summaryrefslogtreecommitdiff
path: root/SecurityPkg/VariableAuthenticated/Pei
AgeCommit message (Collapse)Author
2013-07-03SecurityPkg: Variable drivers robustly handle crashes during Reclaim().Star Zeng
PEI variable implementation checks only the variable header signature for validity. This does not seem robust if system crash occurred during previous Reclaim() operation. If the crash occurred while FTW was rewriting the variable FV, the signature could be valid even though the rest of the FV isn't valid. Solution: PEI variable and early phase(before FTW protocol ready) of DXE variable can check the FTW last write status provided by FaultTolerantWritePei and determine if all or partial variable data has been backed up in spare block, and then use the backed up data. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14455 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-25Variables with state VAR_ADDED&VAR_IN_DELETED_TRANSITION should be ↵lzeng14
considered as valid variables if there is no duplicated ones with VAR_ADDED state. Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14085 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13SecurityPkg/VariableAuthenticated: Check if there is a NV Variable Storage ↵oliviermartin
header prior to use its attributes The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at the base address. In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength' is a non valid value that can lead to a non valid physical address when accessing produces an access error. Signed-off-by: oliviermartin Reviewed-by: rsun3 Reviewed-by: niruiyu git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28SecurityPkg: Update VariableAuthenticated driver with following changes:xdu2
1. Remove memory allocation code in runtime. 2. Exclude NULL terminator in VariableName for serialization data in time-based variable authentication. 3. Add support for enroll PK with WRITE_ACCESS attribute. 4. Initialize SetupMode variable with correct NV attribute. 5. Add support for APPEND_WRITE attribute for non-existing Variable. 6. Clear KEK, DB and DBX as well as PK when user request to clear platform keys. 7. Check duplicated EFI_SIGNATURE_DATA for Variable formatted as EFI_SIGNATURE_LIST when APPEND_WRITE attribute is set. 8. Not change SecureBoot Variable in runtime, only update it in boot time since this Variable indicates firmware operating mode. 9. Save time stamp of PK when PK is set with TIME_BASED_WRITE_ACCESS attribute in setup mode. 10. Update to use PcdMaxVariableSize instead of PcdMaxAppendVariableSize for append operation. Signed-off-by: xdu2 Reviewed-by: tye git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12599 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-19Support Variable driver ↵niruiyu
(VariableAuthenticatedPei/VariableAuthenticatedRuntimeDxe) to support the default variable data stored in HOB. Signed-off-by: niruiyu Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12554 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-07Sync the fix for recovery mode from MdeModulePkg.gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12290 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-02Add security package to repository.gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-15 21:04:55 +0000