DxeTpmMeasureBootLibSanitization.c File Reference

#include <Uefi.h>
#include <Uefi/UefiSpec.h>
#include <Library/SafeIntLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseLib.h>
#include <IndustryStandard/UefiTcgPlatform.h>
#include <Protocol/BlockIo.h>
#include <Library/MemoryAllocationLib.h>
#include "DxeTpmMeasureBootLibSanitization.h"

Go to the source code of this file.

Macros
#define	GPT_HEADER_REVISION_V1   0x00010000

Functions
EFI_STATUS EFIAPI	TpmSanitizeEfiPartitionTableHeader (IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN CONST EFI_BLOCK_IO_PROTOCOL *BlockIo)
EFI_STATUS EFIAPI	TpmSanitizePrimaryHeaderAllocationSize (IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, OUT UINT32 *AllocationSize)
EFI_STATUS	TpmSanitizePrimaryHeaderGptEventSize (IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader, IN UINTN NumberOfPartition, OUT UINT32 *EventSize)
EFI_STATUS	TpmSanitizePeImageEventSize (IN UINT32 FilePathSize, OUT UINT32 *EventSize)

Detailed Description

The library instance provides security service of TPM measure boot and Confidential Computing (CC) measure boot.

Caution: This file requires additional review when modified. This library will have external input - PE/COFF image and GPT partition. This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow.

This file will pull out the validation logic from the following functions, in an attempt to validate the untrusted input in the form of unit tests

These are those functions:

DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content read is within the image buffer.

Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse partition data carefully.

Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file DxeTpmMeasureBootLibSanitization.c.

Macro Definition Documentation

GPT_HEADER_REVISION_V1

#define GPT_HEADER_REVISION_V1   0x00010000

Definition at line 36 of file DxeTpmMeasureBootLibSanitization.c.

Function Documentation

TpmSanitizeEfiPartitionTableHeader()

EFI_STATUS EFIAPI TpmSanitizeEfiPartitionTableHeader	(	IN CONST EFI_PARTITION_TABLE_HEADER *	PrimaryHeader,
		IN CONST EFI_BLOCK_IO_PROTOCOL *	BlockIo
	)

This function will validate the EFI_PARTITION_TABLE_HEADER structure is safe to parse However this function will not attempt to verify the validity of the GPT partition It will check the following:

• Signature
• Revision
• AlternateLBA
• FirstUsableLBA
• LastUsableLBA
• PartitionEntryLBA
• NumberOfPartitionEntries
• SizeOfPartitionEntry
• BlockIo

Parameters

[in]	PrimaryHeader	Pointer to the EFI_PARTITION_TABLE_HEADER structure.
[in]	BlockIo	Pointer to the EFI_BLOCK_IO_PROTOCOL structure.

Return values

EFI_SUCCESS	The EFI_PARTITION_TABLE_HEADER structure is valid.
EFI_INVALID_PARAMETER	The EFI_PARTITION_TABLE_HEADER structure is invalid.

Definition at line 66 of file DxeTpmMeasureBootLibSanitization.c.

TpmSanitizePeImageEventSize()

EFI_STATUS TpmSanitizePeImageEventSize	(	IN UINT32	FilePathSize,
		OUT UINT32 *	EventSize
	)

This function will validate that the PeImage Event Size from the loaded image is sane It will check the following:

• EventSize does not overflow

Parameters

[in]	FilePathSize	- Size of the file path.
[out]	EventSize	- Pointer to the event size.

Return values

EFI_SUCCESS	The event size is valid.
EFI_OUT_OF_RESOURCES	Overflow would have occurred.
EFI_INVALID_PARAMETER	One of the passed parameters was invalid.

Definition at line 261 of file DxeTpmMeasureBootLibSanitization.c.

TpmSanitizePrimaryHeaderAllocationSize()

EFI_STATUS EFIAPI TpmSanitizePrimaryHeaderAllocationSize	(	IN CONST EFI_PARTITION_TABLE_HEADER *	PrimaryHeader,
		OUT UINT32 *	AllocationSize
	)

This function will validate that the allocation size from the primary header is sane It will check the following:

• AllocationSize does not overflow

Parameters

[in]	PrimaryHeader	Pointer to the EFI_PARTITION_TABLE_HEADER structure.
[out]	AllocationSize	Pointer to the allocation size.

Return values

EFI_SUCCESS	The allocation size is valid.
EFI_OUT_OF_RESOURCES	The allocation size is invalid.

Definition at line 148 of file DxeTpmMeasureBootLibSanitization.c.

TpmSanitizePrimaryHeaderGptEventSize()

EFI_STATUS TpmSanitizePrimaryHeaderGptEventSize	(	IN CONST EFI_PARTITION_TABLE_HEADER *	PrimaryHeader,
		IN UINTN	NumberOfPartition,
		OUT UINT32 *	EventSize
	)

This function will validate that the Gpt Event Size calculated from the primary header is sane It will check the following:

• EventSize does not overflow

Important: This function includes the entire length of the allocated space, including the TCG_PCR_EVENT_HDR. When hashing the buffer allocated with this size, the caller must subtract the size of the TCG_PCR_EVENT_HDR from the size of the buffer before hashing.

Parameters

[in]	PrimaryHeader	- Pointer to the EFI_PARTITION_TABLE_HEADER structure.
[in]	NumberOfPartition	- Number of partitions.
[out]	EventSize	- Pointer to the event size.

Return values

EFI_SUCCESS	The event size is valid.
EFI_OUT_OF_RESOURCES	Overflow would have occurred.
EFI_INVALID_PARAMETER	One of the passed parameters was invalid.

Definition at line 197 of file DxeTpmMeasureBootLibSanitization.c.