Commit Graph

932 Commits

Author SHA1 Message Date
Doug Flick 264636d8e6 SecurityPkg: : Updating SecurityFixes.yaml after symbol rename
Adding the new commit titles for the symbol renames

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <5e0e851e97459e183420178888d4fcdadc2f1ae1.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2024-01-18 19:25:14 +00:00
Doug Flick 326db0c907 SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename
Updates the sanitation function names to be lib unique names

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <355aa846a99ca6ac0f7574cf5982661da0d9fea6.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2024-01-18 19:25:14 +00:00
Doug Flick 40adbb7f62 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename
Updates the sanitation function names to be lib unique names

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <7b18434c8a8b561654efd40ced3becb8b378c8f1.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2024-01-18 19:25:14 +00:00
Douglas Flick [MSFT] 8f6d343ae6 SecurityPkg: : Adding CVE 2022-36764 to SecurityFixes.yaml
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 0d341c01ee SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764
This commit contains the patch files and tests for DxeTpmMeasureBootLib
CVE 2022-36764.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] c7b2794421 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764
This commit contains the patch files and tests for DxeTpm2MeasureBootLib
CVE 2022-36764.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 1ddcb9fc6b SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
This creates / adds a security file that tracks the security fixes
found in this package and can be used to find the fixes that were
applied.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 4776a1b39e SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763
This commit contains the patch files and tests for DxeTpmMeasureBootLib
CVE 2022-36763.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT] 2244465432 SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763
This commit contains the patch files and tests for DxeTpm2MeasureBootLib
CVE 2022-36763.

Cc: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
2024-01-16 07:56:38 +00:00
Vivian Nowka-Keane a00f7a355a SecurityPkg: Apply uncrustify formatting to relevant files
Apply uncrustify formatting to GoogleTest cpp and header files.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Vivian Nowka-Keane <vnowkakeane@linux.microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-10-27 00:50:49 +00:00
Michael Kubacki bc7bbd3bc4 SecurityPkg.ci.yaml: Add debug macro exception
Adds a CI YAML entry to acknowledge a case where a single argument
is matched to a format specifier with a ternary operator.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
2023-09-19 01:20:27 +00:00
Linus Liu cdfe4310dd Pyrite support - Secure erase is only available if encryption is supported.
https://bugzilla.tianocore.org/show_bug.cgi?id=3004

Cc: Qi Zhang    <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao  <jiewen.yao@intel.com>
Cc: Tina Chen   <tina.chen@intel.com>
Cc: Xiao X Chen <xiao.x.chen@intel.com>
Signed-off-by: Linus Liu <linus.liu@intel.com>
Reviewed-by: Jiewen Yao  <jiewen.yao@intel.com>
2023-09-13 06:35:02 +00:00
Kun Qin b74f1f7ab5 SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocator
REF: https://bugzilla.tianocore.org/show_bug.cgi?idD91

mAvailableAlgoArray is currently allocated for "RNG_AVAILABLE_ALGO_MAX"
number of bytes, whereas it was dereferenced as "EFI_RNG_ALGORITHM".

This change fixed the buffer allocation logic by allocating a proper size
of buffer before referencing.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Sami Mujawar <Sami.Mujawar@arm.com>
Cc: Pierre Gondois <pierre.gondois@arm.com>

Signed-off-by: Kun Qin <kuqin@microsoft.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
2023-09-08 12:48:57 +00:00
Pierre Gondois ff7ddc02b2 SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm
The first element of mAvailableAlgoArray is defined as the default
Rng algorithm to use. Don't go through the array at each RngGetRNG()
call and just return the first element of the array.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Pierre Gondois 19438cff97 SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151

The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function was added in a previous patch.

The EFI_RNG_PROTOCOL can advertise multiple algorithms through
Guids. The PcdCpuRngSupportedAlgorithm is currently used to
advertise the RngLib in the Arm implementation.

The issues of doing that are:
- the RngLib implementation might not use CPU instructions,
  cf. the BaseRngLibTimerLib
- most platforms don't set PcdCpuRngSupportedAlgorithm

A GetRngGuid() was added to the RngLib in a previous patch,
allowing to identify the algorithm implemented by the RngLib.
Make use of this function and place the unsage algorithm
at the last position in the mAvailableAlgoArray.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Pierre Gondois 65b5dd828e SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a
following patch and to avoid making the MdePkg dependent on another
package, move PcdCpuRngSupportedAlgorithm to the MdePkg.

As the Pcd is only used for AARCH64, place it in an AARCH64
specific sections.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Pierre Gondois 2f981bddcb MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkg
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504

The BaseRngLibTimerLib allows to generate number based on a timer.
This mechanism allows to have a basic non-secure implementation
for non-production platforms.
To bind and identify Random Number Generators implementations with
a GUID, an unsafe GUID should be added. This GUID cannot be added
to the MdePkg unless it is also added to a specification.

To keep the MdePkg self-contained, copy the BaseRngLibTimerLib to
the MdeModulePkg. This will allow to define an unsafe Rng GUID
in a later patch in the MdeModulePkg.

The MdePkg implementation will be removed later. This allows to give
some time to platform owners to switch to the MdeModulePkg
implementation.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-09-08 09:48:55 +00:00
Sheng Wei bbf1822295 SecurityPkg/SecureBoot: Support RSA4096 and RSA3072
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Zeyi Chen <zeyi.chen@intel.com>
Cc: Fiona Wang <fiona.wang@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-09-07 06:12:18 +00:00
Michael Kubacki 9896a9c618 SecurityPkg/Tpm2DeviceLibTcg2: Make mTcg2Protocol static
The global variable has a common name that can conflict with other
TCG modules. For example, Tcg2Dxe has a similarly named global that
is of type EFI_TCG2_PROTOCOL instead of EFI_TCG2_PROTOCOL*.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-08-30 00:05:52 +00:00
Kun Qin 6ee981c858 SecurityPkg: SubClassTpm: Updated default value
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966

This change updated the default value of TPM device subclass PCD to
`0x010E0000` in order to match the definition of EFI_PERIPHERAL_TPM
from PI specification v1.8.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kuqin12@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-06-23 16:28:24 +00:00
Rebecca Cran c6382ba0f2 SecurityPkg: Add missing break in Tpm2TestParms
Add missing break in Tpm2TestParms.

Reported in https://github.com/tianocore/edk2/issues/4073

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-05-11 03:28:43 +00:00
Linus Liu d89492456f Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4408

Cc: Jiewen Yao   <jiewen.yao@intel.com>
Cc: Maggie Chu   <maggie.chu@intel.com>
Cc: Kumar Rahul  <rahul.r.kumar@intel.com>
Signed-off-by: Linus Liu <linus.liu@intel.com>
Reviewed-by: Jiewen Yao   <jiewen.yao@intel.com>
2023-05-08 11:39:32 +00:00
Gerd Hoffmann d6b42ed7ed SecurityPkg: add TIS sanity check (tpm12)
The code blindly assumes a TIS interface is present in case both CRB and
FIFO checks fail.  Check the InterfaceType for TIS instead and only
return PtpInterfaceTis in case it matches, PtpInterfaceMax otherwise.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-05-02 15:43:32 +00:00
Gerd Hoffmann 832fbc6e32 SecurityPkg: add TIS sanity check (tpm2)
The code blindly assumes a TIS interface is present in case both CRB and
FIFO checks fail.  Check the InterfaceType for TIS instead and only
return Tpm2PtpInterfaceTis in case it matches, Tpm2PtpInterfaceMax
otherwise.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-05-02 15:43:32 +00:00
Nhi Pham d226811a66 SecurityPkg/DxeImageVerificationLib: Add AUTH_SIG_NOT_FOUND Action
Add the AUTH_SIG_NOT_FOUND Action to the Image Execution Info Table
when the Image is signed but signature is not allowed by DB and the
hash of image is not found in DB/DBX.

This is documented in the UEFI spec 2.10, table 32.5.

This issue is found by the SIE SCT with the error message as follows:
SecureBoot - TestImage1.bin in Image Execution Info Table with
SIG_NOT_FOUND. --FAILURE
B3A670AA-0FBA-48CA-9D01-0EE9700965A9
SctPkg/TestCase/UEFI/EFI/RuntimeServices/SecureBoot/BlackBoxTest/
ImageLoadingBBTest.c:1079:Status Success

Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-04-28 07:03:56 +00:00
Rebecca Cran dd0b33e3e5 SecurityPkg: Update code to be more C11 compliant by using __func__
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among
others support, while __func__ was standardized in C99.

Since it's more standard, replace __FUNCTION__ with __func__ throughout
SecurityPkg.

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2023-04-10 14:19:57 +00:00
Michael D Kinney 358e23c1be SecurityPkg/Library/SecureBootVariableLib: HOST_APPLICATION IA32/X64 only
Update SecureBootVariableLib host-based unit test INF file to only
list VALID_ARCHITECTURES of IA32 and X64 to align with all other
host-based unit test INF files. The UnitTestFrameworkPkg only
provides build support of host-based unit tests to OS applications
for IA32 and X64.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
2023-04-10 05:59:02 +00:00
Michael D Kinney 0657e74116 SecurityPkg/Library/SecureBootVariableLib: Fix VS20xx 4122 errors
The unit test code for the SecureBootVariableLib is initializing
local variable structures in their declaration from other local
variables that are also initialized in their declaration.  ANSI C
does not allow this and error 4122 is generated on VS20xx compilers.

The test cases are updated to initialize the local structure
fields in C statements instead of their local variable declaration.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
2023-04-10 05:59:02 +00:00
Chris Johnson c28c16e7c4 SecurityPkg: Add gmock example
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4389

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Chris Johnson <chris.n.johnson@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-04-10 05:59:02 +00:00
Umang Patel 144028626e SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi
If FirmwareVolumeShadow PPI is available, then use it to
shadow FVs to memory.  Otherwise fallback to CopyMem().

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Patel Umang <umang.patel@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2023-03-27 16:25:51 +00:00
Gerd Hoffmann 494127613b SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2
Call gRT->GetVariable() directly to read the SecureBoot variable.  It is
one byte in size so we can easily place it on the stack instead of
having GetEfiGlobalVariable2() allocate it for us, which avoids a few
possible error cases.

Skip secure boot checks if (and only if):

 (a) the SecureBoot variable is not present (EFI_NOT_FOUND) according to
     the return value, or
 (b) the SecureBoot variable was read successfully and is set to
     SECURE_BOOT_MODE_DISABLE.

Previously the code skipped the secure boot checks on *any*
gRT->GetVariable() error (GetEfiGlobalVariable2 sets the variable
value to NULL in that case) and also on memory allocation failures.

Fixes: CVE-2019-14560
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Suggested-by: Marvin Häuser <mhaeuser@posteo.de>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-03-21 05:52:23 +00:00
Pierre Gondois 75fb0cfc82 SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
On Arm platforms, the number of available RNG algorithms is
dynamically detected and can be 0 in the absence of FEAT_RNG
and firmware TRNG.
In this case, the EFI_RNG_PROTOCOL should not be installed to
prevent from installing an empty protocol.

Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
[ardb: return EFI_REQUEST_UNLOAD_IMAGE instead of an error]
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2023-03-07 15:34:23 +00:00
Pierre Gondois bfb574db11 SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
mAvailableAlgoArrayCount holds the count of available RNG algorithms.
In a following patch, its value will be used to prevent the
EFI_RNG_PROTOCOL to be installed if no RNG algorithm is available.

Correctly set/reset the value for all implementations.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2023-03-07 15:34:23 +00:00
Min M Xu ff8485179c SecurityPkg/TdTcg2Dxe: td-guest shall halt when CcMeasurement install fail
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4335

CcMeasurement protocol is installed when it is supported in a td-guest. If
the installation of the protocol failed, the guest shall go into
CpuDeadLoop. Because the measurement feature is crucial to a td-guest and
it shall stop running immediately at this situation.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-02-04 12:30:47 +00:00
Jan Bobek cc18c503e0 SecurityPkg: don't require PK to be self-signed by default
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506

Change the default value of PcdRequireSelfSignedPk to FALSE in
accordance with UEFI spec, which states that PK need not be
self-signed when enrolling in setup mode.

Note that this relaxes the legacy behavior, which required the PK to
be self-signed in this case.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2023-02-04 11:53:59 +00:00
Jan Bobek 566cdfc675 SecurityPkg: limit verification of enrolled PK in setup mode
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506

Per UEFI spec, enrolling a new PK in setup mode should not require a
self-signature. Introduce a feature PCD called PcdRequireSelfSignedPk
to control this requirement. Default to TRUE in order to preserve the
legacy behavior.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Co-authored-by: Matthew Carlson <macarl@microsoft.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2023-02-04 11:53:59 +00:00
Jan Bobek 37d3eb026a SecurityPkg/AuthVariableLib: Check SHA-256 OID with ContentInfo present
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4305

Based on whether the DER-encoded ContentInfo structure is present in
authenticated SetVariable payload or not, the SHA-256 OID can be
located at different places.

UEFI specification explicitly states the driver shall support both
cases, but the old code assumed ContentInfo was not present and
incorrectly rejected authenticated variable updates when it were
present.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Jan Bobek <jbobek@nvidia.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-01-23 06:03:31 +00:00
Min M Xu e0dcfb31fb SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1]
According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable
should be measured and extended to PCR[1], not PCR[5]. This patch is
proposed to fix this error.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
2023-01-18 04:29:14 +00:00
Min M Xu 5654ce1d2c SecurityPkg: Move TdTcg2Dxe from OvmfPkg to SecurityPkg
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4194

The TdTcg2Dxe lives in the OvmfPkg instead of the SecurityPkg. Having
the TdTcg2Dxe at the same place as Tcg2Dxe will be easier for platforms to
consume.

Definition of PcdCcEventlogAcpiTableLaml and PcdCcEventlogAcpiTableLasa
are also moved from OvmfPkg.dec to SecurityPkg.dec.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Arti Gupta <ARGU@microsoft.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2023-01-06 09:55:14 +00:00
Jian J Wang b2d76fdd42 SecurityPkg: deprecate RpmcLib and VariableKeyLib
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

There's no real usage of these two libraries. They're deprecated.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Cc: Judah Vang <judah.vang@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
2022-12-21 05:49:48 +00:00
Min M Xu 01c0d3c0d5 OvmfPkg/SecTpmMeasurementLib: Fix the mapping error of PCR and RTMR index
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4179

TDVF has the feature to do RTMR measurement in SEC phase. In the same time
it builds a GUID hob which carries the hash value of the measurement so
that in DXE phase a td event can be created based on this GUID Hob. There
is a mapping error between TPM PCR index and RTMR index according to UEFI
2.10. That PCR6 is missing in the mapping. This patch fixes this issue.

Cc: Erdem Aktas <erdemaktas@google.com> [ruleof2]
Cc: James Bottomley <jejb@linux.ibm.com> [jejb]
Cc: Jiewen Yao <jiewen.yao@intel.com> [jyao1]
Cc: Tom Lendacky <thomas.lendacky@amd.com> [tlendacky]
Cc: Arti Gupta <ARGU@microsoft.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2022-12-15 03:07:33 +00:00
Pierre Gondois 9eb5ccda50 SecurityPkg/RngDxe: Add Arm support of RngDxe
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)

Add RngDxe support for Arm. This implementation uses the ArmTrngLib
to support the RawAlgorithm and doens't support the RNDR instruction.

To re-use the RngGetRNG(), RngGetInfo() and FreeAvailableAlgorithms()
functions, create Arm/AArch64 files which implement the arch specific
function GetAvailableAlgorithms(). Indeed, FEAT_RNG instruction is not
supported on Arm.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Pierre Gondois ff29cdb968 SecurityPkg/RngDxe: Rename AArch64/RngDxe.c
To re-use the AArch64/RngDxe.c for an Arm implementation,
rename AArch64/RngDxe.c to ArmRngDxe.c.

Acked-by: Leif Lindholm <quic_llindhol@quicinc.com>
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Pierre Gondois 6cdddccf00 SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithm
PcdCpuRngSupportedAlgorithm should allow to identify the the algorithm
used by the RNDR CPU instruction to generate a random number.
Add a debug warning if the Pcd is not set.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Sami Mujawar 863fe9e191 SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through ArmTrngLib
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)

RawAlgorithm is used to provide access to entropy that is suitable
for cryptographic applications. Therefore, add RawAlgorithm support
that provides access to entropy using the ArmTrngLib.

Also remove unused UefiBootServicesTableLib library inclusion
and Status variable.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Pierre Gondois 4b3e9d80be SecurityPkg/RngDxe: Check before advertising Cpu Rng algo
RngGetBytes() relies on the RngLib. The RngLib might use the RNDR
instruction if the FEAT_RNG feature is present. RngGetInfo and
RngGetRNG both must check that RngGetBytes() is working before
advertising/using it.

To do so, allocate an array storing the available algorithms.
The Rng algorithm at the lowest index will be the default Rng
algorithm. The array is shared between RngGetInfo and RngGetRNG.

This array is allocated when the driver is loaded, and freed
when unloaded.

This patch also prevents from having PcdCpuRngSupportedAlgorithm
let to a zero GUID, but let the possibility to have no valid Rng
algorithm in such case.

Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Pierre Gondois 199031b2b0 SecurityPkg/RngDxe: Documentation/include/parameter cleanup
This patch:
-Update RngGetBytes() documentation to align the function
 definition and declaration.
-Improve input parameter checking. Even though 'This'
 it is not used, the parameter should always point to the
 current EFI_RNG_PROTOCOL.
-Removes TimerLib inclusion as unused.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Pierre Gondois 922bf317f1 SecurityPkg/RngDxe: Remove ArchGetSupportedRngAlgorithms()
RngGetInfo() is one of the 2 functions of the EFI_RNG_PROTOCOL.
RngGetInfo() is currently a mere wrapper around
ArchGetSupportedRngAlgorithms() which is implemented differently
depending on the architecture used.

RngGetInfo() does nothing more than calling
ArchGetSupportedRngAlgorithms(). So remove it, and let RngGetInfo()
be implemented differently according to the architecture.

This follows the implementation of the other function of the
EFI_RNG_PROTOCOL, RngGetRNG().

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Pierre Gondois aade3b93fe SecurityPkg/RngDxe: Replace Pcd with Sp80090Ctr256Guid
gEfiRngAlgorithmSp80090Ctr256Guid was used as the default algorithm
in RngGetRNG(). The commit below set the default algorithm to
PcdCpuRngSupportedAlgorithm, which is a zero GUID by default.

As the Pcd value is not defined for any platform in the edk2-platfoms
repository, assume it was an error and go back to the first version,
using gEfiRngAlgorithmSp80090Ctr256Guid.

Fixes: 4e5ecdbac8 ("SecurityPkg: Add support for RngDxe on AARCH64")
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00
Sami Mujawar 8a89747844 SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)

Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a
common interface to generate entropy on other architectures.
GenerateEntropy() is intended to generate high quality entropy.

Also move the definition to RngDxeInternals.h

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
2022-11-06 16:32:28 +00:00