Skip to content

Commit

Permalink
MdeModulePkg/Variable: TcgMorLockSmm Key Mismatch changes lock state
Browse files Browse the repository at this point in the history 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4410

Inside TcgMorLockSmm.c, the SetVariableCheckHandlerMorLock() function
contains a scenario to prevent a possible dictionary attack on the MorLock
Key in accordance with the TCG Platform Reset Mitigation Spec v1.10.

The mechanism to prevent this attack must also change the MorLock Variable
Value to 0x01 to indicate Locked Without Key.

ASSERT_EFI_ERROR is added for error visibility since SetMorLockVariable
returns a status code

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Abhi Singh <Abhi.Singh@arm.com>

Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
  • Loading branch information
@aabhi64 @mergify
aabhi64 authored and mergify[bot] committed Jul 10, 2023
1 parent 96d6911 commit 63923a5
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,11 @@ SetVariableCheckHandlerMorLock (
mMorLockState = MorLockStateLocked;
mMorLockKeyEmpty = TRUE;
ZeroMem (mMorLockKey, sizeof (mMorLockKey));
//
// Update value to reflect locked without key
//
Status = SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY);
ASSERT_EFI_ERROR (Status);
return EFI_ACCESS_DENIED;
}
}
Expand Down

0 comments on commit 63923a5

Please sign in to comment.