Add gEdkiiSecureBootModeGuid definition for Enable Secure Boot feature defined in
UEFI2.5 Mantis 1263. It is a private variable GUID.
https://mantis.uefi.org/mantis/view.php?id=1263
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19132 6f19259b-4bc3-4df7-8a09-765794883524
Some compilers (like RVCT) reject input files that do not end in a
newline. So add missing newlines to some SecurityPkg header files.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19107 6f19259b-4bc3-4df7-8a09-765794883524
If TPM2_Startup(TPM_SU_STATE) to return an error, the system
firmware that resumes from S3 MUST deal with a TPM2_Startup
error appropriately.
For example, issuing a TPM2_Startup(TPM_SU_CLEAR) command and
configuring the device securely by taking actions like extending
a separator with an error digest (0x01) into PCRs 0 through 7.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18760 6f19259b-4bc3-4df7-8a09-765794883524
This is patch to remove smbios measurement in TCG driver. There will be other patch to add it in Smbios driver.
The problem of current SMBIOS measurement is:
1) TCG drivers do not support SMBIOS3.0 table.
2) TCG drivers do not follow TCG platform spec on: "Platform configuration information that is automatically updated,
such as clock registers, and system unique information, such as asset numbers or serial numbers,
MUST NOT be measured into PCR [1], or any other PCR."
So we decide to move Smbios measurement from TCG drivers to Smbios driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18677 6f19259b-4bc3-4df7-8a09-765794883524
Previous TCG2 configuration UI always add all TCG defined hash algorithm to let user select which one need be used.
This brings risk that user might select unsupported hash, and selection is rejected later.
So we enhance to UI to hide unsupported hash algorithm.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18676 6f19259b-4bc3-4df7-8a09-765794883524
This issue causes section extraction overrun and possible hang due to bad output size calculation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Cohen, Eugene" <eugene@hp.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18625 6f19259b-4bc3-4df7-8a09-765794883524
PcdSet## has no error status returned, then the caller has no idea about whether the set operation is successful or not.
PcdSet##S were added to return error status and PcdSet## APIs were put in ifndef DISABLE_NEW_DEPRECATED_INTERFACES condition.
To adopt PcdSet##S and further code development with DISABLE_NEW_DEPRECATED_INTERFACES defined, we need to Replace PcdSet## usage with PcdSet##S.
Normally, DynamicDefault PCD set is expected to be success, but DynamicHii PCD set failure is a legal case.
PcdTpmInitializationPolicy/PcdTcg2HashAlgorithmBitmap/PcdTpm2HashMask/PcdTpmInstanceGuid all have set operation in PEI phase,
PEI phase does not allow DynamicHii PCD set, so DynamicDefault is expected for them and use PcdSet##S to instead of PcdSet## and assert when set failure.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18614 6f19259b-4bc3-4df7-8a09-765794883524
There is no real build failure, as AuthVariableLib always links to variable driver.
But for code integrity, we should add it.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18613 6f19259b-4bc3-4df7-8a09-765794883524
Clean up files in RngDxe/IA32 and RngDxe/X64 that are subsumed
by files in BaseRngLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18592 6f19259b-4bc3-4df7-8a09-765794883524
Use the new RngLib to provide the IA32/X64 random data for RngDxe.
Remove x86 specific functions from RdRand files.
Simplify RngDxe by using WriteUnaligned64 for all platforms.
Use GetRandomNumber128 in RngDxe to leverage 128 bit support provided
by some HW RNG devices.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18591 6f19259b-4bc3-4df7-8a09-765794883524
Some of the TPM/TPM2 DEBUG messages are at EFI_D_INFO level,
even though they are simply tracing functions that run on every boot even
if there is no TPM installed. Changed verbosity to EFI_D_VERBOSE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Samer El-Haj-Mahmoud" <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: "Jiewen Yao" <Jiewen.Yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18476 6f19259b-4bc3-4df7-8a09-765794883524
VerifyBuffer() in PKCS7 Verify Protocol should return EFI_UNSUPPORTED
when the embedded content is found in SignedData but InData is not NULL.
This patch is to comply with the spec definition.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18311 6f19259b-4bc3-4df7-8a09-765794883524
PcdLib introduces generic API to get the size of VOID* PCD value.
Update Pei and Dxe RsaGuidedLib to use generic PCD API instead of GetEx API.
This change can remove PCD type limitation in these two libraries.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18277 6f19259b-4bc3-4df7-8a09-765794883524
PcdTcg2HashAlgorithmBitmap is declared in a section that allows it to be Fixed or PatchableAtBuild, but there is code that sets it.
This breaks the build on some platforms. Changed it to be PcdsDynamic and PcdsDynamicEx only.
We move PcdTpm2HashMask to Dynamic section too, because now Tcg2Pei will set this PCD according to TPM2 device capability.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Samer El-Haj-Mahmoud" <samer.el-haj-mahmoud@hp.com>
Reviewed-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18233 6f19259b-4bc3-4df7-8a09-765794883524
Follow UEFI specification to add context check and init in BaseCrypto2Hash(), so that other function can get proper status on hash operation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18227 6f19259b-4bc3-4df7-8a09-765794883524
Update SignatureSize to include SignatureOwner GUID. This behavior is defined by UEFI spec
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18226 6f19259b-4bc3-4df7-8a09-765794883524
TCG EFI Protocol Specification for TPM Family 2.0 Revision 1.0 Version 9 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification
TCG Physical Presence Interface Specification Version 1.30, Revision 00.52 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification
Add Tcg2XXX, similar file/directory as TrEEXXX. Old TrEE driver/library can be deprecated.
1) Add Tcg2Pei/Dxe/Smm driver to log event and provide services.
2) Add Dxe/Pei/SmmTcg2PhysicalPresenceLib to support TCG PP.
3) Update Tpm2 library to use TCG2 protocol instead of TrEE protocol.
Test Win8/Win10 with SecureBoot enabled, PCR7 shows bound.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18219 6f19259b-4bc3-4df7-8a09-765794883524
Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler to enforce MorLock Policy.
Only SMM version is added because MOR is only supported in SMM variable case.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18092 6f19259b-4bc3-4df7-8a09-765794883524
No TPM2 is considered as valid case. For example, a platform may only have TPM1.2, without TPM2.0 So this is NOT an ERROR message, but more an INFO message.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18091 6f19259b-4bc3-4df7-8a09-765794883524
Originally, the double pointer (VOID **) is not correct for convert
address pointers, and also some address pointers were missing.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.Yao@intel.com>
[lersek@redhat.com: fix up gcc build failure -- add more (VOID **) casts]
Tested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18055 6f19259b-4bc3-4df7-8a09-765794883524
Correct the variable measurement behavior to include whole EFI_VARIABLE_DATA structure.
It is for the latest spec compliance
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17980 6f19259b-4bc3-4df7-8a09-765794883524
System may break during time based AuthVariable update, causing certdb inconsistent. 2 ways are used to ensure update atomic.
1. Delete cert in certdb after variable is deleted
2. Clean up certdb on variable initialization
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17919 6f19259b-4bc3-4df7-8a09-765794883524
1. Add default value for TPM action question. F9 restore default can get the right value
2. Remove redundant suppressif
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17918 6f19259b-4bc3-4df7-8a09-765794883524
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the
mZeroGuid defined in DxeTpmMeasureBootLib is redundant.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17844 6f19259b-4bc3-4df7-8a09-765794883524
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the
mTrEEZeroGuid defined in DxeTpm2MeasureBootLib is redundant.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17843 6f19259b-4bc3-4df7-8a09-765794883524
When the two concatenated strings are both not null, the total length in bytes of them should calculate the character '\0' once.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Reviewed-by: jiaxinwu <jiaxin.wu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17820 6f19259b-4bc3-4df7-8a09-765794883524
1. Delete TpmMeasurementLib LibraryClass from SecurityPkg after it moved to MdeModulePkg.
2. Update DxeTpmMeasurementLib.inf to include MdeModulePkg.dec.
3. Delete authenticated variable definition from AuthenticatedVariableFormat.h after
them moved to VariableFormat.h.
4. Replace VARIABLE_HEADER with AUTHENTICATED_VARIABLE_HEADER in EsalVariableDxeSal.
5. Delete VariableInfo from SecurityPkg after it merged to VariableInfo in MdeModulePkg.
6. Delete VariablePei from SecurityPkg after it merged to VariablePei in MdeModulePkg.
7. Delete Auth Variable driver from SecurityPkg after it merged to Variable driver in
MdeModulePkg.
8. Also update PACKAGE_GUID and PACKAGE_VERSION in SecurityPkg.dec after the deletion
of authenticated variable definition, VariableInfo, VariablePei and Auth Variable
driver from SecurityPkg; update PLATFORM_VERSION in SecurityPkg.dsc.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17772 6f19259b-4bc3-4df7-8a09-765794883524
What to do:
1. Implement AuthVariableLib library instance.
2. Temporarily add VARIABLE_ENTRY_CONSISTENCY and
variable attribute combinations definitions to
AuthenticatedVariableFormat.h for git bisect.
Why to do:
1. Share code.
Separate auth variable service from Auth Variable driver in
SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17758 6f19259b-4bc3-4df7-8a09-765794883524
MD5 is part of the HASH2 protocol and it's trivial to support.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jonathan Doman <jonathan.doman@hp.com>
Reviewed-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hp.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17729 6f19259b-4bc3-4df7-8a09-765794883524
The TPer Reset operation is a common logic. So it's added into
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf module and
would be triggered at EndOfDxe.
By this way, all encrypted drives which produce EFI_STORAGE_SECURITY_
RPOTOCOL interface would be force reset when MOR is set.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tian Feng <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17718 6f19259b-4bc3-4df7-8a09-765794883524
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment
Signature field. So, its structure doesn't include Signature field. But,
ImageExeInfoEntrySize uses its structure size minor Signature size. It
will be corrected in this change.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17687 6f19259b-4bc3-4df7-8a09-765794883524
This patch adds the support for PKCS7 Verification Protocol which
was defined in UEFI 2.5.
(NOTE: The VerifySignature interface was not supported in this
version, due to openssl interface limitation)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17670 6f19259b-4bc3-4df7-8a09-765794883524
VariableLock in VariableSmmRuntimeDxe.c is installed in EntryPoint now.
It works based on SMM variable handler by SMM communication with
payload buffer. But the payload buffer and SMM variable handler will
be not ready in EntryPoint before SmmVariableReady() call back.
VarCheck in VariableSmmRuntimeDxe.c has the same issue,
so move VarCheck install into SmmVariableReady() also.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17625 6f19259b-4bc3-4df7-8a09-765794883524
1. If PcdMaxAuthVariableSize is set to 0, keep current behavior as is and
PcdMaxVariableSize used.
2. If PcdMaxAuthVariableSize is set to non 0, it will work on
authenticated variables.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17610 6f19259b-4bc3-4df7-8a09-765794883524
class/subclass is the obseleted key word in VFR file. It is designed in framework HII.
After convert to UEFI HII, it is not used any longer. Now remove them from VFR
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17493 6f19259b-4bc3-4df7-8a09-765794883524
When PcdTpmInstanceGuid is configured to other value,
it means other TPM 2.0 device.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17446 6f19259b-4bc3-4df7-8a09-765794883524
Update SecureBootConfigDxe component to allow the enrollment of
the digests of EFI executable that are built for ARM or AARCH64.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17406 6f19259b-4bc3-4df7-8a09-765794883524
PK can be cleared in runtime. However SecureBootMode variable is not updated accordingly. Add code in variable init to make them consistent.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17401 6f19259b-4bc3-4df7-8a09-765794883524
Because Hash2 need CryptoLib/Openssl, while latter does not support EBC build.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17365 6f19259b-4bc3-4df7-8a09-765794883524
to just return EFI_SUCCESS if the variable has been in the locked list.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17140 6f19259b-4bc3-4df7-8a09-765794883524
check IsDeleteAuthVariable () first and then check
UserPhysicalPresent () to avoid the case below.
PcdSetXX (a DynamicHii PCD) -> gRT->SetVariable ()
-> UserPhysicalPresent () -> PcdGetXX ()
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17058 6f19259b-4bc3-4df7-8a09-765794883524
to return EFI_NOT_FOUND when a specified variable doesn't exist and
Data parameter is NULL but DataSize parameter is valid in GetVariable() invocation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17031 6f19259b-4bc3-4df7-8a09-765794883524
As the driver does not reference gEfiSmmAccess2ProtocolGuid explicitly now
after SmmMemLib introduced.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16761 6f19259b-4bc3-4df7-8a09-765794883524
Use the example.com domain as recommended in RFC 2606.
NOTE: This does not modify the wording of the "TianoCore Contribution
Agreement 1.0" section
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Bruce Cran <bruce.cran@gmail.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16724 6f19259b-4bc3-4df7-8a09-765794883524
for trying to reclaim variable space at EndOfDxe.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16688 6f19259b-4bc3-4df7-8a09-765794883524
And leave the variable error flag in NV flash as the last boot variable error flag.
After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
will be initialized to this local current boot variable error flag.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16686 6f19259b-4bc3-4df7-8a09-765794883524
And leave the variable error flag in NV flash as the last boot variable error flag.
After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash
will be initialized to this local current boot variable error flag.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16685 6f19259b-4bc3-4df7-8a09-765794883524
This PPI will always be installed to notify other drivers that TPM initialization action is done. TPM initialization may success or fail, or even not present.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
Reviewed-by: "Chiu, Chasel" <chasel.chiu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16638 6f19259b-4bc3-4df7-8a09-765794883524
If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled.
Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524
The Tcg/TrEE PhysicalPresence library will depend on Tcg/TrEE PpVendor library.
The default NULL library instance is provided in this package.
OEM can create OemPpVendorLib as override to handle >=128 operation value.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16597 6f19259b-4bc3-4df7-8a09-765794883524
and follow UEFI spec to check UEFI defined variables.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16580 6f19259b-4bc3-4df7-8a09-765794883524
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate,
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449 6f19259b-4bc3-4df7-8a09-765794883524
SVN r16380 ("UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp
Verification support for Secure Boot") broke the "dbt" variable's
association with its expected namespace GUID.
According to "MdePkg/Include/Guid/ImageAuthentication.h", *all* of the
"db", "dbx", and "dbt" (== EFI_IMAGE_SECURITY_DATABASE2) variables have
their special meanings in the EFI_IMAGE_SECURITY_DATABASE_GUID namespace.
However, the above commit introduced the following expression in
VariableServiceSetVariable():
> - } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> - ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {
> + } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))
> + || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2)) == 0) {
Simply replacing the individual expressions with the predicates
"GuidMatch", "DbMatch", "DbxMatch", and "DbtMatch", the above
transformation becomes:
> - } else if (GuidMatch &&
> - ((DbMatch) || (DbxMatch))) {
> + } else if (GuidMatch &&
> + ((DbMatch) || (DbxMatch))
> + || DbtMatch) {
In shorter form, we change
GuidMatch && (DbMatch || DbxMatch)
into
GuidMatch && (DbMatch || DbxMatch) || DbtMatch
which is incorrect, because this way "dbt" will match outside of the
intended namespace / GUID.
The error was caught by gcc:
> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c: In function
> 'VariableServiceSetVariable':
>
> SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c:3188:71: error:
> suggest parentheses around '&&' within '||' [-Werror=parentheses]
>
> } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
> ^
> cc1: all warnings being treated as errors
Fix the parentheses.
This change may have security implications.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Qin Long <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16389 6f19259b-4bc3-4df7-8a09-765794883524
Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
Update to show what the patch looks like in email form.
NOTE: This does not modify the wording of the "TianoCore Contribution
Agreement 1.0" section
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16297 6f19259b-4bc3-4df7-8a09-765794883524
ASSERT for SetupEventLog is kept. It is the foundation of TcgProtocol and TrEEProtocol
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16281 6f19259b-4bc3-4df7-8a09-765794883524
Module UNI and Package UNI files are not DOS format. Convert them to DOS format.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16050 6f19259b-4bc3-4df7-8a09-765794883524
2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.
3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15959 6f19259b-4bc3-4df7-8a09-765794883524
5. Add PACKAGE_UNI_FILE UNI file that contains the localized Abstract and Description of a package and localized strings associated with PCDs.
a. Addresses an information gap between DEC files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume PACKAGE_UNI_FILE and associated UNI file during UDP creation that performs the DEC -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce PACKAGE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> DEC conversion.
6. Add Package Extra UNI file that provides the localized Name of a package.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a package to specify extra files to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a package to go along with the localized Abstract and Description from the PACKAGE_UNI_FILE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15953 6f19259b-4bc3-4df7-8a09-765794883524
4. PCD information in DEC file comment blocks are either incomplete or incorrect.
This includes detailed description, @Prompt, @ValidRange, @ValidList, @Expression, and [Error.<TokenSpaceGuid>] validation error messages.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15952 6f19259b-4bc3-4df7-8a09-765794883524
2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.
3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15951 6f19259b-4bc3-4df7-8a09-765794883524
1. Usage information in INF file comment blocks are either incomplete or incorrect.
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15950 6f19259b-4bc3-4df7-8a09-765794883524
We strongly prefer that contribtions be offered using the same license
as the project/module. But, we should document other acceptable
licenses for contributions.
This will allow package owners to more easily know if they can accept
a contribution under a different source license.
NOTE: This does not modify the wording of the "TianoCore Contribution
Agreement 1.0" section
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
Reviewed-by: Mark Doran <mark.doran@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15892 6f19259b-4bc3-4df7-8a09-765794883524
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>
Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg.
The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID.
MdePkg/Include/Guid/WinCertificate.h
=================================
//
// WIN_CERTIFICATE_UEFI_GUID.CertType
//
#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \
{0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } }
///
/// WIN_CERTIFICATE_UEFI_GUID.CertData
///
typedef struct {
EFI_GUID HashType;
UINT8 PublicKey[256];
UINT8 Signature[256];
} EFI_CERT_BLOCK_RSA_2048_SHA256;
MdePkg/Include/Protocol/Hash.h
=================================
#define EFI_HASH_ALGORITHM_SHA256_GUID \
{ \
0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \
}
The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region.
While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase.
I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers.
Patch Summary
==============
1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH
c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section
Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256Sign -e|-d [options] <input_file>
positional arguments:
input_file specify the input filename
optional arguments:
-e encode file
-d decode file
-o filename, --output filename
specify the output filename
--private-key PRIVATEKEYFILE
specify the private key filename. If not specified, a
test signing key is used.
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities.
a. Wrapper for a set of OpenSsl command line utility operations
b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH
Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
usage: Rsa2048Sha256GenerateKeys [options]
optional arguments:
-o [filename [filename ...]], --output [filename [filename ...]]
specify the output private key filename in PEM format
-i [filename [filename ...]], --input [filename [filename ...]]
specify the input private key filename in PEM format
--public-key-hash PUBLICKEYHASHFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in binary format
--public-key-hash-c PUBLICKEYHASHCFILE
specify the public key hash filename that is SHA 256
hash of 2048 bit RSA public key in C structure format
-v, --verbose increase output messages
-q, --quiet reduce output messages
--debug [0-9] set debug level
--version display the program version and exit
-h, --help display this help text
3) BaseTools\Conf\tools_def.template
a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key
b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID
c. Tool is Rsa2049Sha256Sign
4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib
a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components
5) MdeModulePkg\Universal\SectionExtractionPei
a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs
6) MdeModulePkg\Universal\SectionExtractionDxe
a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols.
7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib
a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg.
b. Based on algorithms from SecurityPkg Authenticated Variable services
c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer.
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15801 6f19259b-4bc3-4df7-8a09-765794883524
Contributed-under: TianoCore Contribution Agreement 1.0
Signed off by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed by: Eric Dong <eric.dong@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15766 6f19259b-4bc3-4df7-8a09-765794883524
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Andrew Fish <afish@apple.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15561 6f19259b-4bc3-4df7-8a09-765794883524
Signed off by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed by: Jeff Fan <jeff.fan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Contributed-under: TianoCore Contribution Agreement 1.0
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15321 6f19259b-4bc3-4df7-8a09-765794883524
It can fix the potential failure to return EFI_OUT_OF_RESOURCES of the second variable set of large variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14822 6f19259b-4bc3-4df7-8a09-765794883524
2. Add support to find section by instance rather than only 0 at PEI phase.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14763 6f19259b-4bc3-4df7-8a09-765794883524
2. ASSERT if PCD value is set to 5 (QUERY_USER_ON_SECURITY_VIOLATION).
3. Update override PCD setting from 5 to 4 in platform DSC file.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14607 6f19259b-4bc3-4df7-8a09-765794883524
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14590 6f19259b-4bc3-4df7-8a09-765794883524
Two exceptions to this rule:
1. No access attributes specified
2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14552 6f19259b-4bc3-4df7-8a09-765794883524
PEI variable implementation checks only the variable header signature for validity. This does not seem robust if system crash occurred during previous Reclaim() operation. If the crash occurred while FTW was rewriting the variable FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: PEI variable and early phase(before FTW protocol ready) of DXE variable can check the FTW last write status provided by FaultTolerantWritePei and determine if all or partial variable data has been backed up in spare block, and then use the backed up data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14455 6f19259b-4bc3-4df7-8a09-765794883524
convert the list when transferring from physical to virtual mode.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14425 6f19259b-4bc3-4df7-8a09-765794883524
convert the list when transferring from physical to virtual mode.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14403 6f19259b-4bc3-4df7-8a09-765794883524
2. Add check to ensure CommBufferPayloadSize not exceed mVariableBufferPayloadSize or is enough to hold function structure in VariableSmm and FtwSmm.
3. Align FtwGetLastWrite() in FaultTolerantWriteSmmDxe.c to FtwGetLastWrite() in FaultTolerantWrite.c.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14325 6f19259b-4bc3-4df7-8a09-765794883524
2. Refine the debug message.
3. Add check to make sure the input VariableName is A Null-terminated string.
4. Use local variable to hold StrSize (VariableName) to avoid duplicated StrSize calculation.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14317 6f19259b-4bc3-4df7-8a09-765794883524
VariableNameSize is the returned buffer size. GetNextVariable should behavior correct if it is bigger than SMM communication buffer or less than string size of VariableName.
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by : Dong Guo <guo.dong@intel.com>
Reviewed-by : Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by : Zeng Star <star.zeng@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14258 6f19259b-4bc3-4df7-8a09-765794883524
set old variable to IN_DELETED_TRANSITION -> check if reclaim is needed(If yes, do reclaim) -> add new variable -> set old variable to DELETED if no reclaim happened.
to:
set old variable to IN_DELETED_TRANSITION -> check if reclaim is needed(If yes, do reclaim) -> add new variable -> set old variable to DELETED.
2. Update UpdateVariable() to correctly handle the case "both ADDED and IN_DELETED_TRANSITION variable are present", and delete both old ADDED and IN_DELETED_TRANSITION variable when deleting or updating variable.
3. Update VariableServiceGetNextVariableName() to return the valid IN_DELETED_TRANSITION variable if only IN_DELETED_TRANSITION variable is present.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14065 6f19259b-4bc3-4df7-8a09-765794883524
2. Add “Current SecureBoot State” field to reflect current secure boot status of the platform.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14042 6f19259b-4bc3-4df7-8a09-765794883524
2. When no DELETED variable found, no variable space could be reclaimed, so just give some debug info and return EFI_SUCCESS.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14029 6f19259b-4bc3-4df7-8a09-765794883524
2.Re-measure ACPI table after fix up with event type EV_EFI_HANDOFF_TABLES to PCR[1]
Signed-off-by : Chao Zhang<chao.b.zhang@intel.com>
Reviewed-by : Dong Guo<guo.dong@intel.com>
Reviewed-by : Yao Jiewen<jiewen.yao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13964 6f19259b-4bc3-4df7-8a09-765794883524
2. Check the reserverd bit in variable attribute.
3. Return EFI_OUT_OF_RESOURCE instead of EFI_SECURITY_VIOLATION if there is not enough speace to store the public key.
4. Fix a bug when deleting a non-existent time-based auth variable, we store the certificate into cert DB incorrectly.
5. Fix a bug that time-based auth variable can't been updated again after append operation.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13957 6f19259b-4bc3-4df7-8a09-765794883524
2. Remove the TimeCompare function in Bds since it's not used anymore.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13731 6f19259b-4bc3-4df7-8a09-765794883524
1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Guo Dong <dong.guo@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661 6f19259b-4bc3-4df7-8a09-765794883524
2. Remove the code path to validate UEFI image signed by RSA2048 key.
3. Disable the ALLOW_EXECUTE/DEFER_EXECUTE/QUERY_USER policy PCD.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13636 6f19259b-4bc3-4df7-8a09-765794883524
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
1.Change function name to avoid name conflict.
2.Refine check for Pe Image.
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13220 6f19259b-4bc3-4df7-8a09-765794883524
Contributions.txt documents the contribution process for all
tianocore projects. The conents of Contributions.txt should
match in all cases.
License.txt is a per-project document showing the license terms
used by that project.
Signed-off-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13187 6f19259b-4bc3-4df7-8a09-765794883524
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.
Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
Per UEFI spec, on CallBack action EFI_BROWSER_ACTION_CHANGING, the return value of ActionRequest will be ignored, but on CallBack action EFI_BROWSER_ACTION_CHANGED, the return value of ActionRequest will be used.
But, EDKII browser still processes the got ActionRequest. And, all HII drivers in EDKII project also returns their expected ActionRequest value on action EFI_BROWSER_ACTION_CHANGING.
Now update the browser to follow the spec, and update all core Hii drivers to keep old working modal.
Signed-off-by: ydong10
Reviewed-by: lgao4
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12868 6f19259b-4bc3-4df7-8a09-765794883524
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of
EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at
the base address.
In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength'
is a non valid value that can lead to a non valid physical address when accessing produces an
access error.
Signed-off-by: oliviermartin
Reviewed-by: rsun3
Reviewed-by: niruiyu
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
1. Remove memory allocation code in runtime.
2. Exclude NULL terminator in VariableName for serialization data in time-based variable authentication.
3. Add support for enroll PK with WRITE_ACCESS attribute.
4. Initialize SetupMode variable with correct NV attribute.
5. Add support for APPEND_WRITE attribute for non-existing Variable.
6. Clear KEK, DB and DBX as well as PK when user request to clear platform keys.
7. Check duplicated EFI_SIGNATURE_DATA for Variable formatted as EFI_SIGNATURE_LIST when APPEND_WRITE attribute is set.
8. Not change SecureBoot Variable in runtime, only update it in boot time since this Variable indicates firmware operating mode.
9. Save time stamp of PK when PK is set with TIME_BASED_WRITE_ACCESS attribute in setup mode.
10. Update to use PcdMaxVariableSize instead of PcdMaxAppendVariableSize for append operation.
Signed-off-by: xdu2
Reviewed-by: tye
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12599 6f19259b-4bc3-4df7-8a09-765794883524
1. Update to check image digest against dbx before execute it.
2. Update to support revoke certificate.
3. Update to support enroll unsigned PE image's Hash to allowed database (db). (Note: Unsigned Image's Hash is calculated in the same way with authenticode, the algorithm is assumed to be SHA256.)
Signed-off-by: xdu2
Reviewed-by: tye
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12598 6f19259b-4bc3-4df7-8a09-765794883524
0. Remove the unused private GUID from module source files.
1. Use gEfiCallerIdGuid replace of the private module GUID.
2. Add the public header files to define HII FormSet and PackageList GUID used in every HII driver.
Signed-off-by: lgao4
Reviewed-by: ydong10 gdong1 tye jfan12 wli12 rsun3 jyao1 ftian
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12375 6f19259b-4bc3-4df7-8a09-765794883524
1. Refine comments to remove the unrecognized code.
2. Add code to avoid potential data type change.
3. In inf file, add module type to the library class list.
Signed-off-by: ydong10
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12284 6f19259b-4bc3-4df7-8a09-765794883524
Chao Zhang
Ard Biesheuvel
Yao, Jiewen
Cohen, Eugene
Star Zeng
Thomas Palmer
Samer El-Haj-Mahmoud
Qiu Shumin
Qin Long
Liming Gao
Samer El-Haj-Mahmoud
Zhang Lubo
Hao Wu
Jonathan Doman
Tian Feng
Dandan Bi
Jordan Justen
Dong Guo
Laszlo Ersek
Eric Dong
Michael Kinney
jyao1
Andrew Fish
Fu Siyuan
gdong1
Gary Ching-Pang Lin
Ruiyu Ni
lzeng14
niruiyu
sfu5
lgao4
czhang46
gdong1
tye1
qianouyang
erictian
ydong10
jyao1
hhtian
jljusten
rsun3
oliviermartin
xdu2
hhuan13