sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763

Browse Source 
This commit contains the patch files and tests for DxeTpm2MeasureBootLib
CVE 2022-36763.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
This commit is contained in:
Douglas Flick [MSFT]
2024-01-12 02:16:01 +08:00
committed by mergify[bot]
parent a4b8944e27
commit 2244465432
8 changed files with 764 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
View File

@ -20,6 +20,8 @@ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiDxe.h>
@ -44,6 +46,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/HobLib.h>
#include <Protocol/CcMeasurement.h>
#include "DxeTpm2MeasureBootLibSanitization.h"
typedef struct {
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
@ -144,10 +148,11 @@ Tcg2MeasureGptTable (
EFI_TCG2_EVENT *Tcg2Event;
EFI_CC_EVENT *CcEvent;
EFI_GPT_DATA *GptData;
UINT32 EventSize;
UINT32 TcgEventSize;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
EFI_CC_MR_INDEX MrIndex;
UINT32 AllocSize;
if (mTcg2MeasureGptCount > 0) {
return EFI_SUCCESS;
@ -195,25 +200,22 @@ Tcg2MeasureGptTable (
BlockIo->Media->BlockSize,
(UINT8 *)PrimaryHeader
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Failed to Read Partition Table Header!\n"));
if (EFI_ERROR (Status) || EFI_ERROR (SanitizeEfiPartitionTableHeader (PrimaryHeader, BlockIo))) {
DEBUG ((DEBUG_ERROR, "Failed to read Partition Table Header or invalid Partition Table Header!\n"));
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
//
// PrimaryHeader->SizeOfPartitionEntry should not be zero
// Read the partition entry.
//
if (PrimaryHeader->SizeOfPartitionEntry == 0) {
DEBUG ((DEBUG_ERROR, "SizeOfPartitionEntry should not be zero!\n"));
Status = SanitizePrimaryHeaderAllocationSize (PrimaryHeader, &AllocSize);
if (EFI_ERROR (Status)) {
FreePool (PrimaryHeader);
return EFI_BAD_BUFFER_SIZE;
}
//
// Read the partition entry.
//
EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);
EntryPtr = (UINT8 *)AllocatePool (AllocSize);
if (EntryPtr == NULL) {
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
@ -223,7 +225,7 @@ Tcg2MeasureGptTable (
DiskIo,
BlockIo->Media->MediaId,
MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
AllocSize,
EntryPtr
);
if (EFI_ERROR (Status)) {
@ -248,16 +250,21 @@ Tcg2MeasureGptTable (
//
// Prepare Data for Measurement (CcProtocol and Tcg2Protocol)
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
EventPtr = (UINT8 *)AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));
Status = SanitizePrimaryHeaderGptEventSize (PrimaryHeader, NumberOfPartition, &TcgEventSize);
if (EFI_ERROR (Status)) {
FreePool (PrimaryHeader);
FreePool (EntryPtr);
return EFI_DEVICE_ERROR;
}
EventPtr = (UINT8 *)AllocateZeroPool (TcgEventSize);
if (EventPtr == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
Tcg2Event = (EFI_TCG2_EVENT *)EventPtr;
Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);
Tcg2Event->Size = TcgEventSize;
Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = 5;
@ -310,7 +317,7 @@ Tcg2MeasureGptTable (
CcProtocol,
0,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)EventSize,
(UINT64)TcgEventSize - OFFSET_OF (EFI_TCG2_EVENT, Event),
CcEvent
);
if (!EFI_ERROR (Status)) {
@ -326,7 +333,7 @@ Tcg2MeasureGptTable (
Tcg2Protocol,
0,
(EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,
(UINT64)EventSize,
(UINT64)TcgEventSize - OFFSET_OF (EFI_TCG2_EVENT, Event),
Tcg2Event
);
if (!EFI_ERROR (Status)) {
@ -443,11 +450,13 @@ Tcg2MeasurePeImage (
Tcg2Event->Header.PCRIndex = 2;
break;
default:
DEBUG ((
DEBUG_ERROR,
"Tcg2MeasurePeImage: Unknown subsystem type %d",
ImageType
));
DEBUG (
(
DEBUG_ERROR,
"Tcg2MeasurePeImage: Unknown subsystem type %d",
ImageType
)
);
goto Finish;
}
@ -515,7 +524,7 @@ Finish:
@param MeasureBootProtocols Pointer to the located measure boot protocol instances.
@retval EFI_SUCCESS Sucessfully locate the measure boot protocol instances (at least one instance).
@retval EFI_SUCCESS Successfully locate the measure boot protocol instances (at least one instance).
@retval EFI_UNSUPPORTED Measure boot is not supported.
**/
EFI_STATUS
@ -646,12 +655,14 @@ DxeTpm2MeasureBootHandler (
return EFI_SUCCESS;
}
DEBUG ((
DEBUG_INFO,
"Tcg2Protocol = %p, CcMeasurementProtocol = %p\n",
MeasureBootProtocols.Tcg2Protocol,
MeasureBootProtocols.CcProtocol
));
DEBUG (
(
DEBUG_INFO,
"Tcg2Protocol = %p, CcMeasurementProtocol = %p\n",
MeasureBootProtocols.Tcg2Protocol,
MeasureBootProtocols.CcProtocol
)
);
//
// Copy File Device Path