From: Michael D Kinney <michael.d.kin...@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=891

Evaluate both PcdPkcs7CertBuffer and PcdPkcs7CertBufferXdr for the use
of the test key.  If the test key is found in either PCD, then the warning
messages for the use of a test key must be presented.

Cc: Sean Brogan <sean.bro...@microsoft.com>
Cc: David Wei <david....@intel.com>
Cc: Mang Guo <mang....@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kin...@intel.com>
---
 .../Library/PlatformBdsLib/BdsPlatform.c           | 57 +++++++++++++++++++++-
 .../Library/PlatformBdsLib/PlatformBdsLib.inf      | 22 +++++----
 2 files changed, 68 insertions(+), 11 deletions(-)

diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c 
b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
index 7f91777ea1..4aac7a2487 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -1,6 +1,6 @@
 /** @file
 
-  Copyright (c) 2004  - 2016, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2004  - 2018, Intel Corporation. All rights reserved.<BR>
                                                                                
    
   This program and the accompanying materials are licensed and made available 
under
   the terms and conditions of the BSD License that accompanies this 
distribution.  
@@ -2417,6 +2417,10 @@ ShowProgressHotKey (
   UINTN                         TmpStrSize;
   VOID                          *Buffer;
   UINTN                         Size;
+  VOID                          *PublicKeyData;
+  UINTN                         PublicKeyDataLength;
+  UINT8                         *PublicKeyDataXdr;
+  UINT8                         *PublicKeyDataXdrEnd;
 
   if (TimeoutDefault == 0) {
     return EFI_TIMEOUT;
@@ -2484,6 +2488,57 @@ ShowProgressHotKey (
       }
       PcdSetBoolS(PcdTestKeyUsed, TRUE);
     }
+
+    //
+    // Make sure none of the keys in PcdPkcs7CertBufferXdr match the test key
+    //
+    PublicKeyDataXdr    = PcdGetPtr (PcdPkcs7CertBufferXdr);
+    PublicKeyDataXdrEnd = PublicKeyDataXdr + PcdGetSize 
(PcdPkcs7CertBufferXdr);
+
+    ASSERT (PublicKeyDataXdr != NULL);
+    ASSERT (PublicKeyDataXdr != PublicKeyDataXdrEnd);
+
+    //
+    // Try each key from PcdPkcs7CertBufferXdr
+    //
+    while (PublicKeyDataXdr < PublicKeyDataXdrEnd) {
+      if (PublicKeyDataXdr + sizeof (UINT32) > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      //
+      // Read key length stored in big endian format
+      //
+      PublicKeyDataLength = SwapBytes32 (*(UINT32 *)(PublicKeyDataXdr));
+      //
+      // Point to the start of the key data
+      //
+      PublicKeyDataXdr += sizeof (UINT32);
+      if (PublicKeyDataXdr + PublicKeyDataLength > PublicKeyDataXdrEnd) {
+        //
+        // Key data extends beyond end of PCD
+        //
+        break;
+      }
+      PublicKeyData = PublicKeyDataXdr;
+
+      if ((Size == PublicKeyDataLength) &&
+          (CompareMem(Buffer, PublicKeyData, Size) == 0)) {
+        TmpStr3 = L"WARNING: Capsule Test Key is used.\r\n";
+        if (DebugAssertEnabled()) {
+          DEBUG ((DEBUG_INFO, "\n\nWARNING: Capsule Test Key is used.\r\n"));
+        } else {
+          SerialPortWrite((UINT8 *)"\n\nWARNING: Capsule Test Key is used.", 
sizeof("\n\nWARNING: Capsule Test Key is used."));
+        }
+        PcdSetBoolS(PcdTestKeyUsed, TRUE);
+      }
+
+      PublicKeyDataXdr += PublicKeyDataLength;
+      PublicKeyDataXdr = (UINT8 *)ALIGN_POINTER (PublicKeyDataXdr, 
sizeof(UINT32));
+    }
+
     FreePool(Buffer);
   }
 
diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf 
b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
index 7512556bb7..9f84d7b2e0 100644
--- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
+++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/PlatformBdsLib.inf
@@ -1,16 +1,17 @@
 #/** @file
 # Component name for module PlatformBootManagerLib
 #
-# Copyright (c) 2008  - 2016, Intel Corporation. All rights reserved.<BR>
-#                                                                              
    

-# This program and the accompanying materials are licensed and made available 
under

-# the terms and conditions of the BSD License that accompanies this 
distribution.  

-# The full text of the license may be found at                                 
    

-# http://opensource.org/licenses/bsd-license.php.                              
    

-#                                                                              
    

-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,        
    

-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR 
IMPLIED.    

-#                                                                              
    

+# Copyright (c) 2008  - 2018, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available 
under
+# the terms and conditions of the BSD License that accompanies this 
distribution.
+# The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+#
+
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
 #
 #
 #
@@ -108,6 +109,7 @@ [Pcd]
   gEfiSignedCapsulePkgTokenSpaceGuid.PcdEdkiiPkcs7TestPublicKeyFileGuid
   gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer
   gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer
+  gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBufferXdr
   gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed
   gPlatformModuleTokenSpaceGuid.PcdFlashFvRecovery2Base
   gPlatformModuleTokenSpaceGuid.PcdFlashFvMainBase
-- 
2.14.2.windows.3

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to