From f6c5031926e383469bc5d06fd005488d6efe961a Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Fri, 13 Mar 2015 01:24:16 +0000 Subject: [PATCH] SecurityPkg Variable: Allow the delete operation of common auth variable at user physical presence. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Jiewen Yao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17042 6f19259b-4bc3-4df7-8a09-765794883524 --- .../RuntimeDxe/AuthService.c | 119 ++++++++++++------ .../RuntimeDxe/AuthService.h | 20 ++- .../RuntimeDxe/VarCheck.c | 11 +- 3 files changed, 108 insertions(+), 42 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 3f0698e606..fd2d0d6043 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -19,7 +19,7 @@ They will do basic validation for authentication data structure, then call crypto library to verify the signature. -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -129,36 +129,6 @@ InCustomMode ( return FALSE; } - -/** - Internal function to delete a Variable given its name and GUID, no authentication - required. - - @param[in] VariableName Name of the Variable. - @param[in] VendorGuid GUID of the Variable. - - @retval EFI_SUCCESS Variable deleted successfully. - @retval Others The driver failded to start the device. - -**/ -EFI_STATUS -DeleteVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid - ) -{ - EFI_STATUS Status; - VARIABLE_POINTER_TRACK Variable; - - Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); - if (EFI_ERROR (Status)) { - return EFI_SUCCESS; - } - - ASSERT (Variable.CurrPtr != NULL); - return UpdateVariable (VariableName, VendorGuid, NULL, 0, 0, 0, 0, &Variable, NULL); -} - /** Initializes for authenticated varibale service. @@ -1281,6 +1251,59 @@ ProcessVarWithKek ( return Status; } +/** + Check if it is to delete auth variable. + + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Variable The variable information which is used to keep track of variable usage. + @param[in] Attributes Attribute value of the variable. + + @retval TRUE It is to delete auth variable. + @retval FALSE It is not to delete auth variable. + +**/ +BOOLEAN +IsDeleteAuthVariable ( + IN VOID *Data, + IN UINTN DataSize, + IN VARIABLE_POINTER_TRACK *Variable, + IN UINT32 Attributes + ) +{ + BOOLEAN Del; + UINT8 *Payload; + UINTN PayloadSize; + + Del = FALSE; + + // + // To delete a variable created with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + // or the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute, + // SetVariable must be used with attributes matching the existing variable + // and the DataSize set to the size of the AuthInfo descriptor. + // + if ((Variable->CurrPtr != NULL) && + (Attributes == Variable->CurrPtr->Attributes) && + ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) { + if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); + PayloadSize = DataSize - AUTHINFO2_SIZE (Data); + if (PayloadSize == 0) { + Del = TRUE; + } + } else { + Payload = (UINT8 *) Data + AUTHINFO_SIZE; + PayloadSize = DataSize - AUTHINFO_SIZE; + if (PayloadSize == 0) { + Del = TRUE; + } + } + } + + return Del; +} + /** Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set @@ -1295,8 +1318,7 @@ ProcessVarWithKek ( @param[in] VendorGuid Variable vendor GUID. @param[in] Data Data pointer. - @param[in] DataSize Size of Data found. If size is less than the - data, this value contains the required size. + @param[in] DataSize Size of Data. @param[in] Variable The variable information which is used to keep track of variable usage. @param[in] Attributes Attribute value of the variable. @@ -1336,11 +1358,36 @@ ProcessVariable ( PubKey = NULL; IsDeletion = FALSE; - if (NeedPhysicallyPresent(VariableName, VendorGuid) && !UserPhysicalPresent()) { + if (UserPhysicalPresent()) { // - // This variable is protected, only physical present user could modify its value. + // Allow the delete operation of common authenticated variable at user physical presence. // - return EFI_SECURITY_VIOLATION; + if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes)) { + if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + Status = DeleteCertsFromDb (VariableName, VendorGuid); + } + if (!EFI_ERROR (Status)) { + Status = UpdateVariable ( + VariableName, + VendorGuid, + NULL, + 0, + 0, + 0, + 0, + Variable, + NULL + ); + } + return Status; + } + } else { + if (NeedPhysicallyPresent(VariableName, VendorGuid)) { + // + // This variable is protected, only physical present user could modify its value. + // + return EFI_SECURITY_VIOLATION; + } } // diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h index 0e57c5b5e5..e0804f4e34 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h @@ -12,7 +12,7 @@ may not be modified without authorization. If platform fails to protect these resources, the authentication service provided in this driver will be broken, and the behavior is undefined. -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -289,6 +289,24 @@ CompareTimeStamp ( IN EFI_TIME *SecondTime ); +/** + Delete matching signer's certificates when deleting common authenticated + variable by corresponding VariableName and VendorGuid from "certdb". + + @param[in] VariableName Name of authenticated Variable. + @param[in] VendorGuid Vendor GUID of authenticated Variable. + + @retval EFI_INVALID_PARAMETER Any input parameter is invalid. + @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs. + @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources. + @retval EFI_SUCCESS The operation is completed successfully. + +**/ +EFI_STATUS +DeleteCertsFromDb ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ); /** Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c index 3f4beb07f0..da834e15d0 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c @@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include "Variable.h" +#include "AuthService.h" #include extern LIST_ENTRY mLockedVariableList; @@ -668,7 +669,7 @@ VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = { EFI_VENDOR_KEYS_NV_VARIABLE_NAME, { VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, + VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, VARIABLE_ATTRIBUTE_NV_BS_RT_AT, sizeof (UINT8), sizeof (UINT8) @@ -676,10 +677,10 @@ VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = { }, { &gEfiAuthenticatedVariableGuid, - L"AuthVarKeyDatabase", + AUTHVAR_KEYDB_NAME, { VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, + VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, VARIABLE_ATTRIBUTE_NV_BS_RT_AW, sizeof (UINT8), MAX_UINTN @@ -687,10 +688,10 @@ VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = { }, { &gEfiCertDbGuid, - L"certdb", + EFI_CERT_DB_NAME, { VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, + VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, VARIABLE_ATTRIBUTE_NV_BS_RT_AT, sizeof (UINT32), MAX_UINTN -- 2.39.2