Commit Graph

17 Commits

Author SHA1 Message Date
chenc2 85974aef13 SecurityPkg/SecureBootConfigImpl.c: Secure Boot DBX UI Enhancement
Use 2-level format to display signature list and signature data.
Support batch delete operation to delete signature list or signature data.
Display more useful information for each signature data.

Contributed-under: TianoCore Contribution Agreement 1.0
Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
2017-09-28 15:02:00 +08:00
Zhang, Chao B 4de754e15f SecurityPkg: SecureBootConfigDxe: Support AUTH_2 enrollment to DBX
Update SecureBootConfigDxe to support AUTH_2 format data enrollment
to DBX.
Free opened file handle resource after exit PK/KEK/DB/DBX/DBT
enrollment page.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2017-04-06 10:50:43 +08:00
Zhang Lubo e9429e7997 SecurityPkg: Fix potential bug in Security Boot dxe.
v2: update hash value in SecureBootConfig.vfr to keep
them consistent with macro definition in SecureBootConfigImpl.h

since we removed the sha-1 definition in Hash table
and related macro, but the macro definition HashAlg index
may be value 4 which is exceed the range of the Hash
table array.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang Lubo <lubo.zhang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-03-01 15:40:50 +08:00
Zhang, Chao B e8903bb7bf SecurityPkg: SecureBootConfigDxe: Disable SecureBoot Enable/Disable in some case
Disable SecureBoot Enable/Disable feature when PhysicalPresence is not available,
Since SecureBootEnable is protected with PhysicalPresence.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-05 09:21:39 +08:00
Zhang, Chao B 12087ff6d6 SecurityPkg: SecureBootConfigDxe: Remove SecureBoot UI change for Customized Secure Boot
Remove SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263.
The feature has been moved to
  https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
  SHA-1: 96832eefea

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-04 09:13:51 +08:00
Dandan Bi 762d8ddb28 SecurityPkg: Use FileExplorerLib in SecureBootConfigDxe
Using existing library FileExplorerLib to replace the same
logic in SecureBootConfigDxe to make the code clear. After using
FileExplorerLib, the UI behavior for enroll PK will change,
previously when select one PK file, commit/discard changes will
return to Device Manager,press ESC will return to FileExplorer.
Now using FileExplorerLib the behavior will keep same with
enroll KEK/DB/..., commit/discard changes will return to Custom
Secure Boot Options form and ESC will return to PK options form.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-02-26 16:52:51 +08:00
Chao Zhang 142d2dcbb8 SecurityPkg: SecureBootConfigDxe: Remove useless code in VFR
Remove suppressif TRUE, disableif TRUE code in VFR. They are useless.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Tapan Shah <tapandshah@hpe.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19429 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-22 00:43:05 +00:00
Chao Zhang 96832eefea SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot Mode
Add SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. User can do secure boot mode transition through UI.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19134 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 06:20:36 +00:00
Qin Long 20333c6d56 UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot
Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
2014-11-14 08:41:12 +00:00
Eric Dong 79e1ffbdd4 Clean up the code. Action statement should not have text two opcode.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16221 6f19259b-4bc3-4df7-8a09-765794883524
2014-10-21 05:48:00 +00:00
Fu Siyuan a365eed476 Fix a bug in secure boot configuration driver: Enroll DB/KEK will disable Attempt Secure Boot option.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14590 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-22 09:46:03 +00:00
sfu5 a2f2c258d4 Update secure boot UI driver to handle “reset to default” hot key.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14257 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-12 01:44:54 +00:00
sfu5 f71ed839e1 1. Set the secure boot state to Standard Mode when user leaving secure boot setup page.
2. Add “Current SecureBoot State” field to reflect current secure boot status of the platform.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14042 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-09 05:19:43 +00:00
sfu5 0fb450fb3e Reset the platform when user choose to enroll/delete the PK variable.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13515 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-09 09:17:00 +00:00
sfu5 8f8ca22e59 1. Reset system when user changes secure boot state in secure boot configuration form.
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-05 08:08:12 +00:00
sfu5 ecc722ad41 1. Remove “Force clear PK” feature in AuthVarialbe driver.
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.

Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-27 08:17:23 +00:00
qianouyang beda2356f5 Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup browser.
Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 03:46:20 +00:00