summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
Commit message (Collapse)AuthorAgeFilesLines
* SecurityPkg: Fix spelling errorsSean Brogan2019-10-231-5/+5
| | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2265 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Replace BSD License with BSD+Patent LicenseMichael D Kinney2019-04-091-7/+1
| | | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Change the declaring of buffer.chenc22017-10-171-1/+1
| | | | | | | | | | | | | The change doesn't impact the functionality. To avoid magic code is helpful for maintaining the codes. Use stack variable for known max length variable is more clear and safe than heap buffer. Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Wu Hao A <hao.a.wu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: chenc2 <chen.a.chen@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Fix coding style issuechenc22017-10-171-7/+7
| | | | | | | | | | | The change doesn't impact the functionality. Cc: Bi Dandan <dandan.bi@intel.com> Cc: Zhang Chao <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: chenc2 <chen.a.chen@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigImpl.c: Secure Boot DBX UI Enhancementchenc22017-09-281-0/+35
| | | | | | | | | | | | | Use 2-level format to display signature list and signature data. Support batch delete operation to delete signature list or signature data. Display more useful information for each signature data. Contributed-under: TianoCore Contribution Agreement 1.0 Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Signed-off-by: Chen A Chen <chen.a.chen@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
* SecurityPkg: SecureBootConfigDxe: Support AUTH_2 enrollment to DBXZhang, Chao B2017-04-061-0/+2
| | | | | | | | | | | Update SecureBootConfigDxe to support AUTH_2 format data enrollment to DBX. Free opened file handle resource after exit PK/KEK/DB/DBX/DBT enrollment page. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg: Fix potential bug in Security Boot dxe.Zhang Lubo2017-03-011-6/+6
| | | | | | | | | | | | | | | | | v2: update hash value in SecureBootConfig.vfr to keep them consistent with macro definition in SecureBootConfigImpl.h since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Use StrToGuid in BaseLibRuiyu Ni2017-02-281-20/+0
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.Zhang Lubo2017-02-201-6/+2
| | | | | | | | | | | | | | | | V3: code clean up prohibit Image SHA-1 hash option in SecureBootConfigDxe. Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg SecureBootConfigDxe: Add check for the external PE/COFF image.Liming Gao2016-07-141-0/+1
| | | | | | | | | | | | Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF image. In V2, add specific ImageRead() to make sure the PE/COFF image content read is within the image buffer. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Cleanup unused structure definitionJiaxin Wu2016-05-091-37/+0
| | | | | | | | | | | | | | This patch is used to cleanup unused structure definition. Cc: Zhang Chao B <chao.b.zhang@intel.com> Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Declare EFIAPI for the ChooseFile handlersGary Lin2016-03-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | The SecureBootConfig now uses ChooseFile() from FileExplorerLib to select the certificates to be enrolled into PK, KEK, DB, DBX, or DBT, and the corresponding handlers to get the content of the file. Per the definition of CHOOSE_HANDLER, the handler must use EFIAPI as the calling convention. However, the calling convention was not specified the following handlers: UpdatePKFromFile(), UpdateKEKFromFile(), UpdateDBFromFile(), UpdateDBXFromFile(), and UpdateDBTFromFile(). When compiling the firmware with gcc, the default calling convention is not compatible with EFIAPI, so the handlers interpreted the argument the wrong way and passed the wrong device path to UpdatePage(), and the system crashed when the user tried to enroll a certificate into the key database. This commit specifies the calling convention for those functions so that gcc can generate the right code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
* SecurityPkg: Use FileExplorerLib in SecureBootConfigDxeDandan Bi2016-02-261-73/+69
| | | | | | | | | | | | | | | | | | | | Using existing library FileExplorerLib to replace the same logic in SecureBootConfigDxe to make the code clear. After using FileExplorerLib, the UI behavior for enroll PK will change, previously when select one PK file, commit/discard changes will return to Device Manager,press ESC will return to FileExplorer. Now using FileExplorerLib the behavior will keep same with enroll KEK/DB/..., commit/discard changes will return to Custom Secure Boot Options form and ESC will return to PK options form. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: put missing empty lines at the end of some header filesArd Biesheuvel2015-12-031-1/+1
| | | | | | | | | | | Some compilers (like RVCT) reject input files that do not end in a newline. So add missing newlines to some SecurityPkg header files. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19107 6f19259b-4bc3-4df7-8a09-765794883524
* UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support ↵Qin Long2014-11-141-15/+26
| | | | | | | | | | | | | | | | | for Secure Boot Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
* Update all the code to consume the ConvertDevicePathToText, ↵Ruiyu Ni2013-07-261-1/+0
| | | | | | | | | | | | | | ConvertDevicePathNodeToText, ConvertTextToDevicePath and ConvertTextToDeviceNode APIs in DevicePathLib. Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> Reviewed-by: Elvin Li <elvin.li@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14505 6f19259b-4bc3-4df7-8a09-765794883524
* 1. Fix UNIXGCC IPF build failure in SecurityPkg.sfu52012-03-291-2/+2
| | | | | | | Signed-off-by: sfu5 Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13152 6f19259b-4bc3-4df7-8a09-765794883524
* 1. Remove “Force clear PK” feature in AuthVarialbe driver.sfu52012-03-271-5/+429
| | | | | | | | | | | | 2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib. 2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature. 3. Fix some bugs in AuthVariable driver. Signed-off-by: sfu5 Reviewed-by: tye Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
* Update ConfigAcess Protocol which is produced by SecureBootConfigDxe to ↵qianouyang2011-11-151-4/+7
| | | | | | | | | | | | follow the UEFI SPEC (Handle the Request parameter is NULL in ExtractConfig interface). Signed-off-by: qianouyang Reviewed-by: ydong10 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12707 6f19259b-4bc3-4df7-8a09-765794883524
* Enhance drivers for sanity check and coding style alignment.gdong12011-11-011-1/+0
| | | | | | | | Signed-off-by: gdong1 Reviewed-by: ydong10 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12622 6f19259b-4bc3-4df7-8a09-765794883524
* Remove a unnecessary Macro in SecureBootConfigImpl.h.qianouyang2011-10-281-2/+0
| | | | | | | Signed-off-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12588 6f19259b-4bc3-4df7-8a09-765794883524
* Enable/Disable Secured Boot by 'Secure Boot Configuration' Page which is ↵qianouyang2011-10-281-0/+190
under Setup browser. Signed-off-by: qianouyang Reviewed-by: gdong1 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12586 6f19259b-4bc3-4df7-8a09-765794883524
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 05:56:17 +0000