sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
29,030 Commits 13 Branches 33 Tags
e8f28b09e63dfdbb4169969a43c65f86c44b035a
Commit Graph

11 Commits

Author SHA1 Message Date
Gao, Zhichao
e6a12a0fc8 CryptoPkg: Make the MD5 disable as default for security 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3021

Make the deprecated MD5 disable as default setting for
security.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Message-Id: <20201112055558.2348-14-zhichao.gao@intel.com>
 2020-11-17 19:26:50 +00:00
Zhichao Gao
0f01cec52f CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated SHA1 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682

SHA1 is deprecated but it is required for compatible issue.
So add a MARCO for the platform to disable the usage of SHA1 for
security.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-06-29 05:25:55 +00:00
Zhichao Gao
acfd555795 CryptoPkg/BaseCryptLib: Add MARCO to disable the deprecated MD5 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1682

MD5 is deprecated but it is required for compatible issue.
So add a MARCO for the platform to disable the usage of MD5 for
security.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-06-29 05:25:55 +00:00
Zhichao Gao
c812d3209c CryptoPkg/BaseCryptLib: Retire HMAC SHA1 algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

HMAC SHA1 is not secure any longer.
Remove the HMAC SHA1 support from edk2.
Change the HMAC SHA1 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
 2020-05-15 07:22:36 +00:00
Zhichao Gao
b6174e2d09 CryptoPkg/BaseCryptLib: Retire HMAC MD5 algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

HMAC MD5 is not secure any longer.
Remove the HMAC MD5 support from edk2.
Change the HMAC MD5 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
 2020-05-15 07:22:36 +00:00
Zhichao Gao
80e28dcec8 CryptoPkg/BaseCryptLib: Retire Aes Ecb mode algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

Aes Ecb mode is not secure any longer.
Remove the Aes Ecb mode support from edk2.
Change the Aes Ecb mode field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
 2020-05-15 07:22:36 +00:00
Zhichao Gao
b8af2c9eda CryptoPkg/BaseCryptLib: Retire the TDES algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

TDES is not secure any longer.
Remove the Tdes support from edk2.
Change the Tdes field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
 2020-05-15 07:22:36 +00:00
Zhichao Gao
c22a32e1ab CryptoPkg/BaseCryptLib: Retire ARC4 algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

ARC4 is not secure any longer.
Remove the ARC4 support from edk2.
Change the ARC4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
 2020-05-15 07:22:36 +00:00
Zhichao Gao
0a6fc3d067 CryptoPkg/BaseCrpytLib: Retire MD4 algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

MD4 is not secure any longer.
Remove the MD4 support from edk2.
Change the MD4 field name in EDKII_CRYPTO_PROTOCOL to indicate the
function is unsupported any longer.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
 2020-05-15 07:22:36 +00:00
Zhichao Gao
aaa90aacaf CryptoPkg/CryptoDxe: Add function to indicate the deprecated algorithm 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1898

Add a internal worker function to indicate the deprecated functions.
It would print out debug messages and asserts to inform the consumer
they are using a deprecated function.
Change the Name of BaseCryptLibServciceNotEnabled to correct spelling
BaseCryptLibServiceNotEnabled.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
 2020-05-15 07:22:36 +00:00
Michael D Kinney
cc1d13c922 CryptoPkg/Driver: Add Crypto PEIM, DXE, and SMM modules 
https://bugzilla.tianocore.org/show_bug.cgi?id=2420

Based on the following package with changes to merge into
CryptoPkg.

https://github.com/microsoft/mu_plus/tree/dev/201908/SharedCryptoPkg

Add the CryptoPei, CryptoDxe, and CryptoSmm modules that produce
EDK II Crypto Protocols/PPIs that provide the same services as
the BaseCryptLib class.

In order to optimize the size of CryptoPei, CryptoDxe, and
CryptoSmm modules for a specific platform, the FixedAtBuild
PCD gEfiCryptoPkgTokenSpaceGuid.PcdCryptoServiceFamilyEnable
is used to determine if a specific service is enabled or
disabled.  If a service is enabled, then a call is made to
the BaseCryptLib service.  If the service is disabled, then
a DEBUG() message and ASSERT() are performed and a default
return value is returned.  This provides simple detection
of a service that is disabled but is used by another module
when DEBUG()/ASSERT() macros are enabled.

The use of a FixedAtBuild PCD is required so the compiler
and linker know each services enable/disable setting at
build time and allows disabled services to be optimized away.

CryptoPei supports both pre-mem and post-mem use cases.
If CryptoPei is initially dispatched pre-mmem, the the
register for shadow service is used so the Crypto PPI can
be reinstalled post-mem.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
 2020-02-07 16:32:13 +00:00