tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/SecurityPkg/Library
History
Gerd Hoffmann 494127613b SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2 
Call gRT->GetVariable() directly to read the SecureBoot variable.  It is
one byte in size so we can easily place it on the stack instead of
having GetEfiGlobalVariable2() allocate it for us, which avoids a few
possible error cases.

Skip secure boot checks if (and only if):

 (a) the SecureBoot variable is not present (EFI_NOT_FOUND) according to
     the return value, or
 (b) the SecureBoot variable was read successfully and is set to
     SECURE_BOOT_MODE_DISABLE.

Previously the code skipped the secure boot checks on *any*
gRT->GetVariable() error (GetEfiGlobalVariable2 sets the variable
value to NULL in that case) and also on memory allocation failures.

Fixes: CVE-2019-14560
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Suggested-by: Marvin Häuser <mhaeuser@posteo.de>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 		2023-03-21 05:52:23 +00:00
..
AuthVariableLib SecurityPkg: limit verification of enrolled PK in setup mode 2023-02-04 11:53:59 +00:00
DxeImageAuthenticationStatusLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
DxeImageVerificationLib SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2 2023-03-21 05:52:23 +00:00
DxeRsa2048Sha256GuidedSectionExtractLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
DxeTcg2PhysicalPresenceLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
DxeTcgPhysicalPresenceLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
DxeTpm2MeasureBootLib SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib 2021-12-11 17:00:53 +00:00
DxeTpmMeasureBootLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
DxeTpmMeasurementLib SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib 2021-12-11 17:00:53 +00:00
FmpAuthenticationLibPkcs7 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
FmpAuthenticationLibRsa2048Sha256 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HashInstanceLibSha1 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HashInstanceLibSha256 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HashInstanceLibSha384 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HashInstanceLibSha512 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HashInstanceLibSm3 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
HashLibBaseCryptoRouter SecurityPkg: Reallocate TPM Active PCRs based on platform support 2021-12-17 15:03:43 +00:00
HashLibTdx SecurityPkg/HashLibTdx: Return EFI_UNSUPPORTED if it is not Tdx guest 2022-06-16 08:08:19 +00:00
HashLibTpm2 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
PeiDxeTpmPlatformHierarchyLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
PeiDxeTpmPlatformHierarchyLibNull ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib 2021-10-05 09:54:11 +00:00
PeiRsa2048Sha256GuidedSectionExtractLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
PeiTcg2PhysicalPresenceLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
PeiTpmMeasurementLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
PlatformPKProtectionLibVarPolicy SecurityPkg: PlatformPKProtectionLib: Added PK protection interface 2022-07-07 01:07:00 +00:00
PlatformSecureLibNull SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
SecTpmMeasurementLib OvmfPkg/SecTpmMeasurementLib: Fix the mapping error of PCR and RTMR index 2022-12-15 03:07:33 +00:00
SecureBootVariableLib SecurityPkg: SecureBootVariableLib: Added unit tests 2022-07-07 01:07:00 +00:00
SecureBootVariableProvisionLib SecurityPkg: SecureBootVariableProvisionLib: Updated implementation 2022-07-07 01:07:00 +00:00
SmmTcg2PhysicalPresenceLib SecurityPkg/SmmTcg2PhysicalPresenceLib: Add missing debug print specifier 2022-09-09 01:42:39 +00:00
Tcg2PpVendorLibNull SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
TcgEventLogRecordLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
TcgPpVendorLibNull SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
TcgStorageCoreLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
TcgStorageOpalLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
Tpm2CommandLib SecurityPkg: Debug code to audit BIOS TPM extend operations 2021-12-17 15:03:43 +00:00
Tpm2DeviceLibDTpm SecurityPkg: Remove enforcement of final GoIdle transition for CRB commands 2022-09-30 12:00:24 +00:00
Tpm2DeviceLibRouter SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
Tpm2DeviceLibTcg2 SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
Tpm12CommandLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
Tpm12DeviceLibDTpm SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
Tpm12DeviceLibTcg SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00
TpmCommLib SecurityPkg: Apply uncrustify changes 2021-12-07 17:24:28 +00:00