sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
29,611 Commits 13 Branches 33 Tags
2ccefa32a65164da2ec74e8a1e81f90257967c7f
Commit Graph

8 Commits

Author SHA1 Message Date
Bret Barkelew
28f4616fde SecurityPkg: Allow VariablePolicy state to delete authenticated variables 
https://bugzilla.tianocore.org/show_bug.cgi?id=2522

Causes AuthService to check
IsVariablePolicyEnabled() before enforcing
write protections to allow variable deletion
when policy engine is disabled.

Only allows deletion, not modification.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
 2020-11-17 01:03:43 +00:00
Michael D Kinney
289b714b77 SecurityPkg: Replace BSD License with BSD+Patent License 
https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2019-04-09 10:58:23 -07:00
Jagadeesh Ujja
38f3c1b0d2 SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library 
AuthVariableLib library can be used by MM_STANDALONE drivers as well.
So add MM_STANDALONE to the list of module types this library supports.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2019-01-04 11:38:05 +01:00
Zhang, Chao B
560ac77ea1 SecurityPkg: AuthVariableLib: Remove Customized SecureBoot Mode transition. 
Remove Customized SecureBoot Mode transition logic for Mantis 1263, including AuditMode/DeployedMode/PK update management.
  Also remove image verification logic in AuditMode.
The feature has been moved to
  https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
  SHA-1: 4fc08e8d68

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
 2016-05-04 09:13:49 +08:00
Chao Zhang
98c2d96105 SecurityPkg: AuthVariableLib: Add new cert database for volatile time based Auth variable 
Add a new cert data base "certdbv" to store signer certs for volatile time based
Auth variable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19786 6f19259b-4bc3-4df7-8a09-765794883524
 2016-02-02 01:02:31 +00:00
Chao Zhang
4fc08e8d68 SecurityPkg: AuthVariableLib: Customized SecureBoot Mode transition. 
Implement Customized SecureBoot Mode transition logic according to Mantis 1263, including AuditMode/DeployedMode/PK update management.
  Also implement image verification logic in AuditMode. Image Certificate & Hash are recorded to EFI Image Execution Table.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19133 6f19259b-4bc3-4df7-8a09-765794883524
 2015-12-07 06:20:02 +00:00
Star Zeng
e90c57aa97 SecurityPkg AuthVariableLib: Add the missing gEfiAuthenticatedVariableGuid 
There is no real build failure, as AuthVariableLib always links to variable driver.
But for code integrity, we should add it.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18613 6f19259b-4bc3-4df7-8a09-765794883524
 2015-10-16 01:32:48 +00:00
Star Zeng
a6811666b0 SecurityPkg: Implement AuthVariableLib library instance 
What to do:
1. Implement AuthVariableLib library instance.
2. Temporarily add VARIABLE_ENTRY_CONSISTENCY and
variable attribute combinations definitions to
AuthenticatedVariableFormat.h for git bisect.

Why to do:
1. Share code.
Separate auth variable service from Auth Variable driver in
SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17758 6f19259b-4bc3-4df7-8a09-765794883524
 2015-07-01 03:04:59 +00:00