This external input must be validated carefully to avoid security issue like\r
buffer overflow, integer overflow.\r
Variable attribute should also be checked to avoid authentication bypass.\r
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+ may not be modified without authorization. If platform fails to protect these resources, \r
+ the authentication service provided in this driver will be broken, and the behavior is undefined.\r
\r
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do\r
variable authentication.\r
DataSize = DataSizeOfVariable (Variable.CurrPtr);\r
Data = GetVariableDataPtr (Variable.CurrPtr);\r
ASSERT ((DataSize != 0) && (Data != NULL));\r
+ //\r
+ // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) \r
+ // Therefore, there is no memory overflow in underlying CopyMem.\r
+ //\r
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);\r
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);\r
}\r
DataSize = DataSizeOfVariable (Variable.CurrPtr);\r
Data = GetVariableDataPtr (Variable.CurrPtr);\r
ASSERT ((DataSize != 0) && (Data != NULL));\r
+ //\r
+ // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) \r
+ // Therefore, there is no memory overflow in underlying CopyMem.\r
+ //\r
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);\r
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);\r
\r
The internal header file includes the common header files, defines\r
internal structure and functions used by AuthService module.\r
\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable data. It may be input in SMM mode.\r
+ This external input must be validated carefully to avoid security issue like\r
+ buffer overflow, integer overflow.\r
+ Variable attribute should also be checked to avoid authentication bypass.\r
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+ may not be modified without authorization. If platform fails to protect these resources, \r
+ the authentication service provided in this driver will be broken, and the behavior is undefined.\r
+\r
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
# This driver will have external input - variable data and communicate buffer in SMM mode.\r
# This external input must be validated carefully to avoid security issues such as \r
# buffer overflow or integer overflow.\r
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+# may not be modified without authorization. If platform fails to protect these resources, \r
+# the authentication service provided in this driver will be broken, and the behavior is undefined.\r
#\r
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>\r
# This program and the accompanying materials\r
# This driver will have external input - variable data.\r
# This external input must be validated carefully to avoid security issues such as \r
# buffer overflow or integer overflow.\r
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+# may not be modified without authorization. If platform fails to protect these resources, \r
+# the authentication service provided in this driver will be broken, and the behavior is undefined.\r
#\r
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>\r
# This program and the accompanying materials\r