Commit Graph

950 Commits

Author SHA1 Message Date
Mike Beaton 4d1b9b2878 IntrinsicLib: Move from CryptoPkg to MdePkg 2024-11-04 20:32:04 +03:00
Mikhail Krichanov 14db728651 SecurityPkg: Added SecurityPkg to CI. 2024-11-04 20:32:04 +03:00
Mikhail Krichanov 431595fc95 SecurityPkg: Fixed compilation for OvmfPkgX64 -D TPM2_ENABLE. 2024-10-23 14:24:15 +03:00
Gerd Hoffmann 01bf6c6c9b SecurityPkg/RngDxe: add rng test
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.

This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2024-09-09 11:45:07 +01:00
Mikhail Krichanov 5a8fe7214e MdePkg/UefiImageLib: Support multi-format and multi-source architecture
Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>
2024-07-22 13:49:00 +03:00
Mikhail Krichanov a955e8811b SecurePE: Replaced old PE loader with Secure one. 2024-07-22 13:42:14 +03:00
Flickdm a85336531c SecurityPkg RngDxe: Remove incorrect limitation on GetRng
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
>     //
>    // When a DRBG is used on the output of a entropy source,
>    // its security level must be at least 256 bits according to UEFI
Spec.
>    //
>    if (RNGValueLength < 32) {
>      return EFI_INVALID_PARAMETER;
>    }
>

AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewe Yao <Jiewen.yao@intel.com>
2024-05-24 15:48:52 +00:00
Dionna Glaze 7097c97bde SecurityPkg: Recognize sp800155Event3 event
The signatures for event2 or event3 are now valid TCG SP800155 event
types. Fixes uncrustify formatting.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
2024-05-07 00:21:40 +00:00
Wenxing Hou 54a4fd9b35 SecurityPkg: Add libspdm submodule
libspdm is submodule to support DeviceSecurity feature.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-30 02:21:13 +00:00
Wenxing Hou 750d763623 SecurityPkg: add DeviceSecurity support
This patch implement the SpdmSecurityLib,
which is the core of DeviceSecurity.
And the SpdmSecurityLib include Device Authentication and Measurement.
The other library is to support SpdmSecurityLib.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-30 02:21:13 +00:00
Wenxing Hou c3f615a1bd SecurityPkg: Add TCG PFP 1.06 support.
Add new api Tpm2ExtendNvIndex.
It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-30 02:21:13 +00:00
Min M Xu 61185f1d50 SecurityPkg: Delete TdTcg2Dxe and HashLibTdx in SecurityPkg
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

TdTcg2Dxe and HashLibTdx have been moved to OvmfPkg. So delete the codes
in SecurityPkg and update SecurityPkg.dsc.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-17 03:04:13 +00:00
Min M Xu 71aaf7a308 Security/SecTpmMeasurementLibTdx: Delete unused SecTpmMeasurementLibTdx
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-17 03:04:13 +00:00
CindyX Kuo b6cd5ddce9 SecurityPkg/OpalPasswordDxe: Force reparsing IFR binary when RETRIEVE
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4735

When change callback action from FORM_OPEN to RETRIEVE, it is observed
that NVNE disks will not be displayed when the user enters the formset
at the first time. Revisit the formset can see the update.

1. Add HiiUpdateForm() to force reparsing the IFR binary when RETRIEVE.
2. Create dummy label with suppressif statement in VFR for form update
usage.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ming Tan <ming.tan@intel.com>
Cc: Arthur Chen <arthur.g.chen@intel.com>
Cc: Xiao X Chen <xiao.x.chen@intel.com>
Cc: Tina Chen <tina.chen@intel.com>

Signed-off-by: CindyX Kuo <cindyx.kuo@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Tina Chen <tina.chen@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-16 09:20:58 +00:00
Cindy Kuo 32e2968a1e SecurityPkg/OpalPasswordDxe: Change callback action to meet UEFI spec
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4735

Should not call HiiGetBrowserData() and HiiSetBrowserData() in
ACTION_FORM_OPEN callback function.
Those APIs are called within OpalHiiSetBrowserData/OpalHiiGetBrowserData
which have been used by OpalHii.c.

Change callback action from FORM_OPEN to RETRIEVE to meet UEFI spec.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ming Tan <ming.tan@intel.com>
Cc: Arthur Chen <arthur.g.chen@intel.com>
Cc: Xiao X Chen <xiao.x.chen@intel.com>
Cc: Tina Chen <tina.chen@intel.com>

Signed-off-by: CindyX Kuo <cindyx.kuo@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Tina Chen <tina.chen@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-16 09:20:58 +00:00
Wei6 Xu 0707d9296d SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731

TCG2 configuration UI shows all the hash algorithms that TPM hardware
supports in the checkbox. If user only selects one algorithm that is
supported by TPM hardware but not supported by BIOS and uncheck the
others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able
to decide a viable PCR to activate, then an assert occurs.

Add check against PcdTcg2HashAlgorithmBitmap when deciding whether
to suppress the hash algorithm checkbox to avoid user to select the
hash algorithm which may cause an assert.

Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Rahul Kumar <rahul1.kumar@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-15 15:18:50 +00:00
Ming Tan ee28bea4c0 SecurityPkg/SecureBootConfigDxe: Update UI according to UEFI spec
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4713

In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for
EFI_BROWSER_ACTION_FORM_OPEN:
NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used with
this browser action because question values have not been retrieved yet.

So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN
call back function.

Now call SecureBootExtractConfigFromVariable() and update
IfrNvData->ListCount to save the change to EFI variable, then HII use EFI
variable to control the UI.

Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Felix Polyudov <Felixp@ami.com>
Signed-off-by: Ming Tan <ming.tan@intel.com>
Reviewed-by: Felix Polyudov <Felixp@ami.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2024-04-07 02:48:24 +00:00
Qingyu Shang 6b3a512149 SecurityPkg: Update ReceiveData and SendData function description
Refer to UEFI Spec 2.10 section 13.14, update the parameter 'MediaId'
description for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL function
ReceiveData and SendData.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Qingyu Shang <qingyu.shang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2024-03-13 02:48:38 +00:00
Doug Flick 264636d8e6 SecurityPkg: : Updating SecurityFixes.yaml after symbol rename
Adding the new commit titles for the symbol renames

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <5e0e851e97459e183420178888d4fcdadc2f1ae1.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2024-01-18 19:25:14 +00:00
Doug Flick 326db0c907 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename
Updates the sanitation function names to be lib unique names

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <355aa846a99ca6ac0f7574cf5982661da0d9fea6.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2024-01-18 19:25:14 +00:00
Doug Flick 40adbb7f62 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename
Updates the sanitation function names to be lib unique names

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <7b18434c8a8b561654efd40ced3becb8b378c8f1.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2024-01-18 19:25:14 +00:00
Douglas Flick [MSFT] 8f6d343ae6 SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 0d341c01ee SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764
This commit contains the patch files and tests for DxeTpmMeasureBootLib
CVE 2022-36764.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] c7b2794421 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764
This commit contains the patch files and tests for DxeTpm2MeasureBootLib
CVE 2022-36764.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 1ddcb9fc6b SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 4776a1b39e SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763
This commit contains the patch files and tests for DxeTpmMeasureBootLib
CVE 2022-36763.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 2244465432 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763
This commit contains the patch files and tests for DxeTpm2MeasureBootLib
CVE 2022-36763.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
2024-01-16 07:56:38 +00:00
Vivian Nowka-Keane a00f7a355a SecurityPkg: Apply uncrustify formatting to relevant files
Apply uncrustify formatting to GoogleTest cpp and header files.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Vivian Nowka-Keane <vnowkakeane@linux.microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-10-27 00:50:49 +00:00
Michael Kubacki bc7bbd3bc4 SecurityPkg.ci.yaml: Add debug macro exception
Adds a CI YAML entry to acknowledge a case where a single argument
is matched to a format specifier with a ternary operator.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2023-09-19 01:20:27 +00:00
Linus Liu cdfe4310dd Pyrite support - Secure erase is only available if encryption is supported.
https://bugzilla.tianocore.org/show_bug.cgi?id=3004

Cc: Qi Zhang    <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao  <jiewen.yao@intel.com>
Cc: Tina Chen   <tina.chen@intel.com>
Cc: Xiao X Chen <xiao.x.chen@intel.com>
Signed-off-by: Linus Liu <linus.liu@intel.com>
Reviewed-by: Jiewen Yao  <jiewen.yao@intel.com>
2023-09-13 06:35:02 +00:00
Kun Qin b74f1f7ab5 SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocator
REF: https://bugzilla.tianocore.org/show_bug.cgi?idD91

mAvailableAlgoArray is currently allocated for "RNG_AVAILABLE_ALGO_MAX"
number of bytes, whereas it was dereferenced as "EFI_RNG_ALGORITHM".

This change fixed the buffer allocation logic by allocating a proper size
of buffer before referencing.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Sami Mujawar <Sami.Mujawar@arm.com>
Cc: Pierre Gondois <pierre.gondois@arm.com>

Signed-off-by: Kun Qin <kuqin@microsoft.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
2023-09-08 12:48:57 +00:00
Pierre Gondois ff7ddc02b2 SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm
The first element of mAvailableAlgoArray is defined as the default
Rng algorithm to use. Don't go through the array at each RngGetRNG()
call and just return the first element of the array.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Pierre Gondois 19438cff97 SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151

The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function was added in a previous patch.

The EFI_RNG_PROTOCOL can advertise multiple algorithms through
Guids. The PcdCpuRngSupportedAlgorithm is currently used to
advertise the RngLib in the Arm implementation.

The issues of doing that are:
- the RngLib implementation might not use CPU instructions,
  cf. the BaseRngLibTimerLib
- most platforms don't set PcdCpuRngSupportedAlgorithm

A GetRngGuid() was added to the RngLib in a previous patch,
allowing to identify the algorithm implemented by the RngLib.
Make use of this function and place the unsage algorithm
at the last position in the mAvailableAlgoArray.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Pierre Gondois 65b5dd828e SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a
following patch and to avoid making the MdePkg dependent on another
package, move PcdCpuRngSupportedAlgorithm to the MdePkg.

As the Pcd is only used for AARCH64, place it in an AARCH64
specific sections.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Pierre Gondois 2f981bddcb MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkg
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504

The BaseRngLibTimerLib allows to generate number based on a timer.
This mechanism allows to have a basic non-secure implementation
for non-production platforms.
To bind and identify Random Number Generators implementations with
a GUID, an unsafe GUID should be added. This GUID cannot be added
to the MdePkg unless it is also added to a specification.

To keep the MdePkg self-contained, copy the BaseRngLibTimerLib to
the MdeModulePkg. This will allow to define an unsafe Rng GUID
in a later patch in the MdeModulePkg.

The MdePkg implementation will be removed later. This allows to give
some time to platform owners to switch to the MdeModulePkg
implementation.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Sheng Wei bbf1822295 SecurityPkg/SecureBoot: Support RSA4096 and RSA3072
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Zeyi Chen <zeyi.chen@intel.com>
Cc: Fiona Wang <fiona.wang@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-09-07 06:12:18 +00:00
Michael Kubacki 9896a9c618 SecurityPkg/Tpm2DeviceLibTcg2: Make mTcg2Protocol static
The global variable has a common name that can conflict with other
TCG modules. For example, Tcg2Dxe has a similarly named global that
is of type EFI_TCG2_PROTOCOL instead of EFI_TCG2_PROTOCOL*.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-08-30 00:05:52 +00:00
Kun Qin 6ee981c858 SecurityPkg: SubClassTpm: Updated default value
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966

This change updated the default value of TPM device subclass PCD to
`0x010E0000` in order to match the definition of EFI_PERIPHERAL_TPM
from PI specification v1.8.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kuqin12@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-06-23 16:28:24 +00:00
Rebecca Cran c6382ba0f2 SecurityPkg: Add missing break in Tpm2TestParms
Add missing break in Tpm2TestParms.

Reported in https://github.com/tianocore/edk2/issues/4073

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-05-11 03:28:43 +00:00
Linus Liu d89492456f Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4408

Cc: Jiewen Yao   <jiewen.yao@intel.com>
Cc: Maggie Chu   <maggie.chu@intel.com>
Cc: Kumar Rahul  <rahul.r.kumar@intel.com>
Signed-off-by: Linus Liu <linus.liu@intel.com>
Reviewed-by: Jiewen Yao   <jiewen.yao@intel.com>
2023-05-08 11:39:32 +00:00
Gerd Hoffmann d6b42ed7ed SecurityPkg: add TIS sanity check (tpm12)
The code blindly assumes a TIS interface is present in case both CRB and
FIFO checks fail.  Check the InterfaceType for TIS instead and only
return PtpInterfaceTis in case it matches, PtpInterfaceMax otherwise.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-05-02 15:43:32 +00:00
Gerd Hoffmann 832fbc6e32 SecurityPkg: add TIS sanity check (tpm2)
The code blindly assumes a TIS interface is present in case both CRB and
FIFO checks fail.  Check the InterfaceType for TIS instead and only
return Tpm2PtpInterfaceTis in case it matches, Tpm2PtpInterfaceMax
otherwise.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-05-02 15:43:32 +00:00
Nhi Pham d226811a66 SecurityPkg/DxeImageVerificationLib: Add AUTH_SIG_NOT_FOUND Action
Add the AUTH_SIG_NOT_FOUND Action to the Image Execution Info Table
when the Image is signed but signature is not allowed by DB and the
hash of image is not found in DB/DBX.

This is documented in the UEFI spec 2.10, table 32.5.

This issue is found by the SIE SCT with the error message as follows:
SecureBoot - TestImage1.bin in Image Execution Info Table with
SIG_NOT_FOUND. --FAILURE
B3A670AA-0FBA-48CA-9D01-0EE9700965A9
SctPkg/TestCase/UEFI/EFI/RuntimeServices/SecureBoot/BlackBoxTest/
ImageLoadingBBTest.c:1079:Status Success

Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-04-28 07:03:56 +00:00
Rebecca Cran dd0b33e3e5 SecurityPkg: Update code to be more C11 compliant by using __func__
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among
others support, while __func__ was standardized in C99.

Since it's more standard, replace __FUNCTION__ with __func__ throughout
SecurityPkg.

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2023-04-10 14:19:57 +00:00
Michael D Kinney 358e23c1be SecurityPkg/Library/SecureBootVariableLib: HOST_APPLICATION IA32/X64 only
Update SecureBootVariableLib host-based unit test INF file to only
list VALID_ARCHITECTURES of IA32 and X64 to align with all other
host-based unit test INF files. The UnitTestFrameworkPkg only
provides build support of host-based unit tests to OS applications
for IA32 and X64.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
2023-04-10 05:59:02 +00:00
Michael D Kinney 0657e74116 SecurityPkg/Library/SecureBootVariableLib: Fix VS20xx 4122 errors
The unit test code for the SecureBootVariableLib is initializing
local variable structures in their declaration from other local
variables that are also initialized in their declaration.  ANSI C
does not allow this and error 4122 is generated on VS20xx compilers.

The test cases are updated to initialize the local structure
fields in C statements instead of their local variable declaration.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
2023-04-10 05:59:02 +00:00
Chris Johnson c28c16e7c4 SecurityPkg: Add gmock example
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4389

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Chris Johnson <chris.n.johnson@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-04-10 05:59:02 +00:00
Umang Patel 144028626e SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi
If FirmwareVolumeShadow PPI is available, then use it to
shadow FVs to memory.  Otherwise fallback to CopyMem().

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Patel Umang <umang.patel@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2023-03-27 16:25:51 +00:00
Gerd Hoffmann 494127613b SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2
Call gRT->GetVariable() directly to read the SecureBoot variable.  It is
one byte in size so we can easily place it on the stack instead of
having GetEfiGlobalVariable2() allocate it for us, which avoids a few
possible error cases.

Skip secure boot checks if (and only if):

 (a) the SecureBoot variable is not present (EFI_NOT_FOUND) according to
     the return value, or
 (b) the SecureBoot variable was read successfully and is set to
     SECURE_BOOT_MODE_DISABLE.

Previously the code skipped the secure boot checks on *any*
gRT->GetVariable() error (GetEfiGlobalVariable2 sets the variable
value to NULL in that case) and also on memory allocation failures.

Fixes: CVE-2019-14560
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Suggested-by: Marvin Häuser <mhaeuser@posteo.de>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-03-21 05:52:23 +00:00
Pierre Gondois 75fb0cfc82 SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
On Arm platforms, the number of available RNG algorithms is
dynamically detected and can be 0 in the absence of FEAT_RNG
and firmware TRNG.
In this case, the EFI_RNG_PROTOCOL should not be installed to
prevent from installing an empty protocol.

Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
[ardb: return EFI_REQUEST_UNLOAD_IMAGE instead of an error]
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2023-03-07 15:34:23 +00:00