I think this library and the design of registering different auth handlers is not the right design for FMP auth verification. This isn't something that needs extension thru registration. This is a controlled environment. I also don't think the capsule runtime should be using these auth services. How I see it the design abstraction of FMP is that the FMP instance does the verification and unwrapping of the capsule in its checkimage/set image routines. By keeping FMP self-contained a platform gains a lot of flexibility. FMP SetImage can be called from the UEFI shell or other application before exit boot services so it must always verify the image before applying anyway. I would ask that this too be moved to your new sample package or removed from the design.
Thanks Sean > -----Original Message----- > From: edk2-devel [mailto:[email protected]] On Behalf Of > Jiewen Yao > Sent: Friday, September 30, 2016 5:21 AM > To: [email protected] > Cc: Michael D Kinney <[email protected]>; Feng Tian > <[email protected]>; Chao Zhang <[email protected]>; Liming Gao > <[email protected]>; Star Zeng <[email protected]> > Subject: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add > FmpAuthenticationLib header. > > This library is used to authenticate a UEFI defined FMP Capsule. > > Cc: Feng Tian <[email protected]> > Cc: Star Zeng <[email protected]> > Cc: Michael D Kinney <[email protected]> > Cc: Liming Gao <[email protected]> > Cc: Chao Zhang <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao <[email protected]> > Reviewed-by: Liming Gao <[email protected]> > --- > MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 91 > ++++++++++++++++++++ > 1 file changed, 91 insertions(+) > > diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > new file mode 100644 > index 0000000..895698e > --- /dev/null > +++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > @@ -0,0 +1,91 @@ > +/** @file > + FMP capsule authenitcation Library. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> This > +program and the accompanying materials are licensed and made available > +under the terms and conditions of the BSD License which accompanies > +this distribution. The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > + > +**/ > + > + > +#ifndef __FMP_AUTHENTICATION_LIB_H__ > +#define __FMP_AUTHENTICATION_LIB_H__ > + > +/** > + The handler is used to do the authentication for FMP capsule based > +upon > + EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + > + Caution: This function may receive untrusted input. > + > + @param[in] Image Points to the new FMP authentication > image, > + start from > EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + @param[in] ImageSize Size of the authentication image in bytes. > + @param[out] LastAttemptStatus The last attempt status, which will be > recorded > + in ESRT and FMP > EFI_FIRMWARE_IMAGE_DESCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in > LastAttemptStatus. > +**/ > +typedef > +RETURN_STATUS > +(EFIAPI *FMP_AUTHENTICATION_HANDLER) ( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +/** > + Register FMP authentication handler with CertType. > + > + If CertType is NULL, then ASSERT(). > + If FmpAuthenticationHandler is NULL, then ASSERT(). > + > + @param[in] CertType The certificate type associated > with the > FMP auth handler. > + @param[in] FmpAuthenticationHandler The FMP authentication handler to > be registered. > + > + @retval RETURN_SUCCESS The handlers were registered. > + @retval RETURN_OUT_OF_RESOURCES There are not enough resources > available to register the handlers. > +**/ > +RETURN_STATUS > +EFIAPI > +RegisterFmpAuthenticationHandler( > + IN GUID *CertType, > + IN FMP_AUTHENTICATION_HANDLER FmpAuthenticationHandler > + ); > + > +/** > + Execute FMP authentication handlers. > + > + Caution: This function may receive untrusted input. > + > + If Image is NULL, then ASSERT(). > + If ImageSize is 0, then ASSERT(). > + If LastAttemptStatus is NULL, then ASSERT(). > + > + @param[in] Image Points to the new FMP authentication > image, > + start from > EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + @param[in] ImageSize Size of the authentication image in bytes. > + @param[out] LastAttemptStatus The last attempt status, which will be > recorded > + in ESRT and FMP > EFI_FIRMWARE_IMAGE_DESCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in > LastAttemptStatus. > + @retval RETURN_UNSUPPORTED No Authentication handler associated > with CertType. > +**/ > +RETURN_STATUS > +EFIAPI > +ExecuteFmpAuthenticationHandler( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +#endif > + > -- > 2.7.4.windows.1 > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
