Commit Graph

950 Commits

Author SHA1 Message Date
Yang, Longlong 542cba73d2 SecurityPkg: Add debug log for indicating IBB verified OBB successfully
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3615

Debug message should be added for indicating IBB is successfully verifying
the OBB.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min M Xu <min.m.xu@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Longlong Yang <longlong.yang@intel.com>
Reviewed-by: Min M Xu <min.m.xu@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2021-09-18 08:57:46 +00:00
Stefan Berger 3b69fcf5f8 SecurityPkg: Add references to header and inf files to SecurityPkg
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-13 16:53:14 +00:00
Stefan Berger 2fa89c8e11 SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-13 16:53:14 +00:00
Stefan Berger a4867dea2a SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
Import Tcg2PlatformPei from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-13 16:53:14 +00:00
Stefan Berger f108178c56 SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
Introduce the new PCD
gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy.
We need it for TpmPlatformHierarchyLib.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-13 16:53:14 +00:00
Stefan Berger 2906e572c6 SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-13 16:53:14 +00:00
Stefan Berger ebbc8ab2cd SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
Import Tcg2PlatformDxe from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-13 16:53:14 +00:00
Stefan Berger 4d5f39cd22 SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-13 16:53:14 +00:00
Stefan Berger 610d8073f2 SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms
Import PeiDxeTpmPlatformHierarchyLib from edk2-platforms without any
modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2021-09-13 16:53:14 +00:00
Michael Kubacki edf8bc6d24 SecurityPkg/MemoryOverwriteControl: Add missing argument to DEBUG print
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3605

The error message is missing the argument for the status code
print specifier.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-09-04 09:03:22 +00:00
Rodrigo Gonzalez del Cueto 3c6107758b SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2855
The Tpm2GetCapabilitySupportedAndActivePcrs function prints a
count number that should reflect the *supported and currently
active* PCR banks, but the implementation in place displays
instead the count of the *supported PCR banks* retrieved
directly from the Tpm2GetCapabilityPcrs()
TPML_PCR_SELECTION output.

The counter should only take into account those PCRs banks
which are active.

Replaced usage of EFI_D_* for DEBUG_* definitions in debug
messages.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-08-09 03:32:24 +00:00
Grzegorz Bernacki 55266a9b8a SecurityPkg: Add option to reset secure boot keys.
This commit add option which allows reset content of Secure Boot
keys and databases to default variables.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4
2021-08-03 07:26:41 +00:00
Grzegorz Bernacki 45f3dd2ce9 SecurityPkg: Add new modules to Security package.
This commits adds modules and dependencies  related
to initialization and usage of default Secure Boot
 key variables to SecurityPkg.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4
2021-08-03 07:26:41 +00:00
Grzegorz Bernacki 19107590b6 SecurityPkg: Add EnrollFromDefaultKeys application.
This application allows user to force key enrollment from
Secure Boot default variables.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
2021-08-03 07:26:41 +00:00
Grzegorz Bernacki 94e065582b SecurityPkg: Add SecureBootDefaultKeysDxe driver
This driver initializes default Secure Boot keys and databases
based on keys embedded in flash.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-08-03 07:26:41 +00:00
Grzegorz Bernacki db959018b6 SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.
This commit removes functions which were added
to SecureBootVariableLib. It also adds dependecy
on that library.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
2021-08-03 07:26:41 +00:00
Grzegorz Bernacki 9732659698 SecurityPkg: Create library for enrolling Secure Boot variables.
This commits add library, which consist functions to
enrolll Secure Boot keys and initialize Secure Boot
default variables. Some of the functions was moved
 from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-08-03 07:26:41 +00:00
Grzegorz Bernacki bb806a6e88 SecurityPkg: Create SecureBootVariableLib.
This commits add library, which consist helper functions related
to creation/removal Secure Boot variables. Some of the functions
was moved from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-08-03 07:26:41 +00:00
Scottie Kuo 11b1c1d4b9 SecurityPkg: TcgStorageOpalLib: Initialize SupportedAttributes parameter.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3408

The value of SupportedAttributes in OpalGetSupportedAttributesInfo ()
is left undetermined, if the caller doesn't initialize it.
Initialize it in the function entry.

Signed-off-by: Scottie Kuo <scottie.kuo@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
2021-06-15 08:43:25 +00:00
Rebecca Cran 4e5ecdbac8 SecurityPkg: Add support for RngDxe on AARCH64
AARCH64 support has been added to BaseRngLib via the optional
ARMv8.5 FEAT_RNG.

Refactor RngDxe to support AARCH64, note support for it in the
VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.

Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
2021-05-11 16:26:05 +00:00
Jiaqi Gao 5396354b86 SecurityPkg: Add constraints on PK strength
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293

Add constraints on the key strength of enrolled platform key(PK), which
must be greater than or equal to 2048 bit. PK key strength is required
by Intel SDL and MSFT, etc. This limitation prevents user from using
weak keys as PK.

The original code to check the certificate file type is placed in a new
function CheckX509Certificate(), which checks if the X.509 certificate
meets the requirements of encode type, RSA-Key strengh, etc.

Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2021-04-26 16:24:32 +00:00
Wenyi Xie 99e7e48cc7 SecurityPkg/FvReportPei: remove redundant sizeof
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333

In function InstallPreHashFvPpi, when calculating the size
of struct HASH_INFO, sizeof is used twice. This bug does
not lead to buffer overflow, "sizeof (HASH_INFO)" is 4,
whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-04-16 08:39:59 +00:00
Michael Kubacki 54211ab10f SecurityPkg/Tcg2Smm: Initialize local Status variable
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3277

Initializes the Status variable in TcgMmReadyToLock().

Fixes a Clang build failure:
Tcg2Smm.c - SecurityPkg\Tcg\Tcg2Smm\Tcg2Smm.c:254:7: error:
variable 'Status' is used uninitialized whenever 'if'
condition is false [-Werror,-Wsometimes-uninitialized]

Initializing this variable is required to address a practical
scenario in which the return value of TcgMmReadyToLock() is
undefined based on conditional evaluation in the function.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Kun Qin <kun.q@outlook.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2021-04-13 01:57:43 +00:00
Dandan Bi 0d03ffc766 SecurityPkg: Consume MdeLibs.dsc.inc for RegisterFilterLib
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3246

MdeLibs.dsc.inc was added for some basic/default library
instances provided by MdePkg and RegisterFilterLibNull Library
was also added into it as the first version of MdeLibs.dsc.inc.

So update platform dsc to consume MdeLibs.dsc.inc for
RegisterFilterLibNull which will be consumed by IoLib and BaseLib.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-03-31 05:47:10 +00:00
Kun Qin 59a3ccb09e SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region
This changes added usage of MmUnblockMemoryLib to explicitly request
allocated NVS region to be accessible from MM environment. It will bring
in compatibility with architectures that supports full memory blockage
inside MM.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB31026F3F8C3FAA39D74CE4BAF3969@MWHPR06MB3102.namprd06.prod.outlook.com>
2021-03-05 15:25:07 +00:00
Kun Qin 8802583c48 SecurityPkg: Tcg2Smm: Added support for Standalone Mm
https://bugzilla.tianocore.org/show_bug.cgi?id=3169

This change added Standalone MM instance of Tcg2. The notify function for
Standalone MM instance is left empty.

A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid
was created to indicate the readiness of Standalone MM Tcg2 driver.

Lastly, the support of CI build for Tcg2 Standalone MM module is added.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB3102C3F99CBADFCC5F8A821CF3969@MWHPR06MB3102.namprd06.prod.outlook.com>
2021-03-05 15:25:07 +00:00
Kun Qin 3c2dc30d1b SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3169

This change separated the original Tcg2Smm module into 2 drivers: the
SMM driver that registers callback for physical presence and memory
clear; the Tcg2Acpi driver that patches and publishes ACPI table for
runtime use.

Tcg2Smm introduced an SMI root handler to allow Tcg2Acpi to communicate
the NVS region used by Tpm.asl and exchange the registered SwSmiValue.

Lastly, Tcg2Smm driver will publish gTcg2MmSwSmiRegisteredGuid at the end
of entrypoint to ensure Tcg2Acpi to load after Tcg2Smm is ready to
communicate.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB310295CC623EF7C062844DFFF3969@MWHPR06MB3102.namprd06.prod.outlook.com>
2021-03-05 15:25:07 +00:00
Kun Qin e2d6833c11 SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst
This change replaced gSmst with gMmst to support broader compatibility
under MM environment for Tcg2Smm driver.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB310218F28C7AAF8DB375E963F3969@MWHPR06MB3102.namprd06.prod.outlook.com>
2021-03-05 15:25:07 +00:00
Kun Qin 7a56650e2e SecurityPkg: Tpm2DeviceLibDTpm: Introduce StandaloneMm instance
This change added a new instance of Tpm2DeviceLibDTpm to support drivers
of type MM_STANDALONE. It abstracts dynamic Pcd access into separate file
for different instances to avoid dynamic usage for StandaloneMm modules.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-02-01 10:03:35 -08:00
Kun Qin 44ac44a269 SecurityPkg: Tcg2PpVendorLibNull: Added support for MM_STANDALONE type
This change extends this null instance of Tcg2PpVendorLib to support
MM_STANDALONE drivers.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-02-01 10:03:35 -08:00
Kun Qin 4593925505 SecurityPkg: Tcg2PhysicalPresenceLib: Introduce StandaloneMm instance
This change added a new instance of Tcg2PhysicalPresenceLib to support
MM_STANDALONE type drivers. It centralizes the common routines into
shared files and abstract the library constructor into corresponding
files to implement each constructor function prototypes.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2021-02-01 10:03:35 -08:00
gaoliming e9d62effa3 Revert "SecurityPkg: Add RPMC Index to the RpmcLib"
This reverts commit 6c8dd15c4a.

Based on the discussion https://edk2.groups.io/g/devel/message/67764,
this change is regarded as the feature request. But, it doesn't pass
reviewed before 202011 stable tag soft feature freeze. So, it should
not be merged into 202011 stable tag.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Liming Gao <gaoliming@byosoft.com.cn>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2020-11-26 01:22:29 +00:00
Nishant Mistry 6c8dd15c4a SecurityPkg: Add RPMC Index to the RpmcLib
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

The re-design requires multiple RPMC counter usages.
The consumer will be capable of selecting amongst multiple counters.

Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-11-19 08:18:03 +00:00
Gao, Zhichao fedd32d82f SecurityPkg/Hash2DxeCrypto: Remove SHA1 support
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027

Remove the deprecated SHA1 support of Hash2DxeCrypto
driver.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20201112055558.2348-3-zhichao.gao@intel.com>
2020-11-17 19:26:50 +00:00
Gao, Zhichao 0a1b6d0be3 SecurityPkg/Hash2DxeCrypto: Remove MD5 support
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027

Remove the deprecated MD5 support of Hash2DxeCrypto
driver.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20201112055558.2348-2-zhichao.gao@intel.com>
2020-11-17 19:26:50 +00:00
Bret Barkelew 28f4616fde SecurityPkg: Allow VariablePolicy state to delete authenticated variables
https://bugzilla.tianocore.org/show_bug.cgi?id=2522

Causes AuthService to check
IsVariablePolicyEnabled() before enforcing
write protections to allow variable deletion
when policy engine is disabled.

Only allows deletion, not modification.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
2020-11-17 01:03:43 +00:00
Terry Lee 709b163940 SecurityPkg/Tcg2PhysicalPresenceLib: Fix incorrect TCG VER comparision
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2697

Tcg2PhysicalPresenceLibConstructor set the module variable
mIsTcg2PPVerLowerThan_1_3 with incorrect TCG version comparision.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-10-18 01:14:43 +00:00
Qi Zhang 7bcb021a6d SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuid
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2963

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-09-16 05:16:02 +00:00
Zhichao Gao cdfc7ed34f SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2943

Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES.
SHA1 is deprecated function and the MACRO is used to remove the whole
implementation of the SHA1. For the platforms that do not need SHA1
for security, the MACRO should works for DxeImageVerificationLib as
well.

Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-09-07 02:38:42 +00:00
Laszlo Ersek 0b143fa43e SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)
The DxeImageVerificationHandler() function currently checks whether
"SecDataDir" has enough room for "WinCertificate->dwLength". However, for
advancing "OffSet", "WinCertificate->dwLength" is aligned to the next
multiple of 8. If "WinCertificate->dwLength" is large enough, the
alignment will return 0, and "OffSet" will be stuck at the same value.

Check whether "SecDataDir" has room left for both
"WinCertificate->dwLength" and the alignment.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Wenyi Xie <xiewenyi2@huawei.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200901091221.20948-4-lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Wenyi Xie <xiewenyi2@huawei.com>
Reviewed-by: Min M Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-09-02 10:16:18 +00:00
Laszlo Ersek a7632e913c SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size check
Currently the (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) check only
guards the de-referencing of the "WinCertificate" pointer. It does not
guard the calculation of the pointer itself:

  WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);

This is wrong; if we don't know for sure that we have enough room for a
WIN_CERTIFICATE, then even creating such a pointer, not just
de-referencing it, may invoke undefined behavior.

Move the pointer calculation after the size check.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Wenyi Xie <xiewenyi2@huawei.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200901091221.20948-3-lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Wenyi Xie <xiewenyi2@huawei.com>
Reviewed-by: Min M Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-09-02 10:16:18 +00:00
Laszlo Ersek 503248ccdf SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, SecDataDirLeft
The following two quantities:

  SecDataDir->VirtualAddress + SecDataDir->Size
  SecDataDir->VirtualAddress + SecDataDir->Size - OffSet

are used multiple times in DxeImageVerificationHandler(). Introduce helper
variables for them: "SecDataDirEnd" and "SecDataDirLeft", respectively.
This saves us multiple calculations and significantly simplifies the code.

Note that all three summands above have type UINT32, therefore the new
variables are also of type UINT32.

This patch does not change behavior.

(Note that the code already handles the case when the

  SecDataDir->VirtualAddress + SecDataDir->Size

UINT32 addition overflows -- namely, in that case, the certificate loop is
never entered, and the corruption check right after the loop fires.)

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Wenyi Xie <xiewenyi2@huawei.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200901091221.20948-2-lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Wenyi Xie <xiewenyi2@huawei.com>
Reviewed-by: Min M Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-09-02 10:16:18 +00:00
Zhiguang Liu 46db105b7b SecurityPkg: Initailize variable Status before it is consumed.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2945

V2: Move "Status = EFI_SUCCESS;" before the EDKII_TCG_PRE_HASH check.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Message-Id: <20200901005505.1722-1-zhiguang.liu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2020-09-01 16:11:24 +00:00
Qi Zhang 547067dd86 SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Message-Id: <20200818062618.3698-8-qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-08-26 15:56:11 +00:00
Qi Zhang 6847329af2 SecurityPkg/dsc: add FvEventLogRecordLib
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Message-Id: <20200818062618.3698-6-qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-08-26 15:56:11 +00:00
Qi Zhang a13947b2fa SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Message-Id: <20200818062618.3698-2-qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-08-26 15:56:11 +00:00
Michael D Kinney 53b40c9c6d SecurityPkg: Fix spelling mistake for occurred
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2361

Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-08-19 00:54:23 +00:00
Michael D Kinney 9b851fd6b2 SecurityPkg/OpalPassword: Fix spelling mistake
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2346

Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-08-19 00:11:57 +00:00
Shenglei Zhang f2a8fae3f6 SecurityPkg/SecurityPkg.ci.yaml: Add configuration for Ecc check
Add configuration ExceptionList and IgnoreFiles for package config
files. So users can rely on this to ignore some Ecc issues.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2020-08-17 03:28:09 +00:00
Shenglei Zhang 9a10c305a1 SecurityPkg/SecurityPkg.ci.yaml: Add configuration for LicenseCheck
Add configuration IgnoreFiles for package config files.
So users can rely on this to skip license conflict for
some generated files.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-07-31 02:49:51 +00:00
Qi Zhang 3887820e5f SecurityPkg/Tcg2Config: remove TPM2_ChangEPS if it is not supported.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2793

In current implementation TPM2_ChangeEPS command is always available
in the TPM2 operation pull down list in TCG2 Configuration, which
is confusing when the command is not supported by specific TPM chip.
As a user experience improvement, TPM2_ChangeEPS command should be
removed from the list when it is not supported.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-07-28 09:56:25 +00:00
Zhang, Qi 1b0d659e6d SecurityPkg/Tpm2CommandLib: add a new function
Tpm2GetCapabilityIsCommandImplemented

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2793

check if the commad is supported by comparing the command code with
command index.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-07-28 09:56:25 +00:00
Guomin Jiang ffde22468e SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098)
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

When we allocate pool to save rebased the PEIMs, the address will change
randomly, therefore the hash will change and result PCR0 change as well.
To avoid this, we save the raw PEIMs and use it to calculate hash.
The TcgPei calculate the hash and it use the Migrated FV Info.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2020-07-28 01:43:16 +00:00
Guomin Jiang 012809cdca SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098)
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

When we allocate pool to save rebased the PEIMs, the address will change
randomly, therefore the hash will change and result PCR0 change as well.
To avoid this, we save the raw PEIMs and use it to calculate hash.
The Tcg2Pei calculate the hash and it use the Migrated FV Info.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2020-07-28 01:43:16 +00:00
Jiewen Yao b87f31f034 SecurityPkg/dsc: Add PeiTpmMeasurementLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-23 01:31:43 +00:00
Jiewen Yao 98625337e4 SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-23 01:31:43 +00:00
Jiewen Yao 1f6fe5cb03 SecurityPkg/Tcg2: Add TcgPpi
And do some code clean with updated function

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-23 01:31:43 +00:00
Jiewen Yao 3e07c65641 SecurityPkg/Tcg: Add TcgPpi
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-23 01:31:43 +00:00
Jiewen Yao 91e2b4b6ec SecurityPkg/dec: Add TcgPpi.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-23 01:31:43 +00:00
Jiewen Yao b630feee02 SecurityPkg/TcgPpi: Add TcgPpi header file.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-23 01:31:43 +00:00
Jiewen Yao f45e3a4afa SecurityPkg/Tcg2Pei: Add missing PCRIndex in FvBlob event.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2840

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-11 03:57:26 +00:00
Jiewen Yao bceaf6952a SecurityPkg/Tcg2Dxe: Add PcdTcgPfpMeasurementRevision in SpecId event.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2839

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-07-11 03:37:11 +00:00
Maggie Chu 1a2ad3ba9e SecurityPkg: Change default value source
https://bugzilla.tianocore.org/show_bug.cgi?id=2713
In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable
is not exist, code will get default value from two places.
This fix is to make the default value comes from the PCD
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-05-21 15:48:57 +00:00
Guomin Jiang 1854eee1b4 SecurityPkg/DxeImageVerificationLib: Mark the File parameter as OPTIONAL
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652

According to the File description, the File is optional and can be NULL.

Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-04-22 01:55:34 +00:00
Guomin Jiang c14f034a1a SecurityPkg/DxeImageAuth: Mark the File parameter as OPTIONAL
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652

According to the File description, The File is optional and can be NULL.

Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-04-22 01:55:34 +00:00
Guomin Jiang 1755932f89 SecurityPkg/TPM: measure UEFI images without associated device paths again
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652

DxeTpm2MeasureBootHandler() and DxeTpmMeasureBootHandler() functions may
receive a FileBuffer argument that is not associated with any particular
device path (e.g., because the UEFI image has not been loaded from any
particular device path).
Therefore rejecting (File==NULL) at the top of the function is invalid.

Fixes: 4b026f0d5a

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-04-22 01:55:34 +00:00
Michael Kubacki 6e3c834ae4 SecurityPkg Tcg: Use SW SMI IO port PCD in Tpm.asl
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2416

Replaces the hardcoded value of 0xB2 with a PCD for the SMI port access
operation region. This allows platforms to customize the IO port value if
necessary.

Cc: Kun Qin <Kun.Qin@microsoft.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
2020-04-21 02:20:51 +00:00
Michael Kubacki cda6f9455c SecurityPkg: Add PCD for SW SMI Command port
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2416

Adds a PCD to SecurityPkg used to specify the SW SMI Command port. This
value may vary across platforms and is current hardcoded to 0xB2 in
package code.

Cc: Kun Qin <Kun.Qin@microsoft.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
2020-04-21 02:20:51 +00:00
Michael Kubacki 3571e1360e SecurityPkg/HddPassword: Use BaseLib linked list iteration macros
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1959

Replaces usage of the linked list iteration macros defined in
HddPasswordDxe.h with the common definition in BaseLib.h.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
2020-04-21 02:20:51 +00:00
Abner Chang 4efcc11c94 SecurityPkg: Security package changes for RISC-V EDK2 CI.
Add RISC-V architecture to SecurityPkg for EDK2 CI testing.

BZ:2562:
https://bugzilla.tianocore.org/show_bug.cgi?id=2562

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Gilbert Chen <gilbert.chen@hpe.com>
Cc: Daniel Schaefer <daniel.schaefer@hpe.com>
2020-04-03 17:09:12 +00:00
Jian J Wang 6e9bd495b3 SecurityPkg: add null version of VariableKeyLib
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

Add null version of VariableKeyLib instance. The full version should be
provided by platforms which supports key generator.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
2020-03-27 16:41:05 +00:00
Jian J Wang d21c2cd082 SecurityPkg: add null version of RpmcLib
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

Add null version of RpmcLib instance. The full version should be provided
by platform which supports RPMC device.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-03-27 16:41:05 +00:00
Jian J Wang 5042ee43d9 SecurityPkg: add RpmcLib and VariableKeyLib public headers
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

RpmcLib.h and VariableKeyLib.h are header files required to access RPMC
device and Key generator from platform. They will be used to ensure the
integrity and confidentiality of NV variables.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-03-27 16:41:05 +00:00
Jian J Wang c230c002ac SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase name (CVE-2019-14575)
IsCertHashFoundInDatabase() is actually used only for searching dbx,
according to the function logic, its comments and its use cases. Changing
it to IsCertHashFoundInDbx to avoid confusion.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang b1c1147059 SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (2) (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

To avoid false-negative issue in check hash against dbx, both error
condition (as return value) and check result (as out parameter) of
IsSignatureFoundInDatabase() are added. So the caller of this function
will know exactly if a failure is caused by a black list hit or
other error happening, and enforce a more secure operation to prevent
secure boot from being bypassed. For a white list check (db), there's
no such necessity.

All intermediate results inside this function will be checked and
returned immediately upon any failure or error, like out-of-resource,
hash calculation error or certificate retrieval failure.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Laszlo Ersek cb30c8f251 SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx() (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

If the second GetVariable() call for "dbx" fails, in IsForbiddenByDbx(),
we have to free Data. Jump to "Done" for that.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang 5cd8be6079 SecurityPkg/DxeImageVerificationLib: tighten default result (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

All intermediate results inside this function will be checked and
returned immediately upon any failure or error, like out-of-resource,
hash calculation error or certificate retrieval failure.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang a83dbf008c SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (1) (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

To avoid false-negative issue in check hash against dbx, both error
condition (as return value) and check result (as out parameter) of
IsCertHashFoundInDatabase() are added. So the caller of this function
will know exactly if a failure is caused by a black list hit or
other error happening, and enforce a more secure operation to prevent
secure boot from being bypassed. For a white list check (db), there's
no such necessity.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang adc6898366 SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching code (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

The dbx fetching code inside the while/for-loop causes code hard to
understand. Since there's no need to get dbx more than once, this patch
simplify the code logic by moving related code to be outside the while-
loop. db fetching code is also refined accordingly to reduce the indent
level of code.

More comments are also added or refined to explain more details.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang 929d1a24d1 SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching dbx (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

In timestamp check after the cert is found in db, the original code jumps
to 'Done' if any error happens in fetching dbx variable. At any of the
jump, VerifyStatus equals to TRUE, which means allowed-by-db. This should
not be allowed except to EFI_NOT_FOUND case (meaning dbx doesn't exist),
because it could be used to bypass timestamp check.

This patch add code to change VerifyStatus to FALSE in the case of memory
allocation failure and dbx fetching failure to avoid potential bypass
issue.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang 9e56970090 SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in IsAllowedByDb (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

Normally two times of calling gRT->GetVariable() are needed to get
the data of a variable: get the variable size by passing zero variable
size, and then allocate enough memory and pass the correct variable size
and buffer.

But in the inner loop in IsAllowedByDb(), the DbxDataSize was not
initialized to zero before calling gRT->GetVariable(). It won't cause
problem if dbx does not exist. But it will give wrong result if dbx
exists and the DbxDataSize happens to be a small enough value. In this
situation, EFI_BUFFER_TOO_SMALL will be returned. Then the result check
code followed will jump to 'Done', which is not correct because it's
actually the value expected.

            if (Status == EFI_BUFFER_TOO_SMALL) {
              goto Done;
            }

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang c13742b180 SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 per DBX (CVE-2019-14575)
In case the signers' certificate stack, retrieved from the PE/COFF image's
Authenticode blob, has zero elements (=there are zero signer certificates),
then we should consider the image forbidden by DBX, not accepted by DBX.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
Jian J Wang fbb9607223 SecurityPkg/DxeImageVerificationLib: Fix memory leaks (CVE-2019-14575)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608

Pointer HashCtx used in IsCertHashFoundInDatabase() is not freed inside
the while-loop, if it will run more than once.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-02-19 14:08:23 +00:00
GuoMinJ f9713abe95 SecurityPkg: Issues reported by ECC in EDK2.
https://bugzilla.tianocore.org/show_bug.cgi?id=2515

Change the SecurityPkg to match the ECC check rule

Signed-off-by: GuoMinJ <newexplorerj@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2020-02-14 07:27:28 +00:00
Antoine Coeur ba562ca040 SecurityPkg/VariableAuthenticated: Fix few typos
Fix few typos in comments and documentation.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-67-philmd@redhat.com>
2020-02-10 22:30:07 +00:00
Antoine Coeur dd40a1f85c SecurityPkg/Tcg: Fix various typos
Fix various typos in documentation, comments and debug strings.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-66-philmd@redhat.com>
[lersek@redhat.com: replace EFI_D_xxx w/ DEBUG_xxx to shut up PatchCheck]
2020-02-10 22:30:07 +00:00
Antoine Coeur f9fd0c2108 SecurityPkg/Library/Tpm: Fix various typos
Fix various typos in comments and documentation.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-65-philmd@redhat.com>
2020-02-10 22:30:07 +00:00
Antoine Coeur ce4cca7c06 SecurityPkg/Hash2DxeCrypto: Fix few typos
Fix few typos in documentation, comments and debug strings.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-64-philmd@redhat.com>
2020-02-10 22:30:07 +00:00
Antoine Coeur fc70522ffe SecurityPkg: Fix few typos
Fix few typos in comments and documentation.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-63-philmd@redhat.com>
2020-02-10 22:30:07 +00:00
Philippe Mathieu-Daudé 4b026f0d5a SecurityPkg: Fix incorrect return value when File is NULL
The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers
are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype
can not return EFI_INVALID_PARAMETER.

The prototype documentation states it returns EFI_ACCESS_DENIED if:

  "The file specified by File and FileBuffer did not authenticate,
   and the platform policy dictates that the DXE Foundation may not
   use File."

Correct the documentation, and add a early check, returning
EFI_ACCESS_DENIED when File is NULL.

Noticed while reviewing commit 6d57592740.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-02-10 07:09:47 +00:00
Zhichao Gao 01712e6508 SecurityPkg/TcgPhysicalPresenceLib: Replace the ASSERT with error code
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2472

Replace the ASSERT with the error code return in the TpmPhysicalPresence
and GetTpmCapability.
Add missing error checking after call TpmPhysicalPresence in
TcgPhysicalPresenceLibProcessRequest.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
2020-02-07 07:22:11 +00:00
Laszlo Ersek 8b0932c19f SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policies
In DxeImageVerificationHandler(), we should return EFI_SECURITY_VIOLATION
for a rejected image only if the platform sets
DEFER_EXECUTE_ON_SECURITY_VIOLATION as the policy for the image's source.
Otherwise, EFI_ACCESS_DENIED must be returned.

Right now, EFI_SECURITY_VIOLATION is returned for all rejected images,
which is wrong -- it causes LoadImage() to hold on to rejected images (in
untrusted state), for further platform actions. However, if a platform
already set DENY_EXECUTE_ON_SECURITY_VIOLATION, the platform will not
expect the rejected image to stick around in memory (regardless of its
untrusted state).

Therefore, adhere to the platform policy in the return value of the
DxeImageVerificationHandler() function.

Furthermore, according to "32.4.2 Image Execution Information Table" in
the UEFI v2.8 spec, and considering that edk2 only supports (AuditMode==0)
at the moment:

> When AuditMode==0, if the image's signature is not found in the
> authorized database, or is found in the forbidden database, the image
> will not be started and instead, information about it will be placed in
> this table.

we have to store an EFI_IMAGE_EXECUTION_INFO record in both the "defer"
case and the "deny" case. Thus, the AddImageExeInfo() call is not being
made conditional on (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION); the
documentation is updated instead.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 5db28a6753
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-12-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek 6aa31db5eb SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail
It makes no sense to call AddImageExeInfo() with (Signature == NULL) and
(SignatureSize > 0). AddImageExeInfo() does not crash in such a case -- it
avoids the CopyMem() call --, but it creates an invalid
EFI_IMAGE_EXECUTION_INFO record. Namely, the
"EFI_IMAGE_EXECUTION_INFO.InfoSize" field includes "SignatureSize", but
the actual signature bytes are not filled in.

Document and ASSERT() this condition in AddImageExeInfo().

In DxeImageVerificationHandler(), zero out "SignatureListSize" if we set
"SignatureList" to NULL due to AllocateZeroPool() failure.

(Another approach could be to avoid calling AddImageExeInfo() completely,
in case AllocateZeroPool() fails. Unfortunately, the UEFI v2.8 spec does
not seem to state clearly whether a signature is mandatory in
EFI_IMAGE_EXECUTION_INFO, if the "Action" field is
EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED or EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND.

For now, the EFI_IMAGE_EXECUTION_INFO addition logic is not changed; we
only make sure that the record we add is not malformed.)

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-11-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek 6d57592740 SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)
"FileBuffer" is a non-optional input (pointer) parameter to
DxeImageVerificationHandler(). Normally, when an edk2 function receives a
NULL argument for such a parameter, we return EFI_INVALID_PARAMETER or
RETURN_INVALID_PARAMETER. However, those don't conform to the
SECURITY2_FILE_AUTHENTICATION_HANDLER prototype.

Return EFI_ACCESS_DENIED when "FileBuffer" is NULL; it means that no image
has been loaded.

This patch does not change the control flow in the function, it only
changes the "Status" outcome from API-incompatible error codes to
EFI_ACCESS_DENIED, under some circumstances.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 570b3d1a72
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-10-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek fb02f5b2cd SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable
The "Status" variable is set to EFI_ACCESS_DENIED at the top of the
function. Then it is overwritten with EFI_SECURITY_VIOLATION under the
"Failed" (earlier: "Done") label. We finally return "Status".

The above covers the complete usage of "Status" in
DxeImageVerificationHandler(). Remove the variable, and simply return
EFI_SECURITY_VIOLATION in the end.

This patch is a no-op, regarding behavior.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-9-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek c602e97446 SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() call
Before the "Done" label at the end of DxeImageVerificationHandler(), we
now have a single access to "Status": we set "Status" to EFI_ACCESS_DENIED
at the top of the function. Therefore, the (Status != EFI_SUCCESS)
condition is always true under the "Done" label.

Accordingly, unnest the AddImageExeInfo() call dependent on that
condition, remove the condition, and also rename the "Done" label to
"Failed".

Functionally, this patch is a no-op. It's easier to review with:

  git show -b -W

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-8-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: replace EFI_D_INFO w/ DEBUG_INFO for PatchCheck.py]
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek 12a4ef58a8 SecurityPkg/DxeImageVerificationHandler: remove superfluous Status setting
After the final "IsVerified" check, we set "Status" to EFI_ACCESS_DENIED.
This is superfluous, as "Status" already carries EFI_ACCESS_DENIED value
there, from the top of the function. Remove the assignment.

Functionally, this change is a no-op.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-7-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek f891b052c5 SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure
A SECURITY2_FILE_AUTHENTICATION_HANDLER function is not expected to return
EFI_OUT_OF_RESOURCES. We should only return EFI_SUCCESS,
EFI_SECURITY_VIOLATION, or EFI_ACCESS_DENIED.

In case we run out of memory while preparing "SignatureList" for
AddImageExeInfo(), we should simply stick with the EFI_ACCESS_DENIED value
that is already in "Status" -- from just before the "Action" condition --,
and not suppress it with EFI_OUT_OF_RESOURCES.

This patch does not change the control flow in the function, it only
changes the "Status" outcome from API-incompatible error codes to
EFI_ACCESS_DENIED, under some circumstances.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Fixes: 570b3d1a72
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-6-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek 47650a5cab SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status
Inside the "for" loop that scans the signatures of the image, we call
HashPeImageByType(), and assign its return value to "Status".

Beyond the immediate retval check, this assignment is useless (never
consumed). That's because a subsequent access to "Status" may only be one
of the following:

- the "Status" assignment when we call HashPeImageByType() in the next
  iteration of the loop,

- the "Status = EFI_ACCESS_DENIED" assignment right after the final
  "IsVerified" check.

To make it clear that the assignment is only useful for the immediate
HashPeImageByType() retval check, introduce a specific helper variable,
called "HashStatus".

This patch is a no-op, functionally.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-5-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek 61a9fa589a SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internal
The PeCoffLoaderGetImageInfo() function may return various error codes,
such as RETURN_INVALID_PARAMETER and RETURN_UNSUPPORTED.

Such error values should not be assigned to our "Status" variable in the
DxeImageVerificationHandler() function, because "Status" generally stands
for the main exit value of the function. And
SECURITY2_FILE_AUTHENTICATION_HANDLER functions are expected to return one
of EFI_SUCCESS, EFI_SECURITY_VIOLATION, and EFI_ACCESS_DENIED only.

Introduce the "PeCoffStatus" helper variable for keeping the return value
of PeCoffLoaderGetImageInfo() internal to the function. If
PeCoffLoaderGetImageInfo() fails, we'll jump to the "Done" label with
"Status" being EFI_ACCESS_DENIED, inherited from the top of the function.

Note that this is consistent with the subsequent PE/COFF Signature check,
where we jump to the "Done" label with "Status" having been re-set to
EFI_ACCESS_DENIED.

As a consequence, we can at once remove the

  Status = EFI_ACCESS_DENIED;

assignment right after the "PeCoffStatus" check.

This patch does not change the control flow in the function, it only
changes the "Status" outcome from API-incompatible error codes to
EFI_ACCESS_DENIED, under some circumstances.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-4-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek eccb856f01 SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break
In the code structure

  if (condition) {
    //
    // block1
    //
    return;
  } else {
    //
    // block2
    //
  }

nesting "block2" in an "else" branch is superfluous, and harms
readability. It can be transformed to:

  if (condition) {
    //
    // block1
    //
    return;
  }
  //
  // block2
  //

with identical behavior, and improved readability (less nesting).

The same applies to "break" (instead of "return") in a loop body.

Perform these transformations on DxeImageVerificationHandler().

This patch is a no-op for behavior. Use

  git show -b -W

for reviewing it more easily.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-3-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Laszlo Ersek 1e0f973b65 SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"
In the DxeImageVerificationHandler() function, the "VerifyStatus" variable
can only contain one of two values: EFI_SUCCESS and EFI_ACCESS_DENIED.
Furthermore, the variable is only consumed with EFI_ERROR().

Therefore, using the EFI_STATUS type for the variable is unnecessary.
Worse, given the complex meanings of the function's return values, using
EFI_STATUS for "VerifyStatus" is actively confusing.

Rename the variable to "IsVerified", and make it a simple BOOLEAN.

This patch is a no-op, regarding behavior.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-2-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
2020-01-31 09:35:31 +00:00
Jiewen Yao 0286fe8176 SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439

Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105.
Use FvName as the description for the FV.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-01-06 06:23:19 +00:00
Jiewen Yao 4fa25853cd SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439

The TCG2 DXE supports to parse the 800-155 event GUID from PEI
and puts to the beginning of the TCG2 event.

The TCG2 DXE also supports a DXE driver produces 800-155 event
and let TCG2 DXE driver record.

The 800-155 is a NO-ACTION event which does not need extend
anything to TPM2. The TCG2 DXE also supports that.

Multiple 800-155 events are supported. All of them will be put
to the beginning of the TCG2 event, just after the SpecId event.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-01-06 06:23:19 +00:00
Jiewen Yao df73a69faf SecurityPkg/Guid: Add TCG 800-155 event GUID definition.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439

The PEIM can produce the 800-155 event and the event
will be recorded to TCG event log by the TCG2 DXE.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2020-01-06 06:23:19 +00:00
Jiewen Yao 7e55cf6b48 SecurityPkg/Tcg2Smm: Measure the table before patch.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1940

According to TCG PFP specification: the ACPI table must be
measured prior to any modification, and the measurement
must be same cross every boot cycle.

There is a fix 3a63c17ebc
for the HID data. However that is not enough.
The LAML/LASA and PCD configuration change may also cause
similar problem.

We need measure the table before any update.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <Jiewen.Yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-12-10 08:00:14 +00:00
Michael D Kinney 566c45a533 SecurityPkg: Add YAML files for CI builds
https://bugzilla.tianocore.org/show_bug.cgi?id=2315

Add YAML file to the package directory with the
configuration of the checks to perform during a
CI build.

Use BaseCryptLibNull for package CI builds to reduce package
build times.  Enabled with CONTINUOUS_INTEGRATION in YAML
files.  By default CONTINUOUS_INTEGRATION is not defined,
and the original lib mappings are preserved.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-11-11 13:02:30 -08:00
Derek Lin 3a63c17ebc SecurityPkg: Fix TPM2 ACPI measurement.
We have discussed in this thread.
https://edk2.groups.io/g/devel/topic/32205028

Before the change, TPM FW upgrade will impact TPM2 ACPI PCR value because
TPM2 ACPI HID include FW version.

This change make the measurement before TPM2 HID fixup. So, after TPM FW
upgrade, the ACPI PCR record remains the same.

Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-11-07 13:11:34 +08:00
Chu, Maggie 1a04951309 SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOL
https://bugzilla.tianocore.org/show_bug.cgi?id=2327

RAID drivers abstract their physical drives that make up
the array into a single unit, and do not supply individual
EFI_BLOCK_IO_PROTOCOL instances for each physical drive in the array.
This breaks support for the Security Storage Command Protocol,
which currently requires an EFI_BLOCK_IO_PROTOCOL to be associated
with the same device the protocol is installed on and provide
all the same parameters.

This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and
allows access to Opal drive members of a RAID array.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
2019-11-06 16:16:18 +08:00
Sean Brogan d6b926e76e SecurityPkg: Fix spelling errors
https://bugzilla.tianocore.org/show_bug.cgi?id=2265

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-10-23 10:23:23 -07:00
Michael D Kinney 6e7e9b9578 SecurityPkg: Change EFI_D_INFO to DEBUG_INFO
Update DEBUG() macro to use DEBUG_INFO to address PatchCheck.py error.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-10-23 10:23:17 -07:00
Liming Gao e026bb4c39 SecurityPkg Tcg2Dxe: Add Variable Arch protocol dependency
commit a7e2d20193 introduces the code to
get PcdTpm2AcpiTableRev in the driver entry point. This PCD is designed as
DynamicHii or DynamicHiiEx PCD. So, this PCD depends on Variable service.
To make sure PcdTpm2AcpiTableRev value be got, add Variable service as Depex.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: jiewen Yao <jiewen.yao@intel.com>
2019-10-18 08:41:50 +08:00
Jiewen Yao a7e2d20193 SecurityPkg/Tcg2: Add Support Laml, Lasa for TPM2 ACPI.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=978

Tcg2Dxe produces PcdTpm2AcpiTableLaml/Lasa for event log address.
Tcg2Smm consumes PcdTpm2AcpiTableLaml/Lasa to fill TPM2 ACPI table.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-10-11 10:06:51 +08:00
Jiewen Yao 1fca55285b SecurityPkg/dsc: Add PCD for Laml, Lasa for TPM2.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=978

Those PCDs will be used for TPM2 ACPI table.
Tcg2Dxe need produce those for event log address.
Tcg2Smm need consume those to fill TPM2 ACPI table.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-10-11 10:06:51 +08:00
Laszlo Ersek fcf8bdcd53 SecurityPkg: stop abusing EFI_EVENT for protocol notify registration
EfiCreateProtocolNotifyEvent() takes a (VOID**) for "Registration",
similarly to gBS->RegisterProtocolNotify(). We should pass the address of
an actual pointer-to-VOID, and not the address of an EFI_EVENT. EFI_EVENT
just happens to be specified as (VOID*), and has nothing to do with the
registration.

This change is a no-op in practice; it's a semantic improvement.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-10-09 09:40:10 +02:00
Laszlo Ersek a629d5b9ef SecurityPkg: fix UninstallMultipleProtocolInterfaces() calls
Unlike the InstallMultipleProtocolInterfaces() boot service, which takes
an (EFI_HANDLE*) as first parameter, the
UninstallMultipleProtocolInterfaces() boot service takes an EFI_HANDLE as
first parameter.

These are actual bugs. They must have remained hidden until now because
they are all in Unload() functions, which are probably exercised
infrequently. Fix the UninstallMultipleProtocolInterfaces() calls.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-10-09 09:40:10 +02:00
Liming Gao 26fc074a5f SecurityPkg Tcg2Config: Move common definitions to new Tcg2Internal.h
Common definitions are not consumed by VFR. They are not required to be
defined in Tcg2ConfigNvData.h with WA way. New shared internal header
file is added to include those common definitions.

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-09-17 09:39:03 +08:00
Shenglei Zhang 49a2f8ceee SecurityPkg/SecurityPkg.dec: Update TcgPpVendorLib.h to Tcg2PpVendorLib.h
Tcg2PpVendorLib library class header should be
Include/Library/Tcg2PpVendorLib.h instead of
Include/Library/TcgPpVendorLib.h.
https://bugzilla.tianocore.org/show_bug.cgi?id=2146

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-09-17 09:37:23 +08:00
Jian J Wang f516a5144e SecurityPkg/SecurityPkg.uni: Add missing strings for new PCDs
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2026

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Shenglei Zhang <shenglei.zhang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-08-16 09:53:24 +08:00
Shenglei Zhang e18d1c37e8 SecurityPkg/SecurityPkg.dec: Remove trailing white space
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-08-05 09:33:06 +08:00
Shenglei Zhang f32a49f10b SecurityPkg/FvReportPei: Change HashAlgoId to HashAlgId
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-08-02 14:19:13 +08:00
Imran Desai c027f68030 SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781
GITHUB: https://github.com/idesai/edk2/tree/enable_sm3_measured_boot_v6

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.

This patch sets SM3 bit in TPM2.0 hash mask by default.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>

Signed-off-by: Imran Desai <imran.desai@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Message-Id: <20190718225326.40839-4-imran.desai@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2019-07-19 14:31:59 +02:00
Imran Desai 7c1126d394 SecurityPkg/HashLibBaseCryptoRouter: recognize the SM3 digest algorithm
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781
GITHUB: https://github.com/idesai/edk2/tree/enable_sm3_measured_boot_v6

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.

This patch adds SM3 as an available digest algorithm to crypto router.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>

Signed-off-by: Imran Desai <imran.desai@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Message-Id: <20190718225326.40839-3-imran.desai@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2019-07-19 14:31:55 +02:00
Imran Desai edf6ef246d SecurityPkg: introduce the SM3 digest algorithm
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781
GITHUB: https://github.com/idesai/edk2/tree/enable_sm3_measured_boot_v6

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.

This patch add SM3 algorithm in the hashinstance library.

Delta in v7:
1. Dropped 95a040cff from v6 to address https://edk2.groups.io/g/devel/topic/
32454898?p=,,,20,0,0,0::Created,,sm3,20,2,0,32454898,ct=1&ct=1
2. Relocated SM3 GUID definition from MdePkg to SecurityPkg in 9728b54f4

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>

Signed-off-by: Imran Desai <imran.desai@intel.com>
Message-Id: <20190718225326.40839-2-imran.desai@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-07-19 14:31:52 +02:00
Laszlo Ersek a9faafb156 Revert "SecurityPkg: introduce the SM3 digest algorithm"
This reverts commit 06dd5863b6.

The reason is that said commit directly depends on commit 49c1e683c4
("MdePkg/Protocol/Hash: introduce GUID for SM3", 2019-07-03), and the
latter commit is going to be reverted, due to its review process not
having followed established edk2 norms.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Imran Desai <imran.desai@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1781
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
2019-07-04 17:50:48 +02:00
Laszlo Ersek 29a1a6eff7 Revert "SecurityPkg/HashLibBaseCryptoRouter: recognize the SM3 digest algorithm"
This reverts commit 542d04e2a4.

The reason is that said commit indirectly depends on commit 49c1e683c4
("MdePkg/Protocol/Hash: introduce GUID for SM3", 2019-07-03), and the
latter commit is going to be reverted, due to its review process not
having followed established edk2 norms.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Imran Desai <imran.desai@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1781
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
2019-07-04 17:50:46 +02:00
Laszlo Ersek 0d823bfd8d Revert "SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default"
This reverts commit d5af8fc5a9.

The reason is that said commit indirectly depends on commit 49c1e683c4
("MdePkg/Protocol/Hash: introduce GUID for SM3", 2019-07-03), and the
latter commit is going to be reverted, due to its review process not
having followed established edk2 norms.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Imran Desai <imran.desai@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1781
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
2019-07-04 17:50:44 +02:00
Imran Desai d5af8fc5a9 SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.
This patch sets SM3 bit in TPM2.0 hash mask by default.

Signed-off-by: Imran Desai <imran.desai@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: jiewen.yao@intel.com
2019-07-03 16:31:55 +08:00
Imran Desai 542d04e2a4 SecurityPkg/HashLibBaseCryptoRouter: recognize the SM3 digest algorithm
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.
This patch adds SM3 as an available digest algorithm to crypto router.

Signed-off-by: Imran Desai <imran.desai@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: jiewen.yao@intel.com
2019-07-03 16:31:55 +08:00
Imran Desai 06dd5863b6 SecurityPkg: introduce the SM3 digest algorithm
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781

EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR
banks. This digest algorithm is part of the China Crypto algorithm suite.
This integration has dependency on the openssl_1_1_1b integration into
edk2.
This patch add SM3 algorithm in the hashinstance library.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Signed-off-by: Imran Desai <imran.desai@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: jiewen.yao@intel.com
2019-07-03 16:31:54 +08:00
Shenglei Zhang b7cd36a224 SecurityPkg: Remove DxeDeferImageLoadLib in DSC
The current version will cause build fail because DxeDeferImageLoadLib
exists in DSC file but it was actually deleted. So it should be removed.
https://bugzilla.tianocore.org/show_bug.cgi?id=1919

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-07-01 14:24:18 +08:00
Shenglei Zhang d316662118 SecurityPkg/DxeDeferImageLoadLib: Remove DxeDeferImageLoadLib
The library DxeDeferImageLoadLib supports UID feature and it is conflicted
with the driver SecurityStubDxe (Defer3rdPartyImageLoad.c).
And the UID feature is dropped. So it should be removed from SecurityPkg.
https://bugzilla.tianocore.org/show_bug.cgi?id=1919

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-28 13:20:19 +08:00
Jian J Wang 8b6f0b5cd3 SecurityPkg: add FvReportPei.inf in dsc for build validation
https://bugzilla.tianocore.org/show_bug.cgi?id=1617

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-06-26 21:18:43 +08:00
Jian J Wang 3743e71a06 SecurityPkg/FvReportPei: implement a common FV verifier and reporter
https://bugzilla.tianocore.org/show_bug.cgi?id=1617

This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.

Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.

To be hardware/platform independent, PPI

  gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid

is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.

struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
  FV_HASH_INFO            HashInfo;
  UINTN                   FvNumber;
  HASHED_FV_INFO          FvInfo[1];
};

To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.

For a measured boot, this driver will install

  gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid

to report digest of each FV to TCG driver.

For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.

If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.

If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.

The platform can register customized handler to process pass and fail
cases differently.

Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-06-26 21:18:43 +08:00
Jian J Wang beda3f76af SecurityPkg: add definitions for OBB verification
https://bugzilla.tianocore.org/show_bug.cgi?id=1617

gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid should be installed by
platform to pass FV hash information to the common FV verify/report
driver, in which the hash value will be calculated again based on the
information fed in and then verified.

The information passed in this PPI include:
  - FVs location in flash and length
  - Hash values for different boot mode

The hash value must be calculated in following way (if 3 FVs to calc):

  FV1 -> Hash1
  FV2 -> Hash2
  FV3 -> Hash3
  Hash1 + Hash2 + Hash3 -> HashAll

Only HashAll is stored in this PPI. The purposes for this algorithm
are two:

  1. To report each FV's hash to TCG driver and verify HashAll at the
     same time without the burden to calculate the hash twice;
  2. To save hash value storage due to potential hardware limitation

Different boot mode may have its own hash value so that each mode can
decide which FV will be verified. For example, for the sake of performance,
S3 may choose to skip some FVs verification and normal boot will verify
all FVs it concerns.

So in this PPI, each FV information has flag to indicate which boot mode
it will be taken into hash calculation.

And if multiple hash values passed in this PPI, each has a flag to indicate
which boot mode it's used for. Note one hash value supports more than one
boot modes if they're just the same.

PcdStatusCodeFvVerificationPass and PcdStatusCodeFvVerificationFail are
introduced to report status back to platform, and platform can choose how
to act upon verification success and failure.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-06-26 21:18:43 +08:00
Bret Barkelew 2f3435c234 SecurityPkg: Add missing instances for build only
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1902

Add the missing instance to the [Components] of dsc file
for build only.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Signed-off-by: Zhichao gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-06-26 16:35:45 +08:00
Chu, Maggie 9e2416ae2e SecurityPkg/HddPassword: Add a PCD to skip Hdd password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1876
Add a PCD for skipping Hdd password prompt.
If device is in the locked status while attempting to skip
password prompt, device will keep locked and system
continue to boot.
If device is in the unlocked status while attempting to skip
password prompt, system will be forced shutdown.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-06-12 09:12:05 +08:00
Chu, Maggie 6cbed0e36f SecurityPkg/OpalPassword: Add PCD to skip password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1801
Add a PCD for skipping password prompt in device unlocked status.
Previous change only support if storage device is in locked status.
This change is added to support the case that security status of the
storage device is unlocked.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
2019-06-10 14:16:07 +08:00
Zhichao Gao e90ea9470a SecurityPkg/AuthSeriableLib: Always delete variable in certdb
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1783

While cleaning the certdb, always delete the variable data in
the certdb regardless of its attribute.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-15 13:00:37 +08:00
Joe Richey 4000f249ba SecurityPkg: Remove double \r
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Signed-off-by: Joe Richey <joerichey@google.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by : Chao Zhang <chao.b.zhang@intel.com>
2019-05-15 12:57:20 +08:00
Eric Dong 46e696088a SecurityPkg/OpalPassword: Fix "Enable Feature" Menu disappear issue
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

After change behavior to send BlockSid command at EndOfDxe point,
check device ownership command will return un-authority error, it
finally caused opal driver can't show "Enable Feature" menu.

Update the code logic to send detect device ownership command
before send BlockSID command.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2019-05-09 14:32:52 +08:00
Eric Dong 539a6c9318 SecurityPkg/OpalPassword: Change send BlockSID policy
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

Change Send BlockSID command time from ReadyToBoot to
EndOfDxe.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2019-05-09 14:32:49 +08:00
Eric Dong e0972cfc7d SecurityPkg/SecurityPkg.dec: Change BlockSID default policy
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

Change BlockSID default policy, default enable BlockSid.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2019-05-09 14:32:46 +08:00
Chu, Maggie f5245a1db1 SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753
Add pop-up warning messages before secure erase action.
In order to notify user the secure erase action will take a longer time.
This change also fix some pop-up windows are unable to show up
complete message due to some strings are too long.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-05-08 09:17:36 +08:00
Zhichao Gao 930fcd9f3a SecurityPkg/Tcg2Dxe: Change comments of ShutdownTpmOnReset
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1460

Refer to Uefi spec 2.8, the ResetData is valid while ResetStatus
is EFI_SUCCESS regardless of the ResetType is EfiResetPlatformSpecific
or not.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-04-28 09:40:13 +08:00
Michael D Kinney 289b714b77 SecurityPkg: Replace BSD License with BSD+Patent License
https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-09 10:58:23 -07:00
Eric Dong f4c5200926 SecurityPkg/OpalPassword: Fix incorrect line ending issue.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-03-22 10:05:59 +08:00
Shenglei Zhang 6ef95e4da7 SecurityPkg/SecurityPkg.uni: Add the prompt and help information
The prompt and help information are missing in SecurityPkg.uni.
https://bugzilla.tianocore.org/show_bug.cgi?id=1600

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-03-19 15:22:01 +08:00
Dandan Bi c8eada5ca0 SecurityPkg: Remove duplicated BSD license
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1612

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-03-12 23:08:17 -07:00
Hao Wu e8959f8100 SecurityPkg/HddPassword: Add Security feature set support for ATA dev
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529

This commit will add the 'Security feature set' support for ATA devices.

According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS)
specification, the Security feature set is an optional feature. In
summary, the feature is a password system that restricts access to user
data stored on an ATA device. A more detailed introduction of this feature
can be referred from the ATA8-ACS spec.

The HddPassword driver is composed of 2 parts:
* A DXE driver and
* A PEI driver

The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs
an HII GUI to manage the devices. If the managing device supports Security
feature set, the HII page will provide the user with the ability to
set/update/disable the password for this device. Also, if a password is
being set via the Security feature set, a popup window will show during
boot requesting the user to input password.

Another feature supported by this driver is that for those managing
devices with password set, they will be automatically unlocked during the
S3 resume. This is done by the co-work of the DXE driver and the PEI
driver:

The DXE driver will save the password and the identification information
for these devices into a LockBox, which is only allowed to restore during
S3 resume.

The PEI driver, during S3 resume, will restore the content in the LockBox
and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-02-22 08:20:08 +08:00