Virtualization
/
edk2
mirror of https://gitlab.com/qemu-project/edk2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename 

Updates the sanitation function names to be lib unique names

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <355aa846a99ca6ac0f7574cf5982661da0d9fea6.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
Doug Flick 2024-01-17 14:47:21 -08:00 committed by mergify[bot]
parent 40adbb7f62
commit 326db0c907
4 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@ -174,7 +174,7 @@ TcgMeasureGptTable (
BlockIo->Media->BlockSize, BlockIo->Media->BlockSize,
(UINT8 *)PrimaryHeader (UINT8 *)PrimaryHeader
); );
if (EFI_ERROR (Status) || EFI_ERROR (SanitizeEfiPartitionTableHeader (PrimaryHeader, BlockIo))) { if (EFI_ERROR (Status) || EFI_ERROR (TpmSanitizeEfiPartitionTableHeader (PrimaryHeader, BlockIo))) {
DEBUG ((DEBUG_ERROR, "Failed to read Partition Table Header or invalid Partition Table Header!\n")); DEBUG ((DEBUG_ERROR, "Failed to read Partition Table Header or invalid Partition Table Header!\n"));
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
@ -183,7 +183,7 @@ TcgMeasureGptTable (
// //
// Read the partition entry. // Read the partition entry.
// //
Status = SanitizePrimaryHeaderAllocationSize (PrimaryHeader, &AllocSize); Status = TpmSanitizePrimaryHeaderAllocationSize (PrimaryHeader, &AllocSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
@ -224,7 +224,7 @@ TcgMeasureGptTable (
// //
// Prepare Data for Measurement // Prepare Data for Measurement
// //
Status = SanitizePrimaryHeaderGptEventSize (PrimaryHeader, NumberOfPartition, &EventSize); Status = TpmSanitizePrimaryHeaderGptEventSize (PrimaryHeader, NumberOfPartition, &EventSize);
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize); TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize);
if (TcgEvent == NULL) { if (TcgEvent == NULL) {
FreePool (PrimaryHeader); FreePool (PrimaryHeader);
@ -351,7 +351,7 @@ TcgMeasurePeImage (
// Determine destination PCR by BootPolicy // Determine destination PCR by BootPolicy
// //
Status = SanitizePeImageEventSize (FilePathSize, &EventSize); Status = TpmSanitizePeImageEventSize (FilePathSize, &EventSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }

10
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitization.c
View File

@ -1,5 +1,5 @@
/** @file /** @file
The library instance provides security service of TPM2 measure boot and The library instance provides security service of TPM measure boot and
Confidential Computing (CC) measure boot. Confidential Computing (CC) measure boot.
Caution: This file requires additional review when modified. Caution: This file requires additional review when modified.
@ -63,7 +63,7 @@
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
SanitizeEfiPartitionTableHeader ( TpmSanitizeEfiPartitionTableHeader (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
IN CONST EFI_BLOCK_IO_PROTOCOL *BlockIo IN CONST EFI_BLOCK_IO_PROTOCOL *BlockIo
) )
@ -145,7 +145,7 @@ SanitizeEfiPartitionTableHeader (
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
SanitizePrimaryHeaderAllocationSize ( TpmSanitizePrimaryHeaderAllocationSize (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
OUT UINT32 *AllocationSize OUT UINT32 *AllocationSize
) )
@ -194,7 +194,7 @@ SanitizePrimaryHeaderAllocationSize (
One of the passed parameters was invalid. One of the passed parameters was invalid.
**/ **/
EFI_STATUS EFI_STATUS
SanitizePrimaryHeaderGptEventSize ( TpmSanitizePrimaryHeaderGptEventSize (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
IN UINTN NumberOfPartition, IN UINTN NumberOfPartition,
OUT UINT32 *EventSize OUT UINT32 *EventSize
@ -258,7 +258,7 @@ SanitizePrimaryHeaderGptEventSize (
One of the passed parameters was invalid. One of the passed parameters was invalid.
**/ **/
EFI_STATUS EFI_STATUS
SanitizePeImageEventSize ( TpmSanitizePeImageEventSize (
IN UINT32 FilePathSize, IN UINT32 FilePathSize,
OUT UINT32 *EventSize OUT UINT32 *EventSize
) )

8
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLibSanitization.h
View File

@ -53,7 +53,7 @@
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
SanitizeEfiPartitionTableHeader ( TpmSanitizeEfiPartitionTableHeader (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
IN CONST EFI_BLOCK_IO_PROTOCOL *BlockIo IN CONST EFI_BLOCK_IO_PROTOCOL *BlockIo
); );
@ -77,7 +77,7 @@ SanitizeEfiPartitionTableHeader (
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
SanitizePrimaryHeaderAllocationSize ( TpmSanitizePrimaryHeaderAllocationSize (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
OUT UINT32 *AllocationSize OUT UINT32 *AllocationSize
); );
@ -105,7 +105,7 @@ SanitizePrimaryHeaderAllocationSize (
One of the passed parameters was invalid. One of the passed parameters was invalid.
**/ **/
EFI_STATUS EFI_STATUS
SanitizePrimaryHeaderGptEventSize ( TpmSanitizePrimaryHeaderGptEventSize (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
IN UINTN NumberOfPartition, IN UINTN NumberOfPartition,
OUT UINT32 *EventSize OUT UINT32 *EventSize
@ -129,7 +129,7 @@ SanitizePrimaryHeaderGptEventSize (
One of the passed parameters was invalid. One of the passed parameters was invalid.
**/ **/
EFI_STATUS EFI_STATUS
SanitizePeImageEventSize ( TpmSanitizePeImageEventSize (
IN UINT32 FilePathSize, IN UINT32 FilePathSize,
OUT UINT32 *EventSize OUT UINT32 *EventSize
); );

26
SecurityPkg/Library/DxeTpmMeasureBootLib/InternalUnitTest/DxeTpmMeasureBootLibSanitizationTest.c
View File

@ -83,27 +83,27 @@ TestSanitizeEfiPartitionTableHeader (
PrimaryHeader.Header.CRC32 = CalculateCrc32 ((UINT8 *)&PrimaryHeader, PrimaryHeader.Header.HeaderSize); PrimaryHeader.Header.CRC32 = CalculateCrc32 ((UINT8 *)&PrimaryHeader, PrimaryHeader.Header.HeaderSize);
// Test that a normal PrimaryHeader passes validation // Test that a normal PrimaryHeader passes validation
Status = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo); Status = TpmSanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
UT_ASSERT_NOT_EFI_ERROR (Status); UT_ASSERT_NOT_EFI_ERROR (Status);
// Test that when number of partition entries is 0, the function returns EFI_DEVICE_ERROR // Test that when number of partition entries is 0, the function returns EFI_DEVICE_ERROR
// Should print "Invalid Partition Table Header NumberOfPartitionEntries!"" // Should print "Invalid Partition Table Header NumberOfPartitionEntries!""
PrimaryHeader.NumberOfPartitionEntries = 0; PrimaryHeader.NumberOfPartitionEntries = 0;
Status = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo); Status = TpmSanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR); UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR);
PrimaryHeader.NumberOfPartitionEntries = DEFAULT_PRIMARY_TABLE_HEADER_SIZE_OF_PARTITION_ENTRY; PrimaryHeader.NumberOfPartitionEntries = DEFAULT_PRIMARY_TABLE_HEADER_SIZE_OF_PARTITION_ENTRY;
// Test that when the header size is too small, the function returns EFI_DEVICE_ERROR // Test that when the header size is too small, the function returns EFI_DEVICE_ERROR
// Should print "Invalid Partition Table Header Size!" // Should print "Invalid Partition Table Header Size!"
PrimaryHeader.Header.HeaderSize = 0; PrimaryHeader.Header.HeaderSize = 0;
Status = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo); Status = TpmSanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR); UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR);
PrimaryHeader.Header.HeaderSize = sizeof (EFI_PARTITION_TABLE_HEADER); PrimaryHeader.Header.HeaderSize = sizeof (EFI_PARTITION_TABLE_HEADER);
// Test that when the SizeOfPartitionEntry is too small, the function returns EFI_DEVICE_ERROR // Test that when the SizeOfPartitionEntry is too small, the function returns EFI_DEVICE_ERROR
// should print: "SizeOfPartitionEntry shall be set to a value of 128 x 2^n where n is an integer greater than or equal to zero (e.g., 128, 256, 512, etc.)!" // should print: "SizeOfPartitionEntry shall be set to a value of 128 x 2^n where n is an integer greater than or equal to zero (e.g., 128, 256, 512, etc.)!"
PrimaryHeader.SizeOfPartitionEntry = 1; PrimaryHeader.SizeOfPartitionEntry = 1;
Status = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo); Status = TpmSanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR); UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR);
DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__)); DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__));
@ -136,7 +136,7 @@ TestSanitizePrimaryHeaderAllocationSize (
PrimaryHeader.NumberOfPartitionEntries = 5; PrimaryHeader.NumberOfPartitionEntries = 5;
PrimaryHeader.SizeOfPartitionEntry = DEFAULT_PRIMARY_TABLE_HEADER_SIZE_OF_PARTITION_ENTRY; PrimaryHeader.SizeOfPartitionEntry = DEFAULT_PRIMARY_TABLE_HEADER_SIZE_OF_PARTITION_ENTRY;
Status = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize); Status = TpmSanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
UT_ASSERT_NOT_EFI_ERROR (Status); UT_ASSERT_NOT_EFI_ERROR (Status);
// Test that the allocation size is correct compared to the existing logic // Test that the allocation size is correct compared to the existing logic
@ -145,19 +145,19 @@ TestSanitizePrimaryHeaderAllocationSize (
// Test that an overflow is detected // Test that an overflow is detected
PrimaryHeader.NumberOfPartitionEntries = MAX_UINT32; PrimaryHeader.NumberOfPartitionEntries = MAX_UINT32;
PrimaryHeader.SizeOfPartitionEntry = 5; PrimaryHeader.SizeOfPartitionEntry = 5;
Status = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize); Status = TpmSanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE); UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
// Test the inverse // Test the inverse
PrimaryHeader.NumberOfPartitionEntries = 5; PrimaryHeader.NumberOfPartitionEntries = 5;
PrimaryHeader.SizeOfPartitionEntry = MAX_UINT32; PrimaryHeader.SizeOfPartitionEntry = MAX_UINT32;
Status = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize); Status = TpmSanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE); UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
// Test the worst case scenario // Test the worst case scenario
PrimaryHeader.NumberOfPartitionEntries = MAX_UINT32; PrimaryHeader.NumberOfPartitionEntries = MAX_UINT32;
PrimaryHeader.SizeOfPartitionEntry = MAX_UINT32; PrimaryHeader.SizeOfPartitionEntry = MAX_UINT32;
Status = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize); Status = TpmSanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE); UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__)); DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__));
@ -195,7 +195,7 @@ TestSanitizePrimaryHeaderGptEventSize (
NumberOfPartition = 13; NumberOfPartition = 13;
// that the primary event size is correct // that the primary event size is correct
Status = SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize); Status = TpmSanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize);
UT_ASSERT_NOT_EFI_ERROR (Status); UT_ASSERT_NOT_EFI_ERROR (Status);
// Calculate the existing logic event size // Calculate the existing logic event size
@ -206,12 +206,12 @@ TestSanitizePrimaryHeaderGptEventSize (
UT_ASSERT_EQUAL (EventSize, ExistingLogicEventSize); UT_ASSERT_EQUAL (EventSize, ExistingLogicEventSize);
// Tests that the primary event size may not overflow // Tests that the primary event size may not overflow
Status = SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, MAX_UINT32, &EventSize); Status = TpmSanitizePrimaryHeaderGptEventSize (&PrimaryHeader, MAX_UINT32, &EventSize);
UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE); UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
// Test that the size of partition entries may not overflow // Test that the size of partition entries may not overflow
PrimaryHeader.SizeOfPartitionEntry = MAX_UINT32; PrimaryHeader.SizeOfPartitionEntry = MAX_UINT32;
Status = SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize); Status = TpmSanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize);
UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE); UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__)); DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__));
@ -269,7 +269,7 @@ TestSanitizePeImageEventSize (
FilePathSize = 255; FilePathSize = 255;
// Test that a normal PE image passes validation // Test that a normal PE image passes validation
Status = SanitizePeImageEventSize (FilePathSize, &EventSize); Status = TpmSanitizePeImageEventSize (FilePathSize, &EventSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
UT_LOG_ERROR ("SanitizePeImageEventSize failed with %r\n", Status); UT_LOG_ERROR ("SanitizePeImageEventSize failed with %r\n", Status);
goto Exit; goto Exit;
@ -285,7 +285,7 @@ TestSanitizePeImageEventSize (
} }
// Test that the event size may not overflow // Test that the event size may not overflow
Status = SanitizePeImageEventSize (MAX_UINT32, &EventSize); Status = TpmSanitizePeImageEventSize (MAX_UINT32, &EventSize);
if (Status != EFI_BAD_BUFFER_SIZE) { if (Status != EFI_BAD_BUFFER_SIZE) {
UT_LOG_ERROR ("SanitizePeImageEventSize succeded when it was supposed to fail with %r\n", Status); UT_LOG_ERROR ("SanitizePeImageEventSize succeded when it was supposed to fail with %r\n", Status);
goto Exit; goto Exit;