Commit Graph

489 Commits

Author SHA1 Message Date
Zhang, Chao B 87c04781d5 SecurityPkg: SmmTcg2PhysicalPresenceLib: Fix GCC build failure
GCC is case sensitive. Also add BaseMemoryLib in INF.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-10-10 16:49:33 +08:00
Zhang, Chao B edb0fda25e SecurityPkg: Tcg2: Fix TCG2 PP issues
Several issues exist in TCG2 PP
1. TCG2 PP use NVS PPRQ/PPRM as PP parameter as well as current
PP state cache. But it doesn't handle PP set failure case
2. TCG2 PP Submit TPM Operation Request to Pre-OS Environment forgets
to clean PPRM
3. Potential alignment issue

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
2016-09-29 10:30:30 +08:00
Zhang, Chao B 053f31e3d0 SecurityPkg: Tcg: New field for User Confirmation Status
Add a new field in TcgNVS for PP operation user confirmation status,
instead of previous logic overriding Request. Previous logic causes
Get Pending TPM Operation Requested sub function return wrong value.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-09-27 09:01:06 +08:00
Star Zeng fe882c0112 SecurityPkg Tcg2Pei: Fix GCC build failure caused by 5919a9600e
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2016-09-23 17:25:58 +08:00
Jiewen Yao 5919a9600e SecurityPkg/TPM2: Sync PcrAllocations and PcrMask
Current TCG2 implementation will set Tpm2HashMask PCD value according to TPM2
PCR bank. However, there might be misconfiguration in BIOS build phase.
The enhanced logic makes sure that the current PCR allocations, the TPM
supported PCRs, and the PcdTpm2HashMask are all in agreement.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-21 18:20:20 +08:00
Jiewen Yao 07cdba18cd SecurityPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib
This patch extracts function Tpm2GetCapabilitySupportedAndActivePcrs()
from drivers and also update Tcg2ExecutePhysicalPresence() to call
Tpm2GetCapabilitySupportedAndActivePcrs() instead of
Tcg2Protocol->GetCapability to query the TPM to determine which
hashing algorithms are supported.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-21 18:20:20 +08:00
Jiewen Yao f5e34e37e0 SecurityPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib
This patch just moves function CopyDigestListToBuffer() from
drivers to library with HashAlgorithmMask parameter added to
make the interface more applicable.

The related function IsHashAlgSupportedInHashAlgorithmMask()
is also moved from drivers to library as internal function.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-21 18:20:19 +08:00
Jiewen Yao 77e55cf4e2 SecurityPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib
This patch just moves function GetDigestListSize() from
drivers to library and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-21 18:20:18 +08:00
Star Zeng f28ab84946 SecurityPkg/TPM2: Update function header of GetDigestFromDigestList()
Update the return status description and use OUT identifier instead of
IN for Digest parameter, no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-21 18:20:17 +08:00
Jiewen Yao d4b9b2c32c SecurityPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib
This patch just moves function Tpm2GetDigestFromDigestList() from
drivers to library as GetDigestFromDigestList() and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-21 18:20:17 +08:00
Jiewen Yao f9c9a1406c SecurityPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-09-21 18:20:16 +08:00
Star Zeng ed14533cbc SecurityPkg/SecurityPkg.dsc: Declare PciSegmentLib
PiDxeS3BootScriptLib will be updated to consume PciSegmentLib
instead of PciLib to support multiple PCI segment.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Amy Chan <amy.chan@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
2016-09-05 18:15:45 +08:00
Zhang, Chao B 950a3bc788 SecurityPkg: TPM12CommandLib: Add Response returnCode Check
Check response return code before return from Tpm12Extend and
Tpm12PhysicalPresence.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-09-01 14:50:44 +08:00
Hao Wu 965268ea6d SecurityPkg: Use IsZeroGuid API for zero GUID checking
Instead of comparing a GUID with gZeroGuid via the CompareGuid API, the
commit uses the IsZeroGuid API to check if the given GUID is a zero GUID.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-08-31 11:15:13 +08:00
Hao Wu 72388f9c10 SecurityPkg Tcg2: Remove use of module internal API InternalIsZeroBuffer()
This commit removes the internal implementation of the function
InternalIsZeroBuffer(). Instead, it will use the API IsZeroBuffer() from
BaseMemoryLib in MdePkg.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-22 18:54:32 +08:00
Hao Wu bce0133b7f SecurityPkg Tcg2: Rename internal API IsZeroBuffer to InternalIsZeroBuffer
Before adding API IsZeroBuffer() in BaseMemoryLib at MdePkg, rename the
internal implementations of IsZeroBuffer() within SecurityPkg/Tcg modules
to avoid breaking bisection.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-22 18:54:29 +08:00
Zhang, Chao B fd4d9c6495 SecurityPkg: AuthVariableLib: Fix inconsistent CertDB case
2 steps are used to create/delete a time based variable.
  For create
     step 1: Insert Signer Cert to CertDB.
     Step 2: Insert Payload to Variable.
  For delete
     step 1: Delete Variable.
     Step 2: Delete Cert from CertDB.
  System may breaks between step 1 & step 2, so CertDB may contains useless
Cert in the next reboot. AuthVariableLib choose to sync consistent state
between CertDB & Time Auth Variable on initialization. However, it doesn't
apply Time Auth attribute check. Now add it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
2016-08-17 09:01:46 +08:00
Hao Wu b32f094cd3 SecurityPkg DSC: Add build option to disable deprecated APIs
Add the following definition in the [BuildOptions] section in package DSC
files to disable APIs that are deprecated:

[BuildOptions]
  *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-08-08 11:00:10 +08:00
Dong, Eric 4636e4426a SecurityPkg OpalPasswordDxe: Fix buffer overflow issue.
In current code, PSID is processed as string and the length is 0x20.
Current code only reserved 0x20 length buffer for it, no extra buffer
for the '\0'. When driver call UnicodeStrToAsciiStrS to convert PSID,
it search the '\0' for the end. So extra dirty data saved in PSID
info which caused PSID revert action failed. This patch reserved
extra 1 byte data for the '\0'.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-08-03 09:21:27 +08:00
Zhang, Chao B 76bfc7e3ea SecurityPkg: AuthVariableLib: Revert UserPhysicalPresent feature from AuthVariableLib
Physical Presence state reporting is constrained by physical presence caching in variable driver. For example, reporting must be prior to Physical Presence caching. Physical Presence state becomes constant rather than instant after caching. Therefore, PlatformSecureLib is responsible for reporting Physical Presence state in expected way.

This reverts commit 90fa53213e.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-07-22 09:48:00 +08:00
Liming Gao e39d0569a6 SecurityPkg DxeTpmMeasureBootLib: Add comments in TcgMeasurePeImage()
The input PeImage in TcgMeasurePeImage() has been checked.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:05:40 +08:00
Liming Gao 89fb5aef41 SecurityPkg DxeImageVerificationLib: Add comments in HashPeImage()
The input PeImage in HashPeImage() has been checked.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:54 +08:00
Liming Gao 5a8eae9560 SecurityPkg Tcg2Dxe: Add check for the PE/COFF image
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.

In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:54 +08:00
Liming Gao cad19cd3f2 SecurityPkg TrEEDxe: Add check for the PE/COFF image.
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.

In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:53 +08:00
Liming Gao 5e9dfc6782 SecurityPkg SecureBootConfigDxe: Add check for the external PE/COFF image.
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.

In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14 15:04:53 +08:00
Eric Dong c9a0755572 SecurityPkg OpalPasswordSmm: Remove useless code.
EdkII not allow to use #if in source code, also
the code in it already unused. so just remove this
code.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-07-11 10:38:20 +08:00
Giri P Mudusuru 7622e5947f SecurityPkg: Fix typos in comments
- availabe to available

Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-11 10:29:46 +08:00
Zhang, Chao B e1f3583409 SecurityPkg/Tcg: Fix bug that prevented SubmitCommand buffers from being Max size
SubmitCommand() was checking the buffer size for ">=" Max size. This would
cause code to fail with "EFI_INVALID_PARAMETER" if a buffer was passed
that was the "max" size as indicated by the GetCapability() command.
Change to ">" to allow for maximum buffer size.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-01 10:33:47 +08:00
Liming Gao c99bcf3d8a SecurityPkg: Update PlatformSecureLibNull with PCD to get physical presence.
This is an incompatible change. It uses PcdUserPhysicalPresence value instead
of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE,
this patch changes UserPhysicalPresent() return value from TRUE to FALSE.

From Security point, it is not safe to always return TRUE. If user wants this
behavior, he can still configure PcdUserPhysicalPresence value to TRUE in
the platform DSC file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-29 09:43:00 +08:00
Liming Gao e2b083de91 SecurityPkg: Add PcdUserPhysicalPresence to indicate use physical presence.
This PCD supports all configuration type. Its default value is FALSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-29 09:42:59 +08:00
Zhang, Chao B 90fa53213e SecurityPkg: AuthVariableLib: Cache UserPhysicalPresent in AuthVariableLib
AuthVariableLib is updated to cache the UserPhysicalPresent state to global variable. This avoids calling PlatformSecureLib during runtime and makes PhysicalPresent state consistent during one boot.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-06-28 09:08:39 +08:00
Star Zeng b7c7179338 SecurityPkg: Replace UnicodeStrToAsciiStr/AsciiStrToUnicodeStr
It is the follow up of 3ab41b7a32
to replace UnicodeStrToAsciiStr/AsciiStrToUnicodeStr with
UnicodeStrToAsciiStrS/AsciiStrToUnicodeStrS.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-06-21 12:46:25 +08:00
Zhang, Chao B ed3faea45a SecurityPkg: SecurityPkg.uni: Update info string for PcdTcgPhysicalPresenceInterfaceVer
Update Pcd info string for new added PcdTcgPhysicalPresenceInterfaceVer

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-06-16 15:04:03 +08:00
Zhang, Chao B 0c687d02c7 SecurityPkg: Tcg2Smm: Fix type casting issue
Fix type casting issue introduced by cd64301398

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>
2016-06-16 14:31:07 +08:00
Eric Dong dbff6ed05e SecurityPkg/TcgStorageOpalLib: Avoid using special word in comments
Cc: Shumin Qiu <shumin.qiu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-06-16 13:10:00 +08:00
Eric Dong 0efc3be0af SecurityPkg OpalPasswordDxe: gray out menu instead of suppress it.
For current implementation, if the device is pyrite type, driver
will suppress the "keep user data" option. Base on the feedback
from user, they prefer to keep the menu but gray out it. Now base
on this feedback to update the driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-06-16 10:41:37 +08:00
Zhang, Chao B 3b5624b014 SecurityPkg: Tcg2Smm: Enhance TIS interface detection
TCG PC Client PTP spec defines that if InterfaceType is defined as TIS1.3. All the other fields of the FIFO Interface Identifier Register are skipped.
http://www.trustedcomputinggroup.org/pc-client-specific-platform-tpm-profile-for-tpm-2-0-v43-150126/

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-06-12 21:15:53 +08:00
Zhang, Chao B cd64301398 SecurityPkg: Tcg2Smm: Make TCG2 PP version configurable
Make TCG2 PP version configurable to meet different request. Current default version is 1.3.
http://www.trustedcomputinggroup.org/physical-presence-interface_1-30_0-52/

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-06-12 09:22:38 +08:00
Zhang, Chao B ee46ac08fc SecurityPkg : Tpm12DeviceLibDTpm: Fix TPM12 wrong Response Tag check
TcgDxePassThroughToTpm should be able to handle all TPM12 Command & Response correctly.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
2016-06-08 15:14:56 +08:00
Star Zeng 5b03f1b514 SecurityPkg EsalVariableDxeSal: Use input Global to make code more clear
SecurityPkg\VariableAuthenticated\EsalVariableDxeSal\Variable.c
AutoUpdateLangVariable()
Global->PlatformLangCodes[VirtualMode] = AllocateRuntimeCopyPool
  (DataSize, Data);
ASSERT (mVariableModuleGlobal->PlatformLangCodes[VirtualMode] != NULL);

The patch is to use Global instead of mVariableModuleGlobal in the
ASSERT (XXX) to make code more clear although mVariableModuleGlobal is
equal to Global actually.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Amy Chan <amy.chan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Amy Chan <amy.chan@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-03 15:01:05 +08:00
Cinnamon Shia 531c89a1ed SecurityPkg/DxeImageVerificationLib: Add DEBUG messages for image verification failures
Add DEBUG messages in DxeImageerificationLib to help debug Secure Boot image verification failures

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Samer EL-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-19 11:01:10 +08:00
Liming Gao e7cbd1490f SecurityPkg: Use PcdGet32() to access PcdPeiCoreMaxFvSupported
FixedPcdGet32() limits PcdPeiCoreMaxFvSupported type as FixedAtBuild.
PcdGet32() allows PCD be configured as FixedAtBuild or PatchableInModule.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-17 10:09:32 +08:00
Zhang, Chao B 37c58a6817 SecurityPkg: Remove non-ASCII character from TPM warning strings
Remove a non-ASCII apostrophe character from TPM_WARNING_MAINTAIN
message

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-16 09:54:17 +08:00
Eric Dong 72a05f849f SecurityPkg OpalPasswordDxe: Error handling enhance when input password.
Enhance the error handling:
1. When the device is unlocked at BIOS phase and system does a warm reboot,
the device may be still in unlock status if it uses external power. For
such case, we would still popup password window to ask user input. If
user presses ESC key here, we would force the system shut down or ask
user input again to avoid security hole.
2. When user reach max retry count, force shutdown.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-12 13:07:20 +08:00
Dandan Bi eafbd7a232 Security/OpalPasswordDxe: Enhance the logic in RouteConfig/ExtractConfig
Make the implementation of RouteConfig/ExtractConfig function
follow the UEFI spec.

Cc: Eric Dong <eric.dong@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
2016-05-11 11:25:52 +08:00
Zhang, Chao B f1005559ec SecurityPkg: SecureBootConfigDxe: Add NULL pointer check
Add SecureBoot NULL pointer check before reference it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-05-11 08:58:14 +08:00
Dong, Eric 6e7423c3c2 SecurityPkg TcgStorageOpalLib: Check the capability before use.
For Pyrite SSC device, it may not supports Active Key,  So
add check logic before enable it.

Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-09 16:18:00 +08:00
Jiaxin Wu 6e2814c1a1 SecurityPkg: Cleanup unused structure definition
This patch is used to cleanup unused structure
definition.

Cc: Zhang Chao B <chao.b.zhang@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-09 08:33:55 +08:00
Eric Dong 3f250a944d SecurityPkg OpalPasswordSmm: Always execute BlockSid command.
The BlockSid feature is not depend on lock status,
so move the send BlockSid command out of unlock process.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:48 +08:00
Eric Dong 69cd129471 SecurityPkg OpalPasswordSmm: Enhance BlockSid Logic.
BlockSid feature can be retrieve from the header info.
Update the logic, check BlockSid capability before use it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 12:52:47 +08:00