Changeset 58459 for trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library – Oracle VirtualBox

trunk/src/VBox/Devices/EFI/Firmware

Property svn:mergeinfo set to (toggle deleted branches)
/vendor/edk2/current 103735-103757

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c

-              r48674
+              r58459
   Implement defer image load services for user identification in UEFI2.2.
 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
     while (CheckLen < Info->InfoSize - sizeof (EFI_USER_INFO)) {
       Access = (EFI_USER_INFO_ACCESS_CONTROL *) ((UINT8 *) (Info + 1) + CheckLen);
       if ((Access->Type == AccessType)) {
+      if (Access->Type == AccessType) {
         *AccessControl = AllocateZeroPool (Access->Size);
         ASSERT (*AccessControl != NULL);
 …
+}
+/**
+  Convert the '/' to '\' in the specified string.
+  @param[in, out]  Str       Points to the string to convert.
+**/
+VOID
+ConvertDPStr (
+  IN OUT EFI_STRING                     Str
+  )
+{
+  INTN                                  Count;
+  INTN                                  Index;
+  Count = StrSize(Str) / 2 - 1;
+  if (Count < 4) {
+    return;
+  }
+  //
+  // Convert device path string.
+  //
+  Index = Count - 1;
+  while (Index > 0) {
+    //
+    // Find the last '/'.
+    //
+    for (Index = Count - 1; Index > 0; Index--) {
+      if (Str[Index] == L'/')
+        break;
+    }
+    //
+    // Check next char.
+    //
+    if (Str[Index + 1] == L'\\')
+      return;
+/**
+  Get file name from device path.
+  The file name may contain one or more device path node. Save the file name in a
+  buffer if file name is found. The caller is responsible to free the buffer.
+  @param[in]  DevicePath     A pointer to a device path.
+  @param[out] FileName       The callee allocated buffer to save the file name if file name is found.
+  @param[out] FileNameOffset The offset of file name in device path if file name is found.
+  @retval     UINTN          The file name length. 0 means file name is not found.
+**/
+UINTN
+GetFileName (
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL          *DevicePath,
+  OUT UINT8                                   **FileName,
+  OUT UINTN                                   *FileNameOffset
+  )
+{
+  UINTN                                       Length;
+  EFI_DEVICE_PATH_PROTOCOL                    *TmpDevicePath;
+  EFI_DEVICE_PATH_PROTOCOL                    *RootDevicePath;
+  CHAR8                                       *NodeStr;
+  UINTN                                       NodeStrLength;
+  CHAR16                                      LastNodeChar;
+  CHAR16                                      FirstNodeChar;
+  //
+  // Get the length of DevicePath before file name.
+  //
+  Length = 0;
+  RootDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)DevicePath;
+  while (!IsDevicePathEnd (RootDevicePath)) {
+    if ((DevicePathType(RootDevicePath) == MEDIA_DEVICE_PATH) && (DevicePathSubType(RootDevicePath) == MEDIA_FILEPATH_DP)) {
+      break;
+    }
+    Length += DevicePathNodeLength (RootDevicePath);
+    RootDevicePath = NextDevicePathNode (RootDevicePath);
+  }
+  *FileNameOffset = Length;
+  if (Length == 0) {
+    return 0;
+  }
+  //
+  // Get the file name length.
+  //
+  Length = 0;
+  TmpDevicePath = RootDevicePath;
+  while (!IsDevicePathEnd (TmpDevicePath)) {
+    if ((DevicePathType(TmpDevicePath) != MEDIA_DEVICE_PATH) || (DevicePathSubType(TmpDevicePath) != MEDIA_FILEPATH_DP)) {
+      break;
+    }
+    Length += DevicePathNodeLength (TmpDevicePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL);
+    TmpDevicePath = NextDevicePathNode (TmpDevicePath);
+  }
+  if (Length == 0) {
+    return 0;
+  }
+  *FileName = AllocateZeroPool (Length);
+  ASSERT (*FileName != NULL);
+  //
+  // Copy the file name to the buffer.
+  //
+  Length = 0;
+  LastNodeChar = '\\';
+  TmpDevicePath = RootDevicePath;
+  while (!IsDevicePathEnd (TmpDevicePath)) {
+    if ((DevicePathType(TmpDevicePath) != MEDIA_DEVICE_PATH) || (DevicePathSubType(TmpDevicePath) != MEDIA_FILEPATH_DP)) {
+      break;
+    }
+    FirstNodeChar = (CHAR16) ReadUnaligned16 ((UINT16 *)((UINT8 *)TmpDevicePath + sizeof (EFI_DEVICE_PATH_PROTOCOL)));
+    NodeStr = (CHAR8 *)TmpDevicePath + sizeof (EFI_DEVICE_PATH_PROTOCOL);
+    NodeStrLength = DevicePathNodeLength (TmpDevicePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL) - sizeof(CHAR16);
+    Str[Index] = L'\\';
+    if ((FirstNodeChar == '\\') && (LastNodeChar == '\\')) {
+      //
+      // Skip separator "\" when there are two separators.
+      //
+      NodeStr += sizeof (CHAR16);
+      NodeStrLength -= sizeof (CHAR16);
+    } else if ((FirstNodeChar != '\\') && (LastNodeChar != '\\')) {
+      //
+      // Add separator "\" when there is no separator.
+      //
+      WriteUnaligned16 ((UINT16 *)(*FileName + Length), '\\');
+      Length += sizeof (CHAR16);
+    }
+    CopyMem (*FileName + Length, NodeStr, NodeStrLength);
+    Length += NodeStrLength;
+    //
+    // Check previous char.
+    //
+    if ((Index > 0) && (Str[Index - 1] == L'\\')) {
+      CopyMem (&Str[Index - 1], &Str[Index], (UINTN) ((Count - Index + 1) * sizeof (CHAR16)));
+      return;
+    }
+    Index--;
+  }
+    LastNodeChar  = (CHAR16) ReadUnaligned16 ((UINT16 *) (NodeStr + NodeStrLength - sizeof(CHAR16)));
+    TmpDevicePath = NextDevicePathNode (TmpDevicePath);
+  }
+  return Length;
+}
 …
+  )
+{
+  EFI_STATUS                            Status;
+  EFI_STRING                            DevicePathStr1;
+  EFI_STRING                            DevicePathStr2;
+  UINTN                                 StrLen1;
+  UINTN                                 StrLen2;
+  EFI_DEVICE_PATH_TO_TEXT_PROTOCOL      *DevicePathText;
+  BOOLEAN                               DevicePathEqual;
+  UINTN                                       DevicePathSize;
+  UINTN                                       FileNameSize1;
+  UINTN                                       FileNameSize2;
+  UINT8                                       *FileName1;
+  UINT8                                       *FileName2;
+  UINTN                                       FileNameOffset1;
+  UINTN                                       FileNameOffset2;
+  BOOLEAN                                     DevicePathEqual;
+  FileName1       = NULL;
+  FileName2       = NULL;
+  DevicePathEqual = TRUE;
   ASSERT (DevicePath1 != NULL);
   ASSERT (DevicePath2 != NULL);
+  DevicePathEqual = FALSE;
+  DevicePathText  = NULL;
+  Status = gBS->LocateProtocol (
+                  &gEfiDevicePathToTextProtocolGuid,
+                  NULL,
+                  (VOID **) &DevicePathText
+                  );
+  ASSERT (Status == EFI_SUCCESS);
+  //
+  // Get first device path string.
+  //
+  DevicePathStr1 = DevicePathText->ConvertDevicePathToText (DevicePath1, TRUE, TRUE);
+  ConvertDPStr (DevicePathStr1);
+  //
+  // Get second device path string.
+  //
+  DevicePathStr2 = DevicePathText->ConvertDevicePathToText (DevicePath2, TRUE, TRUE);
+  ConvertDPStr (DevicePathStr2);
+  //
+  // Compare device path string.
+  //
+  StrLen1 = StrSize (DevicePathStr1);
+  StrLen2 = StrSize (DevicePathStr2);
+  if (StrLen1 > StrLen2) {
+  if (IsDevicePathEnd (DevicePath1)) {
+    return FALSE;
+  }
+  //
+  // The file name may contain one or more device path node.
+  // To compare the file name, copy file name to a buffer and compare the buffer.
+  //
+  FileNameSize1 = GetFileName (DevicePath1, &FileName1, &FileNameOffset1);
+  if (FileNameSize1 != 0) {
+    FileNameSize2 = GetFileName (DevicePath2, &FileName2, &FileNameOffset2);
+    if (FileNameOffset1 != FileNameOffset2) {
+      DevicePathEqual = FALSE;
+      goto Done;
+    }
+    if (CompareMem (DevicePath1, DevicePath2, FileNameOffset1) != 0) {
+      DevicePathEqual = FALSE;
+      goto Done;
+    }
+    if (FileNameSize1 > FileNameSize2) {
+      DevicePathEqual = FALSE;
+      goto Done;
+    }
+    if (CompareMem (FileName1, FileName2, FileNameSize1) != 0) {
+      DevicePathEqual = FALSE;
+      goto Done;
+    }
+    DevicePathEqual = TRUE;
+    goto Done;
+  }
+  DevicePathSize = GetDevicePathSize (DevicePath1);
+  if (DevicePathSize > GetDevicePathSize (DevicePath2)) {
+    return FALSE;
+  }
+  //
+  // Exclude the end of device path node.
+  //
+  DevicePathSize -= sizeof (EFI_DEVICE_PATH_PROTOCOL);
+  if (CompareMem (DevicePath1, DevicePath2, DevicePathSize) != 0) {
     DevicePathEqual = FALSE;
+    goto Done;
+  }
+  if (CompareMem (DevicePathStr1, DevicePathStr2, StrLen1) == 0) {
+    DevicePathEqual = TRUE;
+  }
+Done:
+  FreePool (DevicePathStr1);
+  FreePool (DevicePathStr2);
+  }
+Done:
+  if (FileName1 != NULL) {
+    FreePool (FileName1);
+  }
+  if (FileName2 != NULL) {
+    FreePool (FileName2);
+  }
   return DevicePathEqual;
+}
 …
     //
     UnicodeSPrint (StrTemp, sizeof (StrTemp), L"Boot%04x", Index);
     OptionBuffer = GetEfiGlobalVariable (StrTemp);
+    GetEfiGlobalVariable2 (StrTemp, (VOID**)&OptionBuffer, NULL);
     if (OptionBuffer == NULL) {
       continue;
 …
   @param[in]  FileBuffer            File buffer matches the input file device path.
   @param[in]  FileSize              Size of File buffer matches the input file device path.
+  @retval EFI_SUCCESS               The file specified by File did authenticate, and the
+                                    platform policy dictates that the DXE Core may use File.
+  @retval EFI_INVALID_PARAMETER     File is NULL.
+  @retval EFI_SECURITY_VIOLATION    The file specified by File did not authenticate, and
+                                    the platform policy dictates that File should be placed
+                                    in the untrusted state. A file may be promoted from
+                                    the untrusted to the trusted state at a future time
+                                    with a call to the Trust() DXE Service.
+  @retval EFI_ACCESS_DENIED         The file specified by File did not authenticate, and
+                                    the platform policy dictates that File should not be
+                                    used for any purpose.
+  @param[in]  BootPolicy            A boot policy that was used to call LoadImage() UEFI service.
+  @retval EFI_SUCCESS               FileBuffer is NULL and current user has permission to start
+                                    UEFI device drivers on the device path specified by DevicePath.
+  @retval EFI_SUCCESS               The file specified by DevicePath and non-NULL
+                                    FileBuffer did authenticate, and the platform policy dictates
+                                    that the DXE Foundation may use the file.
+  @retval EFI_SECURITY_VIOLATION    FileBuffer is NULL and the user has no
+                                    permission to start UEFI device drivers on the device path specified
+                                    by DevicePath.
+  @retval EFI_SECURITY_VIOLATION    FileBuffer is not NULL and the user has no permission to load
+                                    drivers from the device path specified by DevicePath. The
+                                    image has been added into the list of the deferred images.
+  @retval EFI_ACCESS_DENIED         The file specified by File and FileBuffer did not
+                                    authenticate, and the platform policy dictates that the DXE
+                                    Foundation many not use File.
 **/
 …
   IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,
   IN  VOID                             *FileBuffer,
   IN  UINTN                            FileSize
+  )
+  IN  UINTN                            FileSize,
+  IN  BOOLEAN                          BootPolicy
+  )
+{
   EFI_STATUS                           Status;
 …
   UINT32                               FileType;
+  //
+  // Ignore if File is NULL.
+  //
   if (File == NULL) {
     return EFI_INVALID_PARAMETER;
+    return EFI_SUCCESS;
+  }
 …
       if (!VerifyDevicePath (File)) {
         DEBUG ((EFI_D_ERROR, "[Security] The image is forbidden to load!\n"));
         return EFI_ACCESS_DENIED;
+        return EFI_SECURITY_VIOLATION;
+      }
       return EFI_SUCCESS;
 …
+  }
   DEBUG ((EFI_D_ERROR, "[Security] No user identified, the image is deferred to load!\n"));
   PutDefferedImageInfo (File, NULL, 0);
+  DEBUG ((EFI_D_INFO, "[Security] No user identified, the image is deferred to load!\n"));
+  PutDefferedImageInfo (File, FileBuffer, FileSize);
   //
 …
     );
   return RegisterSecurityHandler (
+  return RegisterSecurity2Handler (
            DxeDeferImageLoadHandler,
            EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h

-              r48674
+              r58459
   internal structure and functions used by DeferImageLoadLib.
 Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include <Protocol/UserCredential.h>
 #include <Protocol/UserManager.h>
-#include <Protocol/DevicePathToText.h>
 #include <Guid/GlobalVariable.h>

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf

-              r48674
+              r58459
 ## @file
 #  The library instance provides security service of deferring image load.
+#  Provides security service of deferred image load
+#
+# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+#  The platform may need to defer the execution of an image because of security
+#  considerations. These deferred images will be recorded and then reported by
+#  installing an instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL.
+#
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 …
 [Defines]
   INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeDeferImageLoadLib
+  BASE_NAME                      = DxeDeferImageLoadLib
+  MODULE_UNI_FILE                = DxeDeferImageLoadLib.uni
   FILE_GUID                      = 5E2FAE1F-41DA-4fbd-BC81-603CE5CD8497
   MODULE_TYPE                    = DXE_DRIVER
 …
 [Protocols]
+  gEfiFirmwareVolume2ProtocolGuid
+  gEfiBlockIoProtocolGuid
+  gEfiSimpleFileSystemProtocolGuid
+  gEfiFirmwareVolume2ProtocolGuid                        ## SOMETIMES_CONSUMES
+  gEfiBlockIoProtocolGuid                                ## SOMETIMES_CONSUMES
+  gEfiSimpleFileSystemProtocolGuid                       ## SOMETIMES_CONSUMES
+  gEfiDeferredImageLoadProtocolGuid                      ## SOMETIMES_PRODUCES
+  ## SOMETIMES_CONSUMES
+  ## NOTIFY
   gEfiUserManagerProtocolGuid
+  gEfiDeferredImageLoadProtocolGuid
+  gEfiDevicePathToTextProtocolGuid
 [Guids]
   gEfiGlobalVariableGuid
+  gEfiGlobalVariableGuid                                  ## SOMETIMES_CONSUMES  ## Variable:L"BootOrder"
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy
+  gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy   ## SOMETIMES_CONSUMES

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c

-              r48674
+              r58459
   Implement image verification services for secure boot service in UEFI2.3.1.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+  DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+  read is within the image buffer.
+  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+  untrusted PE/COFF image and validate its data structure within this image buffer before use.
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include "DxeImageVerificationLib.h"
+//
+// Caution: This is used by a function which may receive untrusted input.
+// These global variables hold PE/COFF image data, and they should be validated before use.
+//
 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
+UINT32                              mPeCoffHeaderOffset;
+EFI_GUID                            mCertType;
+//
+// Information on current PE/COFF image
+//
 UINTN                               mImageSize;
 UINT32                              mPeCoffHeaderOffset;
+UINT8                               *mImageBase       = NULL;
 UINT8                               mImageDigest[MAX_DIGEST_SIZE];
 UINTN                               mImageDigestSize;
-EFI_IMAGE_DATA_DIRECTORY            *mSecDataDir      = NULL;
-UINT8                               *mImageBase       = NULL;
-EFI_GUID                            mCertType;
 //
 …
 //
 UINT8 mHashOidValue[] = {
-x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,         // OBJ_md5
 x2B, 0x0E, 0x03, 0x02, 0x1A,                           // OBJ_sha1
 x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,   // OBJ_sha224
 …
 HASH_TABLE mHash[] = {
   { L"SHA1",   20, &mHashOidValue[8],  5, Sha1GetContextSize,  Sha1Init,   Sha1Update,    Sha1Final  },
   { L"SHA224", 28, &mHashOidValue[13], 9, NULL,                NULL,       NULL,          NULL       },
   { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize,Sha256Init, Sha256Update,  Sha256Final},
   { L"SHA384", 48, &mHashOidValue[31], 9, NULL,                NULL,       NULL,          NULL       },
   { L"SHA512", 64, &mHashOidValue[40], 9, NULL,                NULL,       NULL,          NULL       }
+  { L"SHA1",   20, &mHashOidValue[0],  5, Sha1GetContextSize,  Sha1Init,   Sha1Update,    Sha1Final  },
+  { L"SHA224", 28, &mHashOidValue[5],  9, NULL,                NULL,       NULL,          NULL       },
+  { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize,Sha256Init, Sha256Update,  Sha256Final},
+  { L"SHA384", 48, &mHashOidValue[23], 9, NULL,                NULL,       NULL,          NULL       },
+  { L"SHA512", 64, &mHashOidValue[32], 9, NULL,                NULL,       NULL,          NULL       }
 };
+/**
+  SecureBoot Hook for processing image verification.
+  @param[in] VariableName                 Name of Variable to be found.
+  @param[in] VendorGuid                   Variable vendor GUID.
+  @param[in] DataSize                     Size of Data found. If size is less than the
+                                          data, this value contains the required size.
+  @param[in] Data                         Data pointer.
+**/
+VOID
+EFIAPI
+SecureBootHook (
+  IN CHAR16                                 *VariableName,
+  IN EFI_GUID                               *VendorGuid,
+  IN UINTN                                  DataSize,
+  IN VOID                                   *Data
+  );
 /**
   Reads contents of a PE/COFF image in memory buffer.
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will make sure the PE/COFF image content
+  read is within the image buffer.
   @param  FileHandle      Pointer to the file handle to read the PE/COFF image.
 …
   EFI_DEVICE_PATH_PROTOCOL          *TempDevicePath;
   EFI_BLOCK_IO_PROTOCOL             *BlockIo;
+  if (File == NULL) {
+    return IMAGE_UNKNOWN;
+  }
   //
 …
   PE/COFF Specification 8.0 Appendix A
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will validate its data structure
+  within this image buffer before use.
   @param[in]    HashAlg   Hash algorithm type.
 …
   // But CheckSum field and SECURITY data directory (certificate) are excluded
   //
+  Magic = mNtHeader.Pe32->OptionalHeader.Magic;
+  if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+    //
+    // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
+    //       in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
+    //       Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
+    //       then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
+    //
+    Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
+  } else {
+    //
+    // Get the magic value from the PE/COFF Optional Header
+    //
+    Magic =  mNtHeader.Pe32->OptionalHeader.Magic;
+  }
   //
   // 3.  Calculate the distance from the base of the image header to the image checksum address.
 …
 .0 Appendix A
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will validate its data structure
+  within this image buffer before use.
+  @param[in]  AuthData            Pointer to the Authenticode Signature retrieved from signed image.
+  @param[in]  AuthDataSize        Size of the Authenticode Signature in bytes.
   @retval EFI_UNSUPPORTED             Hash algorithm is not supported.
   @retval EFI_SUCCESS                 Hash successfully.
 …
 EFI_STATUS
 HashPeImageByType (
+  VOID
+  IN UINT8              *AuthData,
+  IN UINTN              AuthDataSize
+  )
+{
   UINT8                     Index;
-  WIN_CERTIFICATE_EFI_PKCS  *PkcsCertData;
-  PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);
-  if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32) {
-    return EFI_UNSUPPORTED;
+  }
   for (Index = 0; Index < HASHALG_MAX; Index++) {
 …
     //    Fixed offset (+32) is calculated based on two bytes of length encoding.
     //
     if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
+    if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
       //
       // Only support two bytes of Long Form of Length Encoding.
 …
+    }
     if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32 + mHash[Index].OidLength) {
+    if (AuthDataSize < 32 + mHash[Index].OidLength) {
       return EFI_UNSUPPORTED;
+    }
     if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
+    if (CompareMem (AuthData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
       break;
+    }
 …
   if (Name != NULL) {
     NameStringLen = StrSize (Name);
+  }
+  ImageExeInfoTable = NULL;
+  } else {
+    NameStringLen = sizeof (CHAR16);
+  }
   EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);
   if (ImageExeInfoTable != NULL) {
     //
     // The table has been found!
     // We must enlarge the table to accmodate the new exe info entry.
+    // We must enlarge the table to accomodate the new exe info entry.
     //
     ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable);
 …
   DevicePathSize            = GetDevicePathSize (DevicePath);
   NewImageExeInfoEntrySize  = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
+  NewImageExeInfoEntrySize  = sizeof (EFI_IMAGE_EXECUTION_INFO) - sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize + SignatureSize;
   NewImageExeInfoTable      = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
   if (NewImageExeInfoTable == NULL) {
 …
   ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize);
   //
   // Update new item's infomation.
   //
   WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action);
   WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize);
+  // Update new item's information.
+  //
+  WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action);
+  WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize);
   if (Name != NULL) {
+    CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name, NameStringLen);
+    CopyMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), Name, NameStringLen);
+  } else {
+    ZeroMem ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32), sizeof (CHAR16));
+  }
   CopyMem (
     (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen,
+    (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen,
     DevicePath,
     DevicePathSize
 …
   if (Signature != NULL) {
     CopyMem (
       (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen + DevicePathSize,
+      (UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION) + sizeof (UINT32) + NameStringLen + DevicePathSize,
       Signature,
       SignatureSize
 …
     FreePool (ImageExeInfoTable);
+  }
+}
-/**
-  Discover if the UEFI image is authorized by user's policy setting.
-  @param[in]    Policy            Specify platform's policy setting.
-  @retval EFI_ACCESS_DENIED       Image is not allowed to run.
-  @retval EFI_SECURITY_VIOLATION  Image is deferred.
-  @retval EFI_SUCCESS             Image is authorized to run.
-**/
-EFI_STATUS
-ImageAuthorization (
-  IN UINT32     Policy
+  )
+{
-  EFI_STATUS    Status;
-  EFI_INPUT_KEY Key;
-  Status = EFI_ACCESS_DENIED;
-  switch (Policy) {
-  case QUERY_USER_ON_SECURITY_VIOLATION:
-    do {
-      CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, mNotifyString1, mNotifyString2, NULL);
-      if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {
-        Status = EFI_SUCCESS;
-        break;
-      } else if (Key.UnicodeChar == L'N' || Key.UnicodeChar == L'n') {
-        Status = EFI_ACCESS_DENIED;
-        break;
-      } else if (Key.UnicodeChar == L'D' || Key.UnicodeChar == L'd') {
-        Status = EFI_SECURITY_VIOLATION;
-        break;
+      }
-    } while (TRUE);
-    break;
-  case ALLOW_EXECUTE_ON_SECURITY_VIOLATION:
-    Status = EFI_SUCCESS;
-    break;
-  case DEFER_EXECUTE_ON_SECURITY_VIOLATION:
-    Status = EFI_SECURITY_VIOLATION;
-    break;
-  case DENY_EXECUTE_ON_SECURITY_VIOLATION:
-    Status = EFI_ACCESS_DENIED;
-    break;
+  }
-  return Status;
+}
 …
   CertList = (EFI_SIGNATURE_LIST *) Data;
   while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
     CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+    CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
     Cert      = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
     if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) {
 …
           //
           IsFound = TRUE;
+          SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
           break;
+        }
 …
   as EFI_SIGNATURE_LIST. The Variable may be PK, KEK, DB or DBX.
+  @param VariableName  Name of Variable to search for Certificate.
+  @param VendorGuid    Variable vendor GUID.
+  @param[in]  AuthData      Pointer to the Authenticode Signature retrieved from signed image.
+  @param[in]  AuthDataSize  Size of the Authenticode Signature in bytes.
+  @param[in]  VariableName  Name of Variable to search for Certificate.
+  @param[in]  VendorGuid    Variable vendor GUID.
   @retval TRUE         Image pass verification.
 …
 BOOLEAN
 IsPkcsSignedDataVerifiedBySignatureList (
+  IN UINT8              *AuthData,
+  IN UINTN              AuthDataSize,
   IN CHAR16             *VariableName,
   IN EFI_GUID           *VendorGuid
 …
   EFI_STATUS                Status;
   BOOLEAN                   VerifyStatus;
-  WIN_CERTIFICATE_EFI_PKCS  *PkcsCertData;
   EFI_SIGNATURE_LIST        *CertList;
   EFI_SIGNATURE_DATA        *Cert;
 …
   RootCertSize = 0;
   VerifyStatus = FALSE;
-  PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);
   DataSize = 0;
 …
           //
           RootCert      = Cert->SignatureData;
           RootCertSize  = CertList->SignatureSize;
+          RootCertSize  = CertList->SignatureSize - sizeof (EFI_GUID);
           //
 …
           //
           VerifyStatus = AuthenticodeVerify (
                            PkcsCertData->CertData,
                            mSecDataDir->Size - sizeof(PkcsCertData->Hdr),
+                           AuthData,
+                           AuthDataSize,
                            RootCert,
                            RootCertSize,
 …
                            );
           if (VerifyStatus) {
+            SecureBootHook (VariableName, VendorGuid, CertList->SignatureSize, Cert);
             goto Done;
+          }
 …
 /**
-  Verify certificate in WIN_CERT_TYPE_PKCS_SIGNED_DATA format.
-  @retval EFI_SUCCESS                 Image pass verification.
-  @retval EFI_SECURITY_VIOLATION      Image fail verification.
-**/
-EFI_STATUS
-VerifyCertPkcsSignedData (
-  VOID
+  )
+{
-  //
-  // 1: Find certificate from DBX forbidden database for revoked certificate.
-  //
-  if (IsPkcsSignedDataVerifiedBySignatureList (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {
-    //
-    // DBX is forbidden database, if Authenticode verification pass with
-    // one of the certificate in DBX, this image should be rejected.
-    //
-    return EFI_SECURITY_VIOLATION;
+  }
-  //
-  // 2: Find certificate from KEK database and try to verify authenticode struct.
-  //
-  if (IsPkcsSignedDataVerifiedBySignatureList (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid)) {
-    return EFI_SUCCESS;
+  }
-  //
-  // 3: Find certificate from DB database and try to verify authenticode struct.
-  //
-  if (IsPkcsSignedDataVerifiedBySignatureList (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {
-    return EFI_SUCCESS;
-  } else {
-    return EFI_SECURITY_VIOLATION;
+  }
+}
-/**
-  Verify certificate in WIN_CERTIFICATE_UEFI_GUID format.
-  @retval EFI_SUCCESS                 Image pass verification.
-  @retval EFI_SECURITY_VIOLATION      Image fail verification.
-  @retval other error value
-**/
-EFI_STATUS
-VerifyCertUefiGuid (
-  VOID
+  )
+{
-  BOOLEAN                         Status;
-  WIN_CERTIFICATE_UEFI_GUID       *EfiCert;
-  EFI_SIGNATURE_LIST              *KekList;
-  EFI_SIGNATURE_DATA              *KekItem;
-  EFI_CERT_BLOCK_RSA_2048_SHA256  *CertBlock;
-  VOID                            *Rsa;
-  UINTN                           KekCount;
-  UINTN                           Index;
-  UINTN                           KekDataSize;
-  BOOLEAN                         IsFound;
-  EFI_STATUS                      Result;
-  EfiCert   = NULL;
-  KekList   = NULL;
-  KekItem   = NULL;
-  CertBlock = NULL;
-  Rsa       = NULL;
-  Status    = FALSE;
-  IsFound   = FALSE;
-  KekDataSize = 0;
-  EfiCert   = (WIN_CERTIFICATE_UEFI_GUID *) (mImageBase + mSecDataDir->VirtualAddress);
-  CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) EfiCert->CertData;
-  if (!CompareGuid (&EfiCert->CertType, &gEfiCertTypeRsa2048Sha256Guid)) {
-    //
-    // Invalid Certificate Data Type.
-    //
-    return EFI_SECURITY_VIOLATION;
+  }
-  //
-  // Get KEK database variable data size
-  //
-  Result = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &KekDataSize, NULL);
-  if (Result != EFI_BUFFER_TOO_SMALL) {
-    return EFI_SECURITY_VIOLATION;
+  }
-  //
-  // Get KEK database variable.
-  //
-  KekList = GetEfiGlobalVariable (EFI_KEY_EXCHANGE_KEY_NAME);
-  if (KekList == NULL) {
-    return EFI_SECURITY_VIOLATION;
+  }
-  //
-  // Enumerate all Kek items in this list to verify the variable certificate data.
-  // If anyone is authenticated successfully, it means the variable is correct!
-  //
-  while ((KekDataSize > 0) && (KekDataSize >= KekList->SignatureListSize)) {
-    if (CompareGuid (&KekList->SignatureType, &gEfiCertRsa2048Guid)) {
-      KekItem   = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize);
-      KekCount  = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize;
-      for (Index = 0; Index < KekCount; Index++) {
-        if (CompareMem (KekItem->SignatureData, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
-          IsFound = TRUE;
-          break;
+        }
-        KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekItem + KekList->SignatureSize);
+      }
+    }
-    KekDataSize -= KekList->SignatureListSize;
-    KekList = (EFI_SIGNATURE_LIST *) ((UINT8 *) KekList + KekList->SignatureListSize);
+  }
-  if (!IsFound) {
-    //
-    // Signed key is not a trust one.
-    //
-    goto Done;
+  }
-  //
-  // Now, we found the corresponding security policy.
-  // Verify the data payload.
-  //
-  Rsa = RsaNew ();
-  if (Rsa == NULL) {
-    Status = FALSE;
-    goto Done;
+  }
-  //
-  // Set RSA Key Components.
-  // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
-  //
-  Status = RsaSetKey (Rsa, RsaKeyN, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE);
-  if (!Status) {
-    goto Done;
+  }
-  Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
-  if (!Status) {
-    goto Done;
+  }
-  //
-  // Verify the signature.
-  //
-  Status = RsaPkcs1Verify (
-             Rsa,
-             mImageDigest,
-             mImageDigestSize,
-             CertBlock->Signature,
-             EFI_CERT_TYPE_RSA2048_SHA256_SIZE
-             );
-Done:
-  if (KekList != NULL) {
-    FreePool (KekList);
+  }
-  if (Rsa != NULL ) {
-    RsaFree (Rsa);
+  }
-  if (Status) {
-    return EFI_SUCCESS;
-  } else {
-    return EFI_SECURITY_VIOLATION;
+  }
+}
-/**
   Provide verification service for signed images, which include both signature validation
   and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and
 …
   Executables from FV is bypass, so pass in AuthenticationStatus is ignored.
+  The image verification process is:
+    Is the Image signed?
+      If yes,
+        Does the image verify against a certificate (root or intermediate) in the allowed db?
+          Run it
+        Image verification fail
+          Is the Image's Hash not in forbidden database and the Image's Hash in allowed db?
+            Run it
+      If no,
+        Is the Image's Hash in the forbidden database (DBX)?
+          if yes,
+            Error out
+        Is the Image's Hash in the allowed database (DB)?
+          If yes,
+            Run it
+          If no,
+            Error out
+  The image verification policy is:
+    If the image is signed,
+      At least one valid signature or at least one hash value of the image must match a record
+      in the security database "db", and no valid signature nor any hash value of the image may
+      be reflected in the security database "dbx".
+    Otherwise, the image is not signed,
+      The SHA256 hash value of the image must match a record in the security database "db", and
+      not be reflected in the security data base "dbx".
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will validate its data structure
+  within this image buffer before use.
   @param[in]    AuthenticationStatus
 …
   @param[in]    FileBuffer File buffer matches the input file device path.
   @param[in]    FileSize   Size of File buffer matches the input file device path.
+  @retval EFI_SUCCESS            The file specified by File did authenticate, and the
+                                 platform policy dictates that the DXE Core may use File.
+  @retval EFI_INVALID_PARAMETER  Input argument is incorrect.
+  @param[in]    BootPolicy A boot policy that was used to call LoadImage() UEFI service.
+  @retval EFI_SUCCESS            The file specified by DevicePath and non-NULL
+                                 FileBuffer did authenticate, and the platform policy dictates
+                                 that the DXE Foundation may use the file.
+  @retval EFI_SUCCESS            The device path specified by NULL device path DevicePath
+                                 and non-NULL FileBuffer did authenticate, and the platform
+                                 policy dictates that the DXE Foundation may execute the image in
+                                 FileBuffer.
   @retval EFI_OUT_RESOURCE       Fail to allocate memory.
   @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
                                  the platform policy dictates that File should be placed
+                                 in the untrusted state. A file may be promoted from
+                                 the untrusted to the trusted state at a future time
+                                 with a call to the Trust() DXE Service.
+  @retval EFI_ACCESS_DENIED      The file specified by File did not authenticate, and
+                                 the platform policy dictates that File should not be
+                                 used for any purpose.
+                                 in the untrusted state. The image has been added to the file
+                                 execution table.
+  @retval EFI_ACCESS_DENIED      The file specified by File and FileBuffer did not
+                                 authenticate, and the platform policy dictates that the DXE
+                                 Foundation many not use File.
 **/
 …
   IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,
   IN  VOID                             *FileBuffer,
+  IN  UINTN                            FileSize
+  IN  UINTN                            FileSize,
+  IN  BOOLEAN                          BootPolicy
+  )
+{
 …
   EFI_IMAGE_DOS_HEADER                 *DosHdr;
   EFI_STATUS                           VerifyStatus;
-  UINT8                                *SetupMode;
   EFI_SIGNATURE_LIST                   *SignatureList;
   UINTN                                SignatureListSize;
 …
   WIN_CERTIFICATE                      *WinCertificate;
   UINT32                               Policy;
   UINT8                                *SecureBootEnable;
+  UINT8                                *SecureBoot;
   PE_COFF_LOADER_IMAGE_CONTEXT         ImageContext;
   UINT32                               NumberOfRvaAndSizes;
+  UINT32                               CertSize;
+  if (File == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+  WIN_CERTIFICATE_EFI_PKCS             *PkcsCertData;
+  WIN_CERTIFICATE_UEFI_GUID            *WinCertUefiGuid;
+  UINT8                                *AuthData;
+  UINTN                                AuthDataSize;
+  EFI_IMAGE_DATA_DIRECTORY             *SecDataDir;
+  UINT32                               OffSet;
+  CHAR16                               *NameStr;
   SignatureList     = NULL;
   SignatureListSize = 0;
   WinCertificate    = NULL;
+  SecDataDir        = NULL;
+  PkcsCertData      = NULL;
   Action            = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
   Status            = EFI_ACCESS_DENIED;
+  VerifyStatus      = EFI_ACCESS_DENIED;
   //
   // Check the image type and get policy setting.
 …
+  }
+  SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);
+  //
+  // Skip verification if SecureBootEnable variable doesn't exist.
+  //
+  if (SecureBootEnable == NULL) {
+  //
+  // The policy QUERY_USER_ON_SECURITY_VIOLATION and ALLOW_EXECUTE_ON_SECURITY_VIOLATION
+  // violates the UEFI spec and has been removed.
+  //
+  ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);
+  if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) {
+    CpuDeadLoop ();
+  }
+  GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
+  //
+  // Skip verification if SecureBoot variable doesn't exist.
+  //
+  if (SecureBoot == NULL) {
     return EFI_SUCCESS;
+  }
   //
   // Skip verification if SecureBootEnable is disabled.
   //
   if (*SecureBootEnable == SECURE_BOOT_DISABLE) {
     FreePool (SecureBootEnable);
+  // Skip verification if SecureBoot is disabled.
+  //
+  if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {
+    FreePool (SecureBoot);
     return EFI_SUCCESS;
+  }
+  FreePool (SecureBootEnable);
+  SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);
+  //
+  // SetupMode doesn't exist means no AuthVar driver is dispatched,
+  // skip verification.
+  //
+  if (SetupMode == NULL) {
+    return EFI_SUCCESS;
+  }
+  //
+  // If platform is in SETUP MODE, skip verification.
+  //
+  if (*SetupMode == SETUP_MODE) {
+    FreePool (SetupMode);
+    return EFI_SUCCESS;
+  }
+  FreePool (SetupMode);
+  FreePool (SecureBoot);
   //
 …
+  }
+  Magic = mNtHeader.Pe32->OptionalHeader.Magic;
+  if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+    //
+    // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
+    //       in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
+    //       Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
+    //       then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
+    //
+    Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
+  } else {
+    //
+    // Get the magic value from the PE/COFF Optional Header
+    //
+    Magic = mNtHeader.Pe32->OptionalHeader.Magic;
+  }
   if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
     //
 …
     NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
     if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
       mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+      SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+    }
   } else {
 …
     NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
     if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
+      mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+    }
+  }
+  if ((mSecDataDir == NULL) || ((mSecDataDir != NULL) && (mSecDataDir->Size == 0))) {
+    //
+    // This image is not signed.
+      SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+    }
+  }
+  //
+  // Start Image Validation.
+  //
+  if (SecDataDir == NULL || SecDataDir->Size == 0) {
+    //
+    // This image is not signed. The SHA256 hash value of the image must match a record in the security database "db",
+    // and not be reflected in the security data base "dbx".
     //
     if (!HashPeImage (HASHALG_SHA256)) {
 …
   //
+  // Verify signature of executables.
+  //
+  WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress);
+  CertSize = sizeof (WIN_CERTIFICATE);
+  if ((mSecDataDir->Size <= CertSize) || (mSecDataDir->Size < WinCertificate->dwLength)) {
+    goto Done;
+  }
+  switch (WinCertificate->wCertificateType) {
+  case WIN_CERT_TYPE_EFI_GUID:
+    CertSize = sizeof (WIN_CERTIFICATE_UEFI_GUID) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256) - sizeof (UINT8);
+    if (WinCertificate->dwLength < CertSize) {
+      goto Done;
+    }
+    //
+    // Verify UEFI GUID type.
+    //
+    if (!HashPeImage (HASHALG_SHA256)) {
+      goto Done;
+    }
+    VerifyStatus = VerifyCertUefiGuid ();
+    break;
+  case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
+    //
+    // Verify Pkcs signed data type.
+    //
+    Status = HashPeImageByType();
+  // Verify the signature of the image, multiple signatures are allowed as per PE/COFF Section 4.7
+  // "Attribute Certificate Table".
+  // The first certificate starts at offset (SecDataDir->VirtualAddress) from the start of the file.
+  //
+  for (OffSet = SecDataDir->VirtualAddress;
+       OffSet < (SecDataDir->VirtualAddress + SecDataDir->Size);
+       OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) {
+    WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
+    if ((SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) <= sizeof (WIN_CERTIFICATE) ||
+        (SecDataDir->VirtualAddress + SecDataDir->Size - OffSet) < WinCertificate->dwLength) {
+      break;
+    }
+    //
+    // Verify the image's Authenticode signature, only DER-encoded PKCS#7 signed data is supported.
+    //
+    if (WinCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
+      //
+      // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the
+      // Authenticode specification.
+      //
+      PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;
+      if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
+        break;
+      }
+      AuthData   = PkcsCertData->CertData;
+      AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);
+    } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
+      //
+      // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
+      //
+      WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;
+      if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+        break;
+      }
+      if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {
+        continue;
+      }
+      AuthData = WinCertUefiGuid->CertData;
+      AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
+    } else {
+      if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
+        break;
+      }
+      continue;
+    }
+    Status = HashPeImageByType (AuthData, AuthDataSize);
     if (EFI_ERROR (Status)) {
+      goto Done;
+    }
+    VerifyStatus = VerifyCertPkcsSignedData ();
+    //
+    // For image verification against enrolled certificate(root or intermediate),
+    // no need to check image's hash in the allowed database.
+    //
+    if (!EFI_ERROR (VerifyStatus)) {
+      if (!IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
+        return EFI_SUCCESS;
+      }
+    }
+    break;
+  default:
+    goto Done;
+  }
+  //
+  // Get image hash value as executable's signature.
+  //
+  SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
+  SignatureList     = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
+  if (SignatureList == NULL) {
+    Status = EFI_OUT_OF_RESOURCES;
+    goto Done;
+  }
+  SignatureList->SignatureHeaderSize  = 0;
+  SignatureList->SignatureListSize    = (UINT32) SignatureListSize;
+  SignatureList->SignatureSize        = (UINT32) mImageDigestSize;
+  CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
+  Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
+  CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
+  //
+  // Signature database check after verification.
+  //
+  if (EFI_ERROR (VerifyStatus)) {
+    //
+    // Verification failure.
+    //
+    if (!IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize) &&
+        IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
+      //
+      // Verification fail, Image Hash is not in forbidden database (DBX),
+      // and Image Hash is in allowed database (DB).
+      //
+      Status = EFI_SUCCESS;
+    } else {
+      continue;
+    }
+    //
+    // Check the digital signature against the revoked certificate in forbidden database (dbx).
+    //
+    if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {
       Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
+      Status = EFI_ACCESS_DENIED;
+    }
+  } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, Signature->SignatureData, &mCertType, mImageDigestSize)) {
+    //
+    // Executable signature verification passes, but is found in forbidden signature database.
+    //
+    Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
+      VerifyStatus = EFI_ACCESS_DENIED;
+      break;
+    }
+    //
+    // Check the digital signature against the valid certificate in allowed database (db).
+    //
+    if (EFI_ERROR (VerifyStatus)) {
+      if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {
+        VerifyStatus = EFI_SUCCESS;
+      }
+    }
+    //
+    // Check the image's hash value.
+    //
+    if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
+      Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
+      VerifyStatus = EFI_ACCESS_DENIED;
+      break;
+    } else if (EFI_ERROR (VerifyStatus)) {
+      if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
+        VerifyStatus = EFI_SUCCESS;
+      }
+    }
+  }
+  if (OffSet != (SecDataDir->VirtualAddress + SecDataDir->Size)) {
+    //
+    // The Size in Certificate Table or the attribute certicate table is corrupted.
+    //
+    VerifyStatus = EFI_ACCESS_DENIED;
+  }
+  if (!EFI_ERROR (VerifyStatus)) {
+    return EFI_SUCCESS;
+  } else {
     Status = EFI_ACCESS_DENIED;
+  } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, Signature->SignatureData, &mCertType, mImageDigestSize)) {
+    //
+    // Executable signature is found in authorized signature database.
+    //
+    Status = EFI_SUCCESS;
+  } else {
+    //
+    // Executable signature verification passes, but cannot be found in authorized signature database.
+    // Get platform policy to determine the action.
+    //
+    Action = EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED;
+    Status = ImageAuthorization (Policy);
+    if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
+      //
+      // Get image hash value as executable's signature.
+      //
+      SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
+      SignatureList     = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
+      if (SignatureList == NULL) {
+        Status = EFI_OUT_OF_RESOURCES;
+        goto Done;
+      }
+      SignatureList->SignatureHeaderSize  = 0;
+      SignatureList->SignatureListSize    = (UINT32) SignatureListSize;
+      SignatureList->SignatureSize        = (UINT32) mImageDigestSize;
+      CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
+      Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
+      CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
+    }
+  }
 …
     // Policy decides to defer or reject the image; add its information in image executable information table.
     //
+    AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);
+    NameStr = ConvertDevicePathToText (File, FALSE, TRUE);
+    AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
+    if (NameStr != NULL) {
+      DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));
+      FreePool(NameStr);
+    }
+    Status = EFI_SECURITY_VIOLATION;
+  }
 …
 /**
+  When VariableWriteArchProtocol install, create "SecureBoot" variable.
+  @param[in] Event    Event whose notification function is being invoked.
+  @param[in] Context  Pointer to the notification function's context.
+  On Ready To Boot Services Event notification handler.
+  Add the image execution information table if it is not in system configuration table.
+  @param[in]  Event     Event whose notification function is being invoked
+  @param[in]  Context   Pointer to the notification function's context
 **/
 VOID
 EFIAPI
 VariableWriteCallBack (
   IN  EFI_EVENT                           Event,
   IN  VOID                                *Context
+OnReadyToBoot (
+  IN      EFI_EVENT               Event,
+  IN      VOID                    *Context
+  )
+{
+  UINT8                       SecureBootMode;
+  UINT8                       *SecureBootModePtr;
+  EFI_STATUS                  Status;
+  VOID                        *ProtocolPointer;
+  Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);
+  if (EFI_ERROR (Status)) {
+  EFI_IMAGE_EXECUTION_INFO_TABLE  *ImageExeInfoTable;
+  UINTN                           ImageExeInfoTableSize;
+  EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);
+  if (ImageExeInfoTable != NULL) {
     return;
+  }
+  //
+  // Check whether "SecureBoot" variable exists.
+  // If this library is built-in, it means firmware has capability to perform
+  // driver signing verification.
+  //
+  SecureBootModePtr = GetEfiGlobalVariable (EFI_SECURE_BOOT_MODE_NAME);
+  if (SecureBootModePtr == NULL) {
+    SecureBootMode   = SECURE_BOOT_MODE_DISABLE;
+    //
+    // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.
+    //
+    gRT->SetVariable (
+           EFI_SECURE_BOOT_MODE_NAME,
+           &gEfiGlobalVariableGuid,
+           EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+           sizeof (UINT8),
+           &SecureBootMode
+           );
+  } else {
+    FreePool (SecureBootModePtr);
+  }
+  ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
+  ImageExeInfoTable     = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize);
+  if (ImageExeInfoTable == NULL) {
+    return ;
+  }
+  ImageExeInfoTable->NumberOfImages = 0;
+  gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable);
+}
 …
+  )
+{
+  VOID                *Registration;
+  //
+  // Register callback function upon VariableWriteArchProtocol.
+  //
+  EfiCreateProtocolNotifyEvent (
+    &gEfiVariableWriteArchProtocolGuid,
+  EFI_EVENT            Event;
+  //
+  // Register the event to publish the image execution table.
+  //
+  EfiCreateEventReadyToBootEx (
     TPL_CALLBACK,
     VariableWriteCallBack,
     NULL,
     &Registration
     );
   return RegisterSecurityHandler (
+    OnReadyToBoot,
+    NULL,
+    &Event
+    );
+  return RegisterSecurity2Handler (
           DxeImageVerificationHandler,
           EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h

-              r48674
+              r58459
   internal structure and functions used by ImageVerificationLib.
 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #define TWO_BYTE_ENCODE                   0x82
+#define ALIGNMENT_SIZE                    8
+#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
 //
 // Image type definitions

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf

-              r48674
+              r58459
 ## @file
+#  The library instance provides security service of image verification.
+#  Image verification Library module supports UEFI2.3.1
+#  Provides security service of image verification
+#
+# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+#  This library hooks LoadImage() API to verify every image by the verification policy.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - PE/COFF image.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 …
 [Defines]
   INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeImageVerificationLib
+  BASE_NAME                      = DxeImageVerificationLib
+  MODULE_UNI_FILE                = DxeImageVerificationLib.uni
   FILE_GUID                      = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6
   MODULE_TYPE                    = DXE_DRIVER
 …
   DxeImageVerificationLib.c
   DxeImageVerificationLib.h
+  Measurement.c
 [Packages]
 …
   SecurityManagementLib
   PeCoffLib
+  TpmMeasurementLib
 [Protocols]
+  gEfiFirmwareVolume2ProtocolGuid
+  gEfiBlockIoProtocolGuid
+  gEfiSimpleFileSystemProtocolGuid
+  gEfiVariableWriteArchProtocolGuid
+  gEfiFirmwareVolume2ProtocolGuid       ## SOMETIMES_CONSUMES
+  gEfiBlockIoProtocolGuid               ## SOMETIMES_CONSUMES
+  gEfiSimpleFileSystemProtocolGuid      ## SOMETIMES_CONSUMES
+[Guids]
+  ## SOMETIMES_CONSUMES   ## Variable:L"DB"
+  ## SOMETIMES_CONSUMES   ## Variable:L"DBX"
+  ## PRODUCES             ## SystemTable
+  ## CONSUMES             ## SystemTable
+  gEfiImageSecurityDatabaseGuid
+  ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
+  ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
+  gEfiCertSha1Guid
+[Guids]
+  gEfiCertTypeRsa2048Sha256Guid
+  gEfiImageSecurityDatabaseGuid
+  gEfiCertSha1Guid
+  ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
+  ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
   gEfiCertSha256Guid
+  gEfiCertX509Guid
   gEfiCertRsa2048Guid
   gEfiSecureBootEnableDisableGuid
+  gEfiCertX509Guid                      ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
+  gEfiCertPkcs7Guid                     ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the certificate.
 [Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
+  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy
+  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy
+  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy          ## SOMETIMES_CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy     ## SOMETIMES_CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy         ## SOMETIMES_CONSUMES

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c

-              r48674
+              r58459
   Execute pending TPM requests from OS or BIOS and Lock TPM.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+  Caution: This module requires additional review when modified.
+  This driver will have external input - variable.
+  This external input must be validated carefully to avoid security issue.
+  ExecutePendingTpmRequest() will receive untrusted input and do validation.
+Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include <Protocol/TcgService.h>
+#include <Protocol/VariableLock.h>
 #include <Library/DebugLib.h>
 #include <Library/BaseMemoryLib.h>
 …
 #include <Guid/EventGroup.h>
 #include <Guid/PhysicalPresenceData.h>
+#define TPM_PP_USER_ABORT           ((TPM_RESULT)(-0x10))
+#define TPM_PP_BIOS_FAILURE         ((TPM_RESULT)(-0x0f))
+#include <Library/TcgPpVendorLib.h>
 #define CONFIRM_BUFFER_SIZE         4096
 …
   @param[in] AdditionalParameters     Pointer to the Additional paramaters.
   @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or
                                       receiving response from TPM.
   @retval Others                      Return code from the TPM device after command execution.
+  @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE  Error occurred during sending command to TPM or
+                                                  receiving response from TPM.
+  @retval Others                                  Return code from the TPM device after command execution.
 **/
+TPM_RESULT
+UINT32
 TpmCommandNoReturnData (
   IN      EFI_TCG_PROTOCOL          *TcgProtocol,
 …
   TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize);
   if (TpmRqu == NULL) {
     return TPM_PP_BIOS_FAILURE;
+    return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+  }
 …
   FreePool (TpmRqu);
   if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
     return TPM_PP_BIOS_FAILURE;
+    return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+  }
   return SwapBytes32 (TpmRsp.returnCode);
 …
   @param[in, out] PpiFlags            The physical presence interface flags.
   @retval TPM_PP_BIOS_FAILURE         Unknown physical presence operation.
   @retval TPM_PP_BIOS_FAILURE         Error occurred during sending command to TPM or
                                       receiving response from TPM.
   @retval Others                      Return code from the TPM device after command execution.
+  @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE  Unknown physical presence operation.
+  @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE  Error occurred during sending command to TPM or
+                                                  receiving response from TPM.
+  @retval Others                                  Return code from the TPM device after command execution.
 **/
+TPM_RESULT
+UINT32
 ExecutePhysicalPresence (
   IN      EFI_TCG_PROTOCOL          *TcgProtocol,
   IN      UINT8                     CommandCode,
   IN OUT  UINT8                     *PpiFlags
+  IN      EFI_TCG_PROTOCOL            *TcgProtocol,
+  IN      UINT32                      CommandCode,
+  IN OUT  EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags
+  )
+{
   BOOLEAN                           BoolVal;
   TPM_RESULT                        TpmResponse;
+  UINT32                            TpmResponse;
   UINT32                            InData[5];
 …
       // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot
       //
       if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
+      if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
         TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
         *PpiFlags |= FLAG_RESET_TRACK;
+        PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;
       } else {
         TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
         *PpiFlags &= ~FLAG_RESET_TRACK;
+        PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
+      }
       return TpmResponse;
 …
       // Here it is NOT implemented
       //
       return TPM_PP_BIOS_FAILURE;
+      return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
     case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
 …
     case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
       *PpiFlags &= ~FLAG_NO_PPI_PROVISION;
+      PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;
       return 0;
     case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
       *PpiFlags |= FLAG_NO_PPI_PROVISION;
+      PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;
       return 0;
     case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
       *PpiFlags &= ~FLAG_NO_PPI_CLEAR;
+      PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;
       return 0;
     case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
       *PpiFlags |= FLAG_NO_PPI_CLEAR;
+      PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR;
       return 0;
     case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
       *PpiFlags &= ~FLAG_NO_PPI_MAINTENANCE;
+      PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;
       return 0;
     case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
       *PpiFlags |= FLAG_NO_PPI_MAINTENANCE;
+      PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;
       return 0;
     case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
+      TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
+      if (TpmResponse == 0) {
+      //
+      // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR
+      // PHYSICAL_PRESENCE_CLEAR will be executed after reboot.
+      //
+      if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
+        TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
+        PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;
+      } else {
         TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
+        PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
+      }
       return TpmResponse;
 …
       //
       // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE
       // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed atfer reboot.
       //
       if ((*PpiFlags & FLAG_RESET_TRACK) == 0) {
+      // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot.
+      //
+      if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
         TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
         *PpiFlags |= FLAG_RESET_TRACK;
+        PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK;
       } else {
         TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
         *PpiFlags &= ~FLAG_RESET_TRACK;
+        PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
+      }
       return TpmResponse;
 …
+      ;
+  }
   return TPM_PP_BIOS_FAILURE;
+  return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+}
 …
   @retval     TRUE        User confirmed the changes by input.
   @retval     FALSE       User discarded the changes.
+  @retval     FALSE       User discarded the changes or device error.
 **/
 …
   EFI_INPUT_KEY                     Key;
   UINT16                            InputKey;
+  UINTN                             Index;
   InputKey = 0;
   do {
+    Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
+    if (!EFI_ERROR (Status)) {
+      Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
+      if (Key.ScanCode == SCAN_ESC) {
+        InputKey = Key.ScanCode;
+      }
+      if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
+        InputKey = Key.ScanCode;
+      }
+      if ((Key.ScanCode == SCAN_F12) && CautionKey) {
+        InputKey = Key.ScanCode;
+      }
+    }
+    Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
+    if (Status == EFI_NOT_READY) {
+      gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);
+      continue;
+    }
+    if (Status == EFI_DEVICE_ERROR) {
+      return FALSE;
+    }
+    if (Key.ScanCode == SCAN_ESC) {
+      InputKey = Key.ScanCode;
+    }
+    if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
+      InputKey = Key.ScanCode;
+    }
+    if ((Key.ScanCode == SCAN_F12) && CautionKey) {
+      InputKey = Key.ScanCode;
+    }
   } while (InputKey == 0);
 …
 BOOLEAN
 UserConfirm (
   IN      UINT8                     TpmPpCommand
+  IN      UINT32                    TpmPpCommand
+  )
+{
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
       StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
       StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
       StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
       StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16 *)) - StrLen (ConfirmText) - 1);
+      StrnCat (ConfirmText, TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
       FreePool (TmpStr1);
       break;
 …
 /**
+  Check and execute the requested physical presence command.
+  @param[in] TcgProtocol          EFI TCG Protocol instance.
+  @param[in] TcgPpData            Point to the physical presence NV variable.
+  Check if there is a valid physical presence command request. Also updates parameter value
+  to whether the requested physical presence command already confirmed by user
+   @param[in]  TcgPpData           EFI TCG Physical Presence request data.
+   @param[in]  Flags               The physical presence interface flags.
+   @param[out] RequestConfirmed    If the physical presence operation command required user confirm from UI.
+                                   True, it indicates the command doesn't require user confirm, or already confirmed
+                                   in last boot cycle by user.
+                                   False, it indicates the command need user confirm from UI.
+   @retval  TRUE        Physical Presence operation command is valid.
+   @retval  FALSE       Physical Presence operation command is invalid.
 **/
+VOID
+ExecutePendingTpmRequest (
+  IN      EFI_TCG_PROTOCOL          *TcgProtocol,
+  IN      EFI_PHYSICAL_PRESENCE     *TcgPpData
+BOOLEAN
+HaveValidTpmRequest  (
+  IN      EFI_PHYSICAL_PRESENCE       *TcgPpData,
+  IN      EFI_PHYSICAL_PRESENCE_FLAGS Flags,
+  OUT     BOOLEAN                     *RequestConfirmed
+  )
+{
+  EFI_STATUS                        Status;
+  UINTN                             DataSize;
+  UINT8                             Flags;
+  BOOLEAN                           RequestConfirmed;
+  Flags            = TcgPpData->Flags;
+  RequestConfirmed = FALSE;
+  BOOLEAN  IsRequestValid;
+  *RequestConfirmed = FALSE;
   switch (TcgPpData->PPRequest) {
     case PHYSICAL_PRESENCE_NO_ACTION:
+      return;
+      *RequestConfirmed = TRUE;
+      return TRUE;
     case PHYSICAL_PRESENCE_ENABLE:
     case PHYSICAL_PRESENCE_DISABLE:
 …
     case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
     case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH:
       if ((Flags & FLAG_NO_PPI_PROVISION) != 0) {
         RequestConfirmed = TRUE;
+      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
+        *RequestConfirmed = TRUE;
+      }
       break;
 …
     case PHYSICAL_PRESENCE_CLEAR:
     case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
       if ((Flags & FLAG_NO_PPI_CLEAR) != 0) {
         RequestConfirmed = TRUE;
+      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
+        *RequestConfirmed = TRUE;
+      }
       break;
     case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
       if ((Flags & FLAG_NO_PPI_MAINTENANCE) != 0) {
         RequestConfirmed = TRUE;
+      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {
+        *RequestConfirmed = TRUE;
+      }
       break;
 …
     case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
     case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
       if ((Flags & FLAG_NO_PPI_CLEAR) != 0 && (Flags & FLAG_NO_PPI_PROVISION) != 0) {
         RequestConfirmed = TRUE;
+      if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
+        *RequestConfirmed = TRUE;
+      }
       break;
+      break;
     case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
     case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE:
     case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE:
+      RequestConfirmed = TRUE;
+      break;
+      *RequestConfirmed = TRUE;
+      break;
+    case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE:
+    case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE:
+    case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
+      break;
     default:
+      //
+      // Invalid operation request.
+      //
+      TcgPpData->PPResponse = TPM_PP_BIOS_FAILURE;
+      TcgPpData->LastPPRequest = TcgPpData->PPRequest;
+      TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
+      DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+      Status = gRT->SetVariable (
+                      PHYSICAL_PRESENCE_VARIABLE,
+      if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
+        IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed);
+        if (!IsRequestValid) {
+          return FALSE;
+        } else {
+          break;
+        }
+      } else {
+        //
+        // Wrong Physical Presence command
+        //
+        return FALSE;
+      }
+  }
+  if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) {
+    //
+    // It had been confirmed in last boot, it doesn't need confirm again.
+    //
+    *RequestConfirmed = TRUE;
+  }
+  //
+  // Physical Presence command is correct
+  //
+  return TRUE;
+}
+/**
+  Check and execute the requested physical presence command.
+  Caution: This function may receive untrusted input.
+  TcgPpData variable is external input, so this function will validate
+  its data structure to be valid value.
+  @param[in] TcgProtocol          EFI TCG Protocol instance.
+  @param[in] TcgPpData            Point to the physical presence NV variable.
+  @param[in] Flags                The physical presence interface flags.
+**/
+VOID
+ExecutePendingTpmRequest (
+  IN      EFI_TCG_PROTOCOL            *TcgProtocol,
+  IN      EFI_PHYSICAL_PRESENCE       *TcgPpData,
+  IN      EFI_PHYSICAL_PRESENCE_FLAGS Flags
+  )
+{
+  EFI_STATUS                        Status;
+  UINTN                             DataSize;
+  BOOLEAN                           RequestConfirmed;
+  EFI_PHYSICAL_PRESENCE_FLAGS       NewFlags;
+  BOOLEAN                           ResetRequired;
+  UINT32                            NewPPFlags;
+  if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) {
+    //
+    // Invalid operation request.
+    //
+    TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
+    TcgPpData->LastPPRequest = TcgPpData->PPRequest;
+    TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
+    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+    Status = gRT->SetVariable (
+                    PHYSICAL_PRESENCE_VARIABLE,
+                    &gEfiPhysicalPresenceGuid,
+                    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                    DataSize,
+                    TcgPpData
+                    );
+    return;
+  }
+  ResetRequired = FALSE;
+  if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
+    NewFlags = Flags;
+    NewPPFlags = NewFlags.PPFlags;
+    TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired);
+    NewFlags.PPFlags = (UINT8)NewPPFlags;
+  } else {
+    if (!RequestConfirmed) {
+      //
+      // Print confirm text and wait for approval.
+      //
+      RequestConfirmed = UserConfirm (TcgPpData->PPRequest);
+    }
+    //
+    // Execute requested physical presence command
+    //
+    TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT;
+    NewFlags = Flags;
+    if (RequestConfirmed) {
+      TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags);
+    }
+  }
+  //
+  // Save the flags if it is updated.
+  //
+  if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) {
+    Status   = gRT->SetVariable (
+                      PHYSICAL_PRESENCE_FLAGS_VARIABLE,
                       &gEfiPhysicalPresenceGuid,
                       EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                      DataSize,
+                      TcgPpData
+                      );
+                      sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
+                      &NewFlags
+                      );
+    if (EFI_ERROR (Status)) {
       return;
+  }
+  if ((Flags & FLAG_RESET_TRACK) != 0) {
+    //
+    // It had been confirmed in last boot, it doesn't need confirm again.
+    //
+    RequestConfirmed = TRUE;
+  }
+  if (!RequestConfirmed) {
+    //
+    // Print confirm text and wait for approval.
+    //
+    RequestConfirmed = UserConfirm (TcgPpData->PPRequest);
+  }
+  //
+  // Execute requested physical presence command
+  //
+  TcgPpData->PPResponse = TPM_PP_USER_ABORT;
+  if (RequestConfirmed) {
+    TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &TcgPpData->Flags);
+  }
+    }
+  }
   //
   // Clear request
   //
   if ((TcgPpData->Flags & FLAG_RESET_TRACK) == 0) {
+  if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
     TcgPpData->LastPPRequest = TcgPpData->PPRequest;
     TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
 …
+  }
   if (TcgPpData->PPResponse == TPM_PP_USER_ABORT) {
+  if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) {
     return;
+  }
 …
       break;
     default:
+      if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
+        if (ResetRequired) {
+          break;
+        } else {
+          return ;
+        }
+      }
       if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
         break;
 …
   EFI_PHYSICAL_PRESENCE             TcgPpData;
   EFI_TCG_PROTOCOL                  *TcgProtocol;
+  EDKII_VARIABLE_LOCK_PROTOCOL      *VariableLockProtocol;
+  EFI_PHYSICAL_PRESENCE_FLAGS       PpiFlags;
   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
   if (EFI_ERROR (Status)) {
     return ;
+  }
+  //
+  // Initialize physical presence flags.
+  //
+  DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);
+  Status = gRT->GetVariable (
+                  PHYSICAL_PRESENCE_FLAGS_VARIABLE,
+                  &gEfiPhysicalPresenceGuid,
+                  NULL,
+                  &DataSize,
+                  &PpiFlags
+                  );
+  if (EFI_ERROR (Status)) {
+    PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;
+    Status   = gRT->SetVariable (
+                      PHYSICAL_PRESENCE_FLAGS_VARIABLE,
+                      &gEfiPhysicalPresenceGuid,
+                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                      sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
+                      &PpiFlags
+                      );
+    if (EFI_ERROR (Status)) {
+      DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status));
+      return ;
+    }
+  }
+  DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));
+  //
+  // This flags variable controls whether physical presence is required for TPM command.
+  // It should be protected from malicious software. We set it as read-only variable here.
+  //
+  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
+  if (!EFI_ERROR (Status)) {
+    Status = VariableLockProtocol->RequestToLock (
+                                     VariableLockProtocol,
+                                     PHYSICAL_PRESENCE_FLAGS_VARIABLE,
+                                     &gEfiPhysicalPresenceGuid
+                                     );
+    if (EFI_ERROR (Status)) {
+      DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status));
+      ASSERT_EFI_ERROR (Status);
+    }
+  }
 …
                   );
   if (EFI_ERROR (Status)) {
+    if (Status == EFI_NOT_FOUND) {
+      ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
+      TcgPpData.Flags |= FLAG_NO_PPI_PROVISION;
+      DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+      Status   = gRT->SetVariable (
+                        PHYSICAL_PRESENCE_VARIABLE,
+                        &gEfiPhysicalPresenceGuid,
+                        EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                        DataSize,
+                        &TcgPpData
+                        );
+    ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData));
+    DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+    Status   = gRT->SetVariable (
+                      PHYSICAL_PRESENCE_VARIABLE,
+                      &gEfiPhysicalPresenceGuid,
+                      EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
+                      DataSize,
+                      &TcgPpData
+                      );
+    if (EFI_ERROR (Status)) {
+      DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status));
+      return;
+    }
+    ASSERT_EFI_ERROR (Status);
+  }
+  DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", TcgPpData.Flags, TcgPpData.PPRequest));
+  }
+  DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest));
+  if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
+    //
+    // No operation request
+    //
+    return;
+  }
   Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
 …
   // Execute pending TPM request.
   //
   ExecutePendingTpmRequest (TcgProtocol, &TcgPpData);
+  ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);
   DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));
 …
+}
+/**
+  Check if the pending TPM request needs user input to confirm.
+  The TPM request may come from OS. This API will check if TPM request exists and need user
+  input to confirmation.
+  @retval    TRUE        TPM needs input to confirm user physical presence.
+  @retval    FALSE       TPM doesn't need input to confirm user physical presence.
+**/
+BOOLEAN
+EFIAPI
+TcgPhysicalPresenceLibNeedUserConfirm(
+  VOID
+  )
+{
+  EFI_STATUS                   Status;
+  EFI_PHYSICAL_PRESENCE        TcgPpData;
+  UINTN                        DataSize;
+  BOOLEAN                      RequestConfirmed;
+  BOOLEAN                      LifetimeLock;
+  BOOLEAN                      CmdEnable;
+  EFI_TCG_PROTOCOL             *TcgProtocol;
+  EFI_PHYSICAL_PRESENCE_FLAGS  PpiFlags;
+  Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
+  if (EFI_ERROR (Status)) {
+    return FALSE;
+  }
+  //
+  // Check Tpm requests
+  //
+  DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
+  Status = gRT->GetVariable (
+                  PHYSICAL_PRESENCE_VARIABLE,
+                  &gEfiPhysicalPresenceGuid,
+                  NULL,
+                  &DataSize,
+                  &TcgPpData
+                  );
+  if (EFI_ERROR (Status)) {
+    return FALSE;
+  }
+  DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);
+  Status = gRT->GetVariable (
+                  PHYSICAL_PRESENCE_FLAGS_VARIABLE,
+                  &gEfiPhysicalPresenceGuid,
+                  NULL,
+                  &DataSize,
+                  &PpiFlags
+                  );
+  if (EFI_ERROR (Status)) {
+    return FALSE;
+  }
+  if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
+    //
+    // No operation request
+    //
+    return FALSE;
+  }
+  if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) {
+    //
+    // Invalid operation request.
+    //
+    return FALSE;
+  }
+  //
+  // Check Tpm Capability
+  //
+  Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable);
+  if (EFI_ERROR (Status)) {
+    return FALSE;
+  }
+  if (!CmdEnable) {
+    if (LifetimeLock) {
+      //
+      // physicalPresenceCMDEnable is locked, can't execute physical presence command.
+      //
+      return FALSE;
+    }
+  }
+  if (!RequestConfirmed) {
+    //
+    // Need UI to confirm
+    //
+    return TRUE;
+  }
+  return FALSE;
+}

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf

-              r48674
+              r58459
 ## @file
+# TCG physical presence library instance. This library will lock
+# TPM after executing TPM request.
+#  Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM
+#
+# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+#  This library will check and execute TPM 1.2 request from OS or BIOS. The request may
+#  ask for user confirmation before execution. This Library will also lock TPM physical
+#  presence at last.
+#
+#  Caution: This module requires additional review when modified.
+#  This driver will have external input - variable.
+#  This external input must be validated carefully to avoid security issue.
+#
+# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 …
 [Defines]
   INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeTcgPhysicalPresenceLib
+  BASE_NAME                      = DxeTcgPhysicalPresenceLib
+  MODULE_UNI_FILE                = DxeTcgPhysicalPresenceLib.uni
   FILE_GUID                      = EBC43A46-34AC-4F07-A7F5-A5394619361C
   MODULE_TYPE                    = DXE_DRIVER
 …
   PrintLib
   HiiLib
+  TcgPpVendorLib
 [Protocols]
+  gEfiTcgProtocolGuid
+  gEfiTcgProtocolGuid                   ## CONSUMES
+  gEdkiiVariableLockProtocolGuid        ## CONSUMES
 [Guids]
+  ## CONSUMES           ## HII
+  ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
+  ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence"
+  ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags"
+  ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
   gEfiPhysicalPresenceGuid

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c

-              r48674
+              r58459
   The library instance provides security service of TPM measure boot.
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image and GPT partition.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+  DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content
+  read is within the image buffer.
+  TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its
+  data structure within this image buffer before use.
+  TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse
+  partition data carefully.
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 #include <Protocol/TcgService.h>
-#include <Protocol/FirmwareVolume2.h>
 #include <Protocol/BlockIo.h>
 #include <Protocol/DiskIo.h>
+#include <Protocol/DevicePathToText.h>
+#include <Protocol/FirmwareVolumeBlock.h>
+#include <Guid/MeasuredFvHob.h>
 #include <Library/BaseLib.h>
 …
 #include <Library/PeCoffLib.h>
 #include <Library/SecurityManagementLib.h>
+#include <Library/HobLib.h>
 //
 …
 VOID                              *mFileBuffer;
 UINTN                             mImageSize;
+//
+// Measured FV handle cache
+//
+EFI_HANDLE                        mCacheMeasuredHandle  = NULL;
+MEASURED_HOB_DATA                 *mMeasuredHobData     = NULL;
 /**
   Reads contents of a PE/COFF image in memory buffer.
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will make sure the PE/COFF image content
+  read is within the image buffer.
   @param  FileHandle      Pointer to the file handle to read the PE/COFF image.
 …
 /**
   Measure GPT table data into TPM log.
+  Caution: This function may receive untrusted input.
+  The GPT partition table is external input, so this function should parse partition data carefully.
   @param TcgProtocol             Pointer to the located TCG protocol instance.
 …
       NumberOfPartition++;
+    }
     PartitionEntry++;
+  }
   //
   // Parepare Data for Measurement
+    PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
+  }
+  //
+  // Prepare Data for Measurement
   //
   EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
                         + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
   TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));
+  TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
   if (TcgEvent == NULL) {
     FreePool (PrimaryHeader);
 …
     if (!CompareGuid (&PartitionEntry->PartitionTypeGUID, &mZeroGuid)) {
       CopyMem (
         (UINT8 *)&GptData->Partitions + NumberOfPartition * sizeof (EFI_PARTITION_ENTRY),
+        (UINT8 *)&GptData->Partitions + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry,
         (UINT8 *)PartitionEntry,
         sizeof (EFI_PARTITION_ENTRY)
+        PrimaryHeader->SizeOfPartitionEntry
         );
       NumberOfPartition++;
+    }
     PartitionEntry++;
+    PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
+  }
 …
   Measure PE image into TPM log based on the authenticode image hashing in
   PE/COFF Specification 8.0 Appendix A.
+  Caution: This function may receive untrusted input.
+  PE/COFF image is external input, so this function will validate its data structure
+  within this image buffer before use.
   @param[in] TcgProtocol    Pointer to the located TCG protocol instance.
 …
   ImageLoad->ImageLinkTimeAddress  = LinkTimeBase;
   ImageLoad->LengthOfDevicePath    = FilePathSize;
+  CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize);
+  if ((FilePath != NULL) && (FilePathSize != 0)) {
+    CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize);
+  }
   //
 …
   // But CheckSum field and SECURITY data directory (certificate) are excluded
   //
+  Magic = Hdr.Pe32->OptionalHeader.Magic;
+  if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+    //
+    // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
+    //       in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
+    //       Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
+    //       then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
+    //
+    Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
+  } else {
+    //
+    // Get the magic value from the PE/COFF Optional Header
+    //
+    Magic = Hdr.Pe32->OptionalHeader.Magic;
+  }
   //
 …
              &EventLogLastEntry
              );
+  if (Status == EFI_OUT_OF_RESOURCES) {
+    //
+    // Out of resource here means the image is hashed and its result is extended to PCR.
+    // But the event log cann't be saved since log area is full.
+    // Just return EFI_SUCCESS in order not to block the image load.
+    //
+    Status = EFI_SUCCESS;
+  }
 Finish:
 …
   returned.
   @param[in, out] AuthenticationStatus  This is the authentication status returned
+  @param[in]      AuthenticationStatus  This is the authentication status returned
                                         from the securitymeasurement services for the
                                         input file.
 …
   @param[in]      FileBuffer File buffer matches the input file device path.
   @param[in]      FileSize   Size of File buffer matches the input file device path.
+  @retval EFI_SUCCESS            The file specified by File did authenticate, and the
+                                 platform policy dictates that the DXE Core may use File.
+  @retval EFI_INVALID_PARAMETER  File is NULL.
+  @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
+                                 the platform policy dictates that File should be placed
+                                 in the untrusted state. A file may be promoted from
+                                 the untrusted to the trusted state at a future time
+                                 with a call to the Trust() DXE Service.
+  @retval EFI_ACCESS_DENIED      The file specified by File did not authenticate, and
+                                 the platform policy dictates that File should not be
+                                 used for any purpose.
+  @param[in]      BootPolicy A boot policy that was used to call LoadImage() UEFI service.
+  @retval EFI_SUCCESS             The file specified by DevicePath and non-NULL
+                                  FileBuffer did authenticate, and the platform policy dictates
+                                  that the DXE Foundation may use the file.
+  @retval other error value
 **/
 EFI_STATUS
 EFIAPI
 DxeTpmMeasureBootHandler (
   IN  OUT   UINT32                     AuthenticationStatus,
+  IN  UINT32                           AuthenticationStatus,
   IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,
+  IN  VOID                             *FileBuffer OPTIONAL,
+  IN  UINTN                            FileSize OPTIONAL
+  IN  VOID                             *FileBuffer,
+  IN  UINTN                            FileSize,
+  IN  BOOLEAN                          BootPolicy
+  )
+{
   EFI_TCG_PROTOCOL                  *TcgProtocol;
   EFI_STATUS                        Status;
   TCG_EFI_BOOT_SERVICE_CAPABILITY   ProtocolCapability;
   UINT32                            TCGFeatureFlags;
   EFI_PHYSICAL_ADDRESS              EventLogLocation;
   EFI_PHYSICAL_ADDRESS              EventLogLastEntry;
   EFI_DEVICE_PATH_PROTOCOL          *DevicePathNode;
   EFI_DEVICE_PATH_PROTOCOL          *OrigDevicePathNode;
   EFI_HANDLE                        Handle;
   BOOLEAN                           ApplicationRequired;
   PE_COFF_LOADER_IMAGE_CONTEXT      ImageContext;
   if (File == NULL) {
     return EFI_INVALID_PARAMETER;
+  }
+  EFI_TCG_PROTOCOL                    *TcgProtocol;
+  EFI_STATUS                          Status;
+  TCG_EFI_BOOT_SERVICE_CAPABILITY     ProtocolCapability;
+  UINT32                              TCGFeatureFlags;
+  EFI_PHYSICAL_ADDRESS                EventLogLocation;
+  EFI_PHYSICAL_ADDRESS                EventLogLastEntry;
+  EFI_DEVICE_PATH_PROTOCOL            *DevicePathNode;
+  EFI_DEVICE_PATH_PROTOCOL            *OrigDevicePathNode;
+  EFI_HANDLE                          Handle;
+  EFI_HANDLE                          TempHandle;
+  BOOLEAN                             ApplicationRequired;
+  PE_COFF_LOADER_IMAGE_CONTEXT        ImageContext;
+  EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL  *FvbProtocol;
+  EFI_PHYSICAL_ADDRESS                FvAddress;
+  UINT32                              Index;
   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);
 …
              &EventLogLastEntry
            );
   if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag) {
+  if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {
     //
     // TPM device doesn't work or activate.
 …
   //
   OrigDevicePathNode = DuplicateDevicePath (File);
-  ASSERT (OrigDevicePathNode != NULL);
   //
 …
     //
     DevicePathNode = OrigDevicePathNode;
+    ASSERT (DevicePathNode != NULL);
     while (!IsDevicePathEnd (DevicePathNode)) {
       //
 …
   //
   // Check whether this device path support FV2 protocol.
+  // Check whether this device path support FVB protocol.
   //
   DevicePathNode = OrigDevicePathNode;
   Status = gBS->LocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &DevicePathNode, &Handle);
+  Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);
   if (!EFI_ERROR (Status)) {
     //
 …
+    }
     //
+    // The image from Firmware image will not be mearsured.
+    // Current policy doesn't measure PeImage from Firmware if it is driver
+    // If the got PeImage is application, it will be still be measured.
+    // The PE image from unmeasured Firmware volume need be measured
+    // The PE image from measured Firmware volume will be mearsured according to policy below.
+    //   If it is driver, do not measure
+    //   If it is application, still measure.
     //
     ApplicationRequired = TRUE;
+  }
+    if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {
+      //
+      // Search for Root FV of this PE image
+      //
+      TempHandle = Handle;
+      do {
+        Status = gBS->HandleProtocol(
+                        TempHandle,
+                        &gEfiFirmwareVolumeBlockProtocolGuid,
+                        (VOID**)&FvbProtocol
+                        );
+        TempHandle = FvbProtocol->ParentHandle;
+      } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);
+      //
+      // Search in measured FV Hob
+      //
+      Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);
+      if (EFI_ERROR(Status)){
+        return Status;
+      }
+      ApplicationRequired = FALSE;
+      for (Index = 0; Index < mMeasuredHobData->Num; Index++) {
+        if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
+          //
+          // Cache measured FV for next measurement
+          //
+          mCacheMeasuredHandle = Handle;
+          ApplicationRequired  = TRUE;
+          break;
+        }
+      }
+    }
+  }
   //
   // File is not found.
 …
     DEBUG_CODE_BEGIN ();
       CHAR16                            *ToText;
+      EFI_DEVICE_PATH_TO_TEXT_PROTOCOL  *DevPathToText;
+      Status = gBS->LocateProtocol (
+                      &gEfiDevicePathToTextProtocolGuid,
+                      NULL,
+                      (VOID **) &DevPathToText
+                      );
+      if (!EFI_ERROR (Status)) {
+        ToText = DevPathToText->ConvertDevicePathToText (
+                                  DevicePathNode,
+                                  FALSE,
+                                  TRUE
+                                  );
+        if (ToText != NULL) {
+          DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
+        }
+      ToText = ConvertDevicePathToText (
+                 DevicePathNode,
+                 FALSE,
+                 TRUE
+                 );
+      if (ToText != NULL) {
+        DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
+        FreePool (ToText);
+      }
     DEBUG_CODE_END ();
 …
   //
 Finish:
+  FreePool (OrigDevicePathNode);
+  if (OrigDevicePathNode != NULL) {
+    FreePool (OrigDevicePathNode);
+  }
   return Status;
 …
+  )
+{
+  return RegisterSecurityHandler (
+  EFI_HOB_GUID_TYPE  *GuidHob;
+  GuidHob = NULL;
+  GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid);
+  if (GuidHob != NULL) {
+    mMeasuredHobData = GET_GUID_HOB_DATA (GuidHob);
+  }
+  return RegisterSecurity2Handler (
           DxeTpmMeasureBootHandler,
           EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf

-              r48674
+              r58459
 ## @file
 #  The library instance provides security service of TPM measure boot.
+#  Provides security service for TPM 1.2 measured boot
+#
+# Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+#  This library instance hooks LoadImage() API to measure every image that
+#  is not measured in PEI phase. And, it will also measure GPT partition.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - PE/COFF image and GPT partition.
+#  This external input must be validated carefully to avoid security issues such
+#  as buffer overflow or integer overflow.
+#
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = DxeTpmMeasureBootLib
+  MODULE_UNI_FILE                = DxeTpmMeasureBootLib.uni
   FILE_GUID                      = 6C60C7D0-922A-4b7c-87D7-E503EDD73BBF
   MODULE_TYPE                    = DXE_DRIVER
 …
   BaseLib
   SecurityManagementLib
+  HobLib
+[Guids]
+  gMeasuredFvHobGuid                    ## SOMETIMES_CONSUMES ## HOB
 [Protocols]
   gEfiTcgProtocolGuid                   ## CONSUMES
   gEfiFirmwareVolume2ProtocolGuid       ## CONSUMES
   gEfiBlockIoProtocolGuid               ## CONSUMES
   gEfiDiskIoProtocolGuid                ## CONSUMES
+  gEfiDevicePathToTextProtocolGuid      ## SOMETIMES_CONSUMES (Only used in debug mode)
+  gEfiTcgProtocolGuid                   ## SOMETIMES_CONSUMES
+  gEfiFirmwareVolumeBlockProtocolGuid   ## SOMETIMES_CONSUMES
+  gEfiBlockIoProtocolGuid               ## SOMETIMES_CONSUMES
+  gEfiDiskIoProtocolGuid                ## SOMETIMES_CONSUMES

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf

-              r48674
+              r58459
 ## @file
+#  NULL platform secure library instance that alway returns TRUE for a user physical present
+#
 #  NULL PlatformSecureLib instance does NOT really detect whether a physical present
 #  user exists but return TRUE directly. This instance can be used to verify security
+#  user exists but returns TRUE directly. This instance can be used to verify security
 #  related features during platform enabling and development. It should be replaced
 #  by a platform-specific method(e.g. Button pressed) in a real platform for product.
+#
 # Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = PlatformSecureLibNull
+  MODULE_UNI_FILE                = PlatformSecureLibNull.uni
   FILE_GUID                      = 7FA68D82-10A4-4e71-9524-D3D9500D3CDF
   MODULE_TYPE                    = DXE_DRIVER

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TisPc.c

-              r48674
+              r58459
   Basic TIS (TPM Interface Specification) functions.
 Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 …
 /**
   Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE
   to ACCESS Register in the time of default TIS_TIMEOUT_D.
+  to ACCESS Register in the time of default TIS_TIMEOUT_A.
   @param[in] TisReg                Pointer to TIS register.
 …
   MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE);
+  //
+  // No locality set before, ACCESS_X.activeLocality MUST be valid within TIMEOUT_A
+  //
   Status = TisPcWaitRegisterBits (
              &TisReg->Access,
              (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID),
 ,
              TIS_TIMEOUT_D
+             TIS_TIMEOUT_A
              );
   return Status;

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf

-              r48674
+              r58459
 ## @file
 #  TpmCommLib instance implements basis TPM Interface Specification (TIS) and TPM command functions.
+#  Provides some common functions for the TCG feature
+#
+# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+#  This instance provides basic TPM Interface Specification (TIS) functions
+#  and TPM hashall function.
+#
+# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 …
   INF_VERSION                    = 0x00010005
   BASE_NAME                      = TpmCommLib
+  MODULE_UNI_FILE                = TpmCommLib.uni
   FILE_GUID                      = 7d9fe32e-a6a9-4cdf-abff-10cc7f22e1c9
   MODULE_TYPE                    = PEIM

Changeset 58459 in vbox for trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library

Legend:

trunk/src/VBox/Devices/EFI/Firmware

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TisPc.c

trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf

Download in other formats: