sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Apply uncrustify changes

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the SecurityPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Michael Kubacki
2021-12-05 14:54:12 -08:00
committed by mergify[bot]
parent 39de741e2d
commit c411b485b6
185 changed files with 15251 additions and 14419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
View File

@ -92,6 +92,7 @@ UefiMain (
"Please do it manually, otherwise system can be easily compromised\n"
);
}
return 0;
clearKEK:

55
SecurityPkg/FvReportPei/FvReportPei.c
View File

@ -121,17 +121,22 @@ VerifyHashedFv (
VOID *FvBuffer;
EFI_STATUS Status;
if (HashInfo == NULL ||
HashInfo->HashSize == 0 ||
HashInfo->HashAlgoId == TPM_ALG_NULL) {
if ((HashInfo == NULL) ||
(HashInfo->HashSize == 0) ||
(HashInfo->HashAlgoId == TPM_ALG_NULL))
{
DEBUG ((DEBUG_INFO, "Bypass FV hash verification\r\n"));
return EFI_SUCCESS;
}
AlgInfo = FindHashAlgInfo (HashInfo->HashAlgoId);
if (AlgInfo == NULL || AlgInfo->HashSize != HashInfo->HashSize) {
DEBUG ((DEBUG_ERROR, "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n",
HashInfo->HashAlgoId, HashInfo->HashSize));
if ((AlgInfo == NULL) || (AlgInfo->HashSize != HashInfo->HashSize)) {
DEBUG ((
DEBUG_ERROR,
"Unsupported or wrong hash algorithm: %04X (size=%d)\r\n",
HashInfo->HashAlgoId,
HashInfo->HashSize
));
return EFI_UNSUPPORTED;
}
@ -152,8 +157,9 @@ VerifyHashedFv (
//
// Not meant for verified boot and/or measured boot?
//
if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 &&
(FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) {
if (((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0) &&
((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0))
{
continue;
}
@ -161,8 +167,12 @@ VerifyHashedFv (
// Skip any FV not meant for current boot mode.
//
if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) != 0) {
DEBUG ((DEBUG_INFO, "Skip FV[%016lX] for boot mode[%d]\r\n",
FvInfo[FvIndex].Base, BootMode));
DEBUG ((
DEBUG_INFO,
"Skip FV[%016lX] for boot mode[%d]\r\n",
FvInfo[FvIndex].Base,
BootMode
));
continue;
}
@ -218,9 +228,10 @@ VerifyHashedFv (
//
// Check final hash for all FVs.
//
if (FvHashValue == HashValue ||
if ((FvHashValue == HashValue) ||
(AlgInfo->HashAll (HashValue, FvHashValue - HashValue, FvHashValue) &&
CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)) {
(CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)))
{
Status = EFI_SUCCESS;
} else {
Status = EFI_VOLUME_CORRUPTED;
@ -339,13 +350,15 @@ CheckStoredHashFv (
NULL,
(VOID **)&StoredHashFvPpi
);
if (!EFI_ERROR(Status) && StoredHashFvPpi != NULL && StoredHashFvPpi->FvNumber > 0) {
if (!EFI_ERROR (Status) && (StoredHashFvPpi != NULL) && (StoredHashFvPpi->FvNumber > 0)) {
HashInfo = GetHashInfo (StoredHashFvPpi, BootMode);
Status = VerifyHashedFv (HashInfo, StoredHashFvPpi->FvInfo,
StoredHashFvPpi->FvNumber, BootMode);
Status = VerifyHashedFv (
HashInfo,
StoredHashFvPpi->FvInfo,
StoredHashFvPpi->FvNumber,
BootMode
);
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "OBB verification passed (%r)\r\n", Status));
//
@ -353,7 +366,8 @@ CheckStoredHashFv (
//
for (FvIndex = 0; FvIndex < StoredHashFvPpi->FvNumber; ++FvIndex) {
if ((StoredHashFvPpi->FvInfo[FvIndex].Flag
& HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0) {
& HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0)
{
ReportHashedFv (&StoredHashFvPpi->FvInfo[FvIndex]);
}
}
@ -362,9 +376,7 @@ CheckStoredHashFv (
EFI_PROGRESS_CODE,
PcdGet32 (PcdStatusCodeFvVerificationPass)
);
} else {
DEBUG ((DEBUG_ERROR, "ERROR: Failed to verify OBB FVs (%r)\r\n", Status));
REPORT_STATUS_CODE_EX (
@ -378,11 +390,8 @@ CheckStoredHashFv (
);
ASSERT_EFI_ERROR (Status);
}
} else {
DEBUG ((DEBUG_ERROR, "ERROR: No/invalid StoredHashFvPpi located\r\n"));
ASSERT_EFI_ERROR (Status);

1
SecurityPkg/FvReportPei/FvReportPei.h
View File

@ -119,4 +119,3 @@ typedef struct {
} HASH_ALG_INFO;
#endif //__FV_REPORT_PEI_H__

2
SecurityPkg/Hash2DxeCrypto/Driver.c
View File

@ -87,7 +87,6 @@ Hash2ServiceBindingCreateChild (
return Status;
}
/**
Destroys a child handle with a set of I/O services.
@ -141,6 +140,7 @@ Hash2ServiceBindingDestroyChild (
Instance = NULL;
}
}
if (Instance == NULL) {
DEBUG ((DEBUG_ERROR, "Hash2ServiceBindingDestroyChild - Invalid handle\n"));
return EFI_UNSUPPORTED;

10
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c
View File

@ -272,6 +272,7 @@ GetHashInfo (
return &mHashInfo[Index];
}
}
return NULL;
}
@ -371,6 +372,7 @@ BaseCrypto2Hash (
if (Instance->HashContext != NULL) {
FreePool (Instance->HashContext);
}
Instance->HashInfoContext = NULL;
Instance->HashContext = NULL;
@ -381,6 +383,7 @@ BaseCrypto2Hash (
if (CtxSize == 0) {
return EFI_UNSUPPORTED;
}
HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
@ -409,6 +412,7 @@ BaseCrypto2Hash (
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
Done:
//
// Cleanup the context
@ -476,6 +480,7 @@ BaseCrypto2HashInit (
if (CtxSize == 0) {
return EFI_UNSUPPORTED;
}
HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
@ -536,6 +541,7 @@ BaseCrypto2HashUpdate (
if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) {
return EFI_NOT_READY;
}
HashInfo = Instance->HashInfoContext;
HashCtx = Instance->HashContext;
@ -586,9 +592,11 @@ BaseCrypto2HashFinal (
//
Instance = HASH2_INSTANCE_DATA_FROM_THIS (This);
if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) ||
(!Instance->Updated)) {
(!Instance->Updated))
{
return EFI_NOT_READY;
}
HashInfo = Instance->HashInfoContext;
HashCtx = Instance->HashContext;

89
SecurityPkg/HddPassword/HddPasswordDxe.c
View File

@ -42,7 +42,6 @@ HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = {
}
};
/**
Check if the password is full zero.
@ -126,7 +125,8 @@ BuildHddPasswordDeviceInfo (
//
if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
{
DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) +
GetDevicePathSize (ConfigFormEntry->DevicePath);
}
@ -170,7 +170,8 @@ BuildHddPasswordDeviceInfo (
if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
(ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0)))
{
SaveDeviceInfo (ConfigFormEntry, TempDevInfo);
S3InitDevicesBak = S3InitDevices;
@ -181,6 +182,7 @@ BuildHddPasswordDeviceInfo (
if (S3InitDevicesBak != NULL) {
FreePool (S3InitDevicesBak);
}
ASSERT (S3InitDevices != NULL);
TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *)((UINTN)TempDevInfo +
@ -305,7 +307,8 @@ FreezeLockDevice (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -486,7 +489,8 @@ HddPasswordEndOfDxeEventNotify (
//
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) &&
(ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) {
(ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0))
{
Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort);
DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status));
Status = GetHddDeviceIdentifyData (
@ -580,10 +584,12 @@ Done:
if (Hash != NULL) {
FreePool (Hash);
}
if (HashData != NULL) {
ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize);
FreePool (HashData);
}
return Status;
}
@ -657,7 +663,8 @@ SaveHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Delete the node.
@ -668,9 +675,11 @@ SaveHddPasswordVariable (
NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE);
break;
}
TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1;
}
if (NewVariable == NULL) {
DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n"));
}
@ -686,7 +695,8 @@ SaveHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Update the node.
@ -697,9 +707,11 @@ SaveHddPasswordVariable (
NewVariableSize = VariableSize;
break;
}
TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1;
}
if (NewVariable == NULL) {
//
// The node for the HDD password device is not found.
@ -748,6 +760,7 @@ SaveHddPasswordVariable (
if (NewVariable != Variable) {
FreePool (NewVariable);
}
if (Variable != NULL) {
FreePool (Variable);
}
@ -801,7 +814,8 @@ GetSavedHddPasswordVariable (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Get the node.
@ -810,6 +824,7 @@ GetSavedHddPasswordVariable (
Found = TRUE;
break;
}
VariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
TempVariable += 1;
}
@ -958,7 +973,8 @@ UnlockHddPassword (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -1055,7 +1071,8 @@ DisableHddPassword (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -1159,7 +1176,8 @@ SetHddPassword (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -1256,6 +1274,7 @@ PopupHddPasswordInputWindows (
NULL
);
}
//
// Check key.
//
@ -1269,7 +1288,8 @@ PopupHddPasswordInputWindows (
} else if ((Key.UnicodeChar == CHAR_NULL) ||
(Key.UnicodeChar == CHAR_TAB) ||
(Key.UnicodeChar == CHAR_LINEFEED)
) {
)
{
continue;
} else {
if (Key.UnicodeChar == CHAR_BACKSPACE) {
@ -1345,8 +1365,8 @@ HddPasswordRequestPassword (
// Check the device security status.
//
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
(ConfigFormEntry->IfrData.SecurityStatus.Enabled))
{
//
// Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt.
// Due to board design, device may not power off during system warm boot, which result in
@ -1362,6 +1382,7 @@ HddPasswordRequestPassword (
gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
}
}
//
// As soon as the HDD password is in enabled state, we pop up a window to unlock hdd
// no matter it's really in locked or unlocked state.
@ -1386,11 +1407,13 @@ HddPasswordRequestPassword (
} else {
Status = EFI_INVALID_PARAMETER;
}
if (!EFI_ERROR (Status)) {
CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
SaveHddPasswordVariable (ConfigFormEntry, Password);
}
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData);
ASSERT_EFI_ERROR (Status);
@ -1416,6 +1439,7 @@ HddPasswordRequestPassword (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
continue;
} else {
do {
@ -1427,6 +1451,7 @@ HddPasswordRequestPassword (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
break;
}
@ -1549,6 +1574,7 @@ ProcessHddPasswordRequestSetUserPwd (
Status = EFI_INVALID_PARAMETER;
}
}
if (!EFI_ERROR (Status)) {
CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
SaveHddPasswordVariable (ConfigFormEntry, Password);
@ -1583,6 +1609,7 @@ ProcessHddPasswordRequestSetUserPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Status = EFI_INVALID_PARAMETER;
}
}
@ -1602,6 +1629,7 @@ ProcessHddPasswordRequestSetUserPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
return;
}
@ -1686,6 +1714,7 @@ ProcessHddPasswordRequestSetMasterPwd (
} else {
Status = EFI_INVALID_PARAMETER;
}
if (!EFI_ERROR (Status)) {
ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
@ -1711,6 +1740,7 @@ ProcessHddPasswordRequestSetMasterPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Status = EFI_INVALID_PARAMETER;
}
}
@ -1730,6 +1760,7 @@ ProcessHddPasswordRequestSetMasterPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
return;
}
@ -1793,6 +1824,7 @@ ProcessHddPasswordRequest (
if (EFI_ERROR (Status) || (Variable == NULL)) {
return;
}
mHddPasswordRequestVariable = Variable;
mHddPasswordRequestVariableSize = VariableSize;
@ -1821,13 +1853,15 @@ ProcessHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
//
if (TempVariable->Request.UserPassword != 0) {
ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
}
if (TempVariable->Request.MasterPassword != 0) {
ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
}
@ -1879,7 +1913,8 @@ GetSavedHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Get the HDD password request.
@ -1892,6 +1927,7 @@ GetSavedHddPasswordRequest (
));
break;
}
VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
TempVariable += 1;
}
@ -1947,7 +1983,8 @@ SaveHddPasswordRequest (
(TempVariable->Device.Device == ConfigFormEntry->Device) &&
(TempVariable->Device.Function == ConfigFormEntry->Function) &&
(TempVariable->Device.Port == ConfigFormEntry->Port) &&
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
(TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort))
{
//
// Found the node for the HDD password device.
// Update the HDD password request.
@ -1957,9 +1994,11 @@ SaveHddPasswordRequest (
NewVariableSize = VariableSize;
break;
}
TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
TempVariable += 1;
}
if (NewVariable == NULL) {
//
// The node for the HDD password device is not found.
@ -1988,6 +2027,7 @@ SaveHddPasswordRequest (
NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
}
Status = gRT->SetVariable (
HDD_PASSWORD_REQUEST_VARIABLE_NAME,
&mHddPasswordVendorGuid,
@ -1998,9 +2038,11 @@ SaveHddPasswordRequest (
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status));
}
if (NewVariable != Variable) {
FreePool (NewVariable);
}
if (Variable != NULL) {
FreePool (Variable);
}
@ -2119,7 +2161,7 @@ HddPasswordFormExtractConfig (
BOOLEAN AllocatedRequest;
UINTN Size;
if (Progress == NULL || Results == NULL) {
if ((Progress == NULL) || (Results == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -2159,6 +2201,7 @@ HddPasswordFormExtractConfig (
UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
FreePool (ConfigRequestHdr);
}
Status = gHiiConfigRouting->BlockToConfig (
gHiiConfigRouting,
ConfigRequest,
@ -2229,7 +2272,7 @@ HddPasswordFormRouteConfig (
OUT EFI_STRING *Progress
)
{
if (Configuration == NULL || Progress == NULL) {
if ((Configuration == NULL) || (Progress == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -2322,6 +2365,7 @@ HddPasswordFormCallback (
SaveHddPasswordRequest (ConfigFormEntry);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
break;
case KEY_HDD_MASTER_PASSWORD:
if (Action == EFI_BROWSER_ACTION_CHANGED) {
@ -2331,6 +2375,7 @@ HddPasswordFormCallback (
SaveHddPasswordRequest (ConfigFormEntry);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
}
break;
default:
@ -2416,7 +2461,8 @@ HddPasswordConfigUpdateForm (
(ConfigFormEntry->Device == Device) &&
(ConfigFormEntry->Function == Function) &&
(ConfigFormEntry->Port == Port) &&
(ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) {
(ConfigFormEntry->PortMultiplierPort == PortMultiplierPort))
{
EntryExisted = TRUE;
break;
}
@ -2454,6 +2500,7 @@ HddPasswordConfigUpdateForm (
if (EFI_ERROR (Status)) {
return Status;
}
ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode);
FreePool (AtaDeviceNode);
if (ConfigFormEntry->DevicePath == NULL) {
@ -2468,6 +2515,7 @@ HddPasswordConfigUpdateForm (
if (EFI_ERROR (Status)) {
return Status;
}
GetHddDeviceModelNumber (&IdentifyData, HddString);
//
// Compose the HDD title string and help string of this port and create a new EFI_STRING_ID.
@ -2669,6 +2717,7 @@ HddPasswordNotificationEvent (
//
break;
}
//
// Find out the attached harddisk devices.
// Try to add a HDD Password configuration page for the attached devices.

17
SecurityPkg/HddPassword/HddPasswordPei.c
View File

@ -11,7 +11,6 @@
EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID;
/**
Send unlock hdd password cmd through ATA PassThru PPI.
@ -95,7 +94,8 @@ UnlockDevice (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -179,7 +179,8 @@ FreezeLockDevice (
);
if (!EFI_ERROR (Status) &&
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
((Asb->AtaError & ATA_ERRREG_ABRT) != 0))
{
Status = EFI_DEVICE_ERROR;
}
@ -222,6 +223,7 @@ UnlockHddPassword (
Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
}
}
if ((Buffer == NULL) || (Buffer == (VOID *)&DummyData)) {
return;
} else if (EFI_ERROR (Status)) {
@ -272,13 +274,16 @@ UnlockHddPassword (
(CompareMem (
DevInfo->DevicePath,
DevicePath,
DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) {
DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)
) == 0))
{
//
// If device locked, unlock first.
//
if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) {
UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password);
}
//
// Freeze lock the device.
//
@ -295,7 +300,6 @@ UnlockHddPassword (
Exit:
ZeroMem (Buffer, Length);
FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
}
/**
@ -326,14 +330,12 @@ HddPasswordAtaPassThruNotify (
return EFI_SUCCESS;
}
EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = {
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEdkiiPeiAtaPassThruPpiGuid,
HddPasswordAtaPassThruNotify
};
/**
Main entry for this module.
@ -364,4 +366,3 @@ HddPasswordPeiInit (
ASSERT_EFI_ERROR (Status);
return Status;
}

1
SecurityPkg/HddPassword/HddPasswordPei.h
View File

@ -26,7 +26,6 @@
#include "HddPasswordCommon.h"
//
// Time out value for ATA PassThru PPI
//

1
SecurityPkg/Include/Guid/PhysicalPresenceData.h
View File

@ -72,4 +72,3 @@ typedef struct {
extern EFI_GUID gEfiPhysicalPresenceGuid;
#endif

1
SecurityPkg/Include/Guid/SecureBootConfigHii.h
View File

@ -14,7 +14,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \
}
extern EFI_GUID gSecureBootConfigFormSetGuid;
#endif

1
SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h
View File

@ -38,4 +38,3 @@ typedef struct {
extern EFI_GUID gEfiTcg2PhysicalPresenceGuid;
#endif

2
SecurityPkg/Include/Guid/TpmInstance.h
View File

@ -22,11 +22,9 @@ extern EFI_GUID gEfiTpmDeviceInstanceNoneGuid;
extern EFI_GUID gEfiTpmDeviceInstanceTpm12Guid;
extern EFI_GUID gEfiTpmDeviceInstanceTpm20DtpmGuid;
#define TPM_DEVICE_SELECTED_GUID \
{ 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } }
extern EFI_GUID gEfiTpmDeviceSelectedGuid;
#endif

1
SecurityPkg/Include/Library/PlatformSecureLib.h
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __PLATFORM_SECURE_LIB_H__
#define __PLATFORM_SECURE_LIB_H__
/**
This function provides a platform-specific method to detect whether the platform

1
SecurityPkg/Include/Library/RpmcLib.h
View File

@ -40,4 +40,3 @@ IncrementMonotonicCounter (
);
#endif

1
SecurityPkg/Include/Library/SecureBootVariableLib.h
View File

@ -150,4 +150,5 @@ EFIAPI
DeletePlatformKey (
VOID
);
#endif

1
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
View File

@ -131,4 +131,5 @@ EFI_STATUS
SecureBootInitDbxDefault (
IN VOID
);
#endif

24
SecurityPkg/Include/Library/TcgStorageCoreLib.h
View File

@ -183,7 +183,6 @@ typedef struct {
UINT8 *CurPtr;
} TCG_PARSE_STRUCT;
//
// Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions.
//
@ -217,7 +216,6 @@ TcgInitTcgCreateStruct(
UINT32 BufferSize
);
/**
Encodes the ComPacket header to the data structure.
@ -235,7 +233,6 @@ TcgStartComPacket(
UINT16 ComIdExtension
);
/**
Starts a new ComPacket in the Data structure.
@ -274,7 +271,6 @@ TcgStartSubPacket(
UINT16 Kind
);
/**
Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding
@ -289,7 +285,6 @@ TcgEndSubPacket(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Ends the current Packet in the Data structure.
@ -303,7 +298,6 @@ TcgEndPacket(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Ends the ComPacket in the Data structure and ret
@ -333,7 +327,6 @@ TcgAddRawByte(
UINT8 Byte
);
/**
Adds the Data parameter as a byte sequence to the Data structure.
@ -354,7 +347,6 @@ TcgAddByteSequence(
BOOLEAN Continued
);
/**
Adds an arbitrary-Length integer to the Data structure.
@ -376,7 +368,6 @@ TcgAddInteger(
BOOLEAN SignedInteger
);
/**
Adds an 8-bit unsigned integer to the Data structure.
@ -421,7 +412,6 @@ TcgAddUINT32(
UINT32 Value
);
/**
Adds a 64-bit unsigned integer to the Data structure.
@ -479,7 +469,6 @@ TcgAddStartList(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End List token to the Data structure.
@ -493,7 +482,6 @@ TcgAddEndList(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds a Start Name token to the Data structure.
@ -506,7 +494,6 @@ TcgAddStartName(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End Name token to the Data structure.
@ -520,7 +507,6 @@ TcgAddEndName(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds a Call token to the Data structure.
@ -533,7 +519,6 @@ TcgAddCall(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End of Data token to the Data structure.
@ -547,7 +532,6 @@ TcgAddEndOfData(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End of Session token to the Data structure.
@ -561,7 +545,6 @@ TcgAddEndOfSession(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds a Start Transaction token to the Data structure.
@ -574,7 +557,6 @@ TcgAddStartTransaction(
TCG_CREATE_STRUCT *CreateStruct
);
/**
Adds an End Transaction token to the Data structure.
@ -691,7 +673,6 @@ TcgGetTokenUINT64(
UINT64 *Value
);
/**
Get next specify value.
@ -708,7 +689,6 @@ TcgGetNextUINT8(
UINT8 *Value
);
/**
Get next specify value.
@ -935,7 +915,6 @@ TcgGetNextEndTransaction(
// end of parse functions
typedef
BOOLEAN
(EFIAPI *TCG_LEVEL0_ENUM_CALLBACK)(
@ -1109,7 +1088,6 @@ TcgCreateEndSession(
UINT32 TpSessionId
);
/**
Retrieves human-readable token type name.
@ -1152,7 +1130,6 @@ TcgMethodStatusString(
UINT8 MethodStatus
);
/**
Retrieves the comID and Extended comID of the ComPacket in the Tcg response.
It is intended to be used to confirm the received Tcg response is intended for user that received it.
@ -1305,5 +1282,4 @@ TcgIsLocked(
#pragma pack()
#endif // _TCG_CORE_H_

9
SecurityPkg/Include/Library/TcgStorageOpalLib.h
View File

@ -234,7 +234,6 @@ OpalPsidRevert(
OPAL_SESSION *AdminSpSession
);
/**
The function retrieves the MSID from the device specified
@ -271,7 +270,6 @@ OpalActivateLockingSp(
UINT8 *MethodStatus
);
/**
The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.
@ -309,7 +307,6 @@ OpalGlobalLockingRangeGenKey(
UINT8 *MethodStatus
);
/**
The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.
@ -331,7 +328,6 @@ OpalUpdateGlobalLockingRange(
UINT8 *MethodStatus
);
/**
The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns
@ -386,7 +382,6 @@ OpalSetLockingSpAuthorityEnabledAndPin(
UINT8 *MethodStatus
);
/**
The function sets the Enabled column to FALSE for the USER1 authority.
@ -402,7 +397,6 @@ OpalDisableUser(
UINT8 *MethodStatus
);
/**
The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter
@ -421,7 +415,6 @@ OpalAdminRevert(
UINT8 *MethodStatus
);
/**
The function retrieves the TryLimit column for the specified rowUid (authority).
@ -439,7 +432,6 @@ OpalGetTryLimit(
UINT32 *TryLimit
);
/**
The function populates the CreateStruct with a payload that will retrieve the global locking range active key.
@ -459,7 +451,6 @@ OpalCreateRetrieveGlobalLockingRangeActiveKey(
UINT32 *Size
);
/**
The function acquires the activeKey specified for the Global Locking Range from the parseStruct.

1
SecurityPkg/Include/Library/Tpm12CommandLib.h
View File

@ -216,4 +216,5 @@ EFIAPI
Tpm12GetCapabilityFlagVolatile (
OUT TPM_STCLEAR_FLAGS *VolatileFlags
);
#endif

1
SecurityPkg/Include/Library/VariableKeyLib.h
View File

@ -57,4 +57,3 @@ LockVariableKeyInterface (
);
#endif

1
SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h
View File

@ -28,4 +28,3 @@ typedef struct {
extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
#endif

1
SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h
View File

@ -41,4 +41,3 @@ typedef struct {
extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid;
#endif

1
SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
View File

@ -59,4 +59,3 @@ struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;
#endif

101
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@ -179,7 +179,8 @@ AuthServiceInternalUpdateVariableWithTimeStamp (
if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
(CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
(CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)))
{
//
// For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
// EFI_SIGNATURE_DATA values that are already part of the existing variable value.
@ -224,7 +225,8 @@ NeedPhysicallyPresent(
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if (IsVariablePolicyEnabled ()) {
if ( (CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
|| (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
|| (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0)))
{
return TRUE;
}
}
@ -366,6 +368,7 @@ UpdatePlatformMode (
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
}
SecureBootEnable = SECURE_BOOT_DISABLE;
VariableDataSize = 0;
}
@ -420,7 +423,8 @@ CheckSignatureListFormat(
} else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||
(CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) {
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))))
{
IsPk = FALSE;
} else {
return EFI_SUCCESS;
@ -442,14 +446,18 @@ CheckSignatureListFormat(
// The value of SignatureSize should always be 16 (size of SignatureOwner
// component) add the data length according to signature type.
//
if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&
(SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {
if ((mSupportSigItem[Index].SigDataSize != ((UINT32) ~0)) &&
((SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize))
{
return EFI_INVALID_PARAMETER;
}
if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) &&
SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) {
if ((mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0)) &&
(SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize))
{
return EFI_INVALID_PARAMETER;
}
break;
}
}
@ -470,18 +478,21 @@ CheckSignatureListFormat(
if (RsaContext == NULL) {
return EFI_INVALID_PARAMETER;
}
CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
CertLen = SigList->SignatureSize - sizeof (EFI_GUID);
if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) {
RsaFree (RsaContext);
return EFI_INVALID_PARAMETER;
}
RsaFree (RsaContext);
}
if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {
return EFI_INVALID_PARAMETER;
}
SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;
SigDataSize -= SigList->SignatureListSize;
@ -492,7 +503,7 @@ CheckSignatureListFormat(
return EFI_INVALID_PARAMETER;
}
if (IsPk && SigCount > 1) {
if (IsPk && (SigCount > 1)) {
return EFI_INVALID_PARAMETER;
}
@ -516,6 +527,7 @@ VendorKeyIsModified (
if (mVendorKeyState == VENDOR_KEYS_MODIFIED) {
return EFI_SUCCESS;
}
mVendorKeyState = VENDOR_KEYS_MODIFIED;
Status = AuthServiceInternalUpdateVariable (
@ -577,8 +589,9 @@ ProcessVarWithPk (
UINT8 *Payload;
UINTN PayloadSize;
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
{
//
// PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
@ -590,7 +603,7 @@ ProcessVarWithPk (
// Init state of Del. State may change due to secure check
//
Del = FALSE;
if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
if ((InCustomMode () && UserPhysicalPresent ()) || ((mPlatformMode == SETUP_MODE) && !IsPk)) {
Payload = (UINT8 *)Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) {
@ -646,12 +659,12 @@ ProcessVarWithPk (
}
if (!EFI_ERROR (Status) && IsPk) {
if (mPlatformMode == SETUP_MODE && !Del) {
if ((mPlatformMode == SETUP_MODE) && !Del) {
//
// If enroll PK in setup mode, need change to user mode.
//
Status = UpdatePlatformMode (USER_MODE);
} else if (mPlatformMode == USER_MODE && Del){
} else if ((mPlatformMode == USER_MODE) && Del) {
//
// If delete PK in user mode, need change to setup mode.
//
@ -698,8 +711,9 @@ ProcessVarWithKek (
UINT8 *Payload;
UINTN PayloadSize;
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
(Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
if (((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) ||
((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0))
{
//
// DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
// authenticated variable.
@ -708,7 +722,7 @@ ProcessVarWithKek (
}
Status = EFI_SUCCESS;
if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
if ((mPlatformMode == USER_MODE) && !(InCustomMode () && UserPhysicalPresent ())) {
//
// Time-based, verify against X509 Cert KEK.
//
@ -785,7 +799,8 @@ IsDeleteAuthVariable (
// and the DataSize set to the size of the AuthInfo descriptor.
//
if ((Attributes == OrgAttributes) &&
((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
{
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
if (PayloadSize == 0) {
@ -897,7 +912,8 @@ ProcessVariable (
}
if ((OrgVariableInfo.Data != NULL) &&
((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0))
{
//
// If the variable is already write-protected, it always needs authentication before update.
//
@ -909,7 +925,6 @@ ProcessVariable (
//
Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
return Status;
}
/**
@ -971,7 +986,8 @@ FilterSignatureList (
CertList = (EFI_SIGNATURE_LIST *)Data;
while ((Size > 0) && (Size >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&
(CertList->SignatureSize == NewCertList->SignatureSize)) {
(CertList->SignatureSize == NewCertList->SignatureSize))
{
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index2 = 0; Index2 < CertCount; Index2++) {
@ -982,6 +998,7 @@ FilterSignatureList (
IsNewCert = FALSE;
break;
}
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
@ -989,6 +1006,7 @@ FilterSignatureList (
if (!IsNewCert) {
break;
}
Size -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
@ -1229,7 +1247,8 @@ FindCertsFromDb (
CertSize = ReadUnaligned32 (&Ptr->CertDataSize);
if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +
sizeof (CHAR16) * NameSize) {
sizeof (CHAR16) * NameSize)
{
return EFI_INVALID_PARAMETER;
}
@ -1238,7 +1257,8 @@ FindCertsFromDb (
// Check whether VariableName matches.
//
if ((NameSize == StrLen (VariableName)) &&
(CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {
(CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0))
{
Offset = Offset + NameSize * sizeof (CHAR16);
if (CertOffset != NULL) {
@ -1305,7 +1325,6 @@ GetCertsFromDb (
return EFI_INVALID_PARAMETER;
}
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
//
// Get variable "certdb".
@ -1726,6 +1745,7 @@ CleanCertsFromDb (
if (VariableName == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (VariableName, (UINT8 *)Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof (CHAR16));
//
// Keep VarGuid aligned
@ -1742,7 +1762,7 @@ CleanCertsFromDb (
&AuthVariableInfo
);
if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
if (EFI_ERROR (Status) || ((AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) {
//
// While cleaning certdb, always delete the variable in certdb regardless of it attributes.
//
@ -1867,7 +1887,8 @@ VerifyTimeBasedPayload (
(CertData->TimeStamp.Nanosecond != 0) ||
(CertData->TimeStamp.TimeZone != 0) ||
(CertData->TimeStamp.Daylight != 0) ||
(CertData->TimeStamp.Pad2 != 0)) {
(CertData->TimeStamp.Pad2 != 0))
{
return EFI_SECURITY_VIOLATION;
}
@ -1885,7 +1906,8 @@ VerifyTimeBasedPayload (
// Cert type should be EFI_CERT_TYPE_PKCS7_GUID.
//
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
!CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) {
!CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid))
{
//
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
//
@ -1916,7 +1938,8 @@ VerifyTimeBasedPayload (
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
if (SigDataSize >= (13 + sizeof (mSha256OidValue))) {
if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) ||
(CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) {
(CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0))
{
return EFI_SECURITY_VIOLATION;
}
}
@ -1929,7 +1952,7 @@ VerifyTimeBasedPayload (
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN)SigDataSize;
// If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) {
if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {
VerifyStatus = TRUE;
goto Exit;
}
@ -2005,10 +2028,12 @@ VerifyTimeBasedPayload (
VerifyStatus = FALSE;
goto Exit;
}
CertList = (EFI_SIGNATURE_LIST *)Data;
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) ||
(CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) {
(CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0))
{
VerifyStatus = FALSE;
goto Exit;
}
@ -2024,9 +2049,7 @@ VerifyTimeBasedPayload (
NewData,
NewDataSize
);
} else if (AuthVarType == AuthVarTypeKek) {
//
// Get KEK database from variable.
//
@ -2070,14 +2093,15 @@ VerifyTimeBasedPayload (
if (VerifyStatus) {
goto Exit;
}
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
KekDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
} else if (AuthVarType == AuthVarTypePriv) {
//
// Process common authenticated variable except PK/KEK/DB/DBX/DBT.
// Get signer's certificates from SignedData.
@ -2119,7 +2143,7 @@ VerifyTimeBasedPayload (
TopLevelCertSize,
Sha256Digest
);
if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){
if (EFI_ERROR (Status) || (CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0)) {
goto Exit;
}
} else {
@ -2127,7 +2151,8 @@ VerifyTimeBasedPayload (
// Keep backward compatible with previous solution which saves whole signer certs stack in CertDb
//
if ((CertStackSize != CertsSizeinDb) ||
(CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {
(CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0))
{
goto Exit;
}
}
@ -2186,10 +2211,11 @@ VerifyTimeBasedPayload (
Exit:
if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {
if ((AuthVarType == AuthVarTypePk) || (AuthVarType == AuthVarTypePriv)) {
if (TopLevelCert != NULL) {
Pkcs7FreeSigners (TopLevelCert);
}
if (SignerCerts != NULL) {
Pkcs7FreeSigners (SignerCerts);
}
@ -2279,7 +2305,8 @@ VerifyTimeBasedPayloadAndUpdate (
if ( !EFI_ERROR (FindStatus)
&& (PayloadSize == 0)
&& ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
&& ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0))
{
IsDel = TRUE;
} else {
IsDel = FALSE;
@ -2302,7 +2329,7 @@ VerifyTimeBasedPayloadAndUpdate (
//
// Delete signer's certificates when delete the common authenticated variable.
//
if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) {
if (IsDel && (AuthVarType == AuthVarTypePriv) && !EFI_ERROR (Status)) {
Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes);
}

1
SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
View File

@ -96,7 +96,6 @@ extern VOID *mHashCtx;
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
/**
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set

7
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
View File

@ -166,6 +166,7 @@ AuthVariableLibInitialize (
} else {
mPlatformMode = USER_MODE;
}
Status = AuthServiceInternalUpdateVariable (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
@ -222,11 +223,12 @@ AuthVariableLibInitialize (
//
// Create "SecureBoot" variable with BS+RT attribute set.
//
if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {
SecureBootMode = SECURE_BOOT_MODE_ENABLE;
} else {
SecureBootMode = SECURE_BOOT_MODE_DISABLE;
}
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
@ -408,7 +410,8 @@ AuthVariableLibProcessVariable (
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
)) {
))
{
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);

2
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
View File

@ -9,7 +9,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <PiDxe.h>
#include <Library/SecurityManagementLib.h>
/**
Check image authentication status returned from Section Extraction Protocol
@ -47,7 +46,6 @@ DxeImageAuthenticationStatusHandler (
return EFI_SUCCESS;
}
/**
Register image authentication status check handler.

71
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -46,7 +46,6 @@ CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
//
// OID ASN.1 Value for Hash Algorithms
//
@ -117,7 +116,7 @@ DxeImageVerificationLibImageRead (
{
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -139,7 +138,6 @@ DxeImageVerificationLibImageRead (
return EFI_SUCCESS;
}
/**
Get the image type.
@ -207,7 +205,7 @@ GetImageType (
NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (!EFI_ERROR (Status) && BlockIo != NULL) {
if (!EFI_ERROR (Status) && (BlockIo != NULL)) {
if (BlockIo->Media != NULL) {
if (BlockIo->Media->RemovableMedia) {
//
@ -249,24 +247,27 @@ GetImageType (
TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
while (!IsDevicePathEndType (TempDevicePath)) {
switch (DevicePathType (TempDevicePath)) {
case MEDIA_DEVICE_PATH:
if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
return IMAGE_FROM_OPTION_ROM;
}
break;
case MESSAGING_DEVICE_PATH:
if (DevicePathSubType (TempDevicePath) == MSG_MAC_ADDR_DP) {
return IMAGE_FROM_REMOVABLE_MEDIA;
}
break;
default:
break;
}
TempDevicePath = NextDevicePathNode (TempDevicePath);
}
return IMAGE_UNKNOWN;
}
@ -491,7 +492,6 @@ HashPeImage (
SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
}
Section = (EFI_IMAGE_SECTION_HEADER *)(
mImageBase +
mPeCoffHeaderOffset +
@ -511,6 +511,7 @@ HashPeImage (
Status = FALSE;
goto Done;
}
//
// 12. Using the 'PointerToRawData' in the referenced section headers as
// a key, arrange the elements in the table in ascending order. In other
@ -523,6 +524,7 @@ HashPeImage (
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@ -539,6 +541,7 @@ HashPeImage (
if (Section->SizeOfRawData == 0) {
continue;
}
HashBase = mImageBase + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
@ -594,9 +597,11 @@ Done:
if (HashCtx != NULL) {
FreePool (HashCtx);
}
if (SectionHeader != NULL) {
FreePool (SectionHeader);
}
return Status;
}
@ -667,7 +672,6 @@ HashPeImageByType (
return EFI_SUCCESS;
}
/**
Returns the size of a given image execution info table in bytes.
@ -780,6 +784,7 @@ AddImageExeInfo (
} else {
NewImageExeInfoTable->NumberOfImages = 0;
}
NewImageExeInfoTable->NumberOfImages++;
ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)NewImageExeInfoTable + ImageExeInfoTableSize);
//
@ -807,6 +812,7 @@ AddImageExeInfo (
SignatureSize
);
}
//
// Update/replace the image execution table.
//
@ -898,17 +904,21 @@ IsCertHashFoundInDbx (
if (mHash[HashAlg].GetContextSize == NULL) {
goto Done;
}
ZeroMem (CertDigest, MAX_DIGEST_SIZE);
HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ());
if (HashCtx == NULL) {
goto Done;
}
if (!mHash[HashAlg].HashInit (HashCtx)) {
goto Done;
}
if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) {
goto Done;
}
if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) {
goto Done;
}
@ -937,6 +947,7 @@ IsCertHashFoundInDbx (
CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME));
goto Done;
}
CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize);
}
@ -1011,6 +1022,7 @@ IsSignatureFoundInDatabase (
if (EFI_ERROR (Status)) {
goto Done;
}
//
// Enumerate all signature data in SigDB to check if signature exists for executable.
//
@ -1031,6 +1043,7 @@ IsSignatureFoundInDatabase (
if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) {
SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
}
break;
}
@ -1100,7 +1113,8 @@ IsTimeZero (
)
{
if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) &&
(Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) {
(Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0))
{
return TRUE;
}
@ -1166,10 +1180,12 @@ PassTimestampCheck (
if (Status != EFI_BUFFER_TOO_SMALL) {
goto Done;
}
DbtData = (UINT8 *)AllocateZeroPool (DbtDataSize);
if (DbtData == NULL) {
goto Done;
}
Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *)DbtData);
if (EFI_ERROR (Status)) {
goto Done;
@ -1198,9 +1214,11 @@ PassTimestampCheck (
goto Done;
}
}
Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
DbtDataSize -= CertList->SignatureListSize;
CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
@ -1251,6 +1269,7 @@ IsForbiddenByDbx (
UINT8 *Cert;
UINTN CertSize;
EFI_TIME RevocationTime;
//
// Variable Initialization
//
@ -1279,8 +1298,10 @@ IsForbiddenByDbx (
//
IsForbidden = FALSE;
}
return IsForbidden;
}
Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return IsForbidden;
@ -1350,7 +1371,7 @@ IsForbiddenByDbx (
// UINT8 Certn[];
//
Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength);
if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) {
if ((BufferLength == 0) || (CertBuffer == NULL) || ((*CertBuffer) == 0)) {
IsForbidden = TRUE;
goto Done;
}
@ -1392,7 +1413,6 @@ IsForbiddenByDbx (
goto Done;
}
}
}
IsForbidden = FALSE;
@ -1408,7 +1428,6 @@ Done:
return IsForbidden;
}
/**
Check whether the image signature can be verified by the trusted certificates in DB database.
@ -1481,6 +1500,7 @@ IsAllowedByDb (
if (Status != EFI_NOT_FOUND) {
goto Done;
}
//
// 'dbx' does not exist. Continue to check 'db'.
//
@ -1578,6 +1598,7 @@ Done:
if (Data != NULL) {
FreePool (Data);
}
if (DbxData != NULL) {
FreePool (DbxData);
}
@ -1680,7 +1701,6 @@ DxeImageVerificationHandler (
// Check the image type and get policy setting.
//
switch (GetImageType (File)) {
case IMAGE_FROM_FV:
Policy = ALWAYS_EXECUTE;
break;
@ -1701,12 +1721,14 @@ DxeImageVerificationHandler (
Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION;
break;
}
//
// If policy is always/never execute, return directly.
//
if (Policy == ALWAYS_EXECUTE) {
return EFI_SUCCESS;
}
if (Policy == NEVER_EXECUTE) {
return EFI_ACCESS_DENIED;
}
@ -1716,7 +1738,7 @@ DxeImageVerificationHandler (
// violates the UEFI spec and has been removed.
//
ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);
if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) {
if ((Policy == QUERY_USER_ON_SECURITY_VIOLATION) || (Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION)) {
CpuDeadLoop ();
}
@ -1735,6 +1757,7 @@ DxeImageVerificationHandler (
FreePool (SecureBoot);
return EFI_SUCCESS;
}
FreePool (SecureBoot);
//
@ -1773,6 +1796,7 @@ DxeImageVerificationHandler (
} else {
mPeCoffHeaderOffset = 0;
}
//
// Check PE/COFF image.
//
@ -1806,7 +1830,7 @@ DxeImageVerificationHandler (
//
// Start Image Validation.
//
if (SecDataDir == NULL || SecDataDir->Size == 0) {
if ((SecDataDir == NULL) || (SecDataDir->Size == 0)) {
//
// This image is not signed. The SHA256 hash value of the image must match a record in the security database "db",
// and not be reflected in the security data base "dbx".
@ -1860,15 +1884,18 @@ DxeImageVerificationHandler (
SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size;
for (OffSet = SecDataDir->VirtualAddress;
OffSet < SecDataDirEnd;
OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) {
OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength)))
{
SecDataDirLeft = SecDataDirEnd - OffSet;
if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) {
break;
}
WinCertificate = (WIN_CERTIFICATE *)(mImageBase + OffSet);
if (SecDataDirLeft < WinCertificate->dwLength ||
if ((SecDataDirLeft < WinCertificate->dwLength) ||
(SecDataDirLeft - WinCertificate->dwLength <
ALIGN_SIZE (WinCertificate->dwLength))) {
ALIGN_SIZE (WinCertificate->dwLength)))
{
break;
}
@ -1884,6 +1911,7 @@ DxeImageVerificationHandler (
if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
break;
}
AuthData = PkcsCertData->CertData;
AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof (PkcsCertData->Hdr);
} else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
@ -1894,15 +1922,18 @@ DxeImageVerificationHandler (
if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
break;
}
if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {
continue;
}
AuthData = WinCertUefiGuid->CertData;
AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
} else {
if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
break;
}
continue;
}
@ -1972,7 +2003,8 @@ DxeImageVerificationHandler (
if (IsVerified) {
return EFI_SUCCESS;
}
if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
if ((Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED) || (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND)) {
//
// Get image hash value as signature of executable.
//
@ -1982,6 +2014,7 @@ DxeImageVerificationHandler (
SignatureListSize = 0;
goto Failed;
}
SignatureList->SignatureHeaderSize = 0;
SignatureList->SignatureListSize = (UINT32)SignatureListSize;
SignatureList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
@ -2009,6 +2042,7 @@ Failed:
if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) {
return EFI_SECURITY_VIOLATION;
}
return EFI_ACCESS_DENIED;
}
@ -2044,7 +2078,6 @@ OnReadyToBoot (
ImageExeInfoTable->NumberOfImages = 0;
gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)ImageExeInfoTable);
}
/**

3
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h
View File

@ -82,7 +82,6 @@ typedef struct {
UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
/**
Retrieves the size, in bytes, of the context buffer required for hash operations.
@ -113,7 +112,6 @@ BOOLEAN
IN OUT VOID *HashContext
);
/**
Performs digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams.
@ -159,7 +157,6 @@ BOOLEAN
OUT UINT8 *HashValue
);
//
// Hash Algorithm Table
//

10
SecurityPkg/Library/DxeImageVerificationLib/Measurement.c
View File

@ -116,10 +116,12 @@ AddDataMeasured (
if (NewMeasuredAuthorityList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
if (mMeasuredAuthorityList != NULL) {
CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof (VARIABLE_RECORD) * mMeasuredAuthorityCount);
FreePool (mMeasuredAuthorityList);
}
mMeasuredAuthorityList = NewMeasuredAuthorityList;
mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX;
}
@ -134,6 +136,7 @@ AddDataMeasured (
if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size);
mMeasuredAuthorityCount++;
@ -165,7 +168,8 @@ IsDataMeasured (
if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) &&
(CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) &&
(Size == mMeasuredAuthorityList[Index].Size)) {
(Size == mMeasuredAuthorityList[Index].Size))
{
return TRUE;
}
}
@ -192,10 +196,12 @@ IsSecureAuthorityVariable (
for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) {
(CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)))
{
return TRUE;
}
}
return FALSE;
}

26
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -72,9 +72,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
@ -87,9 +90,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
@ -147,7 +153,9 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@ -175,7 +183,9 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@ -246,12 +256,14 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -275,9 +287,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -304,6 +318,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -321,6 +336,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
PERF_INMODULE_BEGIN ("DxeRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("DxeRsaShaData");
@ -329,6 +345,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n"));
@ -363,6 +380,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}

39
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
View File

@ -90,6 +90,7 @@ Tpm2CommandClear (
if (EFI_ERROR (Status)) {
goto Done;
}
DEBUG ((DEBUG_INFO, "Tpm2Clear ... \n"));
Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession);
DEBUG ((DEBUG_INFO, "Tpm2Clear - %r\n", Status));
@ -187,7 +188,7 @@ Tcg2ExecutePhysicalPresence (
// Firmware has to ensure that at least one PCR banks is active.
// If not, an error is returned and no action is taken.
//
if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) {
if ((CommandParameter == 0) || ((CommandParameter & (~TpmHashAlgorithmBitmap)) != 0)) {
DEBUG ((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter));
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
@ -250,7 +251,6 @@ Tcg2ExecutePhysicalPresence (
}
}
/**
Read the specified key for user confirmation.
@ -277,9 +277,11 @@ Tcg2ReadUserKey (
if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode;
}
@ -313,30 +315,39 @@ Tcg2FillBufferWithBootHashAlg (
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
if (Buffer[0] != 0) {
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1);
}
}
@ -382,7 +393,6 @@ Tcg2UserConfirm (
ASSERT (mTcg2PpStringPackHandle != NULL);
switch (TpmPpCommand) {
case TCG2_PHYSICAL_PRESENCE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR:
case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2:
@ -533,6 +543,7 @@ Tcg2UserConfirm (
} else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY));
}
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@ -549,6 +560,7 @@ Tcg2UserConfirm (
} else {
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY));
}
StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1);
FreePool (TmpStr1);
@ -560,6 +572,7 @@ Tcg2UserConfirm (
TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY));
}
BufSize -= StrSize (ConfirmText);
UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2);
@ -631,6 +644,7 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE:
@ -644,12 +658,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -660,12 +676,14 @@ Tcg2HaveValidTpmRequest (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
*RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -706,7 +724,6 @@ Tcg2HaveValidTpmRequest (
return TRUE;
}
/**
Check and execute the requested physical presence command.
@ -748,6 +765,7 @@ Tcg2ExecutePendingTpmRequest (
} else {
TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
TcgPpData->LastPPRequest = TcgPpData->PPRequest;
TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
TcgPpData->PPRequestParameter = 0;
@ -865,9 +883,11 @@ Tcg2ExecutePendingTpmRequest (
return;
}
}
if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) {
break;
}
return;
}
@ -950,6 +970,7 @@ Tcg2PhysicalPresenceLibProcessRequest (
DEBUG ((DEBUG_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status));
return;
}
DEBUG ((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags));
}
@ -987,7 +1008,6 @@ Tcg2PhysicalPresenceLibProcessRequest (
//
Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags);
DEBUG ((DEBUG_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags));
}
/**
@ -1071,7 +1091,6 @@ Tcg2PhysicalPresenceLibNeedUserConfirm(
return FALSE;
}
/**
The handler for TPM physical presence function:
Return TPM Operation Response to OS Environment.
@ -1162,12 +1181,14 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
}
if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
(OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
}
if ((PpData.PPRequest != OperationRequest) ||
(PpData.PPRequestParameter != RequestParameter)) {
(PpData.PPRequestParameter != RequestParameter))
{
PpData.PPRequest = (UINT8)OperationRequest;
PpData.PPRequestParameter = RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -1196,6 +1217,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
if (EFI_ERROR (Status)) {
Flags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter);
}
@ -1230,5 +1252,6 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}

23
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
View File

@ -227,6 +227,7 @@ TpmCommandNoReturnData (
if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
return SwapBytes32 (TpmRsp.returnCode);
}
@ -302,6 +303,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE:
@ -309,6 +311,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE:
@ -341,6 +344,7 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE:
@ -348,6 +352,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
@ -376,6 +381,7 @@ ExecutePhysicalPresence (
if (TpmResponse == 0) {
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags);
}
return TpmResponse;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -414,6 +420,7 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
@ -428,15 +435,16 @@ ExecutePhysicalPresence (
TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags);
PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK;
}
return TpmResponse;
default:
;
}
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
}
/**
Read the specified key for user confirmation.
@ -472,9 +480,11 @@ ReadUserKey (
if (Key.ScanCode == SCAN_ESC) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
InputKey = Key.ScanCode;
}
if ((Key.ScanCode == SCAN_F12) && CautionKey) {
InputKey = Key.ScanCode;
}
@ -940,6 +950,7 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_CLEAR:
@ -947,19 +958,22 @@ HaveValidTpmRequest (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) {
*RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@ -1002,7 +1016,6 @@ HaveValidTpmRequest (
return TRUE;
}
/**
Check and execute the requested physical presence command.
@ -1138,9 +1151,11 @@ ExecutePendingTpmRequest (
return;
}
}
if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) {
break;
}
return;
}
@ -1207,6 +1222,7 @@ TcgPhysicalPresenceLibProcessRequest (
return;
}
}
DEBUG ((DEBUG_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags));
//
@ -1274,6 +1290,7 @@ TcgPhysicalPresenceLibProcessRequest (
//
return;
}
Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE);
if (EFI_ERROR (Status)) {
return;

29
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
View File

@ -81,7 +81,7 @@ DxeTpm2MeasureBootLibImageRead (
{
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -145,10 +145,12 @@ Tcg2MeasureGptTable (
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
//
// Read the EFI Partition Table Header
//
@ -156,6 +158,7 @@ Tcg2MeasureGptTable (
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
//
// Read the partition entry.
//
@ -176,6 +180,7 @@ Tcg2MeasureGptTable (
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -198,6 +203,7 @@ Tcg2MeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@ -239,6 +245,7 @@ Tcg2MeasureGptTable (
);
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@ -479,14 +486,15 @@ DxeTpm2MeasureBootHandler (
//
// Find the Gpt partition
//
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
(DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
(((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
//
// Change the partition device path to its parent device path (disk) and get the handle.
//
@ -511,12 +519,14 @@ DxeTpm2MeasureBootHandler (
mTcg2MeasureGptTableFlag = TRUE;
}
}
FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL);
break;
}
}
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
@ -539,6 +549,7 @@ DxeTpm2MeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS;
}
//
// The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below.
@ -547,7 +558,7 @@ DxeTpm2MeasureBootHandler (
//
ApplicationRequired = TRUE;
if (mTcg2CacheMeasuredHandle != Handle && mTcg2MeasuredHobData != NULL) {
if ((mTcg2CacheMeasuredHandle != Handle) && (mTcg2MeasuredHobData != NULL)) {
//
// Search for Root FV of this PE image
//
@ -626,7 +637,8 @@ DxeTpm2MeasureBootHandler (
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
(ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
//
// Print the image path to be measured.
//
@ -641,6 +653,7 @@ DxeTpm2MeasureBootHandler (
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
DEBUG_CODE_END ();
//

32
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@ -79,7 +79,7 @@ DxeTpmMeasureBootLibImageRead (
{
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -145,10 +145,12 @@ TcgMeasureGptTable (
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
//
// Read the EFI Partition Table Header
//
@ -156,6 +158,7 @@ TcgMeasureGptTable (
if (PrimaryHeader == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -168,6 +171,7 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader);
return EFI_DEVICE_ERROR;
}
//
// Read the partition entry.
//
@ -176,6 +180,7 @@ TcgMeasureGptTable (
FreePool (PrimaryHeader);
return EFI_OUT_OF_RESOURCES;
}
Status = DiskIo->ReadDisk (
DiskIo,
BlockIo->Media->MediaId,
@ -198,6 +203,7 @@ TcgMeasureGptTable (
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@ -237,6 +243,7 @@ TcgMeasureGptTable (
);
NumberOfPartition++;
}
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
}
@ -561,6 +568,7 @@ TcgMeasurePeImage (
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@ -577,6 +585,7 @@ TcgMeasurePeImage (
if (Section->SizeOfRawData == 0) {
continue;
}
HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
@ -665,6 +674,7 @@ Finish:
if (Sha1Ctx != NULL ) {
FreePool (Sha1Ctx);
}
return Status;
}
@ -777,14 +787,15 @@ DxeTpmMeasureBootHandler (
//
// Find the Gpt partition
//
if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&
(DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))
{
//
// Check whether it is a gpt partition or not
//
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&
(((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))
{
//
// Change the partition device path to its parent device path (disk) and get the handle.
//
@ -808,12 +819,14 @@ DxeTpmMeasureBootHandler (
mMeasureGptTableFlag = TRUE;
}
}
FreePool (OrigDevicePathNode);
OrigDevicePathNode = DuplicateDevicePath (File);
ASSERT (OrigDevicePathNode != NULL);
break;
}
}
DevicePathNode = NextDevicePathNode (DevicePathNode);
}
}
@ -836,6 +849,7 @@ DxeTpmMeasureBootHandler (
if (IsDevicePathEnd (DevicePathNode)) {
return EFI_SUCCESS;
}
//
// The PE image from unmeasured Firmware volume need be measured
// The PE image from measured Firmware volume will be measured according to policy below.
@ -844,7 +858,7 @@ DxeTpmMeasureBootHandler (
//
ApplicationRequired = TRUE;
if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {
if ((mCacheMeasuredHandle != Handle) && (mMeasuredHobData != NULL)) {
//
// Search for Root FV of this PE image
//
@ -923,7 +937,8 @@ DxeTpmMeasureBootHandler (
// Measure drivers and applications if Application flag is not set
//
if ((!ApplicationRequired) ||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
(ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))
{
//
// Print the image path to be measured.
//
@ -938,6 +953,7 @@ DxeTpmMeasureBootHandler (
DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));
FreePool (ToText);
}
DEBUG_CODE_END ();
//

2
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
View File

@ -20,8 +20,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Acpi.h>
#include <IndustryStandard/Acpi.h>
/**
Tpm12 measure and log data, and extend the measurement result into a specific PCR.

7
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c
View File

@ -108,6 +108,7 @@ FmpAuthenticatedHandlerPkcs7 (
Status = RETURN_SECURITY_VIOLATION;
goto Done;
}
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n"));
Status = RETURN_SUCCESS;
@ -171,22 +172,27 @@ AuthenticateFmpImage (
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER;
}
if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER;
}
if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER;
@ -213,4 +219,3 @@ AuthenticateFmpImage (
//
return RETURN_UNSUPPORTED;
}

15
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c
View File

@ -113,12 +113,14 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n"));
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -137,9 +139,11 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n"));
Status = RETURN_SECURITY_VIOLATION;
@ -167,6 +171,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -196,6 +201,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Update (
HashContext,
(UINT8 *)&Image->MonotonicCount,
@ -206,6 +212,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_OUT_OF_RESOURCES;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n"));
@ -231,6 +238,7 @@ FmpAuthenticatedHandlerRsa2048Sha256 (
Status = RETURN_SECURITY_VIOLATION;
goto Done;
}
DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n"));
Status = RETURN_SUCCESS;
@ -242,6 +250,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}
@ -309,22 +318,27 @@ AuthenticateFmpImage (
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n"));
return RETURN_INVALID_PARAMETER;
}
if ((UINTN)Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof (UINT64)) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n"));
return RETURN_INVALID_PARAMETER;
}
if (ImageSize <= sizeof (Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n"));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wRevision != 0x0200) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200));
return RETURN_INVALID_PARAMETER;
}
if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
DEBUG ((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID));
return RETURN_INVALID_PARAMETER;
@ -351,4 +365,3 @@ AuthenticateFmpImage (
//
return RETURN_UNSUPPORTED;
}

1
SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha1Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha256Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
View File

@ -145,5 +145,6 @@ HashInstanceLibSha384Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c
View File

@ -144,5 +144,6 @@ HashInstanceLibSha512Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

1
SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
View File

@ -146,5 +146,6 @@ HashInstanceLibSm3Constructor (
//
return EFI_SUCCESS;
}
return Status;
}

2
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c
View File

@ -42,11 +42,13 @@ Tpm2GetHashMaskFromAlgo (
)
{
UINTN Index;
for (Index = 0; Index < sizeof (mTpm2HashMask)/sizeof (mTpm2HashMask[0]); Index++) {
if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) {
return mTpm2HashMask[Index].Mask;
}
}
return 0;
}

6
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c
View File

@ -19,7 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "HashLibBaseCryptoRouterCommon.h"
HASH_INTERFACE mHashInterface[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
HASH_INTERFACE mHashInterface[HASH_COUNT] = {
{
{ 0 }, NULL, NULL, NULL
}
};
UINTN mHashInterfaceCount = 0;
UINT32 mSupportedHashMaskLast = 0;

5
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
View File

@ -64,9 +64,11 @@ InternalGetHashInterfaceHob (
//
return HashInterfaceHob;
}
Hob.Raw = GET_NEXT_HOB (Hob);
Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw);
}
return NULL;
}
@ -107,7 +109,8 @@ CheckSupportedHashMaskMismatch (
ASSERT (HashInterfaceHobLast != NULL);
if ((HashInterfaceHobLast->SupportedHashMask != 0) &&
(HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) {
(HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask))
{
DEBUG ((
DEBUG_WARN,
"WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n",

12
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c
View File

@ -75,6 +75,7 @@ HashStart (
if (!EFI_ERROR (Status)) {
*HashHandle = (HASH_HANDLE)SequenceHandle;
}
return Status;
}
@ -102,7 +103,6 @@ HashUpdate (
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
@ -158,7 +158,6 @@ HashCompleteAndExtend (
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
@ -203,9 +202,11 @@ HashCompleteAndExtend (
DigestList
);
}
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
@ -250,6 +251,7 @@ HashAndExtend (
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
return EFI_SUCCESS;
}
@ -257,11 +259,11 @@ HashAndExtend (
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG ((DEBUG_VERBOSE, "\n Tpm2HashSequenceStart Success \n"));
Buffer = (UINT8 *)(UINTN)DataToHash;
for (HashLen = DataToHashLen; HashLen > sizeof (HashBuffer.buffer); HashLen -= sizeof (HashBuffer.buffer)) {
HashBuffer.size = sizeof (HashBuffer.buffer);
CopyMem (HashBuffer.buffer, Buffer, sizeof (HashBuffer.buffer));
Buffer += sizeof (HashBuffer.buffer);
@ -271,6 +273,7 @@ HashAndExtend (
return EFI_DEVICE_ERROR;
}
}
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceUpdate Success \n"));
HashBuffer.size = (UINT16)HashLen;
@ -289,6 +292,7 @@ HashAndExtend (
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG ((DEBUG_VERBOSE, "\n Tpm2EventSequenceComplete Success \n"));
} else {
Status = Tpm2SequenceComplete (
@ -299,6 +303,7 @@ HashAndExtend (
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG ((DEBUG_VERBOSE, "\n Tpm2SequenceComplete Success \n"));
DigestList->count = 1;
@ -311,6 +316,7 @@ HashAndExtend (
if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
DEBUG ((DEBUG_VERBOSE, "\n Tpm2PcrExtend Success \n"));
}

4
SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c
View File

@ -63,6 +63,7 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, sizeof (Seed));
BlockCount--;
@ -76,6 +77,7 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, (Length % sizeof (Seed)));
return Status;
@ -105,7 +107,6 @@ GetAuthSize (
Status = EFI_SUCCESS;
while (mAuthSize == 0) {
mAuthSize = SHA1_DIGEST_SIZE;
ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
Status = Tpm2GetCapabilityPcrs (&Pcrs);
@ -145,6 +146,7 @@ GetAuthSize (
mAuthSize = DigestSize;
}
}
break;
}

26
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
View File

@ -70,9 +70,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
@ -85,9 +88,12 @@ Rsa2048Sha256GuidedSectionGetInfo (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
//
// Retrieve the size and attribute of the input section data.
//
@ -144,7 +150,9 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@ -172,7 +180,9 @@ Rsa2048Sha256GuidedSectionHandler (
//
if (!CompareGuid (
&gEfiCertTypeRsa2048Sha256Guid,
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) {
&(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid)
))
{
return EFI_INVALID_PARAMETER;
}
@ -230,12 +240,14 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof (CertBlockRsa2048Sha256->PublicKey));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -259,9 +271,11 @@ Rsa2048Sha256GuidedSectionHandler (
CryptoStatus = TRUE;
break;
}
PublicKey = PublicKey + SHA256_DIGEST_SIZE;
PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE;
}
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n"));
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
@ -288,6 +302,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n"));
@ -305,6 +320,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
PERF_INMODULE_BEGIN ("PeiRsaShaData");
CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize);
PERF_INMODULE_END ("PeiRsaShaData");
@ -313,6 +329,7 @@ Rsa2048Sha256GuidedSectionHandler (
*AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED;
goto Done;
}
CryptoStatus = Sha256Final (HashContext, Digest);
if (!CryptoStatus) {
DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n"));
@ -347,6 +364,7 @@ Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (HashContext != NULL) {
FreePool (HashContext);
}

1
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
View File

@ -49,5 +49,6 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
if (EFI_ERROR (Status)) {
PpiFlags.PPFlags = PcdGet32 (PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}

2
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
View File

@ -39,7 +39,6 @@ UserPhysicalPresent (
return mUserPhysicalPresence;
}
/**
Save user physical presence state from a PCD to mUserPhysicalPresence.
@ -52,7 +51,6 @@ PlatformSecureLibNullConstructor (
VOID
)
{
mUserPhysicalPresence = PcdGetBool (PcdUserPhysicalPresence);
return RETURN_SUCCESS;

1
SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c
View File

@ -44,4 +44,3 @@ IncrementMonotonicCounter (
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}

13
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
View File

@ -142,7 +142,6 @@ SecureBootFetchData (
UINTN Size;
UINTN KeyIndex;
KeyIndex = 0;
EfiSig = NULL;
*SigListsSize = 0;
@ -162,6 +161,7 @@ SecureBootFetchData (
if (EfiSig != NULL) {
FreePool (EfiSig);
}
FreePool (Buffer);
return EFI_INVALID_PARAMETER;
}
@ -183,10 +183,12 @@ SecureBootFetchData (
KeyIndex++;
FreePool (Buffer);
} if (Status == EFI_NOT_FOUND) {
}
if (Status == EFI_NOT_FOUND) {
break;
}
};
}
if (KeyIndex == 0) {
return EFI_NOT_FOUND;
@ -229,7 +231,7 @@ CreateTimeBasedPayload (
UINTN DescriptorSize;
EFI_TIME Time;
if (Data == NULL || DataSize == NULL) {
if ((Data == NULL) || (DataSize == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -260,6 +262,7 @@ CreateTimeBasedPayload (
FreePool (NewData);
return Status;
}
Time.Pad1 = 0;
Time.Nanosecond = 0;
Time.TimeZone = 0;
@ -308,6 +311,7 @@ DeleteVariable (
if (Variable == NULL) {
return EFI_SUCCESS;
}
FreePool (Variable);
Data = NULL;
@ -331,6 +335,7 @@ DeleteVariable (
if (Data != NULL) {
FreePool (Data);
}
return Status;
}

14
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
View File

@ -73,8 +73,14 @@ EnrollFromDefault (
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName,
VendorGuid, Status));
DEBUG ((
DEBUG_ERROR,
"error: %a (\"%s\", %g): %r\n",
__FUNCTION__,
VariableName,
VendorGuid,
Status
));
}
if (Data != NULL) {
@ -182,7 +188,6 @@ SecureBootInitKEKDefault (
return Status;
}
Status = gRT->SetVariable (
EFI_KEK_DEFAULT_VARIABLE_NAME,
&gEfiGlobalVariableGuid,
@ -428,7 +433,8 @@ EnrollDbtFromDefault (
Status = EnrollFromDefault (
EFI_IMAGE_SECURITY_DATABASE2,
EFI_DBT_DEFAULT_VARIABLE_NAME,
&gEfiImageSecurityDatabaseGuid);
&gEfiImageSecurityDatabaseGuid
);
return Status;
}

14
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c
View File

@ -129,13 +129,15 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
}
if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) &&
(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) {
(*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN))
{
ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED;
goto EXIT;
}
if ((PpData.PPRequest != *OperationRequest) ||
(PpData.PPRequestParameter != *RequestParameter)) {
(PpData.PPRequestParameter != *RequestParameter))
{
PpData.PPRequest = (UINT8)*OperationRequest;
PpData.PPRequestParameter = *RequestParameter;
DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE);
@ -165,6 +167,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
if (EFI_ERROR (Status)) {
Flags.PPFlags = mTcg2PhysicalPresenceFlags;
}
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter);
}
@ -262,6 +265,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status));
return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
}
//
// Get the Physical Presence flags
//
@ -288,6 +292,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_NO_ACTION:
@ -302,12 +307,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS:
if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
@ -318,12 +325,14 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID:
if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) {
RequestConfirmed = TRUE;
}
break;
case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE:
@ -353,6 +362,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (
return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED;
}
}
break;
}

11
SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
View File

@ -42,9 +42,11 @@ TpmMeasurementGetFvName (
if (FvBase >= MAX_ADDRESS) {
return NULL;
}
if (FvLength >= MAX_ADDRESS - FvBase) {
return NULL;
}
if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
@ -53,12 +55,15 @@ TpmMeasurementGetFvName (
if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
return NULL;
}
if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
return NULL;
}
FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
return &FvExtHeader->FvName;
@ -97,7 +102,8 @@ MeasureFirmwareBlob (
FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
if (((Description != NULL) || (FvName != NULL)) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
(PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
{
if (Description != NULL) {
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description);
} else {
@ -164,7 +170,8 @@ MeasureHandoffTable (
EFI_STATUS Status;
if ((Description != NULL) &&
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
(PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
{
AsciiSPrint ((CHAR8 *)HandoffTables2.TableDescription, sizeof (HandoffTables2.TableDescription), "%a", Description);
HandoffTables2.TableDescriptionSize = sizeof (HandoffTables2.TableDescription);

126
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c
View File

@ -68,12 +68,18 @@ TcgStartComPacket(
{
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket != NULL ||
CreateStruct->CurPacket != NULL ||
CreateStruct->CurSubPacket != NULL
) {
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket,
CreateStruct->CurSubPacket));
if ((CreateStruct->ComPacket != NULL) ||
(CreateStruct->CurPacket != NULL) ||
(CreateStruct->CurSubPacket != NULL)
)
{
DEBUG ((
DEBUG_INFO,
"unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n",
CreateStruct->ComPacket,
CreateStruct->CurPacket,
CreateStruct->CurSubPacket
));
return (TcgResultFailureInvalidAction);
}
@ -113,14 +119,16 @@ TcgStartPacket(
)
{
UINT32 AddedSize;
NULL_CHECK (CreateStruct);
AddedSize = 0;
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket != NULL ||
CreateStruct->CurSubPacket != NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket != NULL) ||
(CreateStruct->CurSubPacket != NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -170,10 +178,11 @@ TcgStartSubPacket(
AddedSize = 0;
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket != NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket != NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -218,10 +227,11 @@ TcgEndSubPacket(
PadSize = 0;
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -262,10 +272,11 @@ TcgEndPacket(
{
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket != NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket != NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -293,10 +304,11 @@ TcgEndComPacket(
NULL_CHECK (CreateStruct);
NULL_CHECK (Size);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket != NULL ||
CreateStruct->CurSubPacket != NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket != NULL) ||
(CreateStruct->CurSubPacket != NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -339,17 +351,19 @@ TcgAddRawTokenData(
NULL_CHECK (CreateStruct);
if ((HeaderSize != 0 && Header == NULL) ||
(DataSize != 0 && Data == NULL)
) {
if (((HeaderSize != 0) && (Header == NULL)) ||
((DataSize != 0) && (Data == NULL))
)
{
DEBUG ((DEBUG_INFO, "HeaderSize=0x%X Header=%p DataSize=0x%X Data=%p\n", HeaderSize, Header, DataSize, Data));
return (TcgResultFailureNullPointer);
}
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -413,7 +427,6 @@ TcgAddRawByte(
return TcgAddRawTokenData (CreateStruct, NULL, 0, &Byte, 1, FALSE);
}
/**
simple tokens - atoms: tiny, short, medium, long and empty atoms.
tiny atom can be a signed or unsigned integer.
@ -458,9 +471,10 @@ TcgAddAtom(
DataBytes = (const UINT8 *)Data;
if ((DataSize == 1) &&
(ByteOrInt == TCG_ATOM_TYPE_INTEGER) &&
((SignOrCont != 0 && ((TCG_TOKEN_TINYATOM_SIGNED_MIN_VALUE <= *(INT8*)Data) && (*(INT8*)Data <= TCG_TOKEN_TINYATOM_SIGNED_MAX_VALUE))) ||
(SignOrCont == 0 && ((*DataBytes <= TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE))))
) {
(((SignOrCont != 0) && ((TCG_TOKEN_TINYATOM_SIGNED_MIN_VALUE <= *(INT8 *)Data) && (*(INT8 *)Data <= TCG_TOKEN_TINYATOM_SIGNED_MAX_VALUE))) ||
((SignOrCont == 0) && ((*DataBytes <= TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE))))
)
{
TinyAtom.TinyAtomBits.IsZero = 0;
TinyAtom.TinyAtomBits.Sign = SignOrCont;
TinyAtom.TinyAtomBits.Data = *DataBytes & TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE;
@ -628,7 +642,6 @@ TcgAddUINT32(
return TcgAddInteger (CreateStruct, &Value, sizeof (Value), FALSE);
}
/**
Adds a 64-bit unsigned integer to the Data structure.
@ -886,6 +899,7 @@ TcgInitTcgParseStruct(
DEBUG ((DEBUG_INFO, "ComPacket too small for Packet\n"));
return (TcgResultFailureBufferTooSmall);
}
ParseStruct->CurPacket = (TCG_PACKET *)ParseStruct->ComPacket->Payload;
PacketLength = SwapBytes32 (ParseStruct->CurPacket->LengthBE);
@ -931,10 +945,11 @@ TcgGetNextToken(
NULL_CHECK (ParseStruct);
NULL_CHECK (TcgToken);
if (ParseStruct->ComPacket == NULL ||
ParseStruct->CurPacket == NULL ||
ParseStruct->CurSubPacket == NULL
) {
if ((ParseStruct->ComPacket == NULL) ||
(ParseStruct->CurPacket == NULL) ||
(ParseStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket));
return TcgResultFailureInvalidAction;
}
@ -971,7 +986,7 @@ TcgGetNextToken(
}
}
// Short Atom Range
else if (0x80 <= Hdr && Hdr <= 0xBF) {
else if ((0x80 <= Hdr) && (Hdr <= 0xBF)) {
// short atom Header is only 1 byte, so don't need to verify Size before cast and access
TmpShort = (TCG_SIMPLE_TOKEN_SHORT_ATOM *)(ParseStruct->CurPtr);
TcgToken->Type = TcgTokenTypeShortAtom;
@ -985,10 +1000,11 @@ TcgGetNextToken(
}
}
// Medium Atom Range
else if (0xC0 <= Hdr && Hdr <= 0xDF) {
else if ((0xC0 <= Hdr) && (Hdr <= 0xDF)) {
if (TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM) >= EndOfSubPacket) {
return (TcgResultFailureEndBuffer);
}
TmpMed = (const TCG_SIMPLE_TOKEN_MEDIUM_ATOM *)ParseStruct->CurPtr;
TcgToken->Type = TcgTokenTypeMediumAtom;
TokenEnd = TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_MEDIUM_ATOM) +
@ -1002,10 +1018,11 @@ TcgGetNextToken(
}
}
// Long Atom Range
else if (0xE0 <= Hdr && Hdr <= 0xE3) {
else if ((0xE0 <= Hdr) && (Hdr <= 0xE3)) {
if (TcgToken->HdrStart + sizeof (TCG_SIMPLE_TOKEN_LONG_ATOM) >= EndOfSubPacket) {
return (TcgResultFailureEndBuffer);
}
TmpLong = (const TCG_SIMPLE_TOKEN_LONG_ATOM *)ParseStruct->CurPtr;
TcgToken->Type = TcgTokenTypeLongAtom;
@ -1057,6 +1074,7 @@ TcgGetNextToken(
TcgToken->Type = TcgTokenTypeReserved;
break;
}
ParseStruct->CurPtr++;
TokenEnd = TcgToken->HdrStart + 1;
}
@ -1100,7 +1118,8 @@ TcgGetAtomInfo(
NULL_CHECK (SignOrCont);
switch (TcgToken->Type) {
case TcgTokenTypeTinyAtom: {
case TcgTokenTypeTinyAtom:
{
TinyAtom = (TCG_SIMPLE_TOKEN_TINY_ATOM *)TcgToken->HdrStart;
*ByteOrInt = TCG_ATOM_TYPE_INTEGER;
*SignOrCont = TinyAtom->TinyAtomBits.Sign;
@ -1109,7 +1128,8 @@ TcgGetAtomInfo(
return TcgResultSuccess;
}
case TcgTokenTypeShortAtom: {
case TcgTokenTypeShortAtom:
{
ShortAtom = (TCG_SIMPLE_TOKEN_SHORT_ATOM *)TcgToken->HdrStart;
*ByteOrInt = ShortAtom->ShortAtomBits.ByteOrInt;
*SignOrCont = ShortAtom->ShortAtomBits.SignOrCont;
@ -1118,7 +1138,8 @@ TcgGetAtomInfo(
return TcgResultSuccess;
}
case TcgTokenTypeMediumAtom: {
case TcgTokenTypeMediumAtom:
{
MediumAtom = (TCG_SIMPLE_TOKEN_MEDIUM_ATOM *)TcgToken->HdrStart;
*ByteOrInt = MediumAtom->MediumAtomBits.ByteOrInt;
*SignOrCont = MediumAtom->MediumAtomBits.SignOrCont;
@ -1127,7 +1148,8 @@ TcgGetAtomInfo(
return TcgResultSuccess;
}
case TcgTokenTypeLongAtom: {
case TcgTokenTypeLongAtom:
{
LongAtom = (TCG_SIMPLE_TOKEN_LONG_ATOM *)TcgToken->HdrStart;
*ByteOrInt = LongAtom->LongAtomBits.ByteOrInt;
*SignOrCont = LongAtom->LongAtomBits.SignOrCont;
@ -1227,7 +1249,7 @@ TcgGetTokenByteSequence(
UINT8 ByteOrInt;
UINT8 SignOrCont;
if (TcgToken == NULL || Length == NULL) {
if ((TcgToken == NULL) || (Length == NULL)) {
return NULL;
}
@ -1361,6 +1383,7 @@ TcgGetNextUINT64(
)
{
TCG_TOKEN Tok;
ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok));
ERROR_CHECK (TcgGetTokenUINT64 (&Tok, Value));
return TcgResultSuccess;
@ -1463,6 +1486,7 @@ TcgGetNextByteSequence(
if (Bs == NULL) {
return TcgResultFailure;
}
*Data = Bs;
return TcgResultSuccess;
}
@ -1484,11 +1508,13 @@ TcgGetNextTokenType(
)
{
TCG_TOKEN Tok;
ERROR_CHECK (TcgGetNextToken (ParseStruct, &Tok));
if (Tok.Type != Type) {
DEBUG ((DEBUG_INFO, "expected Type %u, got Type %u\n", Type, Tok.Type));
return TcgResultFailure;
}
return TcgResultSuccess;
}

60
SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c
View File

@ -55,10 +55,10 @@ TcgMethodStatusString(
C (FAIL);
#undef C
}
return "unknown";
}
/**
adds call token and method Header (invoking id, and method id).
@ -77,10 +77,11 @@ TcgStartMethodCall(
{
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -106,10 +107,11 @@ TcgStartParameters(
{
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -131,10 +133,11 @@ TcgEndParameters(
{
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -156,10 +159,11 @@ TcgEndMethodCall(
{
NULL_CHECK (CreateStruct);
if (CreateStruct->ComPacket == NULL ||
CreateStruct->CurPacket == NULL ||
CreateStruct->CurSubPacket == NULL
) {
if ((CreateStruct->ComPacket == NULL) ||
(CreateStruct->CurPacket == NULL) ||
(CreateStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket));
return (TcgResultFailureInvalidAction);
}
@ -227,11 +231,12 @@ TcgCheckComIds(
UINT16 ParseComIdExtension;
ERROR_CHECK (TcgGetComIds (ParseStruct, &ParseComId, &ParseComIdExtension));
if (ParseComId != ExpectedComId || ParseComIdExtension != ExpectedComIdExtension) {
if ((ParseComId != ExpectedComId) || (ParseComIdExtension != ExpectedComIdExtension)) {
DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId));
DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension));
return TcgResultFailure;
}
return TcgResultSuccess;
}
@ -257,10 +262,11 @@ TcgGetMethodStatus(
NULL_CHECK (ParseStruct);
NULL_CHECK (MethodStatus);
if (ParseStruct->ComPacket == NULL ||
ParseStruct->CurPacket == NULL ||
ParseStruct->CurSubPacket == NULL
) {
if ((ParseStruct->ComPacket == NULL) ||
(ParseStruct->CurPacket == NULL) ||
(ParseStruct->CurSubPacket == NULL)
)
{
DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket));
return TcgResultFailureInvalidAction;
}
@ -326,10 +332,10 @@ TcgTokenTypeString(
case TcgTokenTypeEndTransaction: return "End Transaction";
case TcgTokenTypeEmptyAtom: return "Empty atom";
}
return "Unknown";
}
/**
Adds Start Session call to the data structure. This creates the entire ComPacket structure and
@ -372,12 +378,13 @@ TcgCreateStartSession(
ERROR_CHECK (TcgAddBOOLEAN (CreateStruct, Write));
// optional parameters
if (HostChallenge != NULL && HostChallengeLength != 0) {
if ((HostChallenge != NULL) && (HostChallengeLength != 0)) {
ERROR_CHECK (TcgAddStartName (CreateStruct));
ERROR_CHECK (TcgAddUINT8 (CreateStruct, 0x00)); // TODO Create Enum for Method Optional Parameters?
ERROR_CHECK (TcgAddByteSequence (CreateStruct, HostChallenge, HostChallengeLength, FALSE));
ERROR_CHECK (TcgAddEndName (CreateStruct));
}
// optional parameters
if (HostSigningAuthority != 0) {
ERROR_CHECK (TcgAddStartName (CreateStruct));
@ -440,6 +447,7 @@ TcgParseSyncSession(
DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId));
return TcgResultFailure;
}
ERROR_CHECK (TcgGetNextCall (&TmpParseStruct));
ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &InvokingUID));
ERROR_CHECK (TcgGetNextTcgUid (&TmpParseStruct, &MethodUID));
@ -803,6 +811,7 @@ TcgFindFeatureCallback(
FindCtx->FeatureSize = FeatureSize;
return TRUE; // done enumerating features
}
return FALSE; // continue enumerating
}
@ -833,6 +842,7 @@ TcgGetFeature(
if (FeatureSize != NULL) {
*FeatureSize = FindCtx.FeatureSize;
}
return FindCtx.Feature;
}
@ -889,7 +899,7 @@ TcgIsLocked(
Size = 0;
LockDescriptor = (TCG_LOCKING_FEATURE_DESCRIPTOR *)TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size);
if (LockDescriptor != NULL && Size >= sizeof(*LockDescriptor)) {
if ((LockDescriptor != NULL) && (Size >= sizeof (*LockDescriptor))) {
DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked));
return LockDescriptor->Locked;
}

160
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
View File

@ -135,6 +135,7 @@ OpalTrustedRecv(
} else {
Tries = 5000;
}
while ((Tries--) > 0) {
ZeroMem (Buffer, BufferSize);
TransferSize = 0;
@ -153,7 +154,7 @@ OpalTrustedRecv(
return TcgResultFailure;
}
if (SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_1 && SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_2) {
if ((SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_1) && (SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_2)) {
return TcgResultSuccess;
}
@ -165,7 +166,7 @@ OpalTrustedRecv(
Length = SwapBytes32 (ComPacket->LengthBE);
OutstandingData = SwapBytes32 (ComPacket->OutstandingDataBE);
if (Length != 0 && OutstandingData == 0) {
if ((Length != 0) && (OutstandingData == 0)) {
return TcgResultSuccess;
}
@ -204,7 +205,8 @@ OpalPerformMethod (
NULL_CHECK (Session);
NULL_CHECK (MethodStatus);
ERROR_CHECK(OpalTrustedSend(
ERROR_CHECK (
OpalTrustedSend (
Session->Sscp,
Session->MediaId,
TCG_OPAL_SECURITY_PROTOCOL_1,
@ -212,9 +214,11 @@ OpalPerformMethod (
SendSize,
Buffer,
BufferSize
));
)
);
ERROR_CHECK(OpalTrustedRecv(
ERROR_CHECK (
OpalTrustedRecv (
Session->Sscp,
Session->MediaId,
TCG_OPAL_SECURITY_PROTOCOL_1,
@ -222,7 +226,8 @@ OpalPerformMethod (
Buffer,
BufferSize,
EstimateTimeCost
));
)
);
ERROR_CHECK (TcgInitTcgParseStruct (ParseStruct, Buffer, BufferSize));
ERROR_CHECK (TcgCheckComIds (ParseStruct, Session->OpalBaseComId, Session->ComIdExtension));
@ -344,7 +349,6 @@ OpalPyrite2PsidRevert(
UINT8 Buffer[BUFFER_SIZE];
UINT8 MethodStatus;
NULL_CHECK (AdminSpSession);
//
@ -476,7 +480,8 @@ OpalStartSession(
Session->HostSessionId = HostSessionId;
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgCreateStartSession(
ERROR_CHECK (
TcgCreateStartSession (
&CreateStruct,
&Size,
Session->OpalBaseComId,
@ -487,7 +492,8 @@ OpalStartSession(
HostChallengeLength,
HostChallenge,
HostSigningAuthority
));
)
);
ERROR_CHECK (OpalPerformMethod (Session, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
return TcgResultSuccess; // return early if method failed - user must check MethodStatus
@ -520,16 +526,19 @@ OpalEndSession(
NULL_CHECK (Session);
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buffer, sizeof (Buffer)));
ERROR_CHECK(TcgCreateEndSession(
ERROR_CHECK (
TcgCreateEndSession (
&CreateStruct,
&Size,
Session->OpalBaseComId,
Session->ComIdExtension,
Session->HostSessionId,
Session->TperSessionId
));
)
);
ERROR_CHECK(OpalTrustedSend(
ERROR_CHECK (
OpalTrustedSend (
Session->Sscp,
Session->MediaId,
TCG_OPAL_SECURITY_PROTOCOL_1,
@ -537,9 +546,11 @@ OpalEndSession(
Size,
Buffer,
sizeof (Buffer)
));
)
);
ERROR_CHECK(OpalTrustedRecv(
ERROR_CHECK (
OpalTrustedRecv (
Session->Sscp,
Session->MediaId,
TCG_OPAL_SECURITY_PROTOCOL_1,
@ -547,7 +558,8 @@ OpalEndSession(
Buffer,
sizeof (Buffer),
0
));
)
);
ERROR_CHECK (TcgInitTcgParseStruct (&ParseStruct, Buffer, sizeof (Buffer)));
ERROR_CHECK (TcgCheckComIds (&ParseStruct, Session->OpalBaseComId, Session->ComIdExtension));
@ -768,9 +780,10 @@ OpalAdminRevert(
LockingSpSession,
FALSE,
FALSE,
MethodStatus);
MethodStatus
);
if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
//
// bail out
//
@ -824,7 +837,6 @@ OpalAdminRevert(
return TcgResultSuccess;
}
/**
The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter
@ -864,9 +876,10 @@ OpalPyrite2AdminRevert(
LockingSpSession,
FALSE,
FALSE,
MethodStatus);
MethodStatus
);
if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
//
// bail out
//
@ -1000,7 +1013,8 @@ OpalSetPassword(
NULL_CHECK (MethodStatus);
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgCreateSetCPin(
ERROR_CHECK (
TcgCreateSetCPin (
&CreateStruct,
&Size,
Session->OpalBaseComId,
@ -1010,7 +1024,8 @@ OpalSetPassword(
CpinRowUid,
NewPin,
NewPinLength
));
)
);
ERROR_CHECK (OpalPerformMethod (Session, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
// exit with success on method failure - user must inspect MethodStatus
@ -1055,7 +1070,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
NULL_CHECK (MethodStatus);
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgSetAuthorityEnabled(
ERROR_CHECK (
TcgSetAuthorityEnabled (
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
@ -1063,7 +1079,9 @@ OpalSetLockingSpAuthorityEnabledAndPin(
LockingSpSession->TperSessionId,
LockingSpSession->HostSessionId,
AuthorityUid,
TRUE));
TRUE
)
);
ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1074,7 +1092,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgCreateSetCPin(
ERROR_CHECK (
TcgCreateSetCPin (
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
@ -1083,7 +1102,9 @@ OpalSetLockingSpAuthorityEnabledAndPin(
LockingSpSession->HostSessionId,
CpinRowUid,
NewPin,
NewPinLength));
NewPinLength
)
);
ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1091,7 +1112,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
// allow user1 to set global range to unlocked/locked by modifying ACE_Locking_GlobalRange_SetRdLocked/SetWrLocked
//
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgCreateSetAce(
ERROR_CHECK (
TcgCreateSetAce (
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
@ -1102,7 +1124,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
OPAL_LOCKING_SP_USER1_AUTHORITY,
TCG_ACE_EXPRESSION_OR,
OPAL_LOCKING_SP_ADMINS_AUTHORITY
));
)
);
ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1112,7 +1135,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
}
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgCreateSetAce(
ERROR_CHECK (
TcgCreateSetAce (
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
@ -1123,7 +1147,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
OPAL_LOCKING_SP_USER1_AUTHORITY,
TCG_ACE_EXPRESSION_OR,
OPAL_LOCKING_SP_ADMINS_AUTHORITY
));
)
);
ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1143,7 +1168,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
Ret = OpalParseRetrieveGlobalLockingRangeActiveKey (&ParseStruct, &ActiveKey);
if (Ret == TcgResultSuccess) {
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgCreateSetAce(
ERROR_CHECK (
TcgCreateSetAce (
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
@ -1154,7 +1180,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
OPAL_LOCKING_SP_USER1_AUTHORITY,
TCG_ACE_EXPRESSION_OR,
OPAL_LOCKING_SP_ADMINS_AUTHORITY
));
)
);
ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1168,7 +1195,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
}
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgCreateSetAce(
ERROR_CHECK (
TcgCreateSetAce (
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
@ -1179,7 +1207,8 @@ OpalSetLockingSpAuthorityEnabledAndPin(
OPAL_LOCKING_SP_USER1_AUTHORITY,
TCG_ACE_EXPRESSION_OR,
OPAL_LOCKING_SP_ADMINS_AUTHORITY
));
)
);
ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1215,7 +1244,8 @@ OpalDisableUser(
NULL_CHECK (MethodStatus);
ERROR_CHECK (TcgInitTcgCreateStruct (&CreateStruct, Buf, sizeof (Buf)));
ERROR_CHECK(TcgSetAuthorityEnabled(
ERROR_CHECK (
TcgSetAuthorityEnabled (
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
@ -1223,7 +1253,9 @@ OpalDisableUser(
LockingSpSession->TperSessionId,
LockingSpSession->HostSessionId,
OPAL_LOCKING_SP_USER1_AUTHORITY,
FALSE));
FALSE
)
);
ERROR_CHECK (OpalPerformMethod (LockingSpSession, Size, Buf, sizeof (Buf), &ParseStruct, MethodStatus, 0));
@ -1539,7 +1571,7 @@ OpalParseRetrieveGlobalLockingRangeActiveKey(
return TcgResultFailure;
}
if (*ActiveKey != OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY && *ActiveKey != OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY) {
if ((*ActiveKey != OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) && (*ActiveKey != OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY)) {
DEBUG ((DEBUG_INFO, "Unexpected gen key %u (exp %u or %u)\n", *ActiveKey, OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY, OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY));
return TcgResultFailure;
}
@ -1667,7 +1699,9 @@ OpalGetSupportedAttributesInfo(
SupportedAttributes->Sp2 = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_2);
SupportedAttributes->SpIeee1667 = TcgIsProtocolSupported (SupportedProtocols, TCG_SECURITY_PROTOCOL_IEEE_1667);
DEBUG ((DEBUG_INFO, "Supported Protocols: Sp1 %d Sp2: %d SpIeee1667 %d \n",
DEBUG ((
DEBUG_INFO,
"Supported Protocols: Sp1 %d Sp2: %d SpIeee1667 %d \n",
SupportedAttributes->Sp1,
SupportedAttributes->Sp2,
SupportedAttributes->SpIeee1667
@ -1696,13 +1730,15 @@ OpalGetSupportedAttributesInfo(
//
// Check Opal SCC V2 has valid settings for SID C_PIN on revert
//
if (SupportedAttributes->OpalSsc2 && Size >= sizeof (OPAL_SSCV2_FEATURE_DESCRIPTOR)) {
if (SupportedAttributes->OpalSsc2 && (Size >= sizeof (OPAL_SSCV2_FEATURE_DESCRIPTOR))) {
//
// Want opposite polarity b/c Value is greater than a bit, but we only care about non-zero vs zero
//
SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0);
SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0);
DEBUG ((DEBUG_INFO, "Opal SSC V2 InitCpinIndicator %d CpinUponRevert %d \n",
DEBUG ((
DEBUG_INFO,
"Opal SSC V2 InitCpinIndicator %d CpinUponRevert %d \n",
SupportedAttributes->InitCpinIndicator,
SupportedAttributes->CpinUponRevert
));
@ -1713,7 +1749,7 @@ OpalGetSupportedAttributesInfo(
Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_LITE, &Size);
SupportedAttributes->OpalSscLite = (Feat != NULL);
if (Feat != NULL && Size >= sizeof (OPAL_SSCLITE_FEATURE_DESCRIPTOR)) {
if ((Feat != NULL) && (Size >= sizeof (OPAL_SSCLITE_FEATURE_DESCRIPTOR))) {
if (*OpalBaseComId == TCG_RESERVED_COMID) {
//
// Pin values used always match up with ComId used
@ -1721,7 +1757,9 @@ OpalGetSupportedAttributesInfo(
*OpalBaseComId = SwapBytes16 (Feat->OpalSscLite.BaseComdIdBE);
SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0);
SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0);
DEBUG ((DEBUG_INFO, "Opal SSC Lite InitCpinIndicator %d CpinUponRevert %d \n",
DEBUG ((
DEBUG_INFO,
"Opal SSC Lite InitCpinIndicator %d CpinUponRevert %d \n",
SupportedAttributes->InitCpinIndicator,
SupportedAttributes->CpinUponRevert
));
@ -1736,25 +1774,29 @@ OpalGetSupportedAttributesInfo(
Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC, &Size);
Size2 = 0;
Feat2 = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC_V2_0_0, &Size2);
if (Feat2 != NULL && Size2 >= sizeof (PYRITE_SSCV2_FEATURE_DESCRIPTOR)) {
if ((Feat2 != NULL) && (Size2 >= sizeof (PYRITE_SSCV2_FEATURE_DESCRIPTOR))) {
SupportedAttributes->PyriteSscV2 = TRUE;
if (*OpalBaseComId == TCG_RESERVED_COMID) {
*OpalBaseComId = SwapBytes16 (Feat2->PyriteSscV2.BaseComdIdBE);
SupportedAttributes->InitCpinIndicator = (Feat2->PyriteSscV2.InitialCPINSIDPIN == 0);
SupportedAttributes->CpinUponRevert = (Feat2->PyriteSscV2.CPINSIDPINRevertBehavior == 0);
DEBUG ((DEBUG_INFO, "Pyrite SSC V2 InitCpinIndicator %d CpinUponRevert %d \n",
DEBUG ((
DEBUG_INFO,
"Pyrite SSC V2 InitCpinIndicator %d CpinUponRevert %d \n",
SupportedAttributes->InitCpinIndicator,
SupportedAttributes->CpinUponRevert
));
}
} else {
SupportedAttributes->PyriteSsc = (Feat != NULL);
if (Feat != NULL && Size >= sizeof (PYRITE_SSC_FEATURE_DESCRIPTOR)) {
if ((Feat != NULL) && (Size >= sizeof (PYRITE_SSC_FEATURE_DESCRIPTOR))) {
if (*OpalBaseComId == TCG_RESERVED_COMID) {
*OpalBaseComId = SwapBytes16 (Feat->PyriteSsc.BaseComdIdBE);
SupportedAttributes->InitCpinIndicator = (Feat->PyriteSsc.InitialCPINSIDPIN == 0);
SupportedAttributes->CpinUponRevert = (Feat->PyriteSsc.CPINSIDPINRevertBehavior == 0);
DEBUG ((DEBUG_INFO, "Pyrite SSC InitCpinIndicator %d CpinUponRevert %d \n",
DEBUG ((
DEBUG_INFO,
"Pyrite SSC InitCpinIndicator %d CpinUponRevert %d \n",
SupportedAttributes->InitCpinIndicator,
SupportedAttributes->CpinUponRevert
));
@ -1765,7 +1807,7 @@ OpalGetSupportedAttributesInfo(
Size = 0;
Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V1_0_0, &Size);
SupportedAttributes->OpalSsc1 = (Feat != NULL);
if (Feat != NULL && Size >= sizeof (OPAL_SSCV1_FEATURE_DESCRIPTOR)) {
if ((Feat != NULL) && (Size >= sizeof (OPAL_SSCV1_FEATURE_DESCRIPTOR))) {
if (*OpalBaseComId == TCG_RESERVED_COMID) {
*OpalBaseComId = SwapBytes16 (Feat->OpalSscV1.BaseComdIdBE);
}
@ -1773,14 +1815,14 @@ OpalGetSupportedAttributesInfo(
Size = 0;
Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size);
if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) {
if ((Feat != NULL) && (Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR))) {
SupportedAttributes->MediaEncryption = Feat->Locking.MediaEncryption;
DEBUG ((DEBUG_INFO, "SupportedAttributes->MediaEncryption 0x%X \n", SupportedAttributes->MediaEncryption));
}
Size = 0;
Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_BLOCK_SID, &Size);
if (Feat != NULL && Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR)) {
if ((Feat != NULL) && (Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR))) {
SupportedAttributes->BlockSid = TRUE;
DEBUG ((DEBUG_INFO, "BlockSid Supported!!! Current Status is 0x%X \n", Feat->BlockSid.SIDBlockedState));
} else {
@ -1789,7 +1831,7 @@ OpalGetSupportedAttributesInfo(
Size = 0;
Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_DATA_REMOVAL, &Size);
if (Feat != NULL && Size >= sizeof (DATA_REMOVAL_FEATURE_DESCRIPTOR)) {
if ((Feat != NULL) && (Size >= sizeof (DATA_REMOVAL_FEATURE_DESCRIPTOR))) {
SupportedAttributes->DataRemoval = TRUE;
DEBUG ((DEBUG_INFO, "DataRemoval Feature Supported!\n"));
DEBUG ((DEBUG_INFO, "Operation Processing = 0x%x\n", Feat->DataRemoval.OperationProcessing));
@ -1836,11 +1878,12 @@ OpalGetLockingInfo(
DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n"));
return TcgResultFailure;
}
DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER *)Buffer;
Size = 0;
Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR *)TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size);
if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) {
if ((Feat != NULL) && (Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR))) {
CopyMem (LockingFeature, &Feat->Locking, sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR));
}
@ -1881,6 +1924,7 @@ OpalGetFeatureDescriptor (
DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n"));
return TcgResultFailure;
}
DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER *)Buffer;
Size = 0;
@ -1918,12 +1962,13 @@ OpalFeatureSupported(
return FALSE;
}
if (SupportedAttributes->OpalSscLite == 0 &&
SupportedAttributes->OpalSsc1 == 0 &&
SupportedAttributes->OpalSsc2 == 0 &&
SupportedAttributes->PyriteSsc == 0 &&
SupportedAttributes->PyriteSscV2 == 0
) {
if ((SupportedAttributes->OpalSscLite == 0) &&
(SupportedAttributes->OpalSsc1 == 0) &&
(SupportedAttributes->OpalSsc2 == 0) &&
(SupportedAttributes->PyriteSsc == 0) &&
(SupportedAttributes->PyriteSscV2 == 0)
)
{
return FALSE;
}
@ -1987,4 +2032,3 @@ OpalDeviceLocked(
return LockingFeature->Locked;
}

1
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h
View File

@ -11,7 +11,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/TcgStorageOpalLib.h>
/**
The function retrieves the MSID from the device specified

74
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
View File

@ -46,8 +46,9 @@ OpalUtilPsidRevert(
PsidLength,
Psid,
OPAL_ADMIN_SP_PSID_AUTHORITY,
&MethodStatus);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
&MethodStatus
);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalPyrite2PsidRevert (Session, RemovalTimeOut);
if (Ret != TcgResultSuccess) {
//
@ -102,7 +103,7 @@ OpalUtilSetAdminPasswordAsSid(
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
}
@ -118,7 +119,7 @@ OpalUtilSetAdminPasswordAsSid(
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
OpalEndSession (Session);
DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
@ -129,7 +130,7 @@ OpalUtilSetAdminPasswordAsSid(
//
Ret = OpalActivateLockingSp (Session, &MethodStatus);
OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
}
@ -138,6 +139,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -189,7 +191,8 @@ OpalUtilSetOpalLockingRange(
PassLength,
Password,
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus);
&MethodStatus
);
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
goto done;
@ -207,10 +210,11 @@ OpalUtilSetOpalLockingRange(
WriteLockEnabled,
ReadLocked,
WriteLocked,
&MethodStatus);
&MethodStatus
);
OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus));
}
@ -218,6 +222,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -262,7 +267,7 @@ OpalUtilSetAdminPassword(
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n"));
goto done;
}
@ -272,7 +277,7 @@ OpalUtilSetAdminPassword(
//
Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n"));
goto done;
}
@ -286,7 +291,7 @@ OpalUtilSetAdminPassword(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n"));
goto done;
}
@ -296,7 +301,7 @@ OpalUtilSetAdminPassword(
//
Ret = OpalSetPassword (Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus);
OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n"));
goto done;
}
@ -305,6 +310,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -348,7 +354,7 @@ OpalUtilSetUserPassword(
OPAL_LOCKING_SP_USER1_AUTHORITY,
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalSetPassword (
Session,
OPAL_LOCKING_SP_C_PIN_USER1,
@ -357,7 +363,7 @@ OpalUtilSetUserPassword(
&MethodStatus
);
OpalEndSession (Session);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
return Ret;
}
}
@ -378,7 +384,7 @@ OpalUtilSetUserPassword(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n"));
goto done;
}
@ -395,7 +401,7 @@ OpalUtilSetUserPassword(
&MethodStatus
);
OpalEndSession (Session);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));
goto done;
}
@ -404,6 +410,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -438,8 +445,9 @@ OpalUtilVerifyPassword (
PasswordLength,
Password,
HostSigningAuthority,
&MethodStatus);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
&MethodStatus
);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
OpalEndSession (Session);
return TcgResultSuccess;
}
@ -486,7 +494,7 @@ OpalUtilSecureErase(
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
*PasswordFailed = FALSE;
OpalEndSession (Session);
@ -504,7 +512,7 @@ OpalUtilSecureErase(
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
*PasswordFailed = FALSE;
OpalEndSession (Session);
@ -516,6 +524,7 @@ OpalUtilSecureErase(
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -556,7 +565,7 @@ OpalUtilDisableUser(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n"));
*PasswordFailed = TRUE;
goto done;
@ -570,6 +579,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -619,7 +629,7 @@ OpalUtilRevert(
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus));
*PasswordFailed = TRUE;
goto done;
@ -630,7 +640,7 @@ OpalUtilRevert(
// Try to revert with admin1
//
Ret = OpalPyrite2AdminRevert (Session, KeepUserData, &MethodStatus, RemovalTimeOut);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
//
// Device ends the session on successful revert, so only call OpalEndSession when fail.
//
@ -644,6 +654,7 @@ done:
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -686,7 +697,7 @@ OpalUtilSetSIDtoMSID (
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
goto done;
}
@ -742,7 +753,7 @@ OpalUtilUpdateGlobalLockingRange(
OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
&MethodStatus
);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
Ret = OpalUpdateGlobalLockingRange (
Session,
ReadLocked,
@ -750,7 +761,7 @@ OpalUtilUpdateGlobalLockingRange(
&MethodStatus
);
OpalEndSession (Session);
if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
goto done;
}
}
@ -771,7 +782,7 @@ OpalUtilUpdateGlobalLockingRange(
OPAL_LOCKING_SP_USER1_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n"));
goto done;
}
@ -791,6 +802,7 @@ done:
Ret = TcgResultFailure;
}
}
return Ret;
}
@ -879,7 +891,8 @@ OpalUtilDetermineOwnership(
MsidLength,
Msid,
OPAL_ADMIN_SP_SID_AUTHORITY,
&MethodStatus);
&MethodStatus
);
if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
//
// now we know that SID PIN == MSID PIN
@ -957,11 +970,12 @@ OpalUtilGetActiveDataRemovalMechanism (
OPAL_ADMIN_SP_ANYBODY_AUTHORITY,
&MethodStatus
);
if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
Ret = TcgResultFailure;
}
return Ret;
}
@ -1100,7 +1114,7 @@ GetRevertTimeOut (
UINT8 ActiveDataRemovalMechanism;
TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId);
if (TcgResult != TcgResultSuccess || SupportedAttributes.DataRemoval == 0) {
if ((TcgResult != TcgResultSuccess) || (SupportedAttributes.DataRemoval == 0)) {
return 0;
}

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c
View File

@ -103,6 +103,7 @@ Tpm12NvDefineSpace (
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
@ -151,6 +152,7 @@ Tpm12NvReadValue (
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode)));
switch (SwapBytes32 (Response.Hdr.returnCode)) {
case TPM_SUCCESS:
@ -165,6 +167,7 @@ Tpm12NvReadValue (
if (SwapBytes32 (Response.DataSize) > *DataSize) {
return EFI_BUFFER_TOO_SMALL;
}
*DataSize = SwapBytes32 (Response.DataSize);
ZeroMem (Data, *DataSize);
CopyMem (Data, &Response.Data, *DataSize);
@ -218,6 +221,7 @@ Tpm12NvWriteValue (
if (EFI_ERROR (Status)) {
return Status;
}
DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode)));
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:

1
SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c
View File

@ -40,6 +40,7 @@ Tpm12ForceClear (
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;

2
SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c
View File

@ -53,6 +53,7 @@ Tpm12Startup (
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n"));
@ -94,6 +95,7 @@ Tpm12SaveState (
if (EFI_ERROR (Status)) {
return Status;
}
switch (SwapBytes32 (Response.returnCode)) {
case TPM_SUCCESS:
return EFI_SUCCESS;

43
SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c
View File

@ -69,6 +69,7 @@ Tpm12GetPtpInterface (
if (!Tpm12TisPcPresenceCheck (Register)) {
return PtpInterfaceMax;
}
//
// Check interface id
//
@ -77,15 +78,19 @@ Tpm12GetPtpInterface (
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) {
(InterfaceId.Bits.CapCRB != 0))
{
return PtpInterfaceCrb;
}
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return PtpInterfaceFifo;
}
return PtpInterfaceTis;
}
@ -113,10 +118,13 @@ Tpm12TisPcWaitRegisterBits (
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -141,7 +149,7 @@ Tpm12TisPcReadBurstCount (
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -157,6 +165,7 @@ Tpm12TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);
@ -272,15 +281,18 @@ Tpm12TisTpmCommand (
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
@ -290,6 +302,7 @@ Tpm12TisTpmCommand (
DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n"));
return EFI_DEVICE_ERROR;
}
//
// Send the command data to Tpm
//
@ -300,11 +313,13 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++;
}
}
//
// Check the Tpm status STS_EXPECT change from 1 to 0
//
@ -319,6 +334,7 @@ Tpm12TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
//
// Executed the TPM command and waiting for the response data ready
//
@ -334,6 +350,7 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
//
// Get response data header
//
@ -345,17 +362,22 @@ Tpm12TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == sizeof (TPM_RSP_COMMAND_HDR)) break;
if (Index == sizeof (TPM_RSP_COMMAND_HDR)) {
break;
}
}
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
@ -363,7 +385,7 @@ Tpm12TisTpmCommand (
//
CopyMem (&Data16, BufferOut, sizeof (UINT16));
RspTag = SwapBytes16 (Data16);
if (RspTag != TPM_TAG_RSP_COMMAND && RspTag != TPM_TAG_RSP_AUTH1_COMMAND && RspTag != TPM_TAG_RSP_AUTH2_COMMAND) {
if ((RspTag != TPM_TAG_RSP_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH1_COMMAND) && (RspTag != TPM_TAG_RSP_AUTH2_COMMAND)) {
DEBUG ((DEBUG_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag));
Status = EFI_UNSUPPORTED;
goto Exit;
@ -375,6 +397,7 @@ Tpm12TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
@ -388,18 +411,21 @@ Tpm12TisTpmCommand (
goto Exit;
}
}
Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR;
goto Exit;
}
}
Exit:
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm12TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);
@ -450,7 +476,6 @@ Tpm12SubmitCommand (
default:
return EFI_DEVICE_ERROR;
}
}
/**
@ -477,11 +502,13 @@ Tpm12PtpCrbWaitRegisterBits (
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}

3
SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c
View File

@ -51,6 +51,7 @@ Tpm12SubmitCommand (
return EFI_NOT_FOUND;
}
}
//
// Assume when TCG Protocol is ready, RequestUseTpm already done.
//
@ -64,6 +65,7 @@ Tpm12SubmitCommand (
if (EFI_ERROR (Status)) {
return Status;
}
Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -95,6 +97,7 @@ Tpm12RequestUseTpm (
return EFI_NOT_FOUND;
}
}
//
// Assume when TCG Protocol is ready, RequestUseTpm already done.
//

22
SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
View File

@ -158,6 +158,7 @@ Tpm2GetCapabilityFamily (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4);
return EFI_SUCCESS;
@ -193,6 +194,7 @@ Tpm2GetCapabilityManufactureID (
if (EFI_ERROR (Status)) {
return Status;
}
*ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value;
return EFI_SUCCESS;
@ -230,6 +232,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) {
return Status;
}
*FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
Status = Tpm2GetCapability (
@ -242,6 +245,7 @@ Tpm2GetCapabilityFirmwareVersion (
if (EFI_ERROR (Status)) {
return Status;
}
*FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -376,6 +380,7 @@ Tpm2GetCapabilityLockoutCounter (
if (EFI_ERROR (Status)) {
return Status;
}
*LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -411,6 +416,7 @@ Tpm2GetCapabilityLockoutInterval (
if (EFI_ERROR (Status)) {
return Status;
}
*LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -447,6 +453,7 @@ Tpm2GetCapabilityInputBufferSize (
if (EFI_ERROR (Status)) {
return Status;
}
*InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -497,6 +504,7 @@ Tpm2GetCapabilityPcrs (
DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect));
return EFI_DEVICE_ERROR;
}
CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect);
}
@ -558,6 +566,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA1;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
@ -567,6 +576,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA256;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA384:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
@ -576,6 +586,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA384;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SHA512:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
@ -585,6 +596,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SHA512;
ActivePcrBankCount++;
}
break;
case TPM_ALG_SM3_256:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
@ -594,6 +606,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs (
*ActivePcrBanks |= HASH_ALG_SM3_256;
ActivePcrBankCount++;
}
break;
default:
DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash));
@ -637,6 +650,7 @@ Tpm2GetCapabilityAlgorithmSet (
if (EFI_ERROR (Status)) {
return Status;
}
*AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value);
return EFI_SUCCESS;
@ -728,6 +742,7 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
case TPM_ALG_SYMCIPHER:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm));
Buffer += sizeof (UINT16);
@ -753,6 +768,7 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
break;
case TPM_ALG_RSA:
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm));
@ -775,6 +791,7 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.rsaDetail.scheme.scheme) {
@ -797,6 +814,7 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits));
Buffer += sizeof (UINT16);
WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent));
@ -823,6 +841,7 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme));
Buffer += sizeof (UINT16);
switch (Parameters->parameters.eccDetail.scheme.scheme) {
@ -845,6 +864,7 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID));
Buffer += sizeof (UINT16);
WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme));
@ -871,6 +891,7 @@ Tpm2TestParms (
default:
return EFI_INVALID_PARAMETER;
}
break;
default:
return EFI_INVALID_PARAMETER;
@ -892,6 +913,7 @@ Tpm2TestParms (
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_UNSUPPORTED;

1
SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c
View File

@ -70,6 +70,7 @@ Tpm2FlushContext (
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;

2
SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c
View File

@ -106,6 +106,7 @@ Tpm2DictionaryAttackLockReset (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
@ -197,6 +198,7 @@ Tpm2DictionaryAttackParameters (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;

4
SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
View File

@ -163,6 +163,7 @@ Tpm2PolicySecret (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
@ -266,6 +267,7 @@ Tpm2PolicyOR (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
@ -321,6 +323,7 @@ Tpm2PolicyCommandCode (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;
@ -376,6 +379,7 @@ Tpm2PolicyGetDigest (
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;

9
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
View File

@ -47,6 +47,7 @@ GetHashSizeFromAlgo (
return mHashInfo[Index].HashSize;
}
}
return 0;
}
@ -70,6 +71,7 @@ GetHashMaskFromAlgo (
return mHashInfo[Index].HashMask;
}
}
return 0;
}
@ -213,26 +215,31 @@ IsHashAlgSupportedInHashAlgorithmMask(
if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA256:
if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA384:
if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
return TRUE;
}
break;
case TPM_ALG_SHA512:
if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
return TRUE;
}
break;
case TPM_ALG_SM3_256:
if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
return TRUE;
}
break;
}
@ -269,6 +276,7 @@ CopyDigestListToBuffer (
DEBUG ((DEBUG_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
continue;
}
CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof (DigestList->digests[Index].hashAlg));
Buffer = (UINT8 *)Buffer + sizeof (DigestList->digests[Index].hashAlg);
DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
@ -276,6 +284,7 @@ CopyDigestListToBuffer (
Buffer = (UINT8 *)Buffer + DigestSize;
DigestListCount++;
}
WriteUnaligned32 (DigestListCountPtr, DigestListCount);
return Buffer;

1
SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
View File

@ -188,6 +188,7 @@ Tpm2SetPrimaryPolicy (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;

20
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
View File

@ -109,7 +109,6 @@ Tpm2PcrExtend (
Cmd.Header.commandCode = SwapBytes32 (TPM_CC_PCR_Extend);
Cmd.PcrHandle = SwapBytes32 (PcrHandle);
//
// Add in Auth session
//
@ -133,6 +132,7 @@ Tpm2PcrExtend (
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem (
Buffer,
&Digests->digests[Index].digest,
@ -287,6 +287,7 @@ Tpm2PcrEvent (
DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem (
&Digests->digests[Index].digest,
Buffer,
@ -356,6 +357,7 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_NOT_FOUND;
@ -372,6 +374,7 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
*PcrUpdateCounter = SwapBytes32 (RecvBuffer.PcrUpdateCounter);
//
@ -381,6 +384,7 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
PcrSelectionOut->count = SwapBytes32 (RecvBuffer.PcrSelectionOut.count);
if (PcrSelectionOut->count > HASH_COUNT) {
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
@ -391,12 +395,14 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
for (Index = 0; Index < PcrSelectionOut->count; Index++) {
PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16 (RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
return EFI_DEVICE_ERROR;
}
CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
}
@ -412,6 +418,7 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
return EFI_DEVICE_ERROR;
}
Digests = PcrValuesOut->digests;
for (Index = 0; Index < PcrValues->count; Index++) {
PcrValues->digests[Index].size = SwapBytes16 (Digests->size);
@ -419,6 +426,7 @@ Tpm2PcrRead (
DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
return EFI_DEVICE_ERROR;
}
CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof (Digests->size) + PcrValues->digests[Index].size);
}
@ -606,8 +614,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -620,8 +630,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -634,8 +646,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -648,8 +662,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
@ -662,8 +678,10 @@ Tpm2PcrAllocateBanks (
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
}
PcrAllocation.count++;
}
Status = Tpm2PcrAllocate (
TPM_RH_PLATFORM,
AuthSession,

1
SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c
View File

@ -100,6 +100,7 @@ Tpm2SetAlgorithmSet (
Status = EFI_DEVICE_ERROR;
goto Done;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
Status = EFI_DEVICE_ERROR;

12
SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
View File

@ -203,10 +203,12 @@ Tpm2NvReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -363,6 +365,7 @@ Tpm2NvDefineSpace (
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -471,6 +474,7 @@ Tpm2NvUndefineSpace (
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -581,10 +585,12 @@ Tpm2NvRead (
Status = EFI_DEVICE_ERROR;
goto Done;
}
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -627,6 +633,7 @@ Tpm2NvRead (
Status = EFI_DEVICE_ERROR;
break;
}
if (Status != EFI_SUCCESS) {
goto Done;
}
@ -727,10 +734,12 @@ Tpm2NvWrite (
Status = EFI_DEVICE_ERROR;
goto Done;
}
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -852,6 +861,7 @@ Tpm2NvReadLock (
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -939,6 +949,7 @@ Tpm2NvWriteLock (
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -1023,6 +1034,7 @@ Tpm2NvGlobalWriteLock (
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data

30
SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c
View File

@ -84,10 +84,12 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
ResponseCode = SwapBytes32 (RecvBuffer.Header.responseCode);
if (ResponseCode != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
}
switch (ResponseCode) {
case TPM_RC_SUCCESS:
// return data
@ -108,16 +110,24 @@ Tpm2ReadPublic (
return EFI_DEVICE_ERROR;
}
NameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
sizeof(UINT16) + OutPublicSize)));
NameSize = SwapBytes16 (
ReadUnaligned16 (
(UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
sizeof (UINT16) + OutPublicSize)
)
);
if (NameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize));
return EFI_DEVICE_ERROR;
}
QualifiedNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) +
QualifiedNameSize = SwapBytes16 (
ReadUnaligned16 (
(UINT16 *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) +
sizeof (UINT16) + OutPublicSize +
sizeof(UINT16) + NameSize)));
sizeof (UINT16) + NameSize)
)
);
if (QualifiedNameSize > sizeof (TPMU_NAME)) {
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize));
return EFI_DEVICE_ERROR;
@ -167,6 +177,7 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
case TPM_ALG_SYMCIPHER:
OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
@ -192,6 +203,7 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
break;
case TPM_ALG_RSA:
OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -214,6 +226,7 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) {
@ -236,6 +249,7 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -262,6 +276,7 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) {
@ -284,6 +299,7 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
Buffer += sizeof (UINT16);
OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -310,6 +326,7 @@ Tpm2ReadPublic (
default:
return EFI_UNSUPPORTED;
}
break;
default:
return EFI_UNSUPPORTED;
@ -324,6 +341,7 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size);
Buffer += OutPublic->publicArea.unique.keyedHash.size;
break;
@ -334,6 +352,7 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size);
Buffer += OutPublic->publicArea.unique.sym.size;
break;
@ -344,6 +363,7 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size);
Buffer += OutPublic->publicArea.unique.rsa.size;
break;
@ -354,6 +374,7 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size);
Buffer += OutPublic->publicArea.unique.ecc.x.size;
OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer));
@ -362,6 +383,7 @@ Tpm2ReadPublic (
DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size));
return EFI_DEVICE_ERROR;
}
CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size);
Buffer += OutPublic->publicArea.unique.ecc.y.size;
break;

1
SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c
View File

@ -385,6 +385,7 @@ Tpm2EventSequenceComplete (
DEBUG ((DEBUG_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem (
&Results->digests[Index].digest,
BufferPtr,

1
SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c
View File

@ -147,6 +147,7 @@ Tpm2StartAuthSession (
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32 (RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32 (RecvBuffer.Header.responseCode)));
return EFI_DEVICE_ERROR;

2
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c
View File

@ -59,7 +59,7 @@ InternalTpm2DeviceLibDTpmCommonConstructor (
PcdSet8S (PcdActiveTpmInterfaceType, PtpInterface);
}
if (PcdGet8(PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) {
if ((PcdGet8 (PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb) && (PcdGet8 (PcdCRBIdleByPass) == 0xFF)) {
IdleByPass = Tpm2GetIdleByPass ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
PcdSet8S (PcdCRBIdleByPass, IdleByPass);
}

2
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c
View File

@ -90,7 +90,9 @@ Tpm2InstanceLibDTpmConstructor (
Status = InternalTpm2DeviceLibDTpmCommonConstructor ();
DumpPtpInfo ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
}
return EFI_SUCCESS;
}
return Status;
}

29
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c
View File

@ -55,6 +55,7 @@ Tpm2IsPtpPresence (
//
return FALSE;
}
return TRUE;
}
@ -82,11 +83,13 @@ PtpCrbWaitRegisterBits (
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead32 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) {
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -160,15 +163,18 @@ PtpCrbTpmCommand (
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
@ -177,7 +183,7 @@ PtpCrbTpmCommand (
// STEP 0:
// if CapCRbIdelByPass == 0, enforce Idle state before sending command
//
if (GetCachedIdleByPass () == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){
if ((GetCachedIdleByPass () == 0) && ((MmioRead32 ((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0)) {
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE,
@ -210,6 +216,7 @@ PtpCrbTpmCommand (
Status = EFI_DEVICE_ERROR;
goto GoIdle_Exit;
}
Status = PtpCrbWaitRegisterBits (
&CrbReg->CrbControlStatus,
0,
@ -230,6 +237,7 @@ PtpCrbTpmCommand (
for (Index = 0; Index < SizeIn; Index++) {
MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]);
}
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32));
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer);
MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof (CrbReg->CrbDataBuffer));
@ -285,11 +293,13 @@ PtpCrbTpmCommand (
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]);
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
@ -312,6 +322,7 @@ PtpCrbTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto GoReady_Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
@ -325,6 +336,7 @@ PtpCrbTpmCommand (
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
@ -423,6 +435,7 @@ Tpm2GetPtpInterface (
if (!Tpm2IsPtpPresence (Register)) {
return Tpm2PtpInterfaceMax;
}
//
// Check interface id
//
@ -431,15 +444,19 @@ Tpm2GetPtpInterface (
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
(InterfaceId.Bits.CapCRB != 0)) {
(InterfaceId.Bits.CapCRB != 0))
{
return Tpm2PtpInterfaceCrb;
}
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
(InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
(InterfaceId.Bits.CapFIFO != 0) &&
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
(InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP))
{
return Tpm2PtpInterfaceFifo;
}
return Tpm2PtpInterfaceTis;
}
@ -507,7 +524,8 @@ DumpPtpInfo (
//
DEBUG ((DEBUG_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32));
if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) ||
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) {
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO))
{
DEBUG ((DEBUG_INFO, " InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion));
}
@ -539,6 +557,7 @@ DumpPtpInfo (
default:
break;
}
DEBUG ((DEBUG_INFO, "VID - 0x%04x\n", Vid));
DEBUG ((DEBUG_INFO, "DID - 0x%04x\n", Did));
DEBUG ((DEBUG_INFO, "RID - 0x%02x\n", Rid));

26
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c
View File

@ -69,10 +69,13 @@ TisPcWaitRegisterBits (
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -97,7 +100,7 @@ TisPcReadBurstCount (
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -113,6 +116,7 @@ TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);
@ -227,15 +231,18 @@ Tpm2TisTpmCommand (
} else {
DebugSize = SizeIn;
}
for (Index = 0; Index < DebugSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
if (DebugSize != SizeIn) {
DEBUG ((DEBUG_VERBOSE, "...... "));
for (Index = SizeIn - 0x20; Index < SizeIn; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferIn[Index]));
}
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
TpmOutSize = 0;
@ -245,6 +252,7 @@ Tpm2TisTpmCommand (
DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n"));
return EFI_DEVICE_ERROR;
}
//
// Send the command data to Tpm
//
@ -255,11 +263,13 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for ( ; BurstCount > 0 && Index < SizeIn; BurstCount--) {
MmioWrite8 ((UINTN)&TisReg->DataFifo, *(BufferIn + Index));
Index++;
}
}
//
// Check the Tpm status STS_EXPECT change from 1 to 0
//
@ -274,6 +284,7 @@ Tpm2TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
//
// Executed the TPM command and waiting for the response data ready
//
@ -326,17 +337,22 @@ Tpm2TisTpmCommand (
Status = EFI_DEVICE_ERROR;
goto Exit;
}
for ( ; BurstCount > 0; BurstCount--) {
*(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo);
Index++;
if (Index == sizeof (TPM2_RESPONSE_HEADER)) break;
if (Index == sizeof (TPM2_RESPONSE_HEADER)) {
break;
}
}
}
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - "));
for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
//
@ -356,6 +372,7 @@ Tpm2TisTpmCommand (
Status = EFI_BUFFER_TOO_SMALL;
goto Exit;
}
*SizeOut = TpmOutSize;
//
// Continue reading the remaining data
@ -369,18 +386,21 @@ Tpm2TisTpmCommand (
goto Exit;
}
}
Status = TisPcReadBurstCount (TisReg, &BurstCount);
if (EFI_ERROR (Status)) {
Status = EFI_DEVICE_ERROR;
goto Exit;
}
}
Exit:
DEBUG_CODE_BEGIN ();
DEBUG ((DEBUG_VERBOSE, "Tpm2TisTpmCommand Receive - "));
for (Index = 0; Index < TpmOutSize; Index++) {
DEBUG ((DEBUG_VERBOSE, "%02x ", BufferOut[Index]));
}
DEBUG ((DEBUG_VERBOSE, "\n"));
DEBUG_CODE_END ();
MmioWrite8 ((UINTN)&TisReg->Status, TIS_PC_STS_READY);

2
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c
View File

@ -40,6 +40,7 @@ Tpm2SubmitCommand (
if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) {
return EFI_UNSUPPORTED;
}
return mInternalTpm2DeviceInterface.Tpm2SubmitCommand (
InputParameterBlockSize,
InputParameterBlock,
@ -64,6 +65,7 @@ Tpm2RequestUseTpm (
if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) {
return EFI_UNSUPPORTED;
}
return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm ();
}

2
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c
View File

@ -35,6 +35,7 @@ InternalGetTpm2DeviceInterface (
if (Hob == NULL) {
return NULL;
}
return (TPM2_DEVICE_INTERFACE *)(Hob + 1);
}
@ -93,6 +94,7 @@ Tpm2RequestUseTpm (
if (Tpm2DeviceInterface == NULL) {
return EFI_UNSUPPORTED;
}
return Tpm2DeviceInterface->Tpm2RequestUseTpm ();
}

3
SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c
View File

@ -50,6 +50,7 @@ Tpm2SubmitCommand (
return EFI_NOT_FOUND;
}
}
//
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
//
@ -63,6 +64,7 @@ Tpm2SubmitCommand (
if (EFI_ERROR (Status)) {
return Status;
}
Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock;
*OutputParameterBlockSize = SwapBytes32 (Header->paramSize);
@ -94,6 +96,7 @@ Tpm2RequestUseTpm (
return EFI_NOT_FOUND;
}
}
//
// Assume when Tcg2 Protocol is ready, RequestUseTpm already done.
//

8
SecurityPkg/Library/TpmCommLib/TisPc.c
View File

@ -52,10 +52,13 @@ TisPcWaitRegisterBits (
for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30) {
RegRead = MmioRead8 ((UINTN)Register);
if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0)
if (((RegRead & BitSet) == BitSet) && ((RegRead & BitClear) == 0)) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
}
return EFI_TIMEOUT;
}
@ -81,7 +84,7 @@ TisPcReadBurstCount (
UINT8 DataByte0;
UINT8 DataByte1;
if (BurstCount == NULL || TisReg == NULL) {
if ((BurstCount == NULL) || (TisReg == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -97,6 +100,7 @@ TisPcReadBurstCount (
if (*BurstCount != 0) {
return EFI_SUCCESS;
}
MicroSecondDelay (30);
WaitTime += 30;
} while (WaitTime < TIS_TIMEOUT_D);

1
SecurityPkg/Library/TpmCommLib/TpmComm.c
View File

@ -41,4 +41,3 @@ TpmCommHashAll (
return EFI_SUCCESS;
}

1
SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c
View File

@ -64,4 +64,3 @@ LockVariableKeyInterface (
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}

46
SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
View File

@ -55,10 +55,10 @@ CalculateDataHash (
if (HashCtx == NULL) {
goto _Exit;
}
Status = Sha1Init (HashCtx);
Status = Sha1Update (HashCtx, Data, DataSize);
Status = Sha1Final (HashCtx, HashValue);
} else if (CompareGuid (CertGuid, &gEfiCertSha256Guid)) {
//
// SHA256 Hash
@ -68,10 +68,10 @@ CalculateDataHash (
if (HashCtx == NULL) {
goto _Exit;
}
Status = Sha256Init (HashCtx);
Status = Sha256Update (HashCtx, Data, DataSize);
Status = Sha256Final (HashCtx, HashValue);
} else if (CompareGuid (CertGuid, &gEfiCertSha384Guid)) {
//
// SHA384 Hash
@ -81,10 +81,10 @@ CalculateDataHash (
if (HashCtx == NULL) {
goto _Exit;
}
Status = Sha384Init (HashCtx);
Status = Sha384Update (HashCtx, Data, DataSize);
Status = Sha384Final (HashCtx, HashValue);
} else if (CompareGuid (CertGuid, &gEfiCertSha512Guid)) {
//
// SHA512 Hash
@ -94,6 +94,7 @@ CalculateDataHash (
if (HashCtx == NULL) {
goto _Exit;
}
Status = Sha512Init (HashCtx);
Status = Sha512Update (HashCtx, Data, DataSize);
Status = Sha512Final (HashCtx, HashValue);
@ -308,7 +309,6 @@ IsCertHashRevoked (
Status = FALSE;
for (Index = 0; ; Index++) {
SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]);
//
// The list is terminated by a NULL pointer.
@ -323,13 +323,10 @@ IsCertHashRevoked (
//
if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha256Guid)) {
Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha256Guid, CertHashVal);
} else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha384Guid)) {
Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha384Guid, CertHashVal);
} else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha512Guid)) {
Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha512Guid, CertHashVal);
} else {
//
// Un-matched Cert Hash GUID
@ -349,8 +346,12 @@ IsCertHashRevoked (
//
// Check if the Certificate Hash is revoked.
//
if (CompareMem (SigData->SignatureData, CertHashVal,
SigList->SignatureSize - sizeof (EFI_GUID) - sizeof (EFI_TIME)) == 0) {
if (CompareMem (
SigData->SignatureData,
CertHashVal,
SigList->SignatureSize - sizeof (EFI_GUID) - sizeof (EFI_TIME)
) == 0)
{
Status = TRUE;
//
// Return the revocation time of this revoked certificate.
@ -386,7 +387,8 @@ IsTimeZero (
)
{
if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) &&
(Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) {
(Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0))
{
return TRUE;
}
@ -487,7 +489,6 @@ IsValidTimestamp (
continue;
}
SigData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigList + sizeof (EFI_SIGNATURE_LIST) +
SigList->SignatureHeaderSize);
TsaCert = SigData->SignatureData;
@ -1144,6 +1145,7 @@ VerifyBuffer (
if ((SignedData == NULL) || (SignedDataSize == 0) || (AllowedDb == NULL)) {
return EFI_INVALID_PARAMETER;
}
if ((Content != NULL) && (ContentSize == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -1157,9 +1159,11 @@ VerifyBuffer (
if (SigList == NULL) {
break;
}
if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
SigList->SignatureHeaderSize +
SigList->SignatureSize) {
SigList->SignatureSize)
{
return EFI_ABORTED;
}
}
@ -1174,9 +1178,11 @@ VerifyBuffer (
if (SigList == NULL) {
break;
}
if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
SigList->SignatureHeaderSize +
SigList->SignatureSize) {
SigList->SignatureSize)
{
return EFI_ABORTED;
}
}
@ -1192,9 +1198,11 @@ VerifyBuffer (
if (SigList == NULL) {
break;
}
if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) +
SigList->SignatureHeaderSize +
SigList->SignatureSize) {
SigList->SignatureSize)
{
return EFI_ABORTED;
}
}
@ -1209,12 +1217,15 @@ VerifyBuffer (
SignedData,
SignedDataSize,
(VOID **)&AttachedData,
&AttachedDataSize)) {
&AttachedDataSize
))
{
//
// The SignedData buffer was not correctly formatted for processing
//
return EFI_UNSUPPORTED;
}
if (AttachedData != NULL) {
if (InData != NULL) {
//
@ -1223,13 +1234,13 @@ VerifyBuffer (
Status = EFI_UNSUPPORTED;
goto _Exit;
}
//
// PKCS7-formatted signedData with attached content; Use the embedded
// content for verification
//
DataPtr = AttachedData;
DataSize = AttachedDataSize;
} else if (InData != NULL) {
//
// PKCS7-formatted signedData with detached content; Use the user-supplied
@ -1394,7 +1405,8 @@ VerifySignature (
// Parameters Checking
//
if ( (Signature == NULL) || (SignatureSize == 0) || (AllowedDb == NULL)
|| (InHash == NULL) || (InHashSize == 0)) {
|| (InHash == NULL) || (InHashSize == 0))
{
return EFI_INVALID_PARAMETER;
}

8
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
View File

@ -140,9 +140,10 @@ AesExpandKey (
// Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size.
//
Nk = KeyLenInBits >> 5;
if (Nk != 4 && Nk != 6 && Nk != 8) {
if ((Nk != 4) && (Nk != 6) && (Nk != 8)) {
return EFI_INVALID_PARAMETER;
}
Nr = Nk + 6;
Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words
AesKey->Nk = Nk;
@ -180,6 +181,7 @@ AesExpandKey (
for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) {
Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1];
}
if (Index2 + 4 < Nw) {
Temp = Ek[Index2 + 3];
Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2 ((Temp >> 24) & 0xFF) & 0xFF000000) ^
@ -268,7 +270,9 @@ AesEncrypt (
AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2]) & 0xFF) ^ Ek[NbIndex + 3];
NbIndex += 4;
Temp = StateX; StateX = StateY; StateY = Temp;
Temp = StateX;
StateX = StateY;
StateY = Temp;
}
//

2
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
View File

@ -109,6 +109,7 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, 16);
BlockCount--;
@ -122,6 +123,7 @@ RdRandGenerateEntropy (
if (EFI_ERROR (Status)) {
return Status;
}
CopyMem (Ptr, Seed, (Length % 16));
return Status;

2
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
View File

@ -120,7 +120,6 @@ RngDriverEntry (
return Status;
}
/**
Calls RDRAND to fill a buffer of arbitrary size with random bytes.
@ -146,6 +145,7 @@ RngGetBytes (
if (!IsRandom) {
return EFI_NOT_READY;
}
if (Length >= sizeof (TempRand)) {
WriteUnaligned64 ((UINT64 *)RandBuffer, TempRand[0]);
RandBuffer += sizeof (UINT64);

5
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c
View File

@ -37,6 +37,7 @@ OnReadyToBoot (
//
return;
}
//
// Clear MOR_CLEAR_MEMORY_BIT
//
@ -74,7 +75,6 @@ InitiateTPerReset (
IN UINT32 MediaId
)
{
EFI_STATUS Status;
UINT8 *Buffer;
UINTN XferSize;
@ -123,7 +123,8 @@ InitiateTPerReset (
// of the supported security protocol list.
//
Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *)Buffer;
Len = ROUNDUP512(sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) +
Len = ROUNDUP512 (
sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) +
(Data->SupportedSecurityListLength[0] << 8) +
(Data->SupportedSecurityListLength[1])
);

1
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h
View File

@ -39,4 +39,3 @@ typedef struct {
#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512)
#endif

9
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
View File

@ -46,10 +46,12 @@ IsAnyMorVariable (
for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) {
if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))
{
return TRUE;
}
}
return FALSE;
}
@ -69,9 +71,11 @@ IsMorLockVariable (
)
{
if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
(CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {
(CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid)))
{
return TRUE;
}
return FALSE;
}
@ -155,6 +159,7 @@ SetVariableCheckHandlerMor (
return EFI_INVALID_PARAMETER;
}
}
//
// Or grant access
//

4
SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c
View File

@ -26,7 +26,6 @@ GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2 =
"en"
};
/// The name of the driver in all the languages we support.
GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] = {
{ LANGUAGE_RFC_3066_ENGLISH, (CHAR16 *)EFI_DRIVER_NAME_UNICODE },
@ -220,7 +219,7 @@ GetControllerName(
CHAR16 **ControllerName
)
{
if (Language == NULL || ControllerName == NULL || ControllerHandle == NULL) {
if ((Language == NULL) || (ControllerName == NULL) || (ControllerHandle == NULL)) {
return EFI_INVALID_PARAMETER;
}
@ -389,4 +388,3 @@ OpalEfiDriverComponentName2GetControllerName(
{
return (GetControllerName (ControllerHandle, ChildHandle, Language, ControllerName));
}

94
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
View File

@ -75,7 +75,6 @@ OpalSupportGetAvailableActions(
// Psid revert is available for any device with media encryption support or pyrite 2.0 type support.
//
if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) {
//
// Only allow psid revert if media encryption is enabled or pyrite 2.0 type support..
// Otherwise, someone who steals a disk can psid revert the disk and the user Data is still
@ -228,7 +227,8 @@ ExtractDeviceInfoFromDevicePath (
//
while (!IsDevicePathEnd (TmpDevPath)) {
if ((TmpDevPath->Type == MESSAGING_DEVICE_PATH) &&
(TmpDevPath->SubType == MSG_SATA_DP || TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP)) {
((TmpDevPath->SubType == MSG_SATA_DP) || (TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP)))
{
if (DevInfo != NULL) {
DevInfo->DevicePathLength = (UINT32)GetDevicePathSize (DevicePath);
CopyMem (DevInfo->DevicePath, DevicePath, DevInfo->DevicePathLength);
@ -238,6 +238,7 @@ ExtractDeviceInfoFromDevicePath (
*DevInfoLength = sizeof (OPAL_DEVICE_LOCKBOX_DATA) + (UINT32)GetDevicePathSize (DevicePath);
break;
}
TmpDevPath = NextDevicePathNode (TmpDevPath);
}
@ -248,10 +249,11 @@ ExtractDeviceInfoFromDevicePath (
TmpDevPath = DevicePath;
TmpDevPath2 = NextDevicePathNode (DevicePath);
while (!IsDevicePathEnd (TmpDevPath2)) {
if (TmpDevPath->Type == HARDWARE_DEVICE_PATH && TmpDevPath->SubType == HW_PCI_DP) {
if ((TmpDevPath->Type == HARDWARE_DEVICE_PATH) && (TmpDevPath->SubType == HW_PCI_DP)) {
PciDevPath = (PCI_DEVICE_PATH *)TmpDevPath;
if ((TmpDevPath2->Type == MESSAGING_DEVICE_PATH) &&
(TmpDevPath2->SubType == MSG_SATA_DP || TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP)) {
((TmpDevPath2->SubType == MSG_SATA_DP) || (TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP)))
{
if (DevInfo != NULL) {
PciDevice = &DevInfo->Device;
PciDevice->Segment = 0;
@ -260,7 +262,7 @@ ExtractDeviceInfoFromDevicePath (
PciDevice->Function = PciDevPath->Function;
}
} else {
if (TmpDevPath2->Type == HARDWARE_DEVICE_PATH && TmpDevPath2->SubType == HW_PCI_DP) {
if ((TmpDevPath2->Type == HARDWARE_DEVICE_PATH) && (TmpDevPath2->SubType == HW_PCI_DP)) {
BusNum = PciRead8 (PCI_LIB_ADDRESS (BusNum, PciDevPath->Device, PciDevPath->Function, PCI_BRIDGE_SECONDARY_BUS_REGISTER_OFFSET));
}
}
@ -373,6 +375,7 @@ BuildOpalDeviceInfo (
if (S3InitDevicesBak != NULL) {
FreePool (S3InitDevicesBak);
}
ASSERT (S3InitDevices != NULL);
if (S3InitDevices == NULL) {
return;
@ -621,7 +624,8 @@ OpalDriverPopUpPsidInput (
} else if ((InputKey.UnicodeChar == CHAR_NULL) ||
(InputKey.UnicodeChar == CHAR_TAB) ||
(InputKey.UnicodeChar == CHAR_LINEFEED)
) {
)
{
continue;
} else {
//
@ -663,7 +667,7 @@ OpalDriverPopUpPsidInput (
gST->ConOut->ClearScreen (gST->ConOut);
if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) {
if ((InputLength == 0) || (InputKey.ScanCode == SCAN_ESC)) {
ZeroMem (Unicode, sizeof (Unicode));
ZeroMem (Mask, sizeof (Mask));
return NULL;
@ -683,7 +687,6 @@ OpalDriverPopUpPsidInput (
return Ascii;
}
/**
Get password input from the popup window.
@ -773,7 +776,8 @@ OpalDriverPopUpPasswordInput (
} else if ((InputKey.UnicodeChar == CHAR_NULL) ||
(InputKey.UnicodeChar == CHAR_TAB) ||
(InputKey.UnicodeChar == CHAR_LINEFEED)
) {
)
{
continue;
} else {
//
@ -815,7 +819,7 @@ OpalDriverPopUpPasswordInput (
gST->ConOut->ClearScreen (gST->ConOut);
if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) {
if ((InputLength == 0) || (InputKey.ScanCode == SCAN_ESC)) {
ZeroMem (Unicode, sizeof (Unicode));
return NULL;
}
@ -976,6 +980,7 @@ OpalDriverRequestPassword (
Count++;
continue;
}
PasswordLen = (UINT32)AsciiStrLen (Password);
if (IsLocked) {
@ -1108,6 +1113,7 @@ ProcessOpalRequestEnableFeature (
Count++;
continue;
}
PasswordLen = (UINT32)AsciiStrLen (Password);
PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc);
@ -1117,9 +1123,11 @@ ProcessOpalRequestEnableFeature (
Count++;
continue;
}
PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm);
if ((PasswordLen != PasswordLenConfirm) ||
(CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) {
(CompareMem (Password, PasswordConfirm, PasswordLen) != 0))
{
ZeroMem (Password, PasswordLen);
FreePool (Password);
ZeroMem (PasswordConfirm, PasswordLenConfirm);
@ -1133,6 +1141,7 @@ ProcessOpalRequestEnableFeature (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Count++;
continue;
}
@ -1182,6 +1191,7 @@ ProcessOpalRequestEnableFeature (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
}
}
@ -1252,6 +1262,7 @@ ProcessOpalRequestDisableUser (
Count++;
continue;
}
PasswordLen = (UINT32)AsciiStrLen (Password);
Ret = OpalUtilDisableUser (&Session, Password, PasswordLen, &PasswordFailed);
@ -1294,6 +1305,7 @@ ProcessOpalRequestDisableUser (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
}
}
@ -1382,6 +1394,7 @@ ProcessOpalRequestPsidRevert (
Count++;
continue;
}
PsidLen = (UINT32)AsciiStrLen (Psid);
Ret = OpalUtilPsidRevert (&Session, Psid, PsidLen);
@ -1423,6 +1436,7 @@ ProcessOpalRequestPsidRevert (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
}
@ -1469,7 +1483,8 @@ ProcessOpalRequestRevert (
PopUpString = OpalGetPopUpString (Dev, RequestString);
if ((!KeepUserData) &&
(Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME)) {
(Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME))
{
BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds");
PopUpString2 = AllocateZeroPool (BufferSize);
ASSERT (PopUpString2 != NULL);
@ -1520,10 +1535,12 @@ ProcessOpalRequestRevert (
Count++;
continue;
}
PasswordLen = (UINT32)AsciiStrLen (Password);
if ((Dev->OpalDisk.SupportedAttributes.PyriteSsc == 1) &&
(Dev->OpalDisk.LockingFeature.MediaEncryption == 0)) {
(Dev->OpalDisk.LockingFeature.MediaEncryption == 0))
{
//
// For pyrite type device which does not support media encryption,
// it does not accept "Keep User Data" parameter.
@ -1549,6 +1566,7 @@ ProcessOpalRequestRevert (
Dev->OpalDisk.MsidLength
);
}
if (Ret == TcgResultSuccess) {
OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen);
DEBUG ((DEBUG_INFO, "%s Success\n", RequestString));
@ -1588,6 +1606,7 @@ ProcessOpalRequestRevert (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
}
@ -1646,6 +1665,7 @@ ProcessOpalRequestSecureErase (
PopUpString2 = NULL;
PopUpString3 = NULL;
}
Count = 0;
ZeroMem (&Session, sizeof (Session));
@ -1681,6 +1701,7 @@ ProcessOpalRequestSecureErase (
Count++;
continue;
}
PasswordLen = (UINT32)AsciiStrLen (Password);
Ret = OpalUtilSecureErase (&Session, Password, PasswordLen, &PasswordFailed);
@ -1723,6 +1744,7 @@ ProcessOpalRequestSecureErase (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
}
@ -1796,6 +1818,7 @@ ProcessOpalRequestSetUserPwd (
Count++;
continue;
}
OldPasswordLen = (UINT32)AsciiStrLen (OldPassword);
ZeroMem (&Session, sizeof (Session));
@ -1822,6 +1845,7 @@ ProcessOpalRequestSetUserPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Count++;
continue;
}
@ -1834,6 +1858,7 @@ ProcessOpalRequestSetUserPwd (
Count++;
continue;
}
PasswordLen = (UINT32)AsciiStrLen (Password);
PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc);
@ -1845,9 +1870,11 @@ ProcessOpalRequestSetUserPwd (
Count++;
continue;
}
PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm);
if ((PasswordLen != PasswordLenConfirm) ||
(CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) {
(CompareMem (Password, PasswordConfirm, PasswordLen) != 0))
{
ZeroMem (OldPassword, OldPasswordLen);
FreePool (OldPassword);
ZeroMem (Password, PasswordLen);
@ -1863,6 +1890,7 @@ ProcessOpalRequestSetUserPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Count++;
continue;
}
@ -1927,6 +1955,7 @@ ProcessOpalRequestSetUserPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
}
}
@ -1995,6 +2024,7 @@ ProcessOpalRequestSetAdminPwd (
Count++;
continue;
}
OldPasswordLen = (UINT32)AsciiStrLen (OldPassword);
ZeroMem (&Session, sizeof (Session));
@ -2017,6 +2047,7 @@ ProcessOpalRequestSetAdminPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Count++;
continue;
}
@ -2028,6 +2059,7 @@ ProcessOpalRequestSetAdminPwd (
Count++;
continue;
}
PasswordLen = (UINT32)AsciiStrLen (Password);
PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc);
@ -2039,9 +2071,11 @@ ProcessOpalRequestSetAdminPwd (
Count++;
continue;
}
PasswordLenConfirm = (UINT32)AsciiStrLen (PasswordConfirm);
if ((PasswordLen != PasswordLenConfirm) ||
(CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) {
(CompareMem (Password, PasswordConfirm, PasswordLen) != 0))
{
ZeroMem (OldPassword, OldPasswordLen);
FreePool (OldPassword);
ZeroMem (Password, PasswordLen);
@ -2057,6 +2091,7 @@ ProcessOpalRequestSetAdminPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
Count++;
continue;
}
@ -2066,7 +2101,6 @@ ProcessOpalRequestSetAdminPwd (
FreePool (PasswordConfirm);
}
ZeroMem (&Session, sizeof (Session));
Session.Sscp = Dev->OpalDisk.Sscp;
Session.MediaId = Dev->OpalDisk.MediaId;
@ -2122,6 +2156,7 @@ ProcessOpalRequestSetAdminPwd (
NULL
);
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen (gST->ConOut);
}
}
@ -2159,6 +2194,7 @@ ProcessOpalRequest (
if (EFI_ERROR (Status) || (Variable == NULL)) {
return;
}
mOpalRequestVariable = Variable;
mOpalRequestVariableSize = VariableSize;
@ -2184,25 +2220,30 @@ ProcessOpalRequest (
TempVariable = Variable;
while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) &&
(VariableSize >= TempVariable->Length) &&
(TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) {
(TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE)))
{
DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE));
DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable);
DevicePath = Dev->OpalDisk.OpalDevicePath;
DevicePathSize = GetDevicePathSize (DevicePath);
if ((DevicePathSize == DevicePathSizeInVariable) &&
(CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) {
(CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0))
{
//
// Found the node for the OPAL device.
//
if (TempVariable->OpalRequest.SetAdminPwd != 0) {
ProcessOpalRequestSetAdminPwd (Dev, L"Update Admin Pwd:");
}
if (TempVariable->OpalRequest.SetUserPwd != 0) {
ProcessOpalRequestSetUserPwd (Dev, L"Set User Pwd:");
}
if (TempVariable->OpalRequest.SecureErase != 0) {
ProcessOpalRequestSecureErase (Dev, L"Secure Erase:");
}
if (TempVariable->OpalRequest.Revert != 0) {
KeepUserData = (BOOLEAN)TempVariable->OpalRequest.KeepUserData;
ProcessOpalRequestRevert (
@ -2211,12 +2252,15 @@ ProcessOpalRequest (
KeepUserData ? L"Admin Revert(keep):" : L"Admin Revert:"
);
}
if (TempVariable->OpalRequest.PsidRevert != 0) {
ProcessOpalRequestPsidRevert (Dev, L"Psid Revert:");
}
if (TempVariable->OpalRequest.DisableUser != 0) {
ProcessOpalRequestDisableUser (Dev, L"Disable User:");
}
if (TempVariable->OpalRequest.EnableFeature != 0) {
ProcessOpalRequestEnableFeature (Dev, L"Enable Feature:");
}
@ -2404,7 +2448,7 @@ OpalDriverGetDeviceNameByProtocol(
EFI_HANDLE TmpHandle;
CHAR16 *DevName;
if (Dev == NULL || AllHandlesBuffer == NULL || NumAllHandles == 0) {
if ((Dev == NULL) || (AllHandlesBuffer == NULL) || (NumAllHandles == 0)) {
return FALSE;
}
@ -2424,7 +2468,6 @@ OpalDriverGetDeviceNameByProtocol(
return FALSE;
}
//
// Exit early if no supported devices
//
@ -2456,7 +2499,7 @@ OpalDriverGetDeviceNameByProtocol(
NULL,
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (EFI_ERROR(Status) || Cnp1_2 == NULL) {
if (EFI_ERROR (Status) || (Cnp1_2 == NULL)) {
continue;
}
@ -2480,7 +2523,8 @@ OpalDriverGetDeviceNameByProtocol(
&DevName
);
}
if (!EFI_ERROR(Status) && DevName != NULL) {
if (!EFI_ERROR (Status) && (DevName != NULL)) {
StrLength = StrLen (DevName) + 1; // Add one for NULL terminator
Dev->Name16 = AllocateZeroPool (StrLength * sizeof (CHAR16));
ASSERT (Dev->Name16 != NULL);
@ -2509,6 +2553,7 @@ OpalDriverGetDeviceNameByProtocol(
FreePool (Dev->Name16);
Dev->Name16 = NULL;
}
if (Dev->NameZ != NULL) {
FreePool (Dev->NameZ);
Dev->NameZ = NULL;
@ -2702,7 +2747,6 @@ OpalEfiDriverBindingSupported(
Controller
);
return EFI_SUCCESS;
}
@ -2756,6 +2800,7 @@ OpalEfiDriverBindingStart(
if (Controller == Itr->Handle) {
return EFI_SUCCESS;
}
Itr = Itr->Next;
}
@ -2767,6 +2812,7 @@ OpalEfiDriverBindingStart(
if (Dev == NULL) {
return EFI_OUT_OF_RESOURCES;
}
Dev->Handle = Controller;
//
@ -2920,7 +2966,6 @@ OpalEfiDriverBindingStop(
return EFI_NOT_FOUND;
}
/**
Unloads UEFI Driver. Very useful for debugging and testing.
@ -2963,4 +3008,3 @@ OpalEfiDriverUnload (
return Status;
}

1
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h
View File

@ -280,7 +280,6 @@ EfiDriverUnload(
EFI_HANDLE ImageHandle
);
/**
Test to see if this driver supports Controller.

46
SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c
View File

@ -113,13 +113,15 @@ GetSavedOpalRequest (
TempVariable = Variable;
while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) &&
(VariableSize >= TempVariable->Length) &&
(TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) {
(TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE)))
{
DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE));
DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable);
DevicePath = OpalDisk->OpalDevicePath;
DevicePathSize = GetDevicePathSize (DevicePath);
if ((DevicePathSize == DevicePathSizeInVariable) &&
(CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) {
(CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0))
{
//
// Found the node for the OPAL device.
// Get the OPAL request.
@ -132,6 +134,7 @@ GetSavedOpalRequest (
));
break;
}
VariableSize -= TempVariable->Length;
TempVariable = (OPAL_REQUEST_VARIABLE *)((UINTN)TempVariable + TempVariable->Length);
}
@ -190,13 +193,15 @@ SaveOpalRequest (
TempVariableSize = VariableSize;
while ((TempVariableSize > sizeof (OPAL_REQUEST_VARIABLE)) &&
(TempVariableSize >= TempVariable->Length) &&
(TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) {
(TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE)))
{
DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)TempVariable + sizeof (OPAL_REQUEST_VARIABLE));
DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable);
DevicePath = OpalDisk->OpalDevicePath;
DevicePathSize = GetDevicePathSize (DevicePath);
if ((DevicePathSize == DevicePathSizeInVariable) &&
(CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) {
(CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0))
{
//
// Found the node for the OPAL device.
// Update the OPAL request.
@ -206,9 +211,11 @@ SaveOpalRequest (
NewVariableSize = VariableSize;
break;
}
TempVariableSize -= TempVariable->Length;
TempVariable = (OPAL_REQUEST_VARIABLE *)((UINTN)TempVariable + TempVariable->Length);
}
if (NewVariable == NULL) {
//
// The node for the OPAL device is not found.
@ -237,6 +244,7 @@ SaveOpalRequest (
DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *)((UINTN)NewVariable + sizeof (OPAL_REQUEST_VARIABLE));
CopyMem (DevicePathInVariable, DevicePath, DevicePathSize);
}
Status = gRT->SetVariable (
OPAL_REQUEST_VARIABLE_NAME,
(EFI_GUID *)&gHiiSetupVariableGuid,
@ -247,9 +255,11 @@ SaveOpalRequest (
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "OpalRequest variable set failed (%r)\n", Status));
}
if (NewVariable != Variable) {
FreePool (NewVariable);
}
if (Variable != NULL) {
FreePool (Variable);
}
@ -289,6 +299,7 @@ HiiSetCurrentConfiguration(
return;
}
}
HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS1), NewString, NULL);
FreePool (NewString);
@ -305,6 +316,7 @@ HiiSetCurrentConfiguration(
return;
}
}
HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS2), NewString, NULL);
FreePool (NewString);
@ -321,6 +333,7 @@ HiiSetCurrentConfiguration(
return;
}
}
HiiSetString (gHiiPackageListHandle, STRING_TOKEN (STR_BLOCKSID_STATUS3), NewString, NULL);
FreePool (NewString);
}
@ -476,6 +489,7 @@ HiiPopulateMainMenuForm (
if ((DiskName == NULL) || (DiskNameId == 0)) {
return EFI_UNSUPPORTED;
}
HiiSetFormString (DiskNameId, DiskName);
}
}
@ -505,6 +519,7 @@ GetDiskNameStringId(
case 4: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_4);
case 5: return STRING_TOKEN (STR_MAIN_GOTO_DISK_INFO_5);
}
return 0;
}
@ -650,7 +665,6 @@ DriverCallback(
ASSERT (FALSE);
return EFI_SUCCESS;
}
}
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (HiiKeyId) {
@ -689,6 +703,7 @@ DriverCallback(
DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
break;
}
HiiSetBlockSidAction (PpRequest);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
@ -701,6 +716,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
@ -711,6 +727,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
@ -721,6 +738,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
@ -731,6 +749,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
case HII_KEY_ID_KEEP_USER_DATA:
@ -740,6 +759,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
@ -750,6 +770,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
@ -760,6 +781,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
@ -770,6 +792,7 @@ DriverCallback(
if (OpalDisk != NULL) {
SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest);
}
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
@ -823,6 +846,7 @@ HiiPopulateDiskInfoForm(
if (DiskName == NULL) {
return EFI_UNSUPPORTED;
}
HiiSetFormString (STRING_TOKEN (STR_DISK_INFO_SELECTED_DISK_NAME), DiskName);
gHiiConfiguration.SelectedDiskAvailableActions = HII_ACTION_NONE;
@ -944,7 +968,7 @@ RouteConfig(
EFI_STRING *Progress
)
{
if (Configuration == NULL || Progress == NULL) {
if ((Configuration == NULL) || (Progress == NULL)) {
return (EFI_INVALID_PARAMETER);
}
@ -1004,13 +1028,14 @@ ExtractConfig(
//
// Check for valid parameters
//
if (Progress == NULL || Results == NULL) {
if ((Progress == NULL) || (Results == NULL)) {
return (EFI_INVALID_PARAMETER);
}
*Progress = Request;
if ((Request != NULL) &&
!HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName)) {
!HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName))
{
return EFI_NOT_FOUND;
}
@ -1030,6 +1055,7 @@ ExtractConfig(
if (ConfigRequest == NULL) {
return EFI_OUT_OF_RESOURCES;
}
AllocatedRequest = TRUE;
UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
FreePool (ConfigRequestHdr);
@ -1067,7 +1093,6 @@ ExtractConfig(
return (Status);
}
/**
Pass the current system state to the bios via the hii_G_Configuration.
@ -1087,7 +1112,6 @@ OpalHiiSetBrowserData (
);
}
/**
Populate the hii_g_Configuration with the browser Data.
@ -1191,6 +1215,7 @@ OpalDiskInitialize (
if (TcgResult != TcgResultSuccess) {
return EFI_DEVICE_ERROR;
}
Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
TcgResult = OpalUtilGetMsid (&Session, Dev->OpalDisk.Msid, OPAL_MSID_LENGTH, &Dev->OpalDisk.MsidLength);
@ -1280,4 +1305,3 @@ OpalDiskUpdateStatus (
return OpalDiskUpdateOwnerShip (OpalDisk);
}

2
SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c
View File

@ -106,7 +106,9 @@ HiiDiskGetNameCB(
if (Ctx->NameZ == NULL) {
OpalDriverGetDriverDeviceName (Ctx);
}
return Ctx->NameZ;
}
return NULL;
}

Some files were not shown because too many files have changed in this diff Show More