| Age | Commit message (Collapse) | Author |
|---|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Guo Mang <mang.guo@intel.com>
|
|
In current code, PSID is processed as string and the length is 0x20.
Current code only reserved 0x20 length buffer for it, no extra buffer
for the '\0'. When driver call UnicodeStrToAsciiStrS to convert PSID,
it search the '\0' for the end. So extra dirty data saved in PSID
info which caused PSID revert action failed. This patch reserved
extra 1 byte data for the '\0'.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
(cherry picked from commit 4636e4426a31802c25bd8409be9031c4d20324f4)
|
|
AuthVariableLib
Physical Presence state reporting is constrained by physical presence caching in variable driver. For example, reporting must be prior to Physical Presence caching. Physical Presence state becomes constant rather than instant after caching. Therefore, PlatformSecureLib is responsible for reporting Physical Presence state in expected way.
This reverts commit 90fa53213ec458b5c4f8851c09aeb3de977531e5.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
(cherry picked from commit 76bfc7e3ea136412808ad4cf54471c651bdec464)
|
|
The input PeImage in TcgMeasurePeImage() has been checked.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
(cherry picked from commit e39d0569a67f2cac31ad79f8d16f059c27ed82e2)
|
|
The input PeImage in HashPeImage() has been checked.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
(cherry picked from commit 89fb5aef411587661c9a1c00645d46adf76b2fb2)
|
|
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.
In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
(cherry picked from commit 5a8eae9560ddf8422ed1b43aff8612931e472eb6)
|
|
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.
In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
(cherry picked from commit cad19cd3f2ac26de35c545acd29f98c5f4f82f7c)
|
|
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image.
In V2, add specific ImageRead() to make sure the PE/COFF image content
read is within the image buffer.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
(cherry picked from commit 5e9dfc67821b75ab606d8565f0bc1133bbc2a92c)
|
|
EdkII not allow to use #if in source code, also
the code in it already unused. so just remove this
code.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit c9a07555728814bb7d9d8fdf61cdb334b6b5a33d)
|
|
AuthVariableLib is updated to cache the UserPhysicalPresent state to global variable. This avoids calling PlatformSecureLib during runtime and makes PhysicalPresent state consistent during one boot.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
(cherry picked from commit 90fa53213ec458b5c4f8851c09aeb3de977531e5)
|
|
It is the follow up of 3ab41b7a325ca11a12b42f5ad1661c4b6791cb49
to replace UnicodeStrToAsciiStr/AsciiStrToUnicodeStr with
UnicodeStrToAsciiStrS/AsciiStrToUnicodeStrS.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
(cherry picked from commit b7c7179338ace62c76e39f1270cfce0fc57ae73f)
|
|
For current implementation, if the device is pyrite type, driver
will suppress the "keep user data" option. Base on the feedback
from user, they prefer to keep the menu but gray out it. Now base
on this feedback to update the driver.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 0efc3be0af3dafffb99e29c569a2c230910678de)
|
|
Fix type casting issue introduced by cd64301398876d0b3700f882b3eea12657510a70
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>
(cherry picked from commit 0c687d02c76592832de73850e1dc81115311318a)
|
|
PcdTcgPhysicalPresenceInterfaceVer
Update Pcd info string for new added PcdTcgPhysicalPresenceInterfaceVer
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
(cherry picked from commit ed3faea45ab85739d48c0612fcde265764b5e3d0)
|
|
TCG PC Client PTP spec defines that if InterfaceType is defined as TIS1.3. All the other fields of the FIFO Interface Identifier Register are skipped.
http://www.trustedcomputinggroup.org/pc-client-specific-platform-tpm-profile-for-tpm-2-0-v43-150126/
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
(cherry picked from commit 3b5624b01454ed0ce1ae2089cc5b091a9cd07ed2)
|
|
Make TCG2 PP version configurable to meet different request. Current default version is 1.3.
http://www.trustedcomputinggroup.org/physical-presence-interface_1-30_0-52/
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
(cherry picked from commit cd64301398876d0b3700f882b3eea12657510a70)
|
|
SecurityPkg\VariableAuthenticated\EsalVariableDxeSal\Variable.c
AutoUpdateLangVariable()
Global->PlatformLangCodes[VirtualMode] = AllocateRuntimeCopyPool
(DataSize, Data);
ASSERT (mVariableModuleGlobal->PlatformLangCodes[VirtualMode] != NULL);
The patch is to use Global instead of mVariableModuleGlobal in the
ASSERT (XXX) to make code more clear although mVariableModuleGlobal is
equal to Global actually.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Amy Chan <amy.chan@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Amy Chan <amy.chan@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
(cherry picked from commit 5b03f1b5145dd7e4b3ac7bcdd05f03597b461989)
|
|
For Pyrite SSC device, it may not supports Active Key, So
add check logic before enable it.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 6e7423c3c2ff56c9256b92a845b3e0c959ab0d74)
|
|
The BlockSid feature is not depend on lock status,
so move the send BlockSid command out of unlock process.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 3f250a944d691d2169fa3834c89eed7235b735ae)
|
|
BlockSid feature can be retrieve from the header info.
Update the logic, check BlockSid capability before use it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 69cd129471c3507d6be0b9e993a020ddef38692e)
|
|
Not all opal device support BlockSid feature. So Add
code logic to check the capability before send BlockSid
command.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit be08755355ef16bf86ebed01762c6c9cb319b48a)
|
|
The BlockSid feature is a global level feature instead
of device level feature. So move the menu from device page
to the main page.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 8d3d84508f06d1b7c8269deb16f234646b0a4585)
|
|
Check the BlockSid feature capability through check
BlockSid header in the DiscoveryHeader.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit b20e0d29fa99d7e6126930e133afada55ad1bc66)
|
|
The ComId for Block SID authentication command is
0x0005 according to "TCG Storage Feature Set: Block
SID Authentication Specification Version 1.0.0". Update code to
follow this spec requirement.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 81c1b6df92184f07446b6cf197b18c61ad8b73f0)
|
|
Disable SecureBoot Enable/Disable feature when PhysicalPresence is not available,
Since SecureBootEnable is protected with PhysicalPresence.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
(cherry picked from commit e8903bb7bf3f975ce8d1986bdbbaaf05c29c0e2b)
|
|
Change design to always install opal menu.
Current implementation only install menu when device connect.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit f14307489f7a50415239211d76a4a4190db22deb)
|
|
In image verification, if image verified pass in DBT, still need to verify if it is blocked by any other cert/cert hash from DBX.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dick Wilkins <dick_wilkins@phoenix.com>
(cherry picked from commit 91422384d5915a6f14523b3cec557d730c940c6a)
|
|
This patch enhance OPAL password SMM driver to check SMM bar is valid MMIO
besides outside of SMRAM.
This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 009264f5cf0fa0009ff96f307eaac88860a998a8)
|
|
This patch enhance OPAL password lib SMM communication by using fixed
SMM communication buffer.
Update OPAL password lib to consume EDKII_PI_SMM_COMMUNICATION_REGION_TABLE
as fixed communication buffer for SMM communication.
This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 83681c74f07978adbb621a467fe391ae901e2515)
|
|
Enhance the error handling:
1. When the device is unlocked at BIOS phase and system does a warm reboot,
the device may be still in unlock status if it uses external power. For
such case, we would still popup password window to ask user input. If
user presses ESC key here, we would force the system shut down or ask
user input again to avoid security hole.
2. When user reach max retry count, force shutdown.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 72a05f849f18b48586f3103c7457b8d07a02c7dd)
|
|
PK inconsistency issue
Revert previous fix in AuthVariable driver init which breaks
SecureBootEnable original behavior. Add more error handling logic in
SecureBootConfigDxe to prevent wrong display info when SecureBootEnable &
PK inconsistency happens.
Commit hash for the reverted patch in AuthVariable driver is
SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d
(We integrate the change for AuthService.c in commit
126f3b1de02c71fde8e28abc35a46ac5f135b527 on master to AuthVariableLib.c
on UDK2015 branch)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
(cherry picked from commit 126f3b1de02c71fde8e28abc35a46ac5f135b527)
|
|
According to current Pyrite SSC Spec 1.00, there is no parameter
for RevertSP method. So suppress KeepUserData option for the
Pyrite Ssc type device.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit ea2a6eb786c3fa881fdd5146de00c6a48273b4c1)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 1e6844dbe4a3475a10c6ef4019ecff8261eee1f2)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 8207d79b30a16419008d8d6ee3b3a0b1c66aebf2)
|
|
inf file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 89b553bbbf7da04d633bd644aa192bbbf6506c3d)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit cffc006c197a15625aca738e54b6bd4c68f2e2e2)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 56a44df26b9eb56370312e105ab24c59849b2834)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 59ed6433dd84798da6a17366700b057218c04a3a)
|
|
Check the pointer before use it to make the code more safely.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit b4ddf0eb49f7ee41c075b69ed69557f8fa3d5b85)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 3626c583e5223927faa8d33de5ce956f399d52a3)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 7fb312f257d069c49b8818c63b78ab0566fe8c45)
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 9348813c4bcc5ccfe7c1f08f7ffb8b31102f9a30)
|
|
This patch used to enable opal password solution build
in Security package level build.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit d4de4f99dac4a42b43b07ee360212a7bec820640)
|
|
This driver used to unlock device in S3 resume phase.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit cb274a270344cef20d6012eb873fc71a46931a85)
|
|
This driver used to enables opal feature in bios.
It adds setup menu and unlock device process in boot phase.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit a06875e1f040dde20dc46fd349cc655c627c3e83)
|
|
APIs used to support opal password solution to trig opal command.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 1cf00fbdb36fd2f350d92530007483b8831d4340)
|
|
Library APIs used to create commands defined by TCG storage opal spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 9dd05ddec35a4c6d010dcd122d9a715d40d88d9c)
|
|
APIs used to create commands defined by TCG storage core spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
(cherry picked from commit 085dcf01f7f4ed84a0ecc58e46ad5122b26539f9)
|
|
SecurityPkg: Add gEdkiiSecureBootModeGuid definition
Add gEdkiiSecureBootModeGuid definition for Enable Secure Boot feature defined in
UEFI2.5 Mantis 1263. It is a private variable GUID.
https://mantis.uefi.org/mantis/view.php?id=1263
(Sync patch r19132 from main trunk.)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
|
|
SecurityPkg: AuthVariableLib: Customized SecureBoot Mode transition.
Implement Customized SecureBoot Mode transition logic according to Mantis 1263, including AuditMode/DeployedMode/PK update management.
Also implement image verification logic in AuditMode. Image Certificate & Hash are recorded to EFI Image Execution Table.
https://mantis.uefi.org/mantis/view.php?id=1263
(Sync patch r19133 from main trunk.)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
|
