[edk2] [Patch] SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check PCD value

Liming Gao posted 1 patch 7 years ago
Failed in applying to current master (apply log)
.../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 86 +++++++++++++++++++++-
.../EdkiiSystemCapsuleLib.inf                      |  3 +
2 files changed, 87 insertions(+), 2 deletions(-)
[edk2] [Patch] SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check PCD value
Posted by Liming Gao 7 years ago
If PCD value is not set, register PcdCallBack to hook PCD value set

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
---
 .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 86 +++++++++++++++++++++-
 .../EdkiiSystemCapsuleLib.inf                      |  3 +
 2 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
index 62be8eb..876d225 100644
--- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
@@ -29,6 +29,7 @@
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/EdkiiSystemCapsuleLib.h>
 #include <Library/FmpAuthenticationLib.h>
@@ -600,6 +601,10 @@ CapsuleAuthenticateSystemFirmware (
   // NOTE: This function need run in an isolated environment.
   // Do not touch FMP protocol and its private structure.
   //
+  if (mImageFmpInfo == NULL) {
+    DEBUG((DEBUG_INFO, "ImageFmpInfo is not set\n"));
+    return EFI_SECURITY_VIOLATION;
+  }
 
   Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize, LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);
   if (!Result) {
@@ -655,6 +660,53 @@ CapsuleAuthenticateSystemFirmware (
 }
 
 /**
+  PcdCallBack gets the real set PCD value
+
+  @param[in]      CallBackGuid    The PCD token GUID being set.
+  @param[in]      CallBackToken   The PCD token number being set.
+  @param[in, out] TokenData       A pointer to the token data being set.
+  @param[in]      TokenDataSize   The size, in bytes, of the data being set.
+
+**/
+VOID
+EFIAPI
+EdkiiSystemCapsuleLibPcdCallBack (
+  IN        CONST GUID        *CallBackGuid, OPTIONAL
+  IN        UINTN             CallBackToken,
+  IN  OUT   VOID              *TokenData,
+  IN        UINTN             TokenDataSize
+  )
+{
+  if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&
+      CallBackToken == PcdToken (PcdEdkiiSystemFirmwareImageDescriptor)) {
+    mImageFmpInfoSize = TokenDataSize;
+    mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, TokenData);
+    ASSERT(mImageFmpInfo != NULL);
+    //
+    // Cancel Callback after get the real set value
+    //
+    LibPcdCancelCallback (
+      &gEfiSignedCapsulePkgTokenSpaceGuid,
+      PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),
+      EdkiiSystemCapsuleLibPcdCallBack
+      );
+  }
+
+  if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&
+      CallBackToken == PcdToken (PcdEdkiiSystemFirmwareFileGuid)) {
+    CopyGuid(&mEdkiiSystemFirmwareFileGuid, TokenData);
+    //
+    // Cancel Callback after get the real set value
+    //
+    LibPcdCancelCallback (
+      &gEfiSignedCapsulePkgTokenSpaceGuid,
+      PcdToken (PcdEdkiiSystemFirmwareFileGuid),
+      EdkiiSystemCapsuleLibPcdCallBack
+      );
+  }
+}
+
+/**
   The constructor function.
 
   @retval EFI_SUCCESS   The constructor successfully .
@@ -666,8 +718,38 @@ EdkiiSystemCapsuleLibConstructor (
   )
 {
   mImageFmpInfoSize = PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);
-  mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));
-  ASSERT(mImageFmpInfo != NULL);
+  mImageFmpInfo     = PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor);
+  //
+  // Verify Firmware Image Descriptor first
+  //
+  if (mImageFmpInfoSize < sizeof (EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR) ||
+      mImageFmpInfo->Signature != EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) {
+    //
+    // SystemFirmwareImageDescriptor is not set.
+    // Register PCD set callback to hook PCD value set.
+    //
+    mImageFmpInfo     = NULL;
+    mImageFmpInfoSize = 0;
+    LibPcdCallbackOnSet (
+      &gEfiSignedCapsulePkgTokenSpaceGuid,
+      PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),
+      EdkiiSystemCapsuleLibPcdCallBack
+      );
+  } else {
+    mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, mImageFmpInfo);
+    ASSERT(mImageFmpInfo != NULL);
+  }
+
   CopyGuid(&mEdkiiSystemFirmwareFileGuid, PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));
+  //
+  // Verify GUID value first
+  //
+  if (CompareGuid (&mEdkiiSystemFirmwareFileGuid, &gZeroGuid)) {
+    LibPcdCallbackOnSet (
+      &gEfiSignedCapsulePkgTokenSpaceGuid,
+      PcdToken (PcdEdkiiSystemFirmwareFileGuid),
+      EdkiiSystemCapsuleLibPcdCallBack
+      );
+  }
   return EFI_SUCCESS;
 }
diff --git a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
index a21e75c..a721619 100644
--- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
+++ b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
@@ -43,6 +43,7 @@
   BaseLib
   BaseMemoryLib
   DebugLib
+  PcdLib
   MemoryAllocationLib
   FmpAuthenticationLib
 
@@ -58,4 +59,6 @@
   gEdkiiSystemFmpCapsuleDriverFvFileGuid               ## SOMETIMES_CONSUMES   ## GUID
   gEfiCertPkcs7Guid                                    ## SOMETIMES_CONSUMES   ## GUID
   gEfiCertTypeRsa2048Sha256Guid                        ## SOMETIMES_CONSUMES   ## GUID
+  gEfiSignedCapsulePkgTokenSpaceGuid                   ## SOMETIMES_CONSUMES   ## GUID
+  gZeroGuid                                            ## SOMETIMES_CONSUMES   ## GUID
 
-- 
2.8.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [Patch] SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check PCD value
Posted by Yao, Jiewen 7 years ago
Reviewed-by: Jiewen.yao@intel.com

> -----Original Message-----
> From: Gao, Liming
> Sent: Tuesday, November 28, 2017 11:27 AM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch] SignedCapsulePkg: Update EdkiiSystemCapsuleLib to check PCD
> value
> 
> If PCD value is not set, register PcdCallBack to hook PCD value set
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Liming Gao <liming.gao@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  .../EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c  | 86
> +++++++++++++++++++++-
>  .../EdkiiSystemCapsuleLib.inf                      |  3 +
>  2 files changed, 87 insertions(+), 2 deletions(-)
> 
> diff --git
> a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> index 62be8eb..876d225 100644
> --- a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> +++
> b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.c
> @@ -29,6 +29,7 @@
>  #include <Library/BaseLib.h>
>  #include <Library/BaseMemoryLib.h>
>  #include <Library/DebugLib.h>
> +#include <Library/PcdLib.h>
>  #include <Library/MemoryAllocationLib.h>
>  #include <Library/EdkiiSystemCapsuleLib.h>
>  #include <Library/FmpAuthenticationLib.h>
> @@ -600,6 +601,10 @@ CapsuleAuthenticateSystemFirmware (
>    // NOTE: This function need run in an isolated environment.
>    // Do not touch FMP protocol and its private structure.
>    //
> +  if (mImageFmpInfo == NULL) {
> +    DEBUG((DEBUG_INFO, "ImageFmpInfo is not set\n"));
> +    return EFI_SECURITY_VIOLATION;
> +  }
> 
>    Result = ExtractAuthenticatedImage((VOID *)Image, ImageSize,
> LastAttemptStatus, AuthenticatedImage, AuthenticatedImageSize);
>    if (!Result) {
> @@ -655,6 +660,53 @@ CapsuleAuthenticateSystemFirmware (
>  }
> 
>  /**
> +  PcdCallBack gets the real set PCD value
> +
> +  @param[in]      CallBackGuid    The PCD token GUID being set.
> +  @param[in]      CallBackToken   The PCD token number being set.
> +  @param[in, out] TokenData       A pointer to the token data being set.
> +  @param[in]      TokenDataSize   The size, in bytes, of the data being set.
> +
> +**/
> +VOID
> +EFIAPI
> +EdkiiSystemCapsuleLibPcdCallBack (
> +  IN        CONST GUID        *CallBackGuid, OPTIONAL
> +  IN        UINTN             CallBackToken,
> +  IN  OUT   VOID              *TokenData,
> +  IN        UINTN             TokenDataSize
> +  )
> +{
> +  if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&
> +      CallBackToken == PcdToken (PcdEdkiiSystemFirmwareImageDescriptor))
> {
> +    mImageFmpInfoSize = TokenDataSize;
> +    mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize, TokenData);
> +    ASSERT(mImageFmpInfo != NULL);
> +    //
> +    // Cancel Callback after get the real set value
> +    //
> +    LibPcdCancelCallback (
> +      &gEfiSignedCapsulePkgTokenSpaceGuid,
> +      PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),
> +      EdkiiSystemCapsuleLibPcdCallBack
> +      );
> +  }
> +
> +  if (CompareGuid (CallBackGuid, &gEfiSignedCapsulePkgTokenSpaceGuid) &&
> +      CallBackToken == PcdToken (PcdEdkiiSystemFirmwareFileGuid)) {
> +    CopyGuid(&mEdkiiSystemFirmwareFileGuid, TokenData);
> +    //
> +    // Cancel Callback after get the real set value
> +    //
> +    LibPcdCancelCallback (
> +      &gEfiSignedCapsulePkgTokenSpaceGuid,
> +      PcdToken (PcdEdkiiSystemFirmwareFileGuid),
> +      EdkiiSystemCapsuleLibPcdCallBack
> +      );
> +  }
> +}
> +
> +/**
>    The constructor function.
> 
>    @retval EFI_SUCCESS   The constructor successfully .
> @@ -666,8 +718,38 @@ EdkiiSystemCapsuleLibConstructor (
>    )
>  {
>    mImageFmpInfoSize =
> PcdGetSize(PcdEdkiiSystemFirmwareImageDescriptor);
> -  mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize,
> PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor));
> -  ASSERT(mImageFmpInfo != NULL);
> +  mImageFmpInfo     =
> PcdGetPtr(PcdEdkiiSystemFirmwareImageDescriptor);
> +  //
> +  // Verify Firmware Image Descriptor first
> +  //
> +  if (mImageFmpInfoSize < sizeof
> (EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR) ||
> +      mImageFmpInfo->Signature !=
> EDKII_SYSTEM_FIRMWARE_IMAGE_DESCRIPTOR_SIGNATURE) {
> +    //
> +    // SystemFirmwareImageDescriptor is not set.
> +    // Register PCD set callback to hook PCD value set.
> +    //
> +    mImageFmpInfo     = NULL;
> +    mImageFmpInfoSize = 0;
> +    LibPcdCallbackOnSet (
> +      &gEfiSignedCapsulePkgTokenSpaceGuid,
> +      PcdToken (PcdEdkiiSystemFirmwareImageDescriptor),
> +      EdkiiSystemCapsuleLibPcdCallBack
> +      );
> +  } else {
> +    mImageFmpInfo = AllocateCopyPool (mImageFmpInfoSize,
> mImageFmpInfo);
> +    ASSERT(mImageFmpInfo != NULL);
> +  }
> +
>    CopyGuid(&mEdkiiSystemFirmwareFileGuid,
> PcdGetPtr(PcdEdkiiSystemFirmwareFileGuid));
> +  //
> +  // Verify GUID value first
> +  //
> +  if (CompareGuid (&mEdkiiSystemFirmwareFileGuid, &gZeroGuid)) {
> +    LibPcdCallbackOnSet (
> +      &gEfiSignedCapsulePkgTokenSpaceGuid,
> +      PcdToken (PcdEdkiiSystemFirmwareFileGuid),
> +      EdkiiSystemCapsuleLibPcdCallBack
> +      );
> +  }
>    return EFI_SUCCESS;
>  }
> diff --git
> a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> index a21e75c..a721619 100644
> ---
> a/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> +++
> b/SignedCapsulePkg/Library/EdkiiSystemCapsuleLib/EdkiiSystemCapsuleLib.inf
> @@ -43,6 +43,7 @@
>    BaseLib
>    BaseMemoryLib
>    DebugLib
> +  PcdLib
>    MemoryAllocationLib
>    FmpAuthenticationLib
> 
> @@ -58,4 +59,6 @@
>    gEdkiiSystemFmpCapsuleDriverFvFileGuid               ##
> SOMETIMES_CONSUMES   ## GUID
>    gEfiCertPkcs7Guid                                    ##
> SOMETIMES_CONSUMES   ## GUID
>    gEfiCertTypeRsa2048Sha256Guid                        ##
> SOMETIMES_CONSUMES   ## GUID
> +  gEfiSignedCapsulePkgTokenSpaceGuid                   ##
> SOMETIMES_CONSUMES   ## GUID
> +  gZeroGuid                                            ##
> SOMETIMES_CONSUMES   ## GUID
> 
> --
> 2.8.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel