system76-edk2

Author	SHA1	Message	Date
Michael D Kinney	e905fbb05a	SecurityPkg: Change use of EFI_D_* to DEBUG_* REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3739 Update all use of EFI_D_* defines in DEBUG() macros to DEBUG_* defines. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-12-07 17:24:28 +00:00
Michael D Kinney	60fa40be45	SecurityPkg: Update YAML to ignore specific ECC files/errors REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3749 Update package YAML files to ignore ECC errors that are already present. These issues must be fixed in the future, but should not block source code changes for these known issues. Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com>	2021-11-30 14:19:07 +00:00
Michael D Kinney	d939a25d41	SecurityPkg: Reproduce builds across source format changes REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3688 Use DEBUG_LINE_NUMBER instead of __LINE__. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Tested-by: Michael Kubacki <michael.kubacki@microsoft.com>	2021-11-08 18:01:35 +00:00
Michael D Kinney	c1f2287635	SecurityPkg/SecurityPkg.dsc: Add missing RngLib for ARM and RISCV64 Fix SecurityPkg build breaks for ARM and RISCV64 by adding RngLib mapping. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Abner Chang <abner.chang@hpe.com> Cc: Daniel Schaefer <daniel.schaefer@hpe.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Abner Chang <abner.chang@hpe.com> Reviewed-by: Daniel Schaefer <daniel.schaefer@hpe.com>	2021-11-05 19:44:11 +00:00
Guomin Jiang	c8594a5311	SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2673 M mean that Measured Boot, V mean that Verified Boot. The FvReport do below: 1. Do nothing if neither M nor V 2. Allocate pages to save the firmware volume and use it to install firmware info Ppi 3. Install PreHashFv Ppi if the FV need measurement. 4. Verify the Hash if the FV need verification Notes: 1. The component is used to verify the FV or measure the FV 2. Copy action is just for security purpose but not main purpose. 3. If you use this component, Doesn't need to copy in other compoent which result time consumption. Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-10-31 16:52:12 +00:00
Stefan Berger	282122ec5f	ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib Add a NULL implementation of the library class TpmPlatformHierarchyLib. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3510 Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>	2021-10-05 09:54:11 +00:00
Nhi Pham	2273799677	SecurityPkg: Fix SecureBootDefaultKeysDxe failed to start The dbt and dbx keys are optional, the driver entry should return EFI_SUCCESS to start if they are not found in the firmware flash. This patch is to fix it and update the description of retval as well. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Grzegorz Bernacki <gjb@semihalf.com> Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com> Reviewed-by: Grzegorz Bernacki <gjb@semihalf.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-30 14:56:56 +00:00
Yang, Longlong	542cba73d2	SecurityPkg: Add debug log for indicating IBB verified OBB successfully REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3615 Debug message should be added for indicating IBB is successfully verifying the OBB. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min M Xu <min.m.xu@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Signed-off-by: Longlong Yang <longlong.yang@intel.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-09-18 08:57:46 +00:00
Stefan Berger	3b69fcf5f8	SecurityPkg: Add references to header and inf files to SecurityPkg Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-13 16:53:14 +00:00
Stefan Berger	2fa89c8e11	SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-13 16:53:14 +00:00
Stefan Berger	a4867dea2a	SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms Import Tcg2PlatformPei from edk2-platforms without any modifications. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-13 16:53:14 +00:00
Stefan Berger	f108178c56	SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy Introduce the new PCD gEfiSecurityPkgTokenSpaceGuid.PcdRandomizePlatformHierarchy. We need it for TpmPlatformHierarchyLib. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-13 16:53:14 +00:00
Stefan Berger	2906e572c6	SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-13 16:53:14 +00:00
Stefan Berger	ebbc8ab2cd	SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms Import Tcg2PlatformDxe from edk2-platforms without any modifications. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-13 16:53:14 +00:00
Stefan Berger	4d5f39cd22	SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-13 16:53:14 +00:00
Stefan Berger	610d8073f2	SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms Import PeiDxeTpmPlatformHierarchyLib from edk2-platforms without any modifications. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2021-09-13 16:53:14 +00:00
Michael Kubacki	edf8bc6d24	SecurityPkg/MemoryOverwriteControl: Add missing argument to DEBUG print REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3605 The error message is missing the argument for the status code print specifier. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2021-09-04 09:03:22 +00:00
Rodrigo Gonzalez del Cueto	3c6107758b	SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2855 The Tpm2GetCapabilitySupportedAndActivePcrs function prints a count number that should reflect the supported and currently active PCR banks, but the implementation in place displays instead the count of the supported PCR banks retrieved directly from the Tpm2GetCapabilityPcrs() TPML_PCR_SELECTION output. The counter should only take into account those PCRs banks which are active. Replaced usage of EFI_D_* for DEBUG_* definitions in debug messages. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-08-09 03:32:24 +00:00
Grzegorz Bernacki	55266a9b8a	SecurityPkg: Add option to reset secure boot keys. This commit add option which allows reset content of Secure Boot keys and databases to default variables. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Pete Batard <pete@akeo.ie> Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4	2021-08-03 07:26:41 +00:00
Grzegorz Bernacki	45f3dd2ce9	SecurityPkg: Add new modules to Security package. This commits adds modules and dependencies related to initialization and usage of default Secure Boot key variables to SecurityPkg. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Pete Batard <pete@akeo.ie> Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4	2021-08-03 07:26:41 +00:00
Grzegorz Bernacki	19107590b6	SecurityPkg: Add EnrollFromDefaultKeys application. This application allows user to force key enrollment from Secure Boot default variables. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com>	2021-08-03 07:26:41 +00:00
Grzegorz Bernacki	94e065582b	SecurityPkg: Add SecureBootDefaultKeysDxe driver This driver initializes default Secure Boot keys and databases based on keys embedded in flash. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com> Reviewed-by: Pete Batard <pete@akeo.ie> Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4 Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-08-03 07:26:41 +00:00
Grzegorz Bernacki	db959018b6	SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. This commit removes functions which were added to SecureBootVariableLib. It also adds dependecy on that library. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com>	2021-08-03 07:26:41 +00:00
Grzegorz Bernacki	9732659698	SecurityPkg: Create library for enrolling Secure Boot variables. This commits add library, which consist functions to enrolll Secure Boot keys and initialize Secure Boot default variables. Some of the functions was moved from SecureBootConfigImpl.c file. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-08-03 07:26:41 +00:00
Grzegorz Bernacki	bb806a6e88	SecurityPkg: Create SecureBootVariableLib. This commits add library, which consist helper functions related to creation/removal Secure Boot variables. Some of the functions was moved from SecureBootConfigImpl.c file. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-08-03 07:26:41 +00:00
Scottie Kuo	11b1c1d4b9	SecurityPkg: TcgStorageOpalLib: Initialize SupportedAttributes parameter. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3408 The value of SupportedAttributes in OpalGetSupportedAttributesInfo () is left undetermined, if the caller doesn't initialize it. Initialize it in the function entry. Signed-off-by: Scottie Kuo <scottie.kuo@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Maggie Chu <maggie.chu@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Jian J Wang <jian.j.wang@intel.com>	2021-06-15 08:43:25 +00:00
Rebecca Cran	4e5ecdbac8	SecurityPkg: Add support for RngDxe on AARCH64 AARCH64 support has been added to BaseRngLib via the optional ARMv8.5 FEAT_RNG. Refactor RngDxe to support AARCH64, note support for it in the VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc. Signed-off-by: Rebecca Cran <rebecca@nuviainc.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>	2021-05-11 16:26:05 +00:00
Jiaqi Gao	5396354b86	SecurityPkg: Add constraints on PK strength REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293 Add constraints on the key strength of enrolled platform key(PK), which must be greater than or equal to 2048 bit. PK key strength is required by Intel SDL and MSFT, etc. This limitation prevents user from using weak keys as PK. The original code to check the certificate file type is placed in a new function CheckX509Certificate(), which checks if the X.509 certificate meets the requirements of encode type, RSA-Key strengh, etc. Cc: Min Xu <min.m.xu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com> Reviewed-by: Min Xu <min.m.xu@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>	2021-04-26 16:24:32 +00:00
Wenyi Xie	99e7e48cc7	SecurityPkg/FvReportPei: remove redundant sizeof REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3333 In function InstallPreHashFvPpi, when calculating the size of struct HASH_INFO, sizeof is used twice. This bug does not lead to buffer overflow, "sizeof (HASH_INFO)" is 4, whereas "sizeof (sizeof (HASH_INFO))" is 4 or 8. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Acked-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-04-16 08:39:59 +00:00
Michael Kubacki	54211ab10f	SecurityPkg/Tcg2Smm: Initialize local Status variable REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3277 Initializes the Status variable in TcgMmReadyToLock(). Fixes a Clang build failure: Tcg2Smm.c - SecurityPkg\Tcg\Tcg2Smm\Tcg2Smm.c:254:7: error: variable 'Status' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] Initializing this variable is required to address a practical scenario in which the return value of TcgMmReadyToLock() is undefined based on conditional evaluation in the function. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Kun Qin <kun.q@outlook.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>	2021-04-13 01:57:43 +00:00
Dandan Bi	0d03ffc766	SecurityPkg: Consume MdeLibs.dsc.inc for RegisterFilterLib REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3246 MdeLibs.dsc.inc was added for some basic/default library instances provided by MdePkg and RegisterFilterLibNull Library was also added into it as the first version of MdeLibs.dsc.inc. So update platform dsc to consume MdeLibs.dsc.inc for RegisterFilterLibNull which will be consumed by IoLib and BaseLib. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-03-31 05:47:10 +00:00
Kun Qin	59a3ccb09e	SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region This changes added usage of MmUnblockMemoryLib to explicitly request allocated NVS region to be accessible from MM environment. It will bring in compatibility with architectures that supports full memory blockage inside MM. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <MWHPR06MB31026F3F8C3FAA39D74CE4BAF3969@MWHPR06MB3102.namprd06.prod.outlook.com>	2021-03-05 15:25:07 +00:00
Kun Qin	8802583c48	SecurityPkg: Tcg2Smm: Added support for Standalone Mm https://bugzilla.tianocore.org/show_bug.cgi?id=3169 This change added Standalone MM instance of Tcg2. The notify function for Standalone MM instance is left empty. A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid was created to indicate the readiness of Standalone MM Tcg2 driver. Lastly, the support of CI build for Tcg2 Standalone MM module is added. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <MWHPR06MB3102C3F99CBADFCC5F8A821CF3969@MWHPR06MB3102.namprd06.prod.outlook.com>	2021-03-05 15:25:07 +00:00
Kun Qin	3c2dc30d1b	SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3169 This change separated the original Tcg2Smm module into 2 drivers: the SMM driver that registers callback for physical presence and memory clear; the Tcg2Acpi driver that patches and publishes ACPI table for runtime use. Tcg2Smm introduced an SMI root handler to allow Tcg2Acpi to communicate the NVS region used by Tpm.asl and exchange the registered SwSmiValue. Lastly, Tcg2Smm driver will publish gTcg2MmSwSmiRegisteredGuid at the end of entrypoint to ensure Tcg2Acpi to load after Tcg2Smm is ready to communicate. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <MWHPR06MB310295CC623EF7C062844DFFF3969@MWHPR06MB3102.namprd06.prod.outlook.com>	2021-03-05 15:25:07 +00:00
Kun Qin	e2d6833c11	SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst This change replaced gSmst with gMmst to support broader compatibility under MM environment for Tcg2Smm driver. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <MWHPR06MB310218F28C7AAF8DB375E963F3969@MWHPR06MB3102.namprd06.prod.outlook.com>	2021-03-05 15:25:07 +00:00
Kun Qin	7a56650e2e	SecurityPkg: Tpm2DeviceLibDTpm: Introduce StandaloneMm instance This change added a new instance of Tpm2DeviceLibDTpm to support drivers of type MM_STANDALONE. It abstracts dynamic Pcd access into separate file for different instances to avoid dynamic usage for StandaloneMm modules. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-02-01 10:03:35 -08:00
Kun Qin	44ac44a269	SecurityPkg: Tcg2PpVendorLibNull: Added support for MM_STANDALONE type This change extends this null instance of Tcg2PpVendorLib to support MM_STANDALONE drivers. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-02-01 10:03:35 -08:00
Kun Qin	4593925505	SecurityPkg: Tcg2PhysicalPresenceLib: Introduce StandaloneMm instance This change added a new instance of Tcg2PhysicalPresenceLib to support MM_STANDALONE type drivers. It centralizes the common routines into shared files and abstract the library constructor into corresponding files to implement each constructor function prototypes. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kun.q@outlook.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2021-02-01 10:03:35 -08:00
gaoliming	e9d62effa3	Revert "SecurityPkg: Add RPMC Index to the RpmcLib" This reverts commit `6c8dd15c4a`. Based on the discussion https://edk2.groups.io/g/devel/message/67764, this change is regarded as the feature request. But, it doesn't pass reviewed before 202011 stable tag soft feature freeze. So, it should not be merged into 202011 stable tag. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Liming Gao <gaoliming@byosoft.com.cn> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2020-11-26 01:22:29 +00:00
Nishant Mistry	6c8dd15c4a	SecurityPkg: Add RPMC Index to the RpmcLib REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 The re-design requires multiple RPMC counter usages. The consumer will be capable of selecting amongst multiple counters. Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2020-11-19 08:18:03 +00:00
Gao, Zhichao	fedd32d82f	SecurityPkg/Hash2DxeCrypto: Remove SHA1 support REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027 Remove the deprecated SHA1 support of Hash2DxeCrypto driver. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <20201112055558.2348-3-zhichao.gao@intel.com>	2020-11-17 19:26:50 +00:00
Gao, Zhichao	0a1b6d0be3	SecurityPkg/Hash2DxeCrypto: Remove MD5 support REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3027 Remove the deprecated MD5 support of Hash2DxeCrypto driver. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Message-Id: <20201112055558.2348-2-zhichao.gao@intel.com>	2020-11-17 19:26:50 +00:00
Bret Barkelew	28f4616fde	SecurityPkg: Allow VariablePolicy state to delete authenticated variables https://bugzilla.tianocore.org/show_bug.cgi?id=2522 Causes AuthService to check IsVariablePolicyEnabled() before enforcing write protections to allow variable deletion when policy engine is disabled. Only allows deletion, not modification. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Bret Barkelew <brbarkel@microsoft.com> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com> Acked-by: Jian J Wang <jian.j.wang@intel.com>	2020-11-17 01:03:43 +00:00
Terry Lee	709b163940	SecurityPkg/Tcg2PhysicalPresenceLib: Fix incorrect TCG VER comparision REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2697 Tcg2PhysicalPresenceLibConstructor set the module variable mIsTcg2PPVerLowerThan_1_3 with incorrect TCG version comparision. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2020-10-18 01:14:43 +00:00
Qi Zhang	7bcb021a6d	SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuid REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2963 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2020-09-16 05:16:02 +00:00
Zhichao Gao	cdfc7ed34f	SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2943 Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. SHA1 is deprecated function and the MACRO is used to remove the whole implementation of the SHA1. For the platforms that do not need SHA1 for security, the MACRO should works for DxeImageVerificationLib as well. Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2020-09-07 02:38:42 +00:00
Laszlo Ersek	0b143fa43e	SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562) The DxeImageVerificationHandler() function currently checks whether "SecDataDir" has enough room for "WinCertificate->dwLength". However, for advancing "OffSet", "WinCertificate->dwLength" is aligned to the next multiple of 8. If "WinCertificate->dwLength" is large enough, the alignment will return 0, and "OffSet" will be stuck at the same value. Check whether "SecDataDir" has room left for both "WinCertificate->dwLength" and the alignment. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200901091221.20948-4-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2020-09-02 10:16:18 +00:00
Laszlo Ersek	a7632e913c	SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size check Currently the (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) check only guards the de-referencing of the "WinCertificate" pointer. It does not guard the calculation of the pointer itself: WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet); This is wrong; if we don't know for sure that we have enough room for a WIN_CERTIFICATE, then even creating such a pointer, not just de-referencing it, may invoke undefined behavior. Move the pointer calculation after the size check. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200901091221.20948-3-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2020-09-02 10:16:18 +00:00
Laszlo Ersek	503248ccdf	SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, SecDataDirLeft The following two quantities: SecDataDir->VirtualAddress + SecDataDir->Size SecDataDir->VirtualAddress + SecDataDir->Size - OffSet are used multiple times in DxeImageVerificationHandler(). Introduce helper variables for them: "SecDataDirEnd" and "SecDataDirLeft", respectively. This saves us multiple calculations and significantly simplifies the code. Note that all three summands above have type UINT32, therefore the new variables are also of type UINT32. This patch does not change behavior. (Note that the code already handles the case when the SecDataDir->VirtualAddress + SecDataDir->Size UINT32 addition overflows -- namely, in that case, the certificate loop is never entered, and the corruption check right after the loop fires.) Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200901091221.20948-2-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2020-09-02 10:16:18 +00:00
Zhiguang Liu	46db105b7b	SecurityPkg: Initailize variable Status before it is consumed. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2945 V2: Move "Status = EFI_SUCCESS;" before the EDKII_TCG_PRE_HASH check. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com> Message-Id: <20200901005505.1722-1-zhiguang.liu@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>	2020-09-01 16:11:24 +00:00

1 2 3 4 5 ...

857 Commits