diff options
| author | Chao, Zhang <chao.b.zhang@intel.com> | 2014-10-22 07:30:22 +0000 |
|---|---|---|
| committer | czhang46 <czhang46@Edk2> | 2014-10-22 07:30:22 +0000 |
| commit | 36bdec3cd94346c9ccae4df02ae5890409498cf8 (patch) | |
| tree | 555feb56d3eb7c1bcb7cc87be4e9dafb9d920205 | |
| parent | 0414ec24bad8adf62982fe2c15d7f55a7a0fda6b (diff) | |
| download | edk2-platforms-36bdec3cd94346c9ccae4df02ae5890409498cf8.tar.xz | |
Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow issue.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524
4 files changed, 30 insertions, 0 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 49d7648f66..566c5e29a7 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -7,6 +7,10 @@ This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
Variable attribute should also be checked to avoid authentication bypass.
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+ may not be modified without authorization. If platform fails to protect these resources,
+ the authentication service provided in this driver will be broken, and the behavior is undefined.
ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
variable authentication.
@@ -251,6 +255,10 @@ AutenticatedVariableServiceInitialize ( DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
+ //
+ // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
+ // Therefore, there is no memory overflow in underlying CopyMem.
+ //
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
}
@@ -564,6 +572,10 @@ AddPubKeyInStore ( DataSize = DataSizeOfVariable (Variable.CurrPtr);
Data = GetVariableDataPtr (Variable.CurrPtr);
ASSERT ((DataSize != 0) && (Data != NULL));
+ //
+ // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
+ // Therefore, there is no memory overflow in underlying CopyMem.
+ //
CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h index 6ebc777075..0e57c5b5e5 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h @@ -2,6 +2,16 @@ The internal header file includes the common header files, defines
internal structure and functions used by AuthService module.
+ Caution: This module requires additional review when modified.
+ This driver will have external input - variable data. It may be input in SMM mode.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+ Variable attribute should also be checked to avoid authentication bypass.
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+ may not be modified without authorization. If platform fails to protect these resources,
+ the authentication service provided in this driver will be broken, and the behavior is undefined.
+
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf index 279a9248e2..1987764d80 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf @@ -13,6 +13,10 @@ # This driver will have external input - variable data and communicate buffer in SMM mode.
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+# may not be modified without authorization. If platform fails to protect these resources,
+# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf index f0dfa89810..ca60274339 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -8,6 +8,10 @@ # This driver will have external input - variable data.
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+# may not be modified without authorization. If platform fails to protect these resources,
+# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
|