From: James Bottomley <[email protected]> Allow registering a verifier which is then called for each blob passed via QEMU's fw_cfg.
Cc: Laszlo Ersek <[email protected]> Cc: Ard Biesheuvel <[email protected]> Cc: Jordan Justen <[email protected]> Cc: Ashish Kalra <[email protected]> Cc: Brijesh Singh <[email protected]> Cc: Erdem Aktas <[email protected]> Cc: James Bottomley <[email protected]> Cc: Jiewen Yao <[email protected]> Cc: Min Xu <[email protected]> Cc: Tom Lendacky <[email protected]> Signed-off-by: James Bottomley <[email protected]> --- OvmfPkg/Include/Library/QemuFwCfgLib.h | 35 ++++++++++++++++++++ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 31 +++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/OvmfPkg/Include/Library/QemuFwCfgLib.h b/OvmfPkg/Include/Library/QemuFwCfgLib.h index 68002bb654e6..1095efad5878 100644 --- a/OvmfPkg/Include/Library/QemuFwCfgLib.h +++ b/OvmfPkg/Include/Library/QemuFwCfgLib.h @@ -173,5 +173,40 @@ QemuFwCfgFindFile ( OUT UINTN *Size ); +/** + The verifier is used to abstract a hash verification operation when + A firmware config item is accessed via a filesystem and has some type + of integrity information passed in. + + @param[in] Name The name of the config file to verify. + @param[in] Buffer A pointer to the loaded config information. + @param[in] Size The size of the buffer. + + @retval EFI_SUCCESS The buffer verified OK. + + @retval EFI_ACCESS_DENIED The buffer failed the integrity check. + +**/ +typedef +RETURN_STATUS +(EFIAPI *FW_CFG_VERIFIER) ( + IN CONST CHAR16 *Name, + IN VOID *Buffer, + IN UINTN Size + ); + +/** + Register a verifier for the Firmware Configuration Filesystem to use + + @param[in] Verifier The verifier to register + + @retval EFI_SUCCESS The verifier was successfully registered +**/ +RETURN_STATUS +EFIAPI +RegisterFwCfgVerifier ( + IN FW_CFG_VERIFIER Verifier + ); + #endif diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c index b09ff6a3590d..9823d23d1005 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c @@ -982,6 +982,27 @@ FetchBlob ( return EFI_SUCCESS; } +STATIC FW_CFG_VERIFIER mVerifier = NULL; + +/** + Register a verifier for the Firmware Configuration Filesystem to use + + @param[in] Verifier The verifier to register + + @retval EFI_SUCCESS The verifier was successfully registered +**/ +EFI_STATUS +EFIAPI +RegisterFwCfgVerifier ( + IN FW_CFG_VERIFIER Verifier + ) +{ + if (mVerifier != NULL) { + return EFI_OUT_OF_RESOURCES; + } + mVerifier = Verifier; + return EFI_SUCCESS; +} // // The entry point of the feature. @@ -1033,6 +1054,16 @@ QemuKernelLoaderFsDxeEntrypoint ( if (EFI_ERROR (Status)) { goto FreeBlobs; } + if (mVerifier != NULL) { + Status = mVerifier ( + CurrentBlob->Name, + CurrentBlob->Data, + CurrentBlob->Size + ); + if (EFI_ERROR (Status)) { + goto FreeBlobs; + } + } mTotalBlobBytes += CurrentBlob->Size; } KernelBlob = &mKernelBlob[KernelBlobTypeKernel]; -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#75571): https://edk2.groups.io/g/devel/message/75571 Mute This Topic: https://groups.io/mt/83074455/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
