diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c index 536b0f3699..e8f0805e1f 100644 --- a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c +++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c @@ -19,6 +19,7 @@ #include #include #include +#include /** Enroll a key/certificate based on a default variable. @@ -117,6 +118,7 @@ SecureBootInitPKDefault ( } if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { + DEBUG ((DEBUG_INFO, "Variable %s read error.\n", EFI_PK_DEFAULT_VARIABLE_NAME)); return Status; } @@ -264,10 +266,10 @@ SecureBootInitDbxDefault ( IN VOID ) { - EFI_SIGNATURE_LIST *EfiSig; - UINTN SigListsSize; + UINTN Size; EFI_STATUS Status; - UINT8 *Data; + UINT8 *Data; + VOID *Buffer; UINTN DataSize; // @@ -289,7 +291,13 @@ SecureBootInitDbxDefault ( // DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBX_DEFAULT_VARIABLE_NAME)); - Status = SecureBootFetchData (&gDefaultdbxFileGuid, &SigListsSize, &EfiSig); + Status = GetSectionFromAnyFv ( + &gDefaultdbxFileGuid, + EFI_SECTION_RAW, + 0, + &Buffer, + &Size + ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_DBX_DEFAULT_VARIABLE_NAME)); return Status; @@ -299,15 +307,13 @@ SecureBootInitDbxDefault ( EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS, - SigListsSize, - (VOID *)EfiSig + Size, + (VOID *)Buffer ); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBX_DEFAULT_VARIABLE_NAME)); } - FreePool (EfiSig); - return Status; } diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c new file mode 100644 index 0000000000..bec0ad6077 --- /dev/null +++ b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.c @@ -0,0 +1,410 @@ +/** @file + Enroll default PK, KEK, DB and DBX + + Copyright (C) 2014, Red Hat, Inc. + + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + **/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +STATIC +EFI_STATUS +EFIAPI +GetExact ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VOID *Data, + IN UINTN DataSize, + IN BOOLEAN AllowMissing + ) +{ + UINTN Size; + EFI_STATUS Status; + + Size = DataSize; + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); + if (EFI_ERROR (Status)) { + if ((Status == EFI_NOT_FOUND) && AllowMissing) { + ZeroMem (Data, DataSize); + return EFI_SUCCESS; + } + + DEBUG (( + EFI_D_ERROR, + "SecureBootSetup: GetVariable(\"%s\", %g): %r\n", + VariableName, + VendorGuid, + Status + )); + return Status; + } + + if (Size != DataSize) { + DEBUG (( + EFI_D_INFO, + "SecureBootSetup: GetVariable(\"%s\", %g): expected size 0x%Lx, " + "got 0x%Lx\n", + VariableName, + VendorGuid, + (UINT64)DataSize, + (UINT64)Size + )); + return EFI_PROTOCOL_ERROR; + } + + return EFI_SUCCESS; +} + +typedef struct { + UINT8 SetupMode; + UINT8 SecureBoot; + UINT8 SecureBootEnable; + UINT8 CustomMode; + UINT8 VendorKeys; +} SETTINGS; + +STATIC +EFI_STATUS +EFIAPI +GetSettings ( + OUT SETTINGS *Settings, + BOOLEAN AllowMissing + ) +{ + EFI_STATUS Status; + + ZeroMem (Settings, sizeof (SETTINGS)); + + Status = GetExact ( + EFI_SETUP_MODE_NAME, + &gEfiGlobalVariableGuid, + &Settings->SetupMode, + sizeof Settings->SetupMode, + AllowMissing + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + &Settings->SecureBoot, + sizeof Settings->SecureBoot, + AllowMissing + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + &Settings->SecureBootEnable, + sizeof Settings->SecureBootEnable, + AllowMissing + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact ( + EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, + &Settings->CustomMode, + sizeof Settings->CustomMode, + AllowMissing + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = GetExact ( + EFI_VENDOR_KEYS_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + &Settings->VendorKeys, + sizeof Settings->VendorKeys, + AllowMissing + ); + return Status; +} + +STATIC +VOID +EFIAPI +PrintSettings ( + IN CONST SETTINGS *Settings + ) +{ + DEBUG (( + EFI_D_INFO, + "SecureBootSetup: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " + "CustomMode=%d VendorKeys=%d\n", + Settings->SetupMode, + Settings->SecureBoot, + Settings->SecureBootEnable, + Settings->CustomMode, + Settings->VendorKeys + )); +} + +/** + Install SecureBoot certificates once the VariableDriver is running. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context +**/ +VOID +EFIAPI +InstallSecureBootHook ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + VOID *Protocol; + SETTINGS Settings; + + Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol); + if (EFI_ERROR (Status)) { + return; + } + + Status = GetSettings (&Settings, TRUE); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: Failed to get current settings\n")); + return; + } + + if (Settings.SetupMode != SETUP_MODE) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: already in User Mode\n")); + return; + } + + if (Settings.SecureBootEnable != SECURE_BOOT_MODE_ENABLE) { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: SecureBootEnable is disabled.\n")); + return; + } + + PrintSettings (&Settings); + + if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { + Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; + Status = gRT->SetVariable ( + EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, + (EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS), + sizeof Settings.CustomMode, + &Settings.CustomMode + ); + if (EFI_ERROR (Status)) { + DEBUG (( + EFI_D_ERROR, + "SecureBootSetup: SetVariable(\"%s\", %g): %r\n", + EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, + Status + )); + ASSERT_EFI_ERROR (Status); + } + } + + // Enroll all the keys from default variables + Status = EnrollDbFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll db: %r\n", Status)); + goto error; + } + + Status = EnrollDbxFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll dbx: %r\n", Status)); + } + + Status = EnrollDbtFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll dbt: %r\n", Status)); + } + + Status = EnrollKEKFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll KEK: %r\n", Status)); + goto cleardbs; + } + + Status = EnrollPKFromDefault (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Cannot enroll PK: %r\n", Status)); + goto clearKEK; + } + + Status = SetSecureBootMode (STANDARD_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "Cannot set CustomMode to STANDARD_SECURE_BOOT_MODE\n" + "Please do it manually, otherwise system can be easily compromised\n" + )); + } + + // FIXME: Force SecureBoot to ON. The AuthService will do this if authenticated variables + // are supported, which aren't as the SMM handler isn't able to verify them. + + Settings.SecureBootEnable = SECURE_BOOT_ENABLE; + Status = gRT->SetVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof Settings.SecureBootEnable, + &Settings.SecureBootEnable + ); + if (EFI_ERROR (Status)) { + DEBUG (( + EFI_D_ERROR, + "SecureBootSetup: SetVariable(\"%s\", %g): %r\n", + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + Status + )); + ASSERT_EFI_ERROR (Status); + } + + Settings.SecureBoot = SECURE_BOOT_ENABLE; + Status = gRT->SetVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof Settings.SecureBoot, + &Settings.SecureBoot + ); + if (EFI_ERROR (Status)) { + DEBUG (( + EFI_D_ERROR, + "SecureBootSetup: SetVariable(\"%s\", %g): %r\n", + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + Status + )); + ASSERT_EFI_ERROR (Status); + } + + Status = GetSettings (&Settings, FALSE); + ASSERT_EFI_ERROR (Status); + + // + // Final sanity check: + // + // [SetupMode] + // (read-only, standardized by UEFI) + // / \_ + // 0 1, default + // / \_ + // PK enrolled no PK enrolled yet, + // (this is called "User Mode") PK enrollment possible + // | + // | + // [SecureBootEnable] + // (read-write, edk2-specific, boot service only) + // / \_ + // 0 1, default + // / \_ + // [SecureBoot]=0 [SecureBoot]=1 + // (read-only, standardized by UEFI) (read-only, standardized by UEFI) + // images are not verified images are verified, platform is + // operating in Secure Boot mode + // | + // | + // [CustomMode] + // (read-write, edk2-specific, boot service only) + // / \_ + // 0, default 1 + // / \_ + // PK, KEK, db, dbx PK, KEK, db, dbx + // updates are verified updates are not verified + // + + PrintSettings (&Settings); + + if ((Settings.SetupMode != 0) || (Settings.SecureBoot != 1) || + (Settings.SecureBootEnable != 1) || (Settings.CustomMode != 0) || + (Settings.VendorKeys != 0)) + { + DEBUG ((EFI_D_ERROR, "SecureBootSetup: disabled\n")); + return; + } + + DEBUG ((EFI_D_INFO, "SecureBootSetup: SecureBoot enabled\n")); + return; + +clearKEK: + DeleteKEK (); + +cleardbs: + DeleteDbt (); + DeleteDbx (); + DeleteDb (); + +error: + if (SetSecureBootMode (STANDARD_SECURE_BOOT_MODE) != EFI_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Cannot set mode to Secure: %r\n", Status)); + } + + DEBUG ((EFI_D_ERROR, "SecureBootSetup: disabled\n")); +} + +EFI_STATUS +EFIAPI +DriverEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + VOID *TcgProtocol; + VOID *Registration; + + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); + if (!EFI_ERROR (Status)) { + DEBUG (( + EFI_D_ERROR, + "SecureBootSetup: Started too late." + "TPM is already running!\n" + )); + return EFI_DEVICE_ERROR; + } + + // + // Create event callback, because we need access variable on SecureBootPolicyVariable + // We should use VariableWriteArch instead of VariableArch, because Variable driver + // may update SecureBoot value based on last setting. + // + EfiCreateProtocolNotifyEvent ( + &gEfiVariableWriteArchProtocolGuid, + TPL_CALLBACK, + InstallSecureBootHook, + NULL, + &Registration + ); + + return EFI_SUCCESS; +} diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf new file mode 100644 index 0000000000..fefbdb136b --- /dev/null +++ b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf @@ -0,0 +1,56 @@ +## @file +# This file handels SecureBoot setup. +# +# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SecureBootSetup + MODULE_UNI_FILE = SecureBootSetup.uni + FILE_GUID = 14693BD4-D114-4177-979E-37F279BAD620 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 0.1 + ENTRY_POINT = DriverEntry + +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SecureBootSetup.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[Guids] + gEfiCertPkcs7Guid + gEfiCertX509Guid + gEfiCustomModeEnableGuid + gEfiGlobalVariableGuid + gEfiImageSecurityDatabaseGuid + gEfiSecureBootEnableDisableGuid + +[LibraryClasses] + BaseMemoryLib + DebugLib + MemoryAllocationLib + UefiRuntimeServicesTableLib + UefiDriverEntryPoint + DxeServicesLib + UefiBootServicesTableLib + SecureBootVariableProvisionLib + SecureBootVariableLib + +[Protocols] + gEfiTcgProtocolGuid ## CONSUMES + gEfiVariableWriteArchProtocolGuid ## CONSUMES + +[Depex] + TRUE diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni new file mode 100644 index 0000000000..0ea5d32872 --- /dev/null +++ b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.uni @@ -0,0 +1,21 @@ +// /** @file +// Provides authenticated variable service for IPF platform +// +// This module installs variable arch protocol and variable write arch protocol to provide +// four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo. +// +// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides authenticated variable service for IPF platform" + +#string STR_MODULE_DESCRIPTION #language en-US "This module installs variable arch protocol and variable write arch protocol to provide four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo." diff --git a/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni new file mode 100644 index 0000000000..9811340573 --- /dev/null +++ b/UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetupExtra.uni @@ -0,0 +1,17 @@ +// /** @file +// EsalVariableDxeSal Localized Strings and Content +// +// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"9elements Secure Boot DXE" diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 51f18050f6..3c173192ce 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -99,6 +99,11 @@ # DEFINE SHELL_TYPE = BUILD_SHELL + # + # Security options: + # + DEFINE SECURE_BOOT_ENABLE = FALSE + # # EMU: UEFI payload with EMU variable # SPI: UEFI payload with SPI NV variable support @@ -186,6 +191,10 @@ CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf DxeHobListLib|UefiPayloadPkg/Library/DxeHobListLib/DxeHobListLib.inf +!if $(SECURE_BOOT_ENABLE) == TRUE + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf + SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf +!endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf @@ -272,7 +281,6 @@ DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf - AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !if $(VARIABLE_SUPPORT) == "EMU" TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf !elseif $(VARIABLE_SUPPORT) == "SMMSTORE" @@ -291,6 +299,9 @@ VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +[LibraryClasses.common] + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf + [LibraryClasses.common.SEC] HobLib|UefiPayloadPkg/Library/PayloadEntryHobLib/HobLib.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -311,6 +322,18 @@ !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.inf !endif + SmbusLib|MdePkg/Library/DxeSmbusLib/DxeSmbusLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + +!if $(SECURE_BOOT_ENABLE) == TRUE + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +!else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf +!endif [LibraryClasses.common.DXE_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -325,6 +348,17 @@ !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf !endif + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + +!if $(SECURE_BOOT_ENABLE) == TRUE + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +!else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf +!endif [LibraryClasses.common.DXE_RUNTIME_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -334,6 +368,19 @@ !if $(PERFORMANCE_MEASUREMENT_ENABLE) PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf !endif + SmbusLib|MdePkg/Library/DxeSmbusLib/DxeSmbusLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + +!if $(SECURE_BOOT_ENABLE) == TRUE + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +!else + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf +!endif [LibraryClasses.common.UEFI_DRIVER,LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -573,7 +620,19 @@ # Components that produce the architectural protocols # !if $(SECURITY_STUB_ENABLE) == TRUE - MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf + MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { + +!if $(SECURE_BOOT_ENABLE) == TRUE + NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +!endif + } + +!if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf + UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf +!endif + !endif UefiCpuPkg/CpuDxe/CpuDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf @@ -598,7 +657,10 @@ !endif PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf !if $(EMU_VARIABLE_ENABLE) == TRUE - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } !endif # # Following are the DXE drivers diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf index 6630fcfde5..07f6d57b8a 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.fdf +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf @@ -61,7 +61,6 @@ FILE FV_IMAGE = 4E35FD93-9C72-4c15-8C4B-E77F1DB2D793 { } ################################################################################ - [FV.DXEFV] FvNameGuid = 8063C21A-8E58-4576-95CE-089E87975D23 BlockSize = $(FD_BLOCK_SIZE) @@ -89,6 +88,11 @@ APRIORI DXE { INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf INF UefiPayloadPkg/BlSupportDxe/BlSupportDxe.inf +!if $(SECURE_BOOT_ENABLE) == TRUE + INF PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf + INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf # After SMBusConfigLoader and PcatRealTimeClockRuntimeDxe, before Tcg2Dxe + INF UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf +!endif } # @@ -272,6 +276,19 @@ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf !include NetworkPkg/Network.fdf.inc !endif +# +# Security +# +!if $(SECURE_BOOT_ENABLE) == TRUE + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + INF SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf + INF UefiPayloadPkg/SecureBootEnrollDefaultKeys/SecureBootSetup.inf + + FILE FREEFORM = PCD(gUefiPayloadPkgTokenSpaceGuid.PcdNvsDataFile) { + SECTION RAW = UefiVariableBinary/SECUREBOOT.Fv + } +!endif + # # Shell # @@ -415,3 +432,17 @@ INF ShellPkg/Application/Shell/Shell.inf UI STRING="Enter Setup" VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) } + +[RULE.COMMON.USER_DEFINED] + FILE FREEFORM = $(NAMED_GUID) { + RAW BIN |.crt + RAW BIN |.bin + } + +[RULE.COMMON.USER_DEFINED.BINARY] + FILE FREEFORM = $(NAMED_GUID) { + RAW BIN |.crt + RAW BIN |.bin + UI STRING="$(MODULE_NAME)" Optional + } + diff --git a/UefiVariableBinary/UefiVariableBinary.dsc b/UefiVariableBinary/UefiVariableBinary.dsc new file mode 100644 index 0000000000..6c5af32628 --- /dev/null +++ b/UefiVariableBinary/UefiVariableBinary.dsc @@ -0,0 +1,20 @@ +## @file +# Secure Boot Variable File +# +# Builds a firmware volume to contain Secure Boot keys +# +# Copyright (c) 2021, Star Labs Online Limited. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## +[Defines] + PLATFORM_NAME = SecureBoot + PLATFORM_GUID = 1035eeff-543e-4abb-ac7e-bcd68cb530f8 + PLATFORM_VERSION = 0.1 + OUTPUT_DIRECTORY = Build/UefiVariableBinary + SUPPORTED_ARCHITECTURES = IA32|X64 + BUILD_TARGETS = DEBUG|RELEASE|NOOPT + SKUID_IDENTIFIER = DEFAULT + FLASH_DEFINITION = UefiVariableBinary/UefiVariableBinary.fdf + + diff --git a/UefiVariableBinary/UefiVariableBinary.fdf b/UefiVariableBinary/UefiVariableBinary.fdf new file mode 100644 index 0000000000..0495a26267 --- /dev/null +++ b/UefiVariableBinary/UefiVariableBinary.fdf @@ -0,0 +1,31 @@ +## @file +# FDF include file which allows to embed Secure Boot keys +# +# Copyright (c) 2021, Star Labs Online Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +[Defines] +DEFINE FD_SIZE = 0x00850000 +DEFINE NUM_BLOCKS = 0x850 + +[FV.SecureBoot] +FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 { + SECTION RAW = UefiVariableBinary/keys/pk.crt + SECTION UI = "PK Default" +} + +FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 { + SECTION RAW = UefiVariableBinary/keys/MicCorKEKCA2011_2011-06-24.crt + SECTION UI = "KEK Default" +} + +FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 { + SECTION RAW = UefiVariableBinary/keys/MicWinProPCA2011_2011-10-19.crt + SECTION UI = "DB Default" +} + +FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f { + SECTION RAW = UefiVariableBinary/keys/dbxupdate_x64.bin + SECTION UI = "DBX Default" +} diff --git a/UefiVariableBinary/keys/MicCorKEKCA2011_2011-06-24.crt b/UefiVariableBinary/keys/MicCorKEKCA2011_2011-06-24.crt new file mode 100644 index 0000000000..2787083e0c Binary files /dev/null and b/UefiVariableBinary/keys/MicCorKEKCA2011_2011-06-24.crt differ diff --git a/UefiVariableBinary/keys/MicWinProPCA2011_2011-10-19.crt b/UefiVariableBinary/keys/MicWinProPCA2011_2011-10-19.crt new file mode 100644 index 0000000000..a6d001c219 Binary files /dev/null and b/UefiVariableBinary/keys/MicWinProPCA2011_2011-10-19.crt differ diff --git a/UefiVariableBinary/keys/README b/UefiVariableBinary/keys/README new file mode 100644 index 0000000000..5182454b97 --- /dev/null +++ b/UefiVariableBinary/keys/README @@ -0,0 +1,8 @@ +# PK certificate generation + +* Do not save private key for re-usage. +* Generate a RSA 2048 / SHA256 x509 certificate +* Exponent should be 65537 +* Microsoft certificates can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance + +openssl req -outform DER -newkey rsa:2048 -keyout /dev/null -passout file:<(head -c 40 /dev/urandom) -x509 -days 365 -out pk.crt diff --git a/UefiVariableBinary/keys/dbxupdate_x64.bin b/UefiVariableBinary/keys/dbxupdate_x64.bin new file mode 100644 index 0000000000..7c282d1c1d Binary files /dev/null and b/UefiVariableBinary/keys/dbxupdate_x64.bin differ diff --git a/UefiVariableBinary/keys/pk.crt b/UefiVariableBinary/keys/pk.crt new file mode 100644 index 0000000000..61e7dadd2c Binary files /dev/null and b/UefiVariableBinary/keys/pk.crt differ