summaryrefslogtreecommitdiff
path: root/SecurityPkg
AgeCommit message (Collapse)Author
2015-07-07SecurityPkg: Remove mZeroGuid definition in DxeTpmMeasureBootLibHao Wu
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the mZeroGuid defined in DxeTpmMeasureBootLib is redundant. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17844 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-07SecurityPkg: Remove mTrEEZeroGuid definition in DxeTpm2MeasureBootLibHao Wu
MdeModulePkg has defined gZeroGuid in 'Guid/ZeroGuid.h', therefore, the mTrEEZeroGuid defined in DxeTpm2MeasureBootLib is redundant. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17843 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-03SecurityPkg: Calculate the length of the String.Zhang Lubo
When the two concatenated strings are both not null, the total length in bytes of them should calculate the character '\0' once. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Reviewed-by: jiaxinwu <jiaxin.wu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17820 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-01SecurityPkg: Delete Auth Variable driverStar Zeng
1. Delete TpmMeasurementLib LibraryClass from SecurityPkg after it moved to MdeModulePkg. 2. Update DxeTpmMeasurementLib.inf to include MdeModulePkg.dec. 3. Delete authenticated variable definition from AuthenticatedVariableFormat.h after them moved to VariableFormat.h. 4. Replace VARIABLE_HEADER with AUTHENTICATED_VARIABLE_HEADER in EsalVariableDxeSal. 5. Delete VariableInfo from SecurityPkg after it merged to VariableInfo in MdeModulePkg. 6. Delete VariablePei from SecurityPkg after it merged to VariablePei in MdeModulePkg. 7. Delete Auth Variable driver from SecurityPkg after it merged to Variable driver in MdeModulePkg. 8. Also update PACKAGE_GUID and PACKAGE_VERSION in SecurityPkg.dec after the deletion of authenticated variable definition, VariableInfo, VariablePei and Auth Variable driver from SecurityPkg; update PLATFORM_VERSION in SecurityPkg.dsc. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17772 6f19259b-4bc3-4df7-8a09-765794883524
2015-07-01SecurityPkg: Implement AuthVariableLib library instanceStar Zeng
What to do: 1. Implement AuthVariableLib library instance. 2. Temporarily add VARIABLE_ENTRY_CONSISTENCY and variable attribute combinations definitions to AuthenticatedVariableFormat.h for git bisect. Why to do: 1. Share code. Separate auth variable service from Auth Variable driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit and be used by different implementation of Auth Variable drivers. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17758 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-29SecurityPkg: Add MD5 support to Hash2DxeCryptoJonathan Doman
MD5 is part of the HASH2 protocol and it's trivial to support. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jonathan Doman <jonathan.doman@hp.com> Reviewed-by: Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hp.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17729 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-26SecurityPkg/TcgMor: move TPer Reset operation to this moduleTian Feng
The TPer Reset operation is a common logic. So it's added into SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf module and would be triggered at EndOfDxe. By this way, all encrypted drives which produce EFI_STORAGE_SECURITY_ RPOTOCOL interface would be force reset when MOR is set. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Tian Feng <feng.tian@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17718 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-23SecurityPkg: Provide correct file GUID for Pkcs7VerifyDxeChao Zhang
Provide correct file GUID for Pkcs7VerifyDxe Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17688 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-23SecurityPkg: Fix wrong calculation of ImageExeInfoEntrySizeLiming Gao
Per UEFI spec, EFI_IMAGE_EXECUTION_INFO structure is updated to comment Signature field. So, its structure doesn't include Signature field. But, ImageExeInfoEntrySize uses its structure size minor Signature size. It will be corrected in this change. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17687 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-19SecurityPkg: Add UEFI-2.5 PKCS7 Verification Protocol SupportQin Long
This patch adds the support for PKCS7 Verification Protocol which was defined in UEFI 2.5. (NOTE: The VerifySignature interface was not supported in this version, due to openssl interface limitation) Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17670 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-11SecurityPkg Variable: Move VariableLock install into SmmVariableReady().Star Zeng
VariableLock in VariableSmmRuntimeDxe.c is installed in EntryPoint now. It works based on SMM variable handler by SMM communication with payload buffer. But the payload buffer and SMM variable handler will be not ready in EntryPoint before SmmVariableReady() call back. VarCheck in VariableSmmRuntimeDxe.c has the same issue, so move VarCheck install into SmmVariableReady() also. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17625 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-10SecurityPkg Variable: Support the new introduced PcdMaxAuthVariableSize.Star Zeng
1. If PcdMaxAuthVariableSize is set to 0, keep current behavior as is and PcdMaxVariableSize used. 2. If PcdMaxAuthVariableSize is set to non 0, it will work on authenticated variables. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17610 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-09SecurityPkg: Fix wrong cert data measurement in DBX pathChao Zhang
Fix wrong cert data measurement when image is rejected by DBX Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17591 6f19259b-4bc3-4df7-8a09-765794883524
2015-06-08SecurityPkg Variable: Add SysPrepOrder and SysPrep#### to global list.Star Zeng
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17578 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-21Remove Framework HII "class\subclass" in all VFRDandan Bi
class/subclass is the obseleted key word in VFR file. It is designed in framework HII. After convert to UEFI HII, it is not used any longer. Now remove them from VFR Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17493 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-19Add comments for INF file to declare guid/protocol usage.Yao, Jiewen
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17469 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-19SecurityPkg Variable: Prevent BS variable update in legacy OS runtime.Star Zeng
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17468 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-14SecurityPkg: Add more comments for PcdTpmInstanceGuidLiming Gao
When PcdTpmInstanceGuid is configured to other value, it means other TPM 2.0 device. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17446 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-11SecurityPkg: Update SecureBootConfigDxe to support ARM imageArd Biesheuvel
Update SecureBootConfigDxe component to allow the enrollment of the digests of EFI executable that are built for ARM or AARCH64. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17406 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-11SecurityPkg Variable: Make PK & SecureBootMode consistentChao Zhang
PK can be cleared in runtime. However SecureBootMode variable is not updated accordingly. Add code in variable init to make them consistent. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17401 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-08Hash2 driver to [Components.IA32, Components.X64, Components.IPF] section.Yao, Jiewen
Because Hash2 need CryptoLib/Openssl, while latter does not support EBC build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17365 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-07SecurityPkg: remove unused variablesArd Biesheuvel
This removes various unused variables from SecurityPkg whose presence is causing failed builds. Contributed-under: TianoCore Contribution Agreement 1.0 Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Olivier Martin <olivier.martin@arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17354 6f19259b-4bc3-4df7-8a09-765794883524
2015-05-05Add UEFI2.5 HASH protocol implementation.Yao, Jiewen
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> Reviewed-by: "Long, Qin" <Qin.Long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17288 6f19259b-4bc3-4df7-8a09-765794883524
2015-04-10SecurityPkg Variable: Enhance the code logic about VariableLockStar Zeng
to just return EFI_SUCCESS if the variable has been in the locked list. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17140 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-17SecurityPkg Variable: Reuse scratch data area(at the end of volatile ↵Star Zeng
variable store) as serialization runtime buffer to reduce SMRAM consumption for SMM variable driver. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17059 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-17SecurityPkg Variable: Update code in ProcessVariable () toStar Zeng
check IsDeleteAuthVariable () first and then check UserPhysicalPresent () to avoid the case below. PcdSetXX (a DynamicHii PCD) -> gRT->SetVariable () -> UserPhysicalPresent () -> PcdGetXX () Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17058 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-13SecurityPkg Variable: Initialize Status in ProcessVariable().Star Zeng
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17048 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-13SecurityPkg: Fix typo.Shumin Qiu
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17047 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-13SecurityPkg Variable: Allow the delete operation of common auth variable at ↵Star Zeng
user physical presence. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17042 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-09SecurityPkg Variable: Keep the behavior of Variable Dxe and SMM drivers ↵Star Zeng
consistent to return EFI_NOT_FOUND when a specified variable doesn't exist and Data parameter is NULL but DataSize parameter is valid in GetVariable() invocation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17031 6f19259b-4bc3-4df7-8a09-765794883524
2015-03-04Add performance optimization for Tcg/TrEE.Yao, Jiewen
Add error check for Tcg/TrEE Pei/Dxe driver to avoid unnecessary hardware check for performance optimization. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zeng, Star" <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17004 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-05Add the missed local variable initialization to remove the possible warning.Long, Qin
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16763 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-05SecurityPkg: Cleanup gEfiSmmAccess2ProtocolGuid reference.Star Zeng
As the driver does not reference gEfiSmmAccess2ProtocolGuid explicitly now after SmmMemLib introduced. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16761 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-04Correct the DBX and Certificate Hash Checking.Long, Qin
Add the missed image signature verification against DBX; and add the missed logic to enhance the certificate hash checking when handling DB database. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16744 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-03*/Contributions.txt: Update example email addressJordan Justen
Use the example.com domain as recommended in RFC 2606. NOTE: This does not modify the wording of the "TianoCore Contribution Agreement 1.0" section Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Bruce Cran <bruce.cran@gmail.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16724 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02Use SmmMemLib to check communication buffer.Yao, Jiewen
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Gao, Liming" <liming.gao@intel.com> Reviewed-by: "Fan, Jeff" <jeff.fan@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16695 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02SecurityPkg Variable: Introduce PcdReclaimVariableSpaceAtEndOfDxeStar Zeng
for trying to reclaim variable space at EndOfDxe. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16688 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02SecurityPkg Variable: Before EndOfDxe, just record the current boot ↵Star Zeng
VarErrorFlag to local variable. And leave the variable error flag in NV flash as the last boot variable error flag. After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash will be initialized to this local current boot variable error flag. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16686 6f19259b-4bc3-4df7-8a09-765794883524
2015-02-02SecurityPkg Variable: Before EndOfDxe, just record the current boot ↵Star Zeng
VarErrorFlag to local variable. And leave the variable error flag in NV flash as the last boot variable error flag. After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash will be initialized to this local current boot variable error flag. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16685 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-27SecurityPkg Variable: Implement variable quota management.Star Zeng
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16670 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-22Add TpmInitializationDonePpi to TPM PEI module.Yao, Jiewen
This PPI will always be installed to notify other drivers that TPM initialization action is done. TPM initialization may success or fail, or even not present. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> Reviewed-by: "Chiu, Chasel" <chasel.chiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16638 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-16Refine the format of GUID in INF files for SecurityPkg.Shumin Qiu
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16616 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-13Correct file path.Yao, Jiewen
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16603 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-13Check in missing patch for TPM error handling.Yao, Jiewen
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16602 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-12Handle TPM device error and avoid deadloop in BDS.Yao, Jiewen
If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled. Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-12Add TPM Physical Presence >=128 operation value support.Yao, Jiewen
The Tcg/TrEE PhysicalPresence library will depend on Tcg/TrEE PpVendor library. The default NULL library instance is provided in this package. OEM can create OemPpVendorLib as override to handle >=128 operation value. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16597 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-08Add TPM12 NV related function.Yao, Jiewen
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16590 6f19259b-4bc3-4df7-8a09-765794883524
2015-01-05SecurityPkg Variable: Implement VarCheck PROTOCOLStar Zeng
and follow UEFI spec to check UEFI defined variables. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16580 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-31Remove the FV header assumption in variable driver.Dong Guo
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Gao Liming <liming.gao@intel.com> Reviewed-by: Zeng Star <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16565 6f19259b-4bc3-4df7-8a09-765794883524
2014-12-25Correct the Hash Calculation for Revoked X.509 Certificate to align with ↵Long, Qin
RFC3280 and UEFI 2.4 Spec. This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524