Commit Graph

478 Commits

Author SHA1 Message Date
Star Zeng ed14533cbc SecurityPkg/SecurityPkg.dsc: Declare PciSegmentLib
PiDxeS3BootScriptLib will be updated to consume PciSegmentLib
instead of PciLib to support multiple PCI segment.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Amy Chan <amy.chan@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
2016-09-05 18:15:45 +08:00
Zhang, Chao B 950a3bc788 SecurityPkg: TPM12CommandLib: Add Response returnCode Check
Check response return code before return from Tpm12Extend and
Tpm12PhysicalPresence.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-09-01 14:50:44 +08:00
Hao Wu 965268ea6d SecurityPkg: Use IsZeroGuid API for zero GUID checking
Instead of comparing a GUID with gZeroGuid via the CompareGuid API, the
commit uses the IsZeroGuid API to check if the given GUID is a zero GUID.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-08-31 11:15:13 +08:00
Hao Wu 72388f9c10 SecurityPkg Tcg2: Remove use of module internal API InternalIsZeroBuffer()
This commit removes the internal implementation of the function
InternalIsZeroBuffer(). Instead, it will use the API IsZeroBuffer() from
BaseMemoryLib in MdePkg.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-22 18:54:32 +08:00
Hao Wu bce0133b7f SecurityPkg Tcg2: Rename internal API IsZeroBuffer to InternalIsZeroBuffer
Before adding API IsZeroBuffer() in BaseMemoryLib at MdePkg, rename the
internal implementations of IsZeroBuffer() within SecurityPkg/Tcg modules
to avoid breaking bisection.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-22 18:54:29 +08:00
Zhang, Chao B fd4d9c6495 SecurityPkg: AuthVariableLib: Fix inconsistent CertDB case
2 steps are used to create/delete a time based variable.
  For create
     step 1: Insert Signer Cert to CertDB.
     Step 2: Insert Payload to Variable.
  For delete
     step 1: Delete Variable.
     Step 2: Delete Cert from CertDB.
  System may breaks between step 1 & step 2, so CertDB may contains useless
Cert in the next reboot. AuthVariableLib choose to sync consistent state
between CertDB & Time Auth Variable on initialization. However, it doesn't
apply Time Auth attribute check. Now add it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
2016-08-17 09:01:46 +08:00
Hao Wu b32f094cd3 SecurityPkg DSC: Add build option to disable deprecated APIs
Add the following definition in the [BuildOptions] section in package DSC
files to disable APIs that are deprecated:

[BuildOptions]
  *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-08-08 11:00:10 +08:00
Dong, Eric 4636e4426a SecurityPkg OpalPasswordDxe: Fix buffer overflow issue.
In current code, PSID is processed as string and the length is 0x20.
Current code only reserved 0x20 length buffer for it, no extra buffer
for the '\0'. When driver call UnicodeStrToAsciiStrS to convert PSID,
it search the '\0' for the end. So extra dirty data saved in PSID
info which caused PSID revert action failed. This patch reserved
extra 1 byte data for the '\0'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-08-03 09:21:27 +08:00
Zhang, Chao B 76bfc7e3ea SecurityPkg: AuthVariableLib: Revert UserPhysicalPresent feature from AuthVariableLib
Physical Presence state reporting is constrained by physical presence caching in variable driver. For example, reporting must be prior to Physical Presence caching. Physical Presence state becomes constant rather than instant after caching. Therefore, PlatformSecureLib is responsible for reporting Physical Presence state in expected way.

This reverts commit 90fa53213e.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-07-22 09:48:00 +08:00
Liming Gao e39d0569a6 SecurityPkg DxeTpmMeasureBootLib: Add comments in TcgMeasurePeImage()
The input PeImage in TcgMeasurePeImage() has been checked.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:05:40 +08:00
Liming Gao 89fb5aef41 SecurityPkg DxeImageVerificationLib: Add comments in HashPeImage()
The input PeImage in HashPeImage() has been checked.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:54 +08:00
Liming Gao 5a8eae9560 SecurityPkg Tcg2Dxe: Add check for the PE/COFF image
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.

In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:54 +08:00
Liming Gao cad19cd3f2 SecurityPkg TrEEDxe: Add check for the PE/COFF image.
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.

In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:53 +08:00
Liming Gao 5e9dfc6782 SecurityPkg SecureBootConfigDxe: Add check for the external PE/COFF image.
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.

In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:53 +08:00
Eric Dong c9a0755572 SecurityPkg OpalPasswordSmm: Remove useless code.
EdkII not allow to use #if in source code, also
the code in it already unused. so just remove this
code.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-07-11 10:38:20 +08:00
Giri P Mudusuru 7622e5947f SecurityPkg: Fix typos in comments
- availabe to available

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-11 10:29:46 +08:00
Zhang, Chao B e1f3583409 SecurityPkg/Tcg: Fix bug that prevented SubmitCommand buffers from being Max size
SubmitCommand() was checking the buffer size for ">=" Max size. This would
cause code to fail with "EFI_INVALID_PARAMETER" if a buffer was passed
that was the "max" size as indicated by the GetCapability() command.
Change to ">" to allow for maximum buffer size.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-01 10:33:47 +08:00
Liming Gao c99bcf3d8a SecurityPkg: Update PlatformSecureLibNull with PCD to get physical presence.
This is an incompatible change. It uses PcdUserPhysicalPresence value instead
of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE,
this patch changes UserPhysicalPresent() return value from TRUE to FALSE.

From Security point, it is not safe to always return TRUE. If user wants this
behavior, he can still configure PcdUserPhysicalPresence value to TRUE in
the platform DSC file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-29 09:43:00 +08:00
Liming Gao e2b083de91 SecurityPkg: Add PcdUserPhysicalPresence to indicate use physical presence.
This PCD supports all configuration type. Its default value is FALSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-29 09:42:59 +08:00
Zhang, Chao B 90fa53213e SecurityPkg: AuthVariableLib: Cache UserPhysicalPresent in AuthVariableLib
AuthVariableLib is updated to cache the UserPhysicalPresent state to global variable. This avoids calling PlatformSecureLib during runtime and makes PhysicalPresent state consistent during one boot.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-06-28 09:08:39 +08:00
Star Zeng b7c7179338 SecurityPkg: Replace UnicodeStrToAsciiStr/AsciiStrToUnicodeStr
It is the follow up of 3ab41b7a32
to replace UnicodeStrToAsciiStr/AsciiStrToUnicodeStr with
UnicodeStrToAsciiStrS/AsciiStrToUnicodeStrS.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-06-21 12:46:25 +08:00
Zhang, Chao B ed3faea45a SecurityPkg: SecurityPkg.uni: Update info string for PcdTcgPhysicalPresenceInterfaceVer
Update Pcd info string for new added PcdTcgPhysicalPresenceInterfaceVer

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-06-16 15:04:03 +08:00
Zhang, Chao B 0c687d02c7 SecurityPkg: Tcg2Smm: Fix type casting issue
Fix type casting issue introduced by cd64301398

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>
2016-06-16 14:31:07 +08:00
Eric Dong dbff6ed05e SecurityPkg/TcgStorageOpalLib: Avoid using special word in comments
Cc: Shumin Qiu <shumin.qiu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-06-16 13:10:00 +08:00
Eric Dong 0efc3be0af SecurityPkg OpalPasswordDxe: gray out menu instead of suppress it.
For current implementation, if the device is pyrite type, driver
will suppress the "keep user data" option. Base on the feedback
from user, they prefer to keep the menu but gray out it. Now base
on this feedback to update the driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-06-16 10:41:37 +08:00
Zhang, Chao B 3b5624b014 SecurityPkg: Tcg2Smm: Enhance TIS interface detection
TCG PC Client PTP spec defines that if InterfaceType is defined as TIS1.3. All the other fields of the FIFO Interface Identifier Register are skipped.
http://www.trustedcomputinggroup.org/pc-client-specific-platform-tpm-profile-for-tpm-2-0-v43-150126/

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-06-12 21:15:53 +08:00
Zhang, Chao B cd64301398 SecurityPkg: Tcg2Smm: Make TCG2 PP version configurable
Make TCG2 PP version configurable to meet different request. Current default version is 1.3.
http://www.trustedcomputinggroup.org/physical-presence-interface_1-30_0-52/

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-06-12 09:22:38 +08:00
Zhang, Chao B ee46ac08fc SecurityPkg : Tpm12DeviceLibDTpm: Fix TPM12 wrong Response Tag check
TcgDxePassThroughToTpm should be able to handle all TPM12 Command & Response correctly.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-06-08 15:14:56 +08:00
Star Zeng 5b03f1b514 SecurityPkg EsalVariableDxeSal: Use input Global to make code more clear
SecurityPkg\VariableAuthenticated\EsalVariableDxeSal\Variable.c
AutoUpdateLangVariable()
Global->PlatformLangCodes[VirtualMode] = AllocateRuntimeCopyPool
  (DataSize, Data);
ASSERT (mVariableModuleGlobal->PlatformLangCodes[VirtualMode] != NULL);

The patch is to use Global instead of mVariableModuleGlobal in the
ASSERT (XXX) to make code more clear although mVariableModuleGlobal is
equal to Global actually.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Amy Chan <amy.chan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Amy Chan <amy.chan@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-03 15:01:05 +08:00
Cinnamon Shia 531c89a1ed SecurityPkg/DxeImageVerificationLib: Add DEBUG messages for image verification failures
Add DEBUG messages in DxeImageerificationLib to help debug Secure Boot image verification failures

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Samer EL-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-19 11:01:10 +08:00
Liming Gao e7cbd1490f SecurityPkg: Use PcdGet32() to access PcdPeiCoreMaxFvSupported
FixedPcdGet32() limits PcdPeiCoreMaxFvSupported type as FixedAtBuild.
PcdGet32() allows PCD be configured as FixedAtBuild or PatchableInModule.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-17 10:09:32 +08:00
Zhang, Chao B 37c58a6817 SecurityPkg: Remove non-ASCII character from TPM warning strings
Remove a non-ASCII apostrophe character from TPM_WARNING_MAINTAIN
message

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-16 09:54:17 +08:00
Eric Dong 72a05f849f SecurityPkg OpalPasswordDxe: Error handling enhance when input password.
Enhance the error handling:
1. When the device is unlocked at BIOS phase and system does a warm reboot,
the device may be still in unlock status if it uses external power. For
such case, we would still popup password window to ask user input. If
user presses ESC key here, we would force the system shut down or ask
user input again to avoid security hole.
2. When user reach max retry count, force shutdown.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-12 13:07:20 +08:00
Dandan Bi eafbd7a232 Security/OpalPasswordDxe: Enhance the logic in RouteConfig/ExtractConfig
Make the implementation of RouteConfig/ExtractConfig function
follow the UEFI spec.

Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2016-05-11 11:25:52 +08:00
Zhang, Chao B f1005559ec SecurityPkg: SecureBootConfigDxe: Add NULL pointer check
Add SecureBoot NULL pointer check before reference it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-05-11 08:58:14 +08:00
Dong, Eric 6e7423c3c2 SecurityPkg TcgStorageOpalLib: Check the capability before use.
For Pyrite SSC device, it may not supports Active Key,  So
add check logic before enable it.

Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-09 16:18:00 +08:00
Jiaxin Wu 6e2814c1a1 SecurityPkg: Cleanup unused structure definition
This patch is used to cleanup unused structure
definition.

Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-09 08:33:55 +08:00
Eric Dong 3f250a944d SecurityPkg OpalPasswordSmm: Always execute BlockSid command.
The BlockSid feature is not depend on lock status,
so move the send BlockSid command out of unlock process.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:48 +08:00
Eric Dong 69cd129471 SecurityPkg OpalPasswordSmm: Enhance BlockSid Logic.
BlockSid feature can be retrieve from the header info.
Update the logic, check BlockSid capability before use it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:47 +08:00
Eric Dong be08755355 SecurityPkg OpalPasswordDxe: Check BlockSid capability before send command.
Not all opal device support BlockSid feature. So Add
code logic to check the capability before send BlockSid
command.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:47 +08:00
Eric Dong 8d3d84508f SecurityPkg OpalPasswordDxe: Change BlockSid position.
The BlockSid feature is a global level feature instead
of device level feature. So move the menu from device page
to the main page.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:46 +08:00
Eric Dong b20e0d29fa SecurityPkg TcgStorageOpalLib: Check BlockSid capability.
Check the BlockSid feature capability through check
BlockSid header in the DiscoveryHeader.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:46 +08:00
Eric Dong 81c1b6df92 SecurityPkg TcgStorageOpalLib: Update ComId for Block SID command.
The ComId for Block SID authentication command is
0x0005 according to "TCG Storage Feature Set: Block
SID Authentication Specification Version 1.0.0". Update code to
follow this spec requirement.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:45 +08:00
Zhang, Chao B e8903bb7bf SecurityPkg: SecureBootConfigDxe: Disable SecureBoot Enable/Disable in some case
Disable SecureBoot Enable/Disable feature when PhysicalPresence is not available,
Since SecureBootEnable is protected with PhysicalPresence.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-05 09:21:39 +08:00
Eric Dong f14307489f SecurityPkg OpalPasswordDxe: Install menu without device dependency.
Change design to always install opal menu.
Current implementation only install menu when device connect.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-04 10:57:05 +08:00
Zhang, Chao B 12087ff6d6 SecurityPkg: SecureBootConfigDxe: Remove SecureBoot UI change for Customized Secure Boot
Remove SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263.
The feature has been moved to
  https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
  SHA-1: 96832eefea

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-04 09:13:51 +08:00
Zhang, Chao B 560ac77ea1 SecurityPkg: AuthVariableLib: Remove Customized SecureBoot Mode transition.
Remove Customized SecureBoot Mode transition logic for Mantis 1263, including AuditMode/DeployedMode/PK update management.
  Also remove image verification logic in AuditMode.
The feature has been moved to
  https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
  SHA-1: 4fc08e8d68

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-04 09:13:49 +08:00
Zhang, Chao B 8b02803624 SecurityPkg: Remove gEdkiiSecureBootModeGuid definition
Remove gEdkiiSecureBootModeGuid definition for Customized Secure Boot feature defined in
UEFI2.5 Mantis 1263. It is a private variable GUID.
The feature has been moved to
  https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
  SHA-1: af9af05bec

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-04 09:13:48 +08:00
Samer El-Haj-Mahmoud 730f807141 SecurityPkg: Update servers TCG ACPI Table template to TCG 1.2
Update the TCG Spec in the the EFI_TCG_SERVER_ACPI_TABLE from TCG 1.0 to
TCG 1.2

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:11:12 +08:00
Derek Lin 336dbfd1ca SecurityPkg: Reduce DEBUG verbosity in Tcg2Dxe
Reduce several DEBUG messages verbosity from INFO to VERBOSE, so that will not see debug message around each driver loading when TPM 2.0 part present.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03 10:11:07 +08:00