回复: [edk2-devel] [PATCH v3 8/8] MdeModulePkg: Use SecureBootVariableLib in PlatformVarCleanupLib.
gaoliming
gaoliming at byosoft.com.cn
Thu Jun 17 02:34:26 UTC 2021
Grzegorz:
MdeModulePkg is generic base package. It should not depend on SecurityPkg.
I agree CreateTimeBasedPayload() is the generic API. It can be shared in
the different modules.
I propose to add it into MdeModulePkg AuthVariableLib.
Thanks
Liming
> -----邮件原件-----
> 发件人: devel at edk2.groups.io <devel at edk2.groups.io> 代表 Grzegorz
> Bernacki
> 发送时间: 2021年6月14日 17:43
> 收件人: devel at edk2.groups.io
> 抄送: leif at nuviainc.com; ardb+tianocore at kernel.org;
> Samer.El-Haj-Mahmoud at arm.com; sunny.Wang at arm.com;
> mw at semihalf.com; upstream at semihalf.com; jiewen.yao at intel.com;
> jian.j.wang at intel.com; min.m.xu at intel.com; lersek at redhat.com;
> sami.mujawar at arm.com; afish at apple.com; ray.ni at intel.com;
> jordan.l.justen at intel.com; rebecca at bsdio.com; grehan at freebsd.org;
> thomas.abraham at arm.com; chasel.chiu at intel.com;
> nathaniel.l.desimone at intel.com; gaoliming at byosoft.com.cn;
> eric.dong at intel.com; michael.d.kinney at intel.com; zailiang.sun at intel.com;
> yi.qian at intel.com; graeme at nuviainc.com; rad at semihalf.com; pete at akeo.ie;
> Grzegorz Bernacki <gjb at semihalf.com>
> 主题: [edk2-devel] [PATCH v3 8/8] MdeModulePkg: Use
> SecureBootVariableLib in PlatformVarCleanupLib.
>
> This commits removes CreateTimeBasedPayload() function from
> PlatformVarCleanupLib and uses exactly the same function from
> SecureBootVariableLib.
>
> Signed-off-by: Grzegorz Bernacki <gjb at semihalf.com>
> ---
> MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf |
> 2 +
> MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
> | 1 +
> MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
> | 84 --------------------
> 3 files changed, 3 insertions(+), 84 deletions(-)
>
> diff --git
> a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
> b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
> index 8d5db826a0..493d03e1d8 100644
> ---
> a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
> +++
> b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatformVarCleanupLib.inf
> @@ -34,6 +34,7 @@
> [Packages]
> MdePkg/MdePkg.dec
> MdeModulePkg/MdeModulePkg.dec
> + SecurityPkg/SecurityPkg.dec
>
> [LibraryClasses]
> UefiBootServicesTableLib
> @@ -44,6 +45,7 @@
> PrintLib
> MemoryAllocationLib
> HiiLib
> + SecureBootVariableLib
>
> [Guids]
> gEfiIfrTianoGuid ## SOMETIMES_PRODUCES ##
> GUID
> diff --git a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
> b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
> index c809a7086b..94fbc7d2a4 100644
> --- a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
> +++ b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanup.h
> @@ -18,6 +18,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #include <Library/MemoryAllocationLib.h>
> #include <Library/HiiLib.h>
> #include <Library/PlatformVarCleanupLib.h>
> +#include <Library/SecureBootVariableLib.h>
>
> #include <Protocol/Variable.h>
> #include <Protocol/VarCheck.h>
> diff --git
> a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
> b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
> index 3875d614bb..204f1e00ad 100644
> --- a/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
> +++ b/MdeModulePkg/Library/PlatformVarCleanupLib/PlatVarCleanupLib.c
> @@ -319,90 +319,6 @@ DestroyUserVariableNode (
> }
> }
>
> -/**
> - Create a time based data payload by concatenating the
> EFI_VARIABLE_AUTHENTICATION_2
> - descriptor with the input data. NO authentication is required in this
> function.
> -
> - @param[in, out] DataSize On input, the size of Data buffer in
> bytes.
> - On output, the size of data
> returned in Data
> - buffer in bytes.
> - @param[in, out] Data On input, Pointer to data buffer to
> be wrapped or
> - pointer to NULL to wrap an
> empty payload.
> - On output, Pointer to the new
> payload date buffer allocated from pool,
> - it's caller's responsibility to free
> the memory after using it.
> -
> - @retval EFI_SUCCESS Create time based payload
> successfully.
> - @retval EFI_OUT_OF_RESOURCES There are not enough memory
> resourses to create time based payload.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval Others Unexpected error happens.
> -
> -**/
> -EFI_STATUS
> -CreateTimeBasedPayload (
> - IN OUT UINTN *DataSize,
> - IN OUT UINT8 **Data
> - )
> -{
> - EFI_STATUS Status;
> - UINT8 *NewData;
> - UINT8 *Payload;
> - UINTN PayloadSize;
> - EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;
> - UINTN DescriptorSize;
> - EFI_TIME Time;
> -
> - if (Data == NULL || DataSize == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - //
> - // At user physical presence, the variable does not need to be signed
but
> the
> - // parameters to the SetVariable() call still need to be prepared as
> authenticated
> - // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor
> without certificate
> - // data in it.
> - //
> - Payload = *Data;
> - PayloadSize = *DataSize;
> -
> - DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2,
> AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
> - NewData = (UINT8 *) AllocateZeroPool (DescriptorSize + PayloadSize);
> - if (NewData == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - if ((Payload != NULL) && (PayloadSize != 0)) {
> - CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
> - }
> -
> - DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
> -
> - ZeroMem (&Time, sizeof (EFI_TIME));
> - Status = gRT->GetTime (&Time, NULL);
> - if (EFI_ERROR (Status)) {
> - FreePool (NewData);
> - return Status;
> - }
> - Time.Pad1 = 0;
> - Time.Nanosecond = 0;
> - Time.TimeZone = 0;
> - Time.Daylight = 0;
> - Time.Pad2 = 0;
> - CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME));
> -
> - DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF
> (WIN_CERTIFICATE_UEFI_GUID, CertData);
> - DescriptorData->AuthInfo.Hdr.wRevision = 0x0200;
> - DescriptorData->AuthInfo.Hdr.wCertificateType =
> WIN_CERT_TYPE_EFI_GUID;
> - CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
> -
> - if (Payload != NULL) {
> - FreePool (Payload);
> - }
> -
> - *DataSize = DescriptorSize + PayloadSize;
> - *Data = NewData;
> - return EFI_SUCCESS;
> -}
> -
> /**
> Create a counter based data payload by concatenating the
> EFI_VARIABLE_AUTHENTICATION
> descriptor with the input data. NO authentication is required in this
> function.
> --
> 2.25.1
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#76639): https://edk2.groups.io/g/devel/message/76639
Mute This Topic: https://groups.io/mt/83596600/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list