tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/SecurityPkg
History
Brijesh Singh 071f1d19dd SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic 
By default the image verification policy for option ROM images is 0x4
(DENY_EXECUTE_ON_SECURITY_VIOLATION) but the following OvmfPkg commit:

1fea9ddb4e OvmfPkg: execute option ROM images regardless of Secure Boot

set it to 0x0 (ALWAYS_EXECUTE). This is fine because typically option
ROMs comes from host-side and most of the time cloud provider (i.e
hypervisor) have full access over a guest anyway. But when secure boot
is enabled, we would like to deny the execution of option ROM when
SEV is active. Having dynamic Pcd will give us flexibility to set the
security policy at the runtime.

Fixes: https://bugzilla.tianocore.org/show_bug.cgi?id=728
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
 		2017-10-17 21:28:26 +02:00
..
Application/RngTest SecurityPkg: Add ARM/AARCH64 arch to enable RngTest module build. 2017-08-30 11:34:34 +08:00
Hash2DxeCrypto SecurityPkg: Fix typos in comments 2016-11-15 15:45:31 +08:00
Include SecurityPkg\Tcg2Pei: FV measure performance enhancement 2017-10-15 08:16:36 +08:00
Library SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable 2017-10-14 22:27:14 +08:00
Pkcs7Verify/Pkcs7VerifyDxe Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice 2017-09-05 15:55:42 +08:00
RandomNumberGenerator/RngDxe SecurityPkg: Convert all .uni files to utf-8 2015-12-15 04:58:32 +00:00
Tcg Security/OpalHii.c: Handle NULL Request or Request with no elements 2017-10-17 13:23:06 +08:00
UserIdentification SecurityPkg: Fix typos in comments 2016-11-15 16:21:33 +08:00
VariableAuthenticated SecurityPkg/SecureBootConfigDxe: Change the declaring of buffer. 2017-10-17 22:03:42 +08:00
SecurityPkg.dec SecurityPkg: make PcdOptionRomImageVerificationPolicy dynamic 2017-10-17 21:28:26 +02:00
SecurityPkg.dsc SecurityPkg: Add ARM/AARCH64 arch to enable RngTest module build. 2017-08-30 11:34:34 +08:00
SecurityPkg.uni SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmap 2017-02-08 18:52:07 +08:00
SecurityPkgExtra.uni SecurityPkg: Convert all .uni files to utf-8 2015-12-15 04:58:32 +00:00