sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763

Browse Source 
This commit contains the patch files and tests for DxeTpmMeasureBootLib
CVE 2022-36763.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Douglas Flick [MSFT]
2024-01-12 02:16:02 +08:00
committed by mergify[bot]
parent 2244465432
commit 4776a1b39e
8 changed files with 716 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@ -18,6 +18,8 @@
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiDxe.h>
@ -40,6 +42,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/SecurityManagementLib.h>
#include <Library/HobLib.h>
#include "DxeTpmMeasureBootLibSanitization.h"
//
// Flag to check GPT partition. It only need be measured once.
//
@ -136,6 +140,9 @@ TcgMeasureGptTable (
UINT32 EventSize;
UINT32 EventNumber;
EFI_PHYSICAL_ADDRESS EventLogLastEntry;
UINT32 AllocSize;
GptData = NULL;
if (mMeasureGptCount > 0) {
return EFI_SUCCESS;
@ -166,8 +173,8 @@ TcgMeasureGptTable (
BlockIo->Media->BlockSize,
(UINT8 *)PrimaryHeader
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Failed to Read Partition Table Header!\n"));
if (EFI_ERROR (Status) || EFI_ERROR (SanitizeEfiPartitionTableHeader (PrimaryHeader, BlockIo))) {
DEBUG ((DEBUG_ERROR, "Failed to read Partition Table Header or invalid Partition Table Header!\n"));
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
@ -175,7 +182,13 @@ TcgMeasureGptTable (
//
// Read the partition entry.
//
EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);
Status = SanitizePrimaryHeaderAllocationSize (PrimaryHeader, &AllocSize);
if (EFI_ERROR (Status)) {
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
EntryPtr = (UINT8 *)AllocatePool (AllocSize);
if (EntryPtr == NULL) {
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
@ -185,7 +198,7 @@ TcgMeasureGptTable (
DiskIo,
BlockIo->Media->MediaId,
MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,
AllocSize,
EntryPtr
);
if (EFI_ERROR (Status)) {
@ -210,9 +223,8 @@ TcgMeasureGptTable (
//
// Prepare Data for Measurement
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
Status = SanitizePrimaryHeaderGptEventSize (PrimaryHeader, NumberOfPartition, &EventSize);
TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (EventSize);
if (TcgEvent == NULL) {
FreePool (PrimaryHeader);
FreePool (EntryPtr);
@ -221,7 +233,7 @@ TcgMeasureGptTable (
TcgEvent->PCRIndex = 5;
TcgEvent->EventType = EV_EFI_GPT_EVENT;
TcgEvent->EventSize = EventSize;
TcgEvent->EventSize = EventSize - sizeof (TCG_PCR_EVENT_HDR);
GptData = (EFI_GPT_DATA *)TcgEvent->Event;
//
@ -361,11 +373,13 @@ TcgMeasurePeImage (
TcgEvent->PCRIndex = 2;
break;
default:
DEBUG ((
DEBUG_ERROR,
"TcgMeasurePeImage: Unknown subsystem type %d",
ImageType
));
DEBUG (
(
DEBUG_ERROR,
"TcgMeasurePeImage: Unknown subsystem type %d",
ImageType
)
);
goto Finish;
}