core_updt_boa.c

Next BIOS Source code : Extensible Firmware Interface

/*

Copyright (c)  1999 - 2002 Intel Corporation. All rights reserved
This software and associated documentation (if any) is furnished
under a license and may only be used or copied in accordance
with the terms of the license. Except as permitted by such
license, no part of this software or documentation may be
reproduced, stored in a retrieval system, or transmitted in any
form or by any means without the express written consent of
Intel Corporation.

*/


//************************************************************************************************//
// core_updt_BOA.c
//
// Description:
//
//  Contains the core logic of the "Update Boot Object Authorization"
//  function implemented in terms of PSD CSSM cryptography services.
//
//  Called by BIS_UpdateBootObjectAuthorization( ... ) after coarse
//  grained parm checking is complete.
//
/*Placeholder_for_source_control_strings*/
//************************************************************************************************//

#include <bis_priv.h>



BIS_STATUS
areTokensEqual( BIS_DATA_PTR       calculatedToken
                , CSSM_DATA_PTR    tokenFromUpdateManifest);

#if (1)
#define UBOATRACE(s)
#else
#define UBOATRACE(s){if (BIS_FLAG(TRACEFLAGS,TRACE_UBOA)){PUT_S(s);}}
#endif


BIS_STATUS
Core_UpdtBOA(
     BIS_APPINFO_PTR  appInfo
    ,APP_CSSMINFO_PTR cssmInfo
    ,BIS_UBOA_PARMS   *parmBlock )
{
    BIS_DATA        RequestCredential= parmBlock->requestCredential;

    CSSM_STRING     updateTokenName= UPDATETOKEN_ATTR_NAME;
    CSSM_DATA       updateTokenValue; //token from update manifest.


    //Data Structure Used to attach zero length external data to manifest.
    char                  dummyData=0;
    CSSM_VL_DO_LMAP_ENTRY dummyMapEntry=
    {
        {0,0,0,{0,0,0,0,0,0,0,0}},
        UPDATE_PARMS_SECTION_NAME,
        {CSSM_VL_MEDIA_TYPE_MEMORY, {0,0}}
    };

    CSSM_VL_DO_LMAP       dummyExternalData;

    CSSM_STRING     parmID_Name=     PARMID_ATTR_NAME;
    CSSM_DATA       parmID_Value;

    CSSM_STRING     parmValue_Name=  PARMVALUE_ATTR_NAME;
    CSSM_DATA       parmValue_Value;

    UINT32          updateField;        //which platform parm is to be updated...
    UINT32          updateCounter;      //used to increment platform update
    CSSM_DATA       updateCounterLV;    // counter.

    BIS_STATUS      brc;
    BIS_SM          smInfo;
    BIS_BOOLEAN     freeSmInfo= BIS_FALSE;

    BIS_GBOAC_PARMS  gboacParms;
    BIS_GBOAUT_PARMS gboautParms;
    CSSM_DATA       authorityCertificate;   //cssm format
    BIS_BOOLEAN     platSpecificSecurityCheckPassed;

    CSSM_VL_VERIFICATION_HANDLE hVeri;

    // Prepare for early error-exit cleanup.
    freeSmInfo             = BIS_FALSE;
    gboacParms.certificate = BIS_NULL;

    dummyExternalData.NumberOfMapEntries = 1;
    dummyExternalData.MapEntries = &dummyMapEntry;

    //
    // BUGBUG - remove warning 4 - init'd to zero
    //
    updateField = 0;
    parmValue_Value.Length = 0;

    // *** Prepare for manifest verification:
    UBOATRACE("UBOA40 ");

    brc= PrepareSignedManifestHandle(
        cssmInfo                    //Struct filled in by PSD_Initialize.
        ,&RequestCredential         //SM being prepared.
        ,&smInfo                    //SMINFO tobe filled in.
        ,UPDATE_MANIFEST_SIGINFO_NAME  //Name of signer information.
        );
    if ( brc != BIS_OK ) {
        goto ERROR_EXIT;
    }
    freeSmInfo= BIS_TRUE;



    // *** Retrieve source of authority
    UBOATRACE("UBOA50 ");
    gboacParms.sizeOfStruct= sizeof(gboacParms);
    gboacParms.appHandle=    parmBlock->appHandle;
    gboacParms.certificate=  BIS_NULL;

    brc= BIS_GetBootObjectAuthorizationCertificate( &gboacParms );

    #if (COMPILE_SELFTEST_CODE == 1)
    // Conditional code to skip authority check for test purposes
    if (BIS_FLAG(BEHAVFLAGS,BEHAV_ALLOW_ANY_UPDATE)) {
        // simulate having no configured authority certificate
        brc = BIS_BOA_CERT_NOTFOUND;
    }
    #endif // COMPILE_SELFTEST_CODE

    //Handle errors
    if (brc != BIS_OK && brc != BIS_BOA_CERT_NOTFOUND)
    {
        goto ERROR_EXIT;
    }

    //Boot Object Auth Cert was retrieved, cast into CSSM format.
    if ( brc == BIS_OK )
    {
        UBOATRACE("UBOA60 ");
        authorityCertificate.Data=   gboacParms.certificate->data;
        authorityCertificate.Length= gboacParms.certificate->length;
    }

    //No Boot Object Authorization Certificate is configured,
    //Perform Platform specific security check and use manifest
    //signer certificate as authority_cert.
    else // (brc == BIS_BOA_CERT_NOTFOUND)
    {
        BIS_DATA  temp_signer;

        UBOATRACE("UBOA60 ");

        //Use the Signer Certificate of the input manifest
        //as the authority certificate.
        UBOATRACE("UBOA70 ");
        brc= GetSignerOfManifest( cssmInfo, &smInfo );
        if (brc!=BIS_OK){
            goto ERROR_EXIT;
        }

        //Make stack variable contain cert data info.
        authorityCertificate.Data =
            smInfo.sigInfo->SignerCertGroup->CertList->Data;
        authorityCertificate.Length =
            smInfo.sigInfo->SignerCertGroup->CertList->Length;
        temp_signer.data   = authorityCertificate.Data;
        temp_signer.length = authorityCertificate.Length;

        #if (COMPILE_SELFTEST_CODE == 1)
        // Conditional code to skip authority check for test purposes
        if (BIS_FLAG(BEHAVFLAGS,BEHAV_ALLOW_ANY_UPDATE)) {
            platSpecificSecurityCheckPassed = BIS_TRUE;
        }
        else {
        #endif  // COMPILE_SELFTEST_CODE

        // Perform   external   authorization   check,   passing  the  signer's
        // certificate.
        brc = CallAuthorization(
            BISOP_UpdateBootObjectAuthorization,  // opCode
            & RequestCredential,                  // credentials
            & temp_signer,                        // credentialsSigner
            NULL,                                 // dataObject
            0,                                    // reserved
            & platSpecificSecurityCheckPassed     // isAuthorized
            );
        if (BIS_OK != brc) {
            brc = BIS_SECURITY_FAILURE;
            goto ERROR_EXIT;
        }


        #if (COMPILE_SELFTEST_CODE == 1)
        } // if flags is "allow" else
        #endif  // COMPILE_SELFTEST_CODE

        //Bail out if security check failed.
        if ( !platSpecificSecurityCheckPassed )
        {
            brc= BIS_SECURITY_FAILURE;
            goto ERROR_EXIT;
        }
    } // else BIS_BOA_CERT_NOTFOUND

    //Replace dummy zero-length external data in manifest with
    //memory reference.
    UBOATRACE("UBOA80 ");
    dummyMapEntry.MapEntry.Location.MemoryRef.Data= &dummyData;
    dummyMapEntry.VoBundleIdentifier= *smInfo.bundleUid;
    brc= CSSM_VL_SetDoLMapEntries(
            cssmInfo->hVL,
            smInfo.hVerifiableObj,
            &dummyExternalData);
    if ( brc != CSSM_OK)
    {
        brc= BIS_SECURITY_FAILURE;
        goto ERROR_EXIT;
    }


    // ***Combined integrity and authorization check of the input signed manifest
    // and the signer certificate.
    UBOATRACE("UBOA90 ");
    hVeri= CSSM_VL_VerifyRootCredentialsDataAndContainment(
        cssmInfo->hVL,              // Verification Lib handle
        smInfo.hVerifiableObj,      // Signed manifest handle.
        &authorityCertificate,      // BOA Cert or SM Cert
        0, NULL,                    //Default CSP.
        0, NULL);                   //Not checking pointers into data objects.
    if ( hVeri == CSSM_INVALID_HANDLE)
    {
        saveCssmErr( cssmInfo );    //save actual fail code.
        brc= BIS_SECURITY_FAILURE;
        goto ERROR_EXIT;
    }


    // *** Check the "ParameterSet" section in the signed Manifest. ***
    // It should contain a specific guid value.
    UBOATRACE("UBOA100 ");
    if ( !CheckParmsetValue(cssmInfo, &smInfo ) )
    {
        brc= BIS_SECURITY_FAILURE;
        goto ERROR_EXIT;
    }


    // *** Replay check ***
    // Check the signed manifest update token against, the
    // platforms value for it.
    // Get the "ParameterSetToken" value from the manifest.
    UBOATRACE("UBOA110 ");
    brc= GetDataObjectByName(cssmInfo
            ,&smInfo                    //SM to obtain token from.
            ,updateTokenName          //ObjName
            ,&updateTokenValue        //ObjValue [OUT]
            ,BIS_TRUE );                //do base 64 decode.

    if (brc!=BIS_OK){
        brc= BIS_SECURITY_FAILURE;
        goto ERROR_EXIT;
    }

    // Get platform update token.
    UBOATRACE("UBOA120 ");
    gboautParms.sizeOfStruct= sizeof(gboautParms);
    gboautParms.appHandle=    parmBlock->appHandle;
    gboautParms.updateToken=  BIS_NULL;
    brc= BIS_GetBootObjectAuthorizationUpdateToken( &gboautParms );
    if (brc!=BIS_OK){
        MEM_free( cssmInfo->appInfo, updateTokenValue.Data);
        goto ERROR_EXIT;
    }

    // Compare platform update token value against UpdateToken value
    // in signed manifest.
    UBOATRACE("UBOA130 ");
    brc= areTokensEqual( gboautParms.updateToken, &updateTokenValue );

    #if (COMPILE_SELFTEST_CODE == 1)
    // Conditional code to skip token check for test purposes
    if (BIS_FLAG(BEHAVFLAGS,BEHAV_ALLOW_ANY_UPDATE)) {
        brc = BIS_OK;
    }
    #endif

    // Free resources no longer needed.
    MEM_free( cssmInfo->appInfo, updateTokenValue.Data);
    MEM_free( cssmInfo->appInfo, gboautParms.updateToken );

    // Bail if tokens are not equal.
    if ( brc != BIS_OK)
    {
        brc= BIS_SECURITY_FAILURE;
        goto ERROR_EXIT;
    }



    // *** Update Platform Parameter***
    //Get the Name of the Platform parameter that is be be updated.
    // Eg. retrive the value of the parm named: "ParameterId" .
    // It should be  "BootObjectAuthorizationCertificate" or
    // "BootAuthorizationCheckFlag"

    UBOATRACE("UBOA140 ");
    brc= GetDataObjectByName(cssmInfo
            ,&smInfo                    //SM to obtain ParmId from.
            ,parmID_Name              //ObjName
            ,&parmID_Value            //ObjValue [OUT]
            ,BIS_TRUE );                //base 64 decode.