Commit Graph

357 Commits

Author SHA1 Message Date
Star Zeng f3964772d2 SecurityPkg AuthVariableLib: Correct comment/error log about CleanCertsFromDb
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19574 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-29 09:07:32 +00:00
Chao Zhang 142d2dcbb8 SecurityPkg: SecureBootConfigDxe: Remove useless code in VFR
Remove suppressif TRUE, disableif TRUE code in VFR. They are useless.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Tapan Shah <tapandshah@hpe.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19429 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-22 00:43:05 +00:00
Eric Dong a00bd8e0e6 DxeTpmMeasureBootLib: Change global variable name to avoid name conflict.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19334 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-18 00:53:25 +00:00
Liming Gao 1b03c80ce0 SecurityPkg: Correct Pcd Usage PcdTpm2HashMask in Tcg2Pei
Tcg2Pei sets PcdTpm2HashMask. Its usage should be both SOMETIMES_CONSUMES
and SOMETIMES_PRODUCES.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19314 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-17 08:28:37 +00:00
Liming Gao e3d045edb6 SecurityPkg: Correct Pcd Usage PcdTcg2HashAlgorithmBitmap
HashLibBaseCryptoRouter sets PcdTcg2HashAlgorithmBitmap. Its usage
should be both SOMETIMES_CONSUMES and SOMETIMES_PRODUCES.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19313 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-17 08:28:00 +00:00
Jordan Justen e080218b9c SecurityPkg: Convert all .uni files to utf-8
To convert these files I ran:

$ python3 BaseTools/Scripts/ConvertUni.py SecurityPkg

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19262 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15 04:58:32 +00:00
Ard Biesheuvel 0a6e1dd2cf SecurityPkg: AuthVariableLib: Fix GCC compile error
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19140 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 09:03:57 +00:00
Chao Zhang 96832eefea SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot Mode
Add SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. User can do secure boot mode transition through UI.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19134 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 06:20:36 +00:00
Chao Zhang 4fc08e8d68 SecurityPkg: AuthVariableLib: Customized SecureBoot Mode transition.
Implement Customized SecureBoot Mode transition logic according to Mantis 1263, including AuditMode/DeployedMode/PK update management.
  Also implement image verification logic in AuditMode. Image Certificate & Hash are recorded to EFI Image Execution Table.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19133 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 06:20:02 +00:00
Chao Zhang af9af05bec SecurityPkg: Add gEdkiiSecureBootModeGuid definition
Add gEdkiiSecureBootModeGuid definition for Enable Secure Boot feature defined in
UEFI2.5 Mantis 1263. It is a private variable GUID.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19132 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 06:16:23 +00:00
Ard Biesheuvel 2e728930aa SecurityPkg: put missing empty lines at the end of some header files
Some compilers (like RVCT) reject input files that do not end in a
newline. So add missing newlines to some SecurityPkg header files.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19107 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-03 08:51:27 +00:00
Yao, Jiewen c2fe66bf62 Add error handling for TPM in S3 resume failure.
If TPM2_Startup(TPM_SU_STATE) to return an error, the system
 firmware that resumes from S3 MUST deal with a TPM2_Startup
 error appropriately.
For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and
 configuring the device securely by taking actions like extending
 a separator with an error digest (0x01) into PCRs 0 through 7.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18760 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-10 02:03:40 +00:00
Zhang Chao ca52754cfd SecurityPkg: Remove temp return solution in PeiRsa2048Sha256 Section Lib
PeiCore supports EFI_PEI_SECURITY_PPI to handle section extraction failure. The wrong returning status is no longer needed.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Chao <chao.b.zhang@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18732 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-06 01:56:51 +00:00
Yao, Jiewen d2de448338 Move Smbios measurement from TCG driver to Smbios driver.
This is patch to remove smbios measurement in TCG driver. There will be other patch to add it in Smbios driver.

The problem of current SMBIOS measurement is:
1) TCG drivers do not support SMBIOS3.0 table.
2) TCG drivers do not follow TCG platform spec on: "Platform configuration information that is automatically updated,
 such as clock registers, and system unique information, such as asset numbers or serial numbers,
 MUST NOT be measured into PCR [1], or any other PCR."

So we decide to move Smbios measurement from TCG drivers to Smbios driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18677 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-27 03:54:08 +00:00
Yao, Jiewen c41eeb447d Add suppressif around TCG hash seleciton checkbox in TCG2
Previous TCG2 configuration UI always add all TCG defined hash algorithm to let user select which one need be used.
This brings risk that user might select unsupported hash, and selection is rejected later.
So we enhance to UI to hide unsupported hash algorithm.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18676 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-27 03:49:31 +00:00
Cohen, Eugene 3a2e6a740d SecurityPkg : Fix Rsa2048Sha256GuidedSectionExtractLib issue
This issue causes section extraction overrun and possible hang due to bad output size calculation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Cohen, Eugene" <eugene@hp.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18625 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-19 02:53:22 +00:00
Star Zeng fe3ca12d06 SecurityPkg: Use PcdSet##S to instead of PcdSet##
PcdSet## has no error status returned, then the caller has no idea about whether the set operation is successful or not.
PcdSet##S were added to return error status and PcdSet## APIs were put in ifndef DISABLE_NEW_DEPRECATED_INTERFACES condition.
To adopt PcdSet##S and further code development with DISABLE_NEW_DEPRECATED_INTERFACES defined, we need to Replace PcdSet## usage with PcdSet##S.

Normally, DynamicDefault PCD set is expected to be success, but DynamicHii PCD set failure is a legal case.
PcdTpmInitializationPolicy/PcdTcg2HashAlgorithmBitmap/PcdTpm2HashMask/PcdTpmInstanceGuid all have set operation in PEI phase,
PEI phase does not allow DynamicHii PCD set, so DynamicDefault is expected for them and use PcdSet##S to instead of PcdSet## and assert when set failure.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18614 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-16 01:46:19 +00:00
Star Zeng e90c57aa97 SecurityPkg AuthVariableLib: Add the missing gEfiAuthenticatedVariableGuid
There is no real build failure, as AuthVariableLib always links to variable driver.
But for code integrity, we should add it.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18613 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-16 01:32:48 +00:00
Thomas Palmer 9ad48dd148 SecurityPkg: Clean up unused files in RngDxe
Clean up files in RngDxe/IA32 and RngDxe/X64 that are subsumed
by files in BaseRngLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18592 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-09 06:03:34 +00:00
Thomas Palmer 3b60842ce7 SecurityPkg: Integrate new RngLib into RngDxe
Use the new RngLib to provide the IA32/X64 random data for RngDxe.
Remove x86 specific functions from RdRand files.
Simplify RngDxe by using WriteUnaligned64 for all platforms.
Use GetRandomNumber128 in RngDxe to leverage 128 bit support provided
by some HW RNG devices.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18591 6f19259b-4bc3-4df7-8a09-765794883524
2015-10-09 06:03:26 +00:00
Samer El-Haj-Mahmoud 6aaac3838e SecurityPkg: Reduce verbosity of TPM DEBUG messages
Some of the TPM/TPM2 DEBUG messages are at EFI_D_INFO level,
 even though they are simply tracing functions that run on every boot even
 if there is no TPM installed. Changed verbosity to EFI_D_VERBOSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Samer El-Haj-Mahmoud" <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: "Jiewen Yao" <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18476 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-16 00:53:28 +00:00
Qiu Shumin 35e00ace19 SecurityPkg: Use pointer instead of array to make code readable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18403 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-06 06:22:24 +00:00
Yao, Jiewen 776566530b Add more strict check for MOR variable, besides MOR lock variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18383 6f19259b-4bc3-4df7-8a09-765794883524
2015-09-02 06:29:06 +00:00
Qiu Shumin d2e8af9714 SecurityPkg: Use safe string function.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18344 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-28 02:51:50 +00:00
Qiu Shumin a909257835 SecurityPkg: Refine the local variable name to follow EDK2 coding style.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18335 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-27 05:27:51 +00:00
Qiu Shumin de155b154d SecurityPkg: Add missing Lib definition in DEC file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18334 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-27 05:26:24 +00:00
Qiu Shumin f194d8733d SecurityPkg: Add missing PCD usage information.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18333 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-27 05:23:46 +00:00
Qin Long 173a1e688c SecurityPkg: Fix one returned code issue in P7Verify Protocol
VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED
when the embedded content is found in SignedData but InData is not NULL.
This patch is to comply with the spec definition.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-26 00:59:17 +00:00
Liming Gao 6bb832b36b SecurityPkg: Use PcdGetSize to get the size of VOID* PCD value.
PcdLib introduces generic API to get the size of VOID* PCD value.
Update Pei and Dxe RsaGuidedLib to use generic PCD API instead of GetEx API.
This change can remove PCD type limitation in these two libraries.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18277 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-25 01:55:52 +00:00
Chao Zhang 0cebfe81f9 SecurityPkg: Update Package version to 0.96
Update Package version to 0.96

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18240 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-20 02:57:05 +00:00
Samer El-Haj-Mahmoud f88e9c5bb9 SecurityPkg: Fixed build error due to FixedAtBuild PcdTcg2HashAlgorithmBitmap
PcdTcg2HashAlgorithmBitmap is declared in a section that allows it to be Fixed or PatchableAtBuild, but there is code that sets it.
This breaks the build on some platforms. Changed it to be PcdsDynamic and PcdsDynamicEx only.

We move PcdTpm2HashMask to Dynamic section too, because now Tcg2Pei will set this PCD according to TPM2 device capability.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: "Samer El-Haj-Mahmoud" <samer.el-haj-mahmoud@hp.com>
Reviewed-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18233 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-18 05:46:50 +00:00
Yao, Jiewen a3a0974822 Add restriction that HashFinal() must be after at least one HashUpdate().
Just follow UEFI spec.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18229 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-18 02:11:10 +00:00
Yao, Jiewen 099bff5def Add context check and init in BaseCrypto2Hash().
Follow UEFI specification to add context check and init in BaseCrypto2Hash(), so that other function can get proper status on hash operation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18227 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-17 05:48:30 +00:00
Chao Zhang 13a220a998 SecurityPkg: Update SignatureSize to comply UEFI spec
Update SignatureSize to include SignatureOwner GUID. This behavior is defined by UEFI spec

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18226 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-17 02:50:26 +00:00
Yao, Jiewen c533ed3ebb Fix typo in BaseCrypto2HashInit() which causes sanity check incorrect.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18224 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-17 00:43:10 +00:00
Yao, Jiewen 1abfa4ce48 Add TPM2 support defined in trusted computing group.
TCG EFI Protocol Specification for TPM Family 2.0 Revision 1.0 Version 9 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
TCG Physical Presence Interface Specification Version 1.30, Revision 00.52 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification

Add Tcg2XXX, similar file/directory as TrEEXXX. Old TrEE driver/library can be deprecated.
1) Add Tcg2Pei/Dxe/Smm driver to log event and provide services.
2) Add Dxe/Pei/SmmTcg2PhysicalPresenceLib to support TCG PP.
3) Update Tpm2 library to use TCG2 protocol instead of TrEE protocol.

Test Win8/Win10 with SecureBoot enabled, PCR7 shows bound.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18219 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-13 08:24:17 +00:00
Chao Zhang 72362a75a4 SecurityPkg: Update coding style
Update to EDK2 coding style

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18171 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-06 08:17:54 +00:00
Qiu Shumin 37ee497e78 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock: Add missing header file description in INF file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18129 6f19259b-4bc3-4df7-8a09-765794883524
2015-08-03 07:14:11 +00:00
Yao, Jiewen 70c7664cd3 Add Secure MOR implementation.
Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler to  enforce MorLock Policy.
Only SMM version is added because MOR is only supported in SMM variable case. 

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18092 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 07:20:58 +00:00
Yao, Jiewen 5c61c5cfc8 Downgrade one debug message level in DxeTpm2MeasureBootHandler from EFI_D_ERROR to EFI_D_INFO.
No TPM2 is considered as valid case. For example, a platform may only have TPM1.2, without TPM2.0 So this is NOT an ERROR message, but more an INFO message.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18091 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 06:58:47 +00:00
Chao Zhang 161b8359a8 SecurityPkg: Change TPM MMIO range attribute
For TCG spec compliance, Change TPM MMIO range attribute

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18089 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 04:49:25 +00:00
Qiu Shumin dfd11297f6 SecurityPkg: Add missing PCD usage information in UNI files.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18083 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-28 01:38:14 +00:00
Star Zeng f18b2162e8 SecurityPkg AuthVariableLib: Correct address pointers data
Originally, the double pointer (VOID **) is not correct for convert
address pointers, and also some address pointers were missing.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.Yao@intel.com>
[lersek@redhat.com: fix up gcc build failure -- add more (VOID **) casts]
Tested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18055 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-26 08:03:54 +00:00
Chao Zhang 1ca3a09938 SecurityPkg: Fix DBX Variable Read Error in ImageVerificationLib
ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17981 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-15 02:13:48 +00:00
Chao Zhang 368110120b SecurityPkg: Correct BootOrder/Boot#### measurement behavior
Correct the variable measurement behavior to include whole EFI_VARIABLE_DATA structure.
It is for the latest spec compliance

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17980 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-15 02:13:22 +00:00
Qiu Shumin 3ee7bc8ea7 SecurityPkg/Pkcs7VerifyDxe: Cleanup P7CheckTrust function comments.
Delete description of non-existent parameters 'Content' and 'ContentSize' from P7CheckTrust() description.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17937 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-14 02:18:19 +00:00
Chao Zhang 64b6a3ff4a SecurityPkg: Make time based AuthVariable update atomic
System may break during time based AuthVariable update, causing certdb inconsistent. 2 ways are used to ensure update atomic.
 1. Delete cert in certdb after variable is deleted
 2. Clean up certdb on variable initialization

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17919 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-10 06:20:04 +00:00
Chao Zhang cfa451c84a SecurityPkg: Add default value for TPM action question
1. Add default value for TPM action question. F9 restore default can get the right value
2. Remove redundant suppressif

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17918 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-10 06:19:32 +00:00
Zhang Lubo c2a65e233a SecurityPkg:Replace unsafe string functions.
Replace unsafe string functions with new added safe string functions.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17882 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-08 06:59:50 +00:00
Hao Wu dd4c164c81 SecurityPkg: Remove mZeroGuid definition in DxeTpmMeasureBootLib
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the
mZeroGuid defined in DxeTpmMeasureBootLib is redundant.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17844 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-07 03:04:18 +00:00