Commit Graph

21 Commits

Author SHA1 Message Date
Star Zeng 952ba83c47 SecurityPkg Variable: Implement variable quota management.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16670 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-27 08:44:10 +00:00
Star Zeng 17409b7aad SecurityPkg Variable: Implement VarCheck PROTOCOL
and follow UEFI spec to check UEFI defined variables.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16580 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-05 03:42:17 +00:00
Dong Guo 9a12e5825a Calculate enough space for 2 variables (public key and variable data) instead of directly setting them 1 by 1.
Fixed a bug in public key reclaim().

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Zeng, Star <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15404 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-27 10:54:23 +00:00
Star Zeng b2bd493edb MdeModulePkg/SecurityPkg Variable: Calculate enough space for PlatformLang and Lang variables and use PcdUefiVariableDefaultLangDeprecate to turn off auto update between PlatformLang and Lang variables.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15388 6f19259b-4bc3-4df7-8a09-765794883524
2014-03-25 06:56:55 +00:00
Star Zeng 128ef095b0 MdeModulePkg and SecurityPkg Variable: Optimize the code to reduce some SMRAM consumption during variable reclaiming.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14832 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-12 13:31:43 +00:00
Star Zeng 7baf3c69c5 MdeModulePkg and SecurityPkg Variable: Enhance code to use the new variable data instead of old variable data when variable reclaim.
It can fix the potential failure to return EFI_OUT_OF_RESOURCES of the second variable set of large variable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14822 6f19259b-4bc3-4df7-8a09-765794883524
2013-11-04 03:13:54 +00:00
Star Zeng 6675a21f14 MdePkg/MdeModulePkg/SecurityPkg Variable: Forbid creation of non-spec variables in EFI_GLOBAL_VARIABLE namespace.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14560 6f19259b-4bc3-4df7-8a09-765794883524
2013-08-19 05:16:45 +00:00
Star Zeng 039a40aa3b SecurityPkg: Variable drivers robustly handle crashes during Reclaim().
PEI variable implementation checks only the variable header signature for validity. This does not seem robust if system crash occurred during previous Reclaim() operation. If the crash occurred while FTW was rewriting the variable FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: PEI variable and early phase(before FTW protocol ready) of DXE variable can check the FTW last write status provided by FaultTolerantWritePei and determine if all or partial variable data has been backed up in spare block, and then use the backed up data.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14455 6f19259b-4bc3-4df7-8a09-765794883524
2013-07-03 09:09:42 +00:00
niruiyu 6ab9f44138 Add the EDKII_VARIABLE_LOCK_PROTOCOL implementation in SecurityPkg variable drivers.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14378 6f19259b-4bc3-4df7-8a09-765794883524
2013-05-20 07:10:10 +00:00
sfu5 ca5a7d87e3 Add error handling code to prevent variable store corruption in release build.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14139 6f19259b-4bc3-4df7-8a09-765794883524
2013-02-21 01:35:22 +00:00
lzeng14 23b0693579 1. Update the logic of UpdateVariable() for updating variable from:
set old variable to IN_DELETED_TRANSITION -> check if reclaim is needed(If yes, do reclaim) -> add new variable -> set old variable to DELETED if no reclaim happened.
to:
set old variable to IN_DELETED_TRANSITION -> check if reclaim is needed(If yes, do reclaim) -> add new variable -> set old variable to DELETED.
2. Update UpdateVariable() to correctly handle the case "both ADDED and IN_DELETED_TRANSITION variable are present", and delete both old ADDED and IN_DELETED_TRANSITION variable when deleting or updating variable.
3. Update VariableServiceGetNextVariableName() to return the valid IN_DELETED_TRANSITION variable if only IN_DELETED_TRANSITION variable is present.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14065 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-18 01:12:32 +00:00
sfu5 83758cdc84 Fix a bug that the invalid public key will never be removed from public key database.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14041 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-09 05:09:39 +00:00
lzeng14 335e268133 1. Don't assume that flush the HOB variable to flash must be successful.
2. When no DELETED variable found, no variable space could be reclaimed, so just give some debug info and return EFI_SUCCESS.

Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14029 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-04 12:21:59 +00:00
sfu5 275beb2b53 1. Correct the counter-based hash algorithm according to UEFI spec.
2. Check the reserverd bit in variable attribute.
3. Return EFI_OUT_OF_RESOURCE instead of EFI_SECURITY_VIOLATION if there is not enough speace to store the public key.
4. Fix a bug when deleting a non-existent time-based auth variable, we store the certificate into cert DB incorrectly.
5. Fix a bug that time-based auth variable can't been updated again after append operation.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13957 6f19259b-4bc3-4df7-8a09-765794883524
2012-11-21 08:06:02 +00:00
jyao1 dc204d5a0f Add comment for modules which have external input.
signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
2012-06-12 08:28:43 +00:00
lzeng14 a5f15e3025 According to UEFI spec 2.3.1a. hardware error record variable should use the EFI_HARDWARE_ERROR_VARIABLE VendorGuid and have the L"HwErrRec####" name convention, #### is a printed hex value and no 0x or h is included in the hex value.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13373 6f19259b-4bc3-4df7-8a09-765794883524
2012-05-30 02:53:10 +00:00
lzeng14 9622df63df If setting variable in Runtime and there has been a same GUID and name variable existed in system without RT attribute, return EFI_WRITE_PROTECTED.
Signed-off-by: lzeng14
Reviewed-by: tye

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13156 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-30 07:19:44 +00:00
sfu5 ecc722ad41 1. Remove “Force clear PK” feature in AuthVarialbe driver.
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.

Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-27 08:17:23 +00:00
oliviermartin 4d832aabbf SecurityPkg/VariableAuthenticated: Check if there is a NV Variable Storage header prior to use its attributes
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of
EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at
the base address.
In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength'
is a non valid value that can lead to a non valid physical address when accessing produces an
access error.

Signed-off-by: oliviermartin
Reviewed-by: rsun3
Reviewed-by: niruiyu



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13 09:42:36 +00:00
niruiyu 9a000b464f Support Variable driver (VariableAuthenticatedPei/VariableAuthenticatedRuntimeDxe) to support the default variable data stored in HOB.
Signed-off-by: niruiyu
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12554 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-19 12:40:52 +00:00
gdong1 0c18794ea4 Add security package to repository.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-02 07:49:32 +00:00