Currently "Delete Signature" Setup page lists enrolled signatures and each
signature is shown with signature GUID (prompt) and type (help). It is
possible for some signatures to be shown with same signature GUID and
type. In this case, it is difficult to identify the target signature to
delete. The update enhances help information to distinguish signatures.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
BaseTools has a limitation that modules in FVs that are force rebased
must have the same file and section alignment. This is intended for
XIP modules.
VS2019 and previous VS toolchains did not set 4k section alignment,
but VS2022 does, in order for memory protections to be applied to
images. This causes issues when building SEC and PEI modules on
VS2022 as the file alignment is 0x20 but the section alignment
is 0x1000, so BaseTools will fail to generate the FV. One option
is to set the file alignment to 0x1000 for all of these files, but
that is a large waste of space and is not feasible on some platforms
that have limited flash space. The other option is to selectively
set 0x20 as the section alignment for SEC and PEI modules, which is
the approach GCC ARM/AARCH64 took.
This is only an issue for building 64-bit PEI on x86 currently, as
other architectures are not supported by VS2022 in edk2 yet. For IA32,
the section alignment is set to 0x20 and so it matches the file
alignment, however x64 PEI uses the X64 DLINK flags which have 0x1000
set. For other architectures that don't have the PEI/DXE architecture
split, this is also an issue.
This commit is required to use VS2022 as the default CI in edk2, as
OvmfPkgX64.dsc will fail to build. Any platform with 64-bit PEI also
requires this.
This commit also updates CryptoPkg.dsc and SecurityPkg.dsc as they
are setting custom section alignments.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
PeiTpmMeasurementLib is updated to support both TCG measurement and
CC Measurement. gEfiPeiMasterBootModePpiGuid is removed from [Depex]
because it is not needed for the library.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
gEdkiiCcPpi is designed to support CC measurement in PEI phase.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Improve the formatting of the error message when GetVariable
fails: start the message with an upper-case character, and close the
quotes around the variable name.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Change xor to xor_ to avoid C++ reserved work name collisions
when building with C++ compilers.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
ArmSoftFloatLib is going away, so remove all residual references to it.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This patch updates libspdm to pull in various bug fixes,
but primarily commit ca4854be3325bd8fc7f2c714574d17aac2d4e13b
which updates libspdm's MbedTLS submodule to v3.6.2, fixing
CVE https://nvd.nist.gov/vuln/detail/CVE-2023-37920 there.
This CVE does not affect libspdm or edk2, but automatic
CVE scanning tools see the bad version of the certifi
pip module in the edk2/libspdm code trees and flag these
projects as failing.
libspdm has been updated to pull in the newer MbedTLS that
fixes this issue and this patch updates edk2 to pull in
the newer libspdm.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
As TPM2.0 is popular, updating default value for the Setup menu supports
a benefit for some systems that have another TPM Setup menu to select
TPM2.0 devices (e.g. dTPM, fTPM) depending on platform bios.
For example, when loading default configuration using F9 key in Setup
(Brower Action: SystemLevel), it is possible for them to load an
unsynchronized value. If user does not adjust the value before saving
Setup, it could influence an unexpected TPM initialization at next boot.
Setting TPM2.0 as default value supports the benefit related to the case.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Now that the ResetVectors are USER_DEFINED modules, they will not
be linked against StackCheckLibNull, which were the only modules
causing issues. So, we can now remove the kludge we had before
and the requirement for every DSC to include StackCheckLibNull
for SEC modules and just apply StackCheckLibNull globally.
This also changes every DSC to drop the SEC definition of
StackCheckLibNull.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
As per the emailed RFC in
https://edk2.groups.io/g/devel/topic/rfc_move/107675828,
this patch moves CompilerIntrinsicsLib from ArmPkg to
MdePkg as this library provides compiler intrinsics, which
are industry standard.
This aligns with the goal of integrating ArmPkg into existing
packages: https://bugzilla.tianocore.org/show_bug.cgi?id=4121.
The newly placed CompilerIntrinsicsLib is added to MdeLibs.dsc.inc
as every DSC that builds ARM/AARCH64 needs this library added. The
old location is removed from every DSC in edk2 in this commit also
to not break bisectability with minimal hoop jumping.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
This patch removes the _DSM Memory Clear and MOR
auto-detect functionality via _PTS, as
_DSM Memory Clear was deprecated in TCG PC Client
Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0" and _PTS is deemed security deficient.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Remove unused MemoryClear SMI Handler, which is no longer
used due to _DSM Memory Clear no longer being used.
_DSM Memory Clear was deprecated in 2019 by TCG PC Client
Platform Reset Attack Mitigation Spec Version 1.10 revision 17
Family "2.0".
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
This update refactors the code by moving the LocatePpi function call
outside of the for loop where it was previously called repeatedly.
By relocating the LocatePpi invocation outside of the loop,
we improve the efficiency of the code by avoiding redundant lookups.
Signed-off-by: Ashraf Ali <ashraf.ali.s@intel.com>
Adds an entry to the package's CI configuration file that enable policy
5 for stuart_pr_eval. With this Policy, all INFs used by the package are
extracted from the provided DSC file and compared against the list of
changed *.inf (INF) files in the PR. If there is a match, stuart_pr_eval
will specify that this package is affected by the PR and needs to be
tested.
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
This patch measures the ExitBootServices invocation to the
TPM even in the case of ExitBootServices failing, per TCG
PC Client Platform Firmware Profile Version 1.06 Revision
52 Family 2.0 section 8.2.4(i).
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Allocate EfiACPIMemoryNVS buffer for TCG2 related usage in
Tcg2ConfigPeim. The buffer will be used in Tcg2Acpi driver
to retrive information from SMM environment.
Previously, the buffer used in Tcg2Acpi driver is AcpiNvs
type. But I mistakenly thought the Runtime Data type buffer
should also work. So I used API AllocateRuntimePages() to
allocate buffer in 9a76c7945b and consume the buffer in
e939ecf6c1. Recently we found that if the buffer type is
Runtime Data instead of AcpiNvs, BSOD issue happened after
boot into OS.
So this commit is to Allocate EfiACPIMemoryNVS buffer for
TCG2 usage in SMM to align with the initial code logic.
Signed-off-by: Dun Tan <dun.tan@intel.com>
The value of the Pages for TCG2 communication buffer
should be EFI_SIZE_TO_PAGES(sizeof(TCG_NVS)) instead of
sizeof(TCG_NVS).
Signed-off-by: Dun Tan <dun.tan@intel.com>
This debug print may attempt to print a string without a null
terminator that can lead to a machine check.
The value printed is substituted with a source buffer to still
allow debug.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
For SMM, the SMM Handlers is to validate the buffer outside MMRAM
including the Primary & NonPrimary buffer.
For MM, the MM Handlers do not need to validate the Primary buffer
if it is passed from MmCore through the MmiHandler() parameter.
Return TRUE directly in this case. But need to validate NonPrimary
buffer that outside MMRAM.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
Cast pointer type to VOID* to avoid potential build error.
If the two PCD are FixAtBuild, PcdGetPtr will return a const
type pointer. Since the second parameter of BuildGuidDataHob
is VOID*, build error may happen with following log:
C4090: 'function': different 'const' qualifiers
Signed-off-by: Dun Tan <dun.tan@intel.com>
Consume gEdkiiTcg2AcpiCommunicateBufferHobGuid in Tcg2Acpi
driver. Tcg2Acpi will use the buffer stored in the HOB to
exchange information with Tcg2StandaloneMm by the
MM_COMMUNICATION_PROTOCOL.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Install a callback of gEfiPeiMemoryDiscoveredPpiGuid to
build the gEdkiiTcg2AcpiCommunicateBufferHobGuid in the
Tcg2ConfigPei PEIM.
The HOB contains a buffer reserved by MmUnblockMemoryLib.
The buffer will be used in Tcg2Acpi driver to retrive
information from standalone mm environment.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Add a new GUID HOB gEdkiiTcg2AcpiCommunicateBufferHobGuid.
This Tcg2 Acpi Communicate Buffer HOB is used to store the
address of a buffer reserved for Tcg2Acpi driver. The buffer
will be used to retrive information from Standalone mm
environment.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Consume gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid in
StandaloneMmTcg2PhysicalPresenceLib. This is to avoid
using the dynamic PcdTcgPhysicalPresenceInterfaceVer in
StandaloneMm module.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Consume gEdkiiTpmInstanceHobGuid in Tcg2StandaloneMm
driver. It's to avoid using dynamic PcdTpmInstanceGuid
in StandaloneMm driver.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Build following two new HOBs:
gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid
gEdkiiTpmInstanceHobGuid
The two HOBs will be used by Tcg2StandaloneMm driver
to avoid using the related dynamic PCDs.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Add a new gEdkiiTcgPhysicalPresenceInterfaceVerHobGuid.
This new Guid HOB contains a a string of the Version of
Physical Presence interface which is the same as
PcdTcgPhysicalPresenceInterfaceVer. The HOB is used for
StandaloneMm driver which needs to consume the dynamic
PcdTcgPhysicalPresenceInterfaceVer.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This new Guid HOB contains a TPM instance Guid which
is the same as PcdTpmInstanceGuid. The HOB is used for
StandaloneMm driver which needs to consume the dynamic
PcdTpmInstanceGuid.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As noted in https://github.com/DMTF/libspdm/issues/2707, the cmocka
submodule on cryptomilk is unreliable and impacting downstream
consumer builds of SecurityPkg. This is considered a regression in
that pre-existing workflows that clone and recursively initialize
the repo are now broken.
The cmocka host was switched to a more reliable gitlab host in
https://github.com/DMTF/libspdm/pull/2710. This change updates the
submodule in edk2 to use that commit so edk2 users are not blocked
by cryptomilk.org service issues.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
> // When a DRBG is used on the output of a entropy source,
> // its security level must be at least 256 bits according to UEFI
Spec.
> //
> if (RNGValueLength < 32) {
> return EFI_INVALID_PARAMETER;
> }
>
AARCH64 platforms do not have this limitation and this brings both
implementations into alignment with each other and the spec.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewe Yao <Jiewen.yao@intel.com>
The signatures for event2 or event3 are now valid TCG SP800155 event
types. Fixes uncrustify formatting.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
libspdm is submodule to support DeviceSecurity feature.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This patch implement the SpdmSecurityLib,
which is the core of DeviceSecurity.
And the SpdmSecurityLib include Device Authentication and Measurement.
The other library is to support SpdmSecurityLib.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Add new api Tpm2ExtendNvIndex.
It is uesd in HashCompleteAndExtend when PcrIndex > MAX_PCR_INDEX.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752
TdTcg2Dxe and HashLibTdx have been moved to OvmfPkg. So delete the codes
in SecurityPkg and update SecurityPkg.dsc.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4735
When change callback action from FORM_OPEN to RETRIEVE, it is observed
that NVNE disks will not be displayed when the user enters the formset
at the first time. Revisit the formset can see the update.
1. Add HiiUpdateForm() to force reparsing the IFR binary when RETRIEVE.
2. Create dummy label with suppressif statement in VFR for form update
usage.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ming Tan <ming.tan@intel.com>
Cc: Arthur Chen <arthur.g.chen@intel.com>
Cc: Xiao X Chen <xiao.x.chen@intel.com>
Cc: Tina Chen <tina.chen@intel.com>
Signed-off-by: CindyX Kuo <cindyx.kuo@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Tina Chen <tina.chen@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4735
Should not call HiiGetBrowserData() and HiiSetBrowserData() in
ACTION_FORM_OPEN callback function.
Those APIs are called within OpalHiiSetBrowserData/OpalHiiGetBrowserData
which have been used by OpalHii.c.
Change callback action from FORM_OPEN to RETRIEVE to meet UEFI spec.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ming Tan <ming.tan@intel.com>
Cc: Arthur Chen <arthur.g.chen@intel.com>
Cc: Xiao X Chen <xiao.x.chen@intel.com>
Cc: Tina Chen <tina.chen@intel.com>
Signed-off-by: CindyX Kuo <cindyx.kuo@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Tina Chen <tina.chen@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731
TCG2 configuration UI shows all the hash algorithms that TPM hardware
supports in the checkbox. If user only selects one algorithm that is
supported by TPM hardware but not supported by BIOS and uncheck the
others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able
to decide a viable PCR to activate, then an assert occurs.
Add check against PcdTcg2HashAlgorithmBitmap when deciding whether
to suppress the hash algorithm checkbox to avoid user to select the
hash algorithm which may cause an assert.
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
Reviewed-by: Rahul Kumar <rahul1.kumar@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4713
In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for
EFI_BROWSER_ACTION_FORM_OPEN:
NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used with
this browser action because question values have not been retrieved yet.
So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN
call back function.
Now call SecureBootExtractConfigFromVariable() and update
IfrNvData->ListCount to save the change to EFI variable, then HII use EFI
variable to control the UI.
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Felix Polyudov <Felixp@ami.com>
Signed-off-by: Ming Tan <ming.tan@intel.com>
Reviewed-by: Felix Polyudov <Felixp@ami.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Refer to UEFI Spec 2.10 section 13.14, update the parameter 'MediaId'
description for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL function
ReceiveData and SendData.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Qingyu Shang <qingyu.shang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Adding the new commit titles for the symbol renames
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <5e0e851e97459e183420178888d4fcdadc2f1ae1.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Updates the sanitation function names to be lib unique names
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Message-Id: <355aa846a99ca6ac0f7574cf5982661da0d9fea6.1705529990.git.doug.edk2@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Phil Noh
Oliver Smith-Denny
Ceping Sun
Mike Maslenkin
Rebecca Cran
Michael D Kinney
Ard Biesheuvel
Oliver Smith-Denny
John Strange
Ashraf Ali
Joey Vagedes
zodf0055980
Matthew Carlson
Dun Tan
Michael Kubacki
Jiaxin Wu
Gerd Hoffmann
Flickdm
Dionna Glaze
Wenxing Hou
Min M Xu
CindyX Kuo
Wei6 Xu
Ming Tan
Qingyu Shang
Doug Flick