Commit Graph

950 Commits

Author SHA1 Message Date
sfu5 3c48e853eb Update the default return value of UserPhysicalPresent to TRUE.
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13191 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-12 07:19:46 +00:00
jljusten ea4ee7ac38 EDK II Packages: Add Contributions.txt and License.txt files
Contributions.txt documents the contribution process for all
tianocore projects. The conents of Contributions.txt should
match in all cases.

License.txt is a per-project document showing the license terms
used by that project.

Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13187 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-11 23:19:46 +00:00
sfu5 ba57d4fdf0 Add pointer check for NULL before dereference it.
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13162 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-05 02:39:46 +00:00
tye1 ed47ae0274 Update common authenticated variable (non PK/KEK/DB/DBX) support to comply with latest UEFI spec.
Signed-off by: tye1
Reviewed-by: geekboy15a
Reviewed-by: sfu5
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13157 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-31 04:42:20 +00:00
lzeng14 9622df63df If setting variable in Runtime and there has been a same GUID and name variable existed in system without RT attribute, return EFI_WRITE_PROTECTED.
Signed-off-by: lzeng14
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13156 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-30 07:19:44 +00:00
sfu5 1413b8e94b 1. Fix UNIXGCC IPF build failure in SecurityPkg.
Signed-off-by: sfu5
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13152 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-29 06:54:46 +00:00
sfu5 4adc12bfc3 1. Fix GCC build failure in SecurityPkg.
Signed-off-by: sfu5
Reviewed-by: gdong1


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13146 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-28 09:06:35 +00:00
sfu5 ecc722ad41 1. Remove “Force clear PK” feature in AuthVarialbe driver.
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.

Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-27 08:17:23 +00:00
sfu5 6bc4e19fec 1. Update AuthVarialbe driver to avoid integer overflow when using EFI_VARIABLE_AUTHENTICATION_2 descriptor.
Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13120 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-26 01:43:45 +00:00
sfu5 bd0de3963b 1. Add more error handling code to DxeImageVerificationLib and BaseCryptLib.
Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13109 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-19 05:10:46 +00:00
gdong1 54a26282b3 Fix system reboot automatically if changing the value of [TPM operation]
Signed-off-by: gdong1
Reviewed-by: tye1
Reviewed-by: qianouyang

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13089 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-09 01:37:38 +00:00
gdong1 65cc57fc41 Remove ASSERT to let DXE core return gracefully when loading an invalid image.
Signed-off-by: gdong1
Reviewed-by: jyao1
Reviewed-by: CZhang46

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13035 6f19259b-4bc3-4df7-8a09-765794883524
2012-02-27 02:33:20 +00:00
rsun3 3bbe68a362 Add Missing invocations to VA_END() for VA_START().
Signed-off-by: rsun3
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12979 6f19259b-4bc3-4df7-8a09-765794883524
2012-02-01 06:06:08 +00:00
gdong1 1e44cb991f Remove illegal TPL usage.
Signed-off-by: gdong1
Reviewed-by: niruiyu
Reviewed-by: tye1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12908 6f19259b-4bc3-4df7-8a09-765794883524
2012-01-05 08:11:49 +00:00
ydong10 dc458c90b3 Update the process of some question from EFI_BROWSER_ACTION_CHANGED to EFI_BROWSER_ACTION_CHANGING.
Signed-off-by: ydong10
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12885 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-19 06:57:49 +00:00
ydong10 fab1046560 Update for SecurityPkg.
Per UEFI spec, on CallBack action EFI_BROWSER_ACTION_CHANGING, the return value of ActionRequest will be ignored, but on CallBack action EFI_BROWSER_ACTION_CHANGED, the return value of ActionRequest will be used. 
But, EDKII browser still processes the got ActionRequest. And, all HII drivers in EDKII project also returns their expected ActionRequest value on action EFI_BROWSER_ACTION_CHANGING. 
Now update the browser to follow the spec, and update all core Hii drivers to keep old working modal.

Signed-off-by: ydong10
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12868 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-15 02:59:03 +00:00
gdong1 4cc5bbe97f Update SecurityPkg package versions from 0.91 to 0.92.
Signed-off-by: gdong1
Reviewed-by: hhtian
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12850 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-14 00:17:45 +00:00
oliviermartin 4d832aabbf SecurityPkg/VariableAuthenticated: Check if there is a NV Variable Storage header prior to use its attributes
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of
EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at
the base address.
In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength'
is a non valid value that can lead to a non valid physical address when accessing produces an
access error.

Signed-off-by: oliviermartin
Reviewed-by: rsun3
Reviewed-by: niruiyu



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13 09:42:36 +00:00
gdong1 ae09f9796c Update SignatureSupport variable to reflect firmware capability.
Signed-off-by: gdong1
Reviewed-by: tye
Reviewed-by: sfu5

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12843 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13 08:49:48 +00:00
sfu5 855609196d 1. Fix a bug when verify the CertType GUID in authentication variable data payload.
Signed-off-by: sfu5
Reviewed-by: tye1
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12831 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-09 07:22:59 +00:00
gdong1 2e24814ac9 Update a return status for UEFI spec compliance.
Signed-off-by: gdong1
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12813 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-02 07:51:23 +00:00
lzeng14 209e6e3174 Remove duplicated AML code definitions as they have been added to common header.
Signed-off-by: lzeng14
Reviewed-by: jyao1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12807 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-01 05:32:09 +00:00
ydong10 eb5e7d3e7a Update code to follow coding style. Mainly change about:
1. Remove duplicate lib
2. Refine the name for enum member.
Signed-off-by: ydong10
Reviewed-by: lgao4
Reviewed-by: gdong1
Reviewed-by: vanjeff


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12767 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-23 09:20:57 +00:00
sfu5 d912bad783 1. Check input PK/KEK variable data to make sure it is a valid EFI_SIGNATURE_LIST.
Signed-off-by: sfu5
Reviewed-by: gdong1
Reviewed-by : czhan46


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12765 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-23 05:10:40 +00:00
ydong10 ea71453f72 Initialize the variable before use it to avoid SCT test failed.
Signed-off-by: ydong10
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12744 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-21 07:42:53 +00:00
niruiyu 4f8ef5ce4e Change IPF version AuthVariable driver to support multiple-platform feature.
Signed-off-by: rni2
Reviewed-by: erictian

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12730 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-17 02:40:28 +00:00
gdong1 9463796b88 Make comments to be consistent with the parameter.
Signed-off-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12718 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-16 01:20:58 +00:00
qianouyang bc0c99b3df Update ConfigAcess Protocol which is produced by SecureBootConfigDxe to follow the UEFI SPEC (Handle the Request parameter is NULL in ExtractConfig interface).
Signed-off-by: qianouyang
Reviewed-by: ydong10




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12707 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-15 10:22:35 +00:00
gdong1 7aaf2fd67c Add debug information for secure boot test convenient.
Signed-off-by: gdong1
Reviewed-by: tye
Reviewed-by: xdu2

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12660 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-04 05:41:06 +00:00
gdong1 44a957c607 Enhance drivers for sanity check and coding style alignment.
Signed-off-by: gdong1
Reviewed-by: ydong10


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12622 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-01 09:18:30 +00:00
lgao4 b3c30cb37f Correct file path separator to Linux style for all OS.
Signed-off-by: lgao4


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12603 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-29 07:01:23 +00:00
xdu2 2d3fb91987 SecurityPkg: Update VariableAuthenticated driver with following changes:
1. Remove memory allocation code in runtime.
2. Exclude NULL terminator in VariableName for serialization data in time-based variable authentication.
3. Add support for enroll PK with WRITE_ACCESS attribute.
4. Initialize SetupMode variable with correct NV attribute.
5. Add support for APPEND_WRITE attribute for non-existing Variable.
6. Clear KEK, DB and DBX as well as PK when user request to clear platform keys.
7. Check duplicated EFI_SIGNATURE_DATA for Variable formatted as EFI_SIGNATURE_LIST when APPEND_WRITE attribute is set.
8. Not change SecureBoot Variable in runtime, only update it in boot time since this Variable indicates firmware operating mode.
9. Save time stamp of PK when PK is set with TIME_BASED_WRITE_ACCESS attribute in setup mode.
10. Update to use PcdMaxVariableSize instead of PcdMaxAppendVariableSize for append operation.

Signed-off-by: xdu2
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12599 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 09:55:09 +00:00
xdu2 45bf2c4789 SecurityPkg: Update DxeImageVerificationLib with following changes:
1. Update to check image digest against dbx before execute it.
2. Update to support revoke certificate.
3. Update to support enroll unsigned PE image's Hash to allowed database (db). (Note: Unsigned Image's Hash is calculated in the same way with authenticode, the algorithm is assumed to be SHA256.)

Signed-off-by: xdu2
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12598 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 09:54:08 +00:00
qianouyang 4bf8ffc3fb Remove a unnecessary Macro in SecureBootConfigImpl.h.
Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12588 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 06:02:50 +00:00
qianouyang beda2356f5 Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup browser.
Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 03:46:20 +00:00
gdong1 0c5b25f021 Update UID drivers to align with latest UEFI spec 2.3.1.
Signed-off-by: gdong1
Reviewed-by: tye
Reviewed-by: qianouyang

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12567 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-26 02:03:57 +00:00
niruiyu 9a000b464f Support Variable driver (VariableAuthenticatedPei/VariableAuthenticatedRuntimeDxe) to support the default variable data stored in HOB.
Signed-off-by: niruiyu
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12554 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-19 12:40:52 +00:00
sfu5 3b4151bcb4 Add pointer check for NULL before dereference it.
Signed-off-by: sfu5
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12537 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-14 05:19:25 +00:00
gdong1 87200170b3 Fix build failure with MS ASL compiler.
Signed-off-by: gdong1
Reviewed-by: jyao1


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12531 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-12 03:48:06 +00:00
gdong1 6f0b864812 Update UID drivers to align with latest UEFI spec 2.3.1.
Directly use ImageHandle instead of &ImageHandle for wrong usage in TCG physical presence library.

Signed-off-by: gdong1
Reviewed-by: xdu2
Reviewed-by: lgao4


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12530 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-12 03:38:19 +00:00
gdong1 607599bf3d Implement Tcg physical presence as a library instead of DXE driver in order that TPM can be locked as early as possible.
Signed-off-by: gdong1
Reviewed-by: hhtian
Reviewed-by: niruiyu
Reviewed-by: xdu2


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12447 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-27 08:44:33 +00:00
hhuan13 570b3d1a72 1. Enhance DxeImageVerificationLib to avoid some corrupted input.
Signed-off-by: hhuan13
Reviewed-by: qlong


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12399 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-21 05:23:55 +00:00
hhuan13 648f98d15b 1. Enhance AuthVar driver to avoid process corrupted certificate input.
Signed-off-by: hhuan13
Reviewed-by: ftian

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12398 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-21 05:17:50 +00:00
lgao4 a0c56a8219 Clean up the private GUID definition in module Level.
0. Remove the unused private GUID from module source files.
1. Use gEfiCallerIdGuid replace of the private module GUID.
2. Add the public header files to define HII FormSet and PackageList GUID used in every HII driver.

Signed-off-by: lgao4
Reviewed-by: ydong10 gdong1 tye jfan12 wli12 rsun3 jyao1 ftian



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12375 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-18 12:25:27 +00:00
ydong10 43e615983e Update the UserProfileManagerDxe to keep the old behaviors after add exit action when Config_Access_Protocol.CallBack function returns Submit or Reset which is follow UEFI spec 2.3.1.
Signed-off-by: ydong10
Reviewed-by: lgao4


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12363 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-16 06:08:00 +00:00
gdong1 ae4cb94fa6 Update UID drivers to align with latest UEFI spec 2.3.1 errata A.
Signed-off-by: gdong1
Reviewed-by: xdu2

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12345 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-14 02:28:51 +00:00
niruiyu 81b7a60989 Fix ICC build failure.
Signed-off-by: niruiyu

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12331 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-13 05:10:33 +00:00
gdong1 1f58a5dcd4 Sync the fix for recovery mode from MdeModulePkg.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12290 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-07 10:10:11 +00:00
ydong10 0f7f6d23ea Change related:
1. Refine comments to remove the unrecognized code.
2. Add code to avoid potential data type change.
3. In inf file, add module type to the library class list.

Signed-off-by: ydong10

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12284 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-06 08:45:42 +00:00
gdong1 0c18794ea4 Add security package to repository.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-02 07:49:32 +00:00