tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: Clean up source files 

1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Liming Gao 2018-06-27 21:13:09 +08:00
parent 5a702acd3d
commit b3548d32dd
224 changed files with 3246 additions and 3246 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SecurityPkg/Hash2DxeCrypto/Driver.c
View File

@ -1,7 +1,7 @@
/** @file
This is service binding for Hash driver.
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
@ -239,4 +239,4 @@ Hash2DriverEntryPoint (
}
return Status;
}
}

4
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
View File

@ -2,7 +2,7 @@
This module implements Hash2 Protocol.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
@ -374,7 +374,7 @@ BaseCrypto2Hash (
if (HashInfo == NULL) {
return EFI_UNSUPPORTED;
}
Instance = HASH2_INSTANCE_DATA_FROM_THIS(This);
if (Instance->HashContext != NULL) {
FreePool (Instance->HashContext);

4
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
View File

@ -4,7 +4,7 @@
# This module will use EDKII crypto libary to HASH2 protocol.
#
# (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -61,4 +61,4 @@
gEfiHash2ServiceBindingProtocolGuid ## PRODUCES
[UserExtensions.TianoCore."ExtraFiles"]
Hash2DxeCryptoExtra.uni
Hash2DxeCryptoExtra.uni

14
SecurityPkg/Include/Guid/MeasuredFvHob.h
View File

@ -1,14 +1,14 @@
/** @file
Defines the HOB GUID used to pass all PEI measured FV info to
Defines the HOB GUID used to pass all PEI measured FV info to
DXE Driver.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

16
SecurityPkg/Include/Guid/PhysicalPresenceData.h
View File

@ -1,16 +1,16 @@
/** @file
Define the variable data structures used for TCG physical presence.
The TPM request from firmware or OS is saved to variable. And it is
cleared after it is processed in the next boot cycle. The TPM response
cleared after it is processed in the next boot cycle. The TPM response
is saved to variable.
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -38,7 +38,7 @@ typedef struct {
#define PHYSICAL_PRESENCE_ENABLE 1
#define PHYSICAL_PRESENCE_DISABLE 2
#define PHYSICAL_PRESENCE_ACTIVATE 3
#define PHYSICAL_PRESENCE_DEACTIVATE 4
#define PHYSICAL_PRESENCE_DEACTIVATE 4
#define PHYSICAL_PRESENCE_CLEAR 5
#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6
#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7
@ -60,7 +60,7 @@ typedef struct {
//
// This variable is used to save TPM Management Flags and corresponding operations.
// It should be protected from malicious software (e.g. Set it as read-only variable).
// It should be protected from malicious software (e.g. Set it as read-only variable).
//
#define PHYSICAL_PRESENCE_FLAGS_VARIABLE L"PhysicalPresenceFlags"
typedef struct {

10
SecurityPkg/Include/Guid/PwdCredentialProviderHii.h
View File

@ -1,13 +1,13 @@
/** @file
GUID used as HII FormSet and HII Package list GUID in PwdCredentialProviderDxe driver.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

16
SecurityPkg/Include/Guid/SecureBootConfigHii.h
View File

@ -1,13 +1,13 @@
/** @file
GUIDs used as HII FormSet and HII Package list GUID in SecureBootConfigDxe driver.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
GUIDs used as HII FormSet and HII Package list GUID in SecureBootConfigDxe driver.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

10
SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h
View File

@ -1,13 +1,13 @@
/** @file
GUID for SecurityPkg PCD Token Space.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

16
SecurityPkg/Include/Guid/Tcg2ConfigHii.h
View File

@ -1,13 +1,13 @@
/** @file
GUIDs used as HII FormSet and HII Package list GUID in Tcg2Config driver.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
GUIDs used as HII FormSet and HII Package list GUID in Tcg2Config driver.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

6
SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h
View File

@ -1,10 +1,10 @@
/** @file
Define the variable data structures used for TCG2 physical presence.
The TPM2 request from firmware or OS is saved to variable. And it is
cleared after it is processed in the next boot cycle. The TPM2 response
cleared after it is processed in the next boot cycle. The TPM2 response
is saved to variable.
Copyright (c) 2015, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -34,7 +34,7 @@ typedef struct {
//
// This variable is used to save TCG2 Management Flags and corresponding operations.
// It should be protected from malicious software (e.g. Set it as read-only variable).
// It should be protected from malicious software (e.g. Set it as read-only variable).
//
#define TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE L"Tcg2PhysicalPresenceFlags"
typedef struct {

16
SecurityPkg/Include/Guid/TcgConfigHii.h
View File

@ -1,13 +1,13 @@
/** @file
GUIDs used as HII FormSet and HII Package list GUID in TcgConfig driver.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
GUIDs used as HII FormSet and HII Package list GUID in TcgConfig driver.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php.
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

16
SecurityPkg/Include/Guid/TcgEventHob.h
View File

@ -1,15 +1,15 @@
/** @file
Defines the HOB GUID used to pass a TCG_PCR_EVENT or TCG_PCR_EVENT2 from a TPM PEIM to
a TPM DXE Driver. A GUIDed HOB is generated for each measurement
Defines the HOB GUID used to pass a TCG_PCR_EVENT or TCG_PCR_EVENT2 from a TPM PEIM to
a TPM DXE Driver. A GUIDed HOB is generated for each measurement
made in the PEI Phase.
Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

10
SecurityPkg/Include/Guid/UsbCredentialProviderHii.h
View File

@ -1,13 +1,13 @@
/** @file
GUID used as HII Package list GUID in UsbCredentialProviderDxe driver.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

10
SecurityPkg/Include/Guid/UserIdentifyManagerHii.h
View File

@ -1,13 +1,13 @@
/** @file
GUID used as HII FormSet and HII Package list GUID in UserIdentifyManagerDxe driver.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

12
SecurityPkg/Include/Guid/UserProfileManagerHii.h
View File

@ -1,13 +1,13 @@
/** @file
GUID used as HII FormSet and HII Package list GUID in UserProfileManagerDxe driver.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -22,4 +22,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
extern EFI_GUID gUserProfileManagerGuid;
#endif
#endif

14
SecurityPkg/Include/Library/PlatformSecureLib.h
View File

@ -1,13 +1,13 @@
/** @file
Provides a secure platform-specific method to detect physically present user.
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
This function provides a platform-specific method to detect whether the platform
is operating by a physically present user.
is operating by a physically present user.
Programmatic changing of platform security policy (such as disable Secure Boot,
or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
@ -28,7 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
NOTE THAT: This function cannot depend on any EFI Variable Service since they are
not available when this function is called in AuthenticateVariable driver.
@retval TRUE The platform is operated by a physically present user.
@retval FALSE The platform is NOT operated by a physically present user.

22
SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
View File

@ -2,13 +2,13 @@
This library is intended to be used by BDS modules.
This library will execute TPM2 request.
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -62,13 +62,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Check and execute the pending TPM request.
The TPM request may come from OS or BIOS. This API will display request information and wait
The TPM request may come from OS or BIOS. This API will display request information and wait
for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
the TPM request is confirmed, and one or more reset may be required to make TPM request to
the TPM request is confirmed, and one or more reset may be required to make TPM request to
take effect.
This API should be invoked after console in and console out are all ready as they are required
to display request information and get user input to confirm the request.
to display request information and get user input to confirm the request.
@param PlatformAuth platform auth value. NULL means no platform auth change.
**/
@ -83,7 +83,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
The TPM request may come from OS. This API will check if TPM request exists and need user
input to confirmation.
@retval TRUE TPM needs input to confirm user physical presence.
@retval FALSE TPM doesn't need input to confirm user physical presence.
@ -173,7 +173,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
@param[in] OperationRequest TPM physical presence operation request.
@return Return Code for Get User Confirmation Status for Operation.

22
SecurityPkg/Include/Library/Tcg2PpVendorLib.h
View File

@ -4,16 +4,16 @@
The Vendor Specific PPI operation may change TPM state, BIOS TPM management
flags, and may need additional boot cycle.
Caution: This function may receive untrusted input.
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -29,9 +29,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Check and execute the requested physical presence command.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@ -56,7 +56,7 @@ Tcg2PpVendorLibExecutePendingRequest (
Check if there is a valid physical presence command request.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@ -86,7 +86,7 @@ Tcg2PpVendorLibHasValidRequest (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.
@ -111,7 +111,7 @@ Tcg2PpVendorLibSubmitRequestToPreOSFunction (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.

22
SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h
View File

@ -2,13 +2,13 @@
This library is intended to be used by BDS modules.
This library will lock TPM after executing TPM request.
Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -19,15 +19,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Check and execute the pending TPM request and Lock TPM.
The TPM request may come from OS or BIOS. This API will display request information and wait
The TPM request may come from OS or BIOS. This API will display request information and wait
for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
the TPM request is confirmed, and one or more reset may be required to make TPM request to
the TPM request is confirmed, and one or more reset may be required to make TPM request to
take effect. At last, it will lock TPM to prevent TPM state change by malware.
This API should be invoked after console in and console out are all ready as they are required
to display request information and get user input to confirm the request. This API should also
to display request information and get user input to confirm the request. This API should also
be invoked as early as possible as TPM is locked in this function.
**/
VOID
EFIAPI
@ -40,7 +40,7 @@ TcgPhysicalPresenceLibProcessRequest (
The TPM request may come from OS. This API will check if TPM request exists and need user
input to confirmation.
@retval TRUE TPM needs input to confirm user physical presence.
@retval FALSE TPM doesn't need input to confirm user physical presence.

22
SecurityPkg/Include/Library/TcgPpVendorLib.h
View File

@ -4,16 +4,16 @@
The Vendor Specific PPI operation may change TPM state, BIOS TPM management
flags, and may need additional boot cycle.
Caution: This function may receive untrusted input.
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -63,9 +63,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Check and execute the requested physical presence command.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.
@ -88,7 +88,7 @@ TcgPpVendorLibExecutePendingRequest (
Check if there is a valid physical presence command request.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@ -118,7 +118,7 @@ TcgPpVendorLibHasValidRequest (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.
@ -141,7 +141,7 @@ TcgPpVendorLibSubmitRequestToPreOSFunction (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.

2
SecurityPkg/Include/Library/TcgStorageCoreLib.h
View File

@ -1,6 +1,6 @@
/** @file
Public API for the Tcg Core library to perform the lowest level TCG Data encoding.
(TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00,
https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/)

8
SecurityPkg/Include/Library/Tpm12CommandLib.h
View File

@ -1,7 +1,7 @@
/** @file
This library is used by other modules to send TPM12 command.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -84,7 +84,7 @@ typedef struct {
/**
Send NV DefineSpace command to TPM1.2.
@param PubInfo The public parameters of the NV area.
@param EncAuth The encrypted AuthData, only valid if the attributes require subsequent authorization.
@ -100,7 +100,7 @@ Tpm12NvDefineSpace (
/**
Send NV ReadValue command to TPM1.2.
@param NvIndex The index of the area to set.
@param Offset The offset into the area.
@param DataSize The size of the data area.
@ -120,7 +120,7 @@ Tpm12NvReadValue (
/**
Send NV WriteValue command to TPM1.2.
@param NvIndex The index of the area to set.
@param Offset The offset into the NV Area.
@param DataSize The size of the data parameter.

4
SecurityPkg/Include/Library/Tpm12DeviceLib.h
View File

@ -1,7 +1,7 @@
/** @file
This library abstract how to access TPM12 hardware device.
Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -27,7 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI

78
SecurityPkg/Include/Library/Tpm2CommandLib.h
View File

@ -1,7 +1,7 @@
/** @file
This library is used by other modules to send TPM2 command.
Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -25,7 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@param[in] HashAlg The hash algorithm to use for the hash sequence
An Event sequence starts if this is TPM_ALG_NULL.
@param[out] SequenceHandle A handle to reference the sequence
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -43,7 +43,7 @@ Tpm2HashSequenceStart (
@param[in] SequenceHandle Handle for the sequence object
@param[in] Buffer Data to be added to hash
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -64,7 +64,7 @@ Tpm2SequenceUpdate (
@param[in] SequenceHandle Authorization for the sequence
@param[in] Buffer Data to be added to the Event
@param[out] Results List of digests computed for the PCR
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -83,7 +83,7 @@ Tpm2EventSequenceComplete (
@param[in] SequenceHandle Authorization for the sequence
@param[in] Buffer Data to be added to the hash/HMAC
@param[out] Result The returned HMAC or digest in a sized buffer
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -166,7 +166,7 @@ Tpm2SetPrimaryPolicy (
@param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
@param[in] AuthSession Auth Session context
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -316,7 +316,7 @@ Tpm2DictionaryAttackParameters (
@param[in] NvIndex The NV Index.
@param[out] NvPublic The public area of the index.
@param[out] NvName The Name of the nvIndex.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -337,7 +337,7 @@ Tpm2NvReadPublic (
@param[in] AuthSession Auth Session context
@param[in] Auth The authorization data.
@param[in] NvPublic The public area of the index.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.
@ -357,7 +357,7 @@ Tpm2NvDefineSpace (
@param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
@param[in] NvIndex The NV Index.
@param[in] AuthSession Auth Session context
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
@ -379,7 +379,7 @@ Tpm2NvUndefineSpace (
@param[in] Size Number of bytes to read.
@param[in] Offset Byte offset into the area.
@param[in,out] OutData The data read.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
@ -403,7 +403,7 @@ Tpm2NvRead (
@param[in] AuthSession Auth Session context
@param[in] InData The data to write.
@param[in] Offset The offset into the NV Area.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
@ -521,7 +521,7 @@ Tpm2PcrEvent (
@param[out] PcrUpdateCounter The current value of the PCR update counter.
@param[out] PcrSelectionOut The PCR in the returned list.
@param[out] PcrValues The contents of the PCR indicated in pcrSelect.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -544,7 +544,7 @@ Tpm2PcrRead (
@param[out] MaxPCR maximum number of PCR that may be in a bank
@param[out] SizeNeeded number of octets required to satisfy the request
@param[out] SizeAvailable Number of octets available. Computed before the allocation
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -580,25 +580,25 @@ Tpm2PcrAllocateBanks (
/**
This command returns various information regarding the TPM and its current state.
The capability parameter determines the category of data returned. The property parameter
selects the first value of the selected category to be returned. If there is no property
The capability parameter determines the category of data returned. The property parameter
selects the first value of the selected category to be returned. If there is no property
that corresponds to the value of property, the next higher value is returned, if it exists.
The moreData parameter will have a value of YES if there are more values of the requested
The moreData parameter will have a value of YES if there are more values of the requested
type that were not returned.
If no next capability exists, the TPM will return a zero-length list and moreData will have
If no next capability exists, the TPM will return a zero-length list and moreData will have
a value of NO.
NOTE:
To simplify this function, leave returned CapabilityData for caller to unpack since there are
NOTE:
To simplify this function, leave returned CapabilityData for caller to unpack since there are
many capability categories and only few categories will be used in firmware. It means the caller
need swap the byte order for the feilds in CapabilityData.
@param[in] Capability Group selection; determines the format of the response.
@param[in] Property Further definition of information.
@param[in] Property Further definition of information.
@param[in] PropertyCount Number of properties of the indicated type to return.
@param[out] MoreData Flag to indicate if there are more values of this type.
@param[out] CapabilityData The capability data.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -618,7 +618,7 @@ Tpm2GetCapability (
This function parse the value got from TPM2_GetCapability and return the Family.
@param[out] Family The Family of TPM. (a 4-octet character string)
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -634,7 +634,7 @@ Tpm2GetCapabilityFamily (
This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.
@param[out] ManufactureId The manufacture ID of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -651,7 +651,7 @@ Tpm2GetCapabilityManufactureID (
@param[out] FirmwareVersion1 The FirmwareVersion1.
@param[out] FirmwareVersion2 The FirmwareVersion2.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -669,7 +669,7 @@ Tpm2GetCapabilityFirmwareVersion (
@param[out] MaxCommandSize The maximum value for commandSize in a command.
@param[out] MaxResponseSize The maximum value for responseSize in a command.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -682,12 +682,12 @@ Tpm2GetCapabilityMaxCommandResponseSize (
/**
This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an
algorithm ID and a set of properties of the algorithm.
algorithm ID and a set of properties of the algorithm.
This function parse the value got from TPM2_GetCapability and return the list.
@param[out] AlgList List of algorithm.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -703,7 +703,7 @@ Tpm2GetCapabilitySupportedAlg (
This function parse the value got from TPM2_GetCapability and return the LockoutCounter.
@param[out] LockoutCounter The LockoutCounter of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -719,7 +719,7 @@ Tpm2GetCapabilityLockoutCounter (
This function parse the value got from TPM2_GetCapability and return the LockoutInterval.
@param[out] LockoutInterval The LockoutInterval of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -736,7 +736,7 @@ Tpm2GetCapabilityLockoutInterval (
@param[out] InputBufferSize The InputBufferSize of TPM.
the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -752,7 +752,7 @@ Tpm2GetCapabilityInputBufferSize (
This function parse the value got from TPM2_GetCapability and return the PcrSelection.
@param[out] Pcrs The Pcr Selection
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -786,7 +786,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs(
This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
@param[out] AlgorithmSet The AlgorithmSet of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -843,7 +843,7 @@ Tpm2SetAlgorithmSet (
@param[in] AuthHash Hash algorithm to use for the session.
@param[out] SessionHandle Handle for the newly created session.
@param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -865,7 +865,7 @@ Tpm2StartAuthSession (
This command causes all context associated with a loaded object or session to be removed from TPM memory.
@param[in] FlushHandle The handle of the item to flush.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -879,7 +879,7 @@ Tpm2FlushContext (
This command includes a secret-based authorization to a policy.
The caller proves knowledge of the secret value using an authorization
session using the authValue associated with authHandle.
@param[in] AuthHandle Handle for an entity providing the authorization
@param[in] PolicySession Handle for the policy session being extended.
@param[in] AuthSession Auth Session context
@ -889,7 +889,7 @@ Tpm2FlushContext (
@param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
@param[out] Timeout Time value used to indicate to the TPM when the ticket expires.
@param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -915,7 +915,7 @@ Tpm2PolicySecret (
@param[in] PolicySession Handle for the policy session being extended.
@param[in] HashList the list of hashes to check for a match.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -931,7 +931,7 @@ Tpm2PolicyOR (
@param[in] PolicySession Handle for the policy session being extended.
@param[in] Code The allowed commandCode.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -948,7 +948,7 @@ Tpm2PolicyCommandCode (
@param[in] PolicySession Handle for the policy session.
@param[out] PolicyHash the current value of the policyHash of policySession.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/

4
SecurityPkg/Include/Library/Tpm2DeviceLib.h
View File

@ -37,7 +37,7 @@ typedef enum {
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI
@ -71,7 +71,7 @@ Tpm2RequestUseTpm (
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
typedef
EFI_STATUS

26
SecurityPkg/Include/Library/TpmCommLib.h
View File

@ -2,13 +2,13 @@
This library is only intended to be used by TPM modules.
It provides basic TPM Interface Specification (TIS) and Command functions.
Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -161,7 +161,7 @@ typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR;
#define TIS_PC_ACC_ESTABLISH BIT0
///
/// When this bit is 1, TPM is in the Ready state,
/// When this bit is 1, TPM is in the Ready state,
/// indicating it is ready to receive a new command.
///
#define TIS_PC_STS_READY BIT6
@ -210,13 +210,13 @@ EFI_STATUS
EFIAPI
TisPcWaitRegisterBits (
IN UINT8 *Register,
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
IN UINT8 BitSet,
IN UINT8 BitClear,
IN UINT32 TimeOut
);
/**
Get BurstCount by reading the burstCount field of a TIS regiger
Get BurstCount by reading the burstCount field of a TIS regiger
in the time of default TIS_TIMEOUT_D.
@param[in] TisReg Pointer to TIS register.
@ -234,7 +234,7 @@ TisPcReadBurstCount (
);
/**
Set TPM chip to ready state by sending ready command TIS_PC_STS_READY
Set TPM chip to ready state by sending ready command TIS_PC_STS_READY
to Status Register in time.
@param[in] TisReg Pointer to TIS register.
@ -250,7 +250,7 @@ TisPcPrepareCommand (
);
/**
Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE
Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE
to ACCESS Register in the time of default TIS_TIMEOUT_D.
@param[in] TisReg Pointer to TIS register.
@ -273,7 +273,7 @@ TisPcRequestUseTpm (
@param[in] Data Raw data to be digested.
@param[in] DataLen Size of the raw data.
@param[out] Digest Pointer to a buffer that stores the final digest.
@retval EFI_SUCCESS Always successfully calculate the final digest.
**/
EFI_STATUS

10
SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
View File

@ -1,13 +1,13 @@
/** @file
This PPI means a FV does not need to be extended to PCR by TCG modules.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/

24
SecurityPkg/Include/Ppi/LockPhysicalPresence.h
View File

@ -1,15 +1,15 @@
/** @file
This file defines the lock physical Presence PPI. This PPI is
produced by a platform specific PEIM and consumed by the TPM
This file defines the lock physical Presence PPI. This PPI is
produced by a platform specific PEIM and consumed by the TPM
PEIM.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -18,7 +18,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define __PEI_LOCK_PHYSICAL_PRESENCE_H__
///
/// Global ID for the PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID.
/// Global ID for the PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID.
///
#define PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID \
{ \
@ -46,9 +46,9 @@ BOOLEAN
);
///
/// This service abstracts TPM physical presence lock interface. It is necessary for
/// safety to convey this information to the TPM driver so that TPM physical presence
/// can be locked as early as possible. This PPI is produced by a platform specific
/// This service abstracts TPM physical presence lock interface. It is necessary for
/// safety to convey this information to the TPM driver so that TPM physical presence
/// can be locked as early as possible. This PPI is produced by a platform specific
/// PEIM and consumed by the TPM PEIM.
///
struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI {
@ -57,4 +57,4 @@ struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI {
extern EFI_GUID gPeiLockPhysicalPresencePpiGuid;
#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__
#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__

16
SecurityPkg/Include/Ppi/TpmInitialized.h
View File

@ -2,14 +2,14 @@
Tag GUID that must be installed by the TPM PEIM after the TPM hardware is
initialized. PEIMs that must execute after TPM hardware initialization
may use this GUID in their dependency expressions.
Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -18,7 +18,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define _PEI_TPM_INITIALIZED_PPI_H_
///
/// Global ID for the PEI_TPM_INITIALIZED_PPI which always uses a NULL interface.
/// Global ID for the PEI_TPM_INITIALIZED_PPI which always uses a NULL interface.
///
#define PEI_TPM_INITIALIZED_PPI_GUID \
{ \
@ -28,7 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
extern EFI_GUID gPeiTpmInitializedPpiGuid;
///
/// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface.
/// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface.
///
#define PEI_TPM_INITIALIZATION_DONE_PPI_GUID \
{ \

10
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@ -18,7 +18,7 @@
They will do basic validation for authentication data structure, then call crypto library
to verify the signature.
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -1303,7 +1303,7 @@ GetCertsFromDb (
return EFI_INVALID_PARAMETER;
}
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
//
// Get variable "certdb".
@ -1355,7 +1355,7 @@ GetCertsFromDb (
/**
Delete matching signer's certificates when deleting common authenticated
variable by corresponding VariableName and VendorGuid from "certdb" or
variable by corresponding VariableName and VendorGuid from "certdb" or
"certdbv" according to authenticated variable attributes.
@param[in] VariableName Name of authenticated Variable.
@ -1904,13 +1904,13 @@ VerifyTimeBasedPayload (
// digestAlgorithms DigestAlgorithmIdentifiers,
// contentInfo ContentInfo,
// .... }
// The DigestAlgorithmIdentifiers can be used to determine the hash algorithm
// The DigestAlgorithmIdentifiers can be used to determine the hash algorithm
// in VARIABLE_AUTHENTICATION_2 descriptor.
// This field has the fixed offset (+13) and be calculated based on two bytes of length encoding.
//
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
(CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
return EFI_SECURITY_VIOLATION;
}

8
SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
View File

@ -12,7 +12,7 @@
may not be modified without authorization. If platform fails to protect these resources,
the authentication service provided in this driver will be broken, and the behavior is undefined.
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -142,7 +142,7 @@ VerifyTimeBasedPayloadAndUpdate (
/**
Delete matching signer's certificates when deleting common authenticated
variable by corresponding VariableName and VendorGuid from "certdb" or
variable by corresponding VariableName and VendorGuid from "certdb" or
"certdbv" according to authenticated variable attributes.
@param[in] VariableName Name of authenticated Variable.
@ -166,9 +166,9 @@ DeleteCertsFromDb (
Clean up signer's certificates for common authenticated variable
by corresponding VariableName and VendorGuid from "certdb".
Sytem may break down during Timebased Variable update & certdb update,
make them inconsistent, this function is called in AuthVariable Init to ensure
make them inconsistent, this function is called in AuthVariable Init to ensure
consistency
@retval EFI_NOT_FOUND Fail to find matching certs.
@retval EFI_SUCCESS Find matching certs and output parameters.

208
SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c
View File

@ -1,13 +1,13 @@
/** @file
Implement defer image load services for user identification in UEFI2.2.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -33,9 +33,9 @@ EFI_DEFERRED_IMAGE_LOAD_PROTOCOL gDeferredImageLoad = {
Get the image type.
@param[in] File This is a pointer to the device path of the file
that is being dispatched.
that is being dispatched.
@return UINT32 Image Type
@return UINT32 Image Type
**/
UINT32
@ -44,7 +44,7 @@ GetFileType (
)
{
EFI_STATUS Status;
EFI_HANDLE DeviceHandle;
EFI_HANDLE DeviceHandle;
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
@ -110,7 +110,7 @@ GetFileType (
}
//
// File is not in a Firmware Volume or on a Block I/O device, so check to see if
// File is not in a Firmware Volume or on a Block I/O device, so check to see if
// the device path supports the Simple File System Protocol.
//
DeviceHandle = NULL;
@ -129,12 +129,12 @@ GetFileType (
//
// File is not from an FV, Block I/O or Simple File System, so the only options
// left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC.
// left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC.
//
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
while (!IsDevicePathEndType (TempDevicePath)) {
switch (DevicePathType (TempDevicePath)) {
case MEDIA_DEVICE_PATH:
if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
return IMAGE_FROM_OPTION_ROM;
@ -144,7 +144,7 @@ GetFileType (
case MESSAGING_DEVICE_PATH:
if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) {
return IMAGE_FROM_REMOVABLE_MEDIA;
}
}
break;
default:
@ -152,7 +152,7 @@ GetFileType (
}
TempDevicePath = NextDevicePathNode (TempDevicePath);
}
return IMAGE_UNKNOWN;
return IMAGE_UNKNOWN;
}
@ -191,7 +191,7 @@ GetAccessControl (
if (EFI_ERROR (Status)) {
return EFI_NOT_FOUND;
}
//
// Get current user access information.
//
@ -234,12 +234,12 @@ GetAccessControl (
if (EFI_ERROR (Status)) {
break;
}
ASSERT (Info != NULL);
if (Info->InfoType != EFI_USER_INFO_ACCESS_POLICY_RECORD) {
continue;
}
//
// Get specified access information.
//
@ -256,7 +256,7 @@ GetAccessControl (
CheckLen += Access->Size;
}
}
if (Info != NULL) {
FreePool (Info);
}
@ -266,17 +266,17 @@ GetAccessControl (
/**
Get file name from device path.
The file name may contain one or more device path node. Save the file name in a
buffer if file name is found. The caller is responsible to free the buffer.
The file name may contain one or more device path node. Save the file name in a
buffer if file name is found. The caller is responsible to free the buffer.
@param[in] DevicePath A pointer to a device path.
@param[out] FileName The callee allocated buffer to save the file name if file name is found.
@param[out] FileNameOffset The offset of file name in device path if file name is found.
@retval UINTN The file name length. 0 means file name is not found.
**/
UINTN
UINTN
GetFileName (
IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
OUT UINT8 **FileName,
@ -342,26 +342,26 @@ GetFileName (
FirstNodeChar = (CHAR16) ReadUnaligned16 ((UINT16 *)((UINT8 *)TmpDevicePath + sizeof (EFI_DEVICE_PATH_PROTOCOL)));
NodeStr = (CHAR8 *)TmpDevicePath + sizeof (EFI_DEVICE_PATH_PROTOCOL);
NodeStrLength = DevicePathNodeLength (TmpDevicePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL) - sizeof(CHAR16);
if ((FirstNodeChar == '\\') && (LastNodeChar == '\\')) {
//
// Skip separator "\" when there are two separators.
//
NodeStr += sizeof (CHAR16);
NodeStrLength -= sizeof (CHAR16);
NodeStrLength -= sizeof (CHAR16);
} else if ((FirstNodeChar != '\\') && (LastNodeChar != '\\')) {
//
// Add separator "\" when there is no separator.
//
WriteUnaligned16 ((UINT16 *)(*FileName + Length), '\\');
Length += sizeof (CHAR16);
}
}
CopyMem (*FileName + Length, NodeStr, NodeStrLength);
Length += NodeStrLength;
LastNodeChar = (CHAR16) ReadUnaligned16 ((UINT16 *) (NodeStr + NodeStrLength - sizeof(CHAR16)));
TmpDevicePath = NextDevicePathNode (TmpDevicePath);
}
}
return Length;
}
@ -373,16 +373,16 @@ GetFileName (
If DevicePath2 is identical with DevicePath1, or with DevicePath1's child device
path, then TRUE returned. Otherwise, FALSE is returned.
If DevicePath1 is NULL, then ASSERT().
If DevicePath2 is NULL, then ASSERT().
@param[in] DevicePath1 A pointer to a device path.
@param[in] DevicePath2 A pointer to a device path.
@retval TRUE Two device paths are identical , or DevicePath2 is
@retval TRUE Two device paths are identical , or DevicePath2 is
DevicePath1's child device path.
@retval FALSE Two device paths are not identical, and DevicePath2
@retval FALSE Two device paths are not identical, and DevicePath2
is not DevicePath1's child device path.
**/
@ -410,9 +410,9 @@ CheckDevicePath (
if (IsDevicePathEnd (DevicePath1)) {
return FALSE;
}
//
// The file name may contain one or more device path node.
// The file name may contain one or more device path node.
// To compare the file name, copy file name to a buffer and compare the buffer.
//
FileNameSize1 = GetFileName (DevicePath1, &FileName1, &FileNameOffset1);
@ -422,7 +422,7 @@ CheckDevicePath (
DevicePathEqual = FALSE;
goto Done;
}
if (CompareMem (DevicePath1, DevicePath2, FileNameOffset1) != 0) {
if (CompareMem (DevicePath1, DevicePath2, FileNameOffset1) != 0) {
DevicePathEqual = FALSE;
goto Done;
}
@ -430,7 +430,7 @@ CheckDevicePath (
DevicePathEqual = FALSE;
goto Done;
}
if (CompareMem (FileName1, FileName2, FileNameSize1) != 0) {
if (CompareMem (FileName1, FileName2, FileNameSize1) != 0) {
DevicePathEqual = FALSE;
goto Done;
}
@ -449,9 +449,9 @@ CheckDevicePath (
DevicePathSize -= sizeof (EFI_DEVICE_PATH_PROTOCOL);
if (CompareMem (DevicePath1, DevicePath2, DevicePathSize) != 0) {
DevicePathEqual = FALSE;
}
Done:
}
Done:
if (FileName1 != NULL) {
FreePool (FileName1);
}
@ -463,12 +463,12 @@ Done:
/**
Check whether the image pointed to by DevicePath is in the device path list
specified by AccessType.
Check whether the image pointed to by DevicePath is in the device path list
specified by AccessType.
@param[in] DevicePath Points to device path.
@param[in] AccessType The type of user access control.
@retval TRUE The DevicePath is in the specified List.
@retval FALSE The DevicePath is not in the specified List.
@ -482,36 +482,36 @@ IsDevicePathInList (
EFI_STATUS Status;
EFI_USER_INFO_ACCESS_CONTROL *Access;
EFI_DEVICE_PATH_PROTOCOL *Path;
UINTN OffSet;
UINTN OffSet;
Status = GetAccessControl (&Access, AccessType);
if (EFI_ERROR (Status)) {
return FALSE;
}
}
OffSet = 0;
while (OffSet < Access->Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {
Path = (EFI_DEVICE_PATH_PROTOCOL*)((UINT8*)(Access + 1) + OffSet);
Path = (EFI_DEVICE_PATH_PROTOCOL*)((UINT8*)(Access + 1) + OffSet);
if (CheckDevicePath (Path, DevicePath)) {
//
// The device path is found in list.
//
FreePool (Access);
return TRUE;
}
}
OffSet += GetDevicePathSize (Path);
}
FreePool (Access);
return FALSE;
return FALSE;
}
/**
Check whether the image pointed to by DevicePath is permitted to load.
Check whether the image pointed to by DevicePath is permitted to load.
@param[in] DevicePath Points to device path
@retval TRUE The image pointed by DevicePath is permitted to load.
@retval FALSE The image pointed by DevicePath is forbidden to load.
@ -523,28 +523,28 @@ VerifyDevicePath (
{
if (IsDevicePathInList (DevicePath, EFI_USER_INFO_ACCESS_PERMIT_LOAD)) {
//
// This access control overrides any restrictions put in place by the
// This access control overrides any restrictions put in place by the
// EFI_USER_INFO_ACCESS_FORBID_LOAD record.
//
return TRUE;
}
if (IsDevicePathInList (DevicePath, EFI_USER_INFO_ACCESS_FORBID_LOAD)) {
//
// The device path is found in the forbidden list.
//
return FALSE;
}
return TRUE;
return TRUE;
}
/**
Check the image pointed by DevicePath is a boot option or not.
Check the image pointed by DevicePath is a boot option or not.
@param[in] DevicePath Points to device path.
@retval TRUE The image pointed by DevicePath is a boot option.
@retval FALSE The image pointed by DevicePath is not a boot option.
@ -562,31 +562,31 @@ IsBootOption (
UINT8 *OptionBuffer;
UINT8 *OptionPtr;
EFI_DEVICE_PATH_PROTOCOL *OptionDevicePath;
//
// Get BootOrder
//
BootOrderListSize = 0;
BootOrderList = NULL;
BootOrderList = NULL;
Status = gRT->GetVariable (
L"BootOrder",
&gEfiGlobalVariableGuid,
NULL,
&BootOrderListSize,
L"BootOrder",
&gEfiGlobalVariableGuid,
NULL,
&BootOrderListSize,
NULL
);
if (Status == EFI_BUFFER_TOO_SMALL) {
BootOrderList = AllocateZeroPool (BootOrderListSize);
ASSERT (BootOrderList != NULL);
Status = gRT->GetVariable (
L"BootOrder",
&gEfiGlobalVariableGuid,
NULL,
&BootOrderListSize,
L"BootOrder",
&gEfiGlobalVariableGuid,
NULL,
&BootOrderListSize,
BootOrderList
);
}
if (EFI_ERROR (Status)) {
//
// No Boot option
@ -608,7 +608,7 @@ IsBootOption (
//
// Check whether the image is forbidden.
//
OptionPtr = OptionBuffer;
//
// Skip attribute.
@ -624,7 +624,7 @@ IsBootOption (
// Skip descript string
//
OptionPtr += StrSize ((UINT16 *) OptionPtr);
//
// Now OptionPtr points to Device Path.
//
@ -650,11 +650,11 @@ IsBootOption (
/**
Add the image info to a deferred image list.
@param[in] ImageDevicePath A pointer to the device path of a image.
@param[in] Image Points to the first byte of the image, or NULL if the
@param[in] ImageDevicePath A pointer to the device path of a image.
@param[in] Image Points to the first byte of the image, or NULL if the
image is not available.
@param[in] ImageSize The size of the image, or 0 if the image is not available.
**/
VOID
PutDefferedImageInfo (
@ -675,9 +675,9 @@ PutDefferedImageInfo (
} else {
CurImageInfo = AllocatePool ((mDeferredImage.Count + 1) * sizeof (DEFERRED_IMAGE_INFO));
ASSERT (CurImageInfo != NULL);
CopyMem (
CurImageInfo,
CurImageInfo,
mDeferredImage.ImageInfo,
mDeferredImage.Count * sizeof (DEFERRED_IMAGE_INFO)
);
@ -685,7 +685,7 @@ PutDefferedImageInfo (
mDeferredImage.ImageInfo = CurImageInfo;
}
mDeferredImage.Count++;
//
// Save the deferred image information.
//
@ -704,29 +704,29 @@ PutDefferedImageInfo (
/**
Returns information about a deferred image.
This function returns information about a single deferred image. The deferred images are
numbered consecutively, starting with 0. If there is no image which corresponds to
ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by
This function returns information about a single deferred image. The deferred images are
numbered consecutively, starting with 0. If there is no image which corresponds to
ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by
iteratively calling this function until EFI_NOT_FOUND is returned.
Image may be NULL and ImageSize set to 0 if the decision to defer execution was made
because of the location of the executable image, rather than its actual contents.
Image may be NULL and ImageSize set to 0 if the decision to defer execution was made
because of the location of the executable image, rather than its actual contents.
@param[in] This Points to this instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL.
@param[in] ImageIndex Zero-based index of the deferred index.
@param[out] ImageDevicePath On return, points to a pointer to the device path of the image.
The device path should not be freed by the caller.
@param[out] Image On return, points to the first byte of the image or NULL if the
@param[out] ImageDevicePath On return, points to a pointer to the device path of the image.
The device path should not be freed by the caller.
@param[out] Image On return, points to the first byte of the image or NULL if the
image is not available. The image should not be freed by the caller
unless LoadImage() has been successfully called.
unless LoadImage() has been successfully called.
@param[out] ImageSize On return, the size of the image, or 0 if the image is not available.
@param[out] BootOption On return, points to TRUE if the image was intended as a boot option
or FALSE if it was not intended as a boot option.
@param[out] BootOption On return, points to TRUE if the image was intended as a boot option
or FALSE if it was not intended as a boot option.
@retval EFI_SUCCESS Image information returned successfully.
@retval EFI_NOT_FOUND ImageIndex does not refer to a valid image.
@retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or
@retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or
BootOption is NULL.
**/
EFI_STATUS
EFIAPI
@ -748,7 +748,7 @@ GetDefferedImageInfo (
if ((This == NULL) || (ImageSize == NULL) || (Image == NULL)) {
return EFI_INVALID_PARAMETER;
}
if ((ImageDevicePath == NULL) || (BootOption == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -756,17 +756,17 @@ GetDefferedImageInfo (
if (ImageIndex >= mDeferredImage.Count) {
return EFI_NOT_FOUND;
}
//
// Get the request deferred image.
//
//
ReqImageInfo = &mDeferredImage.ImageInfo[ImageIndex];
*ImageDevicePath = ReqImageInfo->ImageDevicePath;
*Image = ReqImageInfo->Image;
*ImageSize = ReqImageInfo->ImageSize;
*BootOption = ReqImageInfo->BootOption;
return EFI_SUCCESS;
}
@ -775,7 +775,7 @@ GetDefferedImageInfo (
Provides the service of deferring image load based on platform policy control,
and installs Deferred Image Load Protocol.
@param[in] AuthenticationStatus This is the authentication status returned from the
@param[in] AuthenticationStatus This is the authentication status returned from the
security measurement services for the input file.
@param[in] File This is a pointer to the device path of the file that
is being dispatched. This will optionally be used for
@ -824,7 +824,7 @@ DxeDeferImageLoadHandler (
//
// Check whether user has a logon.
//
//
CurrentUser = NULL;
if (mUserManager != NULL) {
mUserManager->Current (mUserManager, &CurrentUser);
@ -839,7 +839,7 @@ DxeDeferImageLoadHandler (
return EFI_SUCCESS;
}
}
//
// Still no user logon.
// Check the file type and get policy setting.
@ -852,7 +852,7 @@ DxeDeferImageLoadHandler (
//
return EFI_SUCCESS;
}
DEBUG ((EFI_D_INFO, "[Security] No user identified, the image is deferred to load!\n"));
PutDefferedImageInfo (File, FileBuffer, FileSize);
@ -874,10 +874,10 @@ DxeDeferImageLoadHandler (
}
/**
Locate user manager protocol when user manager is installed.
Locate user manager protocol when user manager is installed.
@param[in] Event The Event that is being processed, not used.
@param[in] Context Event Context, not used.
@param[in] Context Event Context, not used.
**/
VOID
@ -892,7 +892,7 @@ FindUserManagerProtocol (
NULL,
(VOID **) &mUserManager
);
}
@ -912,22 +912,22 @@ DxeDeferImageLoadLibConstructor (
)
{
VOID *Registration;
//
// Register user manager notification function.
//
EfiCreateProtocolNotifyEvent (
&gEfiUserManagerProtocolGuid,
&gEfiUserManagerProtocolGuid,
TPL_CALLBACK,
FindUserManagerProtocol,
NULL,
&Registration
);
return RegisterSecurity2Handler (
DxeDeferImageLoadHandler,
EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD
);
EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD
);
}

40
SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h
View File

@ -2,13 +2,13 @@
The internal header file includes the common header files, defines
internal structure and functions used by DeferImageLoadLib.
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -67,29 +67,29 @@ typedef struct {
/**
Returns information about a deferred image.
This function returns information about a single deferred image. The deferred images are
numbered consecutively, starting with 0. If there is no image which corresponds to
ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by
This function returns information about a single deferred image. The deferred images are
numbered consecutively, starting with 0. If there is no image which corresponds to
ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by
iteratively calling this function until EFI_NOT_FOUND is returned.
Image may be NULL and ImageSize set to 0 if the decision to defer execution was made
because of the location of the executable image, rather than its actual contents.
Image may be NULL and ImageSize set to 0 if the decision to defer execution was made
because of the location of the executable image, rather than its actual contents.
@param[in] This Points to this instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL.
@param[in] ImageIndex Zero-based index of the deferred index.
@param[out] ImageDevicePath On return, points to a pointer to the device path of the image.
The device path should not be freed by the caller.
@param[out] Image On return, points to the first byte of the image or NULL if the
@param[out] ImageDevicePath On return, points to a pointer to the device path of the image.
The device path should not be freed by the caller.
@param[out] Image On return, points to the first byte of the image or NULL if the
image is not available. The image should not be freed by the caller
unless LoadImage() has been called successfully.
unless LoadImage() has been called successfully.
@param[out] ImageSize On return, the size of the image, or 0 if the image is not available.
@param[out] BootOption On return, points to TRUE if the image was intended as a boot option
or FALSE if it was not intended as a boot option.
@param[out] BootOption On return, points to TRUE if the image was intended as a boot option
or FALSE if it was not intended as a boot option.
@retval EFI_SUCCESS Image information returned successfully.
@retval EFI_NOT_FOUND ImageIndex does not refer to a valid image.
@retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or
@retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or
BootOption is NULL.
**/
EFI_STATUS
EFIAPI
@ -101,5 +101,5 @@ GetDefferedImageInfo (
OUT UINTN *ImageSize,
OUT BOOLEAN *BootOption
);
#endif

14
SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf
View File

@ -1,11 +1,11 @@
## @file
# Provides security service of deferred image load
#
# The platform may need to defer the execution of an image because of security
# considerations. These deferred images will be recorded and then reported by
# The platform may need to defer the execution of an image because of security
# considerations. These deferred images will be recorded and then reported by
# installing an instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL.
#
# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -48,9 +48,9 @@
DevicePathLib
BaseMemoryLib
PrintLib
DebugLib
DebugLib
UefiLib
PcdLib
PcdLib
[Protocols]
gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES
@ -60,9 +60,9 @@
## SOMETIMES_CONSUMES
## NOTIFY
gEfiUserManagerProtocolGuid
[Guids]
gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootOrder"
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy ## SOMETIMES_CONSUMES

6
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
View File

@ -1,7 +1,7 @@
/** @file
Implement image authentication status check in UEFI2.3.1.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -18,8 +18,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
Check image authentication status returned from Section Extraction Protocol
@param[in] AuthenticationStatus This is the authentication status returned from
@param[in] AuthenticationStatus This is the authentication status returned from
the Section Extraction Protocol when reading the input file.
@param[in] File This is a pointer to the device path of the file that is
being dispatched. This will optionally be used for logging.

4
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
View File

@ -3,7 +3,7 @@
#
# Authentication Status Library module supports UEFI2.3.1
#
# Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -20,7 +20,7 @@
FILE_GUID = EB92D1DE-7C36-4680-BB88-A67E96049F72
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeImageAuthenticationStatusLibConstructor
#

14
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -12,7 +12,7 @@
DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
untrusted PE/COFF image and validate its data structure within this image buffer before use.
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@ -275,12 +275,12 @@ GetImageType (
/**
Calculate hash of Pe/Coff image based on the authenticode image hashing in
PE/COFF Specification 8.0 Appendix A
Caution: This function may receive untrusted input.
PE/COFF image is external input, so this function will validate its data structure
within this image buffer before use.
Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
its caller function DxeImageVerificationHandler().
@param[in] HashAlg Hash algorithm type.
@ -1109,14 +1109,14 @@ IsTimeZero (
}
/**
Check whether the timestamp signature is valid and the signing time is also earlier than
Check whether the timestamp signature is valid and the signing time is also earlier than
the revocation time.
@param[in] AuthData Pointer to the Authenticode signature retrieved from signed image.
@param[in] AuthDataSize Size of the Authenticode signature in bytes.
@param[in] RevocationTime The time that the certificate was revoked.
@retval TRUE Timestamp signature is valid and signing time is no later than the
@retval TRUE Timestamp signature is valid and signing time is no later than the
revocation time.
@retval FALSE Timestamp signature is not valid or the signing time is later than the
revocation time.
@ -1226,9 +1226,9 @@ Done:
**/
BOOLEAN
IsForbiddenByDbx (
IsForbiddenByDbx (
IN UINT8 *AuthData,
IN UINTN AuthDataSize
IN UINTN AuthDataSize
)
{
EFI_STATUS Status;

4
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni
View File

@ -2,13 +2,13 @@
// Provides security service of image verification
//
// This library hooks LoadImage() API to verify every image by the verification policy.
//
//
// Caution: This module requires additional review when modified.
// This library will have external input - PE/COFF image.
// This external input must be validated carefully to avoid security issues such as
// buffer overflow or integer overflow.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

20
SecurityPkg/Library/DxeImageVerificationLib/Measurement.c
View File

@ -1,7 +1,7 @@
/** @file
Measure TCG required variable.
Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -97,9 +97,9 @@ AssignVendorGuid (
@param[in] VarName A Null-terminated string that is the name of the vendor's variable.
@param[in] VendorGuid A unique identifier for the vendor.
@param[in] VarData The content of the variable data.
@param[in] VarSize The size of the variable data.
@param[in] VarData The content of the variable data.
@param[in] VarSize The size of the variable data.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Out of memory.
**/
@ -151,8 +151,8 @@ AddDataMeasured (
@param[in] VarName A Null-terminated string that is the name of the vendor's variable.
@param[in] VendorGuid A unique identifier for the vendor.
@param[in] VarData The content of the variable data.
@param[in] VarSize The size of the variable data.
@param[in] VarData The content of the variable data.
@param[in] VarSize The size of the variable data.
@retval TRUE The data is already measured.
@retval FALSE The data is not measured yet.
@ -197,7 +197,7 @@ IsSecureAuthorityVariable (
UINTN Index;
for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) {
return TRUE;
}
@ -210,9 +210,9 @@ IsSecureAuthorityVariable (
@param[in] VarName A Null-terminated string that is the name of the vendor's variable.
@param[in] VendorGuid A unique identifier for the vendor.
@param[in] VarData The content of the variable data.
@param[in] VarSize The size of the variable data.
@param[in] VarData The content of the variable data.
@param[in] VarSize The size of the variable data.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_OUT_OF_RESOURCES Out of memory.
@retval EFI_DEVICE_ERROR The operation was unsuccessful.

50
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -1,17 +1,17 @@
/** @file
This library registers RSA 2048 SHA 256 guided section handler
This library registers RSA 2048 SHA 256 guided section handler
to parse RSA 2048 SHA 256 encapsulation section and extract raw data.
It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -50,7 +50,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
/**
GetInfo gets raw data size and attribute of the input guided section.
It first checks whether the input guid section is supported.
It first checks whether the input guid section is supported.
If not, EFI_INVALID_PARAMETER will return.
@param InputSection Buffer containing the input GUIDed section to be processed.
@ -58,7 +58,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
@param ScratchBufferSize The size of ScratchBuffer.
@param SectionAttribute The attribute of the input guided section.
@retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and
@retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and
the attribute of the input section are successfully retrieved.
@retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid.
@ -111,7 +111,7 @@ Rsa2048Sha256GuidedSectionGetInfo (
Extraction handler tries to extract raw data from the input guided section.
It also does authentication check for RSA 2048 SHA 256 signature in the input guided section.
It first checks whether the input guid section is supported.
It first checks whether the input guid section is supported.
If not, EFI_INVALID_PARAMETER will return.
@param InputSection Buffer containing the input GUIDed section to be processed.
@ -143,10 +143,10 @@ Rsa2048Sha256GuidedSectionHandler (
UINTN PublicKeyBufferSize;
VOID *HashContext;
VOID *Rsa;
HashContext = NULL;
Rsa = NULL;
if (IS_SECTION2 (InputSection)) {
//
// Check whether the input guid section is recognized.
@ -156,7 +156,7 @@ Rsa2048Sha256GuidedSectionHandler (
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
@ -184,7 +184,7 @@ Rsa2048Sha256GuidedSectionHandler (
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
@ -214,7 +214,7 @@ Rsa2048Sha256GuidedSectionHandler (
// If SecurityPolicy Protocol exist, AUTH platform override bit is set.
//
*AuthenticationStatus |= EFI_AUTH_STATUS_PLATFORM_OVERRIDE;
return EFI_SUCCESS;
}
@ -222,7 +222,7 @@ Rsa2048Sha256GuidedSectionHandler (
// All paths from here return EFI_SUCESS and result is returned in AuthenticationStatus
//
Status = EFI_SUCCESS;
//
// Fail if the HashType is not SHA 256
//
@ -264,7 +264,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
//
// Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer
//
@ -299,8 +299,8 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
//
//
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
@ -347,10 +347,10 @@ Rsa2048Sha256GuidedSectionHandler (
//
PERF_INMODULE_BEGIN ("DxeRsaVerify");
CryptoStatus = RsaPkcs1Verify (
Rsa,
Digest,
SHA256_DIGEST_SIZE,
CertBlockRsa2048Sha256->Signature,
Rsa,
Digest,
SHA256_DIGEST_SIZE,
CertBlockRsa2048Sha256->Signature,
sizeof (CertBlockRsa2048Sha256->Signature)
);
PERF_INMODULE_END ("DxeRsaVerify");

12
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf
View File

@ -1,11 +1,11 @@
## @file
# This library doesn't produce any library class. The constructor function uses
# This library doesn't produce any library class. The constructor function uses
# ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler
# that parses RSA 2048 SHA 256 encapsulation section and extracts raw data.
#
# It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.
#
# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@ -39,7 +39,7 @@
MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
ExtractGuidedSectionLib
UefiBootServicesTableLib
@ -50,13 +50,13 @@
PcdLib
PerformanceLib
[Pcd]
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## SOMETIMES_CONSUMES
[Protocols]
gEfiSecurityPolicyProtocolGuid ## SOMETIMES_CONSUMES (Set platform override AUTH status if exist)
[Guids]
gEfiCertTypeRsa2048Sha256Guid ## PRODUCES ## UNDEFINED # Specifies RSA 2048 SHA 256 authentication algorithm.
gEfiHashAlgorithmSha256Guid ## SOMETIMES_CONSUMES ## UNDEFINED

4
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni
View File

@ -3,10 +3,10 @@
//
// ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler
// that parses RSA 2048 SHA 256 encapsulation section and extracts raw data.
//
//
// It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.
//
// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

106
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
View File

@ -7,13 +7,13 @@
Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -109,7 +109,7 @@ Done:
Change EPS.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@retval EFI_SUCCESS Operation completed successfully.
**/
EFI_STATUS
@ -145,9 +145,9 @@ Tpm2CommandChangeEps (
@param[in] CommandCode Physical presence operation value.
@param[in] CommandParameter Physical presence operation parameter.
@param[in, out] PpiFlags The physical presence interface flags.
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
receiving response from TPM.
@retval Others Return code from the TPM device after command execution.
**/
@ -274,8 +274,8 @@ Tcg2ReadUserKey (
EFI_STATUS Status;
EFI_INPUT_KEY Key;
UINT16 InputKey;
InputKey = 0;
InputKey = 0;
do {
Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
if (!EFI_ERROR (Status)) {
@ -289,13 +289,13 @@ Tcg2ReadUserKey (
if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode;
}
}
}
} while (InputKey == 0);
if (InputKey != SCAN_ESC) {
return TRUE;
}
return FALSE;
}
@ -364,7 +364,7 @@ Tcg2UserConfirm (
{
CHAR16 *ConfirmText;
CHAR16 *TmpStr1;
CHAR16 *TmpStr2;
CHAR16 *TmpStr2;
UINTN BufSize;
BOOLEAN CautionKey;
BOOLEAN NoPpiInfo;
@ -376,7 +376,7 @@ Tcg2UserConfirm (
EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
UINT32 CurrentPCRBanks;
EFI_STATUS Status;
TmpStr2 = NULL;
CautionKey = FALSE;
NoPpiInfo = FALSE;
@ -403,7 +403,7 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
break;
@ -423,7 +423,7 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
break;
@ -453,11 +453,11 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_1));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_2));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter);
Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks);
@ -468,7 +468,7 @@ Tcg2UserConfirm (
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
break;
@ -482,11 +482,11 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_1));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_2));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
break;
@ -571,10 +571,10 @@ Tcg2UserConfirm (
DstStr[80] = L'\0';
for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
Print (DstStr);
StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
Print (DstStr);
}
FreePool (TmpStr1);
FreePool (TmpStr2);
FreePool (ConfirmText);
@ -584,17 +584,17 @@ Tcg2UserConfirm (
return TRUE;
}
return FALSE;
return FALSE;
}
/**
Check if there is a valid physical presence command request. Also updates parameter value
Check if there is a valid physical presence command request. Also updates parameter value
to whether the requested physical presence command already confirmed by user
@param[in] TcgPpData EFI Tcg2 Physical Presence request data.
@param[in] TcgPpData EFI Tcg2 Physical Presence request data.
@param[in] Flags The physical presence interface flags.
@param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
True, it indicates the command doesn't require user confirm, or already confirmed
True, it indicates the command doesn't require user confirm, or already confirmed
in last boot cycle by user.
False, it indicates the command need user confirm from UI.
@ -657,7 +657,7 @@ Tcg2HaveValidTpmRequest (
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
*RequestConfirmed = TRUE;
break;
@ -778,7 +778,7 @@ Tcg2ExecutePendingTpmRequest (
} else {
if (!RequestConfirmed) {
//
// Print confirm text and wait for approval.
// Print confirm text and wait for approval.
//
RequestConfirmed = Tcg2UserConfirm (TcgPpData->PPRequest, TcgPpData->PPRequestParameter);
}
@ -791,8 +791,8 @@ Tcg2ExecutePendingTpmRequest (
if (RequestConfirmed) {
TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence (
PlatformAuth,
TcgPpData->PPRequest,
TcgPpData->PPRequestParameter,
TcgPpData->PPRequest,
TcgPpData->PPRequestParameter,
&NewFlags
);
}
@ -809,7 +809,7 @@ Tcg2ExecutePendingTpmRequest (
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS),
&NewFlags
);
);
}
//
@ -817,7 +817,7 @@ Tcg2ExecutePendingTpmRequest (
//
if ((NewFlags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) == 0) {
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequestParameter = 0;
}
@ -879,19 +879,19 @@ Tcg2ExecutePendingTpmRequest (
Print (L"Rebooting system to make TPM2 settings in effect\n");
gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
ASSERT (FALSE);
ASSERT (FALSE);
}
/**
Check and execute the pending TPM request.
The TPM request may come from OS or BIOS. This API will display request information and wait
The TPM request may come from OS or BIOS. This API will display request information and wait
for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
the TPM request is confirmed, and one or more reset may be required to make TPM request to
the TPM request is confirmed, and one or more reset may be required to make TPM request to
take effect.
This API should be invoked after console in and console out are all ready as they are required
to display request information and get user input to confirm the request.
to display request information and get user input to confirm the request.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
**/
@ -908,7 +908,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
//
// This flags variable controls whether physical presence is required for TPM command.
// This flags variable controls whether physical presence is required for TPM command.
// It should be protected from malicious software. We set it as read-only variable here.
//
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
@ -923,7 +923,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
ASSERT_EFI_ERROR (Status);
}
}
//
// Check S4 resume
//
@ -958,7 +958,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
}
DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
}
//
// Initialize physical presence variable.
//
@ -990,7 +990,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
//
// Execute pending TPM request.
//
//
Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
@ -1001,7 +1001,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
The TPM request may come from OS. This API will check if TPM request exists and need user
input to confirmation.
@retval TRUE TPM needs input to confirm user physical presence.
@retval FALSE TPM doesn't need input to confirm user physical presence.
@ -1052,7 +1052,7 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
if (EFI_ERROR (Status)) {
return FALSE;
}
if (TcgPpData.PPRequest == TCG2_PHYSICAL_PRESENCE_NO_ACTION) {
//
// No operation request
@ -1097,7 +1097,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
EFI_STATUS Status;
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n"));
//
@ -1117,7 +1117,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE;
}
*MostRecentRequest = PpData.LastPPRequest;
*Response = PpData.PPResponse;
@ -1130,7 +1130,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
Submit TPM Operation Request to Pre-OS Environment 2.
Caution: This function may receive untrusted input.
@param[in] OperationRequest TPM physical presence operation request.
@param[in] RequestParameter TPM physical presence operation request parameter.
@ -1148,9 +1148,9 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
UINTN DataSize;
EFI_TCG2_PHYSICAL_PRESENCE PpData;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter));
//
// Get the Physical Presence variable
//
@ -1184,7 +1184,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
}

4
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
View File

@ -8,7 +8,7 @@
# This driver will have external input - variable.
# This external input must be validated carefully to avoid security issue.
#
# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -25,7 +25,7 @@
FILE_GUID = 7E507A86-DE8B-4AD3-BC4C-0498389098D3
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
#
# The following information is for reference only and not required by the build tools.

4
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni
View File

@ -3,12 +3,12 @@
//
// This library will check and execute TPM 2.0 request from OS or BIOS. The request may
// ask for user confirmation before execution.
//
//
// Caution: This module requires additional review when modified.
// This driver will have external input - variable.
// This external input must be validated carefully to avoid security issue.
//
// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

18
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni
View File

@ -1,13 +1,13 @@
/** @file
String definitions for TPM 2.0 physical presence confirm text.
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -17,8 +17,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string TPM_HEAD_STR #language en-US "A configuration change was requested to %s this computer's TPM (Trusted Platform Module)\n\n"
#string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n"
#string TPM_ACCEPT_KEY #language en-US "Press F10 "
#string TPM_CAUTION_KEY #language en-US "Press F12 "
#string TPM_ACCEPT_KEY #language en-US "Press F10 "
#string TPM_CAUTION_KEY #language en-US "Press F12 "
#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n"
#string TPM_ENABLE #language en-US "enable"
@ -48,8 +48,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n"
#string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n"
#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 "
#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 "
#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 "
#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 "
#string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n"
#string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests "

170
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
View File

@ -8,13 +8,13 @@
ExecutePendingTpmRequest() will receive untrusted input and do validation.
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -60,10 +60,10 @@ PhysicalPresenceGetStringById (
/**
Get TPM physical presence permanent flags.
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag.
@param[out] CmdEnable physicalPresenceCMDEnable permanent flag.
@retval EFI_SUCCESS Flags were returns successfully.
@retval other Failed to locate EFI TCG Protocol.
@ -82,13 +82,13 @@ GetTpmCapability (
UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3];
TPM_PERMANENT_FLAGS *TpmPermanentFlags;
UINT8 RecvBuffer[40];
//
// Fill request header
//
TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer;
TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer;
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer));
TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability);
@ -99,8 +99,8 @@ GetTpmCapability (
SendBufPtr = (UINT32*)(TpmRqu + 1);
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG));
WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)));
WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT));
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
sizeof (SendBuffer),
@ -111,9 +111,9 @@ GetTpmCapability (
ASSERT_EFI_ERROR (Status);
ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND));
ASSERT (TpmRsp->returnCode == 0);
TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];
if (LifetimeLock != NULL) {
*LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock;
}
@ -128,9 +128,9 @@ GetTpmCapability (
/**
Issue TSC_PhysicalPresence command to TPM.
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] PhysicalPresence The state to set the TPM's Physical Presence flags.
@retval EFI_SUCCESS TPM executed the command successfully.
@retval EFI_SECURITY_VIOLATION TPM returned error when executing the command.
@retval other Failed to locate EFI TCG Protocol.
@ -154,7 +154,7 @@ TpmPhysicalPresence (
TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND);
TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer));
TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence);
WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));
WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence));
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
@ -171,19 +171,19 @@ TpmPhysicalPresence (
//
return EFI_SECURITY_VIOLATION;
}
return Status;
}
/**
Issue a TPM command for which no additional output data will be returned.
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] Ordinal TPM command code.
@param[in] AdditionalParameterSize Additional parameter size.
@param[in] AdditionalParameters Pointer to the Additional paramaters.
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] Ordinal TPM command code.
@param[in] AdditionalParameterSize Additional parameter size.
@param[in] AdditionalParameters Pointer to the Additional paramaters.
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
receiving response from TPM.
@retval Others Return code from the TPM device after command execution.
@ -232,9 +232,9 @@ TpmCommandNoReturnData (
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] CommandCode Physical presence operation value.
@param[in, out] PpiFlags The physical presence interface flags.
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation.
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
@retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or
receiving response from TPM.
@retval Others Return code from the TPM device after command execution.
@ -397,7 +397,7 @@ ExecutePhysicalPresence (
case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE:
PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE;
return 0;
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
//
// PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR
@ -423,7 +423,7 @@ ExecutePhysicalPresence (
} else {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
}
return TpmResponse;
default:
@ -453,7 +453,7 @@ ReadUserKey (
UINT16 InputKey;
UINTN Index;
InputKey = 0;
InputKey = 0;
do {
Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
if (Status == EFI_NOT_READY) {
@ -479,18 +479,18 @@ ReadUserKey (
if (InputKey != SCAN_ESC) {
return TRUE;
}
return FALSE;
}
/**
The constructor function register UNI strings into imageHandle.
It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
@param ImageHandle The firmware allocated handle for the EFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The constructor successfully added string package.
@retval Other value The constructor can't add string package.
@ -523,12 +523,12 @@ UserConfirm (
{
CHAR16 *ConfirmText;
CHAR16 *TmpStr1;
CHAR16 *TmpStr2;
CHAR16 *TmpStr2;
UINTN BufSize;
BOOLEAN CautionKey;
UINT16 Index;
CHAR16 DstStr[81];
TmpStr2 = NULL;
CautionKey = FALSE;
BufSize = CONFIRM_BUFFER_SIZE;
@ -538,7 +538,7 @@ UserConfirm (
switch (TpmPpCommand) {
case PHYSICAL_PRESENCE_ENABLE:
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
@ -550,7 +550,7 @@ UserConfirm (
case PHYSICAL_PRESENCE_DISABLE:
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
@ -563,10 +563,10 @@ UserConfirm (
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
break;
case PHYSICAL_PRESENCE_ACTIVATE:
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
@ -589,7 +589,7 @@ UserConfirm (
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
break;
case PHYSICAL_PRESENCE_CLEAR:
@ -603,7 +603,7 @@ UserConfirm (
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
@ -628,15 +628,15 @@ UserConfirm (
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@ -648,8 +648,8 @@ UserConfirm (
case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
@ -660,8 +660,8 @@ UserConfirm (
case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE:
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
@ -688,15 +688,15 @@ UserConfirm (
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@ -709,11 +709,11 @@ UserConfirm (
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
CautionKey = TRUE;
TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR));
UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2);
FreePool (TmpStr1);
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@ -787,7 +787,7 @@ UserConfirm (
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
FreePool (TmpStr1);
TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY));
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
@ -877,10 +877,10 @@ UserConfirm (
DstStr[80] = L'\0';
for (Index = 0; Index < StrLen (ConfirmText); Index += 80) {
StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
Print (DstStr);
StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1);
Print (DstStr);
}
FreePool (TmpStr1);
FreePool (TmpStr2);
FreePool (ConfirmText);
@ -889,17 +889,17 @@ UserConfirm (
return TRUE;
}
return FALSE;
return FALSE;
}
/**
Check if there is a valid physical presence command request. Also updates parameter value
Check if there is a valid physical presence command request. Also updates parameter value
to whether the requested physical presence command already confirmed by user
@param[in] TcgPpData EFI TCG Physical Presence request data.
@param[in] Flags The physical presence interface flags.
@param[in] Flags The physical presence interface flags.
@param[out] RequestConfirmed If the physical presence operation command required user confirm from UI.
True, it indicates the command doesn't require user confirm, or already confirmed
True, it indicates the command doesn't require user confirm, or already confirmed
in last boot cycle by user.
False, it indicates the command need user confirm from UI.
@ -1006,7 +1006,7 @@ HaveValidTpmRequest (
TcgPpData variable is external input, so this function will validate
its data structure to be valid value.
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] TcgProtocol EFI TCG Protocol instance.
@param[in] TcgPpData Point to the physical presence NV variable.
@param[in] Flags The physical presence interface flags.
@ -1052,7 +1052,7 @@ ExecutePendingTpmRequest (
} else {
if (!RequestConfirmed) {
//
// Print confirm text and wait for approval.
// Print confirm text and wait for approval.
//
RequestConfirmed = UserConfirm (TcgPpData->PPRequest);
}
@ -1077,18 +1077,18 @@ ExecutePendingTpmRequest (
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
sizeof (EFI_PHYSICAL_PRESENCE_FLAGS),
&NewFlags
);
);
if (EFI_ERROR (Status)) {
return;
}
}
//
// Clear request
//
if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) {
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION;
}
//
@ -1124,7 +1124,7 @@ ExecutePendingTpmRequest (
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR:
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
break;
default:
if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
@ -1142,21 +1142,21 @@ ExecutePendingTpmRequest (
Print (L"Rebooting system to make TPM settings in effect\n");
gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL);
ASSERT (FALSE);
ASSERT (FALSE);
}
/**
Check and execute the pending TPM request and Lock TPM.
The TPM request may come from OS or BIOS. This API will display request information and wait
The TPM request may come from OS or BIOS. This API will display request information and wait
for user confirmation if TPM request exists. The TPM request will be sent to TPM device after
the TPM request is confirmed, and one or more reset may be required to make TPM request to
the TPM request is confirmed, and one or more reset may be required to make TPM request to
take effect. At last, it will lock TPM to prevent TPM state change by malware.
This API should be invoked after console in and console out are all ready as they are required
to display request information and get user input to confirm the request. This API should also
to display request information and get user input to confirm the request. This API should also
be invoked as early as possible as TPM is locked in this function.
**/
VOID
EFIAPI
@ -1172,7 +1172,7 @@ TcgPhysicalPresenceLibProcessRequest (
EFI_TCG_PROTOCOL *TcgProtocol;
EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return ;
@ -1206,7 +1206,7 @@ TcgPhysicalPresenceLibProcessRequest (
DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));
//
// This flags variable controls whether physical presence is required for TPM command.
// This flags variable controls whether physical presence is required for TPM command.
// It should be protected from malicious software. We set it as read-only variable here.
//
Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol);
@ -1221,7 +1221,7 @@ TcgPhysicalPresenceLibProcessRequest (
ASSERT_EFI_ERROR (Status);
}
}
//
// Initialize physical presence variable.
//
@ -1262,7 +1262,7 @@ TcgPhysicalPresenceLibProcessRequest (
if (EFI_ERROR (Status)) {
return ;
}
if (!CmdEnable) {
if (LifetimeLock) {
//
@ -1275,7 +1275,7 @@ TcgPhysicalPresenceLibProcessRequest (
return ;
}
}
//
// Set operator physical presence flags
//
@ -1283,7 +1283,7 @@ TcgPhysicalPresenceLibProcessRequest (
//
// Execute pending TPM request.
//
//
ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags);
DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse));
@ -1298,7 +1298,7 @@ TcgPhysicalPresenceLibProcessRequest (
The TPM request may come from OS. This API will check if TPM request exists and need user
input to confirmation.
@retval TRUE TPM needs input to confirm user physical presence.
@retval FALSE TPM doesn't need input to confirm user physical presence.
@ -1317,7 +1317,7 @@ TcgPhysicalPresenceLibNeedUserConfirm(
BOOLEAN CmdEnable;
EFI_TCG_PROTOCOL *TcgProtocol;
EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags;
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
return FALSE;
@ -1349,7 +1349,7 @@ TcgPhysicalPresenceLibNeedUserConfirm(
if (EFI_ERROR (Status)) {
return FALSE;
}
if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) {
//
// No operation request

8
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
View File

@ -2,14 +2,14 @@
# Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM
#
# This library will check and execute TPM 1.2 request from OS or BIOS. The request may
# ask for user confirmation before execution. This Library will also lock TPM physical
# ask for user confirmation before execution. This Library will also lock TPM physical
# presence at last.
#
# Caution: This module requires additional review when modified.
# This driver will have external input - variable.
# This external input must be validated carefully to avoid security issue.
#
# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -26,9 +26,9 @@
FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = TcgPhysicalPresenceLibConstructor
#
# The following information is for reference only and not required by the build tools.
#

4
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni
View File

@ -4,12 +4,12 @@
// This library will check and execute TPM 1.2 request from OS or BIOS. The request may
// ask for user confirmation before execution. This Library will also lock TPM physical
// presence at last.
//
//
// Caution: This module requires additional review when modified.
// This driver will have external input - variable.
// This external input must be validated carefully to avoid security issue.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

14
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni
View File

@ -1,14 +1,14 @@
/** @file
String definitions for TPM 1.2 physical presence confirm text.
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -19,8 +19,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n"
#string TPM_UPGRADE_HEAD_STR #language en-US "A configuration change was requested to %s to the TPM's (Trusted Platform Module) firmware.\n\n"
#string TPM_ACCEPT_KEY #language en-US "Press F10 "
#string TPM_CAUTION_KEY #language en-US "Press F12 "
#string TPM_ACCEPT_KEY #language en-US "Press F10 "
#string TPM_CAUTION_KEY #language en-US "Press F12 "
#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n"
#string TPM_ENABLE #language en-US "enable"

88
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
View File

@ -15,14 +15,14 @@
Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse
partition data carefully.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -70,11 +70,11 @@ MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL;
@param FileHandle Pointer to the file handle to read the PE/COFF image.
@param FileOffset Offset into the PE/COFF image to begin the read operation.
@param ReadSize On input, the size in bytes of the requested read operation.
@param ReadSize On input, the size in bytes of the requested read operation.
On output, the number of bytes actually read.
@param Buffer Output buffer that contains the data read from the PE/COFF image.
@retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
@retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
**/
EFI_STATUS
EFIAPI
@ -157,11 +157,11 @@ Tcg2MeasureGptTable (
}
//
// Read the EFI Partition Table Header
//
//
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -173,7 +173,7 @@ Tcg2MeasureGptTable (
DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
}
//
// Read the partition entry.
//
@ -194,7 +194,7 @@ Tcg2MeasureGptTable (
FreePool (EntryPtr);
return EFI_DEVICE_ERROR;
}
//
// Count the valid partition
//
@ -202,15 +202,15 @@ Tcg2MeasureGptTable (
NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
//
// Prepare Data for Measurement
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event));
if (Tcg2Event == NULL) {
@ -224,11 +224,11 @@ Tcg2MeasureGptTable (
Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
Tcg2Event->Header.PCRIndex = 5;
Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT;
GptData = (EFI_GPT_DATA *) Tcg2Event->Event;
GptData = (EFI_GPT_DATA *) Tcg2Event->Event;
//
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
//
//
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition;
//
@ -286,7 +286,7 @@ Tcg2MeasureGptTable (
@retval EFI_SUCCESS Successfully measure image.
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
@retval other error value
**/
@ -381,27 +381,27 @@ Finish:
}
/**
The security handler is used to abstract platform-specific policy
from the DXE core response to an attempt to use a file that returns a
given status for the authentication check from the section extraction protocol.
The security handler is used to abstract platform-specific policy
from the DXE core response to an attempt to use a file that returns a
given status for the authentication check from the section extraction protocol.
The possible responses in a given SAP implementation may include locking
flash upon failure to authenticate, attestation logging for all signed drivers,
and other exception operations. The File parameter allows for possible logging
The possible responses in a given SAP implementation may include locking
flash upon failure to authenticate, attestation logging for all signed drivers,
and other exception operations. The File parameter allows for possible logging
within the SAP of the driver.
If File is NULL, then EFI_INVALID_PARAMETER is returned.
If the file specified by File with an authentication status specified by
If the file specified by File with an authentication status specified by
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
then EFI_ACCESS_DENIED is returned.
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use right now, but it
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use right now, but it
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
returned.
@param[in] AuthenticationStatus This is the authentication status returned
@ -453,7 +453,7 @@ DxeTpm2MeasureBootHandler (
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
Tcg2Protocol,
&ProtocolCapability
);
if (EFI_ERROR (Status) || (!ProtocolCapability.TPMPresentFlag)) {
@ -468,7 +468,7 @@ DxeTpm2MeasureBootHandler (
// Copy File Device Path
//
OrigDevicePathNode = DuplicateDevicePath (File);
//
// 1. Check whether this device path support BlockIo protocol.
// Is so, this device path may be a GPT device path.
@ -489,8 +489,8 @@ DxeTpm2MeasureBootHandler (
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
//
@ -526,7 +526,7 @@ DxeTpm2MeasureBootHandler (
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
//
// 2. Measure PE image.
//
@ -560,7 +560,7 @@ DxeTpm2MeasureBootHandler (
TempHandle = Handle;
do {
Status = gBS->HandleProtocol(
TempHandle,
TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol
);
@ -619,16 +619,16 @@ DxeTpm2MeasureBootHandler (
//
goto Finish;
}
//
// Measure only application if Application flag is set
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
//
// Print the image path to be measured.
//
//
DEBUG_CODE_BEGIN ();
CHAR16 *ToText;
ToText = ConvertDevicePathToText (
@ -647,10 +647,10 @@ DxeTpm2MeasureBootHandler (
//
Status = Tcg2MeasurePeImage (
Tcg2Protocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
ImageContext.ImageType,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
ImageContext.ImageType,
DevicePathNode
);
DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - Tcg2MeasurePeImage - %r\n", Status));

8
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
View File

@ -4,15 +4,15 @@
# Spec Compliance Info:
# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 00.21"
#
# This library instance hooks LoadImage() API to measure every image that
# This library instance hooks LoadImage() API to measure every image that
# is not measured in PEI phase. And, it will also measure GPT partition.
#
# Caution: This module requires additional review when modified.
# This library will have external input - PE/COFF image and GPT partition.
# This external input must be validated carefully to avoid security issues such
# This external input must be validated carefully to avoid security issues such
# as buffer overflow or integer overflow.
#
# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -29,7 +29,7 @@
FILE_GUID = 778CE4F4-36BD-4ae7-B8F0-10B420B0D174
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeTpm2MeasureBootLibConstructor
#

4
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni
View File

@ -3,13 +3,13 @@
//
// This library instance hooks LoadImage() API to measure every image that
// is not measured in PEI phase. And, it will also measure GPT partition.
//
//
// Caution: This module requires additional review when modified.
// This library will have external input - PE/COFF image and GPT partition.
// This external input must be validated carefully to avoid security issues such
// as buffer overflow or integer overflow.
//
// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

106
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@ -1,5 +1,5 @@
/** @file
The library instance provides security service of TPM measure boot.
The library instance provides security service of TPM measure boot.
Caution: This file requires additional review when modified.
This library will have external input - PE/COFF image and GPT partition.
@ -15,13 +15,13 @@
TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse
partition data carefully.
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -68,11 +68,11 @@ MEASURED_HOB_DATA *mMeasuredHobData = NULL;
@param FileHandle Pointer to the file handle to read the PE/COFF image.
@param FileOffset Offset into the PE/COFF image to begin the read operation.
@param ReadSize On input, the size in bytes of the requested read operation.
@param ReadSize On input, the size in bytes of the requested read operation.
On output, the number of bytes actually read.
@param Buffer Output buffer that contains the data read from the PE/COFF image.
@retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
@retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
**/
EFI_STATUS
EFIAPI
@ -157,11 +157,11 @@ TcgMeasureGptTable (
}
//
// Read the EFI Partition Table Header
//
//
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -173,7 +173,7 @@ TcgMeasureGptTable (
DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
}
//
// Read the partition entry.
//
@ -194,7 +194,7 @@ TcgMeasureGptTable (
FreePool (EntryPtr);
return EFI_DEVICE_ERROR;
}
//
// Count the valid partition
//
@ -202,15 +202,15 @@ TcgMeasureGptTable (
NumberOfPartition = 0;
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
//
// Prepare Data for Measurement
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
//
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
if (TcgEvent == NULL) {
@ -222,11 +222,11 @@ TcgMeasureGptTable (
TcgEvent->PCRIndex = 5;
TcgEvent->EventType = EV_EFI_GPT_EVENT;
TcgEvent->EventSize = EventSize;
GptData = (EFI_GPT_DATA *) TcgEvent->Event;
GptData = (EFI_GPT_DATA *) TcgEvent->Event;
//
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
//
//
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
GptData->NumberOfPartitions = NumberOfPartition;
//
@ -278,7 +278,7 @@ TcgMeasureGptTable (
PE/COFF image is external input, so this function will validate its data structure
within this image buffer before use.
Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
its caller function DxeTpmMeasureBootHandler().
@param[in] TcgProtocol Pointer to the located TCG protocol instance.
@ -290,7 +290,7 @@ TcgMeasureGptTable (
@retval EFI_SUCCESS Successfully measure image.
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
@retval other error value
**/
@ -420,8 +420,8 @@ TcgMeasurePeImage (
//
if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
//
@ -432,7 +432,7 @@ TcgMeasurePeImage (
//
Magic = Hdr.Pe32->OptionalHeader.Magic;
}
//
// 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum.
@ -455,7 +455,7 @@ TcgMeasurePeImage (
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
goto Finish;
}
}
//
// 5. Skip over the image checksum (it occupies a single ULONG).
@ -484,7 +484,7 @@ TcgMeasurePeImage (
if (!HashStatus) {
goto Finish;
}
}
}
} else {
//
// 7. Hash everything from the end of the checksum to the start of the Cert Directory.
@ -498,7 +498,7 @@ TcgMeasurePeImage (
} else {
//
// Use PE32+ offset
//
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
}
@ -527,7 +527,7 @@ TcgMeasurePeImage (
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
}
if (HashSize != 0) {
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
if (!HashStatus) {
@ -690,27 +690,27 @@ Finish:
}
/**
The security handler is used to abstract platform-specific policy
from the DXE core response to an attempt to use a file that returns a
given status for the authentication check from the section extraction protocol.
The security handler is used to abstract platform-specific policy
from the DXE core response to an attempt to use a file that returns a
given status for the authentication check from the section extraction protocol.
The possible responses in a given SAP implementation may include locking
flash upon failure to authenticate, attestation logging for all signed drivers,
and other exception operations. The File parameter allows for possible logging
The possible responses in a given SAP implementation may include locking
flash upon failure to authenticate, attestation logging for all signed drivers,
and other exception operations. The File parameter allows for possible logging
within the SAP of the driver.
If File is NULL, then EFI_INVALID_PARAMETER is returned.
If the file specified by File with an authentication status specified by
If the file specified by File with an authentication status specified by
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
then EFI_ACCESS_DENIED is returned.
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use right now, but it
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
If the file specified by File with an authentication status specified by
AuthenticationStatus is not safe for the DXE Core to use right now, but it
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
returned.
@param[in] AuthenticationStatus This is the authentication status returned
@ -764,7 +764,7 @@ DxeTpmMeasureBootHandler (
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);
Status = TcgProtocol->StatusCheck (
TcgProtocol,
TcgProtocol,
&ProtocolCapability,
&TCGFeatureFlags,
&EventLogLocation,
@ -781,7 +781,7 @@ DxeTpmMeasureBootHandler (
// Copy File Device Path
//
OrigDevicePathNode = DuplicateDevicePath (File);
//
// 1. Check whether this device path support BlockIo protocol.
// Is so, this device path may be a GPT device path.
@ -802,8 +802,8 @@ DxeTpmMeasureBootHandler (
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
//
@ -838,7 +838,7 @@ DxeTpmMeasureBootHandler (
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
//
// 2. Measure PE image.
//
@ -872,7 +872,7 @@ DxeTpmMeasureBootHandler (
TempHandle = Handle;
do {
Status = gBS->HandleProtocol(
TempHandle,
TempHandle,
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID**)&FvbProtocol
);
@ -931,16 +931,16 @@ DxeTpmMeasureBootHandler (
//
goto Finish;
}
//
// Measure only application if Application flag is set
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
//
// Print the image path to be measured.
//
//
DEBUG_CODE_BEGIN ();
CHAR16 *ToText;
ToText = ConvertDevicePathToText (
@ -959,10 +959,10 @@ DxeTpmMeasureBootHandler (
//
Status = TcgMeasurePeImage (
TcgProtocol,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
ImageContext.ImageType,
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
FileSize,
(UINTN) ImageContext.ImageAddress,
ImageContext.ImageType,
DevicePathNode
);
}

8
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
View File

@ -1,15 +1,15 @@
## @file
# Provides security service for TPM 1.2 measured boot
#
# This library instance hooks LoadImage() API to measure every image that
# This library instance hooks LoadImage() API to measure every image that
# is not measured in PEI phase. And, it will also measure GPT partition.
#
# Caution: This module requires additional review when modified.
# This library will have external input - PE/COFF image and GPT partition.
# This external input must be validated carefully to avoid security issues such
# This external input must be validated carefully to avoid security issues such
# as buffer overflow or integer overflow.
#
# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -26,7 +26,7 @@
FILE_GUID = 6C60C7D0-922A-4b7c-87D7-E503EDD73BBF
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeTpmMeasureBootLibConstructor
#

4
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni
View File

@ -3,13 +3,13 @@
//
// This library instance hooks LoadImage() API to measure every image that
// is not measured in PEI phase. And, it will also measure GPT partition.
//
//
// Caution: This module requires additional review when modified.
// This library will have external input - PE/COFF image and GPT partition.
// This external input must be validated carefully to avoid security issues such
// as buffer overflow or integer overflow.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

4
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
View File

@ -1,7 +1,7 @@
/** @file
This library is used by other modules to measure data to TPM.
Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -171,7 +171,7 @@ Tpm20MeasureAndLogData (
@retval EFI_DEVICE_ERROR The operation was unsuccessful.
**/
EFI_STATUS
EFIAPI
EFIAPI
TpmMeasureAndLogData (
IN UINT32 PcrIndex,
IN UINT32 EventType,

8
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
View File

@ -1,10 +1,10 @@
## @file
# Provides TPM measurement functions for TPM1.2 and TPM 2.0
#
# This library provides TpmMeasureAndLogData() to measure and log data, and
#
# This library provides TpmMeasureAndLogData() to measure and log data, and
# extend the measurement result into a specific PCR.
#
# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -20,7 +20,7 @@
FILE_GUID = 30930D10-AF5B-4abf-80E6-EB4FFC0AE9D1
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
MODULE_UNI_FILE = DxeTpmMeasurementLib.uni
#

8
SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c
View File

@ -2,7 +2,7 @@
This library is BaseCrypto SHA1 hash instance.
It can be registered to BaseCrypto router, to serve as hash engine.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -118,7 +118,7 @@ Sha1HashFinal (
Sha1Final (Sha1Ctx, Digest);
FreePool (Sha1Ctx);
Tpm2SetSha1ToDigestList (DigestList, Digest);
return EFI_SUCCESS;
@ -133,7 +133,7 @@ HASH_INTERFACE mSha1InternalHashInstance = {
/**
The function register SHA1 instance.
@retval EFI_SUCCESS SHA1 instance is registered, or system dose not surpport registr SHA1 instance
**/
EFI_STATUS
@ -152,4 +152,4 @@ HashInstanceLibSha1Constructor (
return EFI_SUCCESS;
}
return Status;
}
}

8
SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c
View File

@ -2,7 +2,7 @@
This library is BaseCrypto SHA256 hash instance.
It can be registered to BaseCrypto router, to serve as hash engine.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -118,7 +118,7 @@ Sha256HashFinal (
Sha256Final (Sha256Ctx, Digest);
FreePool (Sha256Ctx);
Tpm2SetSha256ToDigestList (DigestList, Digest);
return EFI_SUCCESS;
@ -133,7 +133,7 @@ HASH_INTERFACE mSha256InternalHashInstance = {
/**
The function register SHA256 instance.
@retval EFI_SUCCESS SHA256 instance is registered, or system dose not surpport registr SHA256 instance
**/
EFI_STATUS
@ -152,4 +152,4 @@ HashInstanceLibSha256Constructor (
return EFI_SUCCESS;
}
return Status;
}
}

8
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
View File

@ -3,7 +3,7 @@
hash handler registerd, such as SHA1, SHA256.
Platform can use PcdTpm2HashMask to mask some hash engines.
Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -269,16 +269,16 @@ RegisterHashInterfaceLib (
CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
mHashInterfaceCount ++;
return EFI_SUCCESS;
}
/**
The constructor function of HashLibBaseCryptoRouterDxe.
@param ImageHandle The firmware allocated handle for the EFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The constructor executed correctly.
**/

6
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
View File

@ -2,10 +2,10 @@
# Provides hash service by registered hash handler
#
# This library is BaseCrypto router. It will redirect hash request to each individual
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# mask some hash engines.
#
# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -22,7 +22,7 @@
FILE_GUID = 158DC712-F15A-44dc-93BB-1675045BE066
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = HashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = HashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = HashLibBaseCryptoRouterDxeConstructor
#

4
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
View File

@ -3,7 +3,7 @@
hash handler registerd, such as SHA1, SHA256.
Platform can use PcdTpm2HashMask to mask some hash engines.
Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -374,7 +374,7 @@ RegisterHashInterfaceLib (
CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface));
HashInterfaceHob->HashInterfaceCount ++;
return EFI_SUCCESS;
}

4
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
View File

@ -2,10 +2,10 @@
# Provides hash service by registered hash handler
#
# This library is BaseCrypto router. It will redirect hash request to each individual
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
# mask some hash engines.
#
# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at

4
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c
View File

@ -1,7 +1,7 @@
/** @file
This library uses TPM2 device to calculation hash.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@ -339,4 +339,4 @@ RegisterHashInterfaceLib (
)
{
return EFI_UNSUPPORTED;
}
}

4
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf
View File

@ -1,10 +1,10 @@
## @file
# Provides hash service using TPM2 device
#
# This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to
# This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to
# mask some hash calculation.
#
# Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at

48
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -1,17 +1,17 @@
/** @file
This library registers RSA 2048 SHA 256 guided section handler
This library registers RSA 2048 SHA 256 guided section handler
to parse RSA 2048 SHA 256 encapsulation section and extract raw data.
It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -48,7 +48,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
/**
GetInfo gets raw data size and attribute of the input guided section.
It first checks whether the input guid section is supported.
It first checks whether the input guid section is supported.
If not, EFI_INVALID_PARAMETER will return.
@param InputSection Buffer containing the input GUIDed section to be processed.
@ -56,7 +56,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
@param ScratchBufferSize The size of ScratchBuffer.
@param SectionAttribute The attribute of the input guided section.
@retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and
@retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and
the attribute of the input section are successfully retrieved.
@retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid.
@ -109,7 +109,7 @@ Rsa2048Sha256GuidedSectionGetInfo (
Extraction handler tries to extract raw data from the input guided section.
It also does authentication check for RSA 2048 SHA 256 signature in the input guided section.
It first checks whether the input guid section is supported.
It first checks whether the input guid section is supported.
If not, EFI_INVALID_PARAMETER will return.
@param InputSection Buffer containing the input GUIDed section to be processed.
@ -140,10 +140,10 @@ Rsa2048Sha256GuidedSectionHandler (
UINTN PublicKeyBufferSize;
VOID *HashContext;
VOID *Rsa;
HashContext = NULL;
Rsa = NULL;
if (IS_SECTION2 (InputSection)) {
//
// Check whether the input guid section is recognized.
@ -153,7 +153,7 @@ Rsa2048Sha256GuidedSectionHandler (
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
@ -181,7 +181,7 @@ Rsa2048Sha256GuidedSectionHandler (
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
return EFI_INVALID_PARAMETER;
}
//
// Get the RSA 2048 SHA 256 information.
//
@ -206,7 +206,7 @@ Rsa2048Sha256GuidedSectionHandler (
// All paths from here return EFI_SUCESS and result is returned in AuthenticationStatus
//
Status = EFI_SUCCESS;
//
// Fail if the HashType is not SHA 256
//
@ -248,7 +248,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
//
// Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer
//
@ -283,8 +283,8 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
//
//
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
@ -331,10 +331,10 @@ Rsa2048Sha256GuidedSectionHandler (
//
PERF_INMODULE_BEGIN ("PeiRsaVerify");
CryptoStatus = RsaPkcs1Verify (
Rsa,
Digest,
SHA256_DIGEST_SIZE,
CertBlockRsa2048Sha256->Signature,
Rsa,
Digest,
SHA256_DIGEST_SIZE,
CertBlockRsa2048Sha256->Signature,
sizeof (CertBlockRsa2048Sha256->Signature)
);
PERF_INMODULE_END ("PeiRsaVerify");

10
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf
View File

@ -1,11 +1,11 @@
## @file
# This library doesn't produce any library class. The constructor function uses
# This library doesn't produce any library class. The constructor function uses
# ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler
# that parses RSA 2048 SHA 256 encapsulation section and extracts raw data.
#
# It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.
#
# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@ -49,10 +49,10 @@
PcdLib
PerformanceLib
[Pcd]
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## SOMETIMES_CONSUMES
[Guids]
gEfiCertTypeRsa2048Sha256Guid ## PRODUCES ## UNDEFINED # Specifies RSA 2048 SHA 256 authentication algorithm.
gEfiHashAlgorithmSha256Guid ## SOMETIMES_CONSUMES ## UNDEFINED

4
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni
View File

@ -3,10 +3,10 @@
//
// ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler
// that parses RSA 2048 SHA 256 encapsulation section and extracts raw data.
//
//
// It uses the BaseCrypyLib based on OpenSSL to authenticate the signature.
//
// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

14
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
View File

@ -1,15 +1,15 @@
/** @file
Get TPM 2.0 physical presence information.
This library will get TPM 2.0 physical presence information.
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -39,7 +39,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags;
UINTN DataSize;
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
ASSERT_EFI_ERROR (Status);

6
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
View File

@ -3,7 +3,7 @@
#
# This library will get TPM 2.0 physical presence information.
#
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -40,7 +40,7 @@
DebugLib
PeiServicesLib
PeiServicesTablePointerLib
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags"
gEfiTcg2PhysicalPresenceGuid
@ -49,4 +49,4 @@
gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES
[Depex]
gEfiPeiReadOnlyVariable2PpiGuid
gEfiPeiReadOnlyVariable2PpiGuid

4
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni
View File

@ -2,8 +2,8 @@
// Get TPM 2.0 physical presence information.
//
// This library will get TPM 2.0 physical presence information.
//
// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
//
// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

18
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
View File

@ -1,16 +1,16 @@
/** @file
NULL PlatformSecureLib instance does NOT really detect whether a physical present
NULL PlatformSecureLib instance does NOT really detect whether a physical present
user exists but return TRUE directly. This instance can be used to verify security
related features during platform enabling and development. It should be replaced
by a platform-specific method(e.g. Button pressed) in a real platform for product.
Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -20,7 +20,7 @@ BOOLEAN mUserPhysicalPresence = FALSE;
/**
This function provides a platform-specific method to detect whether the platform
is operating by a physically present user.
is operating by a physically present user.
Programmatic changing of platform security policy (such as disable Secure Boot,
or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
@ -29,7 +29,7 @@ BOOLEAN mUserPhysicalPresence = FALSE;
NOTE THAT: This function cannot depend on any EFI Variable Service since they are
not available when this function is called in AuthenticateVariable driver.
@retval TRUE The platform is operated by a physically present user.
@retval FALSE The platform is NOT operated by a physically present user.
@ -40,7 +40,7 @@ UserPhysicalPresent (
VOID
)
{
return mUserPhysicalPresence;
return mUserPhysicalPresence;
}

4
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
View File

@ -1,12 +1,12 @@
## @file
# NULL platform secure library instance that alway returns TRUE for a user physical present
#
# NULL PlatformSecureLib instance does NOT really detect whether a physical present
# NULL PlatformSecureLib instance does NOT really detect whether a physical present
# user exists but returns TRUE directly. This instance can be used to verify security
# related features during platform enabling and development. It should be replaced
# by a platform-specific method(e.g. Button pressed) in a real platform for product.
#
# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at

28
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
View File

@ -1,6 +1,6 @@
/** @file
Handle TPM 2.0 physical presence requests from OS.
This library will handle TPM 2.0 physical presence request from OS.
Caution: This module requires additional review when modified.
@ -11,12 +11,12 @@
will receive untrusted input and do validation.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -151,7 +151,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status));
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
goto EXIT;
@ -203,7 +203,7 @@ EXIT:
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
@param[in] OperationRequest TPM physical presence operation request.
@param[in] RequestParameter TPM physical presence operation request parameter.
@ -233,7 +233,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
@param[in] OperationRequest TPM physical presence operation request.
@return Return Code for Get User Confirmation Status for Operation.
@ -249,7 +249,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
EFI_TCG2_PHYSICAL_PRESENCE PpData;
EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags;
BOOLEAN RequestConfirmed;
DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest));
//
@ -314,7 +314,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
RequestConfirmed = TRUE;
break;
@ -369,17 +369,17 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED;
} else {
return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;
}
}
}
/**
The constructor function locates SmmVariable protocol.
It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
It will ASSERT() if that operation fails and it will always return EFI_SUCCESS.
@param ImageHandle The firmware allocated handle for the EFI image.
@param SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The constructor successfully added string package.
@retval Other value The constructor can't add string package.
**/

2
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
View File

@ -57,4 +57,4 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
[Depex]
gEfiSmmVariableProtocolGuid
gEfiSmmVariableProtocolGuid

4
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni
View File

@ -2,12 +2,12 @@
// Handle TPM 2.0 physical presence requests from OS.
//
// This library will handle TPM 2.0 physical presence request from OS.
//
//
// Caution: This module requires additional review when modified.
// This driver will have external input - variable.
// This external input must be validated carefully to avoid security issue.
//
// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License

20
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c
View File

@ -1,13 +1,13 @@
/** @file
NULL Tcg2 PP Vendor library instance that does not support any vendor specific PPI.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -19,9 +19,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Check and execute the requested physical presence command.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@ -50,7 +50,7 @@ Tcg2PpVendorLibExecutePendingRequest (
Check if there is a valid physical presence command request.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@ -84,7 +84,7 @@ Tcg2PpVendorLibHasValidRequest (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.
@ -113,7 +113,7 @@ Tcg2PpVendorLibSubmitRequestToPreOSFunction (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.

6
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
View File

@ -1,7 +1,7 @@
## @file
# NULL Tcg PP Vendor library instance that does not support any vendor specific PPI
#
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -32,6 +32,6 @@
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
DebugLib
DebugLib

20
SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c
View File

@ -1,13 +1,13 @@
/** @file
NULL TCG PP Vendor library instance that does not support any vendor specific PPI.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -19,9 +19,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Check and execute the requested physical presence command.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.
@ -48,7 +48,7 @@ TcgPpVendorLibExecutePendingRequest (
Check if there is a valid physical presence command request.
This API should be invoked in BIOS boot phase to process pending request.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@ -82,7 +82,7 @@ TcgPpVendorLibHasValidRequest (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.
@ -109,7 +109,7 @@ TcgPpVendorLibSubmitRequestToPreOSFunction (
This API should be invoked in OS runtime phase to interface with ACPI method.
Caution: This function may receive untrusted input.
If OperationRequest < 128, then ASSERT().
@param[in] OperationRequest TPM physical presence operation request.

6
SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
View File

@ -1,7 +1,7 @@
## @file
# NULL TCG PP Vendor library instance that does not support any vendor specific PPI
#
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -32,6 +32,6 @@
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
DebugLib
DebugLib

2
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
View File

@ -1143,7 +1143,7 @@ OpalSetLockingSpAuthorityEnabledAndPin(
ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0));
//
// For Pyrite type SSC, it not supports Active Key.
// For Pyrite type SSC, it not supports Active Key.
// So here add check logic before enable it.
//
Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey);

6
SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c
View File

@ -1,7 +1,7 @@
/** @file
Implement TPM1.2 NV storage related command.
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. <BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@ -58,7 +58,7 @@ typedef struct {
/**
Send NV DefineSpace command to TPM1.2.
@param PubInfo The public parameters of the NV area.
@param EncAuth The encrypted AuthData, only valid if the attributes require subsequent authorization.
@ -180,7 +180,7 @@ Tpm12NvReadValue (
/**
Send NV WriteValue command to TPM1.2.
@param NvIndex The index of the area to set.
@param Offset The offset into the NV Area.
@param DataSize The size of the data parameter.

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
View File

@ -1,7 +1,7 @@
/** @file
Implement TPM1.2 Ownership related command.
Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -52,4 +52,4 @@ Tpm12ForceClear (
default:
return EFI_DEVICE_ERROR;
}
}
}

10
SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
View File

@ -1,11 +1,11 @@
## @file
# Provides TPM 1.2 TIS functions
#
# This library implements TIS (TPM Interface Specification) functions which is
# used for every TPM 1.2 command. Choosing this library means platform uses and
#
# This library implements TIS (TPM Interface Specification) functions which is
# used for every TPM 1.2 command. Choosing this library means platform uses and
# only uses TPM 1.2 device.
#
# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -45,4 +45,4 @@
DebugLib
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES

38
SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
View File

@ -1,14 +1,14 @@
/** @file
TIS (TPM Interface Specification) functions used by TPM1.2.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@ -52,7 +52,7 @@ Tpm12TisPcPresenceCheck (
)
{
UINT8 RegRead;
RegRead = MmioRead8 ((UINTN)&TisReg->Access);
return (BOOLEAN)(RegRead != (UINT8)-1);
}
@ -127,7 +127,7 @@ Tpm12TisPcWaitRegisterBits (
}
/**
Get BurstCount by reading the burstCount field of a TIS regiger
Get BurstCount by reading the burstCount field of a TIS regiger
in the time of default TIS_TIMEOUT_D.
@param[in] TisReg Pointer to TIS register.
@ -171,7 +171,7 @@ Tpm12TisPcReadBurstCount (
}
/**
Set TPM chip to ready state by sending ready command TIS_PC_STS_READY
Set TPM chip to ready state by sending ready command TIS_PC_STS_READY
to Status Register in time.
@param[in] TisReg Pointer to TIS register.
@ -202,7 +202,7 @@ Tpm12TisPcPrepareCommand (
}
/**
Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE
Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE
to ACCESS Register in the time of default TIS_TIMEOUT_A.
@param[in] TisReg Pointer to TIS register.
@ -218,11 +218,11 @@ Tpm12TisPcRequestUseTpm (
)
{
EFI_STATUS Status;
if (TisReg == NULL) {
return EFI_INVALID_PARAMETER;
}
if (!Tpm12TisPcPresenceCheck (TisReg)) {
return EFI_NOT_FOUND;
}
@ -240,12 +240,12 @@ Tpm12TisPcRequestUseTpm (
/**
Send a command to TPM for execution and return response data.
@param[in] TisReg TPM register space base address.
@param[in] BufferIn Buffer for command data.
@param[in] SizeIn Size of command data.
@param[in, out] BufferOut Buffer for response data.
@param[in, out] SizeOut Size of response data.
@param[in] TisReg TPM register space base address.
@param[in] BufferIn Buffer for command data.
@param[in] SizeIn Size of command data.
@param[in, out] BufferOut Buffer for response data.
@param[in, out] SizeOut Size of response data.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
@ -422,7 +422,7 @@ Exit:
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI

6
SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c
View File

@ -1,7 +1,7 @@
/** @file
This library is TPM12 TCG protocol lib.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -21,7 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/TcgService.h>
#include <IndustryStandard/Tpm12.h>
EFI_TCG_PROTOCOL *mTcgProtocol = NULL;
EFI_TCG_PROTOCOL *mTcgProtocol = NULL;
/**
This service enables the sending of commands to the TPM12.
@ -33,7 +33,7 @@ EFI_TCG_PROTOCOL *mTcgProtocol = NULL;
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI

4
SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
View File

@ -4,7 +4,7 @@
# This library helps to use TPM 1.2 device in library function API
# based on TCG protocol.
#
# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -21,7 +21,7 @@
FILE_GUID = 4D8B77D9-E923-48f8-B070-4053D78B7E56
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = Tpm12DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
LIBRARY_CLASS = Tpm12DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
#
# The following information is for reference only and not required by the build tools.

162
SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
View File

@ -48,25 +48,25 @@ typedef struct {
/**
This command returns various information regarding the TPM and its current state.
The capability parameter determines the category of data returned. The property parameter
selects the first value of the selected category to be returned. If there is no property
The capability parameter determines the category of data returned. The property parameter
selects the first value of the selected category to be returned. If there is no property
that corresponds to the value of property, the next higher value is returned, if it exists.
The moreData parameter will have a value of YES if there are more values of the requested
The moreData parameter will have a value of YES if there are more values of the requested
type that were not returned.
If no next capability exists, the TPM will return a zero-length list and moreData will have
If no next capability exists, the TPM will return a zero-length list and moreData will have
a value of NO.
NOTE:
To simplify this function, leave returned CapabilityData for caller to unpack since there are
NOTE:
To simplify this function, leave returned CapabilityData for caller to unpack since there are
many capability categories and only few categories will be used in firmware. It means the caller
need swap the byte order for the feilds in CapabilityData.
@param[in] Capability Group selection; determines the format of the response.
@param[in] Property Further definition of information.
@param[in] Property Further definition of information.
@param[in] PropertyCount Number of properties of the indicated type to return.
@param[out] MoreData Flag to indicate if there are more values of this type.
@param[out] CapabilityData The capability data.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -95,10 +95,10 @@ Tpm2GetCapability (
SendBuffer.Capability = SwapBytes32 (Capability);
SendBuffer.Property = SwapBytes32 (Property);
SendBuffer.PropertyCount = SwapBytes32 (PropertyCount);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
//
// send Tpm command
//
@ -128,7 +128,7 @@ Tpm2GetCapability (
// Does not unpack all possiable property here, the caller should unpack it and note the byte order.
//
CopyMem (CapabilityData, &RecvBuffer.CapabilityData, RecvBufferSize - sizeof (TPM2_RESPONSE_HEADER) - sizeof (UINT8));
return EFI_SUCCESS;
}
@ -138,7 +138,7 @@ Tpm2GetCapability (
This function parse the value got from TPM2_GetCapability and return the Family.
@param[out] Family The Family of TPM. (a 4-octet character string)
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -150,13 +150,13 @@ Tpm2GetCapabilityFamily (
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_FAMILY_INDICATOR,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_FAMILY_INDICATOR,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -173,7 +173,7 @@ Tpm2GetCapabilityFamily (
This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID.
@param[out] ManufactureId The manufacture ID of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -185,13 +185,13 @@ Tpm2GetCapabilityManufactureID (
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_MANUFACTURER,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_MANUFACTURER,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -209,7 +209,7 @@ Tpm2GetCapabilityManufactureID (
@param[out] FirmwareVersion1 The FirmwareVersion1.
@param[out] FirmwareVersion2 The FirmwareVersion2.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -222,13 +222,13 @@ Tpm2GetCapabilityFirmwareVersion (
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_FIRMWARE_VERSION_1,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_FIRMWARE_VERSION_1,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -237,10 +237,10 @@ Tpm2GetCapabilityFirmwareVersion (
*FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_FIRMWARE_VERSION_2,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_FIRMWARE_VERSION_2,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -258,7 +258,7 @@ Tpm2GetCapabilityFirmwareVersion (
@param[out] MaxCommandSize The maximum value for commandSize in a command.
@param[out] MaxResponseSize The maximum value for responseSize in a command.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -274,10 +274,10 @@ Tpm2GetCapabilityMaxCommandResponseSize (
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_MAX_COMMAND_SIZE,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_MAX_COMMAND_SIZE,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -287,10 +287,10 @@ Tpm2GetCapabilityMaxCommandResponseSize (
*MaxCommandSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_MAX_RESPONSE_SIZE,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_MAX_RESPONSE_SIZE,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -298,17 +298,17 @@ Tpm2GetCapabilityMaxCommandResponseSize (
}
*MaxResponseSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
return EFI_SUCCESS;
}
/**
This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an
algorithm ID and a set of properties of the algorithm.
algorithm ID and a set of properties of the algorithm.
This function parse the value got from TPM2_GetCapability and return the list.
@param[out] AlgList List of algorithm.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -322,24 +322,24 @@ Tpm2GetCapabilitySupportedAlg (
TPMI_YES_NO MoreData;
UINTN Index;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_ALGS,
1,
MAX_CAP_ALGS,
&MoreData,
TPM_CAP_ALGS,
1,
MAX_CAP_ALGS,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (AlgList, &TpmCap.data.algorithms, sizeof (TPML_ALG_PROPERTY));
AlgList->count = SwapBytes32 (AlgList->count);
if (AlgList->count > MAX_CAP_ALGS) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilitySupportedAlg - AlgList->count error %x\n", AlgList->count));
return EFI_DEVICE_ERROR;
return EFI_DEVICE_ERROR;
}
for (Index = 0; Index < AlgList->count; Index++) {
@ -356,7 +356,7 @@ Tpm2GetCapabilitySupportedAlg (
This function parse the value got from TPM2_GetCapability and return the LockoutCounter.
@param[out] LockoutCounter The LockoutCounter of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -368,13 +368,13 @@ Tpm2GetCapabilityLockoutCounter (
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_LOCKOUT_COUNTER,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_LOCKOUT_COUNTER,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -391,7 +391,7 @@ Tpm2GetCapabilityLockoutCounter (
This function parse the value got from TPM2_GetCapability and return the LockoutInterval.
@param[out] LockoutInterval The LockoutInterval of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -403,13 +403,13 @@ Tpm2GetCapabilityLockoutInterval (
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_LOCKOUT_INTERVAL,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_LOCKOUT_INTERVAL,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -427,7 +427,7 @@ Tpm2GetCapabilityLockoutInterval (
@param[out] InputBufferSize The InputBufferSize of TPM.
the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -439,13 +439,13 @@ Tpm2GetCapabilityInputBufferSize (
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_INPUT_BUFFER,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_INPUT_BUFFER,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -462,7 +462,7 @@ Tpm2GetCapabilityInputBufferSize (
This function parse the value got from TPM2_GetCapability and return the PcrSelection.
@param[out] Pcrs The Pcr Selection
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -478,10 +478,10 @@ Tpm2GetCapabilityPcrs (
UINTN Index;
Status = Tpm2GetCapability (
TPM_CAP_PCRS,
0,
1,
&MoreData,
TPM_CAP_PCRS,
0,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {
@ -605,7 +605,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
@param[out] AlgorithmSet The AlgorithmSet of TPM.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -617,13 +617,13 @@ Tpm2GetCapabilityAlgorithmSet (
{
TPMS_CAPABILITY_DATA TpmCap;
TPMI_YES_NO MoreData;
EFI_STATUS Status;
EFI_STATUS Status;
Status = Tpm2GetCapability (
TPM_CAP_TPM_PROPERTIES,
TPM_PT_ALGORITHM_SET,
1,
&MoreData,
TPM_CAP_TPM_PROPERTIES,
TPM_PT_ALGORITHM_SET,
1,
&MoreData,
&TpmCap
);
if (EFI_ERROR (Status)) {

6
SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c
View File

@ -1,7 +1,7 @@
/** @file
Implement TPM2 Context related command.
Copyright (c) 2014, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -36,7 +36,7 @@ typedef struct {
This command causes all context associated with a loaded object or session to be removed from TPM memory.
@param[in] FlushHandle The handle of the item to flush.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -59,7 +59,7 @@ Tpm2FlushContext (
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext);
SendBuffer.FlushHandle = SwapBytes32 (FlushHandle);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

12
SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
View File

@ -87,7 +87,7 @@ typedef struct {
@param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated.
@param[out] Timeout Time value used to indicate to the TPM when the ticket expires.
@param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -120,7 +120,7 @@ Tpm2PolicySecret (
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret);
SendBuffer.AuthHandle = SwapBytes32 (AuthHandle);
SendBuffer.PolicySession = SwapBytes32 (PolicySession);
//
// Add in Auth session
//
@ -148,7 +148,7 @@ Tpm2PolicySecret (
Buffer += sizeof(UINT16);
CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size);
Buffer += PolicyRef->size;
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration));
Buffer += sizeof(UINT32);
@ -220,7 +220,7 @@ Done:
@param[in] PolicySession Handle for the policy session being extended.
@param[in] HashList the list of hashes to check for a match.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -285,7 +285,7 @@ Tpm2PolicyOR (
@param[in] PolicySession Handle for the policy session being extended.
@param[in] Code The allowed commandCode.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -341,7 +341,7 @@ Tpm2PolicyCommandCode (
@param[in] PolicySession Handle for the policy session.
@param[out] PolicyHash the current value of the policyHash of policySession.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/

2
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
View File

@ -97,7 +97,7 @@ CopyAuthSessionCommand (
UINT8 *Buffer;
Buffer = (UINT8 *)AuthSessionOut;
//
// Add in Auth session
//

20
SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
View File

@ -1,7 +1,7 @@
/** @file
Implement TPM2 Hierarchy related command.
Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -214,7 +214,7 @@ Done:
@param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP}
@param[in] AuthSession Auth Session context
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -455,8 +455,8 @@ Tpm2HierarchyChangeAuth (
// Call the TPM
//
Status = Tpm2SubmitCommand (
CmdSize,
(UINT8 *)&Cmd,
CmdSize,
(UINT8 *)&Cmd,
&ResultBufSize,
ResultBuf
);
@ -553,8 +553,8 @@ Tpm2ChangeEPS (
// Call the TPM
//
Status = Tpm2SubmitCommand (
CmdSize,
(UINT8 *)&Cmd,
CmdSize,
(UINT8 *)&Cmd,
&ResultBufSize,
ResultBuf
);
@ -651,8 +651,8 @@ Tpm2ChangePPS (
// Call the TPM
//
Status = Tpm2SubmitCommand (
CmdSize,
(UINT8 *)&Cmd,
CmdSize,
(UINT8 *)&Cmd,
&ResultBufSize,
ResultBuf
);
@ -759,8 +759,8 @@ Tpm2HierarchyControl (
// Call the TPM
//
Status = Tpm2SubmitCommand (
CmdSize,
(UINT8 *)&Cmd,
CmdSize,
(UINT8 *)&Cmd,
&ResultBufSize,
ResultBuf
);

22
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
View File

@ -120,16 +120,16 @@ Tpm2PcrExtend (
// Add in Auth session
//
Buffer = (UINT8 *)&Cmd.AuthSessionPcr;
// sessionInfoSize
SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer);
Buffer += SessionInfoSize;
Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize);
//Digest Count
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count));
Buffer += sizeof(UINT32);
//Digest
for (Index = 0; Index < Digests->count; Index++) {
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg));
@ -241,7 +241,7 @@ Tpm2PcrEvent (
CopyMem (Buffer, EventData->buffer, EventData->size);
Buffer += EventData->size;
CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd);
Cmd.Header.paramSize = SwapBytes32(CmdSize);
@ -311,7 +311,7 @@ Tpm2PcrEvent (
@param[out] PcrUpdateCounter The current value of the PCR update counter.
@param[out] PcrSelectionOut The PCR in the returned list.
@param[out] PcrValues The contents of the PCR indicated in pcrSelect.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -338,7 +338,7 @@ Tpm2PcrRead (
//
SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
for (Index = 0; Index < PcrSelectionIn->count; Index++) {
SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
@ -442,7 +442,7 @@ Tpm2PcrRead (
@param[out] MaxPCR maximum number of PCR that may be in a bank
@param[out] SizeNeeded number of octets required to satisfy the request
@param[out] SizeAvailable Number of octets available. Computed before the allocation
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -509,8 +509,8 @@ Tpm2PcrAllocate (
// Call the TPM
//
Status = Tpm2SubmitCommand (
CmdSize,
(UINT8 *)&Cmd,
CmdSize,
(UINT8 *)&Cmd,
&ResultBufSize,
ResultBuf
);
@ -566,7 +566,7 @@ Done:
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@param[in] SupportedPCRBanks Supported PCR banks
@param[in] PCRBanks PCR banks
@retval EFI_SUCCESS Operation completed successfully.
**/
EFI_STATUS
@ -692,4 +692,4 @@ Tpm2PcrAllocateBanks (
Done:
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
return Status;
}
}

16
SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
View File

@ -162,7 +162,7 @@ typedef struct {
@param[in] NvIndex The NV Index.
@param[out] NvPublic The public area of the index.
@param[out] NvName The Name of the nvIndex.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
@ -192,7 +192,7 @@ Tpm2NvReadPublic (
SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic);
SendBuffer.NvIndex = SwapBytes32 (NvIndex);
SendBufferSize = (UINT32) sizeof (SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
@ -265,7 +265,7 @@ Tpm2NvReadPublic (
CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize);
NvName->size = NvNameSize;
return EFI_SUCCESS;
}
@ -278,7 +278,7 @@ Tpm2NvReadPublic (
@param[in] AuthSession Auth Session context
@param[in] Auth The authorization data.
@param[in] NvPublic The public area of the index.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined.
@ -414,7 +414,7 @@ Done:
@param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}.
@param[in] NvIndex The NV Index.
@param[in] AuthSession Auth Session context
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
@ -521,7 +521,7 @@ Done:
@param[in] Size Number of bytes to read.
@param[in] Offset Byte offset into the area.
@param[in,out] OutData The data read.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.
@ -648,7 +648,7 @@ Tpm2NvRead (
}
CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size);
Done:
//
// Clear AuthSession Content
@ -666,7 +666,7 @@ Done:
@param[in] AuthSession Auth Session context
@param[in] InData The data to write.
@param[in] Offset The offset into the NV Area.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
@retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found.

8
SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c
View File

@ -90,7 +90,7 @@ typedef struct {
@param[in] HashAlg The hash algorithm to use for the hash sequence
An Event sequence starts if this is TPM_ALG_NULL.
@param[out] SequenceHandle A handle to reference the sequence
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -178,7 +178,7 @@ Tpm2HashSequenceStart (
@param[in] SequenceHandle Handle for the sequence object
@param[in] Buffer Data to be added to hash
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -277,7 +277,7 @@ Tpm2SequenceUpdate (
@param[in] SequenceHandle Authorization for the sequence
@param[in] Buffer Data to be added to the Event
@param[out] Results List of digests computed for the PCR
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/
@ -408,7 +408,7 @@ Tpm2EventSequenceComplete (
@param[in] SequenceHandle Authorization for the sequence
@param[in] Buffer Data to be added to the hash/HMAC
@param[out] Result The returned HMAC or digest in a sized buffer
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR Unexpected device behavior.
**/

4
SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c
View File

@ -53,7 +53,7 @@ typedef struct {
@param[in] AuthHash Hash algorithm to use for the session.
@param[out] SessionHandle Handle for the newly created session.
@param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
@ -136,7 +136,7 @@ Tpm2StartAuthSession (
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash));
Buffer += sizeof(UINT16);
SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer);
SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

6
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c
View File

@ -53,7 +53,7 @@ Tpm2GetIdleByPass (
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI
@ -87,7 +87,7 @@ DTpm2RequestUseTpm (
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI
@ -142,7 +142,7 @@ Tpm2RegisterTpm2DeviceLib (
/**
The function caches current active TPM interface type.
@retval EFI_SUCCESS DTPM2.0 instance is registered, or system dose not surpport registr DTPM2.0 instance
**/
EFI_STATUS

2
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
View File

@ -55,4 +55,4 @@
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES
gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES
gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES

4
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
View File

@ -66,7 +66,7 @@ DumpPtpInfo (
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
**/
EFI_STATUS
EFIAPI
@ -98,7 +98,7 @@ TPM2_DEVICE_INTERFACE mDTpm2InternalTpm2Device = {
/**
The function register DTPM2.0 instance and caches current active TPM interface type.
@retval EFI_SUCCESS DTPM2.0 instance is registered, or system dose not surpport registr DTPM2.0 instance
**/
EFI_STATUS

Some files were not shown because too many files have changed in this diff Show More