UserAuthenticationDxeSmm: Convert to pure DXE driver

Remove SMM dependency as we can't use it with coreboot Signed-off-by: Michał Kopeć <[email protected]>
Dasharo · Oct 28, 2022 · 9a69842 · 9a69842
1 parent ccb0983
commit 9a69842
Show file tree

Hide file tree

Showing 29 changed files with 542 additions and 2,832 deletions.
diff --git a/DasharoModuleComponents.dsc.inc b/DasharoModuleComponents.dsc.inc
@@ -10,3 +10,4 @@
 ##
 
   DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf
+  DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf
diff --git a/DasharoModulePkg.dec b/DasharoModulePkg.dec
@@ -16,14 +16,29 @@
   PACKAGE_UNI_FILE               = DasharoModuleComponents.uni
 
 [Includes]
+  Include
+
+[LibraryClasses]
+  ##  @libraryclass  Provides a platform-specific method to return the password policy.
+  PlatformPasswordLib|Include/Library/PlatformPasswordLib.h
 
 [Guids]
   gDasharoSystemFeaturesFormsetGuid = { 0xd15b327e, 0xff2d, 0x4fc1, {0xab, 0xf6, 0xc1, 0x2b, 0xd0, 0x8c, 0x13, 0x59 } }
   gDasharoSystemFeaturesTokenSpaceGuid = {0xc7d52e10, 0xadec, 0x4d49, { 0x9e, 0xc5, 0xb8, 0xcf, 0xcd, 0x4b, 0x9d, 0xb9 }}
+  gUserAuthFeaturePkgTokenSpaceGuid  =  {0xa2793a6e, 0x6af1, 0x45c4, {0x88, 0x4d, 0x3d, 0x0c, 0x7a, 0xfe, 0x91, 0xc6}}
+  ## Include Include/Guid/UserAuthentication.h
+  gUserAuthenticationGuid = { 0xee24a7f7, 0x606b, 0x4724, { 0xb3, 0xc9, 0xf5, 0xae, 0x4a, 0x3b, 0x81, 0x65}}
 
 [Ppis]
 
 [Protocols]
 
 [PcdsFixedAtBuild]
 gDasharoSystemFeaturesTokenSpaceGuid.PcdShowMenu|FALSE|BOOLEAN|0x00000001
+
+[PcdsFixedAtBuild,PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx]
+  ## Indicate whether the password is cleared.
+  # When it is configured to Dynamic or DynamicEx, it can be set through detection using
+  # a platform-specific method (e.g. Board Jumper set) in a actual platform in early boot phase.<BR><BR>
+  # @Prompt The password clear status
+  gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared|FALSE|BOOLEAN|0xF0000001
diff --git a/DasharoModulePkg.dsc b/DasharoModulePkg.dsc
@@ -23,4 +23,7 @@
   !include DasharoModulePkg/DasharoModuleComponents.dsc.inc
 
 [BuildOptions]
-  *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
+  *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES -Wno-error
+
+[Packages]
+  !include DasharoModulePkg/Include/UserAuthFeature.dsc
diff --git a/Include/Guid/UserAuthentication.h b/Include/Guid/UserAuthentication.h
@@ -12,34 +12,42 @@
 #define PASSWORD_MIN_SIZE    9  // MIN number of chars of password, including NULL.
 #define PASSWORD_MAX_SIZE    33 // MAX number of chars of password, including NULL.
 
-#define USER_AUTHENTICATION_GUID \
-  { 0xf06e3ea7, 0x611c, 0x4b6b, { 0xb4, 0x10, 0xc2, 0xbf, 0x94, 0x3f, 0x38, 0xf2 } }
+#define PASSWORD_SALT_SIZE   32
+#define PASSWORD_HASH_SIZE   32 // SHA256_DIGEST_SIZE
 
-extern EFI_GUID gUserAuthenticationGuid;
+#define PASSWORD_MAX_TRY_COUNT  3
+#define PASSWORD_HISTORY_CHECK_COUNT  5
+
+//
+// Name of the variable
+//
+#define USER_AUTHENTICATION_VAR_NAME L"Password"
+#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME L"PasswordLast"
 
+//
+// Variable storage
+//
 typedef struct {
-  UINTN       Function;
-  EFI_STATUS  ReturnStatus;
-} SMM_PASSWORD_COMMUNICATE_HEADER;
+  UINT8        PasswordHash[PASSWORD_HASH_SIZE];
+  UINT8        PasswordSalt[PASSWORD_SALT_SIZE];
+} USER_PASSWORD_VAR_STRUCT;
 
-#define SMM_PASSWORD_FUNCTION_IS_PASSWORD_SET       1
-#define SMM_PASSWORD_FUNCTION_SET_PASSWORD          2
-#define SMM_PASSWORD_FUNCTION_VERIFY_PASSWORD       3
-#define SMM_PASSWORD_FUNCTION_SET_VERIFY_POLICY     4
-#define SMM_PASSWORD_FUNCTION_GET_VERIFY_POLICY     5
-#define SMM_PASSWORD_FUNCTION_WAS_PASSWORD_VERIFIED 6
+#define USER_AUTHENTICATION_GUID \
+  { 0xf06e3ea7, 0x611c, 0x4b6b, { 0xb4, 0x10, 0xc2, 0xbf, 0x94, 0x3f, 0x38, 0xf2 } }
+
+extern EFI_GUID gUserAuthenticationGuid;
 
 typedef struct {
   CHAR8                                 NewPassword[PASSWORD_MAX_SIZE];
   CHAR8                                 OldPassword[PASSWORD_MAX_SIZE];
-} SMM_PASSWORD_COMMUNICATE_SET_PASSWORD;
+} PASSWORD_COMMUNICATE_SET_PASSWORD;
 
 typedef struct {
   CHAR8                                 Password[PASSWORD_MAX_SIZE];
-} SMM_PASSWORD_COMMUNICATE_VERIFY_PASSWORD;
+} PASSWORD_COMMUNICATE_VERIFY_PASSWORD;
 
 typedef struct {
   BOOLEAN                               NeedReVerify;
-} SMM_PASSWORD_COMMUNICATE_VERIFY_POLICY;
+} PASSWORD_COMMUNICATE_VERIFY_POLICY;
 
 #endif
diff --git a/Include/Library/UserPasswordLib.h b/Include/Library/UserPasswordLib.h
diff --git a/Include/Library/UserPasswordUiLib.h b/Include/Library/UserPasswordUiLib.h
diff --git a/Include/PostMemory.fdf b/Include/PostMemory.fdf
@@ -8,5 +8,3 @@
 ##
 
 INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf
-INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf
-INF UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
diff --git a/Include/UserAuthFeature.dsc b/Include/UserAuthFeature.dsc
@@ -12,30 +12,16 @@
 #
 ##
 
-################################################################################
-#
-# Defines Section - statements that will be processed to create a Makefile.
-#
-################################################################################
-[Defines]
-  !ifndef $(PEI_ARCH)
-    !error "PEI_ARCH must be specified to build this feature!"
-  !endif
-  !ifndef $(DXE_ARCH)
-    !error "DXE_ARCH must be specified to build this feature!"
-  !endif
-
 ################################################################################
 #
 # Library Class section - list of all Library Classes needed by this feature.
 #
 ################################################################################
 
-!include MdePkg/MdeLibs.dsc.inc
+#!include MdePkg/MdeLibs.dsc.inc
 
 [LibraryClasses]
-  PlatformPasswordLib|UserAuthFeaturePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
-  UserPasswordLib|UserAuthFeaturePkg/Library/UserPasswordLib/UserPasswordLib.inf
+  PlatformPasswordLib|DasharoModulePkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
 
 ###################################################################################################
 #
@@ -59,19 +45,9 @@
 #
 # Feature DXE Components
 #
-
-# @todo: Change below line to [Components.$(DXE_ARCH)] after https://bugzilla.tianocore.org/show_bug.cgi?id=2308
-#        is completed.
 [Components.X64]
   #####################################
   # User Authentication Feature Package
   #####################################
-
-  # Add library instances here that are not included in package components and should be tested
-  # in the package build.
-  UserAuthFeaturePkg/Library/UserPasswordUiLib/UserPasswordUiLib.inf
-
   # Add components here that should be included in the package build.
-  UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf
-  UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf
-  UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
+  DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf
diff --git a/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c
@@ -11,7 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause
 
 STATIC EFI_GUID mDasharoSystemFeaturesGuid = DASHARO_SYSTEM_FEATURES_FORMSET_GUID;
 STATIC CHAR16 mVarStoreName[] = L"FeaturesData";
-STATIC CHAR16 mLockBitsEfiVar[] = L"LockBios";
+STATIC CHAR16 mLockBiosEfiVar[] = L"LockBios";
 STATIC BOOLEAN mLockBiosDefault = TRUE;
 
 STATIC DASHARO_SYSTEM_FEATURES_PRIVATE_DATA  mDasharoSystemFeaturesPrivate = {
@@ -94,7 +94,7 @@ DasharoSystemFeaturesUiLibConstructor (
 
   BufferSize = sizeof (mDasharoSystemFeaturesPrivate.DasharoFeaturesData.LockBios);
   Status = gRT->GetVariable (
-      mLockBitsEfiVar,
+      mLockBiosEfiVar,
       &mDasharoSystemFeaturesGuid,
       NULL,
       &BufferSize,
@@ -103,7 +103,7 @@ DasharoSystemFeaturesUiLibConstructor (
 
   if (Status == EFI_NOT_FOUND) {
     Status = gRT->SetVariable (
-        mLockBitsEfiVar,
+        mLockBiosEfiVar,
         &mDasharoSystemFeaturesGuid,
         EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
         sizeof (mLockBiosDefault),
@@ -304,7 +304,7 @@ DasharoSystemFeaturesRouteConfig (
 
   if (Private->DasharoFeaturesData.LockBios != DasharoFeaturesData.LockBios) {
     Status = gRT->SetVariable (
-        mLockBitsEfiVar,
+        mLockBiosEfiVar,
         &mDasharoSystemFeaturesGuid,
         EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
         sizeof (DasharoFeaturesData.LockBios),

diff --git a/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf b/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
@@ -18,7 +18,7 @@
   FILE_GUID                      = 27417BCA-0CCD-4089-9711-AD069A33C555
   MODULE_TYPE                    = DXE_DRIVER
   VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER UEFI_APPLICATION
+  LIBRARY_CLASS                  = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_DRIVER UEFI_APPLICATION
   CONSTRUCTOR                    = PlatformPasswordLibNullConstructor
 
 #
@@ -32,7 +32,7 @@
 
 [Packages]
   MdePkg/MdePkg.dec
-  UserAuthFeaturePkg/UserAuthFeaturePkg.dec
+  DasharoModulePkg/DasharoModulePkg.dec
 
 [Pcd]
   gUserAuthFeaturePkgTokenSpaceGuid.PcdPasswordCleared    ## CONSUMES
Original file line number	Diff line number	Diff line change
Expand Up		@@ -10,3 +10,4 @@
		##

		DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeaturesUiLib.inf
		DasharoModulePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf