Commit Graph

712 Commits

Author SHA1 Message Date
Zhichao Gao e90ea9470a SecurityPkg/AuthSeriableLib: Always delete variable in certdb
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1783

While cleaning the certdb, always delete the variable data in
the certdb regardless of its attribute.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-15 13:00:37 +08:00
Joe Richey 4000f249ba SecurityPkg: Remove double \r
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Signed-off-by: Joe Richey <joerichey@google.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by : Chao Zhang <chao.b.zhang@intel.com>
2019-05-15 12:57:20 +08:00
Eric Dong 46e696088a SecurityPkg/OpalPassword: Fix "Enable Feature" Menu disappear issue
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

After change behavior to send BlockSid command at EndOfDxe point,
check device ownership command will return un-authority error, it
finally caused opal driver can't show "Enable Feature" menu.

Update the code logic to send detect device ownership command
before send BlockSID command.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2019-05-09 14:32:52 +08:00
Eric Dong 539a6c9318 SecurityPkg/OpalPassword: Change send BlockSID policy
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

Change Send BlockSID command time from ReadyToBoot to
EndOfDxe.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2019-05-09 14:32:49 +08:00
Eric Dong e0972cfc7d SecurityPkg/SecurityPkg.dec: Change BlockSID default policy
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

Change BlockSID default policy, default enable BlockSid.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
2019-05-09 14:32:46 +08:00
Chu, Maggie f5245a1db1 SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753
Add pop-up warning messages before secure erase action.
In order to notify user the secure erase action will take a longer time.
This change also fix some pop-up windows are unable to show up
complete message due to some strings are too long.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-05-08 09:17:36 +08:00
Zhichao Gao 930fcd9f3a SecurityPkg/Tcg2Dxe: Change comments of ShutdownTpmOnReset
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1460

Refer to Uefi spec 2.8, the ResetData is valid while ResetStatus
is EFI_SUCCESS regardless of the ResetType is EfiResetPlatformSpecific
or not.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Turner <Michael.Turner@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-04-28 09:40:13 +08:00
Michael D Kinney 289b714b77 SecurityPkg: Replace BSD License with BSD+Patent License
https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-09 10:58:23 -07:00
Eric Dong f4c5200926 SecurityPkg/OpalPassword: Fix incorrect line ending issue.
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-03-22 10:05:59 +08:00
Shenglei Zhang 6ef95e4da7 SecurityPkg/SecurityPkg.uni: Add the prompt and help information
The prompt and help information are missing in SecurityPkg.uni.
https://bugzilla.tianocore.org/show_bug.cgi?id=1600

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-03-19 15:22:01 +08:00
Dandan Bi c8eada5ca0 SecurityPkg: Remove duplicated BSD license
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1612

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-03-12 23:08:17 -07:00
Hao Wu e8959f8100 SecurityPkg/HddPassword: Add Security feature set support for ATA dev
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529

This commit will add the 'Security feature set' support for ATA devices.

According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS)
specification, the Security feature set is an optional feature. In
summary, the feature is a password system that restricts access to user
data stored on an ATA device. A more detailed introduction of this feature
can be referred from the ATA8-ACS spec.

The HddPassword driver is composed of 2 parts:
* A DXE driver and
* A PEI driver

The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs
an HII GUI to manage the devices. If the managing device supports Security
feature set, the HII page will provide the user with the ability to
set/update/disable the password for this device. Also, if a password is
being set via the Security feature set, a popup window will show during
boot requesting the user to input password.

Another feature supported by this driver is that for those managing
devices with password set, they will be automatically unlocked during the
S3 resume. This is done by the co-work of the DXE driver and the PEI
driver:

The DXE driver will save the password and the identification information
for these devices into a LockBox, which is only allowed to restore during
S3 resume.

The PEI driver, during S3 resume, will restore the content in the LockBox
and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-02-22 08:20:08 +08:00
Hao Wu a3efbc29c4 SecurityPkg/OpalPassword: Remove HW init codes and consume SSC PPI
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1409

For the current implementation of OpalPassword drivers, it has a feature
to support devices being automatically unlocked in the S3 resume. For this
feature, two types of devices are supported:

* ATA hard disks working under AHCI mode
* NVM Express devices

The support of this feature requires the above 2 types of device to be
initialized at the PEI phase during S3 resume, which is done by the
co-work of the OpalPasswordDxe driver and the OpalPasswordPei driver.

More specifically, the OpalPasswordDxe will handle:

* Pre-allocate MMIO resource and save it in a driver internal LockBox for
  OpalPasswordPei to retrieve;
* Save the PCI configuration space of ATA controllers into boot script.

Meanwhile, the OpalPasswordPei will handle:

* Rely on the boot script for the PCI configuration space program of ATA
  controllers;
* Restore the driver internal LockBox to get the MMIO resource;
* Complete the PCI configuration space program for ATA and NVME
  controllers;
* Initialize ATA and NVME controllers and devices.

This commit will remove these hardware initialization related codes from
the OpalPassword drivers. The hardware initialization will be covered by
PEI storage device drivers (e.g. NvmExpressPei & AhciPei in the
MdeModulePkg).

After such codes removal, the OpalPasswordDxe will only handle:

* Construct/update the S3StorageDeviceInitList LockBox with the managing
  ATA and NVME devices.

And the OpalPasswordPei will only handle:

* Locate Storage Security Command PPI instances to perform the device
  automatic unlock during the S3 resume.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-02-22 08:20:08 +08:00
Gonzalez Del Cueto, Rodrigo b49758c112 SecurityPkg/TcgConfigDxe: Allow enabling TPM 1.2 device from disabled state.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1511

Currently the TCG config setup form defaults the physical presence action to
PHYSICAL_PRESENCE_ENABLE, this prevents the action from being called. When a TPM
1.2 device is in Disabled and Activated state it is not possible to issue the
PHYSICAL_PRESENCE_ENABLE using the menu action.

By having the form default to PHYSICAL_PRESENCE_NO_ACTION, the user is now able
to select PHYSICAL_PRESENCE_ENABLE and toggle the TPM 1.2 device enable state.

Contributed-under: TianoCore Contribution Agreement 1.1

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-02-20 21:44:14 +08:00
Eric Dong d72d8561fb SecurityPkg/OpalPassword: Add NULL pointer check before using it
https://bugzilla.tianocore.org/show_bug.cgi?id=1503
A pointer variable should be checked if it is NULL or Valid before
using it.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-02-14 14:53:14 +08:00
Eric Dong 315873959e SecurityPkg/OpalPassword: Update strings on Opal Setup page
https://bugzilla.tianocore.org/show_bug.cgi?id=1506
Updated some descriptions on SETUP page to avoid user confusion.
Currently it shows "1.0 UEFI Opal Driver", however it may be mislead user to think
it is only for Opal drive but not for Pyrite drive.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-02-14 13:37:27 +08:00
Leif Lindholm 2f0a1e6542 SecurityPkg: fix package build on ARM
The CompilerIntrinsicsLib and BaseStackCheckLib need to be included in
order for an ARM build of the package .dsc to succeed - so add them.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: jiewen.yao@intel.com
2019-02-04 17:09:14 +00:00
Bret Barkelew 5f3b0250d0 SecurityPkg/Tcg: Fix typos in TcgDxe.c and Tcg2Dxe.c
Change EFI_RETURNING_FROM_EFI_APPLICATOIN to
EFI_RETURNING_FROM_EFI_APPLICATION.
https://bugzilla.tianocore.org/show_bug.cgi?id=1368

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2019-01-31 20:19:10 +08:00
Chu, Maggie 8a9301cdd7 SecurityPkg: Add a PCD to skip Opal password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1484
Add a PCD for skipping password prompt and device unlock flow.
so that other pre-OS applications are able to take over Opal
devices unlock flow.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-01-31 10:49:16 +08:00
Zhang, Chao B b909b8b91d SecurityPkg/TCG: Upgrade UEFI supporting TCG spec info
Update "TCG ACPI Specification Level 00 Revision 00.37" to "TCG ACPI Specification 1.2 Revision 8"
https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_v1.20_r8.pdf

Upgrade TCG PC Client Platform Physical Presence Interface Specification Version 1.3 Revision 0.52" to Errata Version 0.4
https://trustedcomputinggroup.org/wp-content/uploads/Errata-Version-0.4-for-TCG-PC-Client-Platform-Physical-Presence-Interface-Version-1.30-Revision-0.52.pdf

Upgrade "TCG EFI Protocol Specification for Family 2.0 Level 00" to Errata 0.5
https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-Errata-v.5.pdf

Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Yao Jiewen <jiewen.yao@intel.com>
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2019-01-28 22:47:41 +08:00
Ard Biesheuvel c5386c7898 SecurityPkg/PlatformSecureLibNull: permit use by MM_STANDALONE modules
Add MM_STANDALONE to the list of module types that are permitted to
link to this library. Also, since the constructor prototype is
different between MM_STANDALONE and DXE_DRIVER type libraries,
convert the library into BASE type.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2019-01-21 13:42:49 +01:00
Chen A Chen 514c55c185 SecurityPkg: Remove code under UserIdentification folder.
BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=1427

1. UserIdentifyManagerDxe is used to provide UserManagerProtocol.
2. UserProfileManagerDxe provides UI setting
3. PwdCredentialProviderDxe & UsbCredentialProviderDxe are implementation
   examples.

Remove above features because of no platform use it.

Cc: Zhang Chao B <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
2019-01-14 08:55:35 +08:00
Chu, Maggie 4ec00f82ed SecurityPkg: Incorrect warning message for Opal admin revert action
https://bugzilla.tianocore.org/show_bug.cgi?id=1421
"revert action will take long time..." warning should be removed
from pop up message when keep user data selected.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-01-08 09:53:21 +08:00
Jagadeesh Ujja 38f3c1b0d2 SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library
AuthVariableLib library can be used by MM_STANDALONE drivers as well.
So add MM_STANDALONE to the list of module types this library supports.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2019-01-04 11:38:05 +01:00
Zhang, Chao B 39699d078c SecurityPkg/Tcg: Fix Warnings and Remarks reported by IASL
Addressed warnings and remarks reported by IASL.EXE. Some methods had
unused arguments. A method was returning a value when it should not.

Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Thomas Rydman <thomas.j.rydman@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
2019-01-03 23:05:41 +08:00
Star Zeng aa8c6e2ad3 SecurityPkg Tcg(2)Pei: Remove the using of PcdPeiCoreMaxFvSupported
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1405

Background as below.

Problem:
As static configuration from the PCDs, the binary PeiCore (for example
in FSP binary with dispatch mode) could not predict how many FVs,
Files or PPIs for different platforms.

Burden:
Platform developers need configure the PCDs accordingly for different
platforms.

To solve the problem and remove the burden, we can update PeiCore to
remove the using of PcdPeiCoreMaxFvSupported, PcdPeiCoreMaxPeimPerFv
and PcdPeiCoreMaxPpiSupported by extending buffer dynamically for FV,
File and PPI management.

This patch removes the using of PcdPeiCoreMaxFvSupported in Tcg(2)Pei.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2018-12-19 12:33:28 +08:00
Chen A Chen f4c8c1bbf1 SecurityPkg: Remove dead code and inf redundant definitions.
Fix BZ1065, https://bugzilla.tianocore.org/show_bug.cgi?id=1065.
Remove dead code and inf redundant definitions from SecurityPkg.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Cc: Zhang Chao B <chao.b.zhang@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2018-12-10 15:56:32 +08:00
Zhang, Chao B 3cc9af5ce3 SecurityPkg: Update TCG PFP spec revision.
UEFI TCG has aligned with TCG PFP 1.03 v51 along with Errata Version 1.0.
Update spec version accordingly.
Spec Link:
https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf
https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-Firmware-Profile-for-TPM-2-0-v1p03_r51-errata-v1p0_170426.pdf

Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2018-11-21 10:06:36 +08:00
Eric Dong d2aefa0adf SecurityPkg/Include/Library/TcgStorageOpalLib.h: Update Pyrite spec revision.
Pyrite 2.0 spec has been published, update the spec link info for this file.

Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-10-26 09:44:47 +08:00
shenglei 83c10d2e8c SecurityPkg/Tcg2Dxe: Remove unused PCDs
The PCDs below are unused, so they have been removed from inf.
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: shenglei <shenglei.zhang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-09-30 07:39:01 +08:00
shenglei 3e11c27f67 SecurityPkg/Tcg2ConfigPei: Remove an unused PCD
The PCD below is unused, so it has been removed from inf.
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: shenglei <shenglei.zhang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-09-30 07:39:01 +08:00
Eric Dong a8beaf8f90 SecurityPkg/TcgStorageOpalLib: Fixed correct user password not works issue.
After admin password reach the TryLimit value, code logic will direct return
error password result no matter which password been inputted. So even correct
user password will return TryLimit error.

Now update code logic to also check user password. Only when both user/admin
password reach the TryLimit count, code will return exceed TryLimit error.

Change-Id: I17fbd1425b77150eb933a5002a1f87a0f0032e9b
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-09-21 14:42:53 +08:00
Ard Biesheuvel f199664ce7 SecurityPkg: remove PE/COFF header workaround for ELILO on IPF
Now that Itanium support has been dropped, we can remove the various
occurrences of the ELILO on Itanium PE/COFF header workaround.

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
2018-09-20 22:01:50 +08:00
Zhang, Chao B 3a34753312 SecurityPkg: HashLib: Change dos format
Change file format to DOS

Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang Chao B <chao.b.zhang@intel.com>
Reviewed-by: Bi Dandan <dandan.bi@intel.com>
2018-09-10 09:43:15 +08:00
Laszlo Ersek 1bf5007428 SecurityPkg/SecureBootConfigDxe: replace OpenFileByDevicePath() with UefiLib API
Replace the OpenFileByDevicePath() function with EfiOpenFileByDevicePath()
from UefiLib, correcting the following issues:

- imprecise comments on OpenFileByDevicePath(),
- code duplication between this module and other modules,
- local variable name "EfiSimpleFileSystemProtocol" starting with "Efi"
  prefix,
- bogus "FileHandle = NULL" assignments,
- leaking "Handle1" when the device path type/subtype check or the
  realignment-motivated AllocateCopyPool() fails in the loop,
- stale SHELL_FILE_HANDLE reference in a comment.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Roman Bacik <roman.bacik@broadcom.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1008
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
2018-08-16 20:02:50 +02:00
Eric Dong 0ca81c0d37 SecurityPkg/TcgStorageCoreLib.h: Use ascii instead of unicode.
_FILE_ parameter is an ASCII string. Current implementation used
as unicode string instead of ascii string. This patch fixed this
issue.

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1081

Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed_off_by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-08-16 08:41:59 +08:00
Zhang, Chao B b3e1e343fe SecurityPkg: HashLib: Update HashLib file GUID
2 file GUIDs conflict with existing SHA256 Lib. Update them.

Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Long, Qin <qin.long@intel.com>
2018-08-10 09:05:27 +08:00
Marc-André Lureau 3781f14c31 SecurityPkg/Library/Tpm2DeviceLibDTpm: fix s/Constructor/CONSTRUCTOR
The library constructor is not being called because of the typo,
causing TPM2 detection/initialization to fail.

This fixes OVMF TPM2 regression since commit f15cb995bb.
https://bugzilla.tianocore.org/show_bug.cgi?id=1075

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Fixes: f15cb995bb
Contributed-under: TianoCore Contribution Agreement 1.1
Reported-by: Ricardo Araújo <ricardo@lsd.ufcg.edu.br>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2018-08-09 19:13:32 +02:00
Zhang, Chao B 69e259e5e9 SecurityPkg:DSC: Fix 2 DSC build error
Error is caused by SHA384/SHA512 hash lib change in.

Cc: Bi Dandan <dandan.bi@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1

Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Bi Dandan <dandan.bi@intel.com>
2018-07-28 13:49:13 +08:00
Zhang, Chao B 8d7aef3d1e SecurityPkg: HashLib: Add SHA384, SHA512 HashLib
Add SHA384, 512 Hash lib support. Now only CryptoPkg support PEI/DXE
version.

Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang Chao B <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-07-27 17:58:38 +08:00
Dandan Bi d9c5beb159 SecurityPkg/Tcg: Add use case for new Perf macro
Add an example case for the usage of
PERF_CALLBACK_BEGIN/PERF_CALLBACK_END

Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang<chao.b.zhang@intel.com>
2018-07-26 13:37:59 +08:00
Zhang, Chao B d9e206d4bf MdeModulePkg: TpmMeasureLib: Re-prioritize TCG/TCG2 protocol
TPM1.2 is obsoleted by TPM2.0. switch TCG/TCG2 protocol check to apply this
trend

Cc: Long, Qin <qin.long@intel.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com>
Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com>
2018-07-23 08:36:12 +08:00
Zhang, Chao B 831bb137a8 SecurityPkg: TcgSmm: Handle invalid parameter in MOR SMI handler
Add more logic to filter invalid function parameter in MOR Control SMI handler

Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-07-21 09:46:49 +08:00
Zhang, Chao B 60ee3bd8db SecurityPkg:Tcg: Fix comment typos
"Triggle" is a typo. Replace it with "Trigger"

Cc: Long Qin <qin.long@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2018-07-17 07:47:04 +08:00
Roman Bacik 79b10d4ce4 SecurityPkg: Fix assert when setting key from eMMC/SD/USB
When secure boot is enabled, if one loads keys from a FAT formatted
eMMC/SD/USB when trying to provision PK/KEK/DB keys via the menu,
an assert in StrLen() occurs.
This is because the filename starts on odd address, which is not a uint16
aligned boundary: https://bugzilla.tianocore.org/show_bug.cgi?id=1003

There are further known issues with the OpenFileByDevicePath() function;
those are tracked by
<https://bugzilla.tianocore.org/show_bug.cgi?id=1008>.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Vladimir Olovyannikov <vladimir.olovyannikov@broadcom.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Roman Bacik <roman.bacik@broadcom.com>
Reviewed-by: "Yao, Jiewen" <jiewen.yao@intel.com>
[lersek@redhat.com: whitespace fixes]
[lersek@redhat.com: reference TianoCore BZ#1008]
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-07-12 23:33:56 +02:00
Eric Dong e4e314b1b6 SecurityPkg/OpalPassword: Fixed input correct password not works issue
When user input error password exceed the max allowed times, opal device
will return Invalid type error code even user input the correct password.
In this case, opal driver needs to force user shutdown the system before
let user input new password.

Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-07-11 11:16:06 +08:00
Eric Dong 54ae532cd4 SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error.
Caller need to known this error to handle specially, but current
error status not has specified value for this type. In order to
keep compatibility, here use TcgResultFailureInvalidType as an
replacement.

Cc: Hao Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
2018-07-11 11:12:20 +08:00
chenc2 4cecd19a44 SecurityPkg: Removing ipf which is no longer supported from edk2.
Removing rules for Ipf sources file:
* Remove the source file which path with "ipf" and also listed in
  [Sources.IPF] section of INF file.
* Remove the source file which listed in [Components.IPF] section
  of DSC file and not listed in any other [Components] section.
* Remove the embedded Ipf code for MDE_CPU_IPF.

Removing rules for Inf file:
* Remove IPF from VALID_ARCHITECTURES comments.
* Remove DXE_SAL_DRIVER from LIBRARY_CLASS in [Defines] section.
* Remove the INF which only listed in [Components.IPF] section in DSC.
* Remove statements from [BuildOptions] that provide IPF specific flags.
* Remove any IPF sepcific sections.

Removing rules for Dec file:
* Remove [Includes.IPF] section from Dec.

Removing rules for Dsc file:
* Remove IPF from SUPPORTED_ARCHITECTURES in [Defines] section of DSC.
* Remove any IPF specific sections.
* Remove statements from [BuildOptions] that provide IPF specific flags.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
2018-06-29 16:19:48 +08:00
Liming Gao b3548d32dd SecurityPkg: Clean up source files
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
2018-06-28 11:19:50 +08:00
Liming Gao 975478f6bb SecurityPkg Tpm2DeviceLibDTpm: Update enum type name to match the one in lib
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2018-06-27 22:54:07 +08:00