DxeTpm2MeasureBootLibSanitization.c File Reference

#include <Uefi.h>
#include <Uefi/UefiSpec.h>
#include <Library/SafeIntLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseLib.h>
#include <IndustryStandard/UefiTcgPlatform.h>
#include <Protocol/BlockIo.h>
#include <Library/MemoryAllocationLib.h>
#include "DxeTpm2MeasureBootLibSanitization.h"

Go to the source code of this file.

Macros
#define	GPT_HEADER_REVISION_V1   0x00010000

Functions
EFI_STATUS EFIAPI	Tpm2SanitizeEfiPartitionTableHeader (IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_BLOCK_IO_PROTOCOL *BlockIo)
EFI_STATUS EFIAPI	Tpm2SanitizePrimaryHeaderAllocationSize (IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, OUT UINT32 *AllocationSize)
EFI_STATUS	Tpm2SanitizePrimaryHeaderGptEventSize (IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN UINTN NumberOfPartition, OUT UINT32 *EventSize)
EFI_STATUS	Tpm2SanitizePeImageEventSize (IN UINT32 FilePathSize, OUT UINT32 *EventSize)

Detailed Description

The library instance provides security service of TPM2 measure boot and Confidential Computing (CC) measure boot.

Caution: This file requires additional review when modified. This library will have external input - PE/COFF image and GPT partition. This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow.

This file will pull out the validation logic from the following functions, in an attempt to validate the untrusted input in the form of unit tests

These are those functions:

DxeTpm2MeasureBootLibImageRead() function will make sure the PE/COFF image content read is within the image buffer.

Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse partition data carefully.

Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file DxeTpm2MeasureBootLibSanitization.c.

Macro Definition Documentation

GPT_HEADER_REVISION_V1

#define GPT_HEADER_REVISION_V1   0x00010000

Definition at line 36 of file DxeTpm2MeasureBootLibSanitization.c.

Function Documentation

Tpm2SanitizeEfiPartitionTableHeader()

EFI_STATUS EFIAPI Tpm2SanitizeEfiPartitionTableHeader	(	IN CONST EFI_PARTITION_TABLE_HEADER *	PrimaryHeader,
		IN CONST EFI_BLOCK_IO_PROTOCOL *	BlockIo
	)

This function will validate the EFI_PARTITION_TABLE_HEADER structure is safe to parse However this function will not attempt to verify the validity of the GPT partition It will check the following:

• Signature
• Revision
• AlternateLBA
• FirstUsableLBA
• LastUsableLBA
• PartitionEntryLBA
• NumberOfPartitionEntries
• SizeOfPartitionEntry
• BlockIo

Parameters

[in]	PrimaryHeader	Pointer to the EFI_PARTITION_TABLE_HEADER structure.
[in]	BlockIo	Pointer to the EFI_BLOCK_IO_PROTOCOL structure.

Return values

EFI_SUCCESS	The EFI_PARTITION_TABLE_HEADER structure is valid.
EFI_INVALID_PARAMETER	The EFI_PARTITION_TABLE_HEADER structure is invalid.

Definition at line 66 of file DxeTpm2MeasureBootLibSanitization.c.

Tpm2SanitizePeImageEventSize()

EFI_STATUS Tpm2SanitizePeImageEventSize	(	IN UINT32	FilePathSize,
		OUT UINT32 *	EventSize
	)

This function will validate that the PeImage Event Size from the loaded image is sane It will check the following:

• EventSize does not overflow

Parameters

[in]	FilePathSize	- Size of the file path.
[out]	EventSize	- Pointer to the event size.

Return values

EFI_SUCCESS	The event size is valid.
EFI_OUT_OF_RESOURCES	Overflow would have occurred.
EFI_INVALID_PARAMETER	One of the passed parameters was invalid.

Definition at line 295 of file DxeTpm2MeasureBootLibSanitization.c.

Tpm2SanitizePrimaryHeaderAllocationSize()

EFI_STATUS EFIAPI Tpm2SanitizePrimaryHeaderAllocationSize	(	IN CONST EFI_PARTITION_TABLE_HEADER *	PrimaryHeader,
		OUT UINT32 *	AllocationSize
	)

This function will validate that the allocation size from the primary header is sane It will check the following:

• AllocationSize does not overflow

Parameters

[in]	PrimaryHeader	Pointer to the EFI_PARTITION_TABLE_HEADER structure.
[out]	AllocationSize	Pointer to the allocation size.

Return values

EFI_SUCCESS	The allocation size is valid.
EFI_OUT_OF_RESOURCES	The allocation size is invalid.

Definition at line 172 of file DxeTpm2MeasureBootLibSanitization.c.

Tpm2SanitizePrimaryHeaderGptEventSize()

EFI_STATUS Tpm2SanitizePrimaryHeaderGptEventSize	(	IN CONST EFI_PARTITION_TABLE_HEADER *	PrimaryHeader,
		IN UINTN	NumberOfPartition,
		OUT UINT32 *	EventSize
	)

This function will validate that the Gpt Event Size calculated from the primary header is sane It will check the following:

• EventSize does not overflow

Important: This function includes the entire length of the allocated space, including (sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event)) . When hashing the buffer allocated with this size, the caller must subtract the size of the (sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event)) from the size of the buffer before hashing.

Parameters

[in]	PrimaryHeader	- Pointer to the EFI_PARTITION_TABLE_HEADER structure.
[in]	NumberOfPartition	- Number of partitions.
[out]	EventSize	- Pointer to the event size.

Return values

EFI_SUCCESS	The event size is valid.
EFI_OUT_OF_RESOURCES	Overflow would have occurred.
EFI_INVALID_PARAMETER	One of the passed parameters was invalid.

Definition at line 224 of file DxeTpm2MeasureBootLibSanitization.c.