Commit Graph

492 Commits

Author SHA1 Message Date
Cohen, Eugene 3a2e6a740d SecurityPkg : Fix Rsa2048Sha256GuidedSectionExtractLib issue
This issue causes section extraction overrun and possible hang due to bad output size calculation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Cohen, Eugene" <eugene@hp.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18625 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-19 02:53:22 +00:00
Star Zeng fe3ca12d06 SecurityPkg: Use PcdSet##S to instead of PcdSet##
PcdSet## has no error status returned, then the caller has no idea about whether the set operation is successful or not.
PcdSet##S were added to return error status and PcdSet## APIs were put in ifndef DISABLE_NEW_DEPRECATED_INTERFACES condition.
To adopt PcdSet##S and further code development with DISABLE_NEW_DEPRECATED_INTERFACES defined, we need to Replace PcdSet## usage with PcdSet##S.

Normally, DynamicDefault PCD set is expected to be success, but DynamicHii PCD set failure is a legal case.
PcdTpmInitializationPolicy/PcdTcg2HashAlgorithmBitmap/PcdTpm2HashMask/PcdTpmInstanceGuid all have set operation in PEI phase,
PEI phase does not allow DynamicHii PCD set, so DynamicDefault is expected for them and use PcdSet##S to instead of PcdSet## and assert when set failure.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18614 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-16 01:46:19 +00:00
Star Zeng e90c57aa97 SecurityPkg AuthVariableLib: Add the missing gEfiAuthenticatedVariableGuid
There is no real build failure, as AuthVariableLib always links to variable driver.
But for code integrity, we should add it.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18613 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-16 01:32:48 +00:00
Thomas Palmer 9ad48dd148 SecurityPkg: Clean up unused files in RngDxe
Clean up files in RngDxe/IA32 and RngDxe/X64 that are subsumed
by files in BaseRngLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18592 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-09 06:03:34 +00:00
Thomas Palmer 3b60842ce7 SecurityPkg: Integrate new RngLib into RngDxe
Use the new RngLib to provide the IA32/X64 random data for RngDxe.
Remove x86 specific functions from RdRand files.
Simplify RngDxe by using WriteUnaligned64 for all platforms.
Use GetRandomNumber128 in RngDxe to leverage 128 bit support provided
by some HW RNG devices.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18591 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-09 06:03:26 +00:00
Samer El-Haj-Mahmoud 6aaac3838e SecurityPkg: Reduce verbosity of TPM DEBUG messages
Some of the TPM/TPM2 DEBUG messages are at EFI_D_INFO level,
 even though they are simply tracing functions that run on every boot even
 if there is no TPM installed. Changed verbosity to EFI_D_VERBOSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Samer El-Haj-Mahmoud" <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: "Jiewen Yao" <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18476 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-16 00:53:28 +00:00
Qiu Shumin 35e00ace19 SecurityPkg: Use pointer instead of array to make code readable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18403 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-06 06:22:24 +00:00
Yao, Jiewen 776566530b Add more strict check for MOR variable, besides MOR lock variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18383 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-02 06:29:06 +00:00
Qiu Shumin d2e8af9714 SecurityPkg: Use safe string function.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18344 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-28 02:51:50 +00:00
Qiu Shumin a909257835 SecurityPkg: Refine the local variable name to follow EDK2 coding style.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18335 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-27 05:27:51 +00:00
Qiu Shumin de155b154d SecurityPkg: Add missing Lib definition in DEC file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18334 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-27 05:26:24 +00:00
Qiu Shumin f194d8733d SecurityPkg: Add missing PCD usage information.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18333 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-27 05:23:46 +00:00
Qin Long 173a1e688c SecurityPkg: Fix one returned code issue in P7Verify Protocol
VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED
when the embedded content is found in SignedData but InData is not NULL.
This patch is to comply with the spec definition.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-26 00:59:17 +00:00
Liming Gao 6bb832b36b SecurityPkg: Use PcdGetSize to get the size of VOID* PCD value.
PcdLib introduces generic API to get the size of VOID* PCD value.
Update Pei and Dxe RsaGuidedLib to use generic PCD API instead of GetEx API.
This change can remove PCD type limitation in these two libraries.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18277 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-25 01:55:52 +00:00
Chao Zhang 0cebfe81f9 SecurityPkg: Update Package version to 0.96
Update Package version to 0.96

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18240 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-20 02:57:05 +00:00
Samer El-Haj-Mahmoud f88e9c5bb9 SecurityPkg: Fixed build error due to FixedAtBuild PcdTcg2HashAlgorithmBitmap
PcdTcg2HashAlgorithmBitmap is declared in a section that allows it to be Fixed or PatchableAtBuild, but there is code that sets it.
This breaks the build on some platforms. Changed it to be PcdsDynamic and PcdsDynamicEx only.

We move PcdTpm2HashMask to Dynamic section too, because now Tcg2Pei will set this PCD according to TPM2 device capability.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: "Samer El-Haj-Mahmoud" <samer.el-haj-mahmoud@hp.com>
Reviewed-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18233 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-18 05:46:50 +00:00
Yao, Jiewen a3a0974822 Add restriction that HashFinal() must be after at least one HashUpdate().
Just follow UEFI spec.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18229 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-18 02:11:10 +00:00
Yao, Jiewen 099bff5def Add context check and init in BaseCrypto2Hash().
Follow UEFI specification to add context check and init in BaseCrypto2Hash(), so that other function can get proper status on hash operation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18227 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-17 05:48:30 +00:00
Chao Zhang 13a220a998 SecurityPkg: Update SignatureSize to comply UEFI spec
Update SignatureSize to include SignatureOwner GUID. This behavior is defined by UEFI spec

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18226 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-17 02:50:26 +00:00
Yao, Jiewen c533ed3ebb Fix typo in BaseCrypto2HashInit() which causes sanity check incorrect.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18224 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-17 00:43:10 +00:00
Yao, Jiewen 1abfa4ce48 Add TPM2 support defined in trusted computing group.
TCG EFI Protocol Specification for TPM Family 2.0 Revision 1.0 Version 9 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
TCG Physical Presence Interface Specification Version 1.30, Revision 00.52 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification

Add Tcg2XXX, similar file/directory as TrEEXXX. Old TrEE driver/library can be deprecated.
1) Add Tcg2Pei/Dxe/Smm driver to log event and provide services.
2) Add Dxe/Pei/SmmTcg2PhysicalPresenceLib to support TCG PP.
3) Update Tpm2 library to use TCG2 protocol instead of TrEE protocol.

Test Win8/Win10 with SecureBoot enabled, PCR7 shows bound.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18219 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-13 08:24:17 +00:00
Chao Zhang 72362a75a4 SecurityPkg: Update coding style
Update to EDK2 coding style

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18171 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-06 08:17:54 +00:00
Qiu Shumin 37ee497e78 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock: Add missing header file description in INF file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18129 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-03 07:14:11 +00:00
Yao, Jiewen 70c7664cd3 Add Secure MOR implementation.
Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler to  enforce MorLock Policy.
Only SMM version is added because MOR is only supported in SMM variable case. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18092 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 07:20:58 +00:00
Yao, Jiewen 5c61c5cfc8 Downgrade one debug message level in DxeTpm2MeasureBootHandler from EFI_D_ERROR to EFI_D_INFO.
No TPM2 is considered as valid case. For example, a platform may only have TPM1.2, without TPM2.0 So this is NOT an ERROR message, but more an INFO message.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18091 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 06:58:47 +00:00
Chao Zhang 161b8359a8 SecurityPkg: Change TPM MMIO range attribute
For TCG spec compliance, Change TPM MMIO range attribute

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18089 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 04:49:25 +00:00
Qiu Shumin dfd11297f6 SecurityPkg: Add missing PCD usage information in UNI files.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18083 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 01:38:14 +00:00
Star Zeng f18b2162e8 SecurityPkg AuthVariableLib: Correct address pointers data
Originally, the double pointer (VOID **) is not correct for convert
address pointers, and also some address pointers were missing.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.Yao@intel.com>
[lersek@redhat.com: fix up gcc build failure -- add more (VOID **) casts]
Tested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18055 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-26 08:03:54 +00:00
Chao Zhang 1ca3a09938 SecurityPkg: Fix DBX Variable Read Error in ImageVerificationLib
ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17981 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-15 02:13:48 +00:00
Chao Zhang 368110120b SecurityPkg: Correct BootOrder/Boot#### measurement behavior
Correct the variable measurement behavior to include whole EFI_VARIABLE_DATA structure.
It is for the latest spec compliance

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17980 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-15 02:13:22 +00:00
Qiu Shumin 3ee7bc8ea7 SecurityPkg/Pkcs7VerifyDxe: Cleanup P7CheckTrust function comments.
Delete description of non-existent parameters 'Content' and 'ContentSize' from P7CheckTrust() description.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17937 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-14 02:18:19 +00:00
Chao Zhang 64b6a3ff4a SecurityPkg: Make time based AuthVariable update atomic
System may break during time based AuthVariable update, causing certdb inconsistent. 2 ways are used to ensure update atomic.
 1. Delete cert in certdb after variable is deleted
 2. Clean up certdb on variable initialization

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17919 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-10 06:20:04 +00:00
Chao Zhang cfa451c84a SecurityPkg: Add default value for TPM action question
1. Add default value for TPM action question. F9 restore default can get the right value
2. Remove redundant suppressif

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17918 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-10 06:19:32 +00:00
Zhang Lubo c2a65e233a SecurityPkg:Replace unsafe string functions.
Replace unsafe string functions with new added safe string functions.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17882 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-08 06:59:50 +00:00
Hao Wu dd4c164c81 SecurityPkg: Remove mZeroGuid definition in DxeTpmMeasureBootLib
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the
mZeroGuid defined in DxeTpmMeasureBootLib is redundant.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17844 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-07 03:04:18 +00:00
Hao Wu 2cca779652 SecurityPkg: Remove mTrEEZeroGuid definition in DxeTpm2MeasureBootLib
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the
mTrEEZeroGuid defined in DxeTpm2MeasureBootLib is redundant.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17843 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-07 03:03:49 +00:00
Zhang Lubo cc976d20ff SecurityPkg: Calculate the length of the String.
When the two concatenated strings are both not null, the total length in bytes of them should calculate the character '\0' once.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: jiaxinwu <jiaxin.wu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17820 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-03 07:27:31 +00:00
Star Zeng 7ae77cee96 SecurityPkg: Delete Auth Variable driver
1. Delete TpmMeasurementLib LibraryClass from SecurityPkg after it moved to MdeModulePkg.
2. Update DxeTpmMeasurementLib.inf to include MdeModulePkg.dec.
3. Delete authenticated variable definition from AuthenticatedVariableFormat.h after
them moved to VariableFormat.h.
4. Replace VARIABLE_HEADER with AUTHENTICATED_VARIABLE_HEADER in EsalVariableDxeSal.
5. Delete VariableInfo from SecurityPkg after it merged to VariableInfo in MdeModulePkg.
6. Delete VariablePei from SecurityPkg after it merged to VariablePei in MdeModulePkg.
7. Delete Auth Variable driver from SecurityPkg after it merged to Variable driver in
MdeModulePkg.
8. Also update PACKAGE_GUID and PACKAGE_VERSION in SecurityPkg.dec after the deletion
of authenticated variable definition, VariableInfo, VariablePei and Auth Variable
driver from SecurityPkg; update PLATFORM_VERSION in SecurityPkg.dsc.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17772 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-01 03:13:02 +00:00
Star Zeng a6811666b0 SecurityPkg: Implement AuthVariableLib library instance
What to do:
1. Implement AuthVariableLib library instance.
2. Temporarily add VARIABLE_ENTRY_CONSISTENCY and
variable attribute combinations definitions to
AuthenticatedVariableFormat.h for git bisect.

Why to do:
1. Share code.
Separate auth variable service from Auth Variable driver in
SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17758 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-01 03:04:59 +00:00
Jonathan Doman cb9a7ebabc SecurityPkg: Add MD5 support to Hash2DxeCrypto
MD5 is part of the HASH2 protocol and it's trivial to support.
 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jonathan Doman <jonathan.doman@hp.com>
Reviewed-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hp.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17729 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-29 05:31:44 +00:00
Tian Feng 495ee9b851 SecurityPkg/TcgMor: move TPer Reset operation to this module
The TPer Reset operation is a common logic. So it's added into
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf module and
would be triggered at EndOfDxe.

By this way, all encrypted drives which produce EFI_STORAGE_SECURITY_
RPOTOCOL interface would be force reset when MOR is set.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tian Feng <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17718 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-26 08:42:46 +00:00
Chao Zhang b338cdc7a5 SecurityPkg: Provide correct file GUID for Pkcs7VerifyDxe
Provide correct file GUID for Pkcs7VerifyDxe

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17688 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-23 14:37:13 +00:00
Liming Gao 3cd2484e3a SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySize
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment
Signature field. So, its structure doesn't include Signature field. But,
ImageExeInfoEntrySize uses its structure size minor Signature size. It
will be corrected in this change.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17687 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-23 10:48:30 +00:00
Qin Long 2d0934995f SecurityPkg: Add UEFI-2.5 PKCS7 Verification Protocol Support
This patch adds the support for PKCS7 Verification Protocol which
was defined in UEFI 2.5.
(NOTE: The VerifySignature interface was not supported in this
       version, due to openssl interface limitation)

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17670 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19 02:45:06 +00:00
Star Zeng fe9dfae514 SecurityPkg Variable: Move VariableLock install into SmmVariableReady().
VariableLock in VariableSmmRuntimeDxe.c is installed in EntryPoint now.
It works based on SMM variable handler by SMM communication with
payload buffer. But the payload buffer and SMM variable handler will
be not ready in EntryPoint before SmmVariableReady() call back.

VarCheck in VariableSmmRuntimeDxe.c has the same issue,
so move VarCheck install into SmmVariableReady() also.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17625 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-11 10:23:44 +00:00
Star Zeng 13af4ab065 SecurityPkg Variable: Support the new introduced PcdMaxAuthVariableSize.
1. If PcdMaxAuthVariableSize is set to 0, keep current behavior as is and
PcdMaxVariableSize used.
2. If PcdMaxAuthVariableSize is set to non 0, it will work on
authenticated variables.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17610 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-10 07:52:12 +00:00
Chao Zhang d863e127a2 SecurityPkg: Fix wrong cert data measurement in DBX path
Fix wrong cert data measurement when image is rejected by DBX

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17591 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-09 05:20:06 +00:00
Star Zeng f5e9390ef2 SecurityPkg Variable: Add SysPrepOrder and SysPrep#### to global list.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17578 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-08 09:36:20 +00:00
Dandan Bi b965bd99c5 Remove Framework HII "class\subclass" in all VFR
class/subclass is the obseleted key word in VFR file. It is designed in framework HII.
After convert to UEFI HII, it is not used any longer. Now remove them from VFR

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17493 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-21 07:58:12 +00:00
Yao, Jiewen 0e44e86191 Add comments for INF file to declare guid/protocol usage.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> 




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17469 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-19 03:16:09 +00:00
Star Zeng c7b897519e SecurityPkg Variable: Prevent BS variable update in legacy OS runtime.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17468 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-19 01:33:25 +00:00
Liming Gao 99d9ade85a SecurityPkg: Add more comments for PcdTpmInstanceGuid
When PcdTpmInstanceGuid is configured to other value,
it means other TPM 2.0 device.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17446 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-14 05:03:55 +00:00
Ard Biesheuvel a16170a110 SecurityPkg: Update SecureBootConfigDxe to support ARM image
Update SecureBootConfigDxe component to allow the enrollment of
the digests of EFI executable that are built for ARM or AARCH64.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17406 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-11 06:37:03 +00:00
Chao Zhang 98e9d30f78 SecurityPkg Variable: Make PK & SecureBootMode consistent
PK can be cleared in runtime. However SecureBootMode variable is not updated accordingly.  Add code in variable init to make them consistent.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17401 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-11 05:49:31 +00:00
Yao, Jiewen b7a66f97f8 Hash2 driver to [Components.IA32, Components.X64, Components.IPF] section.
Because Hash2 need CryptoLib/Openssl, while latter does not support EBC build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> 




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17365 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-08 07:25:06 +00:00
Ard Biesheuvel 4ba30eded8 SecurityPkg: remove unused variables
This removes various unused variables from SecurityPkg whose presence
is causing failed builds.

Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17354 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-07 15:16:23 +00:00
Yao, Jiewen 724dcbb272 Add UEFI2.5 HASH protocol implementation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> 
Reviewed-by: "Long, Qin" <Qin.Long@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17288 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-05 01:40:16 +00:00
Star Zeng 27a0a8bc0e SecurityPkg Variable: Enhance the code logic about VariableLock
to just return EFI_SUCCESS if the variable has been in the locked list.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17140 6f19259b-4bc3-4df7-8a09-765794883524
2015-04-10 01:52:54 +00:00
Star Zeng ba9d087b8f SecurityPkg Variable: Reuse scratch data area(at the end of volatile variable store)
as serialization runtime buffer to reduce SMRAM consumption for SMM variable driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17059 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-17 06:41:40 +00:00
Star Zeng 856236cad7 SecurityPkg Variable: Update code in ProcessVariable () to
check IsDeleteAuthVariable () first and then check
UserPhysicalPresent () to avoid the case below.

PcdSetXX (a DynamicHii PCD) -> gRT->SetVariable ()
-> UserPhysicalPresent () -> PcdGetXX () 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17058 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-17 03:25:16 +00:00
Star Zeng aef8cea9e4 SecurityPkg Variable: Initialize Status in ProcessVariable().
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17048 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-13 08:49:09 +00:00
Shumin Qiu 69f8bb5288 SecurityPkg: Fix typo.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17047 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-13 08:25:27 +00:00
Star Zeng f6c5031926 SecurityPkg Variable: Allow the delete operation of common auth variable at user physical presence.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17042 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-13 01:24:16 +00:00
Star Zeng 52e764f796 SecurityPkg Variable: Keep the behavior of Variable Dxe and SMM drivers consistent
to return EFI_NOT_FOUND when a specified variable doesn't exist and
Data parameter is NULL but DataSize parameter is valid in GetVariable() invocation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17031 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-09 13:05:55 +00:00
Yao, Jiewen 3dd05ac3e6 Add performance optimization for Tcg/TrEE.
Add error check for Tcg/TrEE Pei/Dxe driver to avoid unnecessary hardware check for performance optimization.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zeng, Star" <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17004 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-04 01:15:08 +00:00
Long, Qin 3f63bc365d Add the missed local variable initialization to remove the possible warning.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16763 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-05 05:37:10 +00:00
Star Zeng 4b4a068cd4 SecurityPkg: Cleanup gEfiSmmAccess2ProtocolGuid reference.
As the driver does not reference gEfiSmmAccess2ProtocolGuid explicitly now
after SmmMemLib introduced.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16761 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-05 01:00:53 +00:00
Long, Qin 27c93c06c0 Correct the DBX and Certificate Hash Checking.
Add the missed image signature verification against DBX;
and add the missed logic to enhance the certificate hash checking when handling DB database.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16744 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-04 08:19:53 +00:00
Jordan Justen 3f3c4895da */Contributions.txt: Update example email address
Use the example.com domain as recommended in RFC 2606.

NOTE: This does not modify the wording of the "TianoCore Contribution
      Agreement 1.0" section

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Bruce Cran <bruce.cran@gmail.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16724 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-03 17:29:14 +00:00
Yao, Jiewen 9054e55a22 Use SmmMemLib to check communication buffer.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Gao, Liming" <liming.gao@intel.com>
Reviewed-by: "Fan, Jeff" <jeff.fan@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16695 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02 14:43:28 +00:00
Star Zeng 93626a5377 SecurityPkg Variable: Introduce PcdReclaimVariableSpaceAtEndOfDxe
for trying to reclaim variable space at EndOfDxe.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16688 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02 09:31:08 +00:00
Star Zeng db3c5441b1 SecurityPkg Variable: Before EndOfDxe, just record the current boot VarErrorFlag to local variable.
And leave the variable error flag in NV flash as the last boot variable error flag.
After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
will be initialized to this local current boot variable error flag.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16686 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02 08:39:26 +00:00
Star Zeng c4b5cc4318 SecurityPkg Variable: Before EndOfDxe, just record the current boot VarErrorFlag to local variable.
And leave the variable error flag in NV flash as the last boot variable error flag.
After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
will be initialized to this local current boot variable error flag.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16685 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02 03:18:10 +00:00
Star Zeng 952ba83c47 SecurityPkg Variable: Implement variable quota management.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16670 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-27 08:44:10 +00:00
Yao, Jiewen 83a276f613 Add TpmInitializationDonePpi to TPM PEI module.
This PPI will always be installed to notify other drivers that TPM initialization action is done. TPM initialization may success or fail, or even not present.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
Reviewed-by: "Chiu, Chasel" <chasel.chiu@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16638 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-22 05:14:23 +00:00
Shumin Qiu 6a3dae6882 Refine the format of GUID in INF files for SecurityPkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16616 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-16 03:30:07 +00:00
Yao, Jiewen a782428ec6 Correct file path.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16603 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-13 01:23:15 +00:00
Yao, Jiewen 5dbb66351a Check in missing patch for TPM error handling.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16602 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-13 01:18:11 +00:00
Yao, Jiewen 6f785cfcc3 Handle TPM device error and avoid deadloop in BDS.
If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled.
Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-12 03:21:00 +00:00
Yao, Jiewen 4610b23ab1 Add TPM Physical Presence >=128 operation value support.
The Tcg/TrEE PhysicalPresence library will depend on Tcg/TrEE PpVendor library.
The default NULL library instance is provided in this package.
OEM can create OemPpVendorLib as override to handle >=128 operation value.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16597 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-12 03:16:49 +00:00
Yao, Jiewen 92ca0c6721 Add TPM12 NV related function.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16590 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-08 05:41:56 +00:00
Star Zeng 17409b7aad SecurityPkg Variable: Implement VarCheck PROTOCOL
and follow UEFI spec to check UEFI defined variables.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16580 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-05 03:42:17 +00:00
Dong Guo 931aae946f Remove the FV header assumption in variable driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16565 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-31 01:47:39 +00:00
Long, Qin 12d95665cb Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec.
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, 
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-25 08:37:08 +00:00
Yao, Jiewen 9093fb92d5 Correct AuthHandle definition for Tpm2SetPrimaryPolicy.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Long, Qin" <qin.long@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16549 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-23 04:06:52 +00:00
Yao, Jiewen a50e58f48b Add TPM2 commands which might be used in provision.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
Reviewed-by: "Long, Qin" <qin.long@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16548 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-23 04:03:32 +00:00
Yao, Jiewen 5145567419 Use better coding style.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Qiu, Shumin" <shumin.qiu@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16540 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-19 05:21:55 +00:00
Yao, Jiewen 967eaccaaa Add TPM2 commands which might be used in field upgrade.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
Reviewed-by: "Long, Qin" <qin.long@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16505 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-12 04:34:19 +00:00
Dong Guo 5789fe3587 correct a data type error.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Dong Eric <eric.dong@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16498 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-11 06:34:57 +00:00
Chao Zhang 61959fa9ba Fix potential NULL pointer dereference issue in TcgDxe & TreeDxe.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16494 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-10 08:21:05 +00:00
Dong Guo 213cc1000e Add failed image Name in the Image Execution Information Table.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16493 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-10 08:09:20 +00:00
Qin Long 7e0699c06e Code clean-up to eliminate potential "dereferenced pointer" warning.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16468 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-03 07:40:32 +00:00
Qin Long 2bf41ed7dc Correct the alignment calculation of PE/COFF attribute certificate entry.
This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-26 08:21:54 +00:00
Star Zeng eb774e2ef5 MdeModulePkg/SecurityPkg VariablePei: Fix VS2013 build failure.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16406 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-19 07:13:35 +00:00
Laszlo Ersek d547f31c32 SecurityPkg: VariableServiceSetVariable(): fix dbt <-> GUID association
SVN r16380 ("UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp
Verification support for Secure Boot") broke the "dbt" variable's
association with its expected namespace GUID.

According to "MdePkg/Include/Guid/ImageAuthentication.h", *all* of the
"db", "dbx", and "dbt" (== EFI_IMAGE_SECURITY_DATABASE2) variables have
their special meanings in the EFI_IMAGE_SECURITY_DATABASE_GUID namespace.

However, the above commit introduced the following expression in
VariableServiceSetVariable():

> -  } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> -          ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {
> +  } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> +          ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))
> +           || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2)) == 0) {

Simply replacing the individual expressions with the predicates
"GuidMatch", "DbMatch", "DbxMatch", and "DbtMatch", the above
transformation becomes:

> -  } else if (GuidMatch &&
> -          ((DbMatch) || (DbxMatch))) {
> +  } else if (GuidMatch &&
> +          ((DbMatch) || (DbxMatch))
> +           || DbtMatch) {

In shorter form, we change

  GuidMatch && (DbMatch || DbxMatch)

into

  GuidMatch && (DbMatch || DbxMatch) || DbtMatch

which is incorrect, because this way "dbt" will match outside of the
intended namespace / GUID.

The error was caught by gcc:

> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c: In function
> 'VariableServiceSetVariable':
>
> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c:3188:71: error:
> suggest parentheses around '&&' within '||' [-Werror=parentheses]
>
>    } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
>                                                                        ^
> cc1: all warnings being treated as errors

Fix the parentheses.

This change may have security implications.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16389 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-14 13:47:14 +00:00
Qin Long 20333c6d56 UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot
Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-14 08:41:12 +00:00
Chao Zhang 33985e3b52 Fix execution status & DEBUG message level mismatch. EFI_D_ERROR is used only when failure/case can’t be resolved by code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16320 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-10 05:01:15 +00:00
Jordan Justen 26830e8579 EDK II Contributions.txt: Update patch format information
Update to show what the patch looks like in email form.

NOTE: This does not modify the wording of the "TianoCore Contribution
      Agreement 1.0" section

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16297 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-31 22:05:50 +00:00
Chao Zhang f7fe68db7d Remove redundant ASSERT in TcgDxe & TreeDxe. Some asserts are removed directly, some are replaced by debug output.
ASSERT for SetupEventLog is kept. It is the foundation of TcgProtocol and TrEEProtocol

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16281 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-31 10:59:25 +00:00
Star Zeng 6ebffb67c8 MdeModulePkg/SecurityPkg Variable: Add boundary check for while (IsValidVariableHeader (Variable)).
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16280 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-31 10:26:54 +00:00
Chao, Zhang 36bdec3cd9 Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory overflow issue.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-22 07:30:22 +00:00
Eric Dong 79e1ffbdd4 Clean up the code. Action statement should not have text two opcode.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16221 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-21 05:48:00 +00:00
Chao, Zhang 8c83d0c0b9 Add PubKey index check before touching PubKey cache. Internal PubKey Variable PubkeyIndex is always 0, causing Index – 1 overflow. Update corresponding comments.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16220 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-21 00:35:49 +00:00
Dong, Guo 365614e21e Roll back the dependency change in MOR driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16179 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-26 03:24:56 +00:00
Dong, Guo 7c064c3189 SecurityPkg VariableRuntimeDxe: Bug fix and and refine debug message.
Correct NV variable base address for flash memory attribute set to EFI_MEMORY_RUNTIME.
Refine the debug error message.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Zeng, Star <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16055 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-03 09:19:30 +00:00
Gao, Liming 4cfde6dea6 SecurityPkg: Convert non DOS format files to DOS format
Module UNI and Package UNI files are not DOS format. Convert them to DOS format.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16050 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-03 08:51:17 +00:00
Dong, Guo 8fcdb5d4ae Update SecurityPkg package version to 0.94.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16032 6f19259b-4bc3-4df7-8a09-765794883524
2014-09-02 07:05:34 +00:00
Dong, Guo 72b1863ebf SecurityPkg: INF/DEC file updates to EDK II packages
2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.

3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15959 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 06:17:17 +00:00
Dong, Guo 4ce12df36c SecurityPkg: INF/DEC file updates to EDK II packages
5. Add PACKAGE_UNI_FILE UNI file that contains the localized Abstract and Description of a package and localized strings associated with PCDs. 
a. Addresses an information gap between DEC files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume PACKAGE_UNI_FILE and associated UNI file during UDP creation that performs the DEC -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce PACKAGE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> DEC conversion.

6. Add Package Extra UNI file that provides the localized Name of a package.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a package to specify extra files to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a package to go along with the localized Abstract and Description from the PACKAGE_UNI_FILE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15953 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:49:39 +00:00
Dong, Guo 606d38a598 SecurityPkg: INF/DEC file updates to EDK II packages
4. PCD information in DEC file comment blocks are either incomplete or incorrect.  
This includes detailed description, @Prompt, @ValidRange, @ValidList, @Expression, and [Error.<TokenSpaceGuid>] validation error messages.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15952 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:49:11 +00:00
Dong, Guo aced95158d SecurityPkg: INF/DEC file updates to EDK II packages
2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.

3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15951 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:34:23 +00:00
Dong, Guo 60c944c7d6 SecurityPkg: INF/DEC file updates to EDK II packages
1. Usage information in INF file comment blocks are either incomplete or incorrect.  
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.  
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15950 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-28 05:31:09 +00:00
Jordan Justen fad213a3db EDK II Contributions.txt: Note acceptable contribution licenses
We strongly prefer that contribtions be offered using the same license
as the project/module. But, we should document other acceptable
licenses for contributions.

This will allow package owners to more easily know if they can accept
a contribution under a different source license.

NOTE: This does not modify the wording of the "TianoCore Contribution
      Agreement 1.0" section

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Mark Doran <mark.doran@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15892 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-25 23:10:18 +00:00
Dong, Guo 9ece15ad80 Update TcgPei and TrEEPei driver to make gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported to be used as patchable PCD instead of Fixed PCD.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15879 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-22 05:05:22 +00:00
Dong, Guo b5412eac9e Update TcgPei and TrEEPei driver to make gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported to be used as patchable PCD instead of Fixed PCD.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15848 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-20 09:37:26 +00:00
Dong, Guo 4ccef56102 1) Update code to use PcdFixedUsbCredentialProviderTokenFileName and PcdMaxVariableSize as patchable PCD instead of FixedAtBuild PCD.
2)      Correct a typo in file comments of Tpm12Ownership.c

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15811 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-15 08:10:55 +00:00
Michael Kinney 1a53a034ec Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney  <michael.d.kinney@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>

Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section.  The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file.  Signing operations are performed from python scripts that wrap OpenSsl command line utilities.  Verification operations are performed using the OpenSsl libraries in the CryptoPkg.

The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID.  The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data.  The signing tool included in these patches performs encode/decode operations using this data layout.  HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.

MdePkg/Include/Guid/WinCertificate.h
================================= 
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
// 
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
  {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }

///
/// WIN_CERTIFICATE_UEFI_GUID.CertData
/// 
typedef struct {
  EFI_GUID  HashType;
  UINT8     PublicKey[256];
  UINT8     Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;

MdePkg/Include/Protocol/Hash.h
================================= 
#define EFI_HASH_ALGORITHM_SHA256_GUID \
  { \
    0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \
  }

The verification operations require the use of public key(s).  A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys.  A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys.  When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD.  It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.

While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete.  It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.

I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible.  The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries.  This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.

Patch Summary
==============
1)	BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
  a.	Wrapper for a set of OpenSsl command line utility operations
  b.	OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
  c.	Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section 

Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>

positional arguments:
  input_file            specify the input filename

optional arguments:
  -e                    encode file
  -d                    decode file
  -o filename, --output filename
                        specify the output filename
  --private-key PRIVATEKEYFILE
                        specify the private key filename. If not specified, a
                        test signing key is used.
  -v, --verbose         increase output messages
  -q, --quiet           reduce output messages
  --debug [0-9]         set debug level
  --version             display the program version and exit
  -h, --help            display this help text

2)	BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
  a.	Wrapper for a set of OpenSsl command line utility operations
  b.	OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH

Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]

optional arguments:
  -o [filename [filename ...]], --output [filename [filename ...]]
                        specify the output private key filename in PEM format
  -i [filename [filename ...]], --input [filename [filename ...]]
                        specify the input private key filename in PEM format
  --public-key-hash PUBLICKEYHASHFILE
                        specify the public key hash filename that is SHA 256
                        hash of 2048 bit RSA public key in binary format
  --public-key-hash-c PUBLICKEYHASHCFILE
                        specify the public key hash filename that is SHA 256
                        hash of 2048 bit RSA public key in C structure format
  -v, --verbose         increase output messages
  -q, --quiet           reduce output messages
  --debug [0-9]         set debug level
  --version             display the program version and exit
  -h, --help            display this help text

3)	BaseTools\Conf\tools_def.template
  a.	Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b.	GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
  c.	Tool is Rsa2049Sha256Sign
4)	MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
  a.	Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5)	MdeModulePkg\Universal\SectionExtractionPei
  a.	Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6)	MdeModulePkg\Universal\SectionExtractionDxe
  a.	Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7)	SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
  a.	NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
  b.	Based on algorithms from SecurityPkg Authenticated Variable services
  c.	Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8)	SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
  a.	NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
  b.	Based on algorithms from SecurityPkg Authenticated Variable services
  c.	Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15801 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-14 06:31:34 +00:00
jyao1 4e684d3ca4 Correct StrnCat length calculation.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed off by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed by: Guo Dong <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15788 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-12 03:31:47 +00:00
jyao1 58dbfc3c0f Clean up code.
Contributed-under: TianoCore Contribution Agreement 1.0

Signed off by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed by: Eric Dong <eric.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15766 6f19259b-4bc3-4df7-8a09-765794883524
2014-08-07 05:03:10 +00:00
Eric Dong d4193108b5 Update code to support VS2013 tool chain.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15694 6f19259b-4bc3-4df7-8a09-765794883524
2014-07-28 07:45:49 +00:00
Star Zeng 859b0db434 SecurityPkg HashLibBaseCryptoRouterDxe/Tpm2DeviceLibRouterPei: Fixed GCC build failure after -Wno-missing-braces option in GCC removed.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15613 6f19259b-4bc3-4df7-8a09-765794883524
2014-07-02 09:02:35 +00:00
Eric Dong 1fee5304db Refine code to make it more safely.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15590 6f19259b-4bc3-4df7-8a09-765794883524
2014-06-25 06:00:49 +00:00
Dong, Guo ffccb935fa Update code to always publish EFI_IMAGE_EXECUTION_INFO_TABLE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Zhang, Chao B <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15585 6f19259b-4bc3-4df7-8a09-765794883524
2014-06-25 02:02:22 +00:00
Andrew Fish 9a70350fff Fix build issues with Xcode in CryptoPkg and SecurityPkg.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15561 6f19259b-4bc3-4df7-8a09-765794883524
2014-06-16 08:31:41 +00:00
Eric Dong 56dea5e177 Config Access Protocol return value not follow spec, update code to follow it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Gao, Liming <liming,gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15490 6f19259b-4bc3-4df7-8a09-765794883524
2014-04-28 06:53:29 +00:00
Star Zeng 387208ab04 MdeModulePkg/SecurityPkg: Update TreePei to handle FvInfo2 and update FwVol of PeiCore to always install both FvInfo and FvInfo2.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15467 6f19259b-4bc3-4df7-8a09-765794883524
2014-04-15 09:19:04 +00:00
Dong Guo e3ff137e36 Add missing parameter comment in AddPubKeyInStore()
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Dong, Eric <eric.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15426 6f19259b-4bc3-4df7-8a09-765794883524
2014-04-01 06:02:10 +00:00
Dong Guo cbbac2e1ef Remove unused [PcdsDynamic, PcdsDynamicEx] section.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fan, Jeff <jeff.fan@intel.com>
Reviewed-by: Ni, Ruiyu <ruiyu.ni@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15416 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-31 01:54:51 +00:00
Eric Dong 7a1f792dcf Check the input file pointer before use it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Guo, Dong <guo.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15412 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-28 05:51:51 +00:00
Star Zeng 3a4b498ee1 SecurityPkg Variable: Add NULL pointer check.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15409 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-28 02:47:46 +00:00
Dong Guo 2bc363714e Remove hide TPM support.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Ni, Ruiyu <ruiyu.ni@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15405 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-27 11:03:04 +00:00
Dong Guo 9a12e5825a Calculate enough space for 2 variables (public key and variable data) instead of directly setting them 1 by 1.
Fixed a bug in public key reclaim().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Zeng, Star <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15404 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-27 10:54:23 +00:00
Star Zeng b2bd493edb MdeModulePkg/SecurityPkg Variable: Calculate enough space for PlatformLang and Lang variables and use PcdUefiVariableDefaultLangDeprecate to turn off auto update between PlatformLang and Lang variables.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15388 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-25 06:56:55 +00:00
Dong Guo 2001537d53 Comment PwdCredential driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15376 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-23 23:47:18 +00:00
Jiewen Yao 5437d457b9 Fix current TPM device string missing. Use efivarstore instead of varstor, remove TPM disable.
Signed-off-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Guo Dong <Guo.Dong@intel.com>
Reviewed-by: Liming Gao <Liming.Gao@intel.com>

Contributed-under: TianoCore Contribution Agreement 1.0


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15360 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-21 02:51:42 +00:00
Dong Guo 68d151bbc9 Force UID modules build error to warn user that currently it is just a sample.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15356 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-21 00:57:42 +00:00
Star Zeng 9bc5dabb10 MdeModulePkg/SecurityPkg Variable: Return error status to avoid inconsistency between PlatformLang and Lang.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15340 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-20 02:07:48 +00:00
Dong Guo 25da08c8b2 Fix the return value bug when updating public key database variable failure.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15339 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-19 03:12:57 +00:00
Dong Guo 560b2fb47a Add comments for PcdHideTpmSupport.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15334 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-17 08:38:32 +00:00
Dong Guo 4345d16427 Remove unnecessary dependency in variable driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15332 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-17 08:23:54 +00:00
Dong Guo 8a8c6c962a Fix the return status when physical presence variable and MemoryOverwriteRequestControl variable are corrupt.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15329 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-17 05:46:53 +00:00
jyao1 207256b79b Remove unused variable attribute flag.
Signed off by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed by: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Contributed-under: TianoCore Contribution Agreement 1.0


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15321 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-07 03:07:09 +00:00
Dong Guo c2fcbc853f Add description information for the GUID and Library class defined in DEC file
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15194 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-28 07:00:06 +00:00
Gao, Liming 201edad327 Update Module BaseName to avoid the same name.
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15175 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-24 09:32:30 +00:00
Dong Guo 675723cbca Fix PCD help information format and a typo.
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15171 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-23 03:19:38 +00:00
jyao1 7cf7822184 Fix typo in PCD description in SecurityPkg.
Signed-off by: jiewen yao <jiewen.yao@intel.com>
Reviewed by: guo dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15105 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-13 13:42:42 +00:00
Dong Guo 7527b53dcb Upgrade package version to 0.93
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Tian, Hot <hot.tian@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15081 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-10 01:24:51 +00:00
Eric Dong c93bcb7ef4 Return to BMM page if parse the file info failed.
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15067 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-09 05:59:53 +00:00
Eric Dong 0b716fd764 Rollback the patch 15054.
Signed-off-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15059 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-08 08:21:22 +00:00
Eric Dong eff077992a Not update the status until parse the file info success.
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15054 6f19259b-4bc3-4df7-8a09-765794883524
2014-01-07 07:34:20 +00:00
Liming Gao 4db0b65c06 Correct INF file to make module pass ICC compiler.
Signed-off-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14961 6f19259b-4bc3-4df7-8a09-765794883524
2013-12-11 08:22:43 +00:00
Fu Siyuan 68fc0c7319 Update DEC file and DxeImageVerificationLib to note user that ALLOW_EXECUTE_ON_SECURITY_VIOLATION is no longer supported.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14923 6f19259b-4bc3-4df7-8a09-765794883524
2013-12-02 07:52:35 +00:00
Dong Guo 8b7d84ca53 Upgrade TPM SSDT version from ACPI version 1 (ACPI 1.0 compatible) to version 2 (ACPI 5.0 compatible).
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14919 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-29 03:39:13 +00:00
Dong Guo 5ec61d4152 Makes DxeDeferImageLoadLib not depend on
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ni, Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Ouyang, Qian <qian.ouyang@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14905 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-27 09:08:29 +00:00
Fu Siyuan 742d9b3a38 Refine the Secure Boot UI driver to input the GUID and varstroe name when using HiiSetBrowserData/HiiGetBrowserData.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Eric <eric.dong@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14897 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-25 06:40:34 +00:00
Long, Qin b6023fb17d Fix coding style problem in RngDxe driver.
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14878 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-21 09:02:33 +00:00
Long, Qin 3aa8dc6cd3 Add UEFI RNG Protocol support. The driver will leverage Intel Secure Key technology to produce the Random Number Generator protocol, which is used to provide high-quality random numbers for use in applications, or entropy for seeding other random number generators. Refer to http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide/ for more information about Intel Secure Key technology.
Signed-off-by: Long, Qin <qin.long@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Rosenbaum, Lee G <lee.g.rosenbaum@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14858 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-19 01:49:49 +00:00
Star Zeng fddbbc661e SecurityPkg Variable: Remove mStorageData buffer allocation and use Scratch buffer instead to reduce SMRAM consumption.
It can reduce MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) size of SMRAM consumption.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14855 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-18 02:56:04 +00:00
Star Zeng 128ef095b0 MdeModulePkg and SecurityPkg Variable: Optimize the code to reduce some SMRAM consumption during variable reclaiming.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14832 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-12 13:31:43 +00:00
Star Zeng 7baf3c69c5 MdeModulePkg and SecurityPkg Variable: Enhance code to use the new variable data instead of old variable data when variable reclaim.
It can fix the potential failure to return EFI_OUT_OF_RESOURCES of the second variable set of large variable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14822 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-04 03:13:54 +00:00
jyao1 9318b08eb5 Add TPM1.2 SaveState API.
Signed off by: Yao, Jiewen <Jiewen.yao@intel.com>
Reviewed by: Dong Guo <Gui.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14791 6f19259b-4bc3-4df7-8a09-765794883524
2013-10-21 05:56:07 +00:00
Star Zeng c79351059e 1. Enable use-cases in PEI using SecurityPPI co-equal to the use-cases in DXE using the Security Arch Protocol
2. Add support to find section by instance rather than only 0 at PEI phase.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14763 6f19259b-4bc3-4df7-8a09-765794883524
2013-10-11 03:54:13 +00:00
Fu Siyuan 5ecc20b553 Fix coding style issue.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14755 6f19259b-4bc3-4df7-8a09-765794883524
2013-10-09 03:46:46 +00:00
jyao1 22f89647b0 TrEEPhysicalPresenceLib|Include/Library/TrEEPhysicalPresenceLib.h
Correct LIBRARY_CLASS definition and declaration.

signed off by : jiewen, yao jiewen.yao@intel.com
reviewed by : liming, gao liming.gao@intel.com


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14754 6f19259b-4bc3-4df7-8a09-765794883524
2013-10-09 02:52:51 +00:00
Fu Siyuan 44446d10b0 Fix a bug about the “VendorKey” variable update logic.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14746 6f19259b-4bc3-4df7-8a09-765794883524
2013-10-08 05:31:28 +00:00
gdong1 15d73df950 Add missing comments for function parameters.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14694 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-23 02:00:24 +00:00
jyao1 c1d932429e Add TPM2 implementation.
signed off by: jiewen.yao@intel.com
reviewed by: guo.dong@intel.com

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14687 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-18 05:31:18 +00:00
Star Zeng e84f07b5fc Create PCDs in MdeModulePkg for ACPI table OEM_ID/OEM_TABLE_ID/OEM_REVISION/CREATOR_ID/CREATOR_REVISION customization.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14672 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-16 02:20:52 +00:00
Fu Siyuan 3a186b06f1 Return EFI_WRITE_PROTECTED when setting KEKDefault, PKDefault, dbDefault, dbxDefault and dbtDefault variable.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14662 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-12 05:31:26 +00:00
Fu Siyuan 74b5fd7a11 Update the chaining requirements with regards to the Platform Key.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14661 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-12 05:26:15 +00:00
Fu Siyuan a555940b2d Add “VendorKeys” variable for indicating out of band key modification.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14660 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-12 05:23:28 +00:00
Dong Guo ed094569d6 Enhance TPM driver to protect TPM physical presence flags.
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Ouyang, Qian <qian.ouyang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14619 6f19259b-4bc3-4df7-8a09-765794883524
2013-09-03 07:39:26 +00:00
Fu Siyuan db44ea6c4e 1. Change default PCD in SecurityPkg to 4 (DENY_EXECUTE) in DEC file.
2. ASSERT if PCD value is set to 5 (QUERY_USER_ON_SECURITY_VIOLATION).
3. Update override PCD setting from 5 to 4 in platform DSC file.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14607 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-28 09:06:40 +00:00
Fu Siyuan a365eed476 Fix a bug in secure boot configuration driver: Enroll DB/KEK will disable Attempt Secure Boot option.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14590 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-22 09:46:03 +00:00
Star Zeng 6675a21f14 MdePkg/MdeModulePkg/SecurityPkg Variable: Forbid creation of non-spec variables in EFI_GLOBAL_VARIABLE namespace.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14560 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-19 05:16:45 +00:00
Star Zeng 6e67fec07f MdeModulePkg/SecurityPkg Variable: If a preexisting variable is rewritten with different attributes, SetVariable() shall not modify the variable and shall return EFI_INVALID_PARAMETER.
Two exceptions to this rule:
1. No access attributes specified
2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14552 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-16 03:19:45 +00:00
Shumin Qiu 301c867b27 Change EFI_TCG_EVENT_HOB_GUID value to avoid the duplicated GUID value with EFI_LEGACY_BIOS_GUID.
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14536 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-09 05:23:22 +00:00
Gary Ching-Pang Lin fd64f84f23 Checks the length of the file name to avoid illegal access.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14531 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-08 02:41:37 +00:00
Ruiyu Ni 863986b3c8 Update all the code to consume the ConvertDevicePathToText, ConvertDevicePathNodeToText, ConvertTextToDevicePath and ConvertTextToDeviceNode APIs in DevicePathLib.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Reviewed-by: Elvin Li <elvin.li@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14505 6f19259b-4bc3-4df7-8a09-765794883524
2013-07-26 03:14:08 +00:00
Star Zeng 41982ebbc5 SecurityPkg Variable: Add the check for PcdFlashNvStorageVariableSize <= PcdFlashNvStorageFtwSpareSize.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14464 6f19259b-4bc3-4df7-8a09-765794883524
2013-07-11 08:18:56 +00:00
Star Zeng 039a40aa3b SecurityPkg: Variable drivers robustly handle crashes during Reclaim().
PEI variable implementation checks only the variable header signature for validity. This does not seem robust if system crash occurred during previous Reclaim() operation. If the crash occurred while FTW was rewriting the variable FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: PEI variable and early phase(before FTW protocol ready) of DXE variable can check the FTW last write status provided by FaultTolerantWritePei and determine if all or partial variable data has been backed up in spare block, and then use the backed up data.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14455 6f19259b-4bc3-4df7-8a09-765794883524
2013-07-03 09:09:42 +00:00
Laszlo Ersek 328e5d8c19 The list of locked variables is traversed at runtime, hence we must
convert the list when transferring from physical to virtual mode.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14425 6f19259b-4bc3-4df7-8a09-765794883524
2013-06-17 02:30:42 +00:00
Ruiyu Ni e4b7e2c94f Revert the changes made in 14403 because it incorrectly changed the EOL.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14424 6f19259b-4bc3-4df7-8a09-765794883524
2013-06-17 02:18:58 +00:00
Laszlo Ersek 9199cb9c02 The list of locked variables is traversed at runtime, hence we must
convert the list when transferring from physical to virtual mode.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14403 6f19259b-4bc3-4df7-8a09-765794883524
2013-06-14 01:55:12 +00:00
Chao Zhang 443bd74473 Fix overflow issue in TcgProtocol
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14396 6f19259b-4bc3-4df7-8a09-765794883524
2013-06-06 00:39:41 +00:00
lzeng14 164a9b6752 Fix the TOCTOU issue of CommBufferSize itself for SMM communicate handler input.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14379 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-21 02:22:02 +00:00
niruiyu 6ab9f44138 Add the EDKII_VARIABLE_LOCK_PROTOCOL implementation in SecurityPkg variable drivers.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14378 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-20 07:10:10 +00:00
sfu5 0ba17ade47 Fix a bug that “SecureBoot” varaible will be updated to NV+AT attribute incorrectly.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-17 08:05:01 +00:00
sfu5 ee79ac8d0e Pop up error message when user tries to enroll an invalid certificate file into KEK/DB/DBX.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14373 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-17 07:03:49 +00:00
lgao4 cbcccd2c9d Update Code to pass EBC compiler.
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14352 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-13 02:36:09 +00:00
lzeng14 5e5bb2a9ba 1. Fix TOCTOU issue in VariableSmm, FtwSmm, FpdtSmm, SmmCorePerformance SMM handler. For VariableSmm, pre-allocate a mVariableBufferPayload buffer with mVariableBufferPayloadSize(match with mVariableBufferPayloadSize in VariableSmmRuntimeDxe) to hold communicate buffer payload to avoid TOCTOU issue.
2. Add check to ensure CommBufferPayloadSize not exceed mVariableBufferPayloadSize or is enough to hold function structure in VariableSmm and FtwSmm.
3. Align FtwGetLastWrite() in FaultTolerantWriteSmmDxe.c to FtwGetLastWrite() in FaultTolerantWrite.c.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14325 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-07 05:38:32 +00:00
czhang46 732d199d8f Fix memory overflow & VariableSize check issue for SetVariable append write.
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Fu Siyuan  <siyuan.fu@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14323 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-02 01:42:39 +00:00
lzeng14 9d00d20ed4 1. Use the check IsAddressValid() to prevent SMM communication buffer overflow in SmmVariable, FtwSmm, FpdtSmm, SmmCorePerformance and SmmBaseHelper, and add check to prevent InfoSize overflows in SmmVariableHandler.
2. Refine the debug message.
3. Add check to make sure the input VariableName is A Null-terminated string.
4. Use local variable to hold StrSize (VariableName) to avoid duplicated StrSize calculation.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14317 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-25 10:49:45 +00:00
sfu5 968e143192 Check for NULL pointer before free it.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14316 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-25 01:38:06 +00:00
czhang46 56251c669f Fix potential overflow for SetVariable interface
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Guo Dong   <dong.guo@intel.com>
Reviewed-by  : Siyuan Fu  <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14305 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-22 08:52:58 +00:00
czhang46 d17c4eac56 Fix a potential SMM memory dump issue. If pass communication buffer with DataBuffer to SMM SetVariable which is big enough to cover SMM range. Then GetVariable can dump SMM memory contents. Add more range check for SetVariable
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>
Reviewed-by  : Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14292 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-19 01:35:02 +00:00
gdong1 772b601158 Update code not to block application/driver load when event log is full.
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14283 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-18 01:47:34 +00:00
czhang46 3a146f2a7d Fix SMM Variable driver stack GetVariable return INVALID_PARAMETER when DataSize is bigger than SMM communication buffer.
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>
Reviewed-by  : Fu Siyuan  <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14276 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-15 01:56:31 +00:00
czhang46 0c55190f40 Update SMM variable DXE driver GetNextVariable interface to comply with UEFI spec
VariableNameSize is the returned buffer size. GetNextVariable should behavior correct if it is bigger than SMM communication buffer or less than string size of VariableName. 

Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>
Reviewed-by  : Fu Siyuan  <siyuan.fu@intel.com>
Reviewed-by  : Zeng Star  <star.zeng@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14258 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-12 05:59:11 +00:00
sfu5 a2f2c258d4 Update secure boot UI driver to handle “reset to default” hot key.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14257 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-12 01:44:54 +00:00