Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECURITY PATCHES TCBZ4117 & TCBZ4118 #5264

Merged
merged 6 commits into from
Jan 16, 2024
Merged

SECURITY PATCHES TCBZ4117 & TCBZ4118 #5264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6095f67
SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763
Jan 11, 2024
2bdcf38
SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763
Jan 11, 2024
6883b2c
SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
Jan 11, 2024
2de1c91
SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764
Jan 11, 2024
c3a8564
SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764
Jan 11, 2024
aa453b8
SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml
Jan 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 48 additions & 33 deletions SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/

#include <PiDxe.h>
Expand All @@ -44,6 +46,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/HobLib.h>
#include <Protocol/CcMeasurement.h>

#include "DxeTpm2MeasureBootLibSanitization.h"

typedef struct {
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
Expand Down Expand Up @@ -144,10 +148,11 @@ Tcg2MeasureGptTable (
EFI_TCG2_EVENT *Tcg2Event;
EFI_CC_EVENT *CcEvent;
EFI_GPT_DATA *GptData;
UINT32 EventSize;
UINT32 TcgEventSize;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
EFI_CC_MR_INDEX MrIndex;
UINT32 AllocSize;

if (mTcg2MeasureGptCount > 0) {
return EFI_SUCCESS;
Expand Down Expand Up @@ -195,25 +200,22 @@ Tcg2MeasureGptTable (
BlockIo->Media->BlockSize,
(UINT8 *)PrimaryHeader
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Failed to Read Partition Table Header!\n"));
if (EFI_ERROR (Status) || EFI_ERROR (SanitizeEfiPartitionTableHeader (PrimaryHeader, BlockIo))) {
DEBUG ((DEBUG_ERROR, "Failed to read Partition Table Header or invalid Partition Table Header!\n"));
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}

//
// PrimaryHeader->SizeOfPartitionEntry should not be zero
// Read the partition entry.
//
if (PrimaryHeader->SizeOfPartitionEntry == 0) {
DEBUG ((DEBUG_ERROR, "SizeOfPartitionEntry should not be zero!\n"));
Status = SanitizePrimaryHeaderAllocationSize (PrimaryHeader, &AllocSize);
if (EFI_ERROR (Status)) {
FreePool (PrimaryHeader);
return EFI_BAD_BUFFER_SIZE;
}

//
// Read the partition entry.
//
EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);
EntryPtr = (UINT8 *)AllocatePool (AllocSize);
if (EntryPtr == NULL) {
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
Expand All @@ -223,7 +225,7 @@ Tcg2MeasureGptTable (
DiskIo,
BlockIo->Media->MediaId,
MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
AllocSize,
EntryPtr
);
if (EFI_ERROR (Status)) {
Expand All @@ -248,16 +250,21 @@ Tcg2MeasureGptTable (
//
// Prepare Data for Measurement (CcProtocol and Tcg2Protocol)
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
EventPtr = (UINT8 *)AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
Status = SanitizePrimaryHeaderGptEventSize (PrimaryHeader, NumberOfPartition, &TcgEventSize);
if (EFI_ERROR (Status)) {
FreePool (PrimaryHeader);
FreePool (EntryPtr);
return EFI_DEVICE_ERROR;
}

EventPtr = (UINT8 *)AllocateZeroPool (TcgEventSize);
if (EventPtr == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}

Tcg2Event = (EFI_TCG2_EVENT *)EventPtr;
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Size = TcgEventSize;
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = 5;
Expand Down Expand Up @@ -310,7 +317,7 @@ Tcg2MeasureGptTable (
CcProtocol,
0,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)EventSize,
(UINT64)TcgEventSize - OFFSET_OF (EFI_TCG2_EVENT, Event),
CcEvent
);
if (!EFI_ERROR (Status)) {
Expand All @@ -326,7 +333,7 @@ Tcg2MeasureGptTable (
Tcg2Protocol,
0,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)EventSize,
(UINT64)TcgEventSize - OFFSET_OF (EFI_TCG2_EVENT, Event),
Tcg2Event
);
if (!EFI_ERROR (Status)) {
Expand Down Expand Up @@ -371,7 +378,6 @@ Tcg2MeasureGptTable (
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
@retval other error value

**/
EFI_STATUS
EFIAPI
Expand All @@ -398,6 +404,7 @@ Tcg2MeasurePeImage (
Status = EFI_UNSUPPORTED;
ImageLoad = NULL;
EventPtr = NULL;
Tcg2Event = NULL;

Tcg2Protocol = MeasureBootProtocols->Tcg2Protocol;
CcProtocol = MeasureBootProtocols->CcProtocol;
Expand All @@ -413,18 +420,22 @@ Tcg2MeasurePeImage (
}

FilePathSize = (UINT32)GetDevicePathSize (FilePath);
Status = SanitizePeImageEventSize (FilePathSize, &EventSize);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}

//
// Determine destination PCR by BootPolicy
//
EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;
EventPtr = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
// from a malicious GPT disk partition
EventPtr = AllocateZeroPool (EventSize);
if (EventPtr == NULL) {
return EFI_OUT_OF_RESOURCES;
}

Tcg2Event = (EFI_TCG2_EVENT *)EventPtr;
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Size = EventSize;
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
ImageLoad = (EFI_IMAGE_LOAD_EVENT *)Tcg2Event->Event;
Expand All @@ -443,11 +454,13 @@ Tcg2MeasurePeImage (
Tcg2Event->Header.PCRIndex = 2;
break;
default:
DEBUG ((
DEBUG_ERROR,
"Tcg2MeasurePeImage: Unknown subsystem type %d",
ImageType
));
DEBUG (
(
DEBUG_ERROR,
"Tcg2MeasurePeImage: Unknown subsystem type %d",
ImageType
)
);
goto Finish;
}

Expand Down Expand Up @@ -515,7 +528,7 @@ Tcg2MeasurePeImage (

@param MeasureBootProtocols Pointer to the located measure boot protocol instances.

@retval EFI_SUCCESS Sucessfully locate the measure boot protocol instances (at least one instance).
@retval EFI_SUCCESS Successfully locate the measure boot protocol instances (at least one instance).
@retval EFI_UNSUPPORTED Measure boot is not supported.
**/
EFI_STATUS
Expand Down Expand Up @@ -646,12 +659,14 @@ DxeTpm2MeasureBootHandler (
return EFI_SUCCESS;
}

DEBUG ((
DEBUG_INFO,
"Tcg2Protocol = %p, CcMeasurementProtocol = %p\n",
MeasureBootProtocols.Tcg2Protocol,
MeasureBootProtocols.CcProtocol
));
DEBUG (
(
DEBUG_INFO,
"Tcg2Protocol = %p, CcMeasurementProtocol = %p\n",
MeasureBootProtocols.Tcg2Protocol,
MeasureBootProtocols.CcProtocol
)
);

//
// Copy File Device Path
Expand Down
4 changes: 3 additions & 1 deletion SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@

[Sources]
DxeTpm2MeasureBootLib.c
DxeTpm2MeasureBootLibSanitization.c
DxeTpm2MeasureBootLibSanitization.h

[Packages]
MdePkg/MdePkg.dec
Expand All @@ -46,6 +48,7 @@

[LibraryClasses]
BaseMemoryLib
SafeIntLib
DebugLib
MemoryAllocationLib
DevicePathLib
Expand All @@ -65,4 +68,3 @@
gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES
gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES
gEfiDiskIoProtocolGuid ## SOMETIMES_CONSUMES

Loading