summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Library
Commit message (Collapse)AuthorAgeFilesLines
* SecurityPkg: Fix typo.Shumin Qiu2015-03-131-2/+2
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17047 6f19259b-4bc3-4df7-8a09-765794883524
* Add the missed local variable initialization to remove the possible warning.Long, Qin2015-02-051-0/+1
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16763 6f19259b-4bc3-4df7-8a09-765794883524
* Correct the DBX and Certificate Hash Checking.Long, Qin2015-02-041-10/+92
| | | | | | | | | | | | | Add the missed image signature verification against DBX; and add the missed logic to enhance the certificate hash checking when handling DB database. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16744 6f19259b-4bc3-4df7-8a09-765794883524
* Refine the format of GUID in INF files for SecurityPkg.Shumin Qiu2015-01-162-4/+4
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16616 6f19259b-4bc3-4df7-8a09-765794883524
* Handle TPM device error and avoid deadloop in BDS.Yao, Jiewen2015-01-124-32/+22
| | | | | | | | | | | | | | If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled. Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM Physical Presence >=128 operation value support.Yao, Jiewen2015-01-1210-152/+538
| | | | | | | | | | | | | | | The Tcg/TrEE PhysicalPresence library will depend on Tcg/TrEE PpVendor library. The default NULL library instance is provided in this package. OEM can create OemPpVendorLib as override to handle >=128 operation value. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16597 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM12 NV related function.Yao, Jiewen2015-01-082-0/+256
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16590 6f19259b-4bc3-4df7-8a09-765794883524
* Correct the Hash Calculation for Revoked X.509 Certificate to align with ↵Long, Qin2014-12-251-4/+14
| | | | | | | | | | | | | RFC3280 and UEFI 2.4 Spec. This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
* Correct AuthHandle definition for Tpm2SetPrimaryPolicy.Yao, Jiewen2014-12-231-1/+1
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Long, Qin" <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16549 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM2 commands which might be used in provision.Yao, Jiewen2014-12-231-0/+78
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> Reviewed-by: "Long, Qin" <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16548 6f19259b-4bc3-4df7-8a09-765794883524
* Use better coding style.Yao, Jiewen2014-12-191-1/+1
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Qiu, Shumin" <shumin.qiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16540 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM2 commands which might be used in field upgrade.Yao, Jiewen2014-12-125-0/+653
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> Reviewed-by: "Long, Qin" <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16505 6f19259b-4bc3-4df7-8a09-765794883524
* correct a data type error.Dong Guo2014-12-111-1/+1
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Dong Eric <eric.dong@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16498 6f19259b-4bc3-4df7-8a09-765794883524
* Add failed image Name in the Image Execution Information Table.Dong Guo2014-12-101-2/+8
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16493 6f19259b-4bc3-4df7-8a09-765794883524
* Code clean-up to eliminate potential "dereferenced pointer" warning. Qin Long2014-12-031-17/+20
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16468 6f19259b-4bc3-4df7-8a09-765794883524
* Correct the alignment calculation of PE/COFF attribute certificate entry.Qin Long2014-11-261-1/+1
| | | | | | | | | | | | This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449 6f19259b-4bc3-4df7-8a09-765794883524
* UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support ↵Qin Long2014-11-143-70/+490
| | | | | | | | | | | | | | | | | for Secure Boot Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
* Fix execution status & DEBUG message level mismatch. EFI_D_ERROR is used ↵Chao Zhang2014-11-106-14/+14
| | | | | | | | | | only when failure/case can’t be resolved by code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16320 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: Convert non DOS format files to DOS formatGao, Liming2014-09-0326-0/+0
| | | | | | | | | Module UNI and Package UNI files are not DOS format. Convert them to DOS format. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gao, Liming <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16050 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: INF/DEC file updates to EDK II packagesDong, Guo2014-08-284-0/+0
| | | | | | | | | | | | | | | | | | 2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module. a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion. c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion. 3. Add Module Extra UNI file that provides the localized Name of a module. a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file. b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation. c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong, Guo <guo.dong@intel.com> Reviewed-by: Gao, Liming <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15959 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: INF/DEC file updates to EDK II packagesDong, Guo2014-08-2824-0/+0
| | | | | | | | | | | | | | | | | | 2. Add MODULE_UNI_FILE file that contains the localized Abstract and Description of a module. a. Addresses an information gap between INF files and the UEFI Distribution Packaging Specification XML schema b. There will be an associated update to UPT in BaseTools to consume MODULE_UNI_FILE and associated UNI file during UDP creation that performs the INF -> XML conversion. c. There will be an associated update to UPT in BaseTools to produce MODULE_UNI_FILE and associated UNI file during UDP installation that performs the XML -> INF conversion. 3. Add Module Extra UNI file that provides the localized Name of a module. a. [UserExtensions.TianoCore."ExtraFiles"] provides an easy method for a module to specify extra files not listed in [Sources] or [Binaries] sections to be added to a UDP without having to list the files in the UPT package information data file. b. There will be an associated update to UPT in BaseTools to package up files listed in [UserExtensions.TianoCore."ExtraFiles"] during UDP creation. c. UNI file contains localized name of a module to go along with the localized Abstract and Description from the MODULE_UNI_FILE. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong, Guo <guo.dong@intel.com> Reviewed-by: Gao, Liming <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15951 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: INF/DEC file updates to EDK II packagesDong, Guo2014-08-2824-115/+216
| | | | | | | | | | | | 1. Usage information in INF file comment blocks are either incomplete or incorrect. This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes. The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong, Guo <guo.dong@intel.com> Reviewed-by: Gao, Liming <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15950 6f19259b-4bc3-4df7-8a09-765794883524
* 1) Update code to use PcdFixedUsbCredentialProviderTokenFileName and ↵Dong, Guo2014-08-151-2/+2
| | | | | | | | | | | | | PcdMaxVariableSize as patchable PCD instead of FixedAtBuild PCD. 2) Correct a typo in file comments of Tpm12Ownership.c Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong, Guo <guo.dong@intel.com> Reviewed-by: Gao, Liming <liming.gao@intel.com> Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15811 6f19259b-4bc3-4df7-8a09-765794883524
* Contributed-under: TianoCore Contribution Agreement 1.0Michael Kinney2014-08-146-0/+915
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com> Add support for RSA 2048 SHA 256 signing and verification encoded in a PI FFS GUIDED Encapsulation Section. The primary use case of this feature is in support of signing and verification of encapsulated FVs for Recovery and Capsule Update, but can potentially be used for signing and verification of any content that can be stored in a PI conformant FFS file. Signing operations are performed from python scripts that wrap OpenSsl command line utilities. Verification operations are performed using the OpenSsl libraries in the CryptoPkg. The guided encapsulation sections uses the UEFI 2.4 Specification defined GUID called EFI_CERT_TYPE_RSA2048_SHA256_GUID. The data layout for the encapsulation section starts with the UEFI 2.4 Specification defined structure called EFI_CERT_BLOCK_RSA_2048_SHA256 followed immediately by the data. The signing tool included in these patches performs encode/decode operations using this data layout. HashType is set to the UEFI 2.4 Specification defined GUID called EFI_HASH_ALGORITHM_SHA256_GUID. MdePkg/Include/Guid/WinCertificate.h ================================= // // WIN_CERTIFICATE_UEFI_GUID.CertType // #define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } /// /// WIN_CERTIFICATE_UEFI_GUID.CertData /// typedef struct { EFI_GUID HashType; UINT8 PublicKey[256]; UINT8 Signature[256]; } EFI_CERT_BLOCK_RSA_2048_SHA256; MdePkg/Include/Protocol/Hash.h ================================= #define EFI_HASH_ALGORITHM_SHA256_GUID \ { \ 0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \ } The verification operations require the use of public key(s). A new PCD called gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer is added to the SecurityPkg that supports one or more SHA 256 hashes of the public keys. A SHA 256 hash is performed to minimize the FLASH overhead of storing the public keys. When a verification operation is performed, a SHA 256 hash is performed on EFI_CERT_BLOCK_RSA_2048_SHA256.PublicKey and a check is made to see if that hash matches any of the hashes in the new PCD. It is recommended that this PCD always be configured in the DSC file as storage type of [PcdsDynamixExVpd], so the public keys are stored in a protected read-only region. While working on this feature, I noticed that the CRC32 signing and verification feature was incomplete. It only supported CRC32 based verification in the DXE Phase, so the attached patches also provide support for CRC32 based verification in the PEI Phase. I also noticed that the most common method for incorporating guided section extraction libraries was to directly link them to the DXE Core, which is not very flexible. The attached patches also add a generic section extraction PEIM and a generic section extraction DXE driver that can each be linked against one or more section extraction libraries. This provides a platform developer with the option of providing section extraction services with the DXE Core or providing section extraction services with these generic PEIM/DXE Drivers. Patch Summary ============== 1) BaseTools - Rsa2049Sha256Sign python script that can perform test signing or custom signing of PI FFS file GUIDed sections a. Wrapper for a set of OpenSsl command line utility operations b. OpenSsl command line tool must be installed in location that is in standard OS path or in path specified by OS environment variable called OPENSSL_PATH c. Provides standard EDK II command line arguments for a tool that encodes/decodes guided encapsulation section Rsa2048Sha256Sign - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. usage: Rsa2048Sha256Sign -e|-d [options] <input_file> positional arguments: input_file specify the input filename optional arguments: -e encode file -d decode file -o filename, --output filename specify the output filename --private-key PRIVATEKEYFILE specify the private key filename. If not specified, a test signing key is used. -v, --verbose increase output messages -q, --quiet reduce output messages --debug [0-9] set debug level --version display the program version and exit -h, --help display this help text 2) BaseTools - Rsa2049Sha256GenerateKeys python script that can generate new private/public key and PCD value that is SHA 256 hash of public key using OpenSsl command line utilities. a. Wrapper for a set of OpenSsl command line utility operations b. OpenSsl command line tool must be installed in location that is in standard path or in path specified by OS environment variable called OPENSSL_PATH Rsa2048Sha256GenerateKeys - Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. usage: Rsa2048Sha256GenerateKeys [options] optional arguments: -o [filename [filename ...]], --output [filename [filename ...]] specify the output private key filename in PEM format -i [filename [filename ...]], --input [filename [filename ...]] specify the input private key filename in PEM format --public-key-hash PUBLICKEYHASHFILE specify the public key hash filename that is SHA 256 hash of 2048 bit RSA public key in binary format --public-key-hash-c PUBLICKEYHASHCFILE specify the public key hash filename that is SHA 256 hash of 2048 bit RSA public key in C structure format -v, --verbose increase output messages -q, --quiet reduce output messages --debug [0-9] set debug level --version display the program version and exit -h, --help display this help text 3) BaseTools\Conf\tools_def.template a. Define GUID/Tool to perform RSA 2048 SHA 256 test signing and instructions on how to use alternate private/public key b. GUID is EFI_CERT_TYPE_RSA2048_SHA256_GUID c. Tool is Rsa2049Sha256Sign 4) MdeModulePkg\Library\PeiCrc32GuidedSectionExtractionLib a. Add peer for DxeCrc32GuidedSectionExtractionLib so both PEI and DXE phases can perform basic integrity checks of PEI and DXE components 5) MdeModulePkg\Universal\SectionExtractionPei a. Generic PEIM that can link against one or more NULL section extraction library instances to provided one or more GUIDED Section Extraction PPIs 6) MdeModulePkg\Universal\SectionExtractionDxe a. Generic DXE Driver that can link against one or more NULL section extraction library instances to provide one or more GUIDED Section Extraction Protocols. 7) SecurityPkg\Library\PeiRsa2048Sha256GuidedSectionExtractLib a. NULL library instances that performs PEI phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg. b. Based on algorithms from SecurityPkg Authenticated Variable services c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer. 8) SecurityPkg\Library\DxeRsa2048Sha256GuidedSectionExtractLib a. NULL library instances that performs DXE phase RSA 2048 SHA 256 signature verification using OpenSsl libraries from CryptoPkg. b. Based on algorithms from SecurityPkg Authenticated Variable services c. Uses public key from gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer. git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15801 6f19259b-4bc3-4df7-8a09-765794883524
* Correct StrnCat length calculation.jyao12014-08-122-52/+52
| | | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed off by: Jiewen Yao <jiewen.yao@intel.com> Reviewed by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15788 6f19259b-4bc3-4df7-8a09-765794883524
* Clean up code.jyao12014-08-073-9/+9
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed off by: Jiewen Yao <jiewen.yao@intel.com> Reviewed by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15766 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg HashLibBaseCryptoRouterDxe/Tpm2DeviceLibRouterPei: Fixed GCC ↵Star Zeng2014-07-022-4/+4
| | | | | | | | | | build failure after -Wno-missing-braces option in GCC removed. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15613 6f19259b-4bc3-4df7-8a09-765794883524
* Refine code to make it more safely.Eric Dong2014-06-251-6/+6
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15590 6f19259b-4bc3-4df7-8a09-765794883524
* Update code to always publish EFI_IMAGE_EXECUTION_INFO_TABLE.Dong, Guo2014-06-251-2/+49
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong, Guo <guo.dong@intel.com> Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com> Reviewed-by: Gao, Liming <liming.gao@intel.com> Reviewed-by: Zhang, Chao B <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15585 6f19259b-4bc3-4df7-8a09-765794883524
* Fix build issues with Xcode in CryptoPkg and SecurityPkg.Andrew Fish2014-06-161-1/+1
| | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Andrew Fish <afish@apple.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15561 6f19259b-4bc3-4df7-8a09-765794883524
* Check the input file pointer before use it.Eric Dong2014-03-282-4/+8
| | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Guo, Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15412 6f19259b-4bc3-4df7-8a09-765794883524
* Fix the return status when physical presence variable and ↵Dong Guo2014-03-172-48/+55
| | | | | | | | | | | MemoryOverwriteRequestControl variable are corrupt. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15329 6f19259b-4bc3-4df7-8a09-765794883524
* Update DEC file and DxeImageVerificationLib to note user that ↵Fu Siyuan2013-12-021-3/+4
| | | | | | | | | ALLOW_EXECUTE_ON_SECURITY_VIOLATION is no longer supported. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14923 6f19259b-4bc3-4df7-8a09-765794883524
* Makes DxeDeferImageLoadLib not depend on Dong Guo2013-11-273-79/+145
| | | | | | | | | | Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ni, Ruiyu <ruiyu.ni@intel.com> Reviewed-by: Ouyang, Qian <qian.ouyang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14905 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM1.2 SaveState API.jyao12013-10-211-1/+50
| | | | | | | | Signed off by: Yao, Jiewen <Jiewen.yao@intel.com> Reviewed by: Dong Guo <Gui.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14791 6f19259b-4bc3-4df7-8a09-765794883524
* TrEEPhysicalPresenceLib|Include/Library/TrEEPhysicalPresenceLib.hjyao12013-10-093-3/+3
| | | | | | | | | | Correct LIBRARY_CLASS definition and declaration. signed off by : jiewen, yao jiewen.yao@intel.com reviewed by : liming, gao liming.gao@intel.com git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14754 6f19259b-4bc3-4df7-8a09-765794883524
* Add missing comments for function parameters.gdong12013-09-231-5/+7
| | | | git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14694 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM2 implementation.jyao12013-09-1851-4/+9856
| | | | | | | signed off by: jiewen.yao@intel.com reviewed by: guo.dong@intel.com git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14687 6f19259b-4bc3-4df7-8a09-765794883524
* Enhance TPM driver to protect TPM physical presence flags.Dong Guo2013-09-032-13/+88
| | | | | | | | | Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Ouyang, Qian <qian.ouyang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14619 6f19259b-4bc3-4df7-8a09-765794883524
* 1. Change default PCD in SecurityPkg to 4 (DENY_EXECUTE) in DEC file.Fu Siyuan2013-08-281-0/+8
| | | | | | | | | | | 2. ASSERT if PCD value is set to 5 (QUERY_USER_ON_SECURITY_VIOLATION). 3. Update override PCD setting from 5 to 4 in platform DSC file. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14607 6f19259b-4bc3-4df7-8a09-765794883524
* Update all the code to consume the ConvertDevicePathToText, ↵Ruiyu Ni2013-07-262-18/+10
| | | | | | | | | | | | | | ConvertDevicePathNodeToText, ConvertTextToDevicePath and ConvertTextToDeviceNode APIs in DevicePathLib. Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Elvin Li <elvin.li@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14505 6f19259b-4bc3-4df7-8a09-765794883524
* Fix a bug that “SecureBoot” varaible will be updated to NV+AT attribute ↵sfu52013-05-172-62/+1
| | | | | | | | | | incorrectly. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ni Ruiyu <ruiyu.ni@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14375 6f19259b-4bc3-4df7-8a09-765794883524
* Update code not to block application/driver load when event log is full.gdong12013-04-181-1/+9
| | | | | | | | | | Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14283 6f19259b-4bc3-4df7-8a09-765794883524
* Fix a bug that IsSignatureFoundInDatabase() incorrectly computes CertCount.sfu52013-03-061-1/+1
| | | | | | | | Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14165 6f19259b-4bc3-4df7-8a09-765794883524
* Update the DxeImageVerificationLib to support for Authenticode-signed UEFI ↵sfu52013-02-212-140/+110
| | | | | | | | | | images with multiple signatures. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14141 6f19259b-4bc3-4df7-8a09-765794883524
* Fix TPM may be locked twice issue in normal boot.gdong12013-01-241-8/+8
| | | | | | | | | Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14079 6f19259b-4bc3-4df7-8a09-765794883524
* Add a NULL string to the Image Execution Information Table if the Name is ↵sfu52012-12-121-2/+5
| | | | | | | | | | NULL in function AddImageExeInfo(). Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13990 6f19259b-4bc3-4df7-8a09-765794883524
* Fix coding style issueczhang462012-11-281-2/+0
| | | | | | Signed-off-by : Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13976 6f19259b-4bc3-4df7-8a09-765794883524
* 1.Measure ACPI table data comes from flash event type EV_POST_CODE ACPI DATA ↵czhang462012-11-272-0/+182
| | | | | | | | | | | | to PCR[0] 2.Re-measure ACPI table after fix up with event type EV_EFI_HANDOFF_TABLES to PCR[1] Signed-off-by : Chao Zhang<chao.b.zhang@intel.com> Reviewed-by : Dong Guo<guo.dong@intel.com> Reviewed-by : Yao Jiewen<jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13964 6f19259b-4bc3-4df7-8a09-765794883524
* Fix ECC issueczhang462012-11-051-1/+1
| | | | | | | Signed-off-by : chao zhang<chao.b.zhang@intel.com> Reviewed-by : fan jeff <jeff.fan@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13926 6f19259b-4bc3-4df7-8a09-765794883524
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 10:55:40 +0000