HI Sean We need support PKCS7 authentication for capsule BIOS update, and we need support RSA2048SHA256 authentication for recovery image. They are using same format, and the only difference is cert type. That is why we choose *registration*. A platform has the flexibility to choose 1 or more algo for authenticating capsule update or recovery. If we choose to mix all those into one library, the recovery module size will be increased. We do not want to see that.
As alternative, if we want to remove registration, we may implement one instance for PKCS7, and another instance for RSA2048SHA256. The capsule update one links PKCS7 instance and recovery one links RSA2048SHA256. What do you think? Thank you Yao Jiewen From: edk2-devel [mailto:[email protected]] On Behalf Of Sean Brogan Sent: Tuesday, October 11, 2016 5:22 PM To: Yao, Jiewen <[email protected]>; [email protected] Cc: Kinney, Michael D <[email protected]>; Zeng, Star <[email protected]>; Tian, Feng <[email protected]>; Gao, Liming <[email protected]>; Zhang, Chao B <[email protected]> Subject: Re: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add FmpAuthenticationLib header. I think this library and the design of registering different auth handlers is not the right design for FMP auth verification. This isn't something that needs extension thru registration. This is a controlled environment. I also don't think the capsule runtime should be using these auth services. How I see it the design abstraction of FMP is that the FMP instance does the verification and unwrapping of the capsule in its checkimage/set image routines. By keeping FMP self-contained a platform gains a lot of flexibility. FMP SetImage can be called from the UEFI shell or other application before exit boot services so it must always verify the image before applying anyway. I would ask that this too be moved to your new sample package or removed from the design. Thanks Sean > -----Original Message----- > From: edk2-devel [mailto:[email protected]] On Behalf Of > Jiewen Yao > Sent: Friday, September 30, 2016 5:21 AM > To: [email protected]<mailto:[email protected]> > Cc: Michael D Kinney > <[email protected]<mailto:[email protected]>>; Feng Tian > <[email protected]<mailto:[email protected]>>; Chao Zhang > <[email protected]<mailto:[email protected]>>; Liming Gao > <[email protected]<mailto:[email protected]>>; Star Zeng > <[email protected]<mailto:[email protected]>> > Subject: [edk2] [PATCH V2 03/50] MdeModulePkg/Include: Add > FmpAuthenticationLib header. > > This library is used to authenticate a UEFI defined FMP Capsule. > > Cc: Feng Tian <[email protected]<mailto:[email protected]>> > Cc: Star Zeng <[email protected]<mailto:[email protected]>> > Cc: Michael D Kinney > <[email protected]<mailto:[email protected]>> > Cc: Liming Gao <[email protected]<mailto:[email protected]>> > Cc: Chao Zhang <[email protected]<mailto:[email protected]>> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao <[email protected]<mailto:[email protected]>> > Reviewed-by: Liming Gao <[email protected]<mailto:[email protected]>> > --- > MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 91 > ++++++++++++++++++++ > 1 file changed, 91 insertions(+) > > diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > new file mode 100644 > index 0000000..895698e > --- /dev/null > +++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h > @@ -0,0 +1,91 @@ > +/** @file > + FMP capsule authenitcation Library. > + > +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> This > +program and the accompanying materials are licensed and made available > +under the terms and conditions of the BSD License which accompanies > +this distribution. The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > + > +**/ > + > + > +#ifndef __FMP_AUTHENTICATION_LIB_H__ > +#define __FMP_AUTHENTICATION_LIB_H__ > + > +/** > + The handler is used to do the authentication for FMP capsule based > +upon > + EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + > + Caution: This function may receive untrusted input. > + > + @param[in] Image Points to the new FMP authentication > image, > + start from > EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + @param[in] ImageSize Size of the authentication image in bytes. > + @param[out] LastAttemptStatus The last attempt status, which will be > recorded > + in ESRT and FMP > EFI_FIRMWARE_IMAGE_DESCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in > LastAttemptStatus. > +**/ > +typedef > +RETURN_STATUS > +(EFIAPI *FMP_AUTHENTICATION_HANDLER) ( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +/** > + Register FMP authentication handler with CertType. > + > + If CertType is NULL, then ASSERT(). > + If FmpAuthenticationHandler is NULL, then ASSERT(). > + > + @param[in] CertType The certificate type associated > with the > FMP auth handler. > + @param[in] FmpAuthenticationHandler The FMP authentication handler to > be registered. > + > + @retval RETURN_SUCCESS The handlers were registered. > + @retval RETURN_OUT_OF_RESOURCES There are not enough resources > available to register the handlers. > +**/ > +RETURN_STATUS > +EFIAPI > +RegisterFmpAuthenticationHandler( > + IN GUID *CertType, > + IN FMP_AUTHENTICATION_HANDLER FmpAuthenticationHandler > + ); > + > +/** > + Execute FMP authentication handlers. > + > + Caution: This function may receive untrusted input. > + > + If Image is NULL, then ASSERT(). > + If ImageSize is 0, then ASSERT(). > + If LastAttemptStatus is NULL, then ASSERT(). > + > + @param[in] Image Points to the new FMP authentication > image, > + start from > EFI_FIRMWARE_IMAGE_AUTHENTICATION. > + @param[in] ImageSize Size of the authentication image in bytes. > + @param[out] LastAttemptStatus The last attempt status, which will be > recorded > + in ESRT and FMP > EFI_FIRMWARE_IMAGE_DESCRIPTOR. > + > + @retval RETURN_SUCCESS Authentication pass. > + @retval RETURN_SECURITY_VIOLATION Authentication fail. > + The detail reson is recorded in > LastAttemptStatus. > + @retval RETURN_UNSUPPORTED No Authentication handler associated > with CertType. > +**/ > +RETURN_STATUS > +EFIAPI > +ExecuteFmpAuthenticationHandler( > + IN VOID *Image, > + IN UINTN ImageSize, > + OUT UINT32 *LastAttemptStatus > + ); > + > +#endif > + > -- > 2.7.4.windows.1 > > _______________________________________________ > edk2-devel mailing list > [email protected]<mailto:[email protected]> > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected]<mailto:[email protected]> https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
