Re: [edk2-devel] 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[Doug Flick via groups.io]

To be clear, it requires EFI_RNG_PROTOCOL and EFI_HASH2_PROTOCOL. Both should 
be mentioned in the release notes


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119260): https://edk2.groups.io/g/devel/message/119260
Mute This Topic: https://groups.io/mt/106282939/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI

[Doug Flick via groups.io]

From: Ard Biesheuvel 

Currently, only TPM2 builds enable the PCD PEIM, which is a prerequisite
for being able to use dynamic PCDs already at the PEI stage. This
facility will be used for other reasons too so move those pieces out of
code block that are conditional on TPM2_ENABLE

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtQemu.dsc | 6 +-
 ArmVirtPkg/ArmVirtQemu.fdf | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 1d3315ad3e..4498ca58a8 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -318,11 +318,7 @@
   
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
 
 [LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM]
-!if $(TPM2_ENABLE) == TRUE
   PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
-!else
-  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
-!endif
 
 

 #
@@ -339,11 +335,11 @@
   ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf
   ArmPkg/Drivers/CpuPei/CpuPei.inf
 
-!if $(TPM2_ENABLE) == TRUE
   MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
 
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
   }
+!if $(TPM2_ENABLE) == TRUE
   MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf {
 
   
ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 764f652afd..6073a31970 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -111,8 +111,8 @@ READ_LOCK_STATUS   = TRUE
   INF ArmPkg/Drivers/CpuPei/CpuPei.inf
   INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 
-!if $(TPM2_ENABLE) == TRUE
   INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+!if $(TPM2_ENABLE) == TRUE
   INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
   INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
   INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119244): https://edk2.groups.io/g/devel/message/119244
Mute This Topic: https://groups.io/mt/106276869/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit

[Doug Flick via groups.io]

From: Ard Biesheuvel 

On ARM systems, whether SMC or HVC instructions need to be used to issue
monitor calls is typically dependent on the exception level, but there
are also cases where EL1 might use SMC instructions, so there is no hard
and fast rule.

For ArmVirtQemu, this does depend strictly on the exception level, so
set the default to HVC (for EL1 execution) and override it to SMC when
booted at EL2.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtCloudHv.dsc|  3 +++
 ArmVirtPkg/ArmVirtQemu.dsc   |  4 
 ArmVirtPkg/ArmVirtQemuKernel.dsc |  2 ++
 ArmVirtPkg/ArmVirtXen.dsc|  2 ++
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf |  1 +
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c   | 14 ++
 6 files changed, 26 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc
index 5cb2a609b1..d5055a0341 100644
--- a/ArmVirtPkg/ArmVirtCloudHv.dsc
+++ b/ArmVirtPkg/ArmVirtCloudHv.dsc
@@ -201,6 +201,9 @@
 [PcdsDynamicHii]
   
gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
 
+[PcdsPatchableInModule.common]
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 

 #
 # Components Section - list of all EDK II Modules needed by this Platform
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 4498ca58a8..80dd4fbb14 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -293,6 +293,10 @@
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
 
+  # whether to use HVC or SMC to issue monitor calls - this typically depends
+  # on the exception level at which the UEFI system firmware executes
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
   #
   # TPM2 support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 94f48593c2..2700b97d09 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -203,6 +203,8 @@
   gArmTokenSpaceGuid.PcdFdBaseAddress|0x0
   gArmTokenSpaceGuid.PcdFvBaseAddress|0x0
 
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 [PcdsDynamicDefault.common]
   gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3
 
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 5809832e66..ceb37f8a2d 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -120,6 +120,8 @@
   gArmTokenSpaceGuid.PcdFdBaseAddress|0x0
   gArmTokenSpaceGuid.PcdFvBaseAddress|0x0
 
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 [PcdsDynamicDefault.common]
 
   gArmTokenSpaceGuid.PcdArmArchTimerSecIntrNum|0x0
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf 
b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
index e9a34b6e2e..a38b89c103 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
@@ -45,6 +45,7 @@
 
 [Pcd]
   gArmTokenSpaceGuid.PcdFvBaseAddress
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## 
SOMETIMES_PRODUCES
   gUefiOvmfPkgTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
 
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c 
b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
index 7ab4aa2d6b..b8e9208301 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
@@ -18,6 +18,8 @@
 #include 
 #include 
 
+#include 
+
 #include 
 #include 
 
@@ -224,5 +226,17 @@ PlatformPeim (
 
   BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize));
 
+ #ifdef MDE_CPU_AARCH64
+  //
+  // Set the SMCCC conduit to SMC if executing at EL2, which is typically the
+  // exception level that services HVCs rather than the one that invokes them.
+  //
+  if (ArmReadCurrentEL () == AARCH64_EL2) {
+Status = PcdSetBoolS (PcdMonitorConduitHvc, FALSE);
+ASSERT_EFI_ERROR (Status);
+  }
+
+ #endif
+
   return EFI_SUCCESS;
 }
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119245): https://edk2.groups.io/g/devel/message/119245
Mute This Topic: https://groups.io/mt/106276870/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()

[Doug Flick via groups.io]

From: Ard Biesheuvel 

BaseRngLib on AARCH64 will discover whether or not RNDR instructions are
supported, by inspecting the ISAR0 identification register, and setting
a global boolean accordingly. This boolean is used in subsequent
execution to decide whether or not to issue the instruction.

The same discovery code also ASSERT()s that RNDR instructions are
implemented, which is unnecessary, and breaks execution on systems that
incorporate the library but don't implement the instruction (or fail to
expose it to the exception level that the firmware executes at).

So drop the ASSERT().

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c 
b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
index d39db62153..3a556a2e3f 100644
--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
@@ -50,7 +50,6 @@ BaseRngLibConstructor (
   // MSR. A non-zero value indicates that the processor supports the RNDR 
instruction.
   //
   Isar0 = ArmReadIdIsar0 ();
-  ASSERT ((Isar0 & RNDR_MASK) != 0);
 
   mRndrSupported = ((Isar0 & RNDR_MASK) != 0);
 
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119243): https://edk2.groups.io/g/devel/message/119243
Mute This Topic: https://groups.io/mt/106276868/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc

[Doug Flick via groups.io]

This moves the PcdMonitorConduitHvc from PcdsFeatureFlag.Common to
PcdsFixedAtBuild.Common

This is a follow on to the previous commit:
ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime

ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC instructions instead of HVC instructions.

Whether or not this is the case can only be decided at runtime, and so
the associated PCD needs to be settable at runtime, if the platform
definition chooses so. This implies a boolean PCD, given that a feature
PCD is build-time configurable only.

Cc: Leif Lindholm 
Cc: Ard Biesheuvel 
Cc: Sami Mujawar 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtKvmTool.dsc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc
index 20da331966..ae0dd1497f 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.dsc
+++ b/ArmVirtPkg/ArmVirtKvmTool.dsc
@@ -126,8 +126,6 @@
   # Use MMIO for accessing RTC controller registers.
   gPcAtChipsetPkgTokenSpaceGuid.PcdRtcUseMmio|TRUE
 
-  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
-
 [PcdsFixedAtBuild.common]
   gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800F
 
@@ -167,6 +165,8 @@
   #
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
 
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 [PcdsPatchableInModule.common]
   #
   # This will be overridden in the code
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119242): https://edk2.groups.io/g/devel/message/119242
Mute This Topic: https://groups.io/mt/106276867/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a new MockHash2 protocol to the MdePkg. This allows
the unit tests to pick up the new protocol and use it for testing.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h   | 67 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 
 2 files changed, 94 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
new file mode 100644
index 00..b44d341332
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
@@ -0,0 +1,67 @@
+/** @file
+  This file declares a mock of Hash2 Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_HASH2_H_
+#define MOCK_HASH2_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockHash2 {
+  MOCK_INTERFACE_DECLARATION (MockHash2);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetHashSize,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ OUT UINTN*HashSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+Hash,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashInit,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashUpdate,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashFinal,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+};
+
+extern "C" {
+  extern EFI_HASH2_PROTOCOL  *gHash2Protocol;
+}
+
+#endif // MOCK_HASH2_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
new file mode 100644
index 00..5cf94c43b4
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
@@ -0,0 +1,27 @@
+/** @file MockHash2.cpp
+  Google Test mock for Hash2 Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockHash2);
+MOCK_FUNCTION_DEFINITION (MockHash2, GetHashSize, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, Hash, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashInit, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashUpdate, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashFinal, 2, EFIAPI);
+
+EFI_HASH2_PROTOCOL  HASH2_PROTOCOL_INSTANCE = {
+  GetHashSize, // EFI_HASH2_GET_HASH_SIZE
+  Hash,// EFI_HASH2_HASH
+  HashInit,// EFI_HASH2_HASH_INIT
+  HashUpdate,  // EFI_HASH2_HASH_UPDATE
+  HashFinal// EFI_HASH2_HASH_FINAL
+};
+
+extern "C" {
+  EFI_HASH2_PROTOCOL  *gHash2Protocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119239): https://edk2.groups.io/g/devel/message/119239
Mute This Topic: https://groups.io/mt/106276864/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime

[Doug Flick via groups.io]

From: Ard Biesheuvel 

ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC instructions instead of HVC instructions.

Whether or not this is the case can only be decided at runtime, and so
the associated PCD needs to be settable at runtime, if the platform
definition chooses so. This implies a boolean PCD, given that a feature
PCD is build-time configurable only.

Cc: Leif Lindholm 
Cc: Ard Biesheuvel 
Cc: Sami Mujawar 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmPkg/ArmPkg.dec| 10 +-
 ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec
index 7fe2b9bca4..ac030e295b 100644
--- a/ArmPkg/ArmPkg.dec
+++ b/ArmPkg/ArmPkg.dec
@@ -139,11 +139,6 @@
   # Define if the GICv3 controller should use the GICv2 legacy
   gArmTokenSpaceGuid.PcdArmGicV3WithV2Legacy|FALSE|BOOLEAN|0x0042
 
-  ## Define the conduit to use for monitor calls.
-  # Default PcdMonitorConduitHvc = FALSE, conduit = SMC
-  # If PcdMonitorConduitHvc = TRUE, conduit = HVC
-  gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x0047
-
   # Whether to remap all unused memory NX before installing the CPU arch
   # protocol driver. This is needed on platforms that map all DRAM with RWX
   # attributes initially, and can be disabled otherwise.
@@ -317,6 +312,11 @@
   gArmTokenSpaceGuid.PcdSystemBiosRelease|0x|UINT16|0x3058
   
gArmTokenSpaceGuid.PcdEmbeddedControllerFirmwareRelease|0x|UINT16|0x3059
 
+  ## Define the conduit to use for monitor calls.
+  # Default PcdMonitorConduitHvc = FALSE, conduit = SMC
+  # If PcdMonitorConduitHvc = TRUE, conduit = HVC
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x0047
+
 [PcdsFixedAtBuild.common, PcdsDynamic.common]
   #
   # ARM Architectural Timer
diff --git a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c 
b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
index 741f5c6157..ec5b0b6619 100644
--- a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
+++ b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
@@ -26,7 +26,7 @@ ArmMonitorCall (
   IN OUT ARM_MONITOR_ARGS  *Args
   )
 {
-  if (FeaturePcdGet (PcdMonitorConduitHvc)) {
+  if (PcdGetBool (PcdMonitorConduitHvc)) {
 ArmCallHvc ((ARM_HVC_ARGS *)Args);
   } else {
 ArmCallSmc ((ARM_SMC_ARGS *)Args);
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119241): https://edk2.groups.io/g/devel/message/119241
Mute This Topic: https://groups.io/mt/106276866/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

[Doug Flick via groups.io]

From: Doug Flick 

This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
 - Random now comes from the RngLib Protocol
 - The TCP ISN is now generated by the hash function

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf |   3 +-
 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 102 
+++-
 3 files changed, 100 insertions(+), 6 deletions(-)

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index fa301a7a52..1772afb058 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -30,6 +30,7 @@
   NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
 
   
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   }
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
index 301dcdf611..8b092d9291 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -14,7 +14,7 @@ VERSION_STRING = 1.0
 #
 # The following information is for reference only and not required by the 
build tools.
 #
-#  VALID_ARCHITECTURES   = IA32 X64
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
 #
 
 [Sources]
@@ -23,6 +23,7 @@ VERSION_STRING = 1.0
   PxeBcDhcp6GoogleTest.h
   ../PxeBcDhcp6.c
   ../PxeBcSupport.c
+  ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index bd423ebadf..61736ff79e 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -7,6 +7,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 extern "C" {
   #include 
@@ -165,7 +167,7 @@ protected:
 // Note:
 // Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
 // properly setup Private structure. Attempting to properly test this function
-// without a signficant refactor is a fools errand. Instead, we will test
+// without a significant refactor is a fools errand. Instead, we will test
 // that we can prevent an overflow in the function.
 TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
   PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
 FreePool (Option);
   }
 }
+
 // Test Description
 // Test that we can prevent an overflow in the function
 TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, 
AttemptRequestOverFlowExpectFailure) {
 class PxeBcDhcp6DiscoverTest : public ::testing::Test {
 public:
   PXEBC_PRIVATE_DATA Private = { 0 };
+  // create a mock md5 hash
+  UINT8 Md5Hash[16] = { 0 };
+
   EFI_UDP6_PROTOCOL Udp6Read;
 
 protected:
   MockUefiRuntimeServicesTableLib RtServicesMock;
+  MockUefiBootServicesTableLib BsMock;
+  MockRng RngMock;
 
   // Add any setup code if needed
   virtual void
@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)
+)
+   );
+
+  EXPECT_CALL (RngMock, GetRng)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<3> (::testing::ByRef 
(Md5Hash[0])),
+::testing::Return (EFI_SUCCESS)
+)
+   );
 
   ASSERT_EQ (
 PxeBcDhcp6Discover (
@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)
+   

[edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a mock library for UefiBootServicesTableLib.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/MdePkgHostTest.dsc 
   |  1 +
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 | 32 
 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
   | 78 
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
 | 69 +
 4 files changed, 180 insertions(+)

diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
index e36b7c..6a85d02236 100644
--- a/MdePkg/Test/MdePkgHostTest.dsc
+++ b/MdePkg/Test/MdePkgHostTest.dsc
@@ -43,6 +43,7 @@
   MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
   
MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockFdtLib/MockFdtLib.inf
diff --git 
a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
new file mode 100644
index 00..8b64fd195a
--- /dev/null
+++ 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
@@ -0,0 +1,32 @@
+## @file
+#  Mock implementation of the UEFI Boot Services Table Library.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = MockUefiBootServicesTableLib
+  FILE_GUID  = 67EA4614-E276-49EC-9AE6-B97ACCEA676E
+  MODULE_TYPE= HOST_APPLICATION
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = UefiBootServicesTableLib|HOST_APPLICATION
+
+#
+#  VALID_ARCHITECTURES   = IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiBootServicesTableLib.cpp
+
+[LibraryClasses]
+  GoogleTestLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git 
a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
new file mode 100644
index 00..d72b941323
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
@@ -0,0 +1,78 @@
+/** @file
+  Google Test mocks for UefiBootServicesTableLib
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+#define MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+
+#include 
+#include 
+extern "C" {
+  #include 
+  #include 
+}
+
+//
+// Declarations to handle usage of the UefiBootServiceTableLib by creating mock
+//
+struct MockUefiBootServicesTableLib {
+  MOCK_INTERFACE_DECLARATION (MockUefiBootServicesTableLib);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_GetMemoryMap,
+(IN OUT UINTN *MemoryMapSize,
+ OUTEFI_MEMORY_DESCRIPTOR *MemoryMap,
+ OUTUINTN *MapKey,
+ OUTUINTN *DescriptorSize,
+ OUTUINT32*DescriptorVersion)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEvent,
+(IN  UINT32   Type,
+ IN  EFI_TPL  NotifyTpl,
+ IN  EFI_EVENT_NOTIFY NotifyFunction,
+ IN  VOID *NotifyContext,
+ OUT EFI_EVENT*Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CloseEvent,
+(IN EFI_EVENT Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_HandleProtocol,
+(IN  EFI_HANDLE Handle,
+ IN  EFI_GUID   *Protocol,
+ OUT VOID   **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_LocateProtocol,
+(IN  EFI_GUID *Protocol,
+ IN  VOID  *Registration  OPTIONAL,
+ OUT VOID  **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEventEx,
+(IN UINT32Type,
+ IN EFI_TPL   NotifyTpl,
+ IN EFI_EVENT_NOTIFY  NotifyFunction OPTIONAL,
+ IN CONST VOID*NotifyContext OPTIONAL,
+ IN CONST EFI_GUID*EventGroup OPTIONAL,
+ OUT EFI_EVENT*Event)
+);
+};
+
+#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git 

[edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236

[Doug Flick via groups.io]

From: Doug Flick 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt

Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.

This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.

RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection

   A TCP implementation MUST use the above type of "clock" for clock-
   driven selection of initial sequence numbers (MUST-8), and SHOULD
   generate its initial sequence numbers with the expression:

   ISN = M + F(localip, localport, remoteip, remoteport, secretkey)

   where M is the 4 microsecond timer, and F() is a pseudorandom
   function (PRF) of the connection's identifying parameters ("localip,
   localport, remoteip, remoteport") and a secret key ("secretkey")
   (SHLD-1).  F() MUST NOT be computable from the outside (MUST-9), or
   an attacker could still guess at sequence numbers from the ISN used
   for some other connection.  The PRF could be implemented as a
   cryptographic hash of the concatenation of the TCP connection
   parameters and some secret data.  For discussion of the selection of
   a specific hash algorithm and management of the secret key data,
   please see Section 3 of [42].

   For each connection there is a send sequence number and a receive
   sequence number.  The initial send sequence number (ISS) is chosen by
   the data sending TCP peer, and the initial receive sequence number
   (IRS) is learned during the connection-establishing procedure.

   For a connection to be established or initialized, the two TCP peers
   must synchronize on each other's initial sequence numbers.  This is
   done in an exchange of connection-establishing segments carrying a
   control bit called "SYN" (for synchronize) and the initial sequence
   numbers.  As a shorthand, segments carrying the SYN bit are also
   called "SYNs".  Hence, the solution requires a suitable mechanism for
   picking an initial sequence number and a slightly involved handshake
   to exchange the ISNs.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/TcpDxe/TcpDxe.inf  |   8 +-
 NetworkPkg/TcpDxe/TcpFunc.h   |  23 +-
 NetworkPkg/TcpDxe/TcpMain.h   |  59 -
 NetworkPkg/TcpDxe/TcpDriver.c |  92 +++-
 NetworkPkg/TcpDxe/TcpInput.c  |  13 +-
 NetworkPkg/TcpDxe/TcpMisc.c   | 244 ++--
 NetworkPkg/TcpDxe/TcpTimer.c  |   3 +-
 NetworkPkg/SecurityFixes.yaml |  22 ++
 8 files changed, 415 insertions(+), 49 deletions(-)

diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index cf5423f4c5..76de4cf9ec 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -6,6 +6,7 @@
 #  stack has been loaded in system. This driver supports both IPv4 and IPv6 
network stack.
 #
 #  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) Microsoft Corporation
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -68,7 +69,6 @@
   NetLib
   IpIoLib
 
-
 [Protocols]
   ## SOMETIMES_CONSUMES
   ## SOMETIMES_PRODUCES
@@ -81,6 +81,12 @@
   gEfiIp6ServiceBindingProtocolGuid ## TO_START
   gEfiTcp6ProtocolGuid  ## BY_START
   gEfiTcp6ServiceBindingProtocolGuid## BY_START
+  gEfiHash2ProtocolGuid ## BY_START
+  gEfiHash2ServiceBindingProtocolGuid   ## BY_START
+
+[Guids]
+  gEfiHashAlgorithmMD5Guid  ## CONSUMES
+  gEfiHashAlgorithmSha256Guid   ## CONSUMES
 
 [Depex]
   gEfiHash2ServiceBindingProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
index a7af01fff2..c707bee3e5 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
@@ -2,7 +2,7 @@
   Declaration of external functions shared in TCP driver.
 
   Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -36,8 +36,11 @@ VOID
 
   @param[in, out]  Tcb   Pointer to the TCP_CB of this TCP 
instance.
 
+  @retval EFI_SUCCESS The operation completed successfully
+  @retval others  The underlying functions failed and could 
not complete the operation
+
 **/
-VOID
+EFI_STATUS
 TcpInitTcbLocal (
   IN OUT TCP_CB  *Tcb
   );
@@ -128,17 +131,6 @@ TcpCloneTcb (
   IN TCP_CB  *Tcb
   );
 
-/**
-  Compute an ISS to be used by a new connection.
-
-  @return The result ISS.
-
-**/
-TCP_SEQNO
-TcpGetIss (
-  VOID
-  );
-
 /**
   Get the local mss.
 
@@ -202,8 

[edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h   | 48 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 +
 2 files changed, 69 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
new file mode 100644
index 00..b54f8a234b
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
@@ -0,0 +1,48 @@
+/** @file
+  This file declares a mock of Rng Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_RNG_H_
+#define MOCK_RNG_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockRng {
+  MOCK_INTERFACE_DECLARATION (MockRng);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetInfo,
+(
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN*RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM   *RNGAlgorithmList
+)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetRng,
+(
+ IN EFI_RNG_PROTOCOL*This,
+ IN EFI_RNG_ALGORITHM   *RNGAlgorithm,
+ IN UINTN   RNGValueLength,
+ OUT UINT8  *RNGValue
+)
+);
+};
+
+extern "C" {
+  extern EFI_RNG_PROTOCOL  *gRngProtocol;
+}
+
+#endif // MOCK_RNG_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
new file mode 100644
index 00..7d8b69cc86
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
@@ -0,0 +1,21 @@
+/** @file MockRng.cpp
+  Google Test mock for Rng Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockRng);
+MOCK_FUNCTION_DEFINITION (MockRng, GetInfo, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockRng, GetRng, 4, EFIAPI);
+
+EFI_RNG_PROTOCOL  RNG_PROTOCOL_INSTANCE = {
+  GetInfo, // EFI_RNG_GET_INFO
+  GetRng   // EFI_RNG_GET_RNG
+};
+
+extern "C" {
+  EFI_RNG_PROTOCOL  *gRngProtocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119238): https://edk2.groups.io/g/devel/message/119238
Mute This Topic: https://groups.io/mt/106276863/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32 Random;
>
> Status = PseudoRandomU32 ();
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/NetworkPkg.dec  |   7 ++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf |  14 ++-
 NetworkPkg/TcpDxe/TcpDxe.inf   |   3 +
 NetworkPkg/IScsiDxe/IScsiMisc.h|   6 +-
 NetworkPkg/Include/Library/NetLib.h|  40 --
 NetworkPkg/Ip6Dxe/Ip6Nd.h  |   8 +-
 NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c  |  10 +-
 NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c  |  11 +-
 NetworkPkg/DnsDxe/DnsDhcp.c|  10 +-
 NetworkPkg/DnsDxe/DnsImpl.c|  11 +-
 NetworkPkg/HttpBootDxe/HttpBootDhcp6.c |  10 +-
 NetworkPkg/IScsiDxe/IScsiCHAP.c|  19 ++-
 NetworkPkg/IScsiDxe/IScsiMisc.c|  14 +--
 NetworkPkg/Ip4Dxe/Ip4Driver.c  |  10 +-
 NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c  |   9 +-
 NetworkPkg/Ip6Dxe/Ip6Driver.c  |  17 ++-
 NetworkPkg/Ip6Dxe/Ip6If.c  |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Mld.c |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Nd.c  |  33 -
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c   | 130 +---
 NetworkPkg/TcpDxe/TcpDriver.c  |  15 ++-
 NetworkPkg/Udp4Dxe/Udp4Driver.c|  10 +-
 NetworkPkg/Udp6Dxe/Udp6Driver.c|  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c   |   9 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c   |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c  |  12 +-
 NetworkPkg/SecurityFixes.yaml  |  39 ++
 27 files changed, 410 insertions(+), 83 deletions(-)

diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e774..7c4289b77b 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
 #
 # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
 # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -130,6 +131,12 @@
   # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
   
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x100C
 
+  ## Enforces the use of Secure UEFI spec defined RNG algorithms for all 
network connections.
+  # TRUE  - Enforce the use of Secure UEFI spec defined RNG algorithms.
+  # FALSE - Do not enforce and depend on the default implementation of RNG 
algorithm from the provider.
+  # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+  
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x100D
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 
6355).
   # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec..a8f534a293 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
 #
 #  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
 #  (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+#  Copyright (c) Microsoft Corporation
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -49,7 +50,11 @@
   gEfiSmbiosTableGuid   ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiSmbios3TableGuid  ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
-
+  gEfiRngAlgorithmRaw   ## 

[edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py 
b/OvmfPkg/PlatformCI/PlatformBuildLib.py
index 00d454954b..3fe80f5c1c 100644
--- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
+++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
@@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager):
 args += " -net none"# 
turn off network
 args += " -smp 4"
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # 
Mount disk with startup.nsh
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
 args += " -display none"  # no graphics
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119230): https://edk2.groups.io/g/devel/message/119230
Mute This Topic: https://groups.io/mt/106276855/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng

[Doug Flick via groups.io]

Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy source,
>// its security level must be at least 256 bits according to UEFI
Spec.
>//
>if (RNGValueLength < 32) {
>  return EFI_INVALID_PARAMETER;
>}
>

AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.

Cc: Jiewen Yao 

Signed-off-by: Doug Flick [MSFT] 
Reviewed-by: Ard Biesheuvel 
---
 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c 
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16e4b..5723ed6957 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
   // The "raw" algorithm is intended to provide entropy directly
   //
   if (CompareGuid (RNGAlgorithm, )) {
-//
-// When a DRBG is used on the output of a entropy source,
-// its security level must be at least 256 bits according to UEFI Spec.
-//
-if (RNGValueLength < 32) {
-  return EFI_INVALID_PARAMETER;
-}
-
 Status = GenerateEntropy (RNGValueLength, RNGValue);
 return Status;
   }
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119234): https://edk2.groups.io/g/devel/message/119234
Mute This Topic: https://groups.io/mt/106276859/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py 
b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
index 0ddaccf9c2..3abab09141 100644
--- a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
+++ b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
@@ -240,6 +240,8 @@ class PlatformBuilder(UefiBuilder, BuildSettingsManager):
 args += " -serial stdio"
 # Mount disk with startup.nsh
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk"
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 # Conditional Args
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119232): https://edk2.groups.io/g/devel/message/119232
Mute This Topic: https://groups.io/mt/106276857/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg

[Doug Flick via groups.io]

This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtQemu.dsc   | 5 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +
 3 files changed, 15 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7e2ff33ad1..1d3315ad3e 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -554,6 +554,11 @@
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index efe2df97bd..94f48593c2 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -461,6 +461,11 @@
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # ACPI Support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc 
b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index c5d097ffb9..80d420023e 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -177,6 +177,11 @@ READ_LOCK_STATUS   = TRUE
   INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119233): https://edk2.groups.io/g/devel/message/119233
Mute This Topic: https://groups.io/mt/106276858/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/OvmfPkgIa32.dsc| 6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc | 6 +-
 OvmfPkg/OvmfPkgX64.dsc | 6 +-
 OvmfPkg/OvmfXen.dsc| 5 +
 OvmfPkg/OvmfPkgIa32.fdf| 5 +
 OvmfPkg/OvmfPkgIa32X64.fdf | 5 +
 OvmfPkg/OvmfPkgX64.fdf | 5 +
 OvmfPkg/OvmfXen.fdf| 5 +
 8 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 1be021be71..2ca005d768 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -229,7 +229,6 @@
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -858,6 +857,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d27a4c7278..a39070a626 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -234,7 +234,6 @@
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -872,6 +871,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8f5cd23b2e..1b90aa8f57 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -250,7 +250,6 @@
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -940,6 +939,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index fa1a570e74..7fc340d1c1 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -667,6 +667,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 6eb26f7d46..0d4abb50a8 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,6 +295,11 @@ INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 080784f722..23a825a012 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -296,6 +296,11 @@ INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b6e8f43566..4dcd6a033c 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -329,6 +329,11 @@ INF MdeModulePkg/Logo/LogoDxe.inf
 
 INF OvmfPkg/TdxDxe/TdxDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index 5770b17316..41368f37e2 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -314,6 +314,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119231): https://edk2.groups.io/g/devel/message/119231
Mute This Topic: https://groups.io/mt/106276856/21656
Group Owner: devel+ow...@edk2.groups.io

[edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg

[Doug Flick via groups.io]

This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
Reviewed-by: Ray Ni 
---
 EmulatorPkg/EmulatorPkg.dsc | 7 ++-
 EmulatorPkg/EmulatorPkg.fdf | 6 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 5fa1ed345a..0a66294cb7 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -127,9 +127,9 @@
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
+  RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
-  RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -398,6 +398,11 @@
   EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
   EmulatorPkg/TimerDxe/Timer.inf
 
+  #
+  # Rng Protocol producer
+  #
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 !endif
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 5420756eaa..d756c144d9 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -193,6 +193,11 @@ INF  RuleOverride = UI 
MdeModulePkg/Application/UiApp/UiApp.inf
 INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
 INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
 
+#
+# Rng Protocol producer
+#
+INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 #
 # Secure Boot Key Enroll
 #
@@ -320,4 +325,3 @@ INF  ShellPkg/Application/Shell/Shell.inf
 UISTRING="$(MODULE_NAME)" Optional
 VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
   }
-
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119228): https://edk2.groups.io/g/devel/message/119228
Mute This Topic: https://groups.io/mt/106276853/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 5 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb7..1c356bc8c7 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -402,6 +403,10 @@
   # Rng Protocol producer
   #
   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d9..73d5b0068d 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ INF  
MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
 #
 INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Secure Boot Key Enroll
 #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119229): https://edk2.groups.io/g/devel/message/119229
Mute This Topic: https://groups.io/mt/106276854/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[Doug Flick via groups.io]

REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator

In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation,
  instead it uses EFI_RNG_PROTOCOL provided by the plaform to
  generate random numbers.
  - This change was made such that any future random number
generation vulnerabilities will be a result of the platforms
implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg

- NetworkPkg uses the TCP initial sequence number algorithm as described
  in RFC 6528 to generate the initial sequence number for TCP connections.
  - This change was made to ensure that the initial sequence number
is not predictable and therefore cannot be used in a TCP hijacking
attack.

In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
  Hash2DxeCrypto driver to support TCP ISN generation using
  EFI_HASH2_PROTOCOL

- EmulatorPkg was updated to include the
  RngDxe driver to support random number generation using the
  EFI_RNG_PROTOCOL

- OvmfPkg, and ArmVirtPkg were updated to include the
  virtio-rng-pci device to support random number generation using the
  EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver

- SecurityPkg was updated to fix an incorrect limitation on the
  GetRng function in the RngDxe driver where the minimum amount of
  random data that could be requested was 32 bytes (256 bits) instead
  of what the caller requested

- MdePkg was updated to include MockUefiBootServicesTableLib,
  MockRng, and MockHash2 protocols for testing

- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
  due to underlying changes

- ArmPkg was updated to allow the SMC/HVC monitor conduit to be
  specified at runtime

- MdePkg was updated to remove an overzealous ASSERT in BaseRngLib

- ArmVirtPkg was updated to permit the use of dynamic PCDs in PEI

- ArmVirtPkg was updated to use dynamic PCDs to set the SMCCC conduit

- ArmVirtPkg was updated to add the RngDxe driver

Cc: Liming Gao 

Signed-off-by: Doug Flick [MSFT] 

Ard Biesheuvel (6):
  ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
  MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()
  ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI
  ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit
  ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and ArmVirt.dsc.inc
  ArmVirtPkg/ArmVirtQemu: Add RngDxe driver

Doug Flick (8):
  EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
  OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
  NetworkPkg:: SECURITY PATCH CVE-2023-45237
  NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
  MdePkg: : Add MockUefiBootServicesTableLib
  MdePkg: : Adds Protocol for MockRng
  MdePkg: Add MockHash2 Protocol for testing
  NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

Flickdm (6):
  EmulatorPkg: : Add RngDxe to EmulatorPkg
  OvmfPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
  SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
  ArmVirtPkg: Move PcdMonitorConduitHvc

 ArmPkg/ArmPkg.dec  
   |  10 +-
 NetworkPkg/NetworkPkg.dec  
   |   7 +
 ArmVirtPkg/ArmVirt.dsc.inc 
   |   5 +-
 ArmVirtPkg/ArmVirtCloudHv.dsc  
   |   3 +
 ArmVirtPkg/ArmVirtKvmTool.dsc  
   |   4 +-
 ArmVirtPkg/ArmVirtQemu.dsc 
   |  20 +-
 ArmVirtPkg/ArmVirtQemuKernel.dsc   
   |  12 +-
 ArmVirtPkg/ArmVirtXen.dsc  
   |   6 +-
 EmulatorPkg/EmulatorPkg.dsc
   |  14 +-
 MdePkg/Test/MdePkgHostTest.dsc 
   |   1 +
 NetworkPkg/Test/NetworkPkgHostTest.dsc 
   |   1 +
 OvmfPkg/OvmfPkgIa32.dsc
   |   6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc 
   |   6 +-
 OvmfPkg/OvmfPkgX64.dsc 
   |   6 +-
 OvmfPkg/OvmfXen.dsc

[edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit

[Doug Flick via groups.io]

From: Ard Biesheuvel 

On ARM systems, whether SMC or HVC instructions need to be used to issue
monitor calls is typically dependent on the exception level, but there
are also cases where EL1 might use SMC instructions, so there is no hard
and fast rule.

For ArmVirtQemu, this does depend strictly on the exception level, so
set the default to HVC (for EL1 execution) and override it to SMC when
booted at EL2.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtCloudHv.dsc|  3 +++
 ArmVirtPkg/ArmVirtQemu.dsc   |  4 
 ArmVirtPkg/ArmVirtQemuKernel.dsc |  2 ++
 ArmVirtPkg/ArmVirtXen.dsc|  2 ++
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf |  1 +
 ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c   | 14 ++
 6 files changed, 26 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc
index 5cb2a609b1..d5055a0341 100644
--- a/ArmVirtPkg/ArmVirtCloudHv.dsc
+++ b/ArmVirtPkg/ArmVirtCloudHv.dsc
@@ -201,6 +201,9 @@
 [PcdsDynamicHii]
   
gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
 
+[PcdsPatchableInModule.common]
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 

 #
 # Components Section - list of all EDK II Modules needed by this Platform
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 4498ca58a8..80dd4fbb14 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -293,6 +293,10 @@
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
 
+  # whether to use HVC or SMC to issue monitor calls - this typically depends
+  # on the exception level at which the UEFI system firmware executes
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
   #
   # TPM2 support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 94f48593c2..2700b97d09 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -203,6 +203,8 @@
   gArmTokenSpaceGuid.PcdFdBaseAddress|0x0
   gArmTokenSpaceGuid.PcdFvBaseAddress|0x0
 
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 [PcdsDynamicDefault.common]
   gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3
 
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index 5809832e66..ceb37f8a2d 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -120,6 +120,8 @@
   gArmTokenSpaceGuid.PcdFdBaseAddress|0x0
   gArmTokenSpaceGuid.PcdFvBaseAddress|0x0
 
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 [PcdsDynamicDefault.common]
 
   gArmTokenSpaceGuid.PcdArmArchTimerSecIntrNum|0x0
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf 
b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
index e9a34b6e2e..a38b89c103 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf
@@ -45,6 +45,7 @@
 
 [Pcd]
   gArmTokenSpaceGuid.PcdFvBaseAddress
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## 
SOMETIMES_PRODUCES
   gUefiOvmfPkgTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress
 
diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c 
b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
index 7ab4aa2d6b..b8e9208301 100644
--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
+++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c
@@ -18,6 +18,8 @@
 #include 
 #include 
 
+#include 
+
 #include 
 #include 
 
@@ -224,5 +226,17 @@ PlatformPeim (
 
   BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize));
 
+ #ifdef MDE_CPU_AARCH64
+  //
+  // Set the SMCCC conduit to SMC if executing at EL2, which is typically the
+  // exception level that services HVCs rather than the one that invokes them.
+  //
+  if (ArmReadCurrentEL () == AARCH64_EL2) {
+Status = PcdSetBoolS (PcdMonitorConduitHvc, FALSE);
+ASSERT_EFI_ERROR (Status);
+  }
+
+ #endif
+
   return EFI_SUCCESS;
 }
-- 
2.34.1

[edk2-devel] [PATCH v3 20/20] ArmVirtPkg/ArmVirtQemu: Add RngDxe driver

[Doug Flick via groups.io]

From: Ard Biesheuvel 

Add the RngDxe driver to the build, backed by either RNDR or TRNG, one
of which is expected to be available in most cases:
- RNDR is implemented by the 'max' CPU that QEMU implements in TCG mode
- TRNG is implemented by the KVM hypervisor, which backs QEMU's 'host'
  CPU

Other TCG modes (e.g., the 'cortex-a*' CPUs) implement neither, which
should prevent the RngDxe driver from dispatching entirely, resulting
in the same situation as before.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirt.dsc.inc   | 5 -
 ArmVirtPkg/ArmVirtQemu.dsc   | 1 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 +
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 +
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 2bc6a29eb1..7044790a1e 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -156,7 +156,9 @@
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
 !endif
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-  RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+  ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
+  ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
 
   #
   # Secure Boot dependencies
@@ -266,6 +268,7 @@
 
 [LibraryClasses.ARM]
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
+  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 [BuildOptions]
   GCC:RELEASE_*_*_CC_FLAGS  = -DMDEPKG_NDEBUG
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index e40ade230c..64aa4e96e5 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -432,6 +432,7 @@
   BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
   }
   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 
   #
   # Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 6f1b81427e..2cf96accbd 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -341,6 +341,7 @@
   BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
   }
   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 
   #
   # Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc 
b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 80d420023e..38906004d7 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -75,6 +75,7 @@ READ_LOCK_STATUS   = TRUE
   INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
   INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
   INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
+  INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 
   #
   # FAT filesystem + GPT/MBR partitioning + UDF filesystem + virtio-fs
-- 
2.34.1

[edk2-devel] [PATCH v3 19/20] ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and ArmVirt.dsc.inc

[Doug Flick via groups.io]

From: Ard Biesheuvel 

MdeLibs.inc sets default library class resolutions which are much more
general than the ones that might be specified in ArmVirt.dsc.inc. So the
latter should be included *after* MdeLibs.inc to ensure that its
definitions take precedence.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtQemu.dsc   | 4 ++--
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 ++--
 ArmVirtPkg/ArmVirtXen.dsc| 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 80dd4fbb14..e40ade230c 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -49,10 +49,10 @@
 
 !include NetworkPkg/NetworkDefines.dsc.inc
 
-!include ArmVirtPkg/ArmVirt.dsc.inc
-
 !include MdePkg/MdeLibs.dsc.inc
 
+!include ArmVirtPkg/ArmVirt.dsc.inc
+
 [LibraryClasses.common]
   ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
   ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 2700b97d09..6f1b81427e 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -46,10 +46,10 @@
 
 !include NetworkPkg/NetworkDefines.dsc.inc
 
-!include ArmVirtPkg/ArmVirt.dsc.inc
-
 !include MdePkg/MdeLibs.dsc.inc
 
+!include ArmVirtPkg/ArmVirt.dsc.inc
+
 [LibraryClasses.common]
   ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
   ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf
diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc
index ceb37f8a2d..1505709a29 100644
--- a/ArmVirtPkg/ArmVirtXen.dsc
+++ b/ArmVirtPkg/ArmVirtXen.dsc
@@ -23,10 +23,10 @@
   SKUID_IDENTIFIER   = DEFAULT
   FLASH_DEFINITION   = ArmVirtPkg/ArmVirtXen.fdf
 
-!include ArmVirtPkg/ArmVirt.dsc.inc
-
 !include MdePkg/MdeLibs.dsc.inc
 
+!include ArmVirtPkg/ArmVirt.dsc.inc
+
 [LibraryClasses]
   
SerialPortLib|OvmfPkg/Library/XenConsoleSerialPortLib/XenConsoleSerialPortLib.inf
 !if $(TARGET) != RELEASE
-- 
2.34.1

[edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32 Random;
>
> Status = PseudoRandomU32 ();
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/NetworkPkg.dec  |   7 ++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf |  14 ++-
 NetworkPkg/TcpDxe/TcpDxe.inf   |   3 +
 NetworkPkg/IScsiDxe/IScsiMisc.h|   6 +-
 NetworkPkg/Include/Library/NetLib.h|  40 --
 NetworkPkg/Ip6Dxe/Ip6Nd.h  |   8 +-
 NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c  |  10 +-
 NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c  |  11 +-
 NetworkPkg/DnsDxe/DnsDhcp.c|  10 +-
 NetworkPkg/DnsDxe/DnsImpl.c|  11 +-
 NetworkPkg/HttpBootDxe/HttpBootDhcp6.c |  10 +-
 NetworkPkg/IScsiDxe/IScsiCHAP.c|  19 ++-
 NetworkPkg/IScsiDxe/IScsiMisc.c|  14 +--
 NetworkPkg/Ip4Dxe/Ip4Driver.c  |  10 +-
 NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c  |   9 +-
 NetworkPkg/Ip6Dxe/Ip6Driver.c  |  17 ++-
 NetworkPkg/Ip6Dxe/Ip6If.c  |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Mld.c |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Nd.c  |  33 -
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c   | 130 +---
 NetworkPkg/TcpDxe/TcpDriver.c  |  15 ++-
 NetworkPkg/Udp4Dxe/Udp4Driver.c|  10 +-
 NetworkPkg/Udp6Dxe/Udp6Driver.c|  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c   |   9 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c   |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c  |  12 +-
 NetworkPkg/SecurityFixes.yaml  |  39 ++
 27 files changed, 410 insertions(+), 83 deletions(-)

diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e774..7c4289b77b 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
 #
 # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
 # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -130,6 +131,12 @@
   # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
   
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x100C
 
+  ## Enforces the use of Secure UEFI spec defined RNG algorithms for all 
network connections.
+  # TRUE  - Enforce the use of Secure UEFI spec defined RNG algorithms.
+  # FALSE - Do not enforce and depend on the default implementation of RNG 
algorithm from the provider.
+  # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+  
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x100D
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 
6355).
   # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec..a8f534a293 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
 #
 #  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
 #  (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+#  Copyright (c) Microsoft Corporation
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -49,7 +50,11 @@
   gEfiSmbiosTableGuid   ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiSmbios3TableGuid  ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
-
+  gEfiRngAlgorithmRaw   ## 

[edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI

[Doug Flick via groups.io]

From: Ard Biesheuvel 

Currently, only TPM2 builds enable the PCD PEIM, which is a prerequisite
for being able to use dynamic PCDs already at the PEI stage. This
facility will be used for other reasons too so move those pieces out of
code block that are conditional on TPM2_ENABLE

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtQemu.dsc | 6 +-
 ArmVirtPkg/ArmVirtQemu.fdf | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 1d3315ad3e..4498ca58a8 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -318,11 +318,7 @@
   
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5
 
 [LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM]
-!if $(TPM2_ENABLE) == TRUE
   PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
-!else
-  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
-!endif
 
 

 #
@@ -339,11 +335,11 @@
   ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf
   ArmPkg/Drivers/CpuPei/CpuPei.inf
 
-!if $(TPM2_ENABLE) == TRUE
   MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
 
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
   }
+!if $(TPM2_ENABLE) == TRUE
   MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf {
 
   
ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 764f652afd..6073a31970 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -111,8 +111,8 @@ READ_LOCK_STATUS   = TRUE
   INF ArmPkg/Drivers/CpuPei/CpuPei.inf
   INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 
-!if $(TPM2_ENABLE) == TRUE
   INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+!if $(TPM2_ENABLE) == TRUE
   INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
   INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
   INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
-- 
2.34.1

[edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()

[Doug Flick via groups.io]

From: Ard Biesheuvel 

BaseRngLib on AARCH64 will discover whether or not RNDR instructions are
supported, by inspecting the ISAR0 identification register, and setting
a global boolean accordingly. This boolean is used in subsequent
execution to decide whether or not to issue the instruction.

The same discovery code also ASSERT()s that RNDR instructions are
implemented, which is unnecessary, and breaks execution on systems that
incorporate the library but don't implement the instruction (or fail to
expose it to the exception level that the firmware executes at).

So drop the ASSERT().

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c 
b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
index d39db62153..3a556a2e3f 100644
--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
@@ -50,7 +50,6 @@ BaseRngLibConstructor (
   // MSR. A non-zero value indicates that the processor supports the RNDR 
instruction.
   //
   Isar0 = ArmReadIdIsar0 ();
-  ASSERT ((Isar0 & RNDR_MASK) != 0);
 
   mRndrSupported = ((Isar0 & RNDR_MASK) != 0);
 
-- 
2.34.1

[edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc

[Doug Flick via groups.io]

This moves the PcdMonitorConduitHvc from PcdsFeatureFlag.Common to
PcdsFixedAtBuild.Common

This is a follow on to the previous commit:
ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime

ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC instructions instead of HVC instructions.

Whether or not this is the case can only be decided at runtime, and so
the associated PCD needs to be settable at runtime, if the platform
definition chooses so. This implies a boolean PCD, given that a feature
PCD is build-time configurable only.

Cc: Leif Lindholm 
Cc: Ard Biesheuvel 
Cc: Sami Mujawar 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtKvmTool.dsc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc
index 20da331966..ae0dd1497f 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.dsc
+++ b/ArmVirtPkg/ArmVirtKvmTool.dsc
@@ -126,8 +126,6 @@
   # Use MMIO for accessing RTC controller registers.
   gPcAtChipsetPkgTokenSpaceGuid.PcdRtcUseMmio|TRUE
 
-  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
-
 [PcdsFixedAtBuild.common]
   gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800F
 
@@ -167,6 +165,8 @@
   #
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
 
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE
+
 [PcdsPatchableInModule.common]
   #
   # This will be overridden in the code
-- 
2.34.1

[edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a new MockHash2 protocol to the MdePkg. This allows
the unit tests to pick up the new protocol and use it for testing.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h   | 67 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 
 2 files changed, 94 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
new file mode 100644
index 00..b44d341332
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
@@ -0,0 +1,67 @@
+/** @file
+  This file declares a mock of Hash2 Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_HASH2_H_
+#define MOCK_HASH2_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockHash2 {
+  MOCK_INTERFACE_DECLARATION (MockHash2);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetHashSize,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ OUT UINTN*HashSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+Hash,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashInit,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashUpdate,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashFinal,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+};
+
+extern "C" {
+  extern EFI_HASH2_PROTOCOL  *gHash2Protocol;
+}
+
+#endif // MOCK_HASH2_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
new file mode 100644
index 00..5cf94c43b4
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
@@ -0,0 +1,27 @@
+/** @file MockHash2.cpp
+  Google Test mock for Hash2 Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockHash2);
+MOCK_FUNCTION_DEFINITION (MockHash2, GetHashSize, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, Hash, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashInit, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashUpdate, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashFinal, 2, EFIAPI);
+
+EFI_HASH2_PROTOCOL  HASH2_PROTOCOL_INSTANCE = {
+  GetHashSize, // EFI_HASH2_GET_HASH_SIZE
+  Hash,// EFI_HASH2_HASH
+  HashInit,// EFI_HASH2_HASH_INIT
+  HashUpdate,  // EFI_HASH2_HASH_UPDATE
+  HashFinal// EFI_HASH2_HASH_FINAL
+};
+
+extern "C" {
+  EFI_HASH2_PROTOCOL  *gHash2Protocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1

[edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

[Doug Flick via groups.io]

From: Doug Flick 

This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
 - Random now comes from the RngLib Protocol
 - The TCP ISN is now generated by the hash function

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf |   3 +-
 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 102 
+++-
 3 files changed, 100 insertions(+), 6 deletions(-)

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index fa301a7a52..1772afb058 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -30,6 +30,7 @@
   NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
 
   
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   }
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
index 301dcdf611..8b092d9291 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -14,7 +14,7 @@ VERSION_STRING = 1.0
 #
 # The following information is for reference only and not required by the 
build tools.
 #
-#  VALID_ARCHITECTURES   = IA32 X64
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
 #
 
 [Sources]
@@ -23,6 +23,7 @@ VERSION_STRING = 1.0
   PxeBcDhcp6GoogleTest.h
   ../PxeBcDhcp6.c
   ../PxeBcSupport.c
+  ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index bd423ebadf..61736ff79e 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -7,6 +7,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 extern "C" {
   #include 
@@ -165,7 +167,7 @@ protected:
 // Note:
 // Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
 // properly setup Private structure. Attempting to properly test this function
-// without a signficant refactor is a fools errand. Instead, we will test
+// without a significant refactor is a fools errand. Instead, we will test
 // that we can prevent an overflow in the function.
 TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
   PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
 FreePool (Option);
   }
 }
+
 // Test Description
 // Test that we can prevent an overflow in the function
 TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, 
AttemptRequestOverFlowExpectFailure) {
 class PxeBcDhcp6DiscoverTest : public ::testing::Test {
 public:
   PXEBC_PRIVATE_DATA Private = { 0 };
+  // create a mock md5 hash
+  UINT8 Md5Hash[16] = { 0 };
+
   EFI_UDP6_PROTOCOL Udp6Read;
 
 protected:
   MockUefiRuntimeServicesTableLib RtServicesMock;
+  MockUefiBootServicesTableLib BsMock;
+  MockRng RngMock;
 
   // Add any setup code if needed
   virtual void
@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)
+)
+   );
+
+  EXPECT_CALL (RngMock, GetRng)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<3> (::testing::ByRef 
(Md5Hash[0])),
+::testing::Return (EFI_SUCCESS)
+)
+   );
 
   ASSERT_EQ (
 PxeBcDhcp6Discover (
@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)
+   

[edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime

[Doug Flick via groups.io]

From: Ard Biesheuvel 

ArmVirtQemu may execute at EL2, in which case monitor calls are
generally made using SMC instructions instead of HVC instructions.

Whether or not this is the case can only be decided at runtime, and so
the associated PCD needs to be settable at runtime, if the platform
definition chooses so. This implies a boolean PCD, given that a feature
PCD is build-time configurable only.

Cc: Leif Lindholm 
Cc: Ard Biesheuvel 
Cc: Sami Mujawar 

Committed-by: Ard Biesheuvel 
Signed-off-by: Doug Flick [MSFT] 
---
 ArmPkg/ArmPkg.dec| 10 +-
 ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec
index 7fe2b9bca4..ac030e295b 100644
--- a/ArmPkg/ArmPkg.dec
+++ b/ArmPkg/ArmPkg.dec
@@ -139,11 +139,6 @@
   # Define if the GICv3 controller should use the GICv2 legacy
   gArmTokenSpaceGuid.PcdArmGicV3WithV2Legacy|FALSE|BOOLEAN|0x0042
 
-  ## Define the conduit to use for monitor calls.
-  # Default PcdMonitorConduitHvc = FALSE, conduit = SMC
-  # If PcdMonitorConduitHvc = TRUE, conduit = HVC
-  gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x0047
-
   # Whether to remap all unused memory NX before installing the CPU arch
   # protocol driver. This is needed on platforms that map all DRAM with RWX
   # attributes initially, and can be disabled otherwise.
@@ -317,6 +312,11 @@
   gArmTokenSpaceGuid.PcdSystemBiosRelease|0x|UINT16|0x3058
   
gArmTokenSpaceGuid.PcdEmbeddedControllerFirmwareRelease|0x|UINT16|0x3059
 
+  ## Define the conduit to use for monitor calls.
+  # Default PcdMonitorConduitHvc = FALSE, conduit = SMC
+  # If PcdMonitorConduitHvc = TRUE, conduit = HVC
+  gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x0047
+
 [PcdsFixedAtBuild.common, PcdsDynamic.common]
   #
   # ARM Architectural Timer
diff --git a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c 
b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
index 741f5c6157..ec5b0b6619 100644
--- a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
+++ b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c
@@ -26,7 +26,7 @@ ArmMonitorCall (
   IN OUT ARM_MONITOR_ARGS  *Args
   )
 {
-  if (FeaturePcdGet (PcdMonitorConduitHvc)) {
+  if (PcdGetBool (PcdMonitorConduitHvc)) {
 ArmCallHvc ((ARM_HVC_ARGS *)Args);
   } else {
 ArmCallSmc ((ARM_SMC_ARGS *)Args);
-- 
2.34.1

[edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236

[Doug Flick via groups.io]

From: Doug Flick 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt

Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.

This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.

RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection

   A TCP implementation MUST use the above type of "clock" for clock-
   driven selection of initial sequence numbers (MUST-8), and SHOULD
   generate its initial sequence numbers with the expression:

   ISN = M + F(localip, localport, remoteip, remoteport, secretkey)

   where M is the 4 microsecond timer, and F() is a pseudorandom
   function (PRF) of the connection's identifying parameters ("localip,
   localport, remoteip, remoteport") and a secret key ("secretkey")
   (SHLD-1).  F() MUST NOT be computable from the outside (MUST-9), or
   an attacker could still guess at sequence numbers from the ISN used
   for some other connection.  The PRF could be implemented as a
   cryptographic hash of the concatenation of the TCP connection
   parameters and some secret data.  For discussion of the selection of
   a specific hash algorithm and management of the secret key data,
   please see Section 3 of [42].

   For each connection there is a send sequence number and a receive
   sequence number.  The initial send sequence number (ISS) is chosen by
   the data sending TCP peer, and the initial receive sequence number
   (IRS) is learned during the connection-establishing procedure.

   For a connection to be established or initialized, the two TCP peers
   must synchronize on each other's initial sequence numbers.  This is
   done in an exchange of connection-establishing segments carrying a
   control bit called "SYN" (for synchronize) and the initial sequence
   numbers.  As a shorthand, segments carrying the SYN bit are also
   called "SYNs".  Hence, the solution requires a suitable mechanism for
   picking an initial sequence number and a slightly involved handshake
   to exchange the ISNs.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/TcpDxe/TcpDxe.inf  |   8 +-
 NetworkPkg/TcpDxe/TcpFunc.h   |  23 +-
 NetworkPkg/TcpDxe/TcpMain.h   |  59 -
 NetworkPkg/TcpDxe/TcpDriver.c |  92 +++-
 NetworkPkg/TcpDxe/TcpInput.c  |  13 +-
 NetworkPkg/TcpDxe/TcpMisc.c   | 244 ++--
 NetworkPkg/TcpDxe/TcpTimer.c  |   3 +-
 NetworkPkg/SecurityFixes.yaml |  22 ++
 8 files changed, 415 insertions(+), 49 deletions(-)

diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index cf5423f4c5..76de4cf9ec 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -6,6 +6,7 @@
 #  stack has been loaded in system. This driver supports both IPv4 and IPv6 
network stack.
 #
 #  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) Microsoft Corporation
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -68,7 +69,6 @@
   NetLib
   IpIoLib
 
-
 [Protocols]
   ## SOMETIMES_CONSUMES
   ## SOMETIMES_PRODUCES
@@ -81,6 +81,12 @@
   gEfiIp6ServiceBindingProtocolGuid ## TO_START
   gEfiTcp6ProtocolGuid  ## BY_START
   gEfiTcp6ServiceBindingProtocolGuid## BY_START
+  gEfiHash2ProtocolGuid ## BY_START
+  gEfiHash2ServiceBindingProtocolGuid   ## BY_START
+
+[Guids]
+  gEfiHashAlgorithmMD5Guid  ## CONSUMES
+  gEfiHashAlgorithmSha256Guid   ## CONSUMES
 
 [Depex]
   gEfiHash2ServiceBindingProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
index a7af01fff2..c707bee3e5 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
@@ -2,7 +2,7 @@
   Declaration of external functions shared in TCP driver.
 
   Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -36,8 +36,11 @@ VOID
 
   @param[in, out]  Tcb   Pointer to the TCP_CB of this TCP 
instance.
 
+  @retval EFI_SUCCESS The operation completed successfully
+  @retval others  The underlying functions failed and could 
not complete the operation
+
 **/
-VOID
+EFI_STATUS
 TcpInitTcbLocal (
   IN OUT TCP_CB  *Tcb
   );
@@ -128,17 +131,6 @@ TcpCloneTcb (
   IN TCP_CB  *Tcb
   );
 
-/**
-  Compute an ISS to be used by a new connection.
-
-  @return The result ISS.
-
-**/
-TCP_SEQNO
-TcpGetIss (
-  VOID
-  );
-
 /**
   Get the local mss.
 
@@ -202,8 

[edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h   | 48 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 +
 2 files changed, 69 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
new file mode 100644
index 00..b54f8a234b
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
@@ -0,0 +1,48 @@
+/** @file
+  This file declares a mock of Rng Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_RNG_H_
+#define MOCK_RNG_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockRng {
+  MOCK_INTERFACE_DECLARATION (MockRng);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetInfo,
+(
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN*RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM   *RNGAlgorithmList
+)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetRng,
+(
+ IN EFI_RNG_PROTOCOL*This,
+ IN EFI_RNG_ALGORITHM   *RNGAlgorithm,
+ IN UINTN   RNGValueLength,
+ OUT UINT8  *RNGValue
+)
+);
+};
+
+extern "C" {
+  extern EFI_RNG_PROTOCOL  *gRngProtocol;
+}
+
+#endif // MOCK_RNG_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
new file mode 100644
index 00..7d8b69cc86
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
@@ -0,0 +1,21 @@
+/** @file MockRng.cpp
+  Google Test mock for Rng Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockRng);
+MOCK_FUNCTION_DEFINITION (MockRng, GetInfo, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockRng, GetRng, 4, EFIAPI);
+
+EFI_RNG_PROTOCOL  RNG_PROTOCOL_INSTANCE = {
+  GetInfo, // EFI_RNG_GET_INFO
+  GetRng   // EFI_RNG_GET_RNG
+};
+
+extern "C" {
+  EFI_RNG_PROTOCOL  *gRngProtocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1

[edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a mock library for UefiBootServicesTableLib.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/MdePkgHostTest.dsc 
   |  1 +
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 | 32 
 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
   | 78 
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
 | 69 +
 4 files changed, 180 insertions(+)

diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
index e36b7c..6a85d02236 100644
--- a/MdePkg/Test/MdePkgHostTest.dsc
+++ b/MdePkg/Test/MdePkgHostTest.dsc
@@ -43,6 +43,7 @@
   MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
   
MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockFdtLib/MockFdtLib.inf
diff --git 
a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
new file mode 100644
index 00..8b64fd195a
--- /dev/null
+++ 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
@@ -0,0 +1,32 @@
+## @file
+#  Mock implementation of the UEFI Boot Services Table Library.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = MockUefiBootServicesTableLib
+  FILE_GUID  = 67EA4614-E276-49EC-9AE6-B97ACCEA676E
+  MODULE_TYPE= HOST_APPLICATION
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = UefiBootServicesTableLib|HOST_APPLICATION
+
+#
+#  VALID_ARCHITECTURES   = IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiBootServicesTableLib.cpp
+
+[LibraryClasses]
+  GoogleTestLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git 
a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
new file mode 100644
index 00..d72b941323
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
@@ -0,0 +1,78 @@
+/** @file
+  Google Test mocks for UefiBootServicesTableLib
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+#define MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+
+#include 
+#include 
+extern "C" {
+  #include 
+  #include 
+}
+
+//
+// Declarations to handle usage of the UefiBootServiceTableLib by creating mock
+//
+struct MockUefiBootServicesTableLib {
+  MOCK_INTERFACE_DECLARATION (MockUefiBootServicesTableLib);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_GetMemoryMap,
+(IN OUT UINTN *MemoryMapSize,
+ OUTEFI_MEMORY_DESCRIPTOR *MemoryMap,
+ OUTUINTN *MapKey,
+ OUTUINTN *DescriptorSize,
+ OUTUINT32*DescriptorVersion)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEvent,
+(IN  UINT32   Type,
+ IN  EFI_TPL  NotifyTpl,
+ IN  EFI_EVENT_NOTIFY NotifyFunction,
+ IN  VOID *NotifyContext,
+ OUT EFI_EVENT*Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CloseEvent,
+(IN EFI_EVENT Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_HandleProtocol,
+(IN  EFI_HANDLE Handle,
+ IN  EFI_GUID   *Protocol,
+ OUT VOID   **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_LocateProtocol,
+(IN  EFI_GUID *Protocol,
+ IN  VOID  *Registration  OPTIONAL,
+ OUT VOID  **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEventEx,
+(IN UINT32Type,
+ IN EFI_TPL   NotifyTpl,
+ IN EFI_EVENT_NOTIFY  NotifyFunction OPTIONAL,
+ IN CONST VOID*NotifyContext OPTIONAL,
+ IN CONST EFI_GUID*EventGroup OPTIONAL,
+ OUT EFI_EVENT*Event)
+);
+};
+
+#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git 

[edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg

[Doug Flick via groups.io]

This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtQemu.dsc   | 5 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +
 3 files changed, 15 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7e2ff33ad1..1d3315ad3e 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -554,6 +554,11 @@
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index efe2df97bd..94f48593c2 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -461,6 +461,11 @@
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # ACPI Support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc 
b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index c5d097ffb9..80d420023e 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -177,6 +177,11 @@ READ_LOCK_STATUS   = TRUE
   INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
-- 
2.34.1

[edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng

[Doug Flick via groups.io]

Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy source,
>// its security level must be at least 256 bits according to UEFI
Spec.
>//
>if (RNGValueLength < 32) {
>  return EFI_INVALID_PARAMETER;
>}
>

AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.

Cc: Jiewen Yao 

Signed-off-by: Doug Flick [MSFT] 
Reviewed-by: Ard Biesheuvel 
---
 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c 
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16e4b..5723ed6957 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
   // The "raw" algorithm is intended to provide entropy directly
   //
   if (CompareGuid (RNGAlgorithm, )) {
-//
-// When a DRBG is used on the output of a entropy source,
-// its security level must be at least 256 bits according to UEFI Spec.
-//
-if (RNGValueLength < 32) {
-  return EFI_INVALID_PARAMETER;
-}
-
 Status = GenerateEntropy (RNGValueLength, RNGValue);
 return Status;
   }
-- 
2.34.1

[edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py 
b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
index 0ddaccf9c2..3abab09141 100644
--- a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
+++ b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
@@ -240,6 +240,8 @@ class PlatformBuilder(UefiBuilder, BuildSettingsManager):
 args += " -serial stdio"
 # Mount disk with startup.nsh
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk"
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 # Conditional Args
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
-- 
2.34.1

[edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/OvmfPkgIa32.dsc| 6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc | 6 +-
 OvmfPkg/OvmfPkgX64.dsc | 6 +-
 OvmfPkg/OvmfXen.dsc| 5 +
 OvmfPkg/OvmfPkgIa32.fdf| 5 +
 OvmfPkg/OvmfPkgIa32X64.fdf | 5 +
 OvmfPkg/OvmfPkgX64.fdf | 5 +
 OvmfPkg/OvmfXen.fdf| 5 +
 8 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 1be021be71..2ca005d768 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -229,7 +229,6 @@
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -858,6 +857,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d27a4c7278..a39070a626 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -234,7 +234,6 @@
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -872,6 +871,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8f5cd23b2e..1b90aa8f57 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -250,7 +250,6 @@
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -940,6 +939,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index fa1a570e74..7fc340d1c1 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -667,6 +667,11 @@
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 6eb26f7d46..0d4abb50a8 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,6 +295,11 @@ INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 080784f722..23a825a012 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -296,6 +296,11 @@ INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b6e8f43566..4dcd6a033c 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -329,6 +329,11 @@ INF MdeModulePkg/Logo/LogoDxe.inf
 
 INF OvmfPkg/TdxDxe/TdxDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index 5770b17316..41368f37e2 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -314,6 +314,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
-- 
2.34.1

[edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py 
b/OvmfPkg/PlatformCI/PlatformBuildLib.py
index 00d454954b..3fe80f5c1c 100644
--- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
+++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
@@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager):
 args += " -net none"# 
turn off network
 args += " -smp 4"
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # 
Mount disk with startup.nsh
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
 args += " -display none"  # no graphics
-- 
2.34.1

[edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg

[Doug Flick via groups.io]

This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
Reviewed-by: Ray Ni 
---
 EmulatorPkg/EmulatorPkg.dsc | 7 ++-
 EmulatorPkg/EmulatorPkg.fdf | 6 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 5fa1ed345a..0a66294cb7 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -127,9 +127,9 @@
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
+  RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
-  RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -398,6 +398,11 @@
   EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
   EmulatorPkg/TimerDxe/Timer.inf
 
+  #
+  # Rng Protocol producer
+  #
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 !endif
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 5420756eaa..d756c144d9 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -193,6 +193,11 @@ INF  RuleOverride = UI 
MdeModulePkg/Application/UiApp/UiApp.inf
 INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
 INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
 
+#
+# Rng Protocol producer
+#
+INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 #
 # Secure Boot Key Enroll
 #
@@ -320,4 +325,3 @@ INF  ShellPkg/Application/Shell/Shell.inf
 UISTRING="$(MODULE_NAME)" Optional
 VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
   }
-
-- 
2.34.1

[edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[Doug Flick via groups.io]

REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator

In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation,
  instead it uses EFI_RNG_PROTOCOL provided by the plaform to
  generate random numbers.
  - This change was made such that any future random number
generation vulnerabilities will be a result of the platforms
implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg

- NetworkPkg uses the TCP initial sequence number algorithm as described
  in RFC 6528 to generate the initial sequence number for TCP connections.
  - This change was made to ensure that the initial sequence number
is not predictable and therefore cannot be used in a TCP hijacking
attack.

In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
  Hash2DxeCrypto driver to support TCP ISN generation using
  EFI_HASH2_PROTOCOL

- EmulatorPkg was updated to include the
  RngDxe driver to support random number generation using the
  EFI_RNG_PROTOCOL

- OvmfPkg, and ArmVirtPkg were updated to include the
  virtio-rng-pci device to support random number generation using the
  EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver

- SecurityPkg was updated to fix an incorrect limitation on the
  GetRng function in the RngDxe driver where the minimum amount of
  random data that could be requested was 32 bytes (256 bits) instead
  of what the caller requested

- MdePkg was updated to include MockUefiBootServicesTableLib,
  MockRng, and MockHash2 protocols for testing

- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
  due to underlying changes

- ArmPkg was updated to allow the SMC/HVC monitor conduit to be
  specified at runtime

- MdePkg was updated to remove an overzealous ASSERT in BaseRngLib

- ArmVirtPkg was updated to permit the use of dynamic PCDs in PEI

- ArmVirtPkg was updated to use dynamic PCDs to set the SMCCC conduit

- ArmVirtPkg was updated to add the RngDxe driver

Cc: Liming Gao 

Signed-off-by: Doug Flick [MSFT] 

Ard Biesheuvel (6):
  ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime
  MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT()
  ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI
  ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit
  ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and ArmVirt.dsc.inc
  ArmVirtPkg/ArmVirtQemu: Add RngDxe driver

Doug Flick (8):
  EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
  OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
  NetworkPkg:: SECURITY PATCH CVE-2023-45237
  NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
  MdePkg: : Add MockUefiBootServicesTableLib
  MdePkg: : Adds Protocol for MockRng
  MdePkg: Add MockHash2 Protocol for testing
  NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

Flickdm (6):
  EmulatorPkg: : Add RngDxe to EmulatorPkg
  OvmfPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
  SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
  ArmVirtPkg: Move PcdMonitorConduitHvc

 ArmPkg/ArmPkg.dec  
   |  10 +-
 NetworkPkg/NetworkPkg.dec  
   |   7 +
 ArmVirtPkg/ArmVirt.dsc.inc 
   |   5 +-
 ArmVirtPkg/ArmVirtCloudHv.dsc  
   |   3 +
 ArmVirtPkg/ArmVirtKvmTool.dsc  
   |   4 +-
 ArmVirtPkg/ArmVirtQemu.dsc 
   |  20 +-
 ArmVirtPkg/ArmVirtQemuKernel.dsc   
   |  12 +-
 ArmVirtPkg/ArmVirtXen.dsc  
   |   6 +-
 EmulatorPkg/EmulatorPkg.dsc
   |  14 +-
 MdePkg/Test/MdePkgHostTest.dsc 
   |   1 +
 NetworkPkg/Test/NetworkPkgHostTest.dsc 
   |   1 +
 OvmfPkg/OvmfPkgIa32.dsc
   |   6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc 
   |   6 +-
 OvmfPkg/OvmfPkgX64.dsc 
   |   6 +-
 OvmfPkg/OvmfXen.dsc 

[edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 5 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb7..1c356bc8c7 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -402,6 +403,10 @@
   # Rng Protocol producer
   #
   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d9..73d5b0068d 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ INF  
MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
 #
 INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Secure Boot Key Enroll
 #
-- 
2.34.1

Re: [edk2-devel] [PATCH v2 09/13] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236

[Doug Flick via groups.io]

This was more of a design decision. Both Hash2Protocol and HashLib serve 
similar purposes. The goal was to use Hash2Protocol to decouple and provide 
greater modularity and flexibility over HashLib. 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119106): https://edk2.groups.io/g/devel/message/119106
Mute This Topic: https://groups.io/mt/105996585/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] 回复: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

>
> On ARM, we can actually do better than this: I have taken Doug's v2
> and applied some changes on top to make it work with ArmVirtQemu.
>
> https://github.com/ardbiesheuvel/edk2/tree/doug-v2
> 

Ard, would you be comfortable with this patch series if I take the commits 
you're suggesting? I'm being asked to see what it would take to get these 
commits in for this release.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118973): https://edk2.groups.io/g/devel/message/118973
Mute This Topic: https://groups.io/mt/106013302/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng

[Doug Flick via groups.io]

So, I'm trying to consult with some RNG experts because I'm by no means an 
expert and anything I say should be taken with huge grain of salt. When I get 
the experts take, I'll share it.

Basically, the way I read this code is that it by no means tries to enforce any 
entropy requirement outside of what you ask for.

My understanding is the 256 Bit Entropy requirements comes from when you are 
using a DRNG algorithm such as:
```
#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \
 {0xa7af67cb, 0x603b, 0x4d42,\
 {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96}}

#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \
 {0xc5149b43, 0xae85, 0x4f53,\
 {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7}}

#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \
 {0x44f0de6e, 0x4d8c, 0x4045, \
 {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e}}
```
> "When a Deterministic Random Bit Generator (DRBG) is used on the output of a 
> (raw) entropy source, its security level must be at least 256 bits." 

https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol

That is, the seed of these algorithms must be at a minimum 256 bits from your 
entropy source. 

Now when you call for instance EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID

On an INTEL CPU it uses the Intel RDRAND Instruction

https://github.com/tianocore/edk2/blob/4b6ee06a090d956f80b4a92fb9bf03098a372f39/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L108C45-L108C51

Which from what I can tell the generator takes pairs of 256-bit raw entropy 
samples generated by the hardware entropy source and applies them to an 
Advanced Encryption Standard (AES) (in CBC-MAC mode) conditioner which reduces 
them to a single 256-bit conditioned entropy sample.

https://en.wikipedia.org/wiki/RDRAND

https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html

Which means, if you are implementing these algorithms in software, you must 
comply with the 256 bit entropy requirement for your source. However in our 
case the CPU is performing that requirement for us. 

Again I'm no expert. So if an expert is reading this and I'm completely wrong 
please let me know :)


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118827): https://edk2.groups.io/g/devel/message/118827
Mute This Topic: https://groups.io/mt/105996584/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] 回复: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

At a high level, this isn't my project and I would look towards the maintainers 
to provide guidance about the direction they want to go. 

However, 

In my opinion, this is a debate on Security vs Compatibility. I'm biased more 
towards security, and I've tried to make it easy for a platform to understand 
what is happening with `PcdEnforceSecureRngAlgorithms` . If we default to 
`default` the platform never has the chance to understand what Rng Algorithms 
they provide and if that is a problem for them. Default is obviously the most 
compatible but it's also the one that may or may not be backed by something 
insecure. Which is why I would prefer if a platform acknowledges that they know 
it's backed by something secure or if not its an active decision. 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118824): https://edk2.groups.io/g/devel/message/118824
Mute This Topic: https://groups.io/mt/106013302/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] 回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[Doug Flick via groups.io]

>From the two CVE patches there should be no functional differences to a 
>platform assuming the platform provides them with a RNG implementation and 
>HASH2 implementation. 

The "NetworkPkg:: SECURITY PATCH CVE-2023-45237" change simply get's it's 
random numbers from outside of the NetworkPkg and makes it a platform decision.
The "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236" changes how the TCP Isn 
number is generated and puts the platform in compliance with the relevant 
specification. 

There is a functional change with  "SecurityPkg: RngDxe: Remove incorrect 
limitation on GetRng" as this will now allow a caller to call less than 32 
bytes. 

The other changes are unit tests and platform integration changes.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118768): https://edk2.groups.io/g/devel/message/118768
Mute This Topic: https://groups.io/mt/105998004/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

>
> So this patch is necessary as otherwise, QEMU fails to boot due to a
> missing source of randomness in the network drivers, right?
>

So I added this based on your initial suggestion to get the ArmVirtPkg working 
- running it locally (and against the pipelines) shows this isn't necessary. So 
I'll drop the commits.

There were concerns around compatibility, however the only fallback we would be 
able to do from NetworkPkg is depend on the time based LCG that we've 
considered a high profile CVE. This is where NetworkPkg must depend on the 
platform to provide it Rng and Hashing services. Fundamentally the platform 
must own it's own security. 

>
> RNDR raises another interesting problem, by the way - the ARM arch
> spec requires RNDR to be backed by an appropriate DRBG that complies
> with the NIST spec but it does not specify which one. IOW, it is
> backed by a DRBG not by a raw entropy source, but specifying which
> DRBG (by GUID) is not generally feasible, as the guest VM firmware
> cannot interrogate the host about which DRBG is behind RNDR.
>

This is why the PCD `PcdEnforceSecureRngAlgorithms` exists. The platform can 
make the determination to depend on default if they understand the security 
implications behind that. Additionally, the platform is free to override RngDxe 
and provide their own implementations. 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118767): https://edk2.groups.io/g/devel/message/118767
Mute This Topic: https://groups.io/mt/105996580/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 02/13] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 5 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb768..1c356bc8c732 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@ [LibraryClasses]
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -402,6 +403,10 @@ [Components]
   # Rng Protocol producer
   #
   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d94d..73d5b0068d3f 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ [FV.FvRecovery]
 #
 INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Secure Boot Key Enroll
 #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118729): https://edk2.groups.io/g/devel/message/118729
Mute This Topic: https://groups.io/mt/105996594/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 13/13] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

[Doug Flick via groups.io]

From: Doug Flick 

This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
 - Random now comes from the RngLib Protocol
 - The TCP ISN is now generated by the hash function

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf |   3 +-
 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 102 
+++-
 3 files changed, 100 insertions(+), 6 deletions(-)

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index fa301a7a52ab..1772afb05815 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -30,6 +30,7 @@ [Components]
   NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
 
   
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   }
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
index 301dcdf61109..8b092d9291d4 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -14,7 +14,7 @@ [Defines]
 #
 # The following information is for reference only and not required by the 
build tools.
 #
-#  VALID_ARCHITECTURES   = IA32 X64
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
 #
 
 [Sources]
@@ -23,6 +23,7 @@ [Sources]
   PxeBcDhcp6GoogleTest.h
   ../PxeBcDhcp6.c
   ../PxeBcSupport.c
+  ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index bd423ebadfce..61736ff79e83 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -7,6 +7,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 extern "C" {
   #include 
@@ -165,7 +167,7 @@ protected:
 // Note:
 // Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
 // properly setup Private structure. Attempting to properly test this function
-// without a signficant refactor is a fools errand. Instead, we will test
+// without a significant refactor is a fools errand. Instead, we will test
 // that we can prevent an overflow in the function.
 TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
   PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
 FreePool (Option);
   }
 }
+
 // Test Description
 // Test that we can prevent an overflow in the function
 TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, 
AttemptRequestOverFlowExpectFailure) {
 class PxeBcDhcp6DiscoverTest : public ::testing::Test {
 public:
   PXEBC_PRIVATE_DATA Private = { 0 };
+  // create a mock md5 hash
+  UINT8 Md5Hash[16] = { 0 };
+
   EFI_UDP6_PROTOCOL Udp6Read;
 
 protected:
   MockUefiRuntimeServicesTableLib RtServicesMock;
+  MockUefiBootServicesTableLib BsMock;
+  MockRng RngMock;
 
   // Add any setup code if needed
   virtual void
@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)
+)
+   );
+
+  EXPECT_CALL (RngMock, GetRng)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<3> (::testing::ByRef 
(Md5Hash[0])),
+::testing::Return (EFI_SUCCESS)
+)
+   );
 
   ASSERT_EQ (
 PxeBcDhcp6Discover (
@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)

[edk2-devel] [PATCH v2 12/13] MdePkg: Add MockHash2 Protocol for testing

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a new MockHash2 protocol to the MdePkg. This protocol
is used to test Hash2 protocol consumers.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h   | 67 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 
 2 files changed, 94 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
new file mode 100644
index ..b44d341332dc
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
@@ -0,0 +1,67 @@
+/** @file
+  This file declares a mock of Hash2 Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_HASH2_H_
+#define MOCK_HASH2_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockHash2 {
+  MOCK_INTERFACE_DECLARATION (MockHash2);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetHashSize,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ OUT UINTN*HashSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+Hash,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashInit,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashUpdate,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashFinal,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+};
+
+extern "C" {
+  extern EFI_HASH2_PROTOCOL  *gHash2Protocol;
+}
+
+#endif // MOCK_HASH2_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
new file mode 100644
index ..5cf94c43b4a5
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
@@ -0,0 +1,27 @@
+/** @file MockHash2.cpp
+  Google Test mock for Hash2 Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockHash2);
+MOCK_FUNCTION_DEFINITION (MockHash2, GetHashSize, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, Hash, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashInit, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashUpdate, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashFinal, 2, EFIAPI);
+
+EFI_HASH2_PROTOCOL  HASH2_PROTOCOL_INSTANCE = {
+  GetHashSize, // EFI_HASH2_GET_HASH_SIZE
+  Hash,// EFI_HASH2_HASH
+  HashInit,// EFI_HASH2_HASH_INIT
+  HashUpdate,  // EFI_HASH2_HASH_UPDATE
+  HashFinal// EFI_HASH2_HASH_FINAL
+};
+
+extern "C" {
+  EFI_HASH2_PROTOCOL  *gHash2Protocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118727): https://edk2.groups.io/g/devel/message/118727
Mute This Topic: https://groups.io/mt/105996590/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 11/13] MdePkg: : Adds Protocol for MockRng

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h   | 48 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 +
 2 files changed, 69 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
new file mode 100644
index ..b54f8a234b2f
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
@@ -0,0 +1,48 @@
+/** @file
+  This file declares a mock of Rng Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_RNG_H_
+#define MOCK_RNG_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockRng {
+  MOCK_INTERFACE_DECLARATION (MockRng);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetInfo,
+(
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN*RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM   *RNGAlgorithmList
+)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetRng,
+(
+ IN EFI_RNG_PROTOCOL*This,
+ IN EFI_RNG_ALGORITHM   *RNGAlgorithm,
+ IN UINTN   RNGValueLength,
+ OUT UINT8  *RNGValue
+)
+);
+};
+
+extern "C" {
+  extern EFI_RNG_PROTOCOL  *gRngProtocol;
+}
+
+#endif // MOCK_RNG_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
new file mode 100644
index ..7d8b69cc8673
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
@@ -0,0 +1,21 @@
+/** @file MockRng.cpp
+  Google Test mock for Rng Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockRng);
+MOCK_FUNCTION_DEFINITION (MockRng, GetInfo, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockRng, GetRng, 4, EFIAPI);
+
+EFI_RNG_PROTOCOL  RNG_PROTOCOL_INSTANCE = {
+  GetInfo, // EFI_RNG_GET_INFO
+  GetRng   // EFI_RNG_GET_RNG
+};
+
+extern "C" {
+  EFI_RNG_PROTOCOL  *gRngProtocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118726): https://edk2.groups.io/g/devel/message/118726
Mute This Topic: https://groups.io/mt/105996589/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 10/13] MdePkg: : Add MockUefiBootServicesTableLib

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a mock library for UefiBootServicesTableLib.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/MdePkgHostTest.dsc 
   |  1 +
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 | 32 
 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
   | 78 
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
 | 69 +
 4 files changed, 180 insertions(+)

diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
index e36b7c55..6a85d02236a0 100644
--- a/MdePkg/Test/MdePkgHostTest.dsc
+++ b/MdePkg/Test/MdePkgHostTest.dsc
@@ -43,6 +43,7 @@ [Components]
   MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
   
MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockFdtLib/MockFdtLib.inf
diff --git 
a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
new file mode 100644
index ..8b64fd195acd
--- /dev/null
+++ 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
@@ -0,0 +1,32 @@
+## @file
+#  Mock implementation of the UEFI Boot Services Table Library.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = MockUefiBootServicesTableLib
+  FILE_GUID  = 67EA4614-E276-49EC-9AE6-B97ACCEA676E
+  MODULE_TYPE= HOST_APPLICATION
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = UefiBootServicesTableLib|HOST_APPLICATION
+
+#
+#  VALID_ARCHITECTURES   = IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiBootServicesTableLib.cpp
+
+[LibraryClasses]
+  GoogleTestLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git 
a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
new file mode 100644
index ..d72b941323c1
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
@@ -0,0 +1,78 @@
+/** @file
+  Google Test mocks for UefiBootServicesTableLib
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+#define MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+
+#include 
+#include 
+extern "C" {
+  #include 
+  #include 
+}
+
+//
+// Declarations to handle usage of the UefiBootServiceTableLib by creating mock
+//
+struct MockUefiBootServicesTableLib {
+  MOCK_INTERFACE_DECLARATION (MockUefiBootServicesTableLib);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_GetMemoryMap,
+(IN OUT UINTN *MemoryMapSize,
+ OUTEFI_MEMORY_DESCRIPTOR *MemoryMap,
+ OUTUINTN *MapKey,
+ OUTUINTN *DescriptorSize,
+ OUTUINT32*DescriptorVersion)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEvent,
+(IN  UINT32   Type,
+ IN  EFI_TPL  NotifyTpl,
+ IN  EFI_EVENT_NOTIFY NotifyFunction,
+ IN  VOID *NotifyContext,
+ OUT EFI_EVENT*Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CloseEvent,
+(IN EFI_EVENT Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_HandleProtocol,
+(IN  EFI_HANDLE Handle,
+ IN  EFI_GUID   *Protocol,
+ OUT VOID   **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_LocateProtocol,
+(IN  EFI_GUID *Protocol,
+ IN  VOID  *Registration  OPTIONAL,
+ OUT VOID  **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEventEx,
+(IN UINT32Type,
+ IN EFI_TPL   NotifyTpl,
+ IN EFI_EVENT_NOTIFY  NotifyFunction OPTIONAL,
+ IN CONST VOID*NotifyContext OPTIONAL,
+ IN CONST EFI_GUID*EventGroup OPTIONAL,
+ OUT EFI_EVENT*Event)
+);
+};
+
+#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git 

[edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32 Random;
>
> Status = PseudoRandomU32 ();
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
secure implementation of algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have any one of the UEFI defined
secure RNG algorithms then the driver will assert.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/NetworkPkg.dec  |   7 ++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf |  13 +-
 NetworkPkg/TcpDxe/TcpDxe.inf   |   3 +
 NetworkPkg/IScsiDxe/IScsiMisc.h|   6 +-
 NetworkPkg/Include/Library/NetLib.h|  40 --
 NetworkPkg/Ip6Dxe/Ip6Nd.h  |   8 +-
 NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c  |  10 +-
 NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c  |  11 +-
 NetworkPkg/DnsDxe/DnsDhcp.c|  10 +-
 NetworkPkg/DnsDxe/DnsImpl.c|  11 +-
 NetworkPkg/HttpBootDxe/HttpBootDhcp6.c |  10 +-
 NetworkPkg/IScsiDxe/IScsiCHAP.c|  19 ++-
 NetworkPkg/IScsiDxe/IScsiMisc.c|  14 +--
 NetworkPkg/Ip4Dxe/Ip4Driver.c  |  10 +-
 NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c  |   9 +-
 NetworkPkg/Ip6Dxe/Ip6Driver.c  |  17 ++-
 NetworkPkg/Ip6Dxe/Ip6If.c  |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Mld.c |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Nd.c  |  33 -
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c   | 129 +---
 NetworkPkg/TcpDxe/TcpDriver.c  |  15 ++-
 NetworkPkg/Udp4Dxe/Udp4Driver.c|  10 +-
 NetworkPkg/Udp6Dxe/Udp6Driver.c|  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c   |   9 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c   |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c  |  12 +-
 NetworkPkg/SecurityFixes.yaml  |  39 ++
 27 files changed, 408 insertions(+), 83 deletions(-)

diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e7747c..7c4289b77b21 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
 #
 # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
 # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
   # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
   
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x100C
 
+  ## Enforces the use of Secure UEFI spec defined RNG algorithms for all 
network connections.
+  # TRUE  - Enforce the use of Secure UEFI spec defined RNG algorithms.
+  # FALSE - Do not enforce and depend on the default implementation of RNG 
algorithm from the provider.
+  # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+  
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x100D
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 
6355).
   # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec10..236ccd362efe 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
 #
 #  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
 #  (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+#  Copyright (c) Microsoft Corporation
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -49,7 +50,10 @@ [Guids]
   gEfiSmbiosTableGuid   ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiSmbios3TableGuid  ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiAdapterInfoMediaStateGuid ## 

[edk2-devel] [PATCH v2 01/13] EmulatorPkg: : Add RngDxe to EmulatorPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 6 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 5fa1ed345a33..0a66294cb768 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -127,9 +127,9 @@ [LibraryClasses]
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -398,6 +398,11 @@ [Components]
   EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
   EmulatorPkg/TimerDxe/Timer.inf
 
+  #
+  # Rng Protocol producer
+  #
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 !endif
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 5420756eaa6f..d756c144d94d 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -193,6 +193,11 @@ [FV.FvRecovery]
 INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
 INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
 
+#
+# Rng Protocol producer
+#
+INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 #
 # Secure Boot Key Enroll
 #
@@ -320,4 +325,3 @@ [Rule.Common.UEFI_APPLICATION.BINARY]
 UISTRING="$(MODULE_NAME)" Optional
 VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
   }
-
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118717): https://edk2.groups.io/g/devel/message/118717
Mute This Topic: https://groups.io/mt/105996579/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 09/13] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236

[Doug Flick via groups.io]

From: Doug Flick 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt

Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.

This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.

RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection

   A TCP implementation MUST use the above type of "clock" for clock-
   driven selection of initial sequence numbers (MUST-8), and SHOULD
   generate its initial sequence numbers with the expression:

   ISN = M + F(localip, localport, remoteip, remoteport, secretkey)

   where M is the 4 microsecond timer, and F() is a pseudorandom
   function (PRF) of the connection's identifying parameters ("localip,
   localport, remoteip, remoteport") and a secret key ("secretkey")
   (SHLD-1).  F() MUST NOT be computable from the outside (MUST-9), or
   an attacker could still guess at sequence numbers from the ISN used
   for some other connection.  The PRF could be implemented as a
   cryptographic hash of the concatenation of the TCP connection
   parameters and some secret data.  For discussion of the selection of
   a specific hash algorithm and management of the secret key data,
   please see Section 3 of [42].

   For each connection there is a send sequence number and a receive
   sequence number.  The initial send sequence number (ISS) is chosen by
   the data sending TCP peer, and the initial receive sequence number
   (IRS) is learned during the connection-establishing procedure.

   For a connection to be established or initialized, the two TCP peers
   must synchronize on each other's initial sequence numbers.  This is
   done in an exchange of connection-establishing segments carrying a
   control bit called "SYN" (for synchronize) and the initial sequence
   numbers.  As a shorthand, segments carrying the SYN bit are also
   called "SYNs".  Hence, the solution requires a suitable mechanism for
   picking an initial sequence number and a slightly involved handshake
   to exchange the ISNs.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/TcpDxe/TcpDxe.inf  |   8 +-
 NetworkPkg/TcpDxe/TcpFunc.h   |  23 +-
 NetworkPkg/TcpDxe/TcpMain.h   |  59 -
 NetworkPkg/TcpDxe/TcpDriver.c |  92 +++-
 NetworkPkg/TcpDxe/TcpInput.c  |  13 +-
 NetworkPkg/TcpDxe/TcpMisc.c   | 242 ++--
 NetworkPkg/TcpDxe/TcpTimer.c  |   3 +-
 NetworkPkg/SecurityFixes.yaml |  22 ++
 8 files changed, 414 insertions(+), 48 deletions(-)

diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index cf5423f4c537..76de4cf9ec3d 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -6,6 +6,7 @@
 #  stack has been loaded in system. This driver supports both IPv4 and IPv6 
network stack.
 #
 #  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) Microsoft Corporation
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -68,7 +69,6 @@ [LibraryClasses]
   NetLib
   IpIoLib
 
-
 [Protocols]
   ## SOMETIMES_CONSUMES
   ## SOMETIMES_PRODUCES
@@ -81,6 +81,12 @@ [Protocols]
   gEfiIp6ServiceBindingProtocolGuid ## TO_START
   gEfiTcp6ProtocolGuid  ## BY_START
   gEfiTcp6ServiceBindingProtocolGuid## BY_START
+  gEfiHash2ProtocolGuid ## BY_START
+  gEfiHash2ServiceBindingProtocolGuid   ## BY_START
+
+[Guids]
+  gEfiHashAlgorithmMD5Guid  ## CONSUMES
+  gEfiHashAlgorithmSha256Guid   ## CONSUMES
 
 [Depex]
   gEfiHash2ServiceBindingProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
index a7af01fff246..c707bee3e548 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
@@ -2,7 +2,7 @@
   Declaration of external functions shared in TCP driver.
 
   Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -36,8 +36,11 @@ VOID
 
   @param[in, out]  Tcb   Pointer to the TCP_CB of this TCP 
instance.
 
+  @retval EFI_SUCCESS The operation completed successfully
+  @retval others  The underlying functions failed and could 
not complete the operation
+
 **/
-VOID
+EFI_STATUS
 TcpInitTcbLocal (
   IN OUT TCP_CB  *Tcb
   );
@@ -128,17 +131,6 @@ TcpCloneTcb (
   IN TCP_CB  *Tcb
   );
 
-/**
-  Compute an ISS to be used by a new connection.
-
-  @return The result ISS.
-
-**/
-TCP_SEQNO
-TcpGetIss (
-  VOID
-  );
-
 

[edk2-devel] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[Doug Flick via groups.io]

REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator

In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation, 
  instead it uses EFI_RNG_PROTOCOL provided by the plaform to 
  generate random numbers.
  - This change was made such that any future random number
generation vulnerabilities will be a result of the platforms
implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg

- NetworkPkg uses the TCP initial sequence number algorithm as described
  in RFC 6528 to generate the initial sequence number for TCP connections.
  - This change was made to ensure that the initial sequence number
is not predictable and therefore cannot be used in a TCP hijacking
attack.

In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
  Hash2DxeCrypto driver to support TCP ISN generation using 
  EFI_HASH2_PROTOCOL

- EmulatorPkg was updated to include the
  RngDxe driver to support random number generation using the
  EFI_RNG_PROTOCOL

- OvmfPkg, and ArmVirtPkg were updated to include the
  virtio-rng-pci device to support random number generation using the
  EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver

- SecurityPkg was updated to fix an incorrect limitation on the
  GetRng function in the RngDxe driver where the minimum amount of
  random data that could be requested was 32 bytes (256 bits) instead
  of what the caller requested

- MdePkg was updated to include MockUefiBootServicesTableLib,
  MockRng, and MockHash2 protocols for testing

- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
  due to underlying changes

Cc: Liming Gao 

Signed-off-by: Doug Flick [MSFT] 

Doug Flick (13):
  EmulatorPkg: : Add RngDxe to EmulatorPkg
  EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
  OvmfPkg:PlatformCI: Support virtio-rng-pci
  OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
  ArmVirtPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
  SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
  NetworkPkg:: SECURITY PATCH CVE-2023-45237
  NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
  MdePkg: : Add MockUefiBootServicesTableLib
  MdePkg: : Adds Protocol for MockRng
  MdePkg: Add MockHash2 Protocol for testing
  NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

 NetworkPkg/NetworkPkg.dec  
   |   7 +
 ArmVirtPkg/ArmVirtQemu.dsc 
   |   5 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc   
   |   5 +
 EmulatorPkg/EmulatorPkg.dsc
   |  14 +-
 MdePkg/Test/MdePkgHostTest.dsc 
   |   1 +
 NetworkPkg/Test/NetworkPkgHostTest.dsc 
   |   1 +
 OvmfPkg/OvmfPkgIa32.dsc
   |   6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc 
   |   6 +-
 OvmfPkg/OvmfPkgX64.dsc 
   |   6 +-
 OvmfPkg/OvmfXen.dsc
   |   5 +
 EmulatorPkg/EmulatorPkg.fdf
   |  11 +-
 OvmfPkg/OvmfPkgIa32.fdf
   |   5 +
 OvmfPkg/OvmfPkgIa32X64.fdf 
   |   5 +
 OvmfPkg/OvmfPkgX64.fdf 
   |   5 +
 OvmfPkg/OvmfXen.fdf
   |   5 +
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 |  32 +++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
   |  13 +-
 NetworkPkg/TcpDxe/TcpDxe.inf   
   |  11 +-
 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf  
   |   3 +-
 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
   |  78 +++
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h   
   |  67 ++
 

[edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng

[Doug Flick via groups.io]

Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy source,
>// its security level must be at least 256 bits according to UEFI Spec.
>//
>if (RNGValueLength < 32) {
>  return EFI_INVALID_PARAMETER;
>}
>

AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.

Cc: Jiewen Yao 

Signed-off-by: Doug Flick [MSFT] 
---
 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c 
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 7e06e16e4be5..5723ed695747 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -116,14 +116,6 @@ RngGetRNG (
   // The "raw" algorithm is intended to provide entropy directly
   //
   if (CompareGuid (RNGAlgorithm, )) {
-//
-// When a DRBG is used on the output of a entropy source,
-// its security level must be at least 256 bits according to UEFI Spec.
-//
-if (RNGValueLength < 32) {
-  return EFI_INVALID_PARAMETER;
-}
-
 Status = GenerateEntropy (RNGValueLength, RNGValue);
 return Status;
   }
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118722): https://edk2.groups.io/g/devel/message/118722
Mute This Topic: https://groups.io/mt/105996584/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 06/13] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg

[Doug Flick via groups.io]

This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtQemu.dsc   | 5 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +
 3 files changed, 15 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 7e2ff33ad172..1d3315ad3e47 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -554,6 +554,11 @@ [Components.common]
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index efe2df97bdf7..94f48593c242 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -461,6 +461,11 @@ [Components.common]
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # ACPI Support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc 
b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index c5d097ffb935..80d420023e6c 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -177,6 +177,11 @@ [FV.FvMain]
   INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118721): https://edk2.groups.io/g/devel/message/118721
Mute This Topic: https://groups.io/mt/105996583/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 05/13] ArmVirtPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py 
b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
index 0ddaccf9c21f..3abab0914127 100644
--- a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
+++ b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
@@ -240,6 +240,8 @@ class PlatformBuilder(UefiBuilder, BuildSettingsManager):
 args += " -serial stdio"
 # Mount disk with startup.nsh
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk"
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 # Conditional Args
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118720): https://edk2.groups.io/g/devel/message/118720
Mute This Topic: https://groups.io/mt/105996582/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 04/13] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/OvmfPkgIa32.dsc| 6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc | 6 +-
 OvmfPkg/OvmfPkgX64.dsc | 6 +-
 OvmfPkg/OvmfXen.dsc| 5 +
 OvmfPkg/OvmfPkgIa32.fdf| 5 +
 OvmfPkg/OvmfPkgIa32X64.fdf | 5 +
 OvmfPkg/OvmfPkgX64.fdf | 5 +
 OvmfPkg/OvmfXen.fdf| 5 +
 8 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 1be021be7140..2ca005d768ef 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -229,7 +229,6 @@ [LibraryClasses]
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -858,6 +857,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d27a4c7278c2..a39070a62655 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -234,7 +234,6 @@ [LibraryClasses]
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -872,6 +871,11 @@ [Components.X64]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8f5cd23b2ec0..1b90aa8f5737 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -250,7 +250,6 @@ [LibraryClasses]
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -940,6 +939,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index fa1a570e746a..7fc340d1c1df 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -667,6 +667,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 6eb26f7d4613..0d4abb50a8f7 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,6 +295,11 @@ [FV.DXEFV]
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 080784f722a7..23a825a01298 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -296,6 +296,11 @@ [FV.DXEFV]
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b6e8f43566c4..4dcd6a033c5a 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -329,6 +329,11 @@ [FV.DXEFV]
 
 INF OvmfPkg/TdxDxe/TdxDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index 5770b173168b..41368f37e254 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -314,6 +314,11 @@ [FV.DXEFV]
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118719): https://edk2.groups.io/g/devel/message/118719
Mute This Topic: https://groups.io/mt/105996581/21656
Group Owner: 

[edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py 
b/OvmfPkg/PlatformCI/PlatformBuildLib.py
index 00d454954bff..3fe80f5c1caa 100644
--- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
+++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
@@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager):
 args += " -net none"# 
turn off network
 args += " -smp 4"
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # 
Mount disk with startup.nsh
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
 args += " -display none"  # no graphics
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118718): https://edk2.groups.io/g/devel/message/118718
Mute This Topic: https://groups.io/mt/105996580/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

Ard,

I went ahead an added your suggestion to use gEfiRngAlgorithmRaw. This however 
led me to discover a difference in behavior in x86 based platforms and Arm 
based platforms and I'm usure which is the correct behavior.

On x86 based platforms, if the RngValueLength being requested is less than 32 
(256bits). Then it returns EFI_INVALID_PARAMETER (despite the function header 
not indicating that's possible)
https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L123

and it assumes that "When a Deterministic Random Bit Generator (DRBG) is used 
on the output of a (raw) entropy source, its security level must be at least 
256 bits." means it shouldn't support requests smaller than 32 bytes.
https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol
 

On Arm based Platforms it doesn't make this assumption and behaves according to 
the specification.
https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c#L106C35-L106C54

Right now my thought is that x86 machines are making an incorrect assumption 
where the seed to a DRNG needs to be at least 256 bits by nist recommendations 
but a caller should be free to request values smaller than 32 bytes.

Would you assume the same before I make a change to the x86 code to remove that 
check?


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118703): https://edk2.groups.io/g/devel/message/118703
Mute This Topic: https://groups.io/mt/105983246/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

In that case, 

I think that's a fair argument and a simple enough request with limited impact 
to make.

I'll go ahead and add RAW and drop the commits disabling "Secure Algorithms" 
from VirtioRngDxe based implementations


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118700): https://edk2.groups.io/g/devel/message/118700
Mute This Topic: https://groups.io/mt/105983246/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

I don't disagree.

The intent is not to be limited by NIST specified standards but rather the only 
UEFI Spec defined algorithms are NIST Standards.

https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#efi-rng-algorithm-definitions

I'm not sure what's the best way to clarify this distinction


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118698): https://edk2.groups.io/g/devel/message/118698
Mute This Topic: https://groups.io/mt/105983246/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 11/14] MdePkg: : Add MockUefiBootServicesTableLib

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a mock library for UefiBootServicesTableLib.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/MdePkgHostTest.dsc 
   |  1 +
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 | 32 
 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
   | 78 
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp
 | 69 +
 4 files changed, 180 insertions(+)

diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
index e36b7c55..6a85d02236a0 100644
--- a/MdePkg/Test/MdePkgHostTest.dsc
+++ b/MdePkg/Test/MdePkgHostTest.dsc
@@ -43,6 +43,7 @@ [Components]
   MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf
   
MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockFdtLib/MockFdtLib.inf
diff --git 
a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
new file mode 100644
index ..8b64fd195acd
--- /dev/null
+++ 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
@@ -0,0 +1,32 @@
+## @file
+#  Mock implementation of the UEFI Boot Services Table Library.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = MockUefiBootServicesTableLib
+  FILE_GUID  = 67EA4614-E276-49EC-9AE6-B97ACCEA676E
+  MODULE_TYPE= HOST_APPLICATION
+  VERSION_STRING = 1.0
+  LIBRARY_CLASS  = UefiBootServicesTableLib|HOST_APPLICATION
+
+#
+#  VALID_ARCHITECTURES   = IA32 X64 EBC
+#
+
+[Sources]
+  MockUefiBootServicesTableLib.cpp
+
+[LibraryClasses]
+  GoogleTestLib
+
+[Packages]
+  MdePkg/MdePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS = /EHsc
diff --git 
a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
new file mode 100644
index ..d72b941323c1
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h
@@ -0,0 +1,78 @@
+/** @file
+  Google Test mocks for UefiBootServicesTableLib
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+#define MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
+
+#include 
+#include 
+extern "C" {
+  #include 
+  #include 
+}
+
+//
+// Declarations to handle usage of the UefiBootServiceTableLib by creating mock
+//
+struct MockUefiBootServicesTableLib {
+  MOCK_INTERFACE_DECLARATION (MockUefiBootServicesTableLib);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_GetMemoryMap,
+(IN OUT UINTN *MemoryMapSize,
+ OUTEFI_MEMORY_DESCRIPTOR *MemoryMap,
+ OUTUINTN *MapKey,
+ OUTUINTN *DescriptorSize,
+ OUTUINT32*DescriptorVersion)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEvent,
+(IN  UINT32   Type,
+ IN  EFI_TPL  NotifyTpl,
+ IN  EFI_EVENT_NOTIFY NotifyFunction,
+ IN  VOID *NotifyContext,
+ OUT EFI_EVENT*Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CloseEvent,
+(IN EFI_EVENT Event)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_HandleProtocol,
+(IN  EFI_HANDLE Handle,
+ IN  EFI_GUID   *Protocol,
+ OUT VOID   **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_LocateProtocol,
+(IN  EFI_GUID *Protocol,
+ IN  VOID  *Registration  OPTIONAL,
+ OUT VOID  **Interface)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gBS_CreateEventEx,
+(IN UINT32Type,
+ IN EFI_TPL   NotifyTpl,
+ IN EFI_EVENT_NOTIFY  NotifyFunction OPTIONAL,
+ IN CONST VOID*NotifyContext OPTIONAL,
+ IN CONST EFI_GUID*EventGroup OPTIONAL,
+ OUT EFI_EVENT*Event)
+);
+};
+
+#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_
diff --git 

[edk2-devel] [PATCH v1 06/14] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg

[Doug Flick via groups.io]

This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirtQemu.dsc   | 5 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +
 ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +
 3 files changed, 15 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index f6f78359552d..36cb9bd329e7 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -554,6 +554,11 @@ [Components.common]
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 668a65ba648f..57aa2b1d1bad 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -461,6 +461,11 @@ [Components.common]
   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # ACPI Support
   #
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc 
b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index c5d097ffb935..80d420023e6c 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -177,6 +177,11 @@ [FV.FvMain]
   INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
   INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # TPM2 support
   #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118679): https://edk2.groups.io/g/devel/message/118679
Mute This Topic: https://groups.io/mt/105983245/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 14/14] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

[Doug Flick via groups.io]

From: Doug Flick 

This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
 - Random now comes from the RngLib Protocol
 - The TCP ISN is now generated by the hash function

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf |   3 +-
 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 102 
+++-
 3 files changed, 100 insertions(+), 6 deletions(-)

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index fa301a7a52ab..1772afb05815 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -30,6 +30,7 @@ [Components]
   NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
 
   
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  
UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
   }
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
index 301dcdf61109..8b092d9291d4 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -14,7 +14,7 @@ [Defines]
 #
 # The following information is for reference only and not required by the 
build tools.
 #
-#  VALID_ARCHITECTURES   = IA32 X64
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
 #
 
 [Sources]
@@ -23,6 +23,7 @@ [Sources]
   PxeBcDhcp6GoogleTest.h
   ../PxeBcDhcp6.c
   ../PxeBcSupport.c
+  ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index bd423ebadfce..61736ff79e83 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -7,6 +7,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 extern "C" {
   #include 
@@ -165,7 +167,7 @@ protected:
 // Note:
 // Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
 // properly setup Private structure. Attempting to properly test this function
-// without a signficant refactor is a fools errand. Instead, we will test
+// without a significant refactor is a fools errand. Instead, we will test
 // that we can prevent an overflow in the function.
 TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
   PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
 FreePool (Option);
   }
 }
+
 // Test Description
 // Test that we can prevent an overflow in the function
 TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, 
AttemptRequestOverFlowExpectFailure) {
 class PxeBcDhcp6DiscoverTest : public ::testing::Test {
 public:
   PXEBC_PRIVATE_DATA Private = { 0 };
+  // create a mock md5 hash
+  UINT8 Md5Hash[16] = { 0 };
+
   EFI_UDP6_PROTOCOL Udp6Read;
 
 protected:
   MockUefiRuntimeServicesTableLib RtServicesMock;
+  MockUefiBootServicesTableLib BsMock;
+  MockRng RngMock;
 
   // Add any setup code if needed
   virtual void
@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)
+)
+   );
+
+  EXPECT_CALL (RngMock, GetRng)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<3> (::testing::ByRef 
(Md5Hash[0])),
+::testing::Return (EFI_SUCCESS)
+)
+   );
 
   ASSERT_EQ (
 PxeBcDhcp6Discover (
@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
 
   Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 
*)Private.Dhcp6Request);
 
-  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-.WillOnce (::testing::Return (0));
+  EXPECT_CALL (BsMock, gBS_LocateProtocol)
+.WillOnce (
+   ::testing::DoAll (
+::testing::SetArgPointee<2> (::testing::ByRef 
(gRngProtocol)),
+::testing::Return (EFI_SUCCESS)

[edk2-devel] [PATCH v1 13/14] MdePkg: Add MockHash2 Protocol for testing

[Doug Flick via groups.io]

From: Doug Flick 

This commit adds a new MockHash2 protocol to the MdePkg. This protocol
is used to test Hash2 protocol consumers.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h   | 67 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp | 27 
 2 files changed, 94 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
new file mode 100644
index ..b44d341332dc
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h
@@ -0,0 +1,67 @@
+/** @file
+  This file declares a mock of Hash2 Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_HASH2_H_
+#define MOCK_HASH2_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockHash2 {
+  MOCK_INTERFACE_DECLARATION (MockHash2);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetHashSize,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ OUT UINTN*HashSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+Hash,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashInit,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST EFI_GUID*HashAlgorithm)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashUpdate,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN CONST UINT8   *Message,
+ IN UINTN MessageSize)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+HashFinal,
+(IN CONST EFI_HASH2_PROTOCOL  *This,
+ IN OUT EFI_HASH2_OUTPUT  *Hash)
+);
+};
+
+extern "C" {
+  extern EFI_HASH2_PROTOCOL  *gHash2Protocol;
+}
+
+#endif // MOCK_HASH2_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
new file mode 100644
index ..5cf94c43b4a5
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp
@@ -0,0 +1,27 @@
+/** @file MockHash2.cpp
+  Google Test mock for Hash2 Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockHash2);
+MOCK_FUNCTION_DEFINITION (MockHash2, GetHashSize, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, Hash, 5, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashInit, 2, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashUpdate, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockHash2, HashFinal, 2, EFIAPI);
+
+EFI_HASH2_PROTOCOL  HASH2_PROTOCOL_INSTANCE = {
+  GetHashSize, // EFI_HASH2_GET_HASH_SIZE
+  Hash,// EFI_HASH2_HASH
+  HashInit,// EFI_HASH2_HASH_INIT
+  HashUpdate,  // EFI_HASH2_HASH_UPDATE
+  HashFinal// EFI_HASH2_HASH_FINAL
+};
+
+extern "C" {
+  EFI_HASH2_PROTOCOL  *gHash2Protocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118686): https://edk2.groups.io/g/devel/message/118686
Mute This Topic: https://groups.io/mt/105983253/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 07/14] NetworkPkg:: SECURITY PATCH CVE-2023-45237

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542

Bug Overview:
PixieFail Bug #9
CVE-2023-45237
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of a Weak PseudoRandom Number Generator

Change Overview:

Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either

>
> EFI_STATUS
> EFIAPI
> PseudoRandomU32 (
>  OUT UINT32  *Output
>  );
>

or (depending on the use case)

>
> EFI_STATUS
> EFIAPI
> PseudoRandom (
>  OUT  VOID   *Output,
>  IN   UINTN  OutputLength
>  );
>

This is because the use of

Example:

The following code snippet PseudoRandomU32 () function is used:

>
> UINT32 Random;
>
> Status = PseudoRandomU32 ();
> if (EFI_ERROR (Status)) {
>   DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n",
__func__, Status));
>   return Status;
> }
>

This also introduces a new PCD to enable/disable the use of the
NIST SP-800-90 approved algorithms for PseudoRandom () and
instead depend on the default implementation. This may be required for
some platforms where the UEFI Spec defined algorithms are not available.

>
> PcdEnforceSecureRngAlgorithms
>

If the platform does not have the NIST SP-800-90 approved algorithms
then the driver will assert.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/NetworkPkg.dec  |   7 ++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf |  12 +-
 NetworkPkg/TcpDxe/TcpDxe.inf   |   3 +
 NetworkPkg/IScsiDxe/IScsiMisc.h|   6 +-
 NetworkPkg/Include/Library/NetLib.h|  40 --
 NetworkPkg/Ip6Dxe/Ip6Nd.h  |   8 +-
 NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c  |  10 +-
 NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c  |  11 +-
 NetworkPkg/DnsDxe/DnsDhcp.c|  10 +-
 NetworkPkg/DnsDxe/DnsImpl.c|  11 +-
 NetworkPkg/HttpBootDxe/HttpBootDhcp6.c |  10 +-
 NetworkPkg/IScsiDxe/IScsiCHAP.c|  19 ++-
 NetworkPkg/IScsiDxe/IScsiMisc.c|  14 +--
 NetworkPkg/Ip4Dxe/Ip4Driver.c  |  10 +-
 NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c  |   9 +-
 NetworkPkg/Ip6Dxe/Ip6Driver.c  |  17 ++-
 NetworkPkg/Ip6Dxe/Ip6If.c  |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Mld.c |  12 +-
 NetworkPkg/Ip6Dxe/Ip6Nd.c  |  33 -
 NetworkPkg/Library/DxeNetLib/DxeNetLib.c   | 129 +---
 NetworkPkg/TcpDxe/TcpDriver.c  |  15 ++-
 NetworkPkg/Udp4Dxe/Udp4Driver.c|  10 +-
 NetworkPkg/Udp6Dxe/Udp6Driver.c|  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c   |   9 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c   |  11 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c  |  12 +-
 NetworkPkg/SecurityFixes.yaml  |  39 ++
 27 files changed, 407 insertions(+), 83 deletions(-)

diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index e06f35e7747c..7c4289b77b21 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -5,6 +5,7 @@
 #
 # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
 # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
+# Copyright (c) Microsoft Corporation
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -130,6 +131,12 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
   # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call.
   
gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x100C
 
+  ## Enforces the use of Secure UEFI spec defined RNG algorithms for all 
network connections.
+  # TRUE  - Enforce the use of Secure UEFI spec defined RNG algorithms.
+  # FALSE - Do not enforce and depend on the default implementation of RNG 
algorithm from the provider.
+  # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+  
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x100D
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 
6355).
   # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT]
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
index 8145d256ec10..56e3c3c58540 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -3,6 +3,7 @@
 #
 #  Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
 #  (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+#  Copyright (c) Microsoft Corporation
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -49,7 +50,9 @@ [Guids]
   gEfiSmbiosTableGuid   ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiSmbios3TableGuid  ## SOMETIMES_CONSUMES  ## 
SystemTable
   gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES
-
+  

[edk2-devel] [PATCH v1 12/14] MdePkg: : Adds Protocol for MockRng

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds a protocol for MockRng. This protocol is used to
mock the Rng protocol for testing purposes.

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h   | 48 

 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp | 21 +
 2 files changed, 69 insertions(+)

diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
new file mode 100644
index ..b54f8a234b2f
--- /dev/null
+++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h
@@ -0,0 +1,48 @@
+/** @file
+  This file declares a mock of Rng Protocol.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MOCK_RNG_H_
+#define MOCK_RNG_H_
+
+#include 
+#include 
+
+extern "C" {
+  #include 
+  #include 
+}
+
+struct MockRng {
+  MOCK_INTERFACE_DECLARATION (MockRng);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetInfo,
+(
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN*RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM   *RNGAlgorithmList
+)
+);
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+GetRng,
+(
+ IN EFI_RNG_PROTOCOL*This,
+ IN EFI_RNG_ALGORITHM   *RNGAlgorithm,
+ IN UINTN   RNGValueLength,
+ OUT UINT8  *RNGValue
+)
+);
+};
+
+extern "C" {
+  extern EFI_RNG_PROTOCOL  *gRngProtocol;
+}
+
+#endif // MOCK_RNG_H_
diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp 
b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
new file mode 100644
index ..7d8b69cc8673
--- /dev/null
+++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp
@@ -0,0 +1,21 @@
+/** @file MockRng.cpp
+  Google Test mock for Rng Protocol
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include 
+
+MOCK_INTERFACE_DEFINITION (MockRng);
+MOCK_FUNCTION_DEFINITION (MockRng, GetInfo, 3, EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockRng, GetRng, 4, EFIAPI);
+
+EFI_RNG_PROTOCOL  RNG_PROTOCOL_INSTANCE = {
+  GetInfo, // EFI_RNG_GET_INFO
+  GetRng   // EFI_RNG_GET_RNG
+};
+
+extern "C" {
+  EFI_RNG_PROTOCOL  *gRngProtocol = _PROTOCOL_INSTANCE;
+}
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118685): https://edk2.groups.io/g/devel/message/118685
Mute This Topic: https://groups.io/mt/105983252/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 09/14] OvmfPkg: Disable NIST Algorithms NetworkPkg

[Doug Flick via groups.io]

This commit disables enforcement of NIST defined
RNG algorithms. Such that NetworkPkg will accept
"Default" and depend on the platform.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/OvmfPkgIa32.dsc| 7 +++
 OvmfPkg/OvmfPkgIa32X64.dsc | 9 +
 OvmfPkg/OvmfPkgX64.dsc | 7 +++
 OvmfPkg/OvmfXen.dsc| 7 +++
 4 files changed, 30 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 7d7729e07729..080d1a93a0ee 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -571,6 +571,13 @@ [PcdsFixedAtBuild]
   #
 !include NetworkPkg/NetworkPcds.dsc.inc
 
+  #
+  # Platforms may not support the EDK2 Standard NIST Algorithms
+  # This Pcd allows for platform to override the attempt to use the NIST 
Algorithms
+  # and falls back to default such that the platform can own the Rng Algorithm
+  #
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
   gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x2
 
 !if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 1e924ccc5eb4..d62f9ea3fa69 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -571,6 +571,8 @@ [PcdsFixedAtBuild]
   #
   gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
 
+
+
 [PcdsFixedAtBuild.IA32]
   #
   # The NumberOfPages values below are ad-hoc. They are updated sporadically at
@@ -590,6 +592,13 @@ [PcdsFixedAtBuild.X64]
   #
 !include NetworkPkg/NetworkPcds.dsc.inc
 
+  #
+  # Platforms may not support the EDK2 Standard NIST Algorithms
+  # This Pcd allows for platform to override the attempt to use the NIST 
Algorithms
+  # and falls back to default such that the platform can own the Rng Algorithm
+  #
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
   gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x2
 
 !if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3637b967b139..761c86f73a6b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -601,6 +601,13 @@ [PcdsFixedAtBuild]
   #
 !include NetworkPkg/NetworkPcds.dsc.inc
 
+  #
+  # Platforms may not support the EDK2 Standard NIST Algorithms
+  # This Pcd allows for platform to override the attempt to use the NIST 
Algorithms
+  # and falls back to default such that the platform can own the Rng Algorithm
+  #
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
   gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x2
 
 !if $(SMM_REQUIRE) == TRUE
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 7fc340d1c1df..0b2dac0cdaef 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -443,6 +443,13 @@ [PcdsFixedAtBuild]
   #
 !include NetworkPkg/NetworkPcds.dsc.inc
 
+  #
+  # Platforms may not support the EDK2 Standard NIST Algorithms
+  # This Pcd allows for platform to override the attempt to use the NIST 
Algorithms
+  # and falls back to default such that the platform can own the Rng Algorithm
+  #
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
 !ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE)
   ## Set Xen's debug IO port for PlatformDebugLibIoPort
   gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort|0xe9
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118682): https://edk2.groups.io/g/devel/message/118682
Mute This Topic: https://groups.io/mt/105983248/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 08/14] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236

[Doug Flick via groups.io]

From: Doug Flick 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt

Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.

This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.

RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection

   A TCP implementation MUST use the above type of "clock" for clock-
   driven selection of initial sequence numbers (MUST-8), and SHOULD
   generate its initial sequence numbers with the expression:

   ISN = M + F(localip, localport, remoteip, remoteport, secretkey)

   where M is the 4 microsecond timer, and F() is a pseudorandom
   function (PRF) of the connection's identifying parameters ("localip,
   localport, remoteip, remoteport") and a secret key ("secretkey")
   (SHLD-1).  F() MUST NOT be computable from the outside (MUST-9), or
   an attacker could still guess at sequence numbers from the ISN used
   for some other connection.  The PRF could be implemented as a
   cryptographic hash of the concatenation of the TCP connection
   parameters and some secret data.  For discussion of the selection of
   a specific hash algorithm and management of the secret key data,
   please see Section 3 of [42].

   For each connection there is a send sequence number and a receive
   sequence number.  The initial send sequence number (ISS) is chosen by
   the data sending TCP peer, and the initial receive sequence number
   (IRS) is learned during the connection-establishing procedure.

   For a connection to be established or initialized, the two TCP peers
   must synchronize on each other's initial sequence numbers.  This is
   done in an exchange of connection-establishing segments carrying a
   control bit called "SYN" (for synchronize) and the initial sequence
   numbers.  As a shorthand, segments carrying the SYN bit are also
   called "SYNs".  Hence, the solution requires a suitable mechanism for
   picking an initial sequence number and a slightly involved handshake
   to exchange the ISNs.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/TcpDxe/TcpDxe.inf  |   8 +-
 NetworkPkg/TcpDxe/TcpFunc.h   |  23 +-
 NetworkPkg/TcpDxe/TcpMain.h   |  59 -
 NetworkPkg/TcpDxe/TcpDriver.c |  92 +++-
 NetworkPkg/TcpDxe/TcpInput.c  |  13 +-
 NetworkPkg/TcpDxe/TcpMisc.c   | 242 ++--
 NetworkPkg/TcpDxe/TcpTimer.c  |   3 +-
 NetworkPkg/SecurityFixes.yaml |  22 ++
 8 files changed, 414 insertions(+), 48 deletions(-)

diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index cf5423f4c537..76de4cf9ec3d 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -6,6 +6,7 @@
 #  stack has been loaded in system. This driver supports both IPv4 and IPv6 
network stack.
 #
 #  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+#  Copyright (c) Microsoft Corporation
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -68,7 +69,6 @@ [LibraryClasses]
   NetLib
   IpIoLib
 
-
 [Protocols]
   ## SOMETIMES_CONSUMES
   ## SOMETIMES_PRODUCES
@@ -81,6 +81,12 @@ [Protocols]
   gEfiIp6ServiceBindingProtocolGuid ## TO_START
   gEfiTcp6ProtocolGuid  ## BY_START
   gEfiTcp6ServiceBindingProtocolGuid## BY_START
+  gEfiHash2ProtocolGuid ## BY_START
+  gEfiHash2ServiceBindingProtocolGuid   ## BY_START
+
+[Guids]
+  gEfiHashAlgorithmMD5Guid  ## CONSUMES
+  gEfiHashAlgorithmSha256Guid   ## CONSUMES
 
 [Depex]
   gEfiHash2ServiceBindingProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
index a7af01fff246..c707bee3e548 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
@@ -2,7 +2,7 @@
   Declaration of external functions shared in TCP driver.
 
   Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-
+  Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -36,8 +36,11 @@ VOID
 
   @param[in, out]  Tcb   Pointer to the TCP_CB of this TCP 
instance.
 
+  @retval EFI_SUCCESS The operation completed successfully
+  @retval others  The underlying functions failed and could 
not complete the operation
+
 **/
-VOID
+EFI_STATUS
 TcpInitTcbLocal (
   IN OUT TCP_CB  *Tcb
   );
@@ -128,17 +131,6 @@ TcpCloneTcb (
   IN TCP_CB  *Tcb
   );
 
-/**
-  Compute an ISS to be used by a new connection.
-
-  @return The result ISS.
-
-**/
-TCP_SEQNO
-TcpGetIss (
-  VOID
-  );
-
 

[edk2-devel] [PATCH v1 10/14] ArmVirtPkg: : Disables NIST algorithms NetworkPkg

[Doug Flick via groups.io]

The NetworkPkg attempts to use the NIST Algorithms
as defined in the EDK2 specification. If not
available (or if so desired) the platform may
choose to use "Default" and use what is provided by
the platform.

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/ArmVirt.dsc.inc | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 2bc6a29eb131..00e6b5b5d582 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -382,6 +382,13 @@ [PcdsFixedAtBuild.common]
 
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE
 
+  #
+  # Platforms may not support the EDK2 Standard NIST Algorithms
+  # This Pcd allows for platform to override the attempt to use the NIST 
Algorithms
+  # and falls back to default such that the platform can own the Rng Algorithm
+  #
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+
 [Components.common]
   #
   # Ramdisk support
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118683): https://edk2.groups.io/g/devel/message/118683
Mute This Topic: https://groups.io/mt/105983249/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 04/14] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/OvmfPkgIa32.dsc| 6 +-
 OvmfPkg/OvmfPkgIa32X64.dsc | 6 +-
 OvmfPkg/OvmfPkgX64.dsc | 6 +-
 OvmfPkg/OvmfXen.dsc| 5 +
 OvmfPkg/OvmfPkgIa32.fdf| 5 +
 OvmfPkg/OvmfPkgIa32X64.fdf | 5 +
 OvmfPkg/OvmfPkgX64.fdf | 5 +
 OvmfPkg/OvmfXen.fdf| 5 +
 8 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 9db3ebd0e722..7d7729e07729 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -228,7 +228,6 @@ [LibraryClasses]
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -857,6 +856,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 43378122925b..1e924ccc5eb4 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -233,7 +233,6 @@ [LibraryClasses]
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -871,6 +870,11 @@ [Components.X64]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 157ae6c0e4b0..3637b967b139 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -249,7 +249,6 @@ [LibraryClasses]
   
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
   
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
 
-
   #
   # Network libraries
   #
@@ -939,6 +938,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index fa1a570e746a..7fc340d1c1df 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -667,6 +667,11 @@ [Components]
   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
   
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
   #
   # Network Support
   #
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 6eb26f7d4613..0d4abb50a8f7 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -295,6 +295,11 @@ [FV.DXEFV]
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 080784f722a7..23a825a01298 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -296,6 +296,11 @@ [FV.DXEFV]
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index c2d3cc901e94..16c7a2b0a132 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -326,6 +326,11 @@ [FV.DXEFV]
 
 INF OvmfPkg/TdxDxe/TdxDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index 5770b173168b..41368f37e254 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -314,6 +314,11 @@ [FV.DXEFV]
 
 INF MdeModulePkg/Logo/LogoDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Network modules
 #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118677): https://edk2.groups.io/g/devel/message/118677
Mute This Topic: https://groups.io/mt/105983242/21656
Group Owner: 

[edk2-devel] [PATCH v1 05/14] ArmVirtPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Leif Lindholm 
Cc: Sami Mujawar 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py 
b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
index 0ddaccf9c21f..3abab0914127 100644
--- a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
+++ b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py
@@ -240,6 +240,8 @@ class PlatformBuilder(UefiBuilder, BuildSettingsManager):
 args += " -serial stdio"
 # Mount disk with startup.nsh
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk"
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 # Conditional Args
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118678): https://edk2.groups.io/g/devel/message/118678
Mute This Topic: https://groups.io/mt/105983244/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 02/14] EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is
used to provide the hashing protocol services.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 5 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 0a66294cb768..1c356bc8c732 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -128,10 +128,11 @@ [LibraryClasses]
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
   
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
@@ -402,6 +403,10 @@ [Components]
   # Rng Protocol producer
   #
   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
 
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index d756c144d94d..73d5b0068d3f 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -198,6 +198,11 @@ [FV.FvRecovery]
 #
 INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
 
+#
+# Hash2 Protocol producer
+#
+INF  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
 #
 # Secure Boot Key Enroll
 #
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118675): https://edk2.groups.io/g/devel/message/118675
Mute This Topic: https://groups.io/mt/105983240/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 03/14] OvmfPkg:PlatformCI: Support virtio-rng-pci

[Doug Flick via groups.io]

This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
This adds Rng services to the guest VM

Cc: Ard Biesheuvel 
Cc: Jiewen Yao 
Cc: Gerd Hoffmann 

Signed-off-by: Doug Flick [MSFT] 
---
 OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py 
b/OvmfPkg/PlatformCI/PlatformBuildLib.py
index 00d454954bff..3fe80f5c1caa 100644
--- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
+++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
@@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager):
 args += " -net none"# 
turn off network
 args += " -smp 4"
 args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # 
Mount disk with startup.nsh
+# Provides Rng services to the Guest VM
+args += " -device virtio-rng-pci"
 
 if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
 args += " -display none"  # no graphics
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118676): https://edk2.groups.io/g/devel/message/118676
Mute This Topic: https://groups.io/mt/105983241/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v1 00/14] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

[Doug Flick via groups.io]

REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

This patch series patches the following CVEs:
- CVE-2023-45236: Predictable TCP Initial Sequence Numbers
- CVE-2023-45237: Use of a Weak PseudoRandom Number Generator

In order to patch these CVEs, the following changes were made:
- NetworkPkg no longer performs it's own random number generation, 
  instead it uses EFI_RNG_PROTOCOL provided by the plaform to 
  generate random numbers.
  - This change was made such that any future random number
generation vulnerabilities will be a result of the platforms
implementation of the EFI_RNG_PROTOCOL and not the NetworkPkg

- NetworkPkg uses the TCP initial sequence number algorithm as described
  in RFC 6528 to generate the initial sequence number for TCP connections.
  - This change was made to ensure that the initial sequence number
is not predictable and therefore cannot be used in a TCP hijacking
attack.

In addition to the above changes, the following changes were made:
- EmulatorPkg OvmfPkg, and ArmVirtPkg were updated to include the
  Hash2DxeCrypto driver to support TCP ISN generation using 
  EFI_HASH2_PROTOCOL

- EmulatorPkg was updated to include the
  RngDxe driver to support random number generation using the
  EFI_RNG_PROTOCOL

- OvmfPkg, and ArmVirtPkg were updated to include the
  virtio-rng-pci device to support random number generation using the
  EFI_RNG_PROTOCOL using the existing VirtioRngDxe driver

- ArmVirtPkg and OvmfPkg were updated to disable the NIST algorithms
  in the NetworkPkg due to the driver only supporting EFI_RNG_ALGORITHM

- MdePkg was updated to include MockUefiBootServicesTableLib,
  MockRng, and MockHash2 protocols for testing

- NetworkPkg was updated to include a test for the PxeBcDhcp6 driver
  due to underlying changes

Cc: Liming Gao 

Signed-off-by: Doug Flick [MSFT] 

Doug Flick (14):
  EmulatorPkg: : Add RngDxe to EmulatorPkg
  EmulatorPkg: : Add Hash2DxeCrypto to EmulatorPkg
  OvmfPkg:PlatformCI: Support virtio-rng-pci
  OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg
  ArmVirtPkg:PlatformCI: Support virtio-rng-pci
  ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg
  NetworkPkg:: SECURITY PATCH CVE-2023-45237
  NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236
  OvmfPkg: Disable NIST Algorithms NetworkPkg
  ArmVirtPkg: : Disables NIST algorithms NetworkPkg
  MdePkg: : Add MockUefiBootServicesTableLib
  MdePkg: : Adds Protocol for MockRng
  MdePkg: Add MockHash2 Protocol for testing
  NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes

 NetworkPkg/NetworkPkg.dec  
   |   7 +
 ArmVirtPkg/ArmVirt.dsc.inc 
   |   7 +
 ArmVirtPkg/ArmVirtQemu.dsc 
   |   5 +
 ArmVirtPkg/ArmVirtQemuKernel.dsc   
   |   5 +
 EmulatorPkg/EmulatorPkg.dsc
   |  14 +-
 MdePkg/Test/MdePkgHostTest.dsc 
   |   1 +
 NetworkPkg/Test/NetworkPkgHostTest.dsc 
   |   1 +
 OvmfPkg/OvmfPkgIa32.dsc
   |  13 +-
 OvmfPkg/OvmfPkgIa32X64.dsc 
   |  15 +-
 OvmfPkg/OvmfPkgX64.dsc 
   |  13 +-
 OvmfPkg/OvmfXen.dsc
   |  12 +
 EmulatorPkg/EmulatorPkg.fdf
   |  11 +-
 OvmfPkg/OvmfPkgIa32.fdf
   |   5 +
 OvmfPkg/OvmfPkgIa32X64.fdf 
   |   5 +
 OvmfPkg/OvmfPkgX64.fdf 
   |   5 +
 OvmfPkg/OvmfXen.fdf
   |   5 +
 
MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf
 |  32 +++
 NetworkPkg/Library/DxeNetLib/DxeNetLib.inf 
   |  12 +-
 NetworkPkg/TcpDxe/TcpDxe.inf   
   |  11 +-
 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf  
   |   3 +-
 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h 
   |  78 +++
 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h   
   |  67 

[edk2-devel] [PATCH v1 01/14] EmulatorPkg: : Add RngDxe to EmulatorPkg

[Doug Flick via groups.io]

From: Doug Flick 

This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide
random number generation services to the UEFI firmware.

Cc: Andrew Fish 
Cc: Ray Ni 

Signed-off-by: Doug Flick [MSFT] 
---
 EmulatorPkg/EmulatorPkg.dsc | 9 +++--
 EmulatorPkg/EmulatorPkg.fdf | 6 +-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 5fa1ed345a33..0a66294cb768 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -127,9 +127,9 @@ [LibraryClasses]
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
   FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
   
ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf
-
-!if $(SECURE_BOOT_ENABLE) == TRUE
   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
   
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -398,6 +398,11 @@ [Components]
   EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf
   EmulatorPkg/TimerDxe/Timer.inf
 
+  #
+  # Rng Protocol producer
+  #
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 !if $(SECURE_BOOT_ENABLE) == TRUE
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 !endif
diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf
index 5420756eaa6f..d756c144d94d 100644
--- a/EmulatorPkg/EmulatorPkg.fdf
+++ b/EmulatorPkg/EmulatorPkg.fdf
@@ -193,6 +193,11 @@ [FV.FvRecovery]
 INF  MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
 INF  MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf
 
+#
+# Rng Protocol producer
+#
+INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 #
 # Secure Boot Key Enroll
 #
@@ -320,4 +325,3 @@ [Rule.Common.UEFI_APPLICATION.BINARY]
 UISTRING="$(MODULE_NAME)" Optional
 VERSION   STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
   }
-
-- 
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118674): https://edk2.groups.io/g/devel/message/118674
Mute This Topic: https://groups.io/mt/105983239/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Assistance Needed: ArmVirtPkg

[Doug Flick via groups.io]

Thanks!

I figured out out what I was missing (a mistake on my end) and I now have it 
booting to shell! I'll make the required changes to OvmfPkg and ArmVirtPkg 
based on your suggestions and put the Patch Series on the mailing list.

The assert you were seeing was the patch attempting to use the EDK2 Nist 
algorithms where VirtioRngDxe doesn't supply them. In that case, I created a 
PCD to disable the attempt to use the Nist algorithms and just take whichever 
algorithm the Rng Producer provides. This allows a platform to implement 
however they deem fit and puts the responsibility of secure algorithms on the 
platform. 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118650): https://edk2.groups.io/g/devel/message/118650
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] Assistance Needed: ArmVirtPkg

[Doug Flick via groups.io]

Thanks Ard for the explanation! 
Would you be able to tell me the exact changes you made to get to this point 
and if that would be an acceptable change to make to get these CVE patches on 
the mailing list? I'm happy adding the depex but fundamentally I think the goal 
is get these patches into this release. My attempts to rollback some of my 
changes and use VirtioRngDxe have been unsuccessful so far.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118647): https://edk2.groups.io/g/devel/message/118647
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] Assistance Needed: ArmVirtPkg

[Doug Flick via groups.io]

All,

In order to patch Tianocore Bugzilla issues and CVEs:
 4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs 
(tianocore.org)
and
4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator 
(tianocore.org)

I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've 
been able to add the relevant libraries to the DSCs of OvmfPkg and EmulatorPkg 
however I'm seeing odd behavior with ArmVirtPkg.

Would someone more knowledgeable with ArmVirtPkg take a look this PR.

PixieFail #8 and #9 TCBZ4541 and TCBZ4542 by Flickdm · Pull Request #5582 · 
tianocore/edk2 (github.com)

The issue was introduced in the commit "ArmVirtPkg: : Add RngDxe to 
ArmVirtPkg"

Right now PlatformCI_ArmVirtPkg_Ubuntu_GCC5_PR is crashing with

INFO - Synchronous Exception at 0x7FBE35BC
INFO - PC 0x7FBE35BC (0x7FBE+0x35BC) [ 0] RngDxe.dll
INFO - PC 0x7FBE2430 (0x7FBE+0x2430) [ 0] RngDxe.dll
INFO - PC 0x7FBE2E14 (0x7FBE+0x2E14) [ 0] RngDxe.dll
INFO - PC 0x4748CCFC (0x47485000+0x7CFC) [ 1] DxeCore.dll
INFO - PC 0x4749A6C4 (0x47485000+0x000156C4) [ 1] DxeCore.dll
INFO - PC 0x474904F0 (0x47485000+0xB4F0) [ 1] DxeCore.dll
INFO -
INFO - [ 0] 
/__w/1/s/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe/DEBUG/RngDxe.dll
INFO - [ 1] 
/__w/1/s/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
INFO -
INFO -   X0 0x8000   X1 0x   X2 0x  
 X3 0x
INFO -   X4 0x   X5 0x   X6 0x  
 X7 0x
INFO -   X8 0x7008   X9 0x0007  X10 0x7EA47000  
X11 0x7EA54FFF
INFO -  X12 0x  X13 0x0008  X14 0x  
X15 0x
INFO -  X16 0x47484D70  X17 0x474CC000  X18 0x  
X19 0x7FFD0018
INFO -  X20 0x0001  X21 0x7EA55D98  X22 0x7FBE5000  
X23 0x0030
INFO -  X24 0x  X25 0x7FBE5000  X26 0x  
X27 0x474B
INFO -  X28 0x0001   FP 0x47484C50   LR 0x7FBE2430
INFO -
INFO -   V0 0x    V1 0x 

INFO -   V2 0x    V3 0x 

INFO -   V4 0x    V5 0x 

INFO -   V6 0x    V7 0x 

INFO -   V8 0x    V9 0x 

INFO -  V10 0x   V11 0x 

INFO -  V12 0x   V13 0x 

INFO -  V14 0x   V15 0x 

INFO -  V16 0x   V17 0x 

INFO -  V18 0x   V19 0x 

INFO -  V20 0x   V21 0x 

INFO -  V22 0x   V23 0x 

INFO -  V24 0x   V25 0x 

INFO -  V26 0x   V27 0x 

INFO -  V28 0x   V29 0x 

INFO -  V30 0x   V31 0x 



Thanks!


  *
Doug



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118615): https://edk2.groups.io/g/devel/message/118615
Mute This Topic: https://groups.io/mt/105949609/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v2 4/4] NetworkPkg: : Updating SecurityFixes.yaml

[Doug Flick via groups.io]

At this point - yes - but I don't have the ability to edit it. The advisory 
should reflect the current status. SecurtiyFixes.yaml is a way to express which 
commits are needed to be cherrypicked by a downstream consumer and what the 
current release is protected against. 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115531): https://edk2.groups.io/g/devel/message/115531
Mute This Topic: https://groups.io/mt/104339709/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 15/15] NetworkPkg: : Adds a SecurityFix.yaml file

[Doug Flick via groups.io]

This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/SecurityFixes.yaml | 123 ++
 1 file changed, 123 insertions(+)
 create mode 100644 NetworkPkg/SecurityFixes.yaml

diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
new file mode 100644
index ..7e900483fec5
--- /dev/null
+++ b/NetworkPkg/SecurityFixes.yaml
@@ -0,0 +1,123 @@
+## @file
+# Security Fixes for SecurityPkg
+#
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+CVE_2023_45229:
+  commit_titles:
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
+  cve: CVE-2023-45229
+  date_reported: 2023-08-28 13:56 UTC
+  description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing 
IA_NA/IA_TA options in a DHCPv6 Advertise message"
+  note:
+  files_impacted:
+- NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
+- NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
+  links:
+- https://bugzilla.tianocore.org/show_bug.cgi?id=4534
+- https://nvd.nist.gov/vuln/detail/CVE-2023-45229
+- http://www.openwall.com/lists/oss-security/2024/01/16/2
+- 
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+- 
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45230:
+  commit_titles:
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch"
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests"
+  cve: CVE-2023-45230
+  date_reported: 2023-08-28 13:56 UTC
+  description: "Bug 02 - edk2/NetworkPkg: Buffer overflow in the DHCPv6 client 
via a long Server ID option"
+  note:
+  files_impacted:
+- NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
+- NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
+  links:
+- https://bugzilla.tianocore.org/show_bug.cgi?id=4535
+- https://nvd.nist.gov/vuln/detail/CVE-2023-45230
+- http://www.openwall.com/lists/oss-security/2024/01/16/2
+- 
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+- 
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45231:
+  commit_titles:
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Patch"
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests"
+  cve: CVE-2023-45231
+  date_reported: 2023-08-28 13:56 UTC
+  description: "Bug 03 - edk2/NetworkPkg: Out-of-bounds read when handling a 
ND Redirect message with truncated options"
+  note:
+  files_impacted:
+- NetworkPkg/Ip6Dxe/Ip6Option.c
+  links:
+- https://bugzilla.tianocore.org/show_bug.cgi?id=4536
+- https://nvd.nist.gov/vuln/detail/CVE-2023-45231
+- http://www.openwall.com/lists/oss-security/2024/01/16/2
+- 
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+- 
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45232:
+  commit_titles:
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
+  cve: CVE-2023-45232
+  date_reported: 2023-08-28 13:56 UTC
+  description: "Bug 04 - edk2/NetworkPkg: Infinite loop when parsing unknown 
options in the Destination Options header"
+  note:
+  files_impacted:
+- NetworkPkg/Ip6Dxe/Ip6Option.c
+- NetworkPkg/Ip6Dxe/Ip6Option.h
+  links:
+- https://bugzilla.tianocore.org/show_bug.cgi?id=4537
+- https://nvd.nist.gov/vuln/detail/CVE-2023-45232
+- http://www.openwall.com/lists/oss-security/2024/01/16/2
+- 
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+- 
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45233:
+  commit_titles:
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
+- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
+  cve: CVE-2023-45233
+  date_reported: 2023-08-28 13:56 UTC
+  description: "Bug 05 - edk2/NetworkPkg: Infinite loop when parsing a PadN 
option in the Destination Options header "
+  note: This was fixed along with CVE-2023-45233
+  files_impacted:
+- NetworkPkg/Ip6Dxe/Ip6Option.c
+- NetworkPkg/Ip6Dxe/Ip6Option.h
+  links:
+- https://bugzilla.tianocore.org/show_bug.cgi?id=4538
+- https://nvd.nist.gov/vuln/detail/CVE-2023-45233
+- http://www.openwall.com/lists/oss-security/2024/01/16/2
+- 
http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
+- 
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
+CVE_2023_45234:
+  commit_titles:
+- "NetworkPkg: 

[edk2-devel] [PATCH v2 14/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540

Unit tests to confirm that the bug..

Buffer overflow when handling Server ID option from a DHCPv6 proxy
Advertise message

..has been patched.

This patch contains unit tests for the following functions:
PxeBcRequestBootService
PxeBcDhcp6Discover

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   5 +-
 .../GoogleTest/PxeBcDhcp6GoogleTest.h |  18 ++
 .../GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 278 +-
 3 files changed, 298 insertions(+), 3 deletions(-)

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index a0273c431025..fa301a7a52ab 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -27,7 +27,10 @@ [Components]
   #
   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
   NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
+
+  
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  }
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
 [LibraryClasses]
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
index b17c314791c8..0d825e44250a 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
@@ -47,4 +47,22 @@ PxeBcCacheDnsServerAddresses (
   IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
   );
 
+/**
+  Build and send out the request packet for the bootfile, and parse the reply.
+
+  @param[in]  Private   The pointer to PxeBc private data.
+  @param[in]  Index PxeBc option boot item type.
+
+  @retval EFI_SUCCESS   Successfully discovered the boot file.
+  @retval EFI_OUT_OF_RESOURCES  Failed to allocate resources.
+  @retval EFI_NOT_FOUND Can't get the PXE reply packet.
+  @retval OthersFailed to discover the boot file.
+
+**/
+EFI_STATUS
+PxeBcRequestBootService (
+  IN  PXEBC_PRIVATE_DATA  *Private,
+  IN  UINT32  Index
+  );
+
 #endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index 826050dc..bd423ebadfce 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -4,7 +4,9 @@
   Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
-#include 
+#include 
+#include 
+#include 
 
 extern "C" {
   #include 
@@ -19,7 +21,8 @@ extern "C" {
 // Definitions
 ///
 
-#define PACKET_SIZE  (1500)
+#define PACKET_SIZE(1500)
+#define REQUEST_OPTION_LENGTH  (120)
 
 typedef struct {
   UINT16OptionCode;   // The option code for DHCP6_OPT_SERVER_ID (e.g., 
0x03)
@@ -76,6 +79,26 @@ MockConfigure (
 }
 
 // Needed by PxeBcSupport
+EFI_STATUS
+PxeBcDns6 (
+  IN PXEBC_PRIVATE_DATA  *Private,
+  IN CHAR16  *HostName,
+  OUT EFI_IPv6_ADDRESS   *IpAddress
+  )
+{
+  return EFI_SUCCESS;
+}
+
+UINT32
+PxeBcBuildDhcp6Options (
+  IN  PXEBC_PRIVATE_DATA   *Private,
+  OUT EFI_DHCP6_PACKET_OPTION  **OptList,
+  IN  UINT8*Buffer
+  )
+{
+  return EFI_SUCCESS;
+}
+
 EFI_STATUS
 EFIAPI
 QueueDpc (
@@ -159,6 +182,10 @@ TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
   ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private)), 
EFI_DEVICE_ERROR);
 }
 
+///
+// PxeBcCacheDnsServerAddresses Tests
+///
+
 class PxeBcCacheDnsServerAddressesTest : public ::testing::Test {
 public:
   PXEBC_PRIVATE_DATA Private = { 0 };
@@ -298,3 +325,250 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, 
MultipleDnsEntries) {
 FreePool (Private.DnsServer);
   }
 }
+
+///
+// PxeBcRequestBootServiceTest Test Cases
+///
+
+class PxeBcRequestBootServiceTest : public ::testing::Test {
+public:
+  PXEBC_PRIVATE_DATA Private = { 0 };
+  EFI_UDP6_PROTOCOL Udp6Read;
+
+protected:
+  // Add any setup code if needed
+  virtual void
+  SetUp (
+)
+  {
+Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
+
+// Need to setup the 

[edk2-devel] [PATCH v2 11/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539

Unit tests to that the bug..

Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise
message

..has been patched

This contains tests for the following functions:
PxeBcHandleDhcp6Offer
PxeBcCacheDnsServerAddresses

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 .../GoogleTest/UefiPxeBcDxeGoogleTest.inf |  48 +++
 .../GoogleTest/PxeBcDhcp6GoogleTest.h |  50 +++
 .../GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 300 ++
 .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp |  19 ++
 5 files changed, 418 insertions(+)
 create mode 100644 
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
 create mode 100644 
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index 7fa7b0f9d5be..a0273c431025 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -27,6 +27,7 @@ [Components]
   #
   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
   NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
+  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
 [LibraryClasses]
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
new file mode 100644
index ..301dcdf61109
--- /dev/null
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -0,0 +1,48 @@
+## @file
+# Unit test suite for the UefiPxeBcDxe using Google Test
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+[Defines]
+INF_VERSION= 0x00010005
+BASE_NAME  = UefiPxeBcDxeGoogleTest
+FILE_GUID  = 77D45C64-EC1E-4174-887B-886E89FD1EDF
+MODULE_TYPE= HOST_APPLICATION
+VERSION_STRING = 1.0
+
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES   = IA32 X64
+#
+
+[Sources]
+  UefiPxeBcDxeGoogleTest.cpp
+  PxeBcDhcp6GoogleTest.cpp
+  PxeBcDhcp6GoogleTest.h
+  ../PxeBcDhcp6.c
+  ../PxeBcSupport.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+  NetworkPkg/NetworkPkg.dec
+
+[LibraryClasses]
+  GoogleTestLib
+  DebugLib
+  NetLib
+  PcdLib
+
+[Protocols]
+  gEfiDhcp6ServiceBindingProtocolGuid
+  gEfiDns6ServiceBindingProtocolGuid
+  gEfiDns6ProtocolGuid
+
+[Pcd]
+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
+
+[Guids]
+  gZeroGuid
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
new file mode 100644
index ..b17c314791c8
--- /dev/null
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
@@ -0,0 +1,50 @@
+/** @file
+  This file exposes the internal interfaces which may be unit tested
+  for the PxeBcDhcp6Dxe driver.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef PXE_BC_DHCP6_GOOGLE_TEST_H_
+#define PXE_BC_DHCP6_GOOGLE_TEST_H_
+
+//
+// Minimal includes needed to compile
+//
+#include 
+#include "../PxeBcImpl.h"
+
+/**
+  Handle the DHCPv6 offer packet.
+
+  @param[in]  Private The pointer to PXEBC_PRIVATE_DATA.
+
+  @retval EFI_SUCCESS   Handled the DHCPv6 offer packet 
successfully.
+  @retval EFI_NO_RESPONSE   No response to the following request 
packet.
+  @retval EFI_OUT_OF_RESOURCES  Failed to allocate resources.
+  @retval EFI_BUFFER_TOO_SMALL  Can't cache the offer pacet.
+
+**/
+EFI_STATUS
+PxeBcHandleDhcp6Offer (
+  IN PXEBC_PRIVATE_DATA  *Private
+  );
+
+/**
+  Cache the DHCPv6 Server address
+
+  @param[in] Private   The pointer to PXEBC_PRIVATE_DATA.
+  @param[in] Cache6The pointer to PXEBC_DHCP6_PACKET_CACHE.
+
+  @retvalEFI_SUCCESS   Cache the DHCPv6 Server address 
successfully.
+  @retvalEFI_OUT_OF_RESOURCES  Failed to allocate resources.
+  @retvalEFI_DEVICE_ERROR  Failed to cache the DHCPv6 Server address.
+**/
+EFI_STATUS
+PxeBcCacheDnsServerAddresses (
+  IN PXEBC_PRIVATE_DATA*Private,
+  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
+  );
+
+#endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
new file mode 100644
index ..826050dc
--- /dev/null
+++ 

[edk2-devel] [PATCH v2 13/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540

Bug Details:
PixieFail Bug #7
CVE-2023-45235
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds of
 a Memory Buffer

Buffer overflow when handling Server ID option from a DHCPv6 proxy
Advertise message

Change Overview:

Performs two checks

1. Checks that the length of the duid is accurate
> + //
> + // Check that the minimum and maximum requirements are met
> + //
> + if ((OpLen < PXEBC_MIN_SIZE_OF_DUID) ||
(OpLen > PXEBC_MAX_SIZE_OF_DUID)) {
> +  Status = EFI_INVALID_PARAMETER;
> +  goto ON_ERROR;
> + }

2. Ensures that the amount of data written to the buffer is tracked and
never exceeds that
> + //
> + // Check that the option length is valid.
> + //
> + if ((DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN)
 > DiscoverLenNeeded) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_ERROR;
> + }

Additional code clean up and fix for memory leak in case Option was NULL

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h | 17 ++
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 77 ++--
 2 files changed, 78 insertions(+), 16 deletions(-)

diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h 
b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
index c86f6d391b80..6357d27faefd 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
@@ -34,6 +34,23 @@
 #define PXEBC_ADDR_START_DELIMITER'['
 #define PXEBC_ADDR_END_DELIMITER  ']'
 
+//
+// A DUID consists of a 2-octet type code represented in network byte
+// order, followed by a variable number of octets that make up the
+// actual identifier.  The length of the DUID (not including the type
+// code) is at least 1 octet and at most 128 octets.
+//
+#define PXEBC_MIN_SIZE_OF_DUID  (sizeof(UINT16) + 1)
+#define PXEBC_MAX_SIZE_OF_DUID  (sizeof(UINT16) + 128)
+
+//
+// This define represents the combineds code and length field from
+// https://datatracker.ietf.org/doc/html/rfc3315#section-22.1
+//
+#define PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN  \
+  (sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpCode) + \
+  sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpLen))
+
 #define GET_NEXT_DHCP6_OPTION(Opt) \
   (EFI_DHCP6_PACKET_OPTION *) ((UINT8 *) (Opt) + \
   sizeof (EFI_DHCP6_PACKET_OPTION) + (NTOHS ((Opt)->OpLen)) - 1)
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c 
b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
index 2b2d372889a3..7fd1281c1184 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
@@ -887,6 +887,7 @@ PxeBcRequestBootService (
   EFI_STATUS   Status;
   EFI_DHCP6_PACKET *IndexOffer;
   UINT8*Option;
+  UINTNDiscoverLenNeeded;
 
   PxeBc  = >PxeBc;
   Request= Private->Dhcp6Request;
@@ -899,7 +900,8 @@ PxeBcRequestBootService (
 return EFI_DEVICE_ERROR;
   }
 
-  Discover = AllocateZeroPool (sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));
+  DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
+  Discover  = AllocateZeroPool (DiscoverLenNeeded);
   if (Discover == NULL) {
 return EFI_OUT_OF_RESOURCES;
   }
@@ -924,16 +926,34 @@ PxeBcRequestBootService (
DHCP6_OPT_SERVER_ID
);
 if (Option == NULL) {
-  return EFI_NOT_FOUND;
+  Status = EFI_NOT_FOUND;
+  goto ON_ERROR;
 }
 
 //
 // Add Server ID Option.
 //
 OpLen = NTOHS (((EFI_DHCP6_PACKET_OPTION *)Option)->OpLen);
-CopyMem (DiscoverOpt, Option, OpLen + 4);
-DiscoverOpt += (OpLen + 4);
-DiscoverLen += (OpLen + 4);
+
+//
+// Check that the minimum and maximum requirements are met
+//
+if ((OpLen < PXEBC_MIN_SIZE_OF_DUID) || (OpLen > PXEBC_MAX_SIZE_OF_DUID)) {
+  Status = EFI_INVALID_PARAMETER;
+  goto ON_ERROR;
+}
+
+//
+// Check that the option length is valid.
+//
+if ((DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN) > 
DiscoverLenNeeded) {
+  Status = EFI_OUT_OF_RESOURCES;
+  goto ON_ERROR;
+}
+
+CopyMem (DiscoverOpt, Option, OpLen + 
PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
+DiscoverOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
+DiscoverLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
   }
 
   while (RequestLen < Request->Length) {
@@ -944,16 +964,24 @@ PxeBcRequestBootService (
 (OpCode != DHCP6_OPT_SERVER_ID)
 )
 {
+  //
+  // Check that the option length is valid.
+  //
+  if (DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN > 
DiscoverLenNeeded) {
+Status = EFI_OUT_OF_RESOURCES;
+goto ON_ERROR;
+  }
+
   //
   // Copy all the options except IA option and Server ID
   //
-  CopyMem 

[edk2-devel] [PATCH v2 12/15] MdePkg: Test: Add gRT_GetTime Google Test Mock

[Doug Flick via groups.io]

This adds support for GetTime Google Test Mock

Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Signed-off-by: Doug Flick [MSFT] 
---
 .../GoogleTest/Library/MockUefiRuntimeServicesTableLib.h   | 7 +++
 .../MockUefiRuntimeServicesTableLib.cpp| 5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git 
a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiRuntimeServicesTableLib.h 
b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiRuntimeServicesTableLib.h
index 241abc55c079..bcc902cb93c2 100644
--- 
a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiRuntimeServicesTableLib.h
+++ 
b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiRuntimeServicesTableLib.h
@@ -37,6 +37,13 @@ struct MockUefiRuntimeServicesTableLib {
  IN UINTN DataSize,
  IN VOID  *Data)
 );
+
+  MOCK_FUNCTION_DECLARATION (
+EFI_STATUS,
+gRT_GetTime,
+(OUT  EFI_TIME*Time,
+ OUT  EFI_TIME_CAPABILITIES   *Capabilities OPTIONAL)
+);
 };
 
 #endif
diff --git 
a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.cpp
 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.cpp
index 14296b0ccb88..8d2afd5dd63a 100644
--- 
a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.cpp
+++ 
b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.cpp
@@ -10,11 +10,12 @@ MOCK_INTERFACE_DEFINITION (MockUefiRuntimeServicesTableLib);
 
 MOCK_FUNCTION_DEFINITION (MockUefiRuntimeServicesTableLib, gRT_GetVariable, 5, 
EFIAPI);
 MOCK_FUNCTION_DEFINITION (MockUefiRuntimeServicesTableLib, gRT_SetVariable, 5, 
EFIAPI);
+MOCK_FUNCTION_DEFINITION (MockUefiRuntimeServicesTableLib, gRT_GetTime, 2, 
EFIAPI);
 
 static EFI_RUNTIME_SERVICES  localRt = {
-  { 0 },  // EFI_TABLE_HEADER
+  { 0 },// EFI_TABLE_HEADER
 
-  NULL, // EFI_GET_TIME
+  gRT_GetTime,  // EFI_GET_TIME
   NULL, // EFI_SET_TIME
   NULL, // EFI_GET_WAKEUP_TIME
   NULL, // EFI_SET_WAKEUP_TIME
-- 
2.43.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114474): https://edk2.groups.io/g/devel/message/114474
Mute This Topic: https://groups.io/mt/103964988/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 10/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539

Bug Details:
PixieFail Bug #6
CVE-2023-45234
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds of
 a Memory Buffer

Buffer overflow when processing DNS Servers option in a DHCPv6
Advertise message

Change Overview:

Introduces a function to cache the Dns Server and perform sanitizing
on the incoming DnsServerLen to ensure that the length is valid

> + EFI_STATUS
> + PxeBcCacheDnsServerAddresses (
> +  IN PXEBC_PRIVATE_DATA*Private,
> +  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
> +  )

Additional code cleanup

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 71 +---
 1 file changed, 65 insertions(+), 6 deletions(-)

diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c 
b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
index 425e0cf8061d..2b2d372889a3 100644
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
@@ -3,6 +3,7 @@
 
   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+  Copyright (c) Microsoft Corporation
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -1312,6 +1313,65 @@ PxeBcSelectDhcp6Offer (
   }
 }
 
+/**
+  Cache the DHCPv6 DNS Server addresses
+
+  @param[in] Private   The pointer to PXEBC_PRIVATE_DATA.
+  @param[in] Cache6The pointer to PXEBC_DHCP6_PACKET_CACHE.
+
+  @retvalEFI_SUCCESS   Cache the DHCPv6 DNS Server address 
successfully.
+  @retvalEFI_OUT_OF_RESOURCES  Failed to allocate resources.
+  @retvalEFI_DEVICE_ERROR  The DNS Server Address Length provided by a 
untrusted
+   option is not a multiple of 16 bytes 
(sizeof (EFI_IPv6_ADDRESS)).
+**/
+EFI_STATUS
+PxeBcCacheDnsServerAddresses (
+  IN PXEBC_PRIVATE_DATA*Private,
+  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
+  )
+{
+  UINT16  DnsServerLen;
+
+  DnsServerLen = NTOHS (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen);
+  //
+  // Make sure that the number is nonzero
+  //
+  if (DnsServerLen == 0) {
+return EFI_DEVICE_ERROR;
+  }
+
+  //
+  // Make sure the DnsServerlen is a multiple of EFI_IPv6_ADDRESS (16)
+  //
+  if (DnsServerLen % sizeof (EFI_IPv6_ADDRESS) != 0) {
+return EFI_DEVICE_ERROR;
+  }
+
+  //
+  // This code is currently written to only support a single DNS Server instead
+  // of multiple such as is spec defined (RFC3646, Section 3). The proper 
behavior
+  // would be to allocate the full space requested, CopyMem all of the data,
+  // and then add a DnsServerCount field to Private and update additional code
+  // that depends on this.
+  //
+  // To support multiple DNS servers the `AllocationSize` would need to be 
changed to DnsServerLen
+  //
+  // This is tracked in https://bugzilla.tianocore.org/show_bug.cgi?id=1886
+  //
+  Private->DnsServer = AllocateZeroPool (sizeof (EFI_IPv6_ADDRESS));
+  if (Private->DnsServer == NULL) {
+return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Intentionally only copy over the first server address.
+  // To support multiple DNS servers, the `Length` would need to be changed to 
DnsServerLen
+  //
+  CopyMem (Private->DnsServer, 
Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
+
+  return EFI_SUCCESS;
+}
+
 /**
   Handle the DHCPv6 offer packet.
 
@@ -1335,6 +1395,7 @@ PxeBcHandleDhcp6Offer (
   UINT32SelectIndex;
   UINT32Index;
 
+  ASSERT (Private != NULL);
   ASSERT (Private->SelectIndex > 0);
   SelectIndex = (UINT32)(Private->SelectIndex - 1);
   ASSERT (SelectIndex < PXEBC_OFFER_MAX_NUM);
@@ -1342,15 +1403,13 @@ PxeBcHandleDhcp6Offer (
   Status = EFI_SUCCESS;
 
   //
-  // First try to cache DNS server address if DHCP6 offer provides.
+  // First try to cache DNS server addresses if DHCP6 offer provides.
   //
   if (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] != NULL) {
-Private->DnsServer = AllocateZeroPool (NTOHS 
(Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen));
-if (Private->DnsServer == NULL) {
-  return EFI_OUT_OF_RESOURCES;
+Status = PxeBcCacheDnsServerAddresses (Private, Cache6);
+if (EFI_ERROR (Status)) {
+  return Status;
 }
-
-CopyMem (Private->DnsServer, 
Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
   }
 
   if (Cache6->OfferType == PxeOfferTypeDhcpBinl) {
-- 
2.43.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114472): https://edk2.groups.io/g/devel/message/114472
Mute This Topic: https://groups.io/mt/103964986/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 08/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538

Bug Details:
PixieFail Bug #4
CVE-2023-45232
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

Infinite loop when parsing unknown options in the Destination Options
header

PixieFail Bug #5
CVE-2023-45233
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

Infinite loop when parsing a PadN option in the Destination Options
header

Change Overview:

Most importantly this change corrects the following incorrect math
and cleans up the code.

>   // It is a PadN option
>   //
> - Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2);
> + OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length;
> + Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);

> case Ip6OptionSkip:
> - Offset = (UINT8)(Offset + *(Option + Offset + 1));
>   OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length;
>   Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);

Additionally, this change also corrects incorrect math where the calling
function was calculating the HDR EXT optionLen as a uint8 instead of a
uint16

> - OptionLen = (UINT8)((*Option + 1) * 8 - 2);
> + OptionLen = IP6_HDR_EXT_LEN (*Option) -
IP6_COMBINED_SIZE_OF_NEXT_HDR_AND_LEN;

Additionally this check adds additional logic to santize the incoming
data

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Ip6Dxe/Ip6Nd.h | 35 
 NetworkPkg/Ip6Dxe/Ip6Option.h | 71 
 NetworkPkg/Ip6Dxe/Ip6Option.c | 76 ++-
 3 files changed, 171 insertions(+), 11 deletions(-)

diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
index 860934a167eb..bf64e9114e13 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Nd.h
+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h
@@ -56,13 +56,48 @@ VOID
   VOID  *Context
   );
 
+//
+// Per RFC8200 Section 4.2
+//
+//   Two of the currently-defined extension headers -- the Hop-by-Hop
+//   Options header and the Destination Options header -- carry a variable
+//   number of type-length-value (TLV) encoded "options", of the following
+//   format:
+//
+//  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
+//  |  Option Type  |  Opt Data Len |  Option Data
+//  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
+//
+//  Option Type  8-bit identifier of the type of option.
+//
+//  Opt Data Len 8-bit unsigned integer.  Length of the Option
+//   Data field of this option, in octets.
+//
+//  Option Data  Variable-length field.  Option-Type-specific
+//   data.
+//
 typedef struct _IP6_OPTION_HEADER {
+  ///
+  /// identifier of the type of option.
+  ///
   UINT8Type;
+  ///
+  /// Length of the Option Data field of this option, in octets.
+  ///
   UINT8Length;
+  ///
+  /// Option-Type-specific data.
+  ///
 } IP6_OPTION_HEADER;
 
 STATIC_ASSERT (sizeof (IP6_OPTION_HEADER) == 2, "IP6_OPTION_HEADER is expected 
to be exactly 2 bytes long.");
 
+#define IP6_NEXT_OPTION_OFFSET(offset, length)  (offset + 
sizeof(IP6_OPTION_HEADER) + length)
+STATIC_ASSERT (
+  IP6_NEXT_OPTION_OFFSET (0, 0) == 2,
+  "The next option is minimally the combined size of the option tag and length"
+  );
+
 typedef struct _IP6_ETHE_ADDR_OPTION {
   UINT8Type;
   UINT8Length;
diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.h b/NetworkPkg/Ip6Dxe/Ip6Option.h
index bd8e223c8a67..fb07c28f5ad7 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Option.h
+++ b/NetworkPkg/Ip6Dxe/Ip6Option.h
@@ -12,6 +12,77 @@
 
 #define IP6_FRAGMENT_OFFSET_MASK  (~0x3)
 
+//
+// For more information see RFC 8200, Section 4.3, 4.4, and 4.6
+//
+//  This example format is from section 4.6
+//  This does not apply to fragment headers
+//
+// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|  Next Header  |  Hdr Ext Len  |   |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   +
+//|   |
+//.   .
+//.  Header-Specific Data .
+//.   .
+//|   |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//
+//  Next Header   8-bit selector.  Identifies the type of
+//header immediately following the extension
+//header.  Uses the same values as the IPv4
+//Protocol field [IANA-PN].
+//
+//  Hdr Ext Len   8-bit unsigned integer.  Length of the
+//  

[edk2-devel] [PATCH v2 09/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538

Unit tests to confirm that..

Infinite loop when parsing unknown options in the Destination Options
header

and

Infinite loop when parsing a PadN option in the Destination Options
header

... have been patched

This patch tests the following functions:
Ip6IsOptionValid

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf|  10 +-
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h   |  40 +++
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 278 ++
 3 files changed, 324 insertions(+), 4 deletions(-)
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h

diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf 
b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
index 6e4de0745fb5..ba29dbabadb9 100644
--- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
@@ -1,13 +1,13 @@
 ## @file
-# Unit test suite for the Ip6Dxe using Google Test
+# Unit test suite for the Ip6DxeGoogleTest using Google Test
 #
 # Copyright (c) Microsoft Corporation.
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 ##
 [Defines]
   INF_VERSION = 0x00010017
-  BASE_NAME   = Ip6DxeUnitTest
-  FILE_GUID   = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A
+  BASE_NAME   = Ip6DxeGoogleTest
+  FILE_GUID   = AE39981C-B7FE-41A8-A9C2-F41910477CA3
   VERSION_STRING  = 1.0
   MODULE_TYPE = HOST_APPLICATION
 #
@@ -16,9 +16,11 @@ [Defines]
 #  VALID_ARCHITECTURES   = IA32 X64 AARCH64
 #
 [Sources]
+  ../Ip6Option.c
+  Ip6OptionGoogleTest.h
   Ip6DxeGoogleTest.cpp
   Ip6OptionGoogleTest.cpp
-  ../Ip6Option.c
+  Ip6OptionGoogleTest.h
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h 
b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
new file mode 100644
index ..0509b6ae30d2
--- /dev/null
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
@@ -0,0 +1,40 @@
+/** @file
+  Exposes the functions needed to test the Ip6Option module.
+
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef IP6_OPTION_HEADER_GOOGLE_TEST_H_
+#define IP6_OPTION_HEADER_GOOGLE_TEST_H_
+
+#include 
+#include "../Ip6Impl.h"
+
+/**
+  Validate the IP6 option format for both the packets we received
+  and that we will transmit. It will compute the ICMPv6 error message fields
+  if the option is malformatted.
+
+  @param[in]  IpSb  The IP6 service data.
+  @param[in]  PacketThe to be validated packet.
+  @param[in]  OptionThe first byte of the option.
+  @param[in]  OptionLen The length of the whole option.
+  @param[in]  Pointer   Identifies the octet offset within
+the invoking packet where the error was 
detected.
+
+
+  @retval TRUE The option is properly formatted.
+  @retval FALSEThe option is malformatted.
+
+**/
+BOOLEAN
+Ip6IsOptionValid (
+  IN IP6_SERVICE  *IpSb,
+  IN NET_BUF  *Packet,
+  IN UINT8*Option,
+  IN UINT16   OptionLen,
+  IN UINT32   Pointer
+  );
+
+#endif // __IP6_OPTION_HEADER_GOOGLE_TEST_H__
diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp 
b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
index f2cd90e1a952..29f8a4a96e4c 100644
--- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
@@ -12,6 +12,7 @@ extern "C" {
   #include 
   #include "../Ip6Impl.h"
   #include "../Ip6Option.h"
+  #include "Ip6OptionGoogleTest.h"
 }
 
 /
@@ -127,3 +128,280 @@ TEST_F (Ip6OptionValidationTest, 
InvalidPrefixInfoOptionLengthShouldReturnFalse)
 
   EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
 }
+
+
+// Ip6IsOptionValid Tests
+
+
+// Define a fixture for your tests if needed
+class Ip6IsOptionValidTest : public ::testing::Test {
+protected:
+  // Add any setup code if needed
+  virtual void
+  SetUp (
+)
+  {
+// Initialize any resources or variables
+  }
+
+  // Add any cleanup code if needed
+  virtual void
+  TearDown (
+)
+  {
+// Clean up any resources or variables
+  }
+};
+
+// Test Description
+// Verify that a NULL option is Invalid
+TEST_F (Ip6IsOptionValidTest, NullOptionShouldReturnTrue) {
+  NET_BUF  Packet = { 0 };
+  // we need to define enough of the packet to make the function work
+  // The function being tested will pass IpSb to Ip6SendIcmpError which is 
defined above
+  IP6_SERVICE  *IpSb = NULL;
+
+  EFI_IPv6_ADDRESS  SourceAddress  = { 0x20, 0x01, 0x0d, 

[edk2-devel] [PATCH v2 07/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536

Validates that the patch for...

Out-of-bounds read when handling a ND Redirect message with truncated
options

.. has been fixed

Tests the following function to ensure that an out of bounds read does
not occur
Ip6OptionValidation

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf|  42 ++
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp|  20 +++
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 129 ++
 4 files changed, 192 insertions(+)
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index 24dee654df2e..7fa7b0f9d5be 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -26,6 +26,7 @@ [Components]
   # Build HOST_APPLICATION that tests NetworkPkg
   #
   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
+  NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
 [LibraryClasses]
diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf 
b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
new file mode 100644
index ..6e4de0745fb5
--- /dev/null
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
@@ -0,0 +1,42 @@
+## @file
+# Unit test suite for the Ip6Dxe using Google Test
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+[Defines]
+  INF_VERSION = 0x00010017
+  BASE_NAME   = Ip6DxeUnitTest
+  FILE_GUID   = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A
+  VERSION_STRING  = 1.0
+  MODULE_TYPE = HOST_APPLICATION
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
+#
+[Sources]
+  Ip6DxeGoogleTest.cpp
+  Ip6OptionGoogleTest.cpp
+  ../Ip6Option.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+  NetworkPkg/NetworkPkg.dec
+
+[LibraryClasses]
+  GoogleTestLib
+  DebugLib
+  NetLib
+  PcdLib
+
+[Protocols]
+  gEfiDhcp6ServiceBindingProtocolGuid
+
+[Pcd]
+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
+
+[Guids]
+  gZeroGuid
diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp 
b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
new file mode 100644
index ..6ebfd5fdfb70
--- /dev/null
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
@@ -0,0 +1,20 @@
+/** @file
+  Acts as the main entry point for the tests for the Ip6Dxe module.
+
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include 
+
+
+// Run the tests
+
+int
+main (
+  int   argc,
+  char  *argv[]
+  )
+{
+  testing::InitGoogleTest (, argv);
+  return RUN_ALL_TESTS ();
+}
diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp 
b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
new file mode 100644
index ..f2cd90e1a952
--- /dev/null
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
@@ -0,0 +1,129 @@
+/** @file
+  Tests for Ip6Option.c.
+
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include 
+
+extern "C" {
+  #include 
+  #include 
+  #include 
+  #include "../Ip6Impl.h"
+  #include "../Ip6Option.h"
+}
+
+/
+// Defines
+///
+
+#define IP6_PREFIX_INFO_OPTION_DATA_LEN32
+#define OPTION_HEADER_IP6_PREFIX_DATA_LEN  (sizeof (IP6_OPTION_HEADER) + 
IP6_PREFIX_INFO_OPTION_DATA_LEN)
+
+
+// Symbol Definitions
+// These functions are not directly under test - but required to compile
+
+UINT32  mIp6Id;
+
+EFI_STATUS
+Ip6SendIcmpError (
+  IN IP6_SERVICE   *IpSb,
+  IN NET_BUF   *Packet,
+  IN EFI_IPv6_ADDRESS  *SourceAddress   OPTIONAL,
+  IN EFI_IPv6_ADDRESS  *DestinationAddress,
+  IN UINT8 Type,
+  IN UINT8 Code,
+  IN UINT32*Pointer OPTIONAL
+  )
+{
+  // ..
+  return EFI_SUCCESS;
+}
+
+
+// Ip6OptionValidation Tests

[edk2-devel] [PATCH v2 06/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536

Bug Overview:
PixieFail Bug #3
CVE-2023-45231
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

Out-of-bounds read when handling a ND Redirect message with truncated
options

Change Overview:

Adds a check to prevent truncated options from being parsed
+  //
+  // Cannot process truncated options.
+  // Cannot process options with a length of 0 as there is no Type
field.
+  //
+  if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
+return FALSE;
+  }

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Ip6Dxe/Ip6Option.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c
index 199eea124dfe..8718d5d8756a 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Option.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Option.c
@@ -137,6 +137,14 @@ Ip6IsNDOptionValid (
 return FALSE;
   }
 
+  //
+  // Cannot process truncated options.
+  // Cannot process options with a length of 0 as there is no Type field.
+  //
+  if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
+return FALSE;
+  }
+
   Offset = 0;
 
   //
-- 
2.43.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114468): https://edk2.groups.io/g/devel/message/114468
Mute This Topic: https://groups.io/mt/103964981/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 05/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests

[Doug Flick via groups.io]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534

These tests confirm that the report bug...

"Out-of-bounds read when processing IA_NA/IA_TA options in a
DHCPv6 Advertise message"

..has been patched.

The following functions are tested to confirm an out of bounds read is
patched and that the correct statuses are returned:

Dhcp6SeekInnerOptionSafe
Dhcp6SeekStsOption

TCBZ4534
CVE-2023-45229
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 .../GoogleTest/Dhcp6DxeGoogleTest.inf |   1 +
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h   |  58 +++
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c |   2 +-
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 365 +-
 5 files changed, 424 insertions(+), 3 deletions(-)
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index 20bc90b1728d..24dee654df2e 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -16,6 +16,7 @@ [Defines]
   SKUID_IDENTIFIER= DEFAULT
 
 !include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+
 [Packages]
   MdePkg/MdePkg.dec
   UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf 
b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
index 8e9119a37158..12532ed30cb3 100644
--- a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
@@ -18,6 +18,7 @@ [Defines]
 [Sources]
   Dhcp6DxeGoogleTest.cpp
   Dhcp6IoGoogleTest.cpp
+  Dhcp6IoGoogleTest.h
   ../Dhcp6Io.c
   ../Dhcp6Utility.c
 
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h 
b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
new file mode 100644
index ..aed3b890827b
--- /dev/null
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
@@ -0,0 +1,58 @@
+/** @file
+  Acts as header for private functions under test in Dhcp6Io.c
+
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef DHCP6_IO_GOOGLE_TEST_H_
+#define DHCP6_IO_GOOGLE_TEST_H_
+
+
+// These are the functions that are being unit tested
+
+
+#include 
+
+/**
+  Seeks the Inner Options from a DHCP6 Option
+
+  @param[in]  IaType  The type of the IA option.
+  @param[in]  Option  The pointer to the DHCP6 Option.
+  @param[in]  OptionLen   The length of the DHCP6 Option.
+  @param[out] IaInnerOpt  The pointer to the IA inner option.
+  @param[out] IaInnerLen  The length of the IA inner option.
+
+  @retval EFI_SUCCESS Seek the inner option successfully.
+  @retval EFI_DEVICE_ERRORThe OptionLen is invalid.
+*/
+EFI_STATUS
+Dhcp6SeekInnerOptionSafe (
+  UINT16  IaType,
+  UINT8   *Option,
+  UINT32  OptionLen,
+  UINT8   **IaInnerOpt,
+  UINT16  *IaInnerLen
+  );
+
+/**
+  Seek StatusCode Option in package. A Status Code option may appear in the
+  options field of a DHCP message and/or in the options field of another 
option.
+  See details in section 22.13, RFC3315.
+
+  @param[in]   InstanceThe pointer to the Dhcp6 instance.
+  @param[in]   Packet  The pointer to reply messages.
+  @param[out]  Option  The pointer to status code option.
+
+  @retval EFI_SUCCESS  Seek status code option successfully.
+  @retval EFI_DEVICE_ERROR An unexpected error.
+
+**/
+EFI_STATUS
+Dhcp6SeekStsOption (
+  IN DHCP6_INSTANCE*Instance,
+  IN EFI_DHCP6_PACKET  *Packet,
+  OUTUINT8 **Option
+  );
+
+#endif // DHCP6_IO_GOOGLE_TEST_H
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
index 89d16484a568..3b8feb4a2032 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
@@ -816,7 +816,7 @@ Dhcp6SeekStsOption (
   // IA option to the end of the DHCP6 option area, thus subtract the space
   // up until this option
   //
-  OptionLen = OptionLen - (*Option - Packet->Dhcp6.Option);
+  OptionLen = OptionLen - (UINT32)(*Option - Packet->Dhcp6.Option);
 
   //
   // Seek the inner option
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp 
b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
index 7ee40e4af480..7db253a7b87f 100644
--- a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
@@ -13,6 +13,7 @@ extern "C" {
   #include 
   #include "../Dhcp6Impl.h"
   #include "../Dhcp6Utility.h"
+  #include "Dhcp6IoGoogleTest.h"
 }
 
 

[edk2-devel] [PATCH v2 04/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch

[Doug Flick via groups.io]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534

Bug Details:
PixieFail Bug #1
CVE-2023-45229
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

Change Overview:

Introduce Dhcp6SeekInnerOptionSafe which performs checks before seeking
the Inner Option from a DHCP6 Option.

>
> EFI_STATUS
> Dhcp6SeekInnerOptionSafe (
>  IN  UINT16  IaType,
>  IN  UINT8   *Option,
>  IN  UINT32  OptionLen,
>  OUT UINT8   **IaInnerOpt,
>  OUT UINT16  *IaInnerLen
>  );
>

Lots of code cleanup to improve code readability.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 138 +++---
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c   | 203 +---
 2 files changed, 256 insertions(+), 85 deletions(-)

diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
index f2422c2f2827..220e7c68f11b 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
@@ -45,6 +45,20 @@ typedef struct _DHCP6_INSTANCE  DHCP6_INSTANCE;
 #define DHCP6_SERVICE_SIGNATURE   SIGNATURE_32 ('D', 'H', '6', 'S')
 #define DHCP6_INSTANCE_SIGNATURE  SIGNATURE_32 ('D', 'H', '6', 'I')
 
+#define DHCP6_PACKET_ALL0
+#define DHCP6_PACKET_STATEFUL   1
+#define DHCP6_PACKET_STATELESS  2
+
+#define DHCP6_BASE_PACKET_SIZE  1024
+
+#define DHCP6_PORT_CLIENT  546
+#define DHCP6_PORT_SERVER  547
+
+#define DHCP_CHECK_MEDIA_WAITING_TIME  EFI_TIMER_PERIOD_SECONDS(20)
+
+#define DHCP6_INSTANCE_FROM_THIS(Instance)  CR ((Instance), DHCP6_INSTANCE, 
Dhcp6, DHCP6_INSTANCE_SIGNATURE)
+#define DHCP6_SERVICE_FROM_THIS(Service)CR ((Service), DHCP6_SERVICE, 
ServiceBinding, DHCP6_SERVICE_SIGNATURE)
+
 //
 // For more information on DHCP options see RFC 8415, Section 21.1
 //
@@ -59,12 +73,10 @@ typedef struct _DHCP6_INSTANCE  DHCP6_INSTANCE;
 //|  (option-len octets)  |
 //+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 //
-#define DHCP6_SIZE_OF_OPT_CODE  (sizeof(UINT16))
-#define DHCP6_SIZE_OF_OPT_LEN   (sizeof(UINT16))
+#define DHCP6_SIZE_OF_OPT_CODE  (sizeof (((EFI_DHCP6_PACKET_OPTION 
*)0)->OpCode))
+#define DHCP6_SIZE_OF_OPT_LEN   (sizeof (((EFI_DHCP6_PACKET_OPTION 
*)0)->OpLen))
 
-//
 // Combined size of Code and Length
-//
 #define DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN  (DHCP6_SIZE_OF_OPT_CODE + \
   DHCP6_SIZE_OF_OPT_LEN)
 
@@ -73,34 +85,122 @@ STATIC_ASSERT (
   "Combined size of Code and Length must be 4 per RFC 8415"
   );
 
-//
 // Offset to the length is just past the code
-//
-#define DHCP6_OPT_LEN_OFFSET(a)  (a + DHCP6_SIZE_OF_OPT_CODE)
+#define DHCP6_OFFSET_OF_OPT_LEN(a)  (a + DHCP6_SIZE_OF_OPT_CODE)
 STATIC_ASSERT (
-  DHCP6_OPT_LEN_OFFSET (0) == 2,
+  DHCP6_OFFSET_OF_OPT_LEN (0) == 2,
   "Offset of length is + 2 past start of option"
   );
 
-#define DHCP6_OPT_DATA_OFFSET(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
+#define DHCP6_OFFSET_OF_OPT_DATA(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
 STATIC_ASSERT (
-  DHCP6_OPT_DATA_OFFSET (0) == 4,
+  DHCP6_OFFSET_OF_OPT_DATA (0) == 4,
   "Offset to option data should be +4 from start of option"
   );
+//
+// Identity Association options (both NA (Non-Temporary) and TA (Temporary 
Association))
+// are defined in RFC 8415 and are a deriviation of a TLV stucture
+// For more information on IA_NA see Section 21.4
+// For more information on IA_TA see Section 21.5
+//
+//
+//  The format of IA_NA and IA_TA option:
+//
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|  OPTION_IA_NA |  option-len   |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|IAID (4 octets)|
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|T1 (only for IA_NA)|
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|T2 (only for IA_NA)|
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|   |
+//.  IA_NA-options/IA_TA-options  .
+//.   .
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//
+#define DHCP6_SIZE_OF_IAID   (sizeof(UINT32))
+#define DHCP6_SIZE_OF_TIME_INTERVAL  (sizeof(UINT32))
 
-#define DHCP6_PACKET_ALL0
-#define DHCP6_PACKET_STATEFUL   1
-#define DHCP6_PACKET_STATELESS  2
+// Combined size of IAID, T1, and T2
+#define DHCP6_SIZE_OF_COMBINED_IAID_T1_T2  (DHCP6_SIZE_OF_IAID +  \
+DHCP6_SIZE_OF_TIME_INTERVAL + \
+   

[edk2-devel] [PATCH v2 03/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests

[Doug Flick via groups.io]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535

Confirms that reported issue...

"Buffer overflow in the DHCPv6 client via a long Server ID option"

..has been corrected by the provided patch.

Tests the following functions to ensure they appropriately handle
untrusted data (either too long or too small) to prevent a buffer
overflow:

Dhcp6AppendOption
Dhcp6AppendETOption
Dhcp6AppendIaOption

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   1 +
 .../GoogleTest/Dhcp6DxeGoogleTest.inf |  43 ++
 .../GoogleTest/Dhcp6DxeGoogleTest.cpp |  20 +
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 478 ++
 4 files changed, 542 insertions(+)
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index 1aeca5c5b353..20bc90b1728d 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -24,6 +24,7 @@ [Components]
   #
   # Build HOST_APPLICATION that tests NetworkPkg
   #
+  NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
 [LibraryClasses]
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf 
b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
new file mode 100644
index ..8e9119a37158
--- /dev/null
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
@@ -0,0 +1,43 @@
+## @file
+# Unit test suite for the Dhcp6Dxe using Google Test
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+[Defines]
+  INF_VERSION = 0x00010017
+  BASE_NAME   = Dhcp6DxeGoogleTest
+  FILE_GUID   = 1D2A4C65-38C8-4C2F-BB60-B5FA49625AA9
+  VERSION_STRING  = 1.0
+  MODULE_TYPE = HOST_APPLICATION
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES   = IA32 X64 AARCH64
+#
+[Sources]
+  Dhcp6DxeGoogleTest.cpp
+  Dhcp6IoGoogleTest.cpp
+  ../Dhcp6Io.c
+  ../Dhcp6Utility.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+  NetworkPkg/NetworkPkg.dec
+
+[LibraryClasses]
+  GoogleTestLib
+  DebugLib
+  NetLib
+  PcdLib
+
+[Protocols]
+  gEfiDhcp6ServiceBindingProtocolGuid
+
+[Pcd]
+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
+
+[Guids]
+  gZeroGuid
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp 
b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
new file mode 100644
index ..9aeced2f9156
--- /dev/null
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
@@ -0,0 +1,20 @@
+/** @file
+  Acts as the main entry point for the tests for the Dhcp6Dxe module.
+
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include 
+
+
+// Run the tests
+
+int
+main (
+  int   argc,
+  char  *argv[]
+  )
+{
+  testing::InitGoogleTest (, argv);
+  return RUN_ALL_TESTS ();
+}
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp 
b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
new file mode 100644
index ..7ee40e4af480
--- /dev/null
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
@@ -0,0 +1,478 @@
+/** @file
+  Tests for Dhcp6Io.c.
+
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include 
+
+extern "C" {
+  #include 
+  #include 
+  #include 
+  #include 
+  #include "../Dhcp6Impl.h"
+  #include "../Dhcp6Utility.h"
+}
+
+
+// Defines
+
+
+#define DHCP6_PACKET_MAX_LEN  1500
+
+
+
+// Symbol Definitions
+// These functions are not directly under test - but required to compile
+
+
+// This definition is used by this test but is also required to compile
+// by Dhcp6Io.c
+EFI_IPv6_ADDRESS  mAllDhcpRelayAndServersAddress = {
+  { 0xFF, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 2 }
+};
+
+EFI_STATUS
+EFIAPI
+UdpIoSendDatagram (
+  IN  UDP_IO   *UdpIo,
+  IN  NET_BUF  *Packet,
+  IN  UDP_END_POINT*EndPoint OPTIONAL,
+  IN  EFI_IP_ADDRESS   *Gateway  OPTIONAL,
+  IN  

[edk2-devel] [PATCH v2 02/15] NetworkPkg: : Add Unit tests to CI and create Host Test DSC

[Doug Flick via groups.io]

Adds Host Based testing to the NetworkPkg

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc | 98 ++
 NetworkPkg/NetworkPkg.ci.yaml  |  7 +-
 2 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
new file mode 100644
index ..1aeca5c5b353
--- /dev/null
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -0,0 +1,98 @@
+## @file
+# NetworkPkgHostTest DSC file used to build host-based unit tests.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+[Defines]
+  PLATFORM_NAME   = NetworkPkgHostTest
+  PLATFORM_GUID   = 3b68324e-fc07-4d49-9520-9347ede65879
+  PLATFORM_VERSION= 0.1
+  DSC_SPECIFICATION   = 0x00010005
+  OUTPUT_DIRECTORY= Build/NetworkPkg/HostTest
+  SUPPORTED_ARCHITECTURES = IA32|X64|AARCH64
+  BUILD_TARGETS   = NOOPT
+  SKUID_IDENTIFIER= DEFAULT
+
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+[Packages]
+  MdePkg/MdePkg.dec
+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
+
+[Components]
+  #
+  # Build HOST_APPLICATION that tests NetworkPkg
+  #
+
+# Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
+[LibraryClasses]
+  NetLib|NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
+  DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
+  BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
+  BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+  DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+  HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
+  
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
+  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+  
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
+  
UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
+  
UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
+  UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
+  
UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
+  
UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
+  
UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
+  TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
+  
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
+  
PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
+  DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
+  
DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+  
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+!ifdef CONTINUOUS_INTEGRATION
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+!else
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
+!endif
+  
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+  FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
+  FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
+  SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+
+!if $(TOOL_CHAIN_TAG) == VS2019 or $(TOOL_CHAIN_TAG) == VS2022
+[LibraryClasses.X64]
+  # Provide StackCookie support lib so that we can link to /GS exports for VS 
builds
+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+!endif
+
+[LibraryClasses.common.UEFI_DRIVER]
+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
+  
ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
+  DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
+[LibraryClasses.common.UEFI_APPLICATION]
+  DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
+  ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+  #
+  # It is not possible to prevent ARM compiler calls to generic intrinsic 
functions.
+  # This library provides the instrinsic functions generated by a given 
compiler.
+  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
+  #
+!if 

[edk2-devel] [PATCH v2 01/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch

[Doug Flick via groups.io]

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4535

Bug Details:
PixieFail Bug #2
CVE-2023-45230
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

Changes Overview:
> -UINT8 *
> +EFI_STATUS
>  Dhcp6AppendOption (
> -  IN OUT UINT8   *Buf,
> -  IN UINT16  OptType,
> -  IN UINT16  OptLen,
> -  IN UINT8   *Data
> +  IN OUT EFI_DHCP6_PACKET  *Packet,
> +  IN OUT UINT8 **PacketCursor,
> +  IN UINT16OptType,
> +  IN UINT16OptLen,
> +  IN UINT8 *Data
>);

Dhcp6AppendOption() and variants can return errors now.  All callsites
are adapted accordingly.

It gets passed in EFI_DHCP6_PACKET as additional parameter ...

> +  //
> +  // Verify the PacketCursor is within the packet
> +  //
> +  if (  (*PacketCursor < Packet->Dhcp6.Option)
> + || (*PacketCursor >= Packet->Dhcp6.Option +
 (Packet->Size - sizeof (EFI_DHCP6_HEADER
> +  {
> +return EFI_INVALID_PARAMETER;
> +  }

... so it can look at Packet->Size when checking buffer space.
Also to allow Packet->Length updates.

Lots of checks added.

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h|  43 +++
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h |  78 +++---
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c  | 409 +++--
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 373 +-
 4 files changed, 666 insertions(+), 237 deletions(-)

diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
index 0eb9c669b5a1..f2422c2f2827 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
@@ -45,6 +45,49 @@ typedef struct _DHCP6_INSTANCE  DHCP6_INSTANCE;
 #define DHCP6_SERVICE_SIGNATURE   SIGNATURE_32 ('D', 'H', '6', 'S')
 #define DHCP6_INSTANCE_SIGNATURE  SIGNATURE_32 ('D', 'H', '6', 'I')
 
+//
+// For more information on DHCP options see RFC 8415, Section 21.1
+//
+// The format of DHCP options is:
+//
+// 0   1   2   3
+// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|  option-code  |   option-len  |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//|  option-data  |
+//|  (option-len octets)  |
+//+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//
+#define DHCP6_SIZE_OF_OPT_CODE  (sizeof(UINT16))
+#define DHCP6_SIZE_OF_OPT_LEN   (sizeof(UINT16))
+
+//
+// Combined size of Code and Length
+//
+#define DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN  (DHCP6_SIZE_OF_OPT_CODE + \
+  DHCP6_SIZE_OF_OPT_LEN)
+
+STATIC_ASSERT (
+  DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN == 4,
+  "Combined size of Code and Length must be 4 per RFC 8415"
+  );
+
+//
+// Offset to the length is just past the code
+//
+#define DHCP6_OPT_LEN_OFFSET(a)  (a + DHCP6_SIZE_OF_OPT_CODE)
+STATIC_ASSERT (
+  DHCP6_OPT_LEN_OFFSET (0) == 2,
+  "Offset of length is + 2 past start of option"
+  );
+
+#define DHCP6_OPT_DATA_OFFSET(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
+STATIC_ASSERT (
+  DHCP6_OPT_DATA_OFFSET (0) == 4,
+  "Offset to option data should be +4 from start of option"
+  );
+
 #define DHCP6_PACKET_ALL0
 #define DHCP6_PACKET_STATEFUL   1
 #define DHCP6_PACKET_STATELESS  2
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h 
b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
index 046454ff4ac2..06947f6c1fcf 100644
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
@@ -160,69 +160,85 @@ Dhcp6OnTransmitted (
   );
 
 /**
-  Append the appointed option to the buf, and move the buf to the end.
+  Append the option to Buf, update the length of packet, and move Buf to the 
end.
 
-  @param[in, out] Buf   The pointer to buffer.
-  @param[in]  OptType   The option type.
-  @param[in]  OptLenThe length of option content.s
-  @param[in]  Data  The pointer to the option content.
-
-  @return Buf   The position to append the next option.
+  @param[in, out] Packet A pointer to the packet, on success 
Packet->Length
+ will be updated.
+  @param[in, out] PacketCursor   The pointer in the packet, on success 
PacketCursor
+ will be moved to the end of the option.
+  @param[in]  OptTypeThe option type.
+  @param[in]  OptLen The length of option contents.
+  @param[in]  Data   The pointer to the option content.
 
+  @retval   EFI_INVALID_PARAMETER An argument provided to the function was 
invalid
+  @retval   EFI_BUFFER_TOO_SMALL  The buffer is too small to append the option.
+  

[edk2-devel] [PATCH v2 00/15] Security Patches for EDK II Network Stack

[Doug Flick via groups.io]

The security patches contained in this series with the exception of
"MdePkg/Test: Add gRT_GetTime Google Test Mock" and
"NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed
during GHSA-hc6x-cw6p-gj7h infosec review.

This patch series contains the following security patches for the
security vulnerabilities found by QuarksLab in the EDK II Network
Stack:

CVE-2023-45229
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

CVE-2023-45230
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

CVE-2023-45231
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

CVE-2023-45232
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2023-45233
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2023-45234
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

CVE-2023-45235
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

NetworkPkg:
Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

MdePkg:
Cc: Michael D Kinney 
Cc: Liming Gao 
Cc: Zhiguang Liu 

Doug Flick (8):
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests

Douglas Flick [MSFT] (7):
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
  NetworkPkg: : Add Unit tests to CI and create Host Test DSC
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests
  MdePkg: Test: Add gRT_GetTime Google Test Mock
  NetworkPkg: : Adds a SecurityFix.yaml file

 NetworkPkg/Test/NetworkPkgHostTest.dsc| 105 +++
 .../GoogleTest/Dhcp6DxeGoogleTest.inf |  44 +
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf|  44 +
 .../GoogleTest/UefiPxeBcDxeGoogleTest.inf |  48 +
 .../Library/MockUefiRuntimeServicesTableLib.h |   7 +
 NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h   | 143 +++
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h|  78 +-
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h   |  58 ++
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h   |  40 +
 NetworkPkg/Ip6Dxe/Ip6Nd.h |  35 +
 NetworkPkg/Ip6Dxe/Ip6Option.h |  71 ++
 .../GoogleTest/PxeBcDhcp6GoogleTest.h |  68 ++
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h  |  17 +
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 612 -
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c| 373 ++--
 NetworkPkg/Ip6Dxe/Ip6Option.c |  84 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c  | 148 ++-
 .../MockUefiRuntimeServicesTableLib.cpp   |   5 +-
 .../GoogleTest/Dhcp6DxeGoogleTest.cpp |  20 +
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 ++
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp|  20 +
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 407 +
 NetworkPkg/NetworkPkg.ci.yaml |   7 +-
 NetworkPkg/SecurityFixes.yaml | 123 +++
 .../GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 574 
 .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp |  19 +
 26 files changed, 3650 insertions(+), 339 deletions(-)
 create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
 create mode 100644 
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
 create mode 100644 NetworkPkg/SecurityFixes.yaml
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
 create mode 100644 
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp

-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io 

[edk2-devel] [PATCH 13/14] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests

[Doug Flick via groups.io]

From: Doug Flick 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540

SECURITY PATCH - Unit Tests

TCBZ4540
CVE-2023-45235
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds of
 a Memory Buffer

Cc: Saloni Kasbekar 
Cc: Zachary Clark-williams 

Signed-off-by: Doug Flick [MSFT] 
---
 NetworkPkg/Test/NetworkPkgHostTest.dsc|   5 +-
 .../GoogleTest/PxeBcDhcp6GoogleTest.h |  18 ++
 .../GoogleTest/PxeBcDhcp6GoogleTest.cpp   | 278 +-
 3 files changed, 298 insertions(+), 3 deletions(-)

diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc 
b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index a0273c431025..fa301a7a52ab 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -27,7 +27,10 @@ [Components]
   #
   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
   NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
+
+  
UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
+  }
 
 # Despite these library classes being listed in [LibraryClasses] below, they 
are not needed for the host-based unit tests.
 [LibraryClasses]
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
index b17c314791c8..0d825e44250a 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
@@ -47,4 +47,22 @@ PxeBcCacheDnsServerAddresses (
   IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
   );
 
+/**
+  Build and send out the request packet for the bootfile, and parse the reply.
+
+  @param[in]  Private   The pointer to PxeBc private data.
+  @param[in]  Index PxeBc option boot item type.
+
+  @retval EFI_SUCCESS   Successfully discovered the boot file.
+  @retval EFI_OUT_OF_RESOURCES  Failed to allocate resources.
+  @retval EFI_NOT_FOUND Can't get the PXE reply packet.
+  @retval OthersFailed to discover the boot file.
+
+**/
+EFI_STATUS
+PxeBcRequestBootService (
+  IN  PXEBC_PRIVATE_DATA  *Private,
+  IN  UINT32  Index
+  );
+
 #endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp 
b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index 826050dc..bd423ebadfce 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -4,7 +4,9 @@
   Copyright (c) Microsoft Corporation
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
-#include 
+#include 
+#include 
+#include 
 
 extern "C" {
   #include 
@@ -19,7 +21,8 @@ extern "C" {
 // Definitions
 ///
 
-#define PACKET_SIZE  (1500)
+#define PACKET_SIZE(1500)
+#define REQUEST_OPTION_LENGTH  (120)
 
 typedef struct {
   UINT16OptionCode;   // The option code for DHCP6_OPT_SERVER_ID (e.g., 
0x03)
@@ -76,6 +79,26 @@ MockConfigure (
 }
 
 // Needed by PxeBcSupport
+EFI_STATUS
+PxeBcDns6 (
+  IN PXEBC_PRIVATE_DATA  *Private,
+  IN CHAR16  *HostName,
+  OUT EFI_IPv6_ADDRESS   *IpAddress
+  )
+{
+  return EFI_SUCCESS;
+}
+
+UINT32
+PxeBcBuildDhcp6Options (
+  IN  PXEBC_PRIVATE_DATA   *Private,
+  OUT EFI_DHCP6_PACKET_OPTION  **OptList,
+  IN  UINT8*Buffer
+  )
+{
+  return EFI_SUCCESS;
+}
+
 EFI_STATUS
 EFIAPI
 QueueDpc (
@@ -159,6 +182,10 @@ TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
   ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private)), 
EFI_DEVICE_ERROR);
 }
 
+///
+// PxeBcCacheDnsServerAddresses Tests
+///
+
 class PxeBcCacheDnsServerAddressesTest : public ::testing::Test {
 public:
   PXEBC_PRIVATE_DATA Private = { 0 };
@@ -298,3 +325,250 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, 
MultipleDnsEntries) {
 FreePool (Private.DnsServer);
   }
 }
+
+///
+// PxeBcRequestBootServiceTest Test Cases
+///
+
+class PxeBcRequestBootServiceTest : public ::testing::Test {
+public:
+  PXEBC_PRIVATE_DATA Private = { 0 };
+  EFI_UDP6_PROTOCOL Udp6Read;
+
+protected:
+  // Add any setup code if needed
+  virtual void
+  SetUp (
+)
+  {
+Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
+
+// Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
+// The function under test really only