sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
24,568 Commits 13 Branches 33 Tags
d637282efea71c8b9e3b0a9afb4be0f15a8fe52f
Commit Graph

51 Commits

Author SHA1 Message Date
Liming Gao
b3548d32dd SecurityPkg: Clean up source files 
1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Liming Gao <liming.gao@intel.com>
 2018-06-28 11:19:50 +08:00
Hao Wu
4333b99d28 SecurityPkg: Refine type cast for pointer subtraction 
For pointer subtraction, the result is of type "ptrdiff_t". According to
the C11 standard (Committee Draft - April 12, 2011):

"When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements. The
size of the result is implementation-defined, and its type (a signed
integer type) is ptrdiff_t defined in the <stddef.h> header. If the result
is not representable in an object of that type, the behavior is
undefined."

In our codes, there are cases that the pointer subtraction is not
performed by pointers to elements of the same array object. This might
lead to potential issues, since the behavior is undefined according to C11
standard.

Also, since the size of type "ptrdiff_t" is implementation-defined. Some
static code checkers may warn that the pointer subtraction might underflow
first and then being cast to a bigger size. For example:

UINT8  *Ptr1, *Ptr2;
UINTN  PtrDiff;
...
PtrDiff = (UINTN) (Ptr1 - Ptr2);

The commit will refine the pointer subtraction expressions by casting each
pointer to UINTN first and then perform the subtraction:

PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2;

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
 2017-03-06 14:15:36 +08:00
Zhang, Chao B
5b196b06b2 SecurityPkg: DxeImageVerificationLib: Update PCR[7] measure logic 
Update PCR[7] measure logic according to TCG PC Client PFP 00.37.
Only entries in DB that is used for image authentication need to be
measured.
http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
 2017-01-22 13:02:46 +08:00
Liming Gao
89fb5aef41 SecurityPkg DxeImageVerificationLib: Add comments in HashPeImage() 
The input PeImage in HashPeImage() has been checked.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
 2016-07-14 15:04:54 +08:00
Cinnamon Shia
531c89a1ed SecurityPkg/DxeImageVerificationLib: Add DEBUG messages for image verification failures 
Add DEBUG messages in DxeImageerificationLib to help debug Secure Boot image verification failures

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Samer EL-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
 2016-05-19 11:01:10 +08:00
Zhang, Chao B
560ac77ea1 SecurityPkg: AuthVariableLib: Remove Customized SecureBoot Mode transition. 
Remove Customized SecureBoot Mode transition logic for Mantis 1263, including AuditMode/DeployedMode/PK update management.
  Also remove image verification logic in AuditMode.
The feature has been moved to
  https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
  SHA-1: 4fc08e8d68

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
 2016-05-04 09:13:49 +08:00
Zhang, Chao B
91422384d5 SecuritPkg: DxeImageVerificationLib: Fix wrong verification logic in DBX & DBT 
In image verification, if image verified pass in DBT, still need to verify if it is blocked by any other cert/cert hash from DBX.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dick Wilkins <dick_wilkins@phoenix.com>
 2016-04-29 10:48:07 +08:00
Chao Zhang
4fc08e8d68 SecurityPkg: AuthVariableLib: Customized SecureBoot Mode transition. 
Implement Customized SecureBoot Mode transition logic according to Mantis 1263, including AuditMode/DeployedMode/PK update management.
  Also implement image verification logic in AuditMode. Image Certificate & Hash are recorded to EFI Image Execution Table.
  https://mantis.uefi.org/mantis/view.php?id=1263

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19133 6f19259b-4bc3-4df7-8a09-765794883524
 2015-12-07 06:20:02 +00:00
Chao Zhang
13a220a998 SecurityPkg: Update SignatureSize to comply UEFI spec 
Update SignatureSize to include SignatureOwner GUID. This behavior is defined by UEFI spec

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18226 6f19259b-4bc3-4df7-8a09-765794883524
 2015-08-17 02:50:26 +00:00
Chao Zhang
1ca3a09938 SecurityPkg: Fix DBX Variable Read Error in ImageVerificationLib 
ImageVerificationLib passes wrong data buffer size when reading DBX variable, causing heap crash.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17981 6f19259b-4bc3-4df7-8a09-765794883524
 2015-07-15 02:13:48 +00:00
Liming Gao
3cd2484e3a SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySize 
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment
Signature field. So, its structure doesn't include Signature field. But,
ImageExeInfoEntrySize uses its structure size minor Signature size. It
will be corrected in this change.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17687 6f19259b-4bc3-4df7-8a09-765794883524
 2015-06-23 10:48:30 +00:00
Chao Zhang
d863e127a2 SecurityPkg: Fix wrong cert data measurement in DBX path 
Fix wrong cert data measurement when image is rejected by DBX

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17591 6f19259b-4bc3-4df7-8a09-765794883524
 2015-06-09 05:20:06 +00:00
Shumin Qiu
69f8bb5288 SecurityPkg: Fix typo. 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Shumin Qiu <shumin.qiu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>



git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17047 6f19259b-4bc3-4df7-8a09-765794883524
 2015-03-13 08:25:27 +00:00
Long, Qin
3f63bc365d Add the missed local variable initialization to remove the possible warning. 
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16763 6f19259b-4bc3-4df7-8a09-765794883524
 2015-02-05 05:37:10 +00:00
Long, Qin
27c93c06c0 Correct the DBX and Certificate Hash Checking. 
Add the missed image signature verification against DBX;
and add the missed logic to enhance the certificate hash checking when handling DB database.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16744 6f19259b-4bc3-4df7-8a09-765794883524
 2015-02-04 08:19:53 +00:00
Long, Qin
12d95665cb Correct the Hash Calculation for Revoked X.509 Certificate to align with RFC3280 and UEFI 2.4 Spec. 
This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, 
and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Long, Qin" <qin.long@intel.com>
Reviewed-by: "Dong, Guo" <guo.dong@initel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
 2014-12-25 08:37:08 +00:00
Dong Guo
5789fe3587 correct a data type error. 
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Dong Eric <eric.dong@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16498 6f19259b-4bc3-4df7-8a09-765794883524
 2014-12-11 06:34:57 +00:00
Dong Guo
213cc1000e Add failed image Name in the Image Execution Information Table. 
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16493 6f19259b-4bc3-4df7-8a09-765794883524
 2014-12-10 08:09:20 +00:00
Qin Long
7e0699c06e Code clean-up to eliminate potential "dereferenced pointer" warning. 
Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16468 6f19259b-4bc3-4df7-8a09-765794883524
 2014-12-03 07:40:32 +00:00
Qin Long
2bf41ed7dc Correct the alignment calculation of PE/COFF attribute certificate entry. 
This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot.

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449 6f19259b-4bc3-4df7-8a09-765794883524
 2014-11-26 08:21:54 +00:00
Qin Long
20333c6d56 UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot 
Main ChangeLogs includes:
1. Introduce the new GUID and structure definitions for certificate hash and timestamp support;
2. Update Image Verification Library to support DBT signature checking;
3. Update the related SecureBoot Configuration Pages;

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Qin Long <qin.long@intel.com> 
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
 2014-11-14 08:41:12 +00:00
Eric Dong
1fee5304db Refine code to make it more safely. 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>




git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15590 6f19259b-4bc3-4df7-8a09-765794883524
 2014-06-25 06:00:49 +00:00
Dong, Guo
ffccb935fa Update code to always publish EFI_IMAGE_EXECUTION_INFO_TABLE. 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Zhang, Chao B <chao.b.zhang@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15585 6f19259b-4bc3-4df7-8a09-765794883524
 2014-06-25 02:02:22 +00:00
Fu Siyuan
68fc0c7319 Update DEC file and DxeImageVerificationLib to note user that ALLOW_EXECUTE_ON_SECURITY_VIOLATION is no longer supported. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong, Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14923 6f19259b-4bc3-4df7-8a09-765794883524
 2013-12-02 07:52:35 +00:00
jyao1
c1d932429e Add TPM2 implementation. 
signed off by: jiewen.yao@intel.com
reviewed by: guo.dong@intel.com

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14687 6f19259b-4bc3-4df7-8a09-765794883524
 2013-09-18 05:31:18 +00:00
Fu Siyuan
db44ea6c4e 1. Change default PCD in SecurityPkg to 4 (DENY_EXECUTE) in DEC file. 
2. ASSERT if PCD value is set to 5 (QUERY_USER_ON_SECURITY_VIOLATION).
3. Update override PCD setting from 5 to 4 in platform DSC file.
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14607 6f19259b-4bc3-4df7-8a09-765794883524
 2013-08-28 09:06:40 +00:00
sfu5
0ba17ade47 Fix a bug that “SecureBoot” varaible will be updated to NV+AT attribute incorrectly. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375 6f19259b-4bc3-4df7-8a09-765794883524
 2013-05-17 08:05:01 +00:00
sfu5
7403ff5b9f Fix a bug that IsSignatureFoundInDatabase() incorrectly computes CertCount. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14165 6f19259b-4bc3-4df7-8a09-765794883524
 2013-03-06 01:42:04 +00:00
sfu5
6de4c35f99 Update the DxeImageVerificationLib to support for Authenticode-signed UEFI images with multiple signatures. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14141 6f19259b-4bc3-4df7-8a09-765794883524
 2013-02-21 05:00:21 +00:00
sfu5
b3d4217001 Add a NULL string to the Image Execution Information Table if the Name is NULL in function AddImageExeInfo(). 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13990 6f19259b-4bc3-4df7-8a09-765794883524
 2012-12-12 03:03:07 +00:00
tye1
64470c17df Remove useless MD5 OID ASN.1 value from DxeImageVerificationLib. 
Signed-off-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13854 6f19259b-4bc3-4df7-8a09-765794883524
 2012-10-17 02:26:11 +00:00
sfu5
84bce75b08 Check the value of Hdr.dwLength for signed EFI image before image validation. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13701 6f19259b-4bc3-4df7-8a09-765794883524
 2012-09-06 02:15:59 +00:00
sfu5
f6f9031f8e Update the DxeImageVerificationLib to handle the signed image which CertType is set to EFI_CERT_TYPE_PKCS7_GUID. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13672 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-23 07:55:35 +00:00
lgao4
5db28a6753 Add PI1.2.1 SAP2 support and UEFI231B mantis 896 
1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2

Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Guo Dong <dong.guo@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-22 02:33:00 +00:00
sfu5
50fe73a1aa 1. Remove the code path which use X509 cert in KEK to validate PKCS7 signed image. 
2. Remove the code path to validate UEFI image signed by RSA2048 key.
3. Disable the ALLOW_EXECUTE/DEFER_EXECUTE/QUERY_USER policy PCD.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Ye Ting  <ting.ye@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13636 6f19259b-4bc3-4df7-8a09-765794883524
 2012-08-15 01:39:43 +00:00
sfu5
3277a4e5ed Fix a bug in DxeImageVerificationLib which will pass incorrect trust cert size to AuthenticodeVerify() function. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13526 6f19259b-4bc3-4df7-8a09-765794883524
 2012-07-12 01:13:37 +00:00
sfu5
8f8ca22e59 1. Reset system when user changes secure boot state in secure boot configuration form. 
2. Update the method to detect secure boot state in DxeImageVerificationLib and secure boot configuration driver.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13505 6f19259b-4bc3-4df7-8a09-765794883524
 2012-07-05 08:08:12 +00:00
jyao1
dc204d5a0f Add comment for modules which have external input. 
signed-off-by: jiewen.yao@intel.com
reviewed-by: guo.dong@intel.com
reviewed-by: ting.ye@intel.com
reviewed-by: liming.gao@intel.com
reviewed-by: elvin.li@intel.com



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13446 6f19259b-4bc3-4df7-8a09-765794883524
 2012-06-12 08:28:43 +00:00
sfu5
de2447dd4c Fix compatibility issue when using IPF image with PE32 magic value in the OptionalHeader. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13433 6f19259b-4bc3-4df7-8a09-765794883524
 2012-06-08 02:09:48 +00:00
ydong10
f01b91ae42 Fixed build failed. 
Signed-off-by: Eric Dong <eric.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13406 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-31 08:35:48 +00:00
ydong10
bf4a3dbd47 Add new interface GetVariable2 and GetEfiGlobalVariable2 to return more info. Also replace old interface with new one. 
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13375 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-30 07:36:00 +00:00
sfu5
4ef15e6e33 Fix a bug in DxeImageVerificationLib to use the correct certificate length when verifying a signed EFI image. 
Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13364 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-28 04:51:53 +00:00
tye1
badd40f9d4 Removes redundant code and adds data size check for certificate data in DxeImageVerificationLib. 
Signed-off by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Dong Eric <yong.dong@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13291 6f19259b-4bc3-4df7-8a09-765794883524
 2012-05-08 02:53:49 +00:00
tye1
551d808116 Enhances PE image hash algorithm in DxeImageVerificationLib and DxeTpmMeasureBootLib. 
Signed-off-by: Ye Ting<ting.ye@intel.com>
Reviewed by: Dong, Eric <yong.dong@intel.com>
Reviewed by: Dong, Guo <guo.dong@intel.com>



git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13228 6f19259b-4bc3-4df7-8a09-765794883524
 2012-04-28 07:48:15 +00:00
ydong10
e0192326ae Patch include: 
1.Change function name to avoid name conflict.
2.Refine check for Pe Image.

Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13220 6f19259b-4bc3-4df7-8a09-765794883524
 2012-04-26 01:50:34 +00:00
ydong10
28186d4566 Validate some fields in PE image to make sure not access violation for later code. 
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13211 6f19259b-4bc3-4df7-8a09-765794883524
 2012-04-24 03:00:32 +00:00
sfu5
bd0de3963b 1. Add more error handling code to DxeImageVerificationLib and BaseCryptLib. 
Signed-off-by: sfu5
Reviewed-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13109 6f19259b-4bc3-4df7-8a09-765794883524
 2012-03-19 05:10:46 +00:00
xdu2
45bf2c4789 SecurityPkg: Update DxeImageVerificationLib with following changes: 
1. Update to check image digest against dbx before execute it.
2. Update to support revoke certificate.
3. Update to support enroll unsigned PE image's Hash to allowed database (db). (Note: Unsigned Image's Hash is calculated in the same way with authenticode, the algorithm is assumed to be SHA256.)

Signed-off-by: xdu2
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12598 6f19259b-4bc3-4df7-8a09-765794883524
 2011-10-28 09:54:08 +00:00
qianouyang
beda2356f5 Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is under Setup browser. 
Signed-off-by: qianouyang
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
 2011-10-28 03:46:20 +00:00
hhuan13
570b3d1a72 1. Enhance DxeImageVerificationLib to avoid some corrupted input. 
Signed-off-by: hhuan13
Reviewed-by: qlong


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12399 6f19259b-4bc3-4df7-8a09-765794883524
 2011-09-21 05:23:55 +00:00