summaryrefslogtreecommitdiff
path: root/SecurityPkg
AgeCommit message (Collapse)Author
2012-04-28 Enhances PE image hash algorithm in DxeImageVerificationLib and ↵tye1
DxeTpmMeasureBootLib. Signed-off-by: Ye Ting<ting.ye@intel.com> Reviewed by: Dong, Eric <yong.dong@intel.com> Reviewed by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13228 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-26Patch include:ydong10
1.Change function name to avoid name conflict. 2.Refine check for Pe Image. Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13220 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-24Update copyright formathhtian
Signed-off-by: Hot Tian <hot.tian@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13213 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-24Validate some fields in PE image to make sure not access violation for later ↵ydong10
code. Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13211 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-23Fix common AuthVariable protection issue.tye1
Signed-off-by: Ye Ting<ting.ye@intel.com> Reviewed by: Fu, Siyuan <siyuan.fu@intel.com> Reviewed by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13204 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-18Update comments for NULL PlatformSecureLib instance.sfu5
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13202 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-12Update the default return value of UserPhysicalPresent to TRUE.sfu5
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13191 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-11EDK II Packages: Add Contributions.txt and License.txt filesjljusten
Contributions.txt documents the contribution process for all tianocore projects. The conents of Contributions.txt should match in all cases. License.txt is a per-project document showing the license terms used by that project. Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13187 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-05Add pointer check for NULL before dereference it.sfu5
Signed-off-by: Fu, Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13162 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-31Update common authenticated variable (non PK/KEK/DB/DBX) support to comply ↵tye1
with latest UEFI spec. Signed-off by: tye1 Reviewed-by: geekboy15a Reviewed-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13157 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-30If setting variable in Runtime and there has been a same GUID and name ↵lzeng14
variable existed in system without RT attribute, return EFI_WRITE_PROTECTED. Signed-off-by: lzeng14 Reviewed-by: tye git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13156 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-291. Fix UNIXGCC IPF build failure in SecurityPkg.sfu5
Signed-off-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13152 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-281. Fix GCC build failure in SecurityPkg.sfu5
Signed-off-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13146 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-271. Remove “Force clear PK” feature in AuthVarialbe driver.sfu5
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib. 2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature. 3. Fix some bugs in AuthVariable driver. Signed-off-by: sfu5 Reviewed-by: tye Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-261. Update AuthVarialbe driver to avoid integer overflow when using ↵sfu5
EFI_VARIABLE_AUTHENTICATION_2 descriptor. Signed-off-by: sfu5 Reviewed-by: tye Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13120 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-191. Add more error handling code to DxeImageVerificationLib and BaseCryptLib.sfu5
Signed-off-by: sfu5 Reviewed-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13109 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-09Fix system reboot automatically if changing the value of [TPM operation]gdong1
Signed-off-by: gdong1 Reviewed-by: tye1 Reviewed-by: qianouyang git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13089 6f19259b-4bc3-4df7-8a09-765794883524
2012-02-27Remove ASSERT to let DXE core return gracefully when loading an invalid image.gdong1
Signed-off-by: gdong1 Reviewed-by: jyao1 Reviewed-by: CZhang46 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13035 6f19259b-4bc3-4df7-8a09-765794883524
2012-02-01Add Missing invocations to VA_END() for VA_START().rsun3
Signed-off-by: rsun3 Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12979 6f19259b-4bc3-4df7-8a09-765794883524
2012-01-05Remove illegal TPL usage.gdong1
Signed-off-by: gdong1 Reviewed-by: niruiyu Reviewed-by: tye1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12908 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-19Update the process of some question from EFI_BROWSER_ACTION_CHANGED to ↵ydong10
EFI_BROWSER_ACTION_CHANGING. Signed-off-by: ydong10 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12885 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-15Update for SecurityPkg.ydong10
Per UEFI spec, on CallBack action EFI_BROWSER_ACTION_CHANGING, the return value of ActionRequest will be ignored, but on CallBack action EFI_BROWSER_ACTION_CHANGED, the return value of ActionRequest will be used. But, EDKII browser still processes the got ActionRequest. And, all HII drivers in EDKII project also returns their expected ActionRequest value on action EFI_BROWSER_ACTION_CHANGING. Now update the browser to follow the spec, and update all core Hii drivers to keep old working modal. Signed-off-by: ydong10 Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12868 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-14Update SecurityPkg package versions from 0.91 to 0.92.gdong1
Signed-off-by: gdong1 Reviewed-by: hhtian Reviewed-by: tye git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12850 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13SecurityPkg/VariableAuthenticated: Check if there is a NV Variable Storage ↵oliviermartin
header prior to use its attributes The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at the base address. In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength' is a non valid value that can lead to a non valid physical address when accessing produces an access error. Signed-off-by: oliviermartin Reviewed-by: rsun3 Reviewed-by: niruiyu git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12845 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-13Update SignatureSupport variable to reflect firmware capability.gdong1
Signed-off-by: gdong1 Reviewed-by: tye Reviewed-by: sfu5 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12843 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-091. Fix a bug when verify the CertType GUID in authentication variable data ↵sfu5
payload. Signed-off-by: sfu5 Reviewed-by: tye1 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12831 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-02Update a return status for UEFI spec compliance.gdong1
Signed-off-by: gdong1 Reviewed-by: tye git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12813 6f19259b-4bc3-4df7-8a09-765794883524
2011-12-01Remove duplicated AML code definitions as they have been added to common header.lzeng14
Signed-off-by: lzeng14 Reviewed-by: jyao1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12807 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-23Update code to follow coding style. Mainly change about:ydong10
1. Remove duplicate lib 2. Refine the name for enum member. Signed-off-by: ydong10 Reviewed-by: lgao4 Reviewed-by: gdong1 Reviewed-by: vanjeff git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12767 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-231. Check input PK/KEK variable data to make sure it is a valid ↵sfu5
EFI_SIGNATURE_LIST. Signed-off-by: sfu5 Reviewed-by: gdong1 Reviewed-by : czhan46 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12765 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-21Initialize the variable before use it to avoid SCT test failed.ydong10
Signed-off-by: ydong10 Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12744 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-17Change IPF version AuthVariable driver to support multiple-platform feature.niruiyu
Signed-off-by: rni2 Reviewed-by: erictian git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12730 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-16Make comments to be consistent with the parameter.gdong1
Signed-off-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12718 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-15Update ConfigAcess Protocol which is produced by SecureBootConfigDxe to ↵qianouyang
follow the UEFI SPEC (Handle the Request parameter is NULL in ExtractConfig interface). Signed-off-by: qianouyang Reviewed-by: ydong10 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12707 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-04Add debug information for secure boot test convenient.gdong1
Signed-off-by: gdong1 Reviewed-by: tye Reviewed-by: xdu2 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12660 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-01Enhance drivers for sanity check and coding style alignment.gdong1
Signed-off-by: gdong1 Reviewed-by: ydong10 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12622 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-29Correct file path separator to Linux style for all OS.lgao4
Signed-off-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12603 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28SecurityPkg: Update VariableAuthenticated driver with following changes:xdu2
1. Remove memory allocation code in runtime. 2. Exclude NULL terminator in VariableName for serialization data in time-based variable authentication. 3. Add support for enroll PK with WRITE_ACCESS attribute. 4. Initialize SetupMode variable with correct NV attribute. 5. Add support for APPEND_WRITE attribute for non-existing Variable. 6. Clear KEK, DB and DBX as well as PK when user request to clear platform keys. 7. Check duplicated EFI_SIGNATURE_DATA for Variable formatted as EFI_SIGNATURE_LIST when APPEND_WRITE attribute is set. 8. Not change SecureBoot Variable in runtime, only update it in boot time since this Variable indicates firmware operating mode. 9. Save time stamp of PK when PK is set with TIME_BASED_WRITE_ACCESS attribute in setup mode. 10. Update to use PcdMaxVariableSize instead of PcdMaxAppendVariableSize for append operation. Signed-off-by: xdu2 Reviewed-by: tye git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12599 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28SecurityPkg: Update DxeImageVerificationLib with following changes:xdu2
1. Update to check image digest against dbx before execute it. 2. Update to support revoke certificate. 3. Update to support enroll unsigned PE image's Hash to allowed database (db). (Note: Unsigned Image's Hash is calculated in the same way with authenticode, the algorithm is assumed to be SHA256.) Signed-off-by: xdu2 Reviewed-by: tye Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12598 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28Remove a unnecessary Macro in SecureBootConfigImpl.h.qianouyang
Signed-off-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12588 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-28Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is ↵qianouyang
under Setup browser. Signed-off-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-26Update UID drivers to align with latest UEFI spec 2.3.1.gdong1
Signed-off-by: gdong1 Reviewed-by: tye Reviewed-by: qianouyang git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12567 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-19Support Variable driver ↵niruiyu
(VariableAuthenticatedPei/VariableAuthenticatedRuntimeDxe) to support the default variable data stored in HOB. Signed-off-by: niruiyu Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12554 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-14Add pointer check for NULL before dereference it.sfu5
Signed-off-by: sfu5 Reviewed-by: tye git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12537 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-12Fix build failure with MS ASL compiler.gdong1
Signed-off-by: gdong1 Reviewed-by: jyao1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12531 6f19259b-4bc3-4df7-8a09-765794883524
2011-10-12 Update UID drivers to align with latest UEFI spec 2.3.1.gdong1
Directly use ImageHandle instead of &ImageHandle for wrong usage in TCG physical presence library. Signed-off-by: gdong1 Reviewed-by: xdu2 Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12530 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-27Implement Tcg physical presence as a library instead of DXE driver in order ↵gdong1
that TPM can be locked as early as possible. Signed-off-by: gdong1 Reviewed-by: hhtian Reviewed-by: niruiyu Reviewed-by: xdu2 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12447 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-211. Enhance DxeImageVerificationLib to avoid some corrupted input.hhuan13
Signed-off-by: hhuan13 Reviewed-by: qlong git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12399 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-211. Enhance AuthVar driver to avoid process corrupted certificate input.hhuan13
Signed-off-by: hhuan13 Reviewed-by: ftian git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12398 6f19259b-4bc3-4df7-8a09-765794883524
2011-09-18Clean up the private GUID definition in module Level.lgao4
0. Remove the unused private GUID from module source files. 1. Use gEfiCallerIdGuid replace of the private module GUID. 2. Add the public header files to define HII FormSet and PackageList GUID used in every HII driver. Signed-off-by: lgao4 Reviewed-by: ydong10 gdong1 tye jfan12 wli12 rsun3 jyao1 ftian git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12375 6f19259b-4bc3-4df7-8a09-765794883524