summaryrefslogtreecommitdiff
path: root/SecurityPkg
AgeCommit message (Collapse)Author
2016-09-01SecurityPkg: TPM12CommandLib: Add Response returnCode CheckZhang, Chao B
Check response return code before return from Tpm12Extend and Tpm12PhysicalPresence. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
2016-08-31SecurityPkg: Use IsZeroGuid API for zero GUID checkingHao Wu
Instead of comparing a GUID with gZeroGuid via the CompareGuid API, the commit uses the IsZeroGuid API to check if the given GUID is a zero GUID. Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-08-22SecurityPkg Tcg2: Remove use of module internal API InternalIsZeroBuffer()Hao Wu
This commit removes the internal implementation of the function InternalIsZeroBuffer(). Instead, it will use the API IsZeroBuffer() from BaseMemoryLib in MdePkg. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-22SecurityPkg Tcg2: Rename internal API IsZeroBuffer to InternalIsZeroBufferHao Wu
Before adding API IsZeroBuffer() in BaseMemoryLib at MdePkg, rename the internal implementations of IsZeroBuffer() within SecurityPkg/Tcg modules to avoid breaking bisection. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
2016-08-17SecurityPkg: AuthVariableLib: Fix inconsistent CertDB caseZhang, Chao B
2 steps are used to create/delete a time based variable. For create step 1: Insert Signer Cert to CertDB. Step 2: Insert Payload to Variable. For delete step 1: Delete Variable. Step 2: Delete Cert from CertDB. System may breaks between step 1 & step 2, so CertDB may contains useless Cert in the next reboot. AuthVariableLib choose to sync consistent state between CertDB & Time Auth Variable on initialization. However, it doesn't apply Time Auth attribute check. Now add it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Zeng Star <star.zeng@intel.com>
2016-08-08SecurityPkg DSC: Add build option to disable deprecated APIsHao Wu
Add the following definition in the [BuildOptions] section in package DSC files to disable APIs that are deprecated: [BuildOptions] *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-08-03SecurityPkg OpalPasswordDxe: Fix buffer overflow issue.Dong, Eric
In current code, PSID is processed as string and the length is 0x20. Current code only reserved 0x20 length buffer for it, no extra buffer for the '\0'. When driver call UnicodeStrToAsciiStrS to convert PSID, it search the '\0' for the end. So extra dirty data saved in PSID info which caused PSID revert action failed. This patch reserved extra 1 byte data for the '\0'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Cc: Star Zeng <star.zeng@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-07-22SecurityPkg: AuthVariableLib: Revert UserPhysicalPresent feature from ↵Zhang, Chao B
AuthVariableLib Physical Presence state reporting is constrained by physical presence caching in variable driver. For example, reporting must be prior to Physical Presence caching. Physical Presence state becomes constant rather than instant after caching. Therefore, PlatformSecureLib is responsible for reporting Physical Presence state in expected way. This reverts commit 90fa53213ec458b5c4f8851c09aeb3de977531e5. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-07-14SecurityPkg DxeTpmMeasureBootLib: Add comments in TcgMeasurePeImage()Liming Gao
The input PeImage in TcgMeasurePeImage() has been checked. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14SecurityPkg DxeImageVerificationLib: Add comments in HashPeImage()Liming Gao
The input PeImage in HashPeImage() has been checked. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14SecurityPkg Tcg2Dxe: Add check for the PE/COFF imageLiming Gao
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image. In V2, add specific ImageRead() to make sure the PE/COFF image content read is within the image buffer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14SecurityPkg TrEEDxe: Add check for the PE/COFF image.Liming Gao
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image. In V2, add specific ImageRead() to make sure the PE/COFF image content read is within the image buffer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-14SecurityPkg SecureBootConfigDxe: Add check for the external PE/COFF image.Liming Gao
Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image. In V2, add specific ImageRead() to make sure the PE/COFF image content read is within the image buffer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-11SecurityPkg OpalPasswordSmm: Remove useless code.Eric Dong
EdkII not allow to use #if in source code, also the code in it already unused. so just remove this code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-07-11SecurityPkg: Fix typos in commentsGiri P Mudusuru
- availabe to available Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Giri P Mudusuru <giri.p.mudusuru@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-07-01SecurityPkg/Tcg: Fix bug that prevented SubmitCommand buffers from being Max ↵Zhang, Chao B
size SubmitCommand() was checking the buffer size for ">=" Max size. This would cause code to fail with "EFI_INVALID_PARAMETER" if a buffer was passed that was the "max" size as indicated by the GetCapability() command. Change to ">" to allow for maximum buffer size. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Bret Barkelew <brbarkel@microsoft.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-06-29SecurityPkg: Update PlatformSecureLibNull with PCD to get physical presence.Liming Gao
This is an incompatible change. It uses PcdUserPhysicalPresence value instead of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE, this patch changes UserPhysicalPresent() return value from TRUE to FALSE. From Security point, it is not safe to always return TRUE. If user wants this behavior, he can still configure PcdUserPhysicalPresence value to TRUE in the platform DSC file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-29SecurityPkg: Add PcdUserPhysicalPresence to indicate use physical presence.Liming Gao
This PCD supports all configuration type. Its default value is FALSE. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-28SecurityPkg: AuthVariableLib: Cache UserPhysicalPresent in AuthVariableLibZhang, Chao B
AuthVariableLib is updated to cache the UserPhysicalPresent state to global variable. This avoids calling PlatformSecureLib during runtime and makes PhysicalPresent state consistent during one boot. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
2016-06-21SecurityPkg: Replace UnicodeStrToAsciiStr/AsciiStrToUnicodeStrStar Zeng
It is the follow up of 3ab41b7a325ca11a12b42f5ad1661c4b6791cb49 to replace UnicodeStrToAsciiStr/AsciiStrToUnicodeStr with UnicodeStrToAsciiStrS/AsciiStrToUnicodeStrS. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-06-16SecurityPkg: SecurityPkg.uni: Update info string for ↵Zhang, Chao B
PcdTcgPhysicalPresenceInterfaceVer Update Pcd info string for new added PcdTcgPhysicalPresenceInterfaceVer Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-06-16SecurityPkg: Tcg2Smm: Fix type casting issueZhang, Chao B
Fix type casting issue introduced by cd64301398876d0b3700f882b3eea12657510a70 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Gao Liming <liming.gao@intel.com>
2016-06-16SecurityPkg/TcgStorageOpalLib: Avoid using special word in commentsEric Dong
Cc: Shumin Qiu <shumin.qiu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-06-16SecurityPkg OpalPasswordDxe: gray out menu instead of suppress it.Eric Dong
For current implementation, if the device is pyrite type, driver will suppress the "keep user data" option. Base on the feedback from user, they prefer to keep the menu but gray out it. Now base on this feedback to update the driver. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-06-12SecurityPkg: Tcg2Smm: Enhance TIS interface detectionZhang, Chao B
TCG PC Client PTP spec defines that if InterfaceType is defined as TIS1.3. All the other fields of the FIFO Interface Identifier Register are skipped. http://www.trustedcomputinggroup.org/pc-client-specific-platform-tpm-profile-for-tpm-2-0-v43-150126/ Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
2016-06-12SecurityPkg: Tcg2Smm: Make TCG2 PP version configurableZhang, Chao B
Make TCG2 PP version configurable to meet different request. Current default version is 1.3. http://www.trustedcomputinggroup.org/physical-presence-interface_1-30_0-52/ Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-06-08SecurityPkg : Tpm12DeviceLibDTpm: Fix TPM12 wrong Response Tag checkZhang, Chao B
TcgDxePassThroughToTpm should be able to handle all TPM12 Command & Response correctly. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
2016-06-03SecurityPkg EsalVariableDxeSal: Use input Global to make code more clearStar Zeng
SecurityPkg\VariableAuthenticated\EsalVariableDxeSal\Variable.c AutoUpdateLangVariable() Global->PlatformLangCodes[VirtualMode] = AllocateRuntimeCopyPool (DataSize, Data); ASSERT (mVariableModuleGlobal->PlatformLangCodes[VirtualMode] != NULL); The patch is to use Global instead of mVariableModuleGlobal in the ASSERT (XXX) to make code more clear although mVariableModuleGlobal is equal to Global actually. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Amy Chan <amy.chan@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Amy Chan <amy.chan@intel.com> Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-05-19SecurityPkg/DxeImageVerificationLib: Add DEBUG messages for image ↵Cinnamon Shia
verification failures Add DEBUG messages in DxeImageerificationLib to help debug Secure Boot image verification failures Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Cinnamon Shia <cinnamon.shia@hpe.com> Reviewed-by: Samer EL-Haj-Mahmoud <elhaj@hpe.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-17SecurityPkg: Use PcdGet32() to access PcdPeiCoreMaxFvSupportedLiming Gao
FixedPcdGet32() limits PcdPeiCoreMaxFvSupported type as FixedAtBuild. PcdGet32() allows PCD be configured as FixedAtBuild or PatchableInModule. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-16SecurityPkg: Remove non-ASCII character from TPM warning stringsZhang, Chao B
Remove a non-ASCII apostrophe character from TPM_WARNING_MAINTAIN message Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-12SecurityPkg OpalPasswordDxe: Error handling enhance when input password.Eric Dong
Enhance the error handling: 1. When the device is unlocked at BIOS phase and system does a warm reboot, the device may be still in unlock status if it uses external power. For such case, we would still popup password window to ask user input. If user presses ESC key here, we would force the system shut down or ask user input again to avoid security hole. 2. When user reach max retry count, force shutdown. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-11Security/OpalPasswordDxe: Enhance the logic in RouteConfig/ExtractConfigDandan Bi
Make the implementation of RouteConfig/ExtractConfig function follow the UEFI spec. Cc: Eric Dong <eric.dong@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
2016-05-11SecurityPkg: SecureBootConfigDxe: Add NULL pointer checkZhang, Chao B
Add SecureBoot NULL pointer check before reference it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com> Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
2016-05-09SecurityPkg TcgStorageOpalLib: Check the capability before use.Dong, Eric
For Pyrite SSC device, it may not supports Active Key, So add check logic before enable it. Cc: Feng Tian <feng.tian@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-09SecurityPkg: Cleanup unused structure definitionJiaxin Wu
This patch is used to cleanup unused structure definition. Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-05-05SecurityPkg OpalPasswordSmm: Always execute BlockSid command.Eric Dong
The BlockSid feature is not depend on lock status, so move the send BlockSid command out of unlock process. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05SecurityPkg OpalPasswordSmm: Enhance BlockSid Logic.Eric Dong
BlockSid feature can be retrieve from the header info. Update the logic, check BlockSid capability before use it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05SecurityPkg OpalPasswordDxe: Check BlockSid capability before send command.Eric Dong
Not all opal device support BlockSid feature. So Add code logic to check the capability before send BlockSid command. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05SecurityPkg OpalPasswordDxe: Change BlockSid position.Eric Dong
The BlockSid feature is a global level feature instead of device level feature. So move the menu from device page to the main page. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05SecurityPkg TcgStorageOpalLib: Check BlockSid capability.Eric Dong
Check the BlockSid feature capability through check BlockSid header in the DiscoveryHeader. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05SecurityPkg TcgStorageOpalLib: Update ComId for Block SID command.Eric Dong
The ComId for Block SID authentication command is 0x0005 according to "TCG Storage Feature Set: Block SID Authentication Specification Version 1.0.0". Update code to follow this spec requirement. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05SecurityPkg: SecureBootConfigDxe: Disable SecureBoot Enable/Disable in some caseZhang, Chao B
Disable SecureBoot Enable/Disable feature when PhysicalPresence is not available, Since SecureBootEnable is protected with PhysicalPresence. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-04SecurityPkg OpalPasswordDxe: Install menu without device dependency.Eric Dong
Change design to always install opal menu. Current implementation only install menu when device connect. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-04SecurityPkg: SecureBootConfigDxe: Remove SecureBoot UI change for Customized ↵Zhang, Chao B
Secure Boot Remove SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. The feature has been moved to https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot Previous check-in hash is SHA-1: 96832eefea1025c130979dec9b7da069f77bcd96 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-04SecurityPkg: AuthVariableLib: Remove Customized SecureBoot Mode transition.Zhang, Chao B
Remove Customized SecureBoot Mode transition logic for Mantis 1263, including AuditMode/DeployedMode/PK update management. Also remove image verification logic in AuditMode. The feature has been moved to https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot Previous check-in hash is SHA-1: 4fc08e8d683522f255727626197d919a40d4836c Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-04SecurityPkg: Remove gEdkiiSecureBootModeGuid definitionZhang, Chao B
Remove gEdkiiSecureBootModeGuid definition for Customized Secure Boot feature defined in UEFI2.5 Mantis 1263. It is a private variable GUID. The feature has been moved to https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot Previous check-in hash is SHA-1: af9af05bec5b1880f8e4f9142ecc0044fd0acb33 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
2016-05-03SecurityPkg: Update servers TCG ACPI Table template to TCG 1.2Samer El-Haj-Mahmoud
Update the TCG Spec in the the EFI_TCG_SERVER_ACPI_TABLE from TCG 1.0 to TCG 1.2 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com> Signed-off-by: Derek Lin <derek.lin2@hpe.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03SecurityPkg: Reduce DEBUG verbosity in Tcg2DxeDerek Lin
Reduce several DEBUG messages verbosity from INFO to VERBOSE, so that will not see debug message around each driver loading when TPM 2.0 part present. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Derek Lin <derek.lin2@hpe.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-05-03SecurityPkg: Fix TPM 1.2 NV Storage Command Size byte orderSamer El-Haj-Mahmoud
Fix Tpm12NvWriteValue() command/response length byte order. Tpm12SubmitCommand() was using the value from Command.Hdr.paramSize which was swapped to be Big Endian, but the function was expecting it in UINT32 Little Endian Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com> Signed-off-by: Derek Lin <derek.lin2@hpe.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>