Commit Graph

173 Commits

Author SHA1 Message Date
czhang46 56251c669f Fix potential overflow for SetVariable interface
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Guo Dong   <dong.guo@intel.com>
Reviewed-by  : Siyuan Fu  <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14305 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-22 08:52:58 +00:00
czhang46 d17c4eac56 Fix a potential SMM memory dump issue. If pass communication buffer with DataBuffer to SMM SetVariable which is big enough to cover SMM range. Then GetVariable can dump SMM memory contents. Add more range check for SetVariable
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>
Reviewed-by  : Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14292 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-19 01:35:02 +00:00
czhang46 3a146f2a7d Fix SMM Variable driver stack GetVariable return INVALID_PARAMETER when DataSize is bigger than SMM communication buffer.
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>
Reviewed-by  : Fu Siyuan  <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14276 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-15 01:56:31 +00:00
czhang46 0c55190f40 Update SMM variable DXE driver GetNextVariable interface to comply with UEFI spec
VariableNameSize is the returned buffer size. GetNextVariable should behavior correct if it is bigger than SMM communication buffer or less than string size of VariableName. 

Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong Guo   <guo.dong@intel.com>
Reviewed-by  : Fu Siyuan  <siyuan.fu@intel.com>
Reviewed-by  : Zeng Star  <star.zeng@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14258 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-12 05:59:11 +00:00
sfu5 a2f2c258d4 Update secure boot UI driver to handle “reset to default” hot key.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14257 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-12 01:44:54 +00:00
lzeng14 3588bb3529 If DataSize or VariableNameSize is near MAX_ADDRESS, this can cause the computed PayLoadSize to overflow to a small value and pass the check in InitCommunicateBuffer(). To protect against this vulnerability, check DataSize and VariableNameSize to make sure PayloadSize doesn't overflow.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14252 6f19259b-4bc3-4df7-8a09-765794883524
2013-04-08 06:56:08 +00:00
sfu5 ca5a7d87e3 Add error handling code to prevent variable store corruption in release build.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14139 6f19259b-4bc3-4df7-8a09-765794883524
2013-02-21 01:35:22 +00:00
sfu5 5767f22fca Check the input VaraibleName for db/dbx when appending variables with formatted as EFI_SIGNATURE_LIST.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14087 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-25 07:14:43 +00:00
sfu5 12cbe23257 Check for NULL pointer before dereference it.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14086 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-25 07:12:25 +00:00
lzeng14 932e0f6628 Variables with state VAR_ADDED&VAR_IN_DELETED_TRANSITION should be considered as valid variables if there is no duplicated ones with VAR_ADDED state.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14085 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-25 06:17:43 +00:00
lzeng14 0cc565deac Add NULL pointer check.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14084 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-25 04:48:41 +00:00
sfu5 b7d269eae1 Fix infinite loop bug in secure boot UI driver.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14082 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-25 02:01:47 +00:00
lzeng14 23b0693579 1. Update the logic of UpdateVariable() for updating variable from:
set old variable to IN_DELETED_TRANSITION -> check if reclaim is needed(If yes, do reclaim) -> add new variable -> set old variable to DELETED if no reclaim happened.
to:
set old variable to IN_DELETED_TRANSITION -> check if reclaim is needed(If yes, do reclaim) -> add new variable -> set old variable to DELETED.
2. Update UpdateVariable() to correctly handle the case "both ADDED and IN_DELETED_TRANSITION variable are present", and delete both old ADDED and IN_DELETED_TRANSITION variable when deleting or updating variable.
3. Update VariableServiceGetNextVariableName() to return the valid IN_DELETED_TRANSITION variable if only IN_DELETED_TRANSITION variable is present.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14065 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-18 01:12:32 +00:00
lzeng14 aab9212fa9 Fix the issue that RuntimeServiceQueryVariableInfo() in VariableSmmRuntimeDxe always return EFI_SUCCESS.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14050 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-15 06:43:24 +00:00
sfu5 f71ed839e1 1. Set the secure boot state to Standard Mode when user leaving secure boot setup page.
2. Add “Current SecureBoot State” field to reflect current secure boot status of the platform.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14042 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-09 05:19:43 +00:00
sfu5 83758cdc84 Fix a bug that the invalid public key will never be removed from public key database.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14041 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-09 05:09:39 +00:00
lzeng14 6ed1ec5946 Add the TPL raise/restore code for VariableSmmRuntimeDxe to avoid variable services reentry.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14038 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-08 02:07:14 +00:00
lzeng14 335e268133 1. Don't assume that flush the HOB variable to flash must be successful.
2. When no DELETED variable found, no variable space could be reclaimed, so just give some debug info and return EFI_SUCCESS.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14029 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-04 12:21:59 +00:00
lzeng14 3f5c168fa8 Use SMM_VARIABLE_COMMUNICATE_HEADER_SIZE instead of OFFSET_OF (SMM_VARIABLE_COMMUNICATE_HEADER, Data).
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ting Ye <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13993 6f19259b-4bc3-4df7-8a09-765794883524
2012-12-12 14:12:49 +00:00
sfu5 c11d47b80b Move the declaration of gEfiCertDbGuid to the package's Include folder.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13975 6f19259b-4bc3-4df7-8a09-765794883524
2012-11-28 06:59:13 +00:00
sfu5 275beb2b53 1. Correct the counter-based hash algorithm according to UEFI spec.
2. Check the reserverd bit in variable attribute.
3. Return EFI_OUT_OF_RESOURCE instead of EFI_SECURITY_VIOLATION if there is not enough speace to store the public key.
4. Fix a bug when deleting a non-existent time-based auth variable, we store the certificate into cert DB incorrectly.
5. Fix a bug that time-based auth variable can't been updated again after append operation.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13957 6f19259b-4bc3-4df7-8a09-765794883524
2012-11-21 08:06:02 +00:00
gdong1 89be2b037f Fix time-based and count-based authenticated variable can be updated by each other without verification.
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13848 6f19259b-4bc3-4df7-8a09-765794883524
2012-10-15 06:08:22 +00:00
sfu5 0357efe3f5 Add a dialog box with help message when user changes the state of "Attempt Secure Boot" check box.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13733 6f19259b-4bc3-4df7-8a09-765794883524
2012-09-14 07:28:37 +00:00
sfu5 42ed76042a 1. Fix a bug when comparing two timestamp in auth-variable driver.
2. Remove the TimeCompare function in Bds since it's not used anymore.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13731 6f19259b-4bc3-4df7-8a09-765794883524
2012-09-14 02:59:35 +00:00
erictian ad84df72c7 SecurityPkg/VariableSmm: Fix a VariableSmm bug when reading variable with size 0.
Signed-off-by: Tian, Feng <feng.tian@intel.com>
Reviewed-by: Zhang, Chao <chao.b.zhang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13726 6f19259b-4bc3-4df7-8a09-765794883524
2012-09-12 08:25:25 +00:00
sfu5 f6e233534e 1. Initialize certdb variable with correct value of list size.
2. Use gloable database array instead of calling AllocateZeroPool in SetVariable.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13671 6f19259b-4bc3-4df7-8a09-765794883524
2012-08-23 06:53:51 +00:00
lzeng14 8f3a9e5862 LastVariableOffset is wrongly set to 0 when FtwVariableSpace() fails. Recalculate the HwErrVariableTotalSize, HwErrVariableTotalSize and LastVariableOffset when FtwVariableSpace() fails.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13593 6f19259b-4bc3-4df7-8a09-765794883524
2012-08-06 03:20:10 +00:00
sfu5 e77f9ef656 Use RsaGetPublicKeyFromX509() to validate the given X.509 certificate for PK/KEK/db/dbx database.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13553 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-25 02:01:58 +00:00
sfu5 e4d7370d18 Update the secure boot configuration UI to accept *.crt certificate file.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13546 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-23 01:03:53 +00:00
sfu5 05a643f91d 1. Remove extra attribute for SetupMode, SignatureSupport and SecureBoot variable.
2. Allow the PK owner to update db/dbx variable directly.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13536 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-17 08:38:58 +00:00
sfu5 876ac39540 Return EFI_UNSUPPORTED if READY_TO_BOOT function is invoked at SMM runtime.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13535 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-17 08:21:42 +00:00
sfu5 785d84ead0 Verify the provided PKpub is signed with its private key when enrolling a new PK variable in setup mode.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13531 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-13 06:12:58 +00:00
sfu5 cf7409f228 Update the secure boot configuration UI to accept *.der certificate file as the Platform Key.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13525 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-12 01:09:00 +00:00
sfu5 0fb450fb3e Reset the platform when user choose to enroll/delete the PK variable.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13515 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-09 09:17:00 +00:00
czhang46 25a4e71aa6 Add SMRAM range check to variable SMM SMI handler.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13514 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-09 08:26:35 +00:00
ydong10 96277f7402 Include read data buffer in CommBufferSize when calculate the buffer size.
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13512 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-09 02:03:47 +00:00
sfu5 8f8ca22e59 1. Reset system when user changes secure boot state in secure boot configuration form.
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-05 08:08:12 +00:00
sfu5 12373f2cfe Fix a buffer overflow bug in VariableSmm driver.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13486 6f19259b-4bc3-4df7-8a09-765794883524
2012-07-04 04:39:18 +00:00
jyao1 dc204d5a0f Add comment for modules which have external input.
signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-12 08:28:43 +00:00
sfu5 de2447dd4c Fix compatibility issue when using IPF image with PE32 magic value in the OptionalHeader.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13433 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-08 02:09:48 +00:00
ydong10 f01b91ae42 Fixed build failed.
Signed-off-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13406 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-31 08:35:48 +00:00
ydong10 bf4a3dbd47 Add new interface GetVariable2 and GetEfiGlobalVariable2 to return more info. Also replace old interface with new one.
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13375 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-30 07:36:00 +00:00
lzeng14 a5f15e3025 According to UEFI spec 2.3.1a. hardware error record variable should use the EFI_HARDWARE_ERROR_VARIABLE VendorGuid and have the L"HwErrRec####" name convention, #### is a printed hex value and no 0x or h is included in the hex value.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13373 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-30 02:53:10 +00:00
lzeng14 021a1af927 Return EFI_WRITE_PROTECTED when setting HwErrRecSupport Global Variable at runtime.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13372 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-30 02:42:26 +00:00
sfu5 8c1babfd28 Update auth-variable and secure boot UI driver to support only time-based PK, KEK and Signature Database variable variable according to UEFI Spec requirement.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13310 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-14 07:36:20 +00:00
sfu5 4e33001c6e Fixes buffer read overflow bugs in authenticated variable driver.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13298 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-09 10:45:09 +00:00
tye1 389c8779e8 Fix common AuthVariable protection issue.
Signed-off-by: Ye Ting<ting.ye@intel.com>
Reviewed by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed by: Dong, Guo <guo.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13204 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-23 06:17:17 +00:00
sfu5 ba57d4fdf0 Add pointer check for NULL before dereference it.
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13162 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-05 02:39:46 +00:00
tye1 ed47ae0274 Update common authenticated variable (non PK/KEK/DB/DBX) support to comply with latest UEFI spec.
Signed-off by: tye1
Reviewed-by: geekboy15a
Reviewed-by: sfu5
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13157 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-31 04:42:20 +00:00
lzeng14 9622df63df If setting variable in Runtime and there has been a same GUID and name variable existed in system without RT attribute, return EFI_WRITE_PROTECTED.
Signed-off-by: lzeng14
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13156 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-30 07:19:44 +00:00
sfu5 1413b8e94b 1. Fix UNIXGCC IPF build failure in SecurityPkg.
Signed-off-by: sfu5
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13152 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-29 06:54:46 +00:00
sfu5 4adc12bfc3 1. Fix GCC build failure in SecurityPkg.
Signed-off-by: sfu5
Reviewed-by: gdong1


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13146 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-28 09:06:35 +00:00
sfu5 ecc722ad41 1. Remove “Force clear PK” feature in AuthVarialbe driver.
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.

Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-27 08:17:23 +00:00
sfu5 6bc4e19fec 1. Update AuthVarialbe driver to avoid integer overflow when using EFI_VARIABLE_AUTHENTICATION_2 descriptor.
Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13120 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-26 01:43:45 +00:00
ydong10 fab1046560 Update for SecurityPkg.
Per UEFI spec, on CallBack action EFI_BROWSER_ACTION_CHANGING, the return value of ActionRequest will be ignored, but on CallBack action EFI_BROWSER_ACTION_CHANGED, the return value of ActionRequest will be used. 
But, EDKII browser still processes the got ActionRequest. And, all HII drivers in EDKII project also returns their expected ActionRequest value on action EFI_BROWSER_ACTION_CHANGING. 
Now update the browser to follow the spec, and update all core Hii drivers to keep old working modal.

Signed-off-by: ydong10
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12868 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-15 02:59:03 +00:00
oliviermartin 4d832aabbf SecurityPkg/VariableAuthenticated: Check if there is a NV Variable Storage header prior to use its attributes
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of
EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at
the base address.
In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength'
is a non valid value that can lead to a non valid physical address when accessing produces an
access error.

Signed-off-by: oliviermartin
Reviewed-by: rsun3
Reviewed-by: niruiyu



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13 09:42:36 +00:00
gdong1 ae09f9796c Update SignatureSupport variable to reflect firmware capability.
Signed-off-by: gdong1
Reviewed-by: tye
Reviewed-by: sfu5

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12843 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13 08:49:48 +00:00
sfu5 855609196d 1. Fix a bug when verify the CertType GUID in authentication variable data payload.
Signed-off-by: sfu5
Reviewed-by: tye1
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12831 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-09 07:22:59 +00:00
gdong1 2e24814ac9 Update a return status for UEFI spec compliance.
Signed-off-by: gdong1
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12813 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-02 07:51:23 +00:00
sfu5 d912bad783 1. Check input PK/KEK variable data to make sure it is a valid EFI_SIGNATURE_LIST.
Signed-off-by: sfu5
Reviewed-by: gdong1
Reviewed-by : czhan46


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12765 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-23 05:10:40 +00:00
ydong10 ea71453f72 Initialize the variable before use it to avoid SCT test failed.
Signed-off-by: ydong10
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12744 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-21 07:42:53 +00:00
niruiyu 4f8ef5ce4e Change IPF version AuthVariable driver to support multiple-platform feature.
Signed-off-by: rni2
Reviewed-by: erictian

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12730 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-17 02:40:28 +00:00
qianouyang bc0c99b3df Update ConfigAcess Protocol which is produced by SecureBootConfigDxe to follow the UEFI SPEC (Handle the Request parameter is NULL in ExtractConfig interface).
Signed-off-by: qianouyang
Reviewed-by: ydong10




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12707 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-15 10:22:35 +00:00
gdong1 7aaf2fd67c Add debug information for secure boot test convenient.
Signed-off-by: gdong1
Reviewed-by: tye
Reviewed-by: xdu2

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12660 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-04 05:41:06 +00:00
gdong1 44a957c607 Enhance drivers for sanity check and coding style alignment.
Signed-off-by: gdong1
Reviewed-by: ydong10


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12622 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-01 09:18:30 +00:00
xdu2 2d3fb91987 SecurityPkg: Update VariableAuthenticated driver with following changes:
1. Remove memory allocation code in runtime.
2. Exclude NULL terminator in VariableName for serialization data in time-based variable authentication.
3. Add support for enroll PK with WRITE_ACCESS attribute.
4. Initialize SetupMode variable with correct NV attribute.
5. Add support for APPEND_WRITE attribute for non-existing Variable.
6. Clear KEK, DB and DBX as well as PK when user request to clear platform keys.
7. Check duplicated EFI_SIGNATURE_DATA for Variable formatted as EFI_SIGNATURE_LIST when APPEND_WRITE attribute is set.
8. Not change SecureBoot Variable in runtime, only update it in boot time since this Variable indicates firmware operating mode.
9. Save time stamp of PK when PK is set with TIME_BASED_WRITE_ACCESS attribute in setup mode.
10. Update to use PcdMaxVariableSize instead of PcdMaxAppendVariableSize for append operation.

Signed-off-by: xdu2
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12599 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 09:55:09 +00:00
qianouyang 4bf8ffc3fb Remove a unnecessary Macro in SecureBootConfigImpl.h.
Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12588 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 06:02:50 +00:00
qianouyang beda2356f5 Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup browser.
Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28 03:46:20 +00:00
niruiyu 9a000b464f Support Variable driver (VariableAuthenticatedPei/VariableAuthenticatedRuntimeDxe) to support the default variable data stored in HOB.
Signed-off-by: niruiyu
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12554 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-19 12:40:52 +00:00
sfu5 3b4151bcb4 Add pointer check for NULL before dereference it.
Signed-off-by: sfu5
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12537 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-14 05:19:25 +00:00
hhuan13 648f98d15b 1. Enhance AuthVar driver to avoid process corrupted certificate input.
Signed-off-by: hhuan13
Reviewed-by: ftian

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12398 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-21 05:17:50 +00:00
gdong1 1f58a5dcd4 Sync the fix for recovery mode from MdeModulePkg.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12290 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-07 10:10:11 +00:00
gdong1 0c18794ea4 Add security package to repository.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-02 07:49:32 +00:00