blob: 0d9d00c281f6627ecb03cd181dd6ce1a7bc14f79 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
/** @file
This file includes the function prototypes for the sanitization functions.
These are those functions:
DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content
read is within the image buffer.
TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its
data structure within this image buffer before use.
TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse
partition data carefully.
Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef DXE_TPM_MEASURE_BOOT_LIB_VALIDATION_
#define DXE_TPM_MEASURE_BOOT_LIB_VALIDATION_
#include <Uefi.h>
#include <Uefi/UefiSpec.h>
#include <Protocol/BlockIo.h>
#include <IndustryStandard/UefiTcgPlatform.h>
/**
This function will validate the EFI_PARTITION_TABLE_HEADER structure is safe to parse
However this function will not attempt to verify the validity of the GPT partition
It will check the following:
- Signature
- Revision
- AlternateLBA
- FirstUsableLBA
- LastUsableLBA
- PartitionEntryLBA
- NumberOfPartitionEntries
- SizeOfPartitionEntry
- BlockIo
@param[in] PrimaryHeader
Pointer to the EFI_PARTITION_TABLE_HEADER structure.
@param[in] BlockIo
Pointer to the EFI_BLOCK_IO_PROTOCOL structure.
@retval EFI_SUCCESS
The EFI_PARTITION_TABLE_HEADER structure is valid.
@retval EFI_INVALID_PARAMETER
The EFI_PARTITION_TABLE_HEADER structure is invalid.
**/
EFI_STATUS
EFIAPI
SanitizeEfiPartitionTableHeader (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
IN CONST EFI_BLOCK_IO_PROTOCOL *BlockIo
);
/**
This function will validate that the allocation size from the primary header is sane
It will check the following:
- AllocationSize does not overflow
@param[in] PrimaryHeader
Pointer to the EFI_PARTITION_TABLE_HEADER structure.
@param[out] AllocationSize
Pointer to the allocation size.
@retval EFI_SUCCESS
The allocation size is valid.
@retval EFI_OUT_OF_RESOURCES
The allocation size is invalid.
**/
EFI_STATUS
EFIAPI
SanitizePrimaryHeaderAllocationSize (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
OUT UINT32 *AllocationSize
);
/**
This function will validate that the Gpt Event Size calculated from the primary header is sane
It will check the following:
- EventSize does not overflow
Important: This function includes the entire length of the allocated space, including the
TCG_PCR_EVENT_HDR. When hashing the buffer allocated with this size, the caller must subtract
the size of the TCG_PCR_EVENT_HDR from the size of the buffer before hashing.
@param[in] PrimaryHeader - Pointer to the EFI_PARTITION_TABLE_HEADER structure.
@param[in] NumberOfPartition - Number of partitions.
@param[out] EventSize - Pointer to the event size.
@retval EFI_SUCCESS
The event size is valid.
@retval EFI_OUT_OF_RESOURCES
Overflow would have occurred.
@retval EFI_INVALID_PARAMETER
One of the passed parameters was invalid.
**/
EFI_STATUS
SanitizePrimaryHeaderGptEventSize (
IN CONST EFI_PARTITION_TABLE_HEADER *PrimaryHeader,
IN UINTN NumberOfPartition,
OUT UINT32 *EventSize
);
#endif // DXE_TPM_MEASURE_BOOT_LIB_VALIDATION_
|
