summaryrefslogtreecommitdiffstats
path: root/SecurityPkg
Commit message (Collapse)AuthorAgeFilesLines
* SecurityPkg: Apply uncrustify formatting to relevant filesVivian Nowka-Keane2023-10-273-93/+128
| | | | | | | | | Apply uncrustify formatting to GoogleTest cpp and header files. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Vivian Nowka-Keane <vnowkakeane@linux.microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
* SecurityPkg.ci.yaml: Add debug macro exceptionMichael Kubacki2023-09-191-0/+9
| | | | | | | | | | Adds a CI YAML entry to acknowledge a case where a single argument is matched to a format specifier with a ternary operator. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* Pyrite support - Secure erase is only available if encryption is supported.Linus Liu2023-09-131-1/+5
| | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=3004 Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tina Chen <tina.chen@intel.com> Cc: Xiao X Chen <xiao.x.chen@intel.com> Signed-off-by: Linus Liu <linus.liu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocatorKun Qin2023-09-082-2/+2
| | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?idD91 mAvailableAlgoArray is currently allocated for "RNG_AVAILABLE_ALGO_MAX" number of bytes, whereas it was dereferenced as "EFI_RNG_ALGORITHM". This change fixed the buffer allocation logic by allocating a proper size of buffer before referencing. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Sami Mujawar <Sami.Mujawar@arm.com> Cc: Pierre Gondois <pierre.gondois@arm.com> Signed-off-by: Kun Qin <kuqin@microsoft.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
* SecurityPkg/RngDxe: Simplify Rng algorithm selection for ArmPierre Gondois2023-09-081-13/+4
| | | | | | | | | | | | The first element of mAvailableAlgoArray is defined as the default Rng algorithm to use. Don't go through the array at each RngGetRNG() call and just return the first element of the array. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Tested-by: Kun Qin <kun.qin@microsoft.com>
* SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLibPierre Gondois2023-09-083-21/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function was added in a previous patch. The EFI_RNG_PROTOCOL can advertise multiple algorithms through Guids. The PcdCpuRngSupportedAlgorithm is currently used to advertise the RngLib in the Arm implementation. The issues of doing that are: - the RngLib implementation might not use CPU instructions, cf. the BaseRngLibTimerLib - most platforms don't set PcdCpuRngSupportedAlgorithm A GetRngGuid() was added to the RngLib in a previous patch, allowing to identify the algorithm implemented by the RngLib. Make use of this function and place the unsage algorithm at the last position in the mAvailableAlgoArray. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Tested-by: Kun Qin <kun.qin@microsoft.com>
* SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkgPierre Gondois2023-09-082-4/+2
| | | | | | | | | | | | | | | | In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a following patch and to avoid making the MdePkg dependent on another package, move PcdCpuRngSupportedAlgorithm to the MdePkg. As the Pcd is only used for AARCH64, place it in an AARCH64 specific sections. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Tested-by: Kun Qin <kun.qin@microsoft.com>
* MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkgPierre Gondois2023-09-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504 The BaseRngLibTimerLib allows to generate number based on a timer. This mechanism allows to have a basic non-secure implementation for non-production platforms. To bind and identify Random Number Generators implementations with a GUID, an unsafe GUID should be added. This GUID cannot be added to the MdePkg unless it is also added to a specification. To keep the MdePkg self-contained, copy the BaseRngLibTimerLib to the MdeModulePkg. This will allow to define an unsafe Rng GUID in a later patch in the MdeModulePkg. The MdePkg implementation will be removed later. This allows to give some time to platform owners to switch to the MdeModulePkg implementation. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Kun Qin <kun.qin@microsoft.com>
* SecurityPkg/SecureBoot: Support RSA4096 and RSA3072Sheng Wei2023-09-078-85/+329
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Zeyi Chen <zeyi.chen@intel.com> Cc: Fiona Wang <fiona.wang@intel.com> Signed-off-by: Sheng Wei <w.sheng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/Tpm2DeviceLibTcg2: Make mTcg2Protocol staticMichael Kubacki2023-08-301-1/+1
| | | | | | | | | | | The global variable has a common name that can conflict with other TCG modules. For example, Tcg2Dxe has a similarly named global that is of type EFI_TCG2_PROTOCOL instead of EFI_TCG2_PROTOCOL*. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: SubClassTpm: Updated default valueKun Qin2023-06-232-4/+4
| | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3966 This change updated the default value of TPM device subclass PCD to `0x010E0000` in order to match the definition of EFI_PERIPHERAL_TPM from PI specification v1.8. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Kun Qin <kuqin12@gmail.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
* SecurityPkg: Add missing break in Tpm2TestParmsRebecca Cran2023-05-111-0/+1
| | | | | | | | | Add missing break in Tpm2TestParms. Reported in https://github.com/tianocore/edk2/issues/4073 Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable PolicyLinus Liu2023-05-084-13/+20
| | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4408 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Maggie Chu <maggie.chu@intel.com> Cc: Kumar Rahul <rahul.r.kumar@intel.com> Signed-off-by: Linus Liu <linus.liu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: add TIS sanity check (tpm12)Gerd Hoffmann2023-05-021-1/+5
| | | | | | | | | The code blindly assumes a TIS interface is present in case both CRB and FIFO checks fail. Check the InterfaceType for TIS instead and only return PtpInterfaceTis in case it matches, PtpInterfaceMax otherwise. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: add TIS sanity check (tpm2)Gerd Hoffmann2023-05-021-1/+5
| | | | | | | | | | The code blindly assumes a TIS interface is present in case both CRB and FIFO checks fail. Check the InterfaceType for TIS instead and only return Tpm2PtpInterfaceTis in case it matches, Tpm2PtpInterfaceMax otherwise. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: Add AUTH_SIG_NOT_FOUND ActionNhi Pham2023-04-281-0/+1
| | | | | | | | | | | | | | | | | | | Add the AUTH_SIG_NOT_FOUND Action to the Image Execution Info Table when the Image is signed but signature is not allowed by DB and the hash of image is not found in DB/DBX. This is documented in the UEFI spec 2.10, table 32.5. This issue is found by the SIE SCT with the error message as follows: SecureBoot - TestImage1.bin in Image Execution Info Table with SIG_NOT_FOUND. --FAILURE B3A670AA-0FBA-48CA-9D01-0EE9700965A9 SctPkg/TestCase/UEFI/EFI/RuntimeServices/SecureBoot/BlackBoxTest/ ImageLoadingBBTest.c:1079:Status Success Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com> Reviewed-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Update code to be more C11 compliant by using __func__Rebecca Cran2023-04-1017-109/+109
| | | | | | | | | | | | __FUNCTION__ is a pre-standard extension that gcc and Visual C++ among others support, while __func__ was standardized in C99. Since it's more standard, replace __FUNCTION__ with __func__ throughout SecurityPkg. Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* SecurityPkg/Library/SecureBootVariableLib: HOST_APPLICATION IA32/X64 onlyMichael D Kinney2023-04-103-3/+3
| | | | | | | | | | | | | | Update SecureBootVariableLib host-based unit test INF file to only list VALID_ARCHITECTURES of IA32 and X64 to align with all other host-based unit test INF files. The UnitTestFrameworkPkg only provides build support of host-based unit tests to OS applications for IA32 and X64. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
* SecurityPkg/Library/SecureBootVariableLib: Fix VS20xx 4122 errorsMichael D Kinney2023-04-101-87/+83
| | | | | | | | | | | | | | | | The unit test code for the SecureBootVariableLib is initializing local variable structures in their declaration from other local variables that are also initialized in their declaration. ANSI C does not allow this and error 4122 is generated on VS20xx compilers. The test cases are updated to initialize the local structure fields in C statements instead of their local variable declaration. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com>
* SecurityPkg: Add gmock exampleChris Johnson2023-04-1011-7/+295
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4389 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Chris Johnson <chris.n.johnson@intel.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
* SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpiUmang Patel2023-03-273-7/+32
| | | | | | | | | | If FirmwareVolumeShadow PPI is available, then use it to shadow FVs to memory. Otherwise fallback to CopyMem(). Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Patel Umang <umang.patel@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2Gerd Hoffmann2023-03-211-7/+12
| | | | | | | | | | | | | | | | | | | | | | | | | Call gRT->GetVariable() directly to read the SecureBoot variable. It is one byte in size so we can easily place it on the stack instead of having GetEfiGlobalVariable2() allocate it for us, which avoids a few possible error cases. Skip secure boot checks if (and only if): (a) the SecureBoot variable is not present (EFI_NOT_FOUND) according to the return value, or (b) the SecureBoot variable was read successfully and is set to SECURE_BOOT_MODE_DISABLE. Previously the code skipped the secure boot checks on *any* gRT->GetVariable() error (GetEfiGlobalVariable2 sets the variable value to NULL in that case) and also on memory allocation failures. Fixes: CVE-2019-14560 Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=2167 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Suggested-by: Marvin Häuser <mhaeuser@posteo.de> Reviewed-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOLPierre Gondois2023-03-071-5/+14
| | | | | | | | | | | | On Arm platforms, the number of available RNG algorithms is dynamically detected and can be 0 in the absence of FEAT_RNG and firmware TRNG. In this case, the EFI_RNG_PROTOCOL should not be installed to prevent from installing an empty protocol. Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> [ardb: return EFI_REQUEST_UNLOAD_IMAGE instead of an error] Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCountPierre Gondois2023-03-072-1/+9
| | | | | | | | | | | mAvailableAlgoArrayCount holds the count of available RNG algorithms. In a following patch, its value will be used to prevent the EFI_RNG_PROTOCOL to be installed if no RNG algorithm is available. Correctly set/reset the value for all implementations. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
* SecurityPkg/TdTcg2Dxe: td-guest shall halt when CcMeasurement install failMin M Xu2023-02-041-0/+6
| | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4335 CcMeasurement protocol is installed when it is supported in a td-guest. If the installation of the protocol failed, the guest shall go into CpuDeadLoop. Because the measurement feature is crucial to a td-guest and it shall stop running immediately at this situation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: don't require PK to be self-signed by defaultJan Bobek2023-02-041-1/+1
| | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506 Change the default value of PcdRequireSelfSignedPk to FALSE in accordance with UEFI spec, which states that PK need not be self-signed when enrolling in setup mode. Note that this relaxes the legacy behavior, which required the PK to be self-signed in this case. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Jan Bobek <jbobek@nvidia.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: limit verification of enrolled PK in setup modeJan Bobek2023-02-043-2/+17
| | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2506 Per UEFI spec, enrolling a new PK in setup mode should not require a self-signature. Introduce a feature PCD called PcdRequireSelfSignedPk to control this requirement. Default to TRUE in order to preserve the legacy behavior. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Co-authored-by: Matthew Carlson <macarl@microsoft.com> Signed-off-by: Jan Bobek <jbobek@nvidia.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/AuthVariableLib: Check SHA-256 OID with ContentInfo presentJan Bobek2023-01-231-8/+42
| | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4305 Based on whether the DER-encoded ContentInfo structure is present in authenticated SetVariable payload or not, the SHA-256 OID can be located at different places. UEFI specification explicitly states the driver shall support both cases, but the old code assumed ContentInfo was not present and incorrectly rejected authenticated variable updates when it were present. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Jan Bobek <jbobek@nvidia.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/TdTcg2Dxe: Extend EFI boot variable to PCR[1]Min M Xu2023-01-181-5/+1
| | | | | | | | | | | According to TCG PC Client PFP spec 0021 Section 2.4.4.2 EFI boot variable should be measured and extended to PCR[1], not PCR[5]. This patch is proposed to fix this error. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
* SecurityPkg: Move TdTcg2Dxe from OvmfPkg to SecurityPkgMin M Xu2023-01-065-0/+3038
| | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4194 The TdTcg2Dxe lives in the OvmfPkg instead of the SecurityPkg. Having the TdTcg2Dxe at the same place as Tcg2Dxe will be easier for platforms to consume. Definition of PcdCcEventlogAcpiTableLaml and PcdCcEventlogAcpiTableLasa are also moved from OvmfPkg.dec to SecurityPkg.dec. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Arti Gupta <ARGU@microsoft.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: deprecate RpmcLib and VariableKeyLibJian J Wang2022-12-218-291/+0
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 There's no real usage of these two libraries. They're deprecated. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Cc: Judah Vang <judah.vang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
* OvmfPkg/SecTpmMeasurementLib: Fix the mapping error of PCR and RTMR indexMin M Xu2022-12-151-4/+3
| | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4179 TDVF has the feature to do RTMR measurement in SEC phase. In the same time it builds a GUID hob which carries the hash value of the measurement so that in DXE phase a td event can be created based on this GUID Hob. There is a mapping error between TPM PCR index and RTMR index according to UEFI 2.10. That PCR6 is missing in the mapping. This patch fixes this issue. Cc: Erdem Aktas <erdemaktas@google.com> [ruleof2] Cc: James Bottomley <jejb@linux.ibm.com> [jejb] Cc: Jiewen Yao <jiewen.yao@intel.com> [jyao1] Cc: Tom Lendacky <thomas.lendacky@amd.com> [tlendacky] Cc: Arti Gupta <ARGU@microsoft.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Add Arm support of RngDxePierre Gondois2022-11-065-64/+133
| | | | | | | | | | | | | | | Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668) Add RngDxe support for Arm. This implementation uses the ArmTrngLib to support the RawAlgorithm and doens't support the RNDR instruction. To re-use the RngGetRNG(), RngGetInfo() and FreeAvailableAlgorithms() functions, create Arm/AArch64 files which implement the arch specific function GetAvailableAlgorithms(). Indeed, FEAT_RNG instruction is not supported on Arm. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Rename AArch64/RngDxe.cPierre Gondois2022-11-062-1/+1
| | | | | | | | | To re-use the AArch64/RngDxe.c for an Arm implementation, rename AArch64/RngDxe.c to ArmRngDxe.c. Acked-by: Leif Lindholm <quic_llindhol@quicinc.com> Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithmPierre Gondois2022-11-061-0/+10
| | | | | | | | | PcdCpuRngSupportedAlgorithm should allow to identify the the algorithm used by the RNDR CPU instruction to generate a random number. Add a debug warning if the Pcd is not set. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through ArmTrngLibSami Mujawar2022-11-064-4/+103
| | | | | | | | | | | | | | Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668) RawAlgorithm is used to provide access to entropy that is suitable for cryptographic applications. Therefore, add RawAlgorithm support that provides access to entropy using the ArmTrngLib. Also remove unused UefiBootServicesTableLib library inclusion and Status variable. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Check before advertising Cpu Rng algoPierre Gondois2022-11-065-9/+172
| | | | | | | | | | | | | | | | | | | | | RngGetBytes() relies on the RngLib. The RngLib might use the RNDR instruction if the FEAT_RNG feature is present. RngGetInfo and RngGetRNG both must check that RngGetBytes() is working before advertising/using it. To do so, allocate an array storing the available algorithms. The Rng algorithm at the lowest index will be the default Rng algorithm. The array is shared between RngGetInfo and RngGetRNG. This array is allocated when the driver is loaded, and freed when unloaded. This patch also prevents from having PcdCpuRngSupportedAlgorithm let to a zero GUID, but let the possibility to have no valid Rng algorithm in such case. Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Documentation/include/parameter cleanupPierre Gondois2022-11-063-5/+3
| | | | | | | | | | | | | This patch: -Update RngGetBytes() documentation to align the function definition and declaration. -Improve input parameter checking. Even though 'This' it is not used, the parameter should always point to the current EFI_RNG_PROTOCOL. -Removes TimerLib inclusion as unused. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Remove ArchGetSupportedRngAlgorithms()Pierre Gondois2022-11-064-82/+33
| | | | | | | | | | | | | | | | | RngGetInfo() is one of the 2 functions of the EFI_RNG_PROTOCOL. RngGetInfo() is currently a mere wrapper around ArchGetSupportedRngAlgorithms() which is implemented differently depending on the architecture used. RngGetInfo() does nothing more than calling ArchGetSupportedRngAlgorithms(). So remove it, and let RngGetInfo() be implemented differently according to the architecture. This follows the implementation of the other function of the EFI_RNG_PROTOCOL, RngGetRNG(). Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Replace Pcd with Sp80090Ctr256GuidPierre Gondois2022-11-061-5/+2
| | | | | | | | | | | | | | gEfiRngAlgorithmSp80090Ctr256Guid was used as the default algorithm in RngGetRNG(). The commit below set the default algorithm to PcdCpuRngSupportedAlgorithm, which is a zero GUID by default. As the Pcd value is not defined for any platform in the edk2-platfoms repository, assume it was an error and go back to the first version, using gEfiRngAlgorithmSp80090Ctr256Guid. Fixes: 4e5ecdbac8bd ("SecurityPkg: Add support for RngDxe on AARCH64") Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic nameSami Mujawar2022-11-065-50/+37
| | | | | | | | | | | | | Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668) Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a common interface to generate entropy on other architectures. GenerateEntropy() is intended to generate high quality entropy. Also move the definition to RngDxeInternals.h Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Acked-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Add LOONGARCH64 architecture for EDK2 CI.Chao Li2022-10-141-1/+2
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LOONGARCH64 architecture to SecurityPkg for EDK2 CI testing. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* SecurityPkg: Remove enforcement of final GoIdle transition for CRB commandsRodrigo Gonzalez Del Cueto2022-09-301-13/+0
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4077 Following the design described in the TCG specification, the driver implementation of the CRB protocol does not require enforcing completing the transition to goIdle at the end of a command sequence. Signed-off-by: Rodrigo Gonzalez Del Cueto <rodrigo.gonzalez.del.cueto@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/SmmTcg2PhysicalPresenceLib: Add missing debug print specifierMichael Kubacki2022-09-091-1/+1
| | | | | | | | | | | | The debug macro modified in this change was missing a print specifier for a debug message argument given. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* SecurityPkg: Add retry mechanism for tpm commandQi Zhang2022-07-311-39/+69
| | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3980 As per TCG PC Client Device Driver Design Principle document, if tpm commands fails due to timeout condition, then it should have retry mechanism (3 retry attempts). Existing implementation of PtpCrbTpmCommand does not have retry mechanism if it fails with EFI_TIMEOUT. See TCG PC Client Device Driver Design Principles for TPM 2.0 https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_Device_Driver_Design_Principles_TPM2p0_v1p1_r4_211104_final.pdf Vision 1.1, Revision 0.04 Section 7.2.1 Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Tested-by: Swapnil Patil <S.Keshavrao.Patil@dell.com>
* SecurityPkg: SecureBootVariableLib: Added unit testskuqin2022-07-0710-0/+2475
| | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 This change added unit test and enabled it from pipeline for the updated SecureBootVariableLib. The unit test covers all implemented interfaces and certain corner cases. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
* SecurityPkg: SecureBootConfigDxe: Updated invocation patternKun Qin2022-07-072-9/+119
| | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 This change is in pair with the previous SecureBootVariableLib change, which updated the interface of `CreateTimeBasedPayload`. This change added a helper function to query the current time through Real Time Clock protocol. This function is used when needing to format an authenticated variable payload. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
* SecurityPkg: Secure Boot Drivers: Added common header filesKun Qin2022-07-073-0/+3
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 This change added common header files to consumer drivers to unblock pipeline builds. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
* SecurityPkg: SecureBootVariableProvisionLib: Updated implementationKun Qin2022-07-071-30/+115
| | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 This change is in pair with the previous SecureBootVariableLib, which removes the explicit invocation of `CreateTimeBasedPayload` and used new interface `EnrollFromInput` instead. The original `SecureBootFetchData` is also moved to this library and incorporated with the newly defined `SecureBootCreateDataFromInput` to keep the original code flow. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
* SecurityPkg: SecureBootVariableLib: Added newly supported interfaceskuqin2022-07-073-0/+437
| | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 This change updated the interfaces provided by SecureBootVariableLib. The new additions provided interfaces to enroll single authenticated variable from input, a helper function to query secure boot status, enroll all secure boot variables from UefiSecureBoot.h defined data structures, a as well as a routine that deletes all secure boot related variables. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>