sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,222 Commits 13 Branches 33 Tags
8014ac2d7bbbc503f5562b51af46bb20ae3d22ff
Commit Graph

286 Commits

Author SHA1 Message Date
Linus Liu
cdfe4310dd Pyrite support - Secure erase is only available if encryption is supported. 
https://bugzilla.tianocore.org/show_bug.cgi?id=3004

Cc: Qi Zhang    <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao  <jiewen.yao@intel.com>
Cc: Tina Chen   <tina.chen@intel.com>
Cc: Xiao X Chen <xiao.x.chen@intel.com>
Signed-off-by: Linus Liu <linus.liu@intel.com>
Reviewed-by: Jiewen Yao  <jiewen.yao@intel.com>
 2023-09-13 06:35:02 +00:00
Rebecca Cran
dd0b33e3e5 SecurityPkg: Update code to be more C11 compliant by using __func__ 
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among
others support, while __func__ was standardized in C99.

Since it's more standard, replace __FUNCTION__ with __func__ throughout
SecurityPkg.

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
 2023-04-10 14:19:57 +00:00
Min M Xu
ff8485179c SecurityPkg/TdTcg2Dxe: td-guest shall halt when CcMeasurement install fail 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4335

CcMeasurement protocol is installed when it is supported in a td-guest. If
the installation of the protocol failed, the guest shall go into
CpuDeadLoop. Because the measurement feature is crucial to a td-guest and
it shall stop running immediately at this situation.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2023-02-04 12:30:47 +00:00
Min M Xu
e0dcfb31fb SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1] 
According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable
should be measured and extended to PCR[1], not PCR[5]. This patch is
proposed to fix this error.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
 2023-01-18 04:29:14 +00:00
Min M Xu
5654ce1d2c SecurityPkg: Move TdTcg2Dxe from OvmfPkg to SecurityPkg 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4194

The TdTcg2Dxe lives in the OvmfPkg instead of the SecurityPkg. Having
the TdTcg2Dxe at the same place as Tcg2Dxe will be easier for platforms to
consume.

Definition of PcdCcEventlogAcpiTableLaml and PcdCcEventlogAcpiTableLasa
are also moved from OvmfPkg.dec to SecurityPkg.dec.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Arti Gupta <ARGU@microsoft.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2023-01-06 09:55:14 +00:00
Rodrigo Gonzalez del Cueto
195f011973 SecurityPkg: Reallocate TPM Active PCRs based on platform support 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3515

In V4: Fixed patch format and uncrustify cleanup

In V3: Cleaned up comments, debug prints and updated patch to use the
new debug ENUM definitions.

- Replaced EFI_D_INFO with DEBUG_INFO.
- Replaced EFI_D_VERBOSE with DEBUG_VERBOSE.

In V2: Add case to RegisterHashInterfaceLib logic

RegisterHashInterfaceLib needs to correctly handle registering the HashLib
instance supported algorithm bitmap when PcdTpm2HashMask is set to zero.

The current implementation of SyncPcrAllocationsAndPcrMask() triggers
PCR bank reallocation only based on the intersection between
TpmActivePcrBanks and PcdTpm2HashMask.

When the software HashLibBaseCryptoRouter solution is used, no PCR bank
reallocation is occurring based on the supported hashing algorithms
registered by the HashLib instances.

Need to have an additional check for the intersection between the
TpmActivePcrBanks and the PcdTcg2HashAlgorithmBitmap populated by the
HashLib instances present on the platform's BIOS.

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-12-17 15:03:43 +00:00
Rodrigo Gonzalez del Cueto
8ed8568922 SecurityPkg: Debug code to audit BIOS TPM extend operations 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858

In V2: Fixed patch format and uncrustify cleanup

In V1: Add debug functionality to examine TPM extend operations
performed by BIOS and inspect the PCR 00 value prior to
any BIOS measurements.

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-12-17 15:03:43 +00:00
Michael Kubacki
c411b485b6 SecurityPkg: Apply uncrustify changes 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the SecurityPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2021-12-07 17:24:28 +00:00
Michael D Kinney
f9f4fb2329 SecurityPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3767

Update use of DEBUG_CODE(Expression) if Expression is a complex code
block with if/while/for/case statements that use {}.

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2021-12-07 17:24:28 +00:00
Michael D Kinney
12710fe93b SecurityPkg: Change OPTIONAL keyword usage style 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760

Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params.

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2021-12-07 17:24:28 +00:00
Michael D Kinney
e905fbb05a SecurityPkg: Change use of EFI_D_* to DEBUG_* 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3739

Update all use of EFI_D_* defines in DEBUG() macros to DEBUG_* defines.

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2021-12-07 17:24:28 +00:00
Stefan Berger
2fa89c8e11 SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-09-13 16:53:14 +00:00
Stefan Berger
a4867dea2a SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms 
Import Tcg2PlatformPei from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-09-13 16:53:14 +00:00
Stefan Berger
2906e572c6 SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-09-13 16:53:14 +00:00
Stefan Berger
ebbc8ab2cd SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms 
Import Tcg2PlatformDxe from edk2-platforms without any modifications.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-09-13 16:53:14 +00:00
Michael Kubacki
edf8bc6d24 SecurityPkg/MemoryOverwriteControl: Add missing argument to DEBUG print 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3605

The error message is missing the argument for the status code
print specifier.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2021-09-04 09:03:22 +00:00
Michael Kubacki
54211ab10f SecurityPkg/Tcg2Smm: Initialize local Status variable 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3277

Initializes the Status variable in TcgMmReadyToLock().

Fixes a Clang build failure:
Tcg2Smm.c - SecurityPkg\Tcg\Tcg2Smm\Tcg2Smm.c:254:7: error:
variable 'Status' is used uninitialized whenever 'if'
condition is false [-Werror,-Wsometimes-uninitialized]

Initializing this variable is required to address a practical
scenario in which the return value of TcgMmReadyToLock() is
undefined based on conditional evaluation in the function.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Kun Qin <kun.q@outlook.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 2021-04-13 01:57:43 +00:00
Kun Qin
59a3ccb09e SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region 
This changes added usage of MmUnblockMemoryLib to explicitly request
allocated NVS region to be accessible from MM environment. It will bring
in compatibility with architectures that supports full memory blockage
inside MM.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB31026F3F8C3FAA39D74CE4BAF3969@MWHPR06MB3102.namprd06.prod.outlook.com>
 2021-03-05 15:25:07 +00:00
Kun Qin
8802583c48 SecurityPkg: Tcg2Smm: Added support for Standalone Mm 
https://bugzilla.tianocore.org/show_bug.cgi?id=3169

This change added Standalone MM instance of Tcg2. The notify function for
Standalone MM instance is left empty.

A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid
was created to indicate the readiness of Standalone MM Tcg2 driver.

Lastly, the support of CI build for Tcg2 Standalone MM module is added.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB3102C3F99CBADFCC5F8A821CF3969@MWHPR06MB3102.namprd06.prod.outlook.com>
 2021-03-05 15:25:07 +00:00
Kun Qin
3c2dc30d1b SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3169

This change separated the original Tcg2Smm module into 2 drivers: the
SMM driver that registers callback for physical presence and memory
clear; the Tcg2Acpi driver that patches and publishes ACPI table for
runtime use.

Tcg2Smm introduced an SMI root handler to allow Tcg2Acpi to communicate
the NVS region used by Tpm.asl and exchange the registered SwSmiValue.

Lastly, Tcg2Smm driver will publish gTcg2MmSwSmiRegisteredGuid at the end
of entrypoint to ensure Tcg2Acpi to load after Tcg2Smm is ready to
communicate.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB310295CC623EF7C062844DFFF3969@MWHPR06MB3102.namprd06.prod.outlook.com>
 2021-03-05 15:25:07 +00:00
Kun Qin
e2d6833c11 SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst 
This change replaced gSmst with gMmst to support broader compatibility
under MM environment for Tcg2Smm driver.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Kun Qin <kun.q@outlook.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <MWHPR06MB310218F28C7AAF8DB375E963F3969@MWHPR06MB3102.namprd06.prod.outlook.com>
 2021-03-05 15:25:07 +00:00
Zhiguang Liu
46db105b7b SecurityPkg: Initailize variable Status before it is consumed. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2945

V2: Move "Status = EFI_SUCCESS;" before the EDKII_TCG_PRE_HASH check.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Message-Id: <20200901005505.1722-1-zhiguang.liu@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
 2020-09-01 16:11:24 +00:00
Qi Zhang
547067dd86 SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Message-Id: <20200818062618.3698-8-qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-08-26 15:56:11 +00:00
Michael D Kinney
9b851fd6b2 SecurityPkg/OpalPassword: Fix spelling mistake 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2346

Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-08-19 00:11:57 +00:00
Qi Zhang
3887820e5f SecurityPkg/Tcg2Config: remove TPM2_ChangEPS if it is not supported. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2793

In current implementation TPM2_ChangeEPS command is always available
in the TPM2 operation pull down list in TCG2 Configuration, which
is confusing when the command is not supported by specific TPM chip.
As a user experience improvement, TPM2_ChangeEPS command should be
removed from the list when it is not supported.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
 2020-07-28 09:56:25 +00:00
Guomin Jiang
ffde22468e SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

When we allocate pool to save rebased the PEIMs, the address will change
randomly, therefore the hash will change and result PCR0 change as well.
To avoid this, we save the raw PEIMs and use it to calculate hash.
The TcgPei calculate the hash and it use the Migrated FV Info.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
 2020-07-28 01:43:16 +00:00
Guomin Jiang
012809cdca SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

When we allocate pool to save rebased the PEIMs, the address will change
randomly, therefore the hash will change and result PCR0 change as well.
To avoid this, we save the raw PEIMs and use it to calculate hash.
The Tcg2Pei calculate the hash and it use the Migrated FV Info.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
 2020-07-28 01:43:16 +00:00
Jiewen Yao
1f6fe5cb03 SecurityPkg/Tcg2: Add TcgPpi 
And do some code clean with updated function

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-07-23 01:31:43 +00:00
Jiewen Yao
3e07c65641 SecurityPkg/Tcg: Add TcgPpi 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-07-23 01:31:43 +00:00
Jiewen Yao
f45e3a4afa SecurityPkg/Tcg2Pei: Add missing PCRIndex in FvBlob event. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2840

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-07-11 03:57:26 +00:00
Jiewen Yao
bceaf6952a SecurityPkg/Tcg2Dxe: Add PcdTcgPfpMeasurementRevision in SpecId event. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2839

Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-07-11 03:37:11 +00:00
Michael Kubacki
6e3c834ae4 SecurityPkg Tcg: Use SW SMI IO port PCD in Tpm.asl 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2416

Replaces the hardcoded value of 0xB2 with a PCD for the SMI port access
operation region. This allows platforms to customize the IO port value if
necessary.

Cc: Kun Qin <Kun.Qin@microsoft.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
 2020-04-21 02:20:51 +00:00
GuoMinJ
f9713abe95 SecurityPkg: Issues reported by ECC in EDK2. 
https://bugzilla.tianocore.org/show_bug.cgi?id=2515

Change the SecurityPkg to match the ECC check rule

Signed-off-by: GuoMinJ <newexplorerj@gmail.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
 2020-02-14 07:27:28 +00:00
Antoine Coeur
dd40a1f85c SecurityPkg/Tcg: Fix various typos 
Fix various typos in documentation, comments and debug strings.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Antoine Coeur <coeur@gmx.fr>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
Message-Id: <20200207010831.9046-66-philmd@redhat.com>
[lersek@redhat.com: replace EFI_D_xxx w/ DEBUG_xxx to shut up PatchCheck]
 2020-02-10 22:30:07 +00:00
Jiewen Yao
0286fe8176 SecurityPkg/Tcg2Pei: Add TCG PFP 105 support. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439

Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105.
Use FvName as the description for the FV.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-01-06 06:23:19 +00:00
Jiewen Yao
4fa25853cd SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439

The TCG2 DXE supports to parse the 800-155 event GUID from PEI
and puts to the beginning of the TCG2 event.

The TCG2 DXE also supports a DXE driver produces 800-155 event
and let TCG2 DXE driver record.

The 800-155 is a NO-ACTION event which does not need extend
anything to TPM2. The TCG2 DXE also supports that.

Multiple 800-155 events are supported. All of them will be put
to the beginning of the TCG2 event, just after the SpecId event.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-01-06 06:23:19 +00:00
Jiewen Yao
7e55cf6b48 SecurityPkg/Tcg2Smm: Measure the table before patch. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1940

According to TCG PFP specification: the ACPI table must be
measured prior to any modification, and the measurement
must be same cross every boot cycle.

There is a fix 3a63c17ebc
for the HID data. However that is not enough.
The LAML/LASA and PCD configuration change may also cause
similar problem.

We need measure the table before any update.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <Jiewen.Yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
 2019-12-10 08:00:14 +00:00
Derek Lin
3a63c17ebc SecurityPkg: Fix TPM2 ACPI measurement. 
We have discussed in this thread.
https://edk2.groups.io/g/devel/topic/32205028

Before the change, TPM FW upgrade will impact TPM2 ACPI PCR value because
TPM2 ACPI HID include FW version.

This change make the measurement before TPM2 HID fixup. So, after TPM FW
upgrade, the ACPI PCR record remains the same.

Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2019-11-07 13:11:34 +08:00
Chu, Maggie
1a04951309 SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOL 
https://bugzilla.tianocore.org/show_bug.cgi?id=2327

RAID drivers abstract their physical drives that make up
the array into a single unit, and do not supply individual
EFI_BLOCK_IO_PROTOCOL instances for each physical drive in the array.
This breaks support for the Security Storage Command Protocol,
which currently requires an EFI_BLOCK_IO_PROTOCOL to be associated
with the same device the protocol is installed on and provide
all the same parameters.

This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and
allows access to Opal drive members of a RAID array.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
 2019-11-06 16:16:18 +08:00
Sean Brogan
d6b926e76e SecurityPkg: Fix spelling errors 
https://bugzilla.tianocore.org/show_bug.cgi?id=2265

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2019-10-23 10:23:23 -07:00
Michael D Kinney
6e7e9b9578 SecurityPkg: Change EFI_D_INFO to DEBUG_INFO 
Update DEBUG() macro to use DEBUG_INFO to address PatchCheck.py error.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2019-10-23 10:23:17 -07:00
Liming Gao
e026bb4c39 SecurityPkg Tcg2Dxe: Add Variable Arch protocol dependency 
commit a7e2d20193 introduces the code to
get PcdTpm2AcpiTableRev in the driver entry point. This PCD is designed as
DynamicHii or DynamicHiiEx PCD. So, this PCD depends on Variable service.
To make sure PcdTpm2AcpiTableRev value be got, add Variable service as Depex.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: jiewen Yao <jiewen.yao@intel.com>
 2019-10-18 08:41:50 +08:00
Jiewen Yao
a7e2d20193 SecurityPkg/Tcg2: Add Support Laml, Lasa for TPM2 ACPI. 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=978

Tcg2Dxe produces PcdTpm2AcpiTableLaml/Lasa for event log address.
Tcg2Smm consumes PcdTpm2AcpiTableLaml/Lasa to fill TPM2 ACPI table.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2019-10-11 10:06:51 +08:00
Laszlo Ersek
a629d5b9ef SecurityPkg: fix UninstallMultipleProtocolInterfaces() calls 
Unlike the InstallMultipleProtocolInterfaces() boot service, which takes
an (EFI_HANDLE*) as first parameter, the
UninstallMultipleProtocolInterfaces() boot service takes an EFI_HANDLE as
first parameter.

These are actual bugs. They must have remained hidden until now because
they are all in Unload() functions, which are probably exercised
infrequently. Fix the UninstallMultipleProtocolInterfaces() calls.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
 2019-10-09 09:40:10 +02:00
Liming Gao
26fc074a5f SecurityPkg Tcg2Config: Move common definitions to new Tcg2Internal.h 
Common definitions are not consumed by VFR. They are not required to be
defined in Tcg2ConfigNvData.h with WA way. New shared internal header
file is added to include those common definitions.

Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
 2019-09-17 09:39:03 +08:00
Chu, Maggie
6cbed0e36f SecurityPkg/OpalPassword: Add PCD to skip password prompt 
https://bugzilla.tianocore.org/show_bug.cgi?id=1801
Add a PCD for skipping password prompt in device unlocked status.
Previous change only support if storage device is in locked status.
This change is added to support the case that security status of the
storage device is unlocked.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
 2019-06-10 14:16:07 +08:00
Joe Richey
4000f249ba SecurityPkg: Remove double \r 
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Signed-off-by: Joe Richey <joerichey@google.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by : Chao Zhang <chao.b.zhang@intel.com>
 2019-05-15 12:57:20 +08:00
Eric Dong
46e696088a SecurityPkg/OpalPassword: Fix "Enable Feature" Menu disappear issue 
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

After change behavior to send BlockSid command at EndOfDxe point,
check device ownership command will return un-authority error, it
finally caused opal driver can't show "Enable Feature" menu.

Update the code logic to send detect device ownership command
before send BlockSID command.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
 2019-05-09 14:32:52 +08:00
Eric Dong
539a6c9318 SecurityPkg/OpalPassword: Change send BlockSID policy 
https://bugzilla.tianocore.org/show_bug.cgi?id=1782

Change Send BlockSID command time from ReadyToBoot to
EndOfDxe.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
 2019-05-09 14:32:49 +08:00
Chu, Maggie
f5245a1db1 SecurityPkg/OpalPassword: Add warning message for Secure Erase 
https://bugzilla.tianocore.org/show_bug.cgi?id=1753
Add pop-up warning messages before secure erase action.
In order to notify user the secure erase action will take a longer time.
This change also fix some pop-up windows are unable to show up
complete message due to some strings are too long.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
 2019-05-08 09:17:36 +08:00