|
 |
6009e6 |
From cd4f4b384857f4295d336d66fc8693348ef08a33 Mon Sep 17 00:00:00 2001
|
|
|
6009e6 |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Date: Fri, 31 Jan 2020 12:42:38 +0100
|
|
|
6009e6 |
Subject: [PATCH 02/12] SecurityPkg/DxeImageVerificationHandler: simplify
|
|
|
6009e6 |
"VerifyStatus"
|
|
|
6009e6 |
MIME-Version: 1.0
|
|
|
6009e6 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6009e6 |
Content-Transfer-Encoding: 8bit
|
|
|
6009e6 |
|
|
|
6009e6 |
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-id: <20200131124248.22369-3-lersek@redhat.com>
|
|
|
6009e6 |
Patchwork-id: 93611
|
|
|
6009e6 |
O-Subject: [RHEL-8.2.0 edk2 PATCH 02/12] SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"
|
|
|
6009e6 |
Bugzilla: 1751993
|
|
|
6009e6 |
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
|
6009e6 |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
6009e6 |
|
|
|
6009e6 |
In the DxeImageVerificationHandler() function, the "VerifyStatus" variable
|
|
|
6009e6 |
can only contain one of two values: EFI_SUCCESS and EFI_ACCESS_DENIED.
|
|
|
6009e6 |
Furthermore, the variable is only consumed with EFI_ERROR().
|
|
|
6009e6 |
|
|
|
6009e6 |
Therefore, using the EFI_STATUS type for the variable is unnecessary.
|
|
|
6009e6 |
Worse, given the complex meanings of the function's return values, using
|
|
|
6009e6 |
EFI_STATUS for "VerifyStatus" is actively confusing.
|
|
|
6009e6 |
|
|
|
6009e6 |
Rename the variable to "IsVerified", and make it a simple BOOLEAN.
|
|
|
6009e6 |
|
|
|
6009e6 |
This patch is a no-op, regarding behavior.
|
|
|
6009e6 |
|
|
|
6009e6 |
Cc: Chao Zhang <chao.b.zhang@intel.com>
|
|
|
6009e6 |
Cc: Jian J Wang <jian.j.wang@intel.com>
|
|
|
6009e6 |
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
|
|
6009e6 |
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
|
|
|
6009e6 |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
6009e6 |
Message-Id: <20200116190705.18816-2-lersek@redhat.com>
|
|
|
6009e6 |
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
|
6009e6 |
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
|
|
|
6009e6 |
Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
|
|
|
6009e6 |
<d3fbb76dabed4e1987c512c328c82810@intel.com>]
|
|
|
6009e6 |
(cherry picked from commit 1e0f973b65c34841288c25fd441a37eec8a30ac7)
|
|
|
6009e6 |
|
|
|
6009e6 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
6009e6 |
---
|
|
|
6009e6 |
.../DxeImageVerificationLib.c | 20 ++++++++++----------
|
|
|
6009e6 |
1 file changed, 10 insertions(+), 10 deletions(-)
|
|
|
6009e6 |
|
|
|
6009e6 |
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
index a0a12b5..5afd723 100644
|
|
|
6009e6 |
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
|
|
|
6009e6 |
@@ -1563,7 +1563,7 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
{
|
|
|
6009e6 |
EFI_STATUS Status;
|
|
|
6009e6 |
EFI_IMAGE_DOS_HEADER *DosHdr;
|
|
|
6009e6 |
- EFI_STATUS VerifyStatus;
|
|
|
6009e6 |
+ BOOLEAN IsVerified;
|
|
|
6009e6 |
EFI_SIGNATURE_LIST *SignatureList;
|
|
|
6009e6 |
UINTN SignatureListSize;
|
|
|
6009e6 |
EFI_SIGNATURE_DATA *Signature;
|
|
|
6009e6 |
@@ -1588,7 +1588,7 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
PkcsCertData = NULL;
|
|
|
6009e6 |
Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
|
|
|
6009e6 |
Status = EFI_ACCESS_DENIED;
|
|
|
6009e6 |
- VerifyStatus = EFI_ACCESS_DENIED;
|
|
|
6009e6 |
+ IsVerified = FALSE;
|
|
|
6009e6 |
|
|
|
6009e6 |
|
|
|
6009e6 |
//
|
|
|
6009e6 |
@@ -1812,16 +1812,16 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
//
|
|
|
6009e6 |
if (IsForbiddenByDbx (AuthData, AuthDataSize)) {
|
|
|
6009e6 |
Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
|
|
|
6009e6 |
- VerifyStatus = EFI_ACCESS_DENIED;
|
|
|
6009e6 |
+ IsVerified = FALSE;
|
|
|
6009e6 |
break;
|
|
|
6009e6 |
}
|
|
|
6009e6 |
|
|
|
6009e6 |
//
|
|
|
6009e6 |
// Check the digital signature against the valid certificate in allowed database (db).
|
|
|
6009e6 |
//
|
|
|
6009e6 |
- if (EFI_ERROR (VerifyStatus)) {
|
|
|
6009e6 |
+ if (!IsVerified) {
|
|
|
6009e6 |
if (IsAllowedByDb (AuthData, AuthDataSize)) {
|
|
|
6009e6 |
- VerifyStatus = EFI_SUCCESS;
|
|
|
6009e6 |
+ IsVerified = TRUE;
|
|
|
6009e6 |
}
|
|
|
6009e6 |
}
|
|
|
6009e6 |
|
|
|
6009e6 |
@@ -1831,11 +1831,11 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
|
|
|
6009e6 |
Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
|
|
|
6009e6 |
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));
|
|
|
6009e6 |
- VerifyStatus = EFI_ACCESS_DENIED;
|
|
|
6009e6 |
+ IsVerified = FALSE;
|
|
|
6009e6 |
break;
|
|
|
6009e6 |
- } else if (EFI_ERROR (VerifyStatus)) {
|
|
|
6009e6 |
+ } else if (!IsVerified) {
|
|
|
6009e6 |
if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
|
|
|
6009e6 |
- VerifyStatus = EFI_SUCCESS;
|
|
|
6009e6 |
+ IsVerified = TRUE;
|
|
|
6009e6 |
} else {
|
|
|
6009e6 |
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is not allowed by DB and %s hash of image is not found in DB/DBX.\n", mHashTypeStr));
|
|
|
6009e6 |
}
|
|
|
6009e6 |
@@ -1846,10 +1846,10 @@ DxeImageVerificationHandler (
|
|
|
6009e6 |
//
|
|
|
6009e6 |
// The Size in Certificate Table or the attribute certificate table is corrupted.
|
|
|
6009e6 |
//
|
|
|
6009e6 |
- VerifyStatus = EFI_ACCESS_DENIED;
|
|
|
6009e6 |
+ IsVerified = FALSE;
|
|
|
6009e6 |
}
|
|
|
6009e6 |
|
|
|
6009e6 |
- if (!EFI_ERROR (VerifyStatus)) {
|
|
|
6009e6 |
+ if (IsVerified) {
|
|
|
6009e6 |
return EFI_SUCCESS;
|
|
|
6009e6 |
} else {
|
|
|
6009e6 |
Status = EFI_ACCESS_DENIED;
|
|
|
6009e6 |
--
|
|
|
6009e6 |
1.8.3.1
|
|
|
6009e6 |
|