sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,735 Commits 13 Branches 33 Tags
713ffa208e3a9c71a84b1b0743c536662af6ba8c
Commit Graph

21 Commits

Author SHA1 Message Date
tye1
64470c17df Remove useless MD5 OID ASN.1 value from DxeImageVerificationLib. 
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13854 6f19259b-4bc3-4df7-8a09-765794883524
 2012-10-17 02:26:11 +00:00
sfu5
84bce75b08 Check the value of Hdr.dwLength for signed EFI image before image validation. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13701 6f19259b-4bc3-4df7-8a09-765794883524
 2012-09-06 02:15:59 +00:00
sfu5
f6f9031f8e Update the DxeImageVerificationLib to handle the signed image which CertType is set to EFI_CERT_TYPE_PKCS7_GUID. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13672 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-23 07:55:35 +00:00
lgao4
5db28a6753 Add PI1.2.1 SAP2 support and UEFI231B mantis 896 
1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2

Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Guo Dong <dong.guo@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-22 02:33:00 +00:00
sfu5
50fe73a1aa 1. Remove the code path which use X509 cert in KEK to validate PKCS7 signed image. 
2. Remove the code path to validate UEFI image signed by RSA2048 key.
3. Disable the ALLOW_EXECUTE/DEFER_EXECUTE/QUERY_USER policy PCD.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13636 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-15 01:39:43 +00:00
sfu5
3277a4e5ed Fix a bug in DxeImageVerificationLib which will pass incorrect trust cert size to AuthenticodeVerify() function. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13526 6f19259b-4bc3-4df7-8a09-765794883524
 2012-07-12 01:13:37 +00:00
sfu5
8f8ca22e59 1. Reset system when user changes secure boot state in secure boot configuration form. 
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
 2012-07-05 08:08:12 +00:00
jyao1
dc204d5a0f Add comment for modules which have external input. 
signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
 2012-06-12 08:28:43 +00:00
sfu5
de2447dd4c Fix compatibility issue when using IPF image with PE32 magic value in the OptionalHeader. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13433 6f19259b-4bc3-4df7-8a09-765794883524
 2012-06-08 02:09:48 +00:00
ydong10
f01b91ae42 Fixed build failed. 
Signed-off-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13406 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-31 08:35:48 +00:00
ydong10
bf4a3dbd47 Add new interface GetVariable2 and GetEfiGlobalVariable2 to return more info. Also replace old interface with new one. 
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13375 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-30 07:36:00 +00:00
sfu5
4ef15e6e33 Fix a bug in DxeImageVerificationLib to use the correct certificate length when verifying a signed EFI image. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13364 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-28 04:51:53 +00:00
tye1
badd40f9d4 Removes redundant code and adds data size check for certificate data in DxeImageVerificationLib. 
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Eric <yong.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13291 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-08 02:53:49 +00:00
tye1
551d808116 Enhances PE image hash algorithm in DxeImageVerificationLib and DxeTpmMeasureBootLib. 
Signed-off-by: Ye Ting<ting.ye@intel.com>
Reviewed by: Dong, Eric <yong.dong@intel.com>
Reviewed by: Dong, Guo <guo.dong@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13228 6f19259b-4bc3-4df7-8a09-765794883524
 2012-04-28 07:48:15 +00:00
ydong10
e0192326ae Patch include: 
1.Change function name to avoid name conflict.
2.Refine check for Pe Image.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13220 6f19259b-4bc3-4df7-8a09-765794883524
 2012-04-26 01:50:34 +00:00
ydong10
28186d4566 Validate some fields in PE image to make sure not access violation for later code. 
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13211 6f19259b-4bc3-4df7-8a09-765794883524
 2012-04-24 03:00:32 +00:00
sfu5
bd0de3963b 1. Add more error handling code to DxeImageVerificationLib and BaseCryptLib. 
Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13109 6f19259b-4bc3-4df7-8a09-765794883524
 2012-03-19 05:10:46 +00:00
xdu2
45bf2c4789 SecurityPkg: Update DxeImageVerificationLib with following changes: 
1. Update to check image digest against dbx before execute it.
2. Update to support revoke certificate.
3. Update to support enroll unsigned PE image's Hash to allowed database (db). (Note: Unsigned Image's Hash is calculated in the same way with authenticode, the algorithm is assumed to be SHA256.)

Signed-off-by: xdu2
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12598 6f19259b-4bc3-4df7-8a09-765794883524
 2011-10-28 09:54:08 +00:00
qianouyang
beda2356f5 Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup browser. 
Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
 2011-10-28 03:46:20 +00:00
hhuan13
570b3d1a72 1. Enhance DxeImageVerificationLib to avoid some corrupted input. 
Signed-off-by: hhuan13
Reviewed-by: qlong


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12399 6f19259b-4bc3-4df7-8a09-765794883524
 2011-09-21 05:23:55 +00:00
gdong1
0c18794ea4 Add security package to repository. 
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
 2011-09-02 07:49:32 +00:00