summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
Commit message (Collapse)AuthorAgeFilesLines
* SecurityPkg: SecureBootConfigDxe: Updated invocation patternKun Qin2022-07-071-9/+118
| | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 This change is in pair with the previous SecureBootVariableLib change, which updated the interface of `CreateTimeBasedPayload`. This change added a helper function to query the current time through Real Time Clock protocol. This function is used when needing to format an authenticated variable payload. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
* SecurityPkg: Secure Boot Drivers: Added common header filesKun Qin2022-07-071-0/+1
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 This change added common header files to consumer drivers to unblock pipeline builds. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
* SecurityPkg: Apply uncrustify changesMichael Kubacki2021-12-071-1343/+1425
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the SecurityPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Change use of EFI_D_* to DEBUG_*Michael D Kinney2021-12-071-8/+8
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3739 Update all use of EFI_D_* defines in DEBUG() macros to DEBUG_* defines. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Add option to reset secure boot keys.Grzegorz Bernacki2021-08-031-0/+153
| | | | | | | | | | | This commit add option which allows reset content of Secure Boot keys and databases to default variables. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Pete Batard <pete@akeo.ie> Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4
* SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.Grzegorz Bernacki2021-08-031-188/+2
| | | | | | | | | | This commit removes functions which were added to SecureBootVariableLib. It also adds dependecy on that library. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com>
* SecurityPkg: Add constraints on PK strengthJiaqi Gao2021-04-261-30/+140
| | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293 Add constraints on the key strength of enrolled platform key(PK), which must be greater than or equal to 2048 bit. PK key strength is required by Intel SDL and MSFT, etc. This limitation prevents user from using weak keys as PK. The original code to check the certificate file type is placed in a new function CheckX509Certificate(), which checks if the X.509 certificate meets the requirements of encode type, RSA-Key strengh, etc. Cc: Min Xu <min.m.xu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com> Reviewed-by: Min Xu <min.m.xu@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/VariableAuthenticated: Fix few typosAntoine Coeur2020-02-101-1/+1
| | | | | | | | | | | | | Fix few typos in comments and documentation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-67-philmd@redhat.com>
* SecurityPkg: Fix spelling errorsSean Brogan2019-10-231-12/+12
| | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2265 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Replace BSD License with BSD+Patent LicenseMichael D Kinney2019-04-091-7/+1
| | | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: remove PE/COFF header workaround for ELILO on IPFArd Biesheuvel2018-09-201-20/+5
| | | | | | | | | | | Now that Itanium support has been dropped, we can remove the various occurrences of the ELILO on Itanium PE/COFF header workaround. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
* SecurityPkg: Clean up source filesLiming Gao2018-06-281-5/+5
| | | | | | | | | 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com>
* SecurityPkg/SecureBootConfigDxe: Fix invalid NV data issue.Nickle Wang2018-06-151-2/+4
| | | | | | | | | | | Check the return value of HiiGetBrowserData() before calling HiiSetBrowserData(). HiiGetBrowserData() failed to retrieve NV data during action EFI_BROWSER_ACTION_RETRIEVE. If NV data is invalid, stop sending it to form browser. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Nickle Wang <nickle.wang@hpe.com> Signed-off-by: cinnamon shia <cinnamon.shia@hpe.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Convert source file to DOS formatLiming Gao2017-12-281-13/+13
| | | | | | | Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com> Cc: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Fix deleting signature data issue.chenc22017-11-271-7/+13
| | | | | | | | | | | | Replace "(UINT8 *)NewVariableData" with (UINT8 *)NewVariableData + Offset" to avoid the header of EFI_SIGNATURE_LIST being copied to the front of NewVariableData every time and update ListWalker when handling the current EFI_SIGNATURE_LIST finishes. Cc: Zhang Chao <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: chenc2 <chen.a.chen@intel.com> Reviewed-by: Zhang Chao <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Handle lack of STR_SIGNATURE_* tokenschenc22017-10-191-37/+76
| | | | | | | | | | | | | | Add check to avoid NULL ptr dereference. The function HiiGetString will return NULL pointer when the platform does not install the appropriate string or call HiiGetString fail.(For example, HII not support specified language.) Cc: Zhang Chao <chao.b.zhang@intel.com> Cc: Wu Hao <hao.a.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 <chen.a.chen@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Wu Hao <hao.a.wu@intel.com>
* SecurityPkg/SecureBootConfigDxe: Change the declaring of buffer.chenc22017-10-171-91/+28
| | | | | | | | | | | | | The change doesn't impact the functionality. To avoid magic code is helpful for maintaining the codes. Use stack variable for known max length variable is more clear and safe than heap buffer. Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Wu Hao A <hao.a.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: chenc2 <chen.a.chen@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Fix coding style issuechenc22017-10-171-15/+15
| | | | | | | | | | | The change doesn't impact the functionality. Cc: Bi Dandan <dandan.bi@intel.com> Cc: Zhang Chao <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 <chen.a.chen@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigImpl.c: Secure Boot DBX UI Enhancementchenc22017-09-281-20/+1024
| | | | | | | | | | | | | Use 2-level format to display signature list and signature data. Support batch delete operation to delete signature list or signature data. Display more useful information for each signature data. Contributed-under: TianoCore Contribution Agreement 1.0 Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Signed-off-by: Chen A Chen <chen.a.chen@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
* SecurityPkg: SecureBootConfigDxe: Update CloseEnrolledFile commentZhang, Chao B2017-04-061-6/+2
| | | | | | | | | Update function CloseEnrolledFile comment introduced in 4de754e15fec9c94ce7677904efd0022c211721b Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com>
* SecurityPkg: SecureBootConfigDxe: Support AUTH_2 enrollment to DBXZhang, Chao B2017-04-061-59/+281
| | | | | | | | | | | Update SecureBootConfigDxe to support AUTH_2 format data enrollment to DBX. Free opened file handle resource after exit PK/KEK/DB/DBX/DBT enrollment page. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg: Refine type cast for pointer subtractionHao Wu2017-03-061-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Use StrToGuid in BaseLibRuiyu Ni2017-02-281-6/+4
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.Zhang Lubo2017-02-201-10/+4
| | | | | | | | | | | | | | | | V3: code clean up prohibit Image SHA-1 hash option in SecureBootConfigDxe. Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg SecureBootConfigDxe: Add check for the external PE/COFF image.Liming Gao2016-07-141-0/+70
| | | | | | | | | | | | Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image. In V2, add specific ImageRead() to make sure the PE/COFF image content read is within the image buffer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: SecureBootConfigDxe: Add NULL pointer checkZhang, Chao B2016-05-111-1/+1
| | | | | | | | | Add SecureBoot NULL pointer check before reference it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com> Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
* SecurityPkg: SecureBootConfigDxe: Remove SecureBoot UI change for Customized ↵Zhang, Chao B2016-05-041-358/+27
| | | | | | | | | | | | | | | Secure Boot Remove SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. The feature has been moved to https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot Previous check-in hash is SHA-1: 96832eefea1025c130979dec9b7da069f77bcd96 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* SecurityPkg: AuthVariableLib & SecureBootConfigDxe: Fix SecureBootEnable & ↵Zhang, Chao B2016-04-191-22/+25
| | | | | | | | | | | | PK inconsistency issue Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens. Commit hash for the reverted patch in AuthVariable driver is SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
* SecurityPkg/SecureBootConfigDxe: Remove type casting from the ChooseFile ↵Gary Lin2016-03-241-5/+5
| | | | | | | | | | | | handlers The type casting in the ChooseFile is not necessary and it actually hid the incompatible handlers from the compiler. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
* SecurityPkg: SecureBootConfigDxe: Update coding styleZhang, Chao B2016-03-111-1/+2
| | | | | | | | Update code to follow EDK2 coding style. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang<chao.b.zhang@intel.com> Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
* SecurityPkg: Use FileExplorerLib in SecureBootConfigDxeDandan Bi2016-02-261-79/+88
| | | | | | | | | | | | | | | | | | | | Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear. After using FileExplorerLib, the UI behavior for enroll PK will change, previously when select one PK file, commit/discard changes will return to Device Manager,press ESC will return to FileExplorer. Now using FileExplorerLib the behavior will keep same with enroll KEK/DB/..., commit/discard changes will return to Custom Secure Boot Options form and ESC will return to PK options form. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: SecureBootConfigDxe: Fix potential NULL pointer dereferenceChao Zhang2016-01-271-4/+5
| | | | | | | | | | Fix SecureBoot potential NULL pointer dereference. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Qiu Shumin <shumin.qiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19751 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: SecureBootConfigDxe: Fix string typoChao Zhang2016-01-151-3/+3
| | | | | | | | | | | Fix secure boot mode transition string typo. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19646 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: SecureBootConfigDxe: Enhance secure boot string update logicChao Zhang2016-01-151-42/+57
| | | | | | | | | | | | ExtractConfig is called many times, so it's not efficient to update Secure Boot STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in ExtractConfig. As these 2 strings are displayed on one form, always update them when opening the form. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19645 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: SecureBootConfigDxe: SecureBoot UI for Customized SecureBoot ModeChao Zhang2015-12-071-45/+387
| | | | | | | | | | | | Add SecureBoot UI support for Customized SecureBoot Mode transition according to Mantis 1263. User can do secure boot mode transition through UI. https://mantis.uefi.org/mantis/view.php?id=1263 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Zeng Star <star.zeng@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19134 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: Update SecureBootConfigDxe to support ARM imageArd Biesheuvel2015-05-111-3/+5
| | | | | | | | | | | Update SecureBootConfigDxe component to allow the enrollment of the digests of EFI executable that are built for ARM or AARCH64. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17406 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: Fix typo.Shumin Qiu2015-03-131-2/+2
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17047 6f19259b-4bc3-4df7-8a09-765794883524
* Correct the Hash Calculation for Revoked X.509 Certificate to align with ↵Long, Qin2014-12-251-1/+10
| | | | | | | | | | | | | RFC3280 and UEFI 2.4 Spec. This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
* UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support ↵Qin Long2014-11-141-261/+970
| | | | | | | | | | | | | | | | | for Secure Boot Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
* Fix execution status & DEBUG message level mismatch. EFI_D_ERROR is used ↵Chao Zhang2014-11-101-2/+2
| | | | | | | | | | only when failure/case can’t be resolved by code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16320 6f19259b-4bc3-4df7-8a09-765794883524
* Return to BMM page if parse the file info failed.Eric Dong2014-01-091-3/+10
| | | | | | | | Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15067 6f19259b-4bc3-4df7-8a09-765794883524
* Refine the Secure Boot UI driver to input the GUID and varstroe name when ↵Fu Siyuan2013-11-251-2/+2
| | | | | | | | | | | using HiiSetBrowserData/HiiGetBrowserData. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong, Eric <eric.dong@intel.com> Reviewed-by: Dong, Guo <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14897 6f19259b-4bc3-4df7-8a09-765794883524
* Fix a bug in secure boot configuration driver: Enroll DB/KEK will disable ↵Fu Siyuan2013-08-221-13/+30
| | | | | | | | | | Attempt Secure Boot option. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14590 6f19259b-4bc3-4df7-8a09-765794883524
* Checks the length of the file name to avoid illegal access.Gary Ching-Pang Lin2013-08-081-3/+18
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14531 6f19259b-4bc3-4df7-8a09-765794883524
* Pop up error message when user tries to enroll an invalid certificate file ↵sfu52013-05-171-6/+33
| | | | | | | | | | | into KEK/DB/DBX. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14373 6f19259b-4bc3-4df7-8a09-765794883524
* Update secure boot UI driver to handle “reset to default” hot key.sfu52013-04-121-1/+43
| | | | | | | | | Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14257 6f19259b-4bc3-4df7-8a09-765794883524
* Fix infinite loop bug in secure boot UI driver.sfu52013-01-251-0/+2
| | | | | | | | Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14082 6f19259b-4bc3-4df7-8a09-765794883524
* 1. Set the secure boot state to Standard Mode when user leaving secure boot ↵sfu52013-01-091-23/+142
| | | | | | | | | | | | setup page. 2. Add “Current SecureBoot State” field to reflect current secure boot status of the platform. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14042 6f19259b-4bc3-4df7-8a09-765794883524
* Add a dialog box with help message when user changes the state of "Attempt ↵sfu52012-09-141-0/+7
| | | | | | | | | | Secure Boot" check box. Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13733 6f19259b-4bc3-4df7-8a09-765794883524
* Update the secure boot configuration UI to accept *.crt certificate file.sfu52012-07-231-10/+52
| | | | | | | | Signed-off-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13546 6f19259b-4bc3-4df7-8a09-765794883524
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 13:40:02 +0000