summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Tcg
Commit message (Collapse)AuthorAgeFilesLines
...
* SecurityPkg Tcg: Use SW SMI IO port PCD in Tpm.aslMichael Kubacki2020-04-214-17/+26
| | | | | | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2416 Replaces the hardcoded value of 0xB2 with a PCD for the SMI port access operation region. This allows platforms to customize the IO port value if necessary. Cc: Kun Qin <Kun.Qin@microsoft.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
* SecurityPkg: Issues reported by ECC in EDK2.GuoMinJ2020-02-142-4/+4
| | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2515 Change the SecurityPkg to match the ECC check rule Signed-off-by: GuoMinJ <newexplorerj@gmail.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* SecurityPkg/Tcg: Fix various typosAntoine Coeur2020-02-1011-23/+23
| | | | | | | | | | | | | | Fix various typos in documentation, comments and debug strings. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-66-philmd@redhat.com> [lersek@redhat.com: replace EFI_D_xxx w/ DEBUG_xxx to shut up PatchCheck]
* SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.Jiewen Yao2020-01-062-14/+89
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439 Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105. Use FvName as the description for the FV. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event.Jiewen Yao2020-01-062-29/+131
| | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439 The TCG2 DXE supports to parse the 800-155 event GUID from PEI and puts to the beginning of the TCG2 event. The TCG2 DXE also supports a DXE driver produces 800-155 event and let TCG2 DXE driver record. The 800-155 is a NO-ACTION event which does not need extend anything to TPM2. The TCG2 DXE also supports that. Multiple 800-155 events are supported. All of them will be put to the beginning of the TCG2 event, just after the SpecId event. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg2Smm: Measure the table before patch.Jiewen Yao2019-12-101-27/+30
| | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1940 According to TCG PFP specification: the ACPI table must be measured prior to any modification, and the measurement must be same cross every boot cycle. There is a fix 3a63c17ebc853cbb27d190729d01e27f68e65b94 for the HID data. However that is not enough. The LAML/LASA and PCD configuration change may also cause similar problem. We need measure the table before any update. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <Jiewen.Yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Fix TPM2 ACPI measurement.Derek Lin2019-11-071-14/+16
| | | | | | | | | | | | | | | We have discussed in this thread. https://edk2.groups.io/g/devel/topic/32205028 Before the change, TPM FW upgrade will impact TPM2 ACPI PCR value because TPM2 ACPI HID include FW version. This change make the measurement before TPM2 HID fixup. So, after TPM FW upgrade, the ACPI PCR record remains the same. Signed-off-by: Derek Lin <derek.lin2@hpe.com> Reviewed by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOLChu, Maggie2019-11-061-43/+27
| | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2327 RAID drivers abstract their physical drives that make up the array into a single unit, and do not supply individual EFI_BLOCK_IO_PROTOCOL instances for each physical drive in the array. This breaks support for the Security Storage Command Protocol, which currently requires an EFI_BLOCK_IO_PROTOCOL to be associated with the same device the protocol is installed on and provide all the same parameters. This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and allows access to Opal drive members of a RAID array. Signed-off-by: Maggie Chu <maggie.chu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Fix spelling errorsSean Brogan2019-10-2324-73/+73
| | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2265 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Change EFI_D_INFO to DEBUG_INFOMichael D Kinney2019-10-231-1/+1
| | | | | | | | | | | Update DEBUG() macro to use DEBUG_INFO to address PatchCheck.py error. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg Tcg2Dxe: Add Variable Arch protocol dependencyLiming Gao2019-10-181-1/+5
| | | | | | | | | | | | | commit a7e2d20193e853020a1415c25b53280955055394 introduces the code to get PcdTpm2AcpiTableRev in the driver entry point. This PCD is designed as DynamicHii or DynamicHiiEx PCD. So, this PCD depends on Variable service. To make sure PcdTpm2AcpiTableRev value be got, add Variable service as Depex. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/Tcg2: Add Support Laml, Lasa for TPM2 ACPI.Jiewen Yao2019-10-114-9/+60
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=978 Tcg2Dxe produces PcdTpm2AcpiTableLaml/Lasa for event log address. Tcg2Smm consumes PcdTpm2AcpiTableLaml/Lasa to fill TPM2 ACPI table. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: fix UninstallMultipleProtocolInterfaces() callsLaszlo Ersek2019-10-092-2/+2
| | | | | | | | | | | | | | | | | | | Unlike the InstallMultipleProtocolInterfaces() boot service, which takes an (EFI_HANDLE*) as first parameter, the UninstallMultipleProtocolInterfaces() boot service takes an EFI_HANDLE as first parameter. These are actual bugs. They must have remained hidden until now because they are all in Unload() functions, which are probably exercised infrequently. Fix the UninstallMultipleProtocolInterfaces() calls. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg Tcg2Config: Move common definitions to new Tcg2Internal.hLiming Gao2019-09-177-35/+33
| | | | | | | | | | | | Common definitions are not consumed by VFR. They are not required to be defined in Tcg2ConfigNvData.h with WA way. New shared internal header file is added to include those common definitions. Cc: Jian Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/OpalPassword: Add PCD to skip password promptChu, Maggie2019-06-102-3/+15
| | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1801 Add a PCD for skipping password prompt in device unlocked status. Previous change only support if storage device is in locked status. This change is added to support the case that security status of the storage device is unlocked. Signed-off-by: Maggie Chu <maggie.chu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Remove double \rJoe Richey2019-05-151-2/+2
| | | | | | | | | Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Signed-off-by: Joe Richey <joerichey@google.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by : Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/OpalPassword: Fix "Enable Feature" Menu disappear issueEric Dong2019-05-094-10/+63
| | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1782 After change behavior to send BlockSid command at EndOfDxe point, check device ownership command will return un-authority error, it finally caused opal driver can't show "Enable Feature" menu. Update the code logic to send detect device ownership command before send BlockSID command. Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
* SecurityPkg/OpalPassword: Change send BlockSID policyEric Dong2019-05-091-58/+46
| | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1782 Change Send BlockSID command time from ReadyToBoot to EndOfDxe. Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
* SecurityPkg/OpalPassword: Add warning message for Secure EraseChu, Maggie2019-05-082-42/+112
| | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1753 Add pop-up warning messages before secure erase action. In order to notify user the secure erase action will take a longer time. This change also fix some pop-up windows are unable to show up complete message due to some strings are too long. Signed-off-by: Maggie Chu <maggie.chu@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg/Tcg2Dxe: Change comments of ShutdownTpmOnResetZhichao Gao2019-04-281-5/+2
| | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1460 Refer to Uefi spec 2.8, the ResetData is valid while ResetStatus is EFI_SUCCESS regardless of the ResetType is EfiResetPlatformSpecific or not. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Liming Gao <liming.gao@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael Turner <Michael.Turner@microsoft.com> Cc: Bret Barkelew <Bret.Barkelew@microsoft.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Replace BSD License with BSD+Patent LicenseMichael D Kinney2019-04-0981-529/+81
| | | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/OpalPassword: Fix incorrect line ending issue.Eric Dong2019-03-221-1/+1
| | | | | | | Cc: Liming Gao <liming.gao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* SecurityPkg/OpalPassword: Remove HW init codes and consume SSC PPIHao Wu2019-02-2212-5665/+274
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1409 For the current implementation of OpalPassword drivers, it has a feature to support devices being automatically unlocked in the S3 resume. For this feature, two types of devices are supported: * ATA hard disks working under AHCI mode * NVM Express devices The support of this feature requires the above 2 types of device to be initialized at the PEI phase during S3 resume, which is done by the co-work of the OpalPasswordDxe driver and the OpalPasswordPei driver. More specifically, the OpalPasswordDxe will handle: * Pre-allocate MMIO resource and save it in a driver internal LockBox for OpalPasswordPei to retrieve; * Save the PCI configuration space of ATA controllers into boot script. Meanwhile, the OpalPasswordPei will handle: * Rely on the boot script for the PCI configuration space program of ATA controllers; * Restore the driver internal LockBox to get the MMIO resource; * Complete the PCI configuration space program for ATA and NVME controllers; * Initialize ATA and NVME controllers and devices. This commit will remove these hardware initialization related codes from the OpalPassword drivers. The hardware initialization will be covered by PEI storage device drivers (e.g. NvmExpressPei & AhciPei in the MdeModulePkg). After such codes removal, the OpalPasswordDxe will only handle: * Construct/update the S3StorageDeviceInitList LockBox with the managing ATA and NVME devices. And the OpalPasswordPei will only handle: * Locate Storage Security Command PPI instances to perform the device automatic unlock during the S3 resume. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg/TcgConfigDxe: Allow enabling TPM 1.2 device from disabled state.Gonzalez Del Cueto, Rodrigo2019-02-203-5/+10
| | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1511 Currently the TCG config setup form defaults the physical presence action to PHYSICAL_PRESENCE_ENABLE, this prevents the action from being called. When a TPM 1.2 device is in Disabled and Activated state it is not possible to issue the PHYSICAL_PRESENCE_ENABLE using the menu action. By having the form default to PHYSICAL_PRESENCE_NO_ACTION, the user is now able to select PHYSICAL_PRESENCE_ENABLE and toggle the TPM 1.2 device enable state. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/OpalPassword: Add NULL pointer check before using itEric Dong2019-02-141-1/+7
| | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1503 A pointer variable should be checked if it is NULL or Valid before using it. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Maggie Chu <maggie.chu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg/OpalPassword: Update strings on Opal Setup pageEric Dong2019-02-145-48/+14
| | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1506 Updated some descriptions on SETUP page to avoid user confusion. Currently it shows "1.0 UEFI Opal Driver", however it may be mislead user to think it is only for Opal drive but not for Pyrite drive. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Maggie Chu <maggie.chu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg/Tcg: Fix typos in TcgDxe.c and Tcg2Dxe.cBret Barkelew2019-01-312-4/+4
| | | | | | | | | | | | | | Change EFI_RETURNING_FROM_EFI_APPLICATOIN to EFI_RETURNING_FROM_EFI_APPLICATION. https://bugzilla.tianocore.org/show_bug.cgi?id=1368 Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* SecurityPkg: Add a PCD to skip Opal password promptChu, Maggie2019-01-312-0/+7
| | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1484 Add a PCD for skipping password prompt and device unlock flow. so that other pre-OS applications are able to take over Opal devices unlock flow. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Maggie Chu <maggie.chu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg/TCG: Upgrade UEFI supporting TCG spec infoZhang, Chao B2019-01-282-3/+7
| | | | | | | | | | | | | | | | Update "TCG ACPI Specification Level 00 Revision 00.37" to "TCG ACPI Specification 1.2 Revision 8" https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_v1.20_r8.pdf Upgrade TCG PC Client Platform Physical Presence Interface Specification Version 1.3 Revision 0.52" to Errata Version 0.4 https://trustedcomputinggroup.org/wp-content/uploads/Errata-Version-0.4-for-TCG-PC-Client-Platform-Physical-Presence-Interface-Version-1.30-Revision-0.52.pdf Upgrade "TCG EFI Protocol Specification for Family 2.0 Level 00" to Errata 0.5 https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-Errata-v.5.pdf Contributed-under: TianoCore Contribution Agreement 1.1 Cc: Yao Jiewen <jiewen.yao@intel.com> Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Incorrect warning message for Opal admin revert actionChu, Maggie2019-01-081-1/+2
| | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1421 "revert action will take long time..." warning should be removed from pop up message when keep user data selected. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Maggie Chu <maggie.chu@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg/Tcg: Fix Warnings and Remarks reported by IASLZhang, Chao B2019-01-032-84/+82
| | | | | | | | | | | Addressed warnings and remarks reported by IASL.EXE. Some methods had unused arguments. A method was returning a value when it should not. Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Thomas Rydman <thomas.j.rydman@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
* SecurityPkg Tcg(2)Pei: Remove the using of PcdPeiCoreMaxFvSupportedStar Zeng2018-12-194-46/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1405 Background as below. Problem: As static configuration from the PCDs, the binary PeiCore (for example in FSP binary with dispatch mode) could not predict how many FVs, Files or PPIs for different platforms. Burden: Platform developers need configure the PCDs accordingly for different platforms. To solve the problem and remove the burden, we can update PeiCore to remove the using of PcdPeiCoreMaxFvSupported, PcdPeiCoreMaxPeimPerFv and PcdPeiCoreMaxPpiSupported by extending buffer dynamically for FV, File and PPI management. This patch removes the using of PcdPeiCoreMaxFvSupported in Tcg(2)Pei. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Remove dead code and inf redundant definitions.Chen A Chen2018-12-1013-630/+0
| | | | | | | | | | | Fix BZ1065, https://bugzilla.tianocore.org/show_bug.cgi?id=1065. Remove dead code and inf redundant definitions from SecurityPkg. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chen A Chen <chen.a.chen@intel.com> Cc: Zhang Chao B <chao.b.zhang@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg: Update TCG PFP spec revision.Zhang, Chao B2018-11-213-5/+7
| | | | | | | | | | | | | UEFI TCG has aligned with TCG PFP 1.03 v51 along with Errata Version 1.0. Update spec version accordingly. Spec Link: https://trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v51.pdf https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-Firmware-Profile-for-TPM-2-0-v1p03_r51-errata-v1p0_170426.pdf Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg/Tcg2Dxe: Remove unused PCDsshenglei2018-09-301-6/+0
| | | | | | | | | | | | | | | | | | The PCDs below are unused, so they have been removed from inf. gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: shenglei <shenglei.zhang@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* SecurityPkg/Tcg2ConfigPei: Remove an unused PCDshenglei2018-09-301-1/+0
| | | | | | | | | | | | | The PCD below is unused, so it has been removed from inf. gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: shenglei <shenglei.zhang@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* SecurityPkg: remove PE/COFF header workaround for ELILO on IPFArd Biesheuvel2018-09-201-21/+6
| | | | | | | | | | | Now that Itanium support has been dropped, we can remove the various occurrences of the ELILO on Itanium PE/COFF header workaround. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
* SecurityPkg/Tcg: Add use case for new Perf macroDandan Bi2018-07-263-0/+10
| | | | | | | | | | | | Add an example case for the usage of PERF_CALLBACK_BEGIN/PERF_CALLBACK_END Cc: Liming Gao <liming.gao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Chao Zhang<chao.b.zhang@intel.com>
* SecurityPkg: TcgSmm: Handle invalid parameter in MOR SMI handlerZhang, Chao B2018-07-212-0/+8
| | | | | | | | | | Add more logic to filter invalid function parameter in MOR Control SMI handler Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg:Tcg: Fix comment typosZhang, Chao B2018-07-172-16/+16
| | | | | | | | | | "Triggle" is a typo. Replace it with "Trigger" Cc: Long Qin <qin.long@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg/OpalPassword: Fixed input correct password not works issueEric Dong2018-07-111-0/+9
| | | | | | | | | | | | When user input error password exceed the max allowed times, opal device will return Invalid type error code even user input the correct password. In this case, opal driver needs to force user shutdown the system before let user input new password. Cc: Hao Wu <hao.a.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com>
* SecurityPkg: Removing ipf which is no longer supported from edk2.chenc22018-06-2911-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removing rules for Ipf sources file: * Remove the source file which path with "ipf" and also listed in [Sources.IPF] section of INF file. * Remove the source file which listed in [Components.IPF] section of DSC file and not listed in any other [Components] section. * Remove the embedded Ipf code for MDE_CPU_IPF. Removing rules for Inf file: * Remove IPF from VALID_ARCHITECTURES comments. * Remove DXE_SAL_DRIVER from LIBRARY_CLASS in [Defines] section. * Remove the INF which only listed in [Components.IPF] section in DSC. * Remove statements from [BuildOptions] that provide IPF specific flags. * Remove any IPF sepcific sections. Removing rules for Dec file: * Remove [Includes.IPF] section from Dec. Removing rules for Dsc file: * Remove IPF from SUPPORTED_ARCHITECTURES in [Defines] section of DSC. * Remove any IPF specific sections. * Remove statements from [BuildOptions] that provide IPF specific flags. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chen A Chen <chen.a.chen@intel.com> Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Clean up source filesLiming Gao2018-06-2858-574/+574
| | | | | | | | | 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com>
* SecurityPkg: Cache TPM interface type infoZhang, Chao B2018-06-255-106/+27
| | | | | | | | | | Cache TPM interface type info to avoid excessive interface ID register read Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg/Tcg2Smm: Correct function parameter attributeZhang, Chao B2018-05-291-4/+4
| | | | | | | | | | | | Correct UpdatePossibleResource parameter attribute to align to comment Change-Id: Id8f8be975f0e8666573decc3fbaaf326b7767ba8 Contributed-under: TianoCore Contribution Agreement 1.1 Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg:Tcg2Smm: Update TcgNvs info after memory is allocatedZhang, Chao B2018-05-221-7/+12
| | | | | | | | | | | Update package format info in _PRS to TcgNvs after memory is allocated. Change-Id: Icfadb350e60d3ed2df332e92c257ce13309c0018 Contributed-under: TianoCore Contribution Agreement 1.1 Cc: Yao Jiewen <jiewen.yao@intel.com> Cc: Long Qin <qin.long@intel.com> Signed-off-by: Zhang, Chao B <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg/OpalPassword: Fix PSID revert no hint message.Eric Dong2018-05-151-9/+20
| | | | | | | | | | | | | | For no warning message when do the PSID revert action, the message in the popup dialog is not enough. The error use of NULL for CreatePopUp function caused this regression. This change fixed it. Passed Unit Test: 1. Check PSID revert with/without warning message cases. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com>
* SecurityPkg/OpalPassword: Add support for pyrite 2.0 devices.Eric Dong2018-05-074-8/+148
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Hao Wu <hao.a.wu@intel.com>
* SecurityPkg/Tcg2Config: Update RouteConfig functionThomas Palmer2018-05-031-0/+3
| | | | | | | | | | | According to UEFI spec, the RouteConfig protocol function should populate the Progress pointer with an address inside Configuration. This patch ensures that these functions are compliant when EFI_NOT_FOUND is returned. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Thomas Palmer <thomas.palmer@hpe.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg OpalPasswordDxe:Fix wrong BufferSize input to UnicodeSPrintStar Zeng2018-03-171-11/+8
| | | | | | | | | | | | | | | | | Current code uses string length as BufferSize input to UnicodeSPrint, it is wrong and makes the pop up string trimmed. The BufferSize input to UnicodeSPrint should be the size, in bytes, of the output buffer. This is to use sizeof (mPopUpString) as the BufferSize input to UnicodeSPrint, it also updates array size of mPopUpString from 256 to 100 that is enough, otherwise the pop up string may be too long. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>