sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
29,319 Commits 13 Branches 33 Tags
system76-stable202108
Commit Graph

27 Commits

Author SHA1 Message Date
Guomin Jiang
ffde22468e SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

When we allocate pool to save rebased the PEIMs, the address will change
randomly, therefore the hash will change and result PCR0 change as well.
To avoid this, we save the raw PEIMs and use it to calculate hash.
The TcgPei calculate the hash and it use the Migrated FV Info.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
 2020-07-28 01:43:16 +00:00
Jiewen Yao
3e07c65641 SecurityPkg/Tcg: Add TcgPpi 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-07-23 01:31:43 +00:00
Antoine Coeur
dd40a1f85c SecurityPkg/Tcg: Fix various typos 
Fix various typos in documentation, comments and debug strings.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-66-philmd@redhat.com>
[lersek@redhat.com: replace EFI_D_xxx w/ DEBUG_xxx to shut up PatchCheck]
 2020-02-10 22:30:07 +00:00
Sean Brogan
d6b926e76e SecurityPkg: Fix spelling errors 
https://bugzilla.tianocore.org/show_bug.cgi?id=2265

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2019-10-23 10:23:23 -07:00
Michael D Kinney
289b714b77 SecurityPkg: Replace BSD License with BSD+Patent License 
https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2019-04-09 10:58:23 -07:00
Star Zeng
aa8c6e2ad3 SecurityPkg Tcg(2)Pei: Remove the using of PcdPeiCoreMaxFvSupported 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1405

Background as below.

Problem:
As static configuration from the PCDs, the binary PeiCore (for example
in FSP binary with dispatch mode) could not predict how many FVs,
Files or PPIs for different platforms.

Burden:
Platform developers need configure the PCDs accordingly for different
platforms.

To solve the problem and remove the burden, we can update PeiCore to
remove the using of PcdPeiCoreMaxFvSupported, PcdPeiCoreMaxPeimPerFv
and PcdPeiCoreMaxPpiSupported by extending buffer dynamically for FV,
File and PPI management.

This patch removes the using of PcdPeiCoreMaxFvSupported in Tcg(2)Pei.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
 2018-12-19 12:33:28 +08:00
Dandan Bi
d9c5beb159 SecurityPkg/Tcg: Add use case for new Perf macro 
Add an example case for the usage of
PERF_CALLBACK_BEGIN/PERF_CALLBACK_END

Cc: Liming Gao <liming.gao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Dandan Bi <dandan.bi@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang<chao.b.zhang@intel.com>
 2018-07-26 13:37:59 +08:00
Liming Gao
b3548d32dd SecurityPkg: Clean up source files 
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
 2018-06-28 11:19:50 +08:00
Zhang, Chao B
42b8555161 SecurityPkg: TcgPei: Sync TCG PP lifetime lock state 
Sync TCG lifetime lock state after performing PP command.
Later logic checks such state.

Cc: Long Qin <qin.long@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
 2017-01-06 09:57:05 +08:00
Michael Kinney
45500265b3 SecurityPkg/TcgPei: Use updated Tpm12CommandLib APIs 
Use the following new APIs in Tpm12CommandLib and remove duplicate
code from TcgPei and TcgDxe:
  Tpm12Extend()
  Tpm12PhysicalPresence()
  Tpm12ContinueSelfTest()
  Tpm12GetCapabilityFlagPermanent()
  Tpm12GetCapabilityFlagVolatile()

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19728 6f19259b-4bc3-4df7-8a09-765794883524
 2016-01-21 19:30:14 +00:00
Michael Kinney
b558f8bceb SecurityPkg/TcgPei: Replace TpmCommLib with Tpm12DeviceLib 
Update TCG drivers for TPM 1.2 devices to use Tpm12DeviceLib instead
of TpmCommLib.  This is required to support TPM 1.2 hardware devices
that are not on LPC bus.

The current versions of the TCG PEIM and DXE driver contain
MMIO reads/writes to a TPM attached to an LPC bus.  In order
to support TPMs that are connected to other bus types, the
TGC PEIM and DXE drivers must be updated to not perform any
direct register accesses to any TPMs.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19721 6f19259b-4bc3-4df7-8a09-765794883524
 2016-01-21 19:29:19 +00:00
Yao, Jiewen
3dd05ac3e6 Add performance optimization for Tcg/TrEE. 
Add error check for Tcg/TrEE Pei/Dxe driver to avoid unnecessary hardware check for performance optimization.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zeng, Star" <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17004 6f19259b-4bc3-4df7-8a09-765794883524
 2015-03-04 01:15:08 +00:00
Yao, Jiewen
83a276f613 Add TpmInitializationDonePpi to TPM PEI module. 
This PPI will always be installed to notify other drivers that TPM initialization action is done. TPM initialization may success or fail, or even not present.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>
Reviewed-by: "Chiu, Chasel" <chasel.chiu@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16638 6f19259b-4bc3-4df7-8a09-765794883524
 2015-01-22 05:14:23 +00:00
Yao, Jiewen
6f785cfcc3 Handle TPM device error and avoid deadloop in BDS. 
If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled.
Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524
 2015-01-12 03:21:00 +00:00
Dong, Guo
b5412eac9e Update TcgPei and TrEEPei driver to make gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported to be used as patchable PCD instead of Fixed PCD. 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15848 6f19259b-4bc3-4df7-8a09-765794883524
 2014-08-20 09:37:26 +00:00
Star Zeng
387208ab04 MdeModulePkg/SecurityPkg: Update TreePei to handle FvInfo2 and update FwVol of PeiCore to always install both FvInfo and FvInfo2. 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15467 6f19259b-4bc3-4df7-8a09-765794883524
 2014-04-15 09:19:04 +00:00
Dong Guo
2bc363714e Remove hide TPM support. 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Ni, Ruiyu <ruiyu.ni@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15405 6f19259b-4bc3-4df7-8a09-765794883524
 2014-03-27 11:03:04 +00:00
Star Zeng
c79351059e 1. Enable use-cases in PEI using SecurityPPI co-equal to the use-cases in DXE using the Security Arch Protocol 
2. Add support to find section by instance rather than only 0 at PEI phase.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14763 6f19259b-4bc3-4df7-8a09-765794883524
 2013-10-11 03:54:13 +00:00
jyao1
c1d932429e Add TPM2 implementation. 
signed off by: jiewen.yao@intel.com
reviewed by: guo.dong@intel.com

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14687 6f19259b-4bc3-4df7-8a09-765794883524
 2013-09-18 05:31:18 +00:00
czhang46
6f6c7857c2 Remove TPM selftest on S3 boot path to save time 
Signed-off-by : Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by   : Dong Guo   <guo.dong@intel.com>
Reviewed-by   : Yao Jiewen <jieweng.yao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13873 6f19259b-4bc3-4df7-8a09-765794883524
 2012-10-22 04:35:59 +00:00
czhang46
0758c830f7 Rename Trusted Hob to Measured FV hob and add Guided Hob layout structure 
Signed-off-by : Chao Zhang<chao.b.zhang@intel.com>
Reviewed-by   : Dong Guo  <guo.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13762 6f19259b-4bc3-4df7-8a09-765794883524
 2012-09-28 00:57:02 +00:00
czhang46
2aadc9205b Enable TPM measurement lib to measure all PE image from a FV unmeasured by TcgPei 
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong, Guo  <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13714 6f19259b-4bc3-4df7-8a09-765794883524
 2012-09-11 02:26:50 +00:00
czhang46
8cc068142f fix compile error in TcgPei 
signed-off-by: Zhang Chao <chao.b.zhang@intel.com>
reviewed-by  : Dong Guo   <guo.dong@inte.com> 

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13699 6f19259b-4bc3-4df7-8a09-765794883524
 2012-09-05 00:32:12 +00:00
czhang46
055c829c42 TcgPei need to measure anything to PCR in S3 bootpath, so skip shadow logic. 
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Fu, Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13685 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-28 03:16:10 +00:00
czhang46
333a53ee5b Use firmware version instead of hardcode string for S-CRTM version identifier 
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Fu, Siyuan <siyuan.fu@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13677 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-27 00:52:18 +00:00
gdong1
5a50033236 Enhance TCG driver to provide TPM physical presence lifetime lock capability. 
Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>




git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13555 6f19259b-4bc3-4df7-8a09-765794883524
 2012-07-26 05:11:47 +00:00
gdong1
0c18794ea4 Add security package to repository. 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
 2011-09-02 07:49:32 +00:00