExtractAuthenticatedImage - dwLength too big\n"));\r
return FALSE;\r
}\r
} else {\r
return FALSE;\r
}\r
+ ASSERT (PublicKeyData != NULL);\r
+ ASSERT (PublicKeyDataLength != 0);\r
\r
Status = AuthenticateFmpImage(\r
ImageAuth,\r
// NOTE: This function need run in an isolated environment.\r
// Do not touch FMP protocol and its private structure.\r
//\r
+ if (mImageFmpInfo == NULL) {\r
+ DEBUG((DEBUG_INFO, "ImageFmpInfo is not set\n"));\r
+ return EFI_SECURITY_VIOLATION;\r
+ }\r
\r
Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);\r
if (!Result) {\r
return EFI_SECURITY_VIOLATION;\r
}\r
} else {\r
- if (CurrentImageFmpInfo->Version < ImageFmpInfo->LowestSupportedImageVersion) {\r
+ if (ImageFmpInfo->Version < CurrentImageFmpInfo->LowestSupportedImageVersion) {\r
*LastAttemptStatus = LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION;\r
DEBUG((DEBUG_INFO, "LowestSupportedImageVersion check - fail\n"));\r
return EFI_SECURITY_VIOLATION;\r
return EFI_SUCCESS;\r
}\r
\r
+/**\r
+ PcdCallBack gets the real set PCD value\r
+\r
+ @param[in] CallBackGuid The PCD token GUID being set.\r
+ @param[in] CallBackToken The PCD token number being set.\r
+ @param[in, out] TokenData A pointer to the token data being set.\r
+ @param[in] TokenDataSize The size, in bytes, of the data being set.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+EdkiiSystemCapsuleLibPcdCallBack (\r
+ IN CONST GUID *CallBackGuid, OPTIONAL\r
+ IN UINTN CallBackToken,\r
+ IN OUT VOID *TokenData,\r
+ IN UINTN TokenDataSize\r
+ )\r
+{\r
+ if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&\r
+ CallBackToken == PcdToken (PcdEdkiiSystemFirmwareImageDescriptor)) {\r
+ mImageFmpInfoSize = TokenDataSize;\r
+ mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, TokenData);\r
+ ASSERT(mImageFmpInfo != NULL);\r
+ //\r
+ // Cancel Callback after get the real set value\r
+ //\r
+ LibPcdCancelCallback (\r
+ &gEfiSignedCapsulePkgTokenSpaceGuid,\r
+ PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),\r
+ EdkiiSystemCapsuleLibPcdCallBack\r
+ );\r
+ }\r
+\r
+ if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&\r
+ CallBackToken == PcdToken (PcdEdkiiSystemFirmwareFileGuid)) {\r
+ CopyGuid(&mEdkiiSystemFirmwareFileGuid, TokenData);\r
+ //\r
+ // Cancel Callback after get the real set value\r
+ //\r
+ LibPcdCancelCallback (\r
+ &gEfiSignedCapsulePkgTokenSpaceGuid,\r
+ PcdToken (PcdEdkiiSystemFirmwareFileGuid),\r
+ EdkiiSystemCapsuleLibPcdCallBack\r
+ );\r
+ }\r
+}\r
+\r
/**\r
The constructor function.\r
\r
)\r
{\r
mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);\r
- mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));\r
- ASSERT(mImageFmpInfo != NULL);\r
+ mImageFmpInfo = PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor);\r
+ //\r
+ // Verify Firmware Image Descriptor first\r
+ //\r
+ if (mImageFmpInfoSize < sizeof (EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR) ||\r
+ mImageFmpInfo->Signature != EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) {\r
+ //\r
+ // SystemFirmwareImageDescriptor is not set.\r
+ // Register PCD set callback to hook PCD value set.\r
+ //\r
+ mImageFmpInfo = NULL;\r
+ mImageFmpInfoSize = 0;\r
+ LibPcdCallbackOnSet (\r
+ &gEfiSignedCapsulePkgTokenSpaceGuid,\r
+ PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),\r
+ EdkiiSystemCapsuleLibPcdCallBack\r
+ );\r
+ } else {\r
+ mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, mImageFmpInfo);\r
+ ASSERT(mImageFmpInfo != NULL);\r
+ }\r
+\r
CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));\r
+ //\r
+ // Verify GUID value first\r
+ //\r
+ if (CompareGuid (&mEdkiiSystemFirmwareFileGuid, &gZeroGuid)) {\r
+ LibPcdCallbackOnSet (\r
+ &gEfiSignedCapsulePkgTokenSpaceGuid,\r
+ PcdToken (PcdEdkiiSystemFirmwareFileGuid),\r
+ EdkiiSystemCapsuleLibPcdCallBack\r
+ );\r
+ }\r
return EFI_SUCCESS;\r
}\r