Ard Biesheuvel 
							
						 
					 
					
						
						
							
						
						2e728930aa 
					 
					
						
						
							
							SecurityPkg: put missing empty lines at the end of some header files  
						
						... 
						
						
						
						Some compilers (like RVCT) reject input files that do not end in a
newline. So add missing newlines to some SecurityPkg header files.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org >
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19107  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-12-03 08:51:27 +00:00 
						 
				 
			
				
					
						
							
							
								Chao Zhang 
							
						 
					 
					
						
						
							
						
						13a220a998 
					 
					
						
						
							
							SecurityPkg: Update SignatureSize to comply UEFI spec  
						
						... 
						
						
						
						Update SignatureSize to include SignatureOwner GUID. This behavior is defined by UEFI spec
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com >
Reviewed-by: Qin Long <qin.long@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18226  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-08-17 02:50:26 +00:00 
						 
				 
			
				
					
						
							
							
								Chao Zhang 
							
						 
					 
					
						
						
							
						
						1ca3a09938 
					 
					
						
						
							
							SecurityPkg: Fix DBX Variable Read Error in ImageVerificationLib  
						
						... 
						
						
						
						ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com >
Reviewed-by: Qin Long <qin.long@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17981  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-07-15 02:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Liming Gao 
							
						 
					 
					
						
						
							
						
						3cd2484e3a 
					 
					
						
						
							
							SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySize  
						
						... 
						
						
						
						Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment
Signature field. So, its structure doesn't include Signature field. But,
ImageExeInfoEntrySize uses its structure size minor Signature size. It
will be corrected in this change.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com >
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17687  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-06-23 10:48:30 +00:00 
						 
				 
			
				
					
						
							
							
								Chao Zhang 
							
						 
					 
					
						
						
							
						
						d863e127a2 
					 
					
						
						
							
							SecurityPkg: Fix wrong cert data measurement in DBX path  
						
						... 
						
						
						
						Fix wrong cert data measurement when image is rejected by DBX
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com >
Reviewed-by: Long Qin <qin.long@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17591  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-06-09 05:20:06 +00:00 
						 
				 
			
				
					
						
							
							
								Shumin Qiu 
							
						 
					 
					
						
						
							
						
						69f8bb5288 
					 
					
						
						
							
							SecurityPkg: Fix typo.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com >
Reviewed-by: Guo Dong <guo.dong@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17047  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-03-13 08:25:27 +00:00 
						 
				 
			
				
					
						
							
							
								Long, Qin 
							
						 
					 
					
						
						
							
						
						3f63bc365d 
					 
					
						
						
							
							Add the missed local variable initialization to remove the possible warning.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com >
Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com >
Reviewed-by: "Dong, Guo" <guo.dong@initel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16763  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-02-05 05:37:10 +00:00 
						 
				 
			
				
					
						
							
							
								Long, Qin 
							
						 
					 
					
						
						
							
						
						27c93c06c0 
					 
					
						
						
							
							Correct the DBX and Certificate Hash Checking.  
						
						... 
						
						
						
						Add the missed image signature verification against DBX;
and add the missed logic to enhance the certificate hash checking when handling DB database.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com >
Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com >
Reviewed-by: "Dong, Guo" <guo.dong@initel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16744  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2015-02-04 08:19:53 +00:00 
						 
				 
			
				
					
						
							
							
								Long, Qin 
							
						 
					 
					
						
						
							
						
						12d95665cb 
					 
					
						
						
							
							Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec.  
						
						... 
						
						
						
						This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, 
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com >
Reviewed-by: "Dong, Guo" <guo.dong@initel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-12-25 08:37:08 +00:00 
						 
				 
			
				
					
						
							
							
								Dong Guo 
							
						 
					 
					
						
						
							
						
						5789fe3587 
					 
					
						
						
							
							correct a data type error.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com >
Reviewed-by: Dong Eric <eric.dong@intel.com >
Reviewed-by: Long Qin <qin.long@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16498  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-12-11 06:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Dong Guo 
							
						 
					 
					
						
						
							
						
						213cc1000e 
					 
					
						
						
							
							Add failed image Name in the Image Execution Information Table.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong Guo <guo.dong@intel.com >
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16493  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-12-10 08:09:20 +00:00 
						 
				 
			
				
					
						
							
							
								Qin Long 
							
						 
					 
					
						
						
							
						
						7e0699c06e 
					 
					
						
						
							
							Code clean-up to eliminate potential "dereferenced pointer" warning.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com > 
Reviewed-by: Guo Dong <guo.dong@intel.com >
Reviewed-by: Eric Dong <eric.dong@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16468  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-12-03 07:40:32 +00:00 
						 
				 
			
				
					
						
							
							
								Qin Long 
							
						 
					 
					
						
						
							
						
						2bf41ed7dc 
					 
					
						
						
							
							Correct the alignment calculation of PE/COFF attribute certificate entry.  
						
						... 
						
						
						
						This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com > 
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com >
Reviewed-by: Guo Dong <guo.dong@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-11-26 08:21:54 +00:00 
						 
				 
			
				
					
						
							
							
								Qin Long 
							
						 
					 
					
						
						
							
						
						20333c6d56 
					 
					
						
						
							
							UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot  
						
						... 
						
						
						
						Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qin Long <qin.long@intel.com > 
Reviewed-by: Guo Dong <guo.dong@intel.com >
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-11-14 08:41:12 +00:00 
						 
				 
			
				
					
						
							
							
								Chao Zhang 
							
						 
					 
					
						
						
							
						
						33985e3b52 
					 
					
						
						
							
							Fix execution status & DEBUG message level mismatch. EFI_D_ERROR is used only when failure/case can’t be resolved by code.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16320  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-11-10 05:01:15 +00:00 
						 
				 
			
				
					
						
							
							
								Gao, Liming 
							
						 
					 
					
						
						
							
						
						4cfde6dea6 
					 
					
						
						
							
							SecurityPkg: Convert non DOS format files to DOS format  
						
						... 
						
						
						
						Module UNI and Package UNI files are not DOS format. Convert them to DOS format.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16050  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-09-03 08:51:17 +00:00 
						 
				 
			
				
					
						
							
							
								Dong, Guo 
							
						 
					 
					
						
						
							
						
						aced95158d 
					 
					
						
						
							
							SecurityPkg: INF/DEC file updates to EDK II packages  
						
						... 
						
						
						
						2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module.
a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema
b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion.
c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion.
3. Add Module Extra UNI file that provides the localized Name of a module.
a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file.
b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation.
c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com >
Reviewed-by: Gao, Liming <liming.gao@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15951  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-08-28 05:34:23 +00:00 
						 
				 
			
				
					
						
							
							
								Dong, Guo 
							
						 
					 
					
						
						
							
						
						60c944c7d6 
					 
					
						
						
							
							SecurityPkg: INF/DEC file updates to EDK II packages  
						
						... 
						
						
						
						1. Usage information in INF file comment blocks are either incomplete or incorrect.  
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.  
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com >
Reviewed-by: Gao, Liming <liming.gao@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15950  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-08-28 05:31:09 +00:00 
						 
				 
			
				
					
						
							
							
								Eric Dong 
							
						 
					 
					
						
						
							
						
						1fee5304db 
					 
					
						
						
							
							Refine code to make it more safely.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com >
Reviewed-by: Guo Dong <guo.dong@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15590  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-06-25 06:00:49 +00:00 
						 
				 
			
				
					
						
							
							
								Dong, Guo 
							
						 
					 
					
						
						
							
						
						ffccb935fa 
					 
					
						
						
							
							Update code to always publish EFI_IMAGE_EXECUTION_INFO_TABLE.  
						
						... 
						
						
						
						Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com >
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com >
Reviewed-by: Gao, Liming <liming.gao@intel.com >
Reviewed-by: Zhang, Chao B <chao.b.zhang@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15585  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2014-06-25 02:02:22 +00:00 
						 
				 
			
				
					
						
							
							
								Fu Siyuan 
							
						 
					 
					
						
						
							
						
						68fc0c7319 
					 
					
						
						
							
							Update DEC file and DxeImageVerificationLib to note user that ALLOW_EXECUTE_ON_SECURITY_VIOLATION is no longer supported.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Dong, Guo <guo.dong@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14923  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-12-02 07:52:35 +00:00 
						 
				 
			
				
					
						
							
							
								jyao1 
							
						 
					 
					
						
						
							
						
						c1d932429e 
					 
					
						
						
							
							Add TPM2 implementation.  
						
						... 
						
						
						
						signed off by: jiewen.yao@intel.com 
reviewed by: guo.dong@intel.com 
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14687  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-09-18 05:31:18 +00:00 
						 
				 
			
				
					
						
							
							
								Fu Siyuan 
							
						 
					 
					
						
						
							
						
						db44ea6c4e 
					 
					
						
						
							
							1. Change default PCD in SecurityPkg to 4 (DENY_EXECUTE) in DEC file.  
						
						... 
						
						
						
						2. ASSERT if PCD value is set to 5 (QUERY_USER_ON_SECURITY_VIOLATION).
3. Update override PCD setting from 5 to 4 in platform DSC file.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com >
Reviewed-by: Ye Ting <ting.ye@intel.com >
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14607  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-08-28 09:06:40 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						0ba17ade47 
					 
					
						
						
							
							Fix a bug that “SecureBoot” varaible will be updated to NV+AT attribute incorrectly.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-05-17 08:05:01 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						7403ff5b9f 
					 
					
						
						
							
							Fix a bug that IsSignatureFoundInDatabase() incorrectly computes CertCount.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ye Ting  <ting.ye@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14165  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-03-06 01:42:04 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						6de4c35f99 
					 
					
						
						
							
							Update the DxeImageVerificationLib to support for Authenticode-signed UEFI images with multiple signatures.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ye Ting  <ting.ye@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14141  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2013-02-21 05:00:21 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						b3d4217001 
					 
					
						
						
							
							Add a NULL string to the Image Execution Information Table if the Name is NULL in function AddImageExeInfo().  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ye Ting  <ting.ye@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13990  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-12-12 03:03:07 +00:00 
						 
				 
			
				
					
						
							
							
								tye1 
							
						 
					 
					
						
						
							
						
						64470c17df 
					 
					
						
						
							
							Remove useless MD5 OID ASN.1 value from DxeImageVerificationLib.  
						
						... 
						
						
						
						Signed-off-by: Ye Ting <ting.ye@intel.com >
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13854  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-10-17 02:26:11 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						84bce75b08 
					 
					
						
						
							
							Check the value of Hdr.dwLength for signed EFI image before image validation.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ye Ting  <ting.ye@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13701  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-09-06 02:15:59 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						f6f9031f8e 
					 
					
						
						
							
							Update the DxeImageVerificationLib to handle the signed image which CertType is set to EFI_CERT_TYPE_PKCS7_GUID.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ye Ting  <ting.ye@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13672  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-08-23 07:55:35 +00:00 
						 
				 
			
				
					
						
							
							
								lgao4 
							
						 
					 
					
						
						
							
						
						5db28a6753 
					 
					
						
						
							
							Add PI1.2.1 SAP2 support and UEFI231B mantis 896  
						
						... 
						
						
						
						1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2
Signed-off-by: Liming Gao <liming.gao@intel.com >
Reviewed-by: Guo Dong <dong.guo@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-08-22 02:33:00 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						50fe73a1aa 
					 
					
						
						
							
							1. Remove the code path which use X509 cert in KEK to validate PKCS7 signed image.  
						
						... 
						
						
						
						2. Remove the code path to validate UEFI image signed by RSA2048 key.
3. Disable the ALLOW_EXECUTE/DEFER_EXECUTE/QUERY_USER policy PCD.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Ye Ting  <ting.ye@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13636  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-08-15 01:39:43 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						3277a4e5ed 
					 
					
						
						
							
							Fix a bug in DxeImageVerificationLib which will pass incorrect trust cert size to AuthenticodeVerify() function.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
Reviewed-by: Ye Ting <ting.ye@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13526  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-07-12 01:13:37 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						8f8ca22e59 
					 
					
						
						
							
							1. Reset system when user changes secure boot state in secure boot configuration form.  
						
						... 
						
						
						
						2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
Reviewed-by: Ye Ting <ting.ye@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-07-05 08:08:12 +00:00 
						 
				 
			
				
					
						
							
							
								jyao1 
							
						 
					 
					
						
						
							
						
						dc204d5a0f 
					 
					
						
						
							
							Add comment for modules which have external input.  
						
						... 
						
						
						
						signed-off-by: jiewen.yao@intel.com 
reviewed-by: guo.dong@intel.com 
reviewed-by: ting.ye@intel.com 
reviewed-by: liming.gao@intel.com 
reviewed-by: elvin.li@intel.com 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-06-12 08:28:43 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						de2447dd4c 
					 
					
						
						
							
							Fix compatibility issue when using IPF image with PE32 magic value in the OptionalHeader.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
Reviewed-by: Ye Ting <ting.ye@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13433  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-06-08 02:09:48 +00:00 
						 
				 
			
				
					
						
							
							
								ydong10 
							
						 
					 
					
						
						
							
						
						f01b91ae42 
					 
					
						
						
							
							Fixed build failed.  
						
						... 
						
						
						
						Signed-off-by: Eric Dong <eric.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13406  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-05-31 08:35:48 +00:00 
						 
				 
			
				
					
						
							
							
								ydong10 
							
						 
					 
					
						
						
							
						
						bf4a3dbd47 
					 
					
						
						
							
							Add new interface GetVariable2 and GetEfiGlobalVariable2 to return more info. Also replace old interface with new one.  
						
						... 
						
						
						
						Signed-off-by: Eric Dong <eric.dong@intel.com >
Reviewed-by: Liming Gao <liming.gao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13375  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-05-30 07:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						4ef15e6e33 
					 
					
						
						
							
							Fix a bug in DxeImageVerificationLib to use the correct certificate length when verifying a signed EFI image.  
						
						... 
						
						
						
						Signed-off-by: Fu Siyuan <siyuan.fu@intel.com >
Reviewed-by: Dong Guo <guo.dong@intel.com >
Reviewed-by: Ye Ting <ting.ye@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13364  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-05-28 04:51:53 +00:00 
						 
				 
			
				
					
						
							
							
								tye1 
							
						 
					 
					
						
						
							
						
						badd40f9d4 
					 
					
						
						
							
							Removes redundant code and adds data size check for certificate data in DxeImageVerificationLib.  
						
						... 
						
						
						
						Signed-off by: Ye Ting <ting.ye@intel.com >
Reviewed-by: Dong Eric <yong.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13291  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-05-08 02:53:49 +00:00 
						 
				 
			
				
					
						
							
							
								tye1 
							
						 
					 
					
						
						
							
						
						551d808116 
					 
					
						
						
							
							Enhances PE image hash algorithm in DxeImageVerificationLib and DxeTpmMeasureBootLib.  
						
						... 
						
						
						
						Signed-off-by: Ye Ting<ting.ye@intel.com >
Reviewed by: Dong, Eric <yong.dong@intel.com >
Reviewed by: Dong, Guo <guo.dong@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13228  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-04-28 07:48:15 +00:00 
						 
				 
			
				
					
						
							
							
								ydong10 
							
						 
					 
					
						
						
							
						
						e0192326ae 
					 
					
						
						
							
							Patch include:  
						
						... 
						
						
						
						1.Change function name to avoid name conflict.
2.Refine check for Pe Image.
Signed-off-by: Eric Dong <eric.dong@intel.com >
Reviewed-by: Liming Gao <liming.gao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13220  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-04-26 01:50:34 +00:00 
						 
				 
			
				
					
						
							
							
								ydong10 
							
						 
					 
					
						
						
							
						
						28186d4566 
					 
					
						
						
							
							Validate some fields in PE image to make sure not access violation for later code.  
						
						... 
						
						
						
						Signed-off-by: Eric Dong <eric.dong@intel.com >
Reviewed-by: Liming Gao <liming.gao@intel.com >
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13211  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-04-24 03:00:32 +00:00 
						 
				 
			
				
					
						
							
							
								sfu5 
							
						 
					 
					
						
						
							
						
						bd0de3963b 
					 
					
						
						
							
							1. Add more error handling code to DxeImageVerificationLib and BaseCryptLib.  
						
						... 
						
						
						
						Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13109  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2012-03-19 05:10:46 +00:00 
						 
				 
			
				
					
						
							
							
								xdu2 
							
						 
					 
					
						
						
							
						
						45bf2c4789 
					 
					
						
						
							
							SecurityPkg: Update DxeImageVerificationLib with following changes:  
						
						... 
						
						
						
						1. Update to check image digest against dbx before execute it.
2. Update to support revoke certificate.
3. Update to support enroll unsigned PE image's Hash to allowed database (db). (Note: Unsigned Image's Hash is calculated in the same way with authenticode, the algorithm is assumed to be SHA256.)
Signed-off-by: xdu2
Reviewed-by: tye
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12598  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2011-10-28 09:54:08 +00:00 
						 
				 
			
				
					
						
							
							
								qianouyang 
							
						 
					 
					
						
						
							
						
						beda2356f5 
					 
					
						
						
							
							Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup browser.  
						
						... 
						
						
						
						Signed-off-by: qianouyang
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2011-10-28 03:46:20 +00:00 
						 
				 
			
				
					
						
							
							
								hhuan13 
							
						 
					 
					
						
						
							
						
						570b3d1a72 
					 
					
						
						
							
							1. Enhance DxeImageVerificationLib to avoid some corrupted input.  
						
						... 
						
						
						
						Signed-off-by: hhuan13
Reviewed-by: qlong
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12399  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2011-09-21 05:23:55 +00:00 
						 
				 
			
				
					
						
							
							
								gdong1 
							
						 
					 
					
						
						
							
						
						0c18794ea4 
					 
					
						
						
							
							Add security package to repository.  
						
						... 
						
						
						
						git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261  6f19259b-4bc3-4df7-8a09-765794883524 
						
						
					 
					
						2011-09-02 07:49:32 +00:00