system76-edk2

Author	SHA1	Message	Date
Doug Flick	326db0c907	SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117/4118 symbol rename Updates the sanitation function names to be lib unique names Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Message-Id: <355aa846a99ca6ac0f7574cf5982661da0d9fea6.1705529990.git.doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>	2024-01-18 19:25:14 +00:00
Douglas Flick [MSFT]	0d341c01ee	SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4118 - CVE 2022-36764 This commit contains the patch files and tests for DxeTpmMeasureBootLib CVE 2022-36764. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2024-01-16 07:56:38 +00:00
Douglas Flick [MSFT]	4776a1b39e	SecurityPkg: DxeTpmMeasureBootLib: SECURITY PATCH 4117 - CVE 2022-36763 This commit contains the patch files and tests for DxeTpmMeasureBootLib CVE 2022-36763. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>	2024-01-16 07:56:38 +00:00
Michael Kubacki	c411b485b6	SecurityPkg: Apply uncrustify changes REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the SecurityPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-12-07 17:24:28 +00:00
Michael D Kinney	12710fe93b	SecurityPkg: Change OPTIONAL keyword usage style REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760 Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-12-07 17:24:28 +00:00
Michael D Kinney	e905fbb05a	SecurityPkg: Change use of EFI_D_* to DEBUG_* REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3739 Update all use of EFI_D_* defines in DEBUG() macros to DEBUG_* defines. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2021-12-07 17:24:28 +00:00
Guomin Jiang	1755932f89	SecurityPkg/TPM: measure UEFI images without associated device paths again REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652 DxeTpm2MeasureBootHandler() and DxeTpmMeasureBootHandler() functions may receive a FileBuffer argument that is not associated with any particular device path (e.g., because the UEFI image has not been loaded from any particular device path). Therefore rejecting (File==NULL) at the top of the function is invalid. Fixes: `4b026f0d5a` Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2020-04-22 01:55:34 +00:00
Antoine Coeur	fc70522ffe	SecurityPkg: Fix few typos Fix few typos in comments and documentation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-63-philmd@redhat.com>	2020-02-10 22:30:07 +00:00
Philippe Mathieu-Daudé	4b026f0d5a	SecurityPkg: Fix incorrect return value when File is NULL The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype can not return EFI_INVALID_PARAMETER. The prototype documentation states it returns EFI_ACCESS_DENIED if: "The file specified by File and FileBuffer did not authenticate, and the platform policy dictates that the DXE Foundation may not use File." Correct the documentation, and add a early check, returning EFI_ACCESS_DENIED when File is NULL. Noticed while reviewing commit `6d57592740`. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2020-02-10 07:09:47 +00:00
Sean Brogan	d6b926e76e	SecurityPkg: Fix spelling errors https://bugzilla.tianocore.org/show_bug.cgi?id=2265 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2019-10-23 10:23:23 -07:00
Michael D Kinney	289b714b77	SecurityPkg: Replace BSD License with BSD+Patent License https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>	2019-04-09 10:58:23 -07:00
Ard Biesheuvel	f199664ce7	SecurityPkg: remove PE/COFF header workaround for ELILO on IPF Now that Itanium support has been dropped, we can remove the various occurrences of the ELILO on Itanium PE/COFF header workaround. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>	2018-09-20 22:01:50 +08:00
Liming Gao	b3548d32dd	SecurityPkg: Clean up source files 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com>	2018-06-28 11:19:50 +08:00
Hao Wu	4333b99d28	SecurityPkg: Refine type cast for pointer subtraction For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 Ptr1, Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>	2017-03-06 14:15:36 +08:00
Hao Wu	965268ea6d	SecurityPkg: Use IsZeroGuid API for zero GUID checking Instead of comparing a GUID with gZeroGuid via the CompareGuid API, the commit uses the IsZeroGuid API to check if the given GUID is a zero GUID. Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>	2016-08-31 11:15:13 +08:00
Liming Gao	e39d0569a6	SecurityPkg DxeTpmMeasureBootLib: Add comments in TcgMeasurePeImage() The input PeImage in TcgMeasurePeImage() has been checked. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>	2016-07-14 15:05:40 +08:00
Eric Dong	a00bd8e0e6	DxeTpmMeasureBootLib: Change global variable name to avoid name conflict. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19334 6f19259b-4bc3-4df7-8a09-765794883524	2015-12-18 00:53:25 +00:00
Hao Wu	dd4c164c81	SecurityPkg: Remove mZeroGuid definition in DxeTpmMeasureBootLib MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the mZeroGuid defined in DxeTpmMeasureBootLib is redundant. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17844 6f19259b-4bc3-4df7-8a09-765794883524	2015-07-07 03:04:18 +00:00
Yao, Jiewen	6f785cfcc3	Handle TPM device error and avoid deadloop in BDS. If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled. Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524	2015-01-12 03:21:00 +00:00
Eric Dong	7a1f792dcf	Check the input file pointer before use it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Guo, Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15412 6f19259b-4bc3-4df7-8a09-765794883524	2014-03-28 05:51:51 +00:00
Ruiyu Ni	863986b3c8	Update all the code to consume the ConvertDevicePathToText, ConvertDevicePathNodeToText, ConvertTextToDevicePath and ConvertTextToDeviceNode APIs in DevicePathLib. Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Elvin Li <elvin.li@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14505 6f19259b-4bc3-4df7-8a09-765794883524	2013-07-26 03:14:08 +00:00
gdong1	772b601158	Update code not to block application/driver load when event log is full. Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14283 6f19259b-4bc3-4df7-8a09-765794883524	2013-04-18 01:47:34 +00:00
czhang46	0758c830f7	Rename Trusted Hob to Measured FV hob and add Guided Hob layout structure Signed-off-by : Chao Zhang<chao.b.zhang@intel.com> Reviewed-by : Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13762 6f19259b-4bc3-4df7-8a09-765794883524	2012-09-28 00:57:02 +00:00
czhang46	6dbdb1914d	Fix compile error Signed-off-by : Chao Zhang <chao.b.zhang@intel.com> Reviewed-by : Eric Dong <Eric.Dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13717 6f19259b-4bc3-4df7-8a09-765794883524	2012-09-12 01:23:04 +00:00
czhang46	2aadc9205b	Enable TPM measurement lib to measure all PE image from a FV unmeasured by TcgPei Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by : Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13714 6f19259b-4bc3-4df7-8a09-765794883524	2012-09-11 02:26:50 +00:00
lgao4	4dbb98ab16	Add check for DevicePathNode. Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13690 6f19259b-4bc3-4df7-8a09-765794883524	2012-08-29 05:10:30 +00:00
lgao4	5db28a6753	Add PI1.2.1 SAP2 support and UEFI231B mantis 896 1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Guo Dong <dong.guo@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661 6f19259b-4bc3-4df7-8a09-765794883524	2012-08-22 02:33:00 +00:00
jyao1	dc204d5a0f	Add comment for modules which have external input. signed-off-by: jiewen.yao@intel.com reviewed-by: guo.dong@intel.com reviewed-by: ting.ye@intel.com reviewed-by: liming.gao@intel.com reviewed-by: elvin.li@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524	2012-06-12 08:28:43 +00:00
sfu5	de2447dd4c	Fix compatibility issue when using IPF image with PE32 magic value in the OptionalHeader. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13433 6f19259b-4bc3-4df7-8a09-765794883524	2012-06-08 02:09:48 +00:00
gdong1	2ea3b92055	Enhance GPT measurement to be able to handle different partition entry size. Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13422 6f19259b-4bc3-4df7-8a09-765794883524	2012-06-01 08:06:37 +00:00
tye1	551d808116	Enhances PE image hash algorithm in DxeImageVerificationLib and DxeTpmMeasureBootLib. Signed-off-by: Ye Ting<ting.ye@intel.com> Reviewed by: Dong, Eric <yong.dong@intel.com> Reviewed by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13228 6f19259b-4bc3-4df7-8a09-765794883524	2012-04-28 07:48:15 +00:00
ydong10	e0192326ae	Patch include: 1.Change function name to avoid name conflict. 2.Refine check for Pe Image. Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13220 6f19259b-4bc3-4df7-8a09-765794883524	2012-04-26 01:50:34 +00:00
ydong10	28186d4566	Validate some fields in PE image to make sure not access violation for later code. Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13211 6f19259b-4bc3-4df7-8a09-765794883524	2012-04-24 03:00:32 +00:00
gdong1	65cc57fc41	Remove ASSERT to let DXE core return gracefully when loading an invalid image. Signed-off-by: gdong1 Reviewed-by: jyao1 Reviewed-by: CZhang46 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13035 6f19259b-4bc3-4df7-8a09-765794883524	2012-02-27 02:33:20 +00:00
gdong1	0c18794ea4	Add security package to repository. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524	2011-09-02 07:49:32 +00:00

35 Commits