Judah, My comments below
> -----Original Message----- > From: Vang, Judah <judah.v...@intel.com> > Sent: Saturday, April 30, 2022 2:04 AM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; > Mistry, Nishant C <nishant.c.mis...@intel.com> > Subject: [Patch v2 14/28] SecurityPkg: Add null encryption variable libs > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 > > Provide null ecryption variable libraries. > These will be used by default for platforms that don't > support protected variable encryption. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Nishant C Mistry <nishant.c.mis...@intel.com> > Signed-off-by: Jian J Wang <jian.j.w...@intel.com> > Signed-off-by: Nishant C Mistry <nishant.c.mis...@intel.com> > Signed-off-by: Judah Vang <judah.v...@intel.com> > --- > SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf | > 38 +++++++ > SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c > | 107 > ++++++++++++++++++++ > SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni | > 16 +++ > 3 files changed, 161 insertions(+) > > diff --git > a/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf > b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf > new file mode 100644 > index 000000000000..ff5631b336eb > --- /dev/null > +++ > b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.inf > @@ -0,0 +1,38 @@ > +## @file > +# Provides NULL version of encryption variable services. > +# > +# Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.<BR> > +# > +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION = 0x00010005 > + BASE_NAME = EncryptionVariableLibNull > + MODULE_UNI_FILE = EncryptionVariableLib.uni > + FILE_GUID = 3972E6FE-74D5-45C3-A9FB-DB9E5E5C9C17 > + MODULE_TYPE = BASE > + VERSION_STRING = 1.0 > + LIBRARY_CLASS = EncryptionVariableLib > + > +# > +# The following information is for reference only and not required by the > build > tools. > +# > +# VALID_ARCHITECTURES = IA32 X64 > +# > + > +[Sources] > + EncryptionVariable.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + SecurityPkg/SecurityPkg.dec > + > +[LibraryClasses] > + BaseLib > + DebugLib > + > +[Guids] [JianJW] No GUID consumed here. Suggest removing this section. > + > diff --git > a/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c > b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c > new file mode 100644 > index 000000000000..58a4ae9f4282 > --- /dev/null > +++ b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c > @@ -0,0 +1,107 @@ > +/** @file > + The common variable operation routines shared by DXE_RUNTIME variable > + module and DXE_SMM variable module. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - variable data. They may be input in > SMM > mode. > + This external input must be validated carefully to avoid security issue > like > + buffer overflow, integer overflow. > + > + VariableServiceGetNextVariableName () and > VariableServiceQueryVariableInfo() are external API. > + They need check input parameter. > + > + VariableServiceGetVariable() and VariableServiceSetVariable() are external > API > + to receive datasize and data buffer. The size should be checked carefully. > + > + VariableServiceSetVariable() should also check authenticate data to avoid > buffer overflow, > + integer overflow. It should also check attribute to avoid authentication > bypass. > + [JianJW] The file header comment seems irrelevant. > +Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.<BR> > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include <Uefi.h> > + > +#include <Library/EncryptionVariableLib.h> > +#include <Library/DebugLib.h> > + > +/** > + Encrypt variable data. > + > + Null version. > + > + @param[in, out] VarEncInfo Pointer to structure containing detailed > + information about a variable. > + > + @retval EFI_UNSUPPORTED Unsupported to encrypt variable. > + > +**/ > +EFI_STATUS > +EFIAPI > +EncryptVariable ( > + IN OUT VARIABLE_ENCRYPTION_INFO *VarEncInfo > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + Decrypt variable data. > + > + Null version. > + > + @param[in, out] VarEncInfo Pointer to structure containing detailed > + information about a variable. > + > + @retval EFI_UNSUPPORTED Unsupported to encrypt variable. > + > +**/ > +EFI_STATUS > +EFIAPI > +DecryptVariable ( > + IN OUT VARIABLE_ENCRYPTION_INFO *VarEncInfo > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + Get cipher information. > + > + Null version. > + > + @param[in] VarEncInfo Pointer to structure containing detailed > + information about a variable. > + > + @retval EFI_UNSUPPORTED Unsupported interface. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetCipherDataInfo ( > + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo > + ) > +{ > + return EFI_UNSUPPORTED; > +} > + > +/** > + Set cipher information for a variable. > + > + Null version. > + > + @param[in] VarEncInfo Pointer to structure containing detailed > + information about a variable. > + > + @retval EFI_UNSUPPORTED If this method is not supported. > + > +**/ > +EFI_STATUS > +EFIAPI > +SetCipherDataInfo ( > + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo > + ) > +{ > + return EFI_UNSUPPORTED; > +} > diff --git > a/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni > b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni > new file mode 100644 > index 000000000000..856fa201b8df > --- /dev/null > +++ > b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.uni > @@ -0,0 +1,16 @@ > +// /** @file > +// Provides authenticated variable services. > +// > +// Provides authenticated variable services. > +// [JianJW] The file header is irrelevant. Regards, Jian > +// Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.<BR> > +// > +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Provides > authenticated variable services" > + > +#string STR_MODULE_DESCRIPTION #language en-US "Provides > authenticated variable services." > + > -- > 2.35.1.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89937): https://edk2.groups.io/g/devel/message/89937 Mute This Topic: https://groups.io/mt/90781898/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-