/** @file
Implement authentication services for the authenticated variable
service in UEFI2.2.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Variable.h"
#include "AuthService.h"
///
/// Global database array for scratch
///
EFI_GUID mSignatureSupport[SIGSUPPORT_NUM] = {EFI_CERT_RSA2048_SHA256_GUID, EFI_CERT_RSA2048_SHA1_GUID};
//
// Public Exponent of RSA Key.
//
/**
Initializes for authenticated varibale service.
@retval EFI_SUCCESS The function successfully executed.
@retval EFI_OUT_OF_RESOURCES Failed to allocate enough memory resources.
**/
)
{
//
// Initialize hash context.
//
CtxSize = Sha256GetContextSize ();
//
// Check "AuthVarKeyDatabase" variable's existence.
// If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
Status = FindVariable (
&Variable,
);
VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
VarValue = 0;
mPubKeyNumber = 0;
Status = UpdateVariable (
&VarValue,
sizeof(UINT8),
0,
0,
);
return Status;
}
} else {
//
// Load database in global variable for cache.
//
);
);
}
//
// Check "SetupMode" variable's existence.
// If it doesn't exist, check PK database's existence to determine the value.
// Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
Status = FindVariable (
&Variable,
);
Status = FindVariable (
&Variable,
);
} else {
}
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
sizeof(UINT8),
0,
0,
);
return Status;
}
} else {
(CHAR16 *) &mPlatformMode
);
}
//
// Check "SignatureSupport" variable's existence.
// If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
Status = FindVariable (
&Variable,
);
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
SIGSUPPORT_NUM * sizeof(EFI_GUID),
0,
0,
);
}
return Status;
}
/**
Add public key in store and return its index.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] PubKey The input pointer to Public Key data.
@return The index of new added item.
**/
)
{
return 0;
}
Status = FindVariable (
&Variable,
);
//
// Check whether the public key entry does exist.
//
break;
}
}
if (!IsFound) {
//
// Add public key in database.
//
if (mPubKeyNumber == MAX_KEY_NUM) {
//
// Notes: Database is full, need enhancement here, currently just return 0.
//
return 0;
}
CopyMem (Global->PubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
Index = ++mPubKeyNumber;
//
// Update public key database variable.
//
Status = UpdateVariable (
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,
0,
0,
);
}
return Index;
}
/**
Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256 type.
Follow the steps in UEFI2.2.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Data The pointer to data with AuthInfo.
@param[in] DataSize The size of Data.
@param[in] PubKey The public key used for verification.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION Authentication failed.
@retval EFI_SUCCESS Authentication successful.
**/
)
{
return EFI_INVALID_PARAMETER;
}
//
// wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
// Cert type should be EFI_CERT_TYPE_RSA2048_SHA256.
//
) {
//
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
//
// Hash data payload with SHA256.
//
if (!Status) {
goto Done;
}
if (!Status) {
goto Done;
}
//
// Hash Monotonic Count.
//
if (!Status) {
goto Done;
}
if (!Status) {
goto Done;
}
//
// Generate & Initialize RSA Context.
//
//
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
if (!Status) {
goto Done;
}
if (!Status) {
goto Done;
}
//
// Verify the signature.
//
Status = RsaPkcs1Verify (
Rsa,
);
Done:
}
if (Status) {
return EFI_SUCCESS;
} else {
return EFI_SECURITY_VIOLATION;
}
}
/**
Update platform mode.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Mode SETUP_MODE or USER_MODE.
**/
)
{
Status = FindVariable (
&Variable,
);
VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
sizeof(UINT8),
0,
0,
);
}
/**
Process variable with platform key for verification.
@param[in] VariableName The name of Variable to be found.
@param[in] VendorGuid The variable vendor GUID.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@param[in] IsPk Indicates whether to process pk.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable passed validation successfully.
**/
)
{
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) {
//
// PK and KEK should set EFI_VARIABLE_NON_VOLATILE attribute.
//
return EFI_INVALID_PARAMETER;
}
if (mPlatformMode == USER_MODE) {
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
//
// In user mode, PK and KEK should set EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute.
//
return EFI_INVALID_PARAMETER;
}
);
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
}
//
// Get platform key from variable.
//
Status = FindVariable (
);
);
OldPkData = (EFI_SIGNATURE_DATA *) ((UINT8 *) OldPkList + sizeof (EFI_SIGNATURE_LIST) + OldPkList->SignatureHeaderSize);
Status = UpdateVariable (
0,
);
//
// If delete PK in user mode, need change to setup mode.
//
}
}
}
} else {
Status = UpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes, 0, 0, VirtualMode, Global, Variable);
//
// If enroll PK in setup mode, need change to user mode.
//
}
}
return Status;
}
/**
Process variable with key exchange key for verification.
@param[in] VariableName The name of Variable to be found.
@param[in] VendorGuid The variable vendor GUID.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable passed validation successfully.
**/
)
{
if (mPlatformMode == USER_MODE) {
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
//
// In user mode, should set EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute.
//
return EFI_INVALID_PARAMETER;
}
);
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
}
//
// Get KEK database from variable.
//
Status = FindVariable (
);
);
//
// Enumerate all Kek items in this list to verify the variable certificate data.
// If anyone is authenticated successfully, it means the variable is correct!
//
KekCount = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize;
KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize);
break;
}
}
if (!IsFound) {
return EFI_SECURITY_VIOLATION;
}
Status = UpdateVariable (
0,
);
}
} else {
//
// If in setup mode, no authentication needed.
//
Status = UpdateVariable (
Data,
0,
0,
);
}
return Status;
}
/**
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@param[out] KeyIndex The output index of corresponding public key in database.
@param[out] MonotonicCount The output value of corresponding Monotonic Count.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully.
**/
)
{
IsDeletion = FALSE;
*KeyIndex = 0;
}
//
// Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS.
//
);
}
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
return EFI_INVALID_PARAMETER;
}
//
// Determine current operation type.
//
if (DataSize == AUTHINFO_SIZE) {
IsDeletion = TRUE;
}
//
// Determine whether this is the first time with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
IsFirstTime = TRUE;
IsFirstTime = TRUE;
} else {
IsFirstTime = FALSE;
}
//
// If the variable is already write-protected, it always needs authentication before update.
//
return EFI_WRITE_PROTECTED;
} else {
//
// If without EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, set and attributes collision.
// That means it is not authenticated variable, just return EFI_SUCCESS.
//
return EFI_SUCCESS;
}
//
// Get PubKey and check Monotonic Count value corresponding to the variable.
//
if (MonotonicCount != NULL) {
//
// Update Monotonic Count value.
//
}
if (!IsFirstTime) {
//
// Check input PubKey.
//
if (CompareMem (PubKey, Global->PubKeyStore + (*KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {
return EFI_SECURITY_VIOLATION;
}
//
// Compare the current monotonic count and ensure that it is greater than the last SetVariable
// operation with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.
//
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
}
//
// Verify the certificate in Data payload.
//
//
// Now, the signature has been verified!
//
if (IsFirstTime && !IsDeletion) {
//
// Update public key database variable if need and return the index.
//
}
}
return Status;
}