X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.c;h=c86ce1f312ae5c7543e4ea356863fb9c81b08c64;hp=2a54296134b5835ed7f5645f58fd79fbf6d9a189;hb=5db28a6753d307cdfb1cfdeb2f63739a9f959837;hpb=de2447dd4ca93ca37ff067c325e478dc586235ca diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 2a54296134..c86ce1f312 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1,6 +1,17 @@ /** @file Implement image verification services for secure boot service in UEFI2.3.1. + Caution: This file requires additional review when modified. + This library will have external input - PE/COFF image. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content + read is within the image buffer. + + DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept + untrusted PE/COFF image and validate its data structure within this image buffer before use. + Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -14,15 +25,23 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "DxeImageVerificationLib.h" +// +// Caution: This is used by a function which may receive untrusted input. +// These global variables hold PE/COFF image data, and they should be validated before use. +// EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader; -UINTN mImageSize; UINT32 mPeCoffHeaderOffset; -UINT8 mImageDigest[MAX_DIGEST_SIZE]; -UINTN mImageDigestSize; EFI_IMAGE_DATA_DIRECTORY *mSecDataDir = NULL; -UINT8 *mImageBase = NULL; EFI_GUID mCertType; +// +// Information on current PE/COFF image +// +UINTN mImageSize; +UINT8 *mImageBase = NULL; +UINT8 mImageDigest[MAX_DIGEST_SIZE]; +UINTN mImageDigestSize; + // // Notify string for authorization UI. // @@ -57,6 +76,10 @@ HASH_TABLE mHash[] = { /** Reads contents of a PE/COFF image in memory buffer. + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will make sure the PE/COFF image content + read is within the image buffer. + @param FileHandle Pointer to the file handle to read the PE/COFF image. @param FileOffset Offset into the PE/COFF image to begin the read operation. @param ReadSize On input, the size in bytes of the requested read operation. @@ -118,6 +141,10 @@ GetImageType ( EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; EFI_BLOCK_IO_PROTOCOL *BlockIo; + if (File == NULL) { + return IMAGE_UNKNOWN; + } + // // First check to see if File is from a Firmware Volume // @@ -229,6 +256,10 @@ GetImageType ( Caculate hash of Pe/Coff image based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + @param[in] HashAlg Hash algorithm type. @retval TRUE Successfully hash image. @@ -550,6 +581,10 @@ Done: Pe/Coff image based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + @retval EFI_UNSUPPORTED Hash algorithm is not supported. @retval EFI_SUCCESS Hash successfully. @@ -751,60 +786,6 @@ AddImageExeInfo ( } } -/** - Discover if the UEFI image is authorized by user's policy setting. - - @param[in] Policy Specify platform's policy setting. - - @retval EFI_ACCESS_DENIED Image is not allowed to run. - @retval EFI_SECURITY_VIOLATION Image is deferred. - @retval EFI_SUCCESS Image is authorized to run. - -**/ -EFI_STATUS -ImageAuthorization ( - IN UINT32 Policy - ) -{ - EFI_STATUS Status; - EFI_INPUT_KEY Key; - - Status = EFI_ACCESS_DENIED; - - switch (Policy) { - - case QUERY_USER_ON_SECURITY_VIOLATION: - do { - CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, mNotifyString1, mNotifyString2, NULL); - if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') { - Status = EFI_SUCCESS; - break; - } else if (Key.UnicodeChar == L'N' || Key.UnicodeChar == L'n') { - Status = EFI_ACCESS_DENIED; - break; - } else if (Key.UnicodeChar == L'D' || Key.UnicodeChar == L'd') { - Status = EFI_SECURITY_VIOLATION; - break; - } - } while (TRUE); - break; - - case ALLOW_EXECUTE_ON_SECURITY_VIOLATION: - Status = EFI_SUCCESS; - break; - - case DEFER_EXECUTE_ON_SECURITY_VIOLATION: - Status = EFI_SECURITY_VIOLATION; - break; - - case DENY_EXECUTE_ON_SECURITY_VIOLATION: - Status = EFI_ACCESS_DENIED; - break; - } - - return Status; -} - /** Check whether signature is in specified database. @@ -953,7 +934,7 @@ IsPkcsSignedDataVerifiedBySignatureList ( // Iterate each Signature Data Node within this CertList for verify. // RootCert = Cert->SignatureData; - RootCertSize = CertList->SignatureSize; + RootCertSize = CertList->SignatureSize - sizeof (EFI_GUID); // // Call AuthenticodeVerify library to Verify Authenticode struct. @@ -1009,14 +990,7 @@ VerifyCertPkcsSignedData ( } // - // 2: Find certificate from KEK database and try to verify authenticode struct. - // - if (IsPkcsSignedDataVerifiedBySignatureList (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid)) { - return EFI_SUCCESS; - } - - // - // 3: Find certificate from DB database and try to verify authenticode struct. + // 2: Find certificate from DB database and try to verify authenticode struct. // if (IsPkcsSignedDataVerifiedBySignatureList (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) { return EFI_SUCCESS; @@ -1025,139 +999,6 @@ VerifyCertPkcsSignedData ( } } -/** - Verify certificate in WIN_CERTIFICATE_UEFI_GUID format. - - @retval EFI_SUCCESS Image pass verification. - @retval EFI_SECURITY_VIOLATION Image fail verification. - @retval other error value - -**/ -EFI_STATUS -VerifyCertUefiGuid ( - VOID - ) -{ - BOOLEAN Status; - WIN_CERTIFICATE_UEFI_GUID *EfiCert; - EFI_SIGNATURE_LIST *KekList; - EFI_SIGNATURE_DATA *KekItem; - EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock; - VOID *Rsa; - UINTN KekCount; - UINTN Index; - UINTN KekDataSize; - BOOLEAN IsFound; - EFI_STATUS Result; - - EfiCert = NULL; - KekList = NULL; - KekItem = NULL; - CertBlock = NULL; - Rsa = NULL; - Status = FALSE; - IsFound = FALSE; - KekDataSize = 0; - - EfiCert = (WIN_CERTIFICATE_UEFI_GUID *) (mImageBase + mSecDataDir->VirtualAddress); - CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) EfiCert->CertData; - if (!CompareGuid (&EfiCert->CertType, &gEfiCertTypeRsa2048Sha256Guid)) { - // - // Invalid Certificate Data Type. - // - return EFI_SECURITY_VIOLATION; - } - - // - // Get KEK database variable data size - // - Result = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &KekDataSize, NULL); - if (Result != EFI_BUFFER_TOO_SMALL) { - return EFI_SECURITY_VIOLATION; - } - - // - // Get KEK database variable. - // - GetEfiGlobalVariable2 (EFI_KEY_EXCHANGE_KEY_NAME, (VOID**)&KekList, NULL); - if (KekList == NULL) { - return EFI_SECURITY_VIOLATION; - } - - // - // Enumerate all Kek items in this list to verify the variable certificate data. - // If anyone is authenticated successfully, it means the variable is correct! - // - while ((KekDataSize > 0) && (KekDataSize >= KekList->SignatureListSize)) { - if (CompareGuid (&KekList->SignatureType, &gEfiCertRsa2048Guid)) { - KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize); - KekCount = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize; - for (Index = 0; Index < KekCount; Index++) { - if (CompareMem (KekItem->SignatureData, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) { - IsFound = TRUE; - break; - } - KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekItem + KekList->SignatureSize); - } - } - KekDataSize -= KekList->SignatureListSize; - KekList = (EFI_SIGNATURE_LIST *) ((UINT8 *) KekList + KekList->SignatureListSize); - } - - if (!IsFound) { - // - // Signed key is not a trust one. - // - goto Done; - } - - // - // Now, we found the corresponding security policy. - // Verify the data payload. - // - Rsa = RsaNew (); - if (Rsa == NULL) { - Status = FALSE; - goto Done; - } - - // - // Set RSA Key Components. - // NOTE: Only N and E are needed to be set as RSA public key for signature verification. - // - Status = RsaSetKey (Rsa, RsaKeyN, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE); - if (!Status) { - goto Done; - } - Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); - if (!Status) { - goto Done; - } - // - // Verify the signature. - // - Status = RsaPkcs1Verify ( - Rsa, - mImageDigest, - mImageDigestSize, - CertBlock->Signature, - EFI_CERT_TYPE_RSA2048_SHA256_SIZE - ); - -Done: - if (KekList != NULL) { - FreePool (KekList); - } - if (Rsa != NULL ) { - RsaFree (Rsa); - } - if (Status) { - return EFI_SUCCESS; - } else { - return EFI_SECURITY_VIOLATION; - } -} - /** Provide verification service for signed images, which include both signature validation and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and @@ -1167,22 +1008,28 @@ Done: Executables from FV is bypass, so pass in AuthenticationStatus is ignored. The image verification process is: - Is the Image signed? - If yes, - Does the image verify against a certificate (root or intermediate) in the allowed db? - Run it - Image verification fail - Is the Image's Hash not in forbidden database and the Image's Hash in allowed db? - Run it - If no, - Is the Image's Hash in the forbidden database (DBX)? - if yes, - Error out - Is the Image's Hash in the allowed database (DB)? - If yes, - Run it - If no, - Error out + If the image is signed, + If the image's certificate verifies against a certificate (root or intermediate) in the allowed + database (DB) and not in the forbidden database (DBX), the certificate verification is passed. + If the image's hash digest is in DBX, + deny execution. + If not, + run it. + If the Image's certificate verification failed. + If the Image's Hash is in DB and not in DBX, + run it. + Otherwise, + deny execution. + Otherwise, the image is not signed, + Is the Image's Hash in DBX? + If yes, deny execution. + If not, is the Image's Hash in DB? + If yes, run it. + If not, deny execution. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. @param[in] AuthenticationStatus This is the authentication status returned from the security @@ -1191,19 +1038,23 @@ Done: being dispatched. This will optionally be used for logging. @param[in] FileBuffer File buffer matches the input file device path. @param[in] FileSize Size of File buffer matches the input file device path. - - @retval EFI_SUCCESS The file specified by File did authenticate, and the - platform policy dictates that the DXE Core may use File. - @retval EFI_INVALID_PARAMETER Input argument is incorrect. + @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service. + + @retval EFI_SUCCESS The file specified by DevicePath and non-NULL + FileBuffer did authenticate, and the platform policy dictates + that the DXE Foundation may use the file. + @retval EFI_SUCCESS The device path specified by NULL device path DevicePath + and non-NULL FileBuffer did authenticate, and the platform + policy dictates that the DXE Foundation may execute the image in + FileBuffer. @retval EFI_OUT_RESOURCE Fail to allocate memory. @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and the platform policy dictates that File should be placed - in the untrusted state. A file may be promoted from - the untrusted to the trusted state at a future time - with a call to the Trust() DXE Service. - @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and - the platform policy dictates that File should not be - used for any purpose. + in the untrusted state. The image has been added to the file + execution table. + @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not + authenticate, and the platform policy dictates that the DXE + Foundation many not use File. **/ EFI_STATUS @@ -1212,29 +1063,25 @@ DxeImageVerificationHandler ( IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *File, IN VOID *FileBuffer, - IN UINTN FileSize + IN UINTN FileSize, + IN BOOLEAN BootPolicy ) { EFI_STATUS Status; UINT16 Magic; EFI_IMAGE_DOS_HEADER *DosHdr; EFI_STATUS VerifyStatus; - UINT8 *SetupMode; EFI_SIGNATURE_LIST *SignatureList; UINTN SignatureListSize; EFI_SIGNATURE_DATA *Signature; EFI_IMAGE_EXECUTION_ACTION Action; WIN_CERTIFICATE *WinCertificate; UINT32 Policy; - UINT8 *SecureBootEnable; + UINT8 *SecureBoot; PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; UINT32 NumberOfRvaAndSizes; UINT32 CertSize; - if (File == NULL) { - return EFI_INVALID_PARAMETER; - } - SignatureList = NULL; SignatureListSize = 0; WinCertificate = NULL; @@ -1274,43 +1121,22 @@ DxeImageVerificationHandler ( return EFI_ACCESS_DENIED; } - GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); // - // Skip verification if SecureBootEnable variable doesn't exist. + // Skip verification if SecureBoot variable doesn't exist. // - if (SecureBootEnable == NULL) { + if (SecureBoot == NULL) { return EFI_SUCCESS; } // - // Skip verification if SecureBootEnable is disabled. + // Skip verification if SecureBoot is disabled. // - if (*SecureBootEnable == SECURE_BOOT_DISABLE) { - FreePool (SecureBootEnable); + if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) { + FreePool (SecureBoot); return EFI_SUCCESS; } - - FreePool (SecureBootEnable); - - GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, (VOID**)&SetupMode, NULL); - - // - // SetupMode doesn't exist means no AuthVar driver is dispatched, - // skip verification. - // - if (SetupMode == NULL) { - return EFI_SUCCESS; - } - - // - // If platform is in SETUP MODE, skip verification. - // - if (*SetupMode == SETUP_MODE) { - FreePool (SetupMode); - return EFI_SUCCESS; - } - - FreePool (SetupMode); + FreePool (SecureBoot); // // Read the Dos header. @@ -1432,25 +1258,7 @@ DxeImageVerificationHandler ( goto Done; } - switch (WinCertificate->wCertificateType) { - - case WIN_CERT_TYPE_EFI_GUID: - CertSize = sizeof (WIN_CERTIFICATE_UEFI_GUID) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256) - sizeof (UINT8); - if (WinCertificate->dwLength < CertSize) { - goto Done; - } - - // - // Verify UEFI GUID type. - // - if (!HashPeImage (HASHALG_SHA256)) { - goto Done; - } - - VerifyStatus = VerifyCertUefiGuid (); - break; - - case WIN_CERT_TYPE_PKCS_SIGNED_DATA: + if (WinCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { // // Verify Pkcs signed data type. // @@ -1458,42 +1266,31 @@ DxeImageVerificationHandler ( if (EFI_ERROR (Status)) { goto Done; } - + VerifyStatus = VerifyCertPkcsSignedData (); + } else { + goto Done; + } + if (!EFI_ERROR (VerifyStatus)) { // - // For image verification against enrolled certificate(root or intermediate), - // no need to check image's hash in the allowed database. + // Verification is passed. + // Continue to check the image digest in signature database. // - if (!EFI_ERROR (VerifyStatus)) { - if (!IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) { - return EFI_SUCCESS; - } + if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) { + // + // Executable signature verification passes, but is found in forbidden signature database. + // + Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND; + Status = EFI_ACCESS_DENIED; + } else { + // + // For image verification against enrolled X.509 certificate(root or intermediate), + // no need to check image's hash in the allowed database. + // + return EFI_SUCCESS; } - break; - - default: - goto Done; - } - // - // Get image hash value as executable's signature. - // - SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; - SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); - if (SignatureList == NULL) { - Status = EFI_OUT_OF_RESOURCES; - goto Done; - } - SignatureList->SignatureHeaderSize = 0; - SignatureList->SignatureListSize = (UINT32) SignatureListSize; - SignatureList->SignatureSize = (UINT32) mImageDigestSize; - CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID)); - Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST)); - CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); - // - // Signature database check after verification. - // - if (EFI_ERROR (VerifyStatus)) { + } else { // // Verification failure. // @@ -1508,24 +1305,24 @@ DxeImageVerificationHandler ( Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED; Status = EFI_ACCESS_DENIED; } - } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, Signature->SignatureData, &mCertType, mImageDigestSize)) { - // - // Executable signature verification passes, but is found in forbidden signature database. - // - Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND; - Status = EFI_ACCESS_DENIED; - } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, Signature->SignatureData, &mCertType, mImageDigestSize)) { - // - // Executable signature is found in authorized signature database. - // - Status = EFI_SUCCESS; - } else { + } + + if (EFI_ERROR (Status)) { // - // Executable signature verification passes, but cannot be found in authorized signature database. - // Get platform policy to determine the action. + // Get image hash value as executable's signature. // - Action = EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED; - Status = ImageAuthorization (Policy); + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; + SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); + if (SignatureList == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + SignatureList->SignatureHeaderSize = 0; + SignatureList->SignatureListSize = (UINT32) SignatureListSize; + SignatureList->SignatureSize = (UINT32) mImageDigestSize; + CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID)); + Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST)); + CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); } Done: @@ -1534,6 +1331,7 @@ Done: // Policy decides to defer or reject the image; add its information in image executable information table. // AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize); + Status = EFI_SECURITY_VIOLATION; } if (SignatureList != NULL) { @@ -1618,7 +1416,7 @@ DxeImageVerificationLibConstructor ( &Registration ); - return RegisterSecurityHandler ( + return RegisterSecurity2Handler ( DxeImageVerificationHandler, EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED );