From: Abhi Singh <abhi.si...@arm.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4410
REPO:
https://github.com/tianocore/edk2/commit/7c9e1303fce5d49f8b597b4afd99ed855faaffaa
Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function
contains a scenario to prevent a possible dictionary attack on the MorLock
Key in accordance with the TCG Platform Reset Mitigation Spec v1.10.
The mechanism to prevent this attack must also change the MorLock Variable
Value to 0x01 to indicate Locked Without Key.
ASSERT_EFI_ERROR is added for error visibility since SetMorLockVariable
returns a status code
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Signed-off-by: Abhi Singh <abhi.si...@arm.com>
Acked-by: Michael Kubacki <michael.kuba...@microsoft.com>
---
Notes:
v2:
- capturing return status of SetMorLockVariable
with ASSERT_EFI_ERROR for visibility [Michael]
MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index da1105ff07..28e8cc55d9 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -312,6 +312,11 @@ SetVariableCheckHandlerMorLock (
mMorLockState = MorLockStateLocked;
mMorLockKeyEmpty = TRUE;
ZeroMem (mMorLockKey, sizeof (mMorLockKey));
+ //
+ // Update value to reflect locked without key
+ //
+ Status = SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY);
+ ASSERT_EFI_ERROR (Status);
return EFI_ACCESS_DENIED;
}
}
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106027): https://edk2.groups.io/g/devel/message/106027
Mute This Topic: https://groups.io/mt/99493783/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
