Commit Graph

247 Commits

Author SHA1 Message Date
Ard Biesheuvel c5386c7898 SecurityPkg/PlatformSecureLibNull: permit use by MM_STANDALONE modules
Add MM_STANDALONE to the list of module types that are permitted to
link to this library. Also, since the constructor prototype is
different between MM_STANDALONE and DXE_DRIVER type libraries,
convert the library into BASE type.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2019-01-21 13:42:49 +01:00
Jagadeesh Ujja 38f3c1b0d2 SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library
AuthVariableLib library can be used by MM_STANDALONE drivers as well.
So add MM_STANDALONE to the list of module types this library supports.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2019-01-04 11:38:05 +01:00
Zhang, Chao B 3cc9af5ce3 SecurityPkg: Update TCG PFP spec revision.
UEFI TCG has aligned with TCG PFP 1.03 v51 along with Errata Version 1.0.
Update spec version accordingly.
Spec Link:
https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf
https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-Firmware-Profile-for-TPM-2-0-v1p03_r51-errata-v1p0_170426.pdf

Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-11-21 10:06:36 +08:00
Eric Dong a8beaf8f90 SecurityPkg/TcgStorageOpalLib: Fixed correct user password not works issue.
After admin password reach the TryLimit value, code logic will direct return
error password result no matter which password been inputted. So even correct
user password will return TryLimit error.

Now update code logic to also check user password. Only when both user/admin
password reach the TryLimit count, code will return exceed TryLimit error.

Change-Id: I17fbd1425b77150eb933a5002a1f87a0f0032e9b
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-09-21 14:42:53 +08:00
Ard Biesheuvel f199664ce7 SecurityPkg: remove PE/COFF header workaround for ELILO on IPF
Now that Itanium support has been dropped, we can remove the various
occurrences of the ELILO on Itanium PE/COFF header workaround.

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
2018-09-20 22:01:50 +08:00
Zhang, Chao B 3a34753312 SecurityPkg: HashLib: Change dos format
Change file format to DOS

Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang Chao B <chao.b.zhang@intel.com>
Reviewed-by: Bi Dandan <dandan.bi@intel.com>
2018-09-10 09:43:15 +08:00
Zhang, Chao B b3e1e343fe SecurityPkg: HashLib: Update HashLib file GUID
2 file GUIDs conflict with existing SHA256 Lib. Update them.

Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Long, Qin <qin.long@intel.com>
2018-08-10 09:05:27 +08:00
Marc-André Lureau 3781f14c31 SecurityPkg/Library/Tpm2DeviceLibDTpm: fix s/Constructor/CONSTRUCTOR
The library constructor is not being called because of the typo,
causing TPM2 detection/initialization to fail.

This fixes OVMF TPM2 regression since commit f15cb995bb.
https://bugzilla.tianocore.org/show_bug.cgi?id=1075

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Fixes: f15cb995bb
Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Ricardo Araújo <ricardo@lsd.ufcg.edu.br>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2018-08-09 19:13:32 +02:00
Zhang, Chao B 8d7aef3d1e SecurityPkg: HashLib: Add SHA384, SHA512 HashLib
Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE
version.

Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang Chao B <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-07-27 17:58:38 +08:00
Zhang, Chao B d9e206d4bf MdeModulePkg: TpmMeasureLib: Re-prioritize TCG/TCG2 protocol
TPM1.2 is obsoleted by TPM2.0. switch TCG/TCG2 protocol check to apply this
trend

Cc: Long, Qin <qin.long@intel.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>
2018-07-23 08:36:12 +08:00
Eric Dong 54ae532cd4 SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error.
Caller need to known this error to handle specially, but current
error status not has specified value for this type. In order to
keep compatibility, here use TcgResultFailureInvalidType as an
replacement.

Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-07-11 11:12:20 +08:00
chenc2 4cecd19a44 SecurityPkg: Removing ipf which is no longer supported from edk2.
Removing rules for Ipf sources file:
* Remove the source file which path with "ipf" and also listed in
  [Sources.IPF] section of INF file.
* Remove the source file which listed in [Components.IPF] section
  of DSC file and not listed in any other [Components] section.
* Remove the embedded Ipf code for MDE_CPU_IPF.

Removing rules for Inf file:
* Remove IPF from VALID_ARCHITECTURES comments.
* Remove DXE_SAL_DRIVER from LIBRARY_CLASS in [Defines] section.
* Remove the INF which only listed in [Components.IPF] section in DSC.
* Remove statements from [BuildOptions] that provide IPF specific flags.
* Remove any IPF sepcific sections.

Removing rules for Dec file:
* Remove [Includes.IPF] section from Dec.

Removing rules for Dsc file:
* Remove IPF from SUPPORTED_ARCHITECTURES in [Defines] section of DSC.
* Remove any IPF specific sections.
* Remove statements from [BuildOptions] that provide IPF specific flags.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
2018-06-29 16:19:48 +08:00
Liming Gao b3548d32dd SecurityPkg: Clean up source files
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
2018-06-28 11:19:50 +08:00
Liming Gao 975478f6bb SecurityPkg Tpm2DeviceLibDTpm: Update enum type name to match the one in lib
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2018-06-27 22:54:07 +08:00
Zhang, Chao B 631976706d SecurityPkg: Tpm2DeviceLib: Enable CapCRBIdleBypass support
Directly transition from CMD completion to CMD Ready state if device
supports IdleByPass

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-06-27 09:31:01 +08:00
Bi, Dandan e1dea56be3 SecurityPkg: Use new added Perf macros
Replace old Perf macros with the new added ones.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-06-26 15:37:02 +08:00
Zhang, Chao B f15cb995bb SecurityPkg: Cache TPM interface type info
Cache TPM interface type info to avoid excessive interface ID register read

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-06-25 10:55:08 +08:00
Eric Dong 4b8552d794 SecurityPkg/TcgStorage*Lib.h: Fix ECC reported issues.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2018-05-24 10:48:32 +08:00
Eric Dong 5a1d521dee SecurityPkg/TcgStorageOpalLib: Fix GCC build failure.
Function definition different with function implementation
caused this build failure. Change code to make them
consistent to pass the build.

Done Unit Test:
1. Pass GCC build.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-05-15 08:24:26 +08:00
Eric Dong a3068f06e6 SecurityPkg/TcgStorageOpalLib: Add supports for pyrite 2.0 spec.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-05-07 15:03:24 +08:00
Star Zeng d4ccf26491 SecurityPkg FmpAuthenticationLibRsa2048Sha256: Remove PCD reference
PcdRsa2048Sha256PublicKeyBuffer is referenced but not used in the
library, that makes me a little confusing.
Actually, the PublicKeyData should be from the caller of
AuthenticateFmpImage() as input parameter, for example
EdkiiSystemCapsuleLib.

This patch is to remove the PCD reference in this library instance
to be aligned with FmpAuthenticationLibPkcs7 that does not reference
PcdPkcs7CertBuffer.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2018-04-20 14:28:48 +08:00
Zhang, Chao B 28892d768b SecurityPkg Tpm12CommandLib: Fix TPM12 GetCapability response error
TPM12 command lib doesn't convert Response Size before using. Add logic
to fix the issue.

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-03-21 16:43:35 +08:00
Zhang, Chao B dd577319e8 SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow
TPM2.0 command lib always assumes TPM device and transmission channel can
respond correctly. But it is not true when communication channel is exploited
and wrong data is spoofed. Add more logic to prohibit memory overflow attack.

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-03-21 16:43:34 +08:00
Jiewen Yao 8afbd22eea SecurityPkg/TrEEVendorLib: remove TrEE.
TrEE is deprecated. We need use Tcg2.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
2018-03-16 14:19:52 +08:00
Jiewen Yao a35ecb70b1 SecurityPkg/TrEEPhysicalPresenceLib: remove TrEE.
TrEE is deprecated. We need use Tcg2.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
2018-03-16 14:19:51 +08:00
Jiewen Yao 64047cb68c SecurityPkg/Tpm2DeviceLibTrEE: remove TrEE.
TrEE is deprecated. We need use Tcg2.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
2018-03-16 14:19:50 +08:00
Marc-Andr? Lureau 73ee3abab1 SecurityPkg: also clear HashInterfaceHob.SupportedHashMask
Commit 4cc2b63bd8 fixed an out of bounds
ZeroMem() call. However, as Laszlo Ersek pointed out, the intent was
to clear all but the Identifier (to revert the effect of
RegisterHashInterfaceLib()). For that, it should clear the
SupportedHashMask too.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2018-03-08 22:41:50 +08:00
Star Zeng 1101ffbf84 SecurityPkg OpalPasswordSupportLib: Remove it
Remove OpalPasswordSupportLib as it is not been used
anymore.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2018-03-08 21:33:51 +08:00
Star Zeng d62cb7bb0c SecurityPkg TcgStorageCoreLib: Make it be base type really
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2018-03-08 21:33:49 +08:00
Star Zeng 6accc5fad4 SecurityPkg TcgStorageOpalLib: Make it be base type really
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2018-03-08 21:33:49 +08:00
Dandan Bi 3d1872b780 SecurityPkg/SmmTcg2PhysicalPresenceLib: Fix coding style issue
Boolean values do not need to use explicit comparisons
to TRUE or FALSE.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by:Chao Zhang <chao.b.zhang@intel.com>
2018-03-08 08:58:49 +08:00
Marc-Andr? Lureau 4cc2b63bd8 SecurityPkg: only clear HashInterface information
The ZeroMem() call goes beyond the HashInterfaceHob structure, causing
HOB list corruption. Instead, just clear the HashInterface fields, as
I suppose was originally intended.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Marc-Andr? Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2018-03-07 21:46:11 +08:00
Zhang, Chao B 84391f5795 SecurityPkg: Support PP version lower than 1.3
TCG PP 1.2 & PP 1.3 spec defined different Opcodes.
Update code to support both.

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-02-06 12:59:15 +08:00
Zhang, Chao B 11cf02f6d0 SecurityPkg:Tpm2DeviceLibDTpm: Support TPM command cancel
Support TPM Command cancel if executing command timeouts. Cancel could
happen in long running command case

Cc: Yao Jiewen <jiewen.yao@intel.com>
Cc: Chinnusamy Rajkumar K <rajkumar.k.chinnusamy@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-01-25 22:14:28 +08:00
Zhang, Chao B d02a848e32 SecurityPkg/PhysicalPresenceLib: Reject illegal PCR bank allocation
According to TCG PP1.3 spec, error PCR bank allocation input should be
rejected by Physical Presence. Firmware has to ensure that at least one
PCR banks is active.

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-01-15 16:40:11 +08:00
chenc2 62ba0febf5 SecurityPkg/AuthVariableLib: Use EFI_CERT_DATA to parse certificate
The function Pkcs7GetSigners return certificate stack as binary buffer.
Use EFI_CERT_DATA to parsing certificate stack more clearly, and access
certificate by the field of EFI_CERT_DATA structure.

Cc: Long Qin <qin.long@intel.com>
Cc: Zhang Chao <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: chenc2 <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
2017-11-07 22:06:54 +08:00
Zhang, Chao B 0130fddeb3 SecurityPkg: Remove Counter Based AuthVariable support
Remove counter based auth variable support. also modify several function
descriptors to accommodate the change

Cc: Long Qin <qin.long@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-11-01 22:24:59 +08:00
Laszlo Ersek 11b74aa472 SecurityPkg/AuthVariableLib: fix GCC build error
Commit 53c6ff1803 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
Private Auth Variable", 2017-09-12) introduced the following build
failure under several GCC toolchain versions:

> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> 'CalculatePrivAuthVarSignChainSHA256Digest':
> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> signedness [-Werror=pointer-sign]
>    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
>                                                           ^~~~~~~~~~~~~~
> In file included from
> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
>                  from
>                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
>  X509GetCommonName (
>  ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors

Fix it by changing the type of "CertCommonName" to array-of-CHAR8.

Locations where "CertCommonName" is used in the
CalculatePrivAuthVarSignChainSHA256Digest() function:

- it is taken the size of -- not impacted by this patch;

- passed to X509GetCommonName() as an argument -- the patch fixes the
  build error;

- passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
  impacted by the patch;

- passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
  cast.

Since we are touching the Sha256Update() function call, fix the coding
style too:

- the line is overlong, so break each argument to its own line;

- insert a space between "AsciiStrLen" and the opening paren "(".

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Gary Lin <glin@suse.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Long Qin <qin.long@intel.com>
Reported-by: Gary Lin <glin@suse.com>
Suggested-by: Gary Lin <glin@suse.com>
Suggested-by: Long Qin <qin.long@intel.com>
Fixes: 53c6ff1803
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
2017-10-17 21:46:21 +02:00
Zhang, Chao B 53c6ff1803 SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable
ECR1707 for UEFI2.7 clarified certificate management rule for private time-based
AuthVariable.Trusted cert rule changed from whole signer's certificate stack to
top-level issuer cert tbscertificate + SignerCert CN for better management compatibility.
Hash is used to reduce storage overhead.

Cc: Long Qin <qin.long@intel.com>
Cc: Chen Chen <chen.a.chen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>'
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Chen Chen <chen.a.chen@intel.com>
2017-10-14 22:27:14 +08:00
Liming Gao f37bcdd60d SecurityPkg: Update Guid usage in INF file to match source code logic
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-10-10 18:10:22 +08:00
Zhang, Chao B 265e5c82f5 SecurityPkg\SmmTcg2PhysicalPresenceLib.c Handle reserved or unimplemented PP Operation
Several PP operations < 128(Vendor Specific) are reserved or unimplemented.
Follow TCG PC Client Platform Physical Presence Interface Specification to return
not implemented.
https://trustedcomputinggroup.org/wp-content/uploads/Physical-Presence-Interface_1-30_0-52.pdf

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2017-09-28 11:29:42 +08:00
Star Zeng 398b0f6766 SecurityPkg OpalPasswordSupportLib: Remove include to UefiAcpiDataTable.h
Remove redundant include to UefiAcpiDataTable.h as
SmmCommunication.h will help to include it.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-07-27 14:08:08 +08:00
Zhang, Chao B 6d92ae11d1 SecurityPkg: Add TCG Spec info to TCG related modules
Add TCG Spec compliance info to TCG related module INFs.

Cc: Qin Long <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2017-05-11 16:20:05 +08:00
Jeff Fan f0f1a3cbf6 SecurityPkg: Error Level is not used correctly
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-04-12 08:56:33 +08:00
Hao Wu 4333b99d28 SecurityPkg: Refine type cast for pointer subtraction
For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-03-06 14:15:36 +08:00
Jiewen Yao 087132a84a SecurityPkg/TpmCommandLib: Add Tpm2ReadPublic.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-02-21 16:47:18 +08:00
Zhang Lubo c035e37335 SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.
V3: code clean up

prohibit Image SHA-1 hash option in SecureBootConfigDxe.
Timebased Auth Variable driver should ensure AuthAlgorithm
is SHA256 before further verification

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-02-20 10:09:53 +08:00
Star Zeng 9fe9cf9acb SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmap
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=244

Currently, when software HashLib (HashLibBaseCryptoRouter) and related
HashInstanceLib instances are used, PcdTcg2HashAlgorithmBitmap is
expected to be configured to 0 in platform dsc.
But PcdTcg2HashAlgorithmBitmap has default value 0xFFFFFFFF in
SecurityPkg.dec, and some platforms forget to configure it to 0 or
still configure it to 0xFFFFFFFF in platform dsc, that will make final
PcdTcg2HashAlgorithmBitmap value incorrect.

This patch is to add CONSTRUCTOR in HashLib (HashLibBaseCryptoRouter)
and PcdTcg2HashAlgorithmBitmap will be set to 0 in the CONSTRUCTOR.

Current HASH_LIB_PEI_ROUTER_GUID HOB created in
HashLibBaseCryptoRouterPei is shared between modules that link
HashLibBaseCryptoRouterPei.
To avoid mutual interference, separated HASH_LIB_PEI_ROUTER_GUID HOBs
with gEfiCallerIdGuid Identifier will be created for those modules.

This patch is also to add check in HashLib (HashLibBaseCryptoRouter)
for the mismatch of supported HashMask between modules that may link
different HashInstanceLib instances, warning will be reported if
mismatch is found.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-02-08 18:52:07 +08:00
Michael Kinney 8b17ad862c SecurityPkg/Tpm12CommandLib: Always check response returnCode
https://bugzilla.tianocore.org/show_bug.cgi?id=338

Update the Tpm12CommandLib to consistently check the returnCode
field of a response packet.  These checks are missing from the
GetCapability and SelfTest commands.  The functions
Tpm12ContinueSelfTest(), Tpm12GetCapabilityFlagPermanent(), and
Tpm12GetCapabilityFlagVolatile() are updated to verify that the
response returnCode is not an error.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-01-25 14:18:30 -08:00
Zhang, Chao B 9d77acf156 SecurityPkg: Tcg2Dxe: Use UEFI_VARIABLE_DATA
Use UEFI_VARIABLE_DATA data structure according to TCG PC-Client PFP Spec
00.21.
http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2017-01-25 10:24:14 +08:00