tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4410

Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function
contains a scenario to prevent a possible dictionary attack on the MorLock
Key in accordance with the TCG Platform Reset Mitigation Spec v1.10.

The mechanism to prevent this attack must also change the MorLock Variable
Value to 0x01 to indicate Locked Without Key.

ASSERT_EFI_ERROR is added for error visibility since SetMorLockVariable
returns a status code

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Abhi Singh <Abhi.Singh@arm.com>

Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
This commit is contained in:
Abhi Singh 2023-04-12 15:26:55 -05:00 committed by mergify[bot]
parent 96d691166f
commit 63923a5642
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
View File

@ -312,6 +312,11 @@ SetVariableCheckHandlerMorLock (
mMorLockState = MorLockStateLocked;
mMorLockKeyEmpty = TRUE;
ZeroMem (mMorLockKey, sizeof (mMorLockKey));
//
// Update value to reflect locked without key
//
Status = SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY);
ASSERT_EFI_ERROR (Status);
return EFI_ACCESS_DENIED;
}
}