summaryrefslogtreecommitdiffstats
path: root/SecurityPkg
Commit message (Collapse)AuthorAgeFilesLines
* SecurityPkg: Update SecureBootConfigDxe to support ARM imageArd Biesheuvel2015-05-111-3/+5
| | | | | | | | | | | Update SecureBootConfigDxe component to allow the enrollment of the digests of EFI executable that are built for ARM or AARCH64. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17406 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Make PK & SecureBootMode consistentChao Zhang2015-05-111-1/+19
| | | | | | | | | | PK can be cleared in runtime. However SecureBootMode variable is not updated accordingly. Add code in variable init to make them consistent. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17401 6f19259b-4bc3-4df7-8a09-765794883524
* Hash2 driver to [Components.IA32, Components.X64, Components.IPF] section.Yao, Jiewen2015-05-081-5/+5
| | | | | | | | | | | | Because Hash2 need CryptoLib/Openssl, while latter does not support EBC build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17365 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: remove unused variablesArd Biesheuvel2015-05-072-7/+0
| | | | | | | | | | | | | | This removes various unused variables from SecurityPkg whose presence is causing failed builds. Contributed-under: TianoCore Contribution Agreement 1.0 Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Olivier Martin <olivier.martin@arm.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17354 6f19259b-4bc3-4df7-8a09-765794883524
* Add UEFI2.5 HASH protocol implementation.Yao, Jiewen2015-05-057-0/+1035
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> Reviewed-by: "Long, Qin" <Qin.Long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17288 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Enhance the code logic about VariableLockStar Zeng2015-04-101-0/+14
| | | | | | | | | | | to just return EFI_SUCCESS if the variable has been in the locked list. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17140 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Reuse scratch data area(at the end of volatile ↵Star Zeng2015-03-174-21/+29
| | | | | | | | | | | | variable store) as serialization runtime buffer to reduce SMRAM consumption for SMM variable driver. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17059 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Update code in ProcessVariable () toStar Zeng2015-03-171-25/+23
| | | | | | | | | | | | | | check IsDeleteAuthVariable () first and then check UserPhysicalPresent () to avoid the case below. PcdSetXX (a DynamicHii PCD) -> gRT->SetVariable () -> UserPhysicalPresent () -> PcdGetXX () Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17058 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Initialize Status in ProcessVariable().Star Zeng2015-03-131-0/+1
| | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17048 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: Fix typo.Shumin Qiu2015-03-132-4/+4
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17047 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Allow the delete operation of common auth variable at ↵Star Zeng2015-03-133-42/+108
| | | | | | | | | | user physical presence. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17042 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Keep the behavior of Variable Dxe and SMM drivers ↵Star Zeng2015-03-091-5/+5
| | | | | | | | | | | | | consistent to return EFI_NOT_FOUND when a specified variable doesn't exist and Data parameter is NULL but DataSize parameter is valid in GetVariable() invocation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17031 6f19259b-4bc3-4df7-8a09-765794883524
* Add performance optimization for Tcg/TrEE.Yao, Jiewen2015-03-045-9/+38
| | | | | | | | | | | Add error check for Tcg/TrEE Pei/Dxe driver to avoid unnecessary hardware check for performance optimization. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zeng, Star" <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17004 6f19259b-4bc3-4df7-8a09-765794883524
* Add the missed local variable initialization to remove the possible warning.Long, Qin2015-02-051-0/+1
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16763 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: Cleanup gEfiSmmAccess2ProtocolGuid reference.Star Zeng2015-02-052-2/+0
| | | | | | | | | | | As the driver does not reference gEfiSmmAccess2ProtocolGuid explicitly now after SmmMemLib introduced. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16761 6f19259b-4bc3-4df7-8a09-765794883524
* Correct the DBX and Certificate Hash Checking.Long, Qin2015-02-041-10/+92
| | | | | | | | | | | | | Add the missed image signature verification against DBX; and add the missed logic to enhance the certificate hash checking when handling DB database. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Fu, Siyuan" <siyuan.fu@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16744 6f19259b-4bc3-4df7-8a09-765794883524
* */Contributions.txt: Update example email addressJordan Justen2015-02-031-2/+2
| | | | | | | | | | | | | Use the example.com domain as recommended in RFC 2606. NOTE: This does not modify the wording of the "TianoCore Contribution Agreement 1.0" section Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Bruce Cran <bruce.cran@gmail.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16724 6f19259b-4bc3-4df7-8a09-765794883524
* Use SmmMemLib to check communication buffer.Yao, Jiewen2015-02-023-83/+5
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Gao, Liming" <liming.gao@intel.com> Reviewed-by: "Fan, Jeff" <jeff.fan@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16695 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Introduce PcdReclaimVariableSpaceAtEndOfDxeStar Zeng2015-02-025-0/+17
| | | | | | | | | | for trying to reclaim variable space at EndOfDxe. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16688 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Before EndOfDxe, just record the current boot ↵Star Zeng2015-02-021-0/+2
| | | | | | | | | | | | | | VarErrorFlag to local variable. And leave the variable error flag in NV flash as the last boot variable error flag. After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash will be initialized to this local current boot variable error flag. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16686 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Before EndOfDxe, just record the current boot ↵Star Zeng2015-02-021-2/+16
| | | | | | | | | | | | | | VarErrorFlag to local variable. And leave the variable error flag in NV flash as the last boot variable error flag. After EndOfDxe in InitializeVarErrorFlag (), the variable error flag in NV flash will be initialized to this local current boot variable error flag. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16685 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Implement variable quota management.Star Zeng2015-01-277-161/+528
| | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16670 6f19259b-4bc3-4df7-8a09-765794883524
* Add TpmInitializationDonePpi to TPM PEI module.Yao, Jiewen2015-01-228-25/+90
| | | | | | | | | | | | | | This PPI will always be installed to notify other drivers that TPM initialization action is done. TPM initialization may success or fail, or even not present. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> Reviewed-by: "Chiu, Chasel" <chasel.chiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16638 6f19259b-4bc3-4df7-8a09-765794883524
* Refine the format of GUID in INF files for SecurityPkg.Shumin Qiu2015-01-162-4/+4
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Shumin Qiu <shumin.qiu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16616 6f19259b-4bc3-4df7-8a09-765794883524
* Correct file path.Yao, Jiewen2015-01-131-2/+2
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16603 6f19259b-4bc3-4df7-8a09-765794883524
* Check in missing patch for TPM error handling.Yao, Jiewen2015-01-132-5/+10
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16602 6f19259b-4bc3-4df7-8a09-765794883524
* Handle TPM device error and avoid deadloop in BDS.Yao, Jiewen2015-01-1215-155/+172
| | | | | | | | | | | | | | If TPM error happens, set TPM flag to NOT present, so that trusted boot patch is disabled. Also report status code for failure, so that platform may register handler to apply policy like force system reset, or disable TPM permanently. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16598 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM Physical Presence >=128 operation value support.Yao, Jiewen2015-01-1222-235/+1007
| | | | | | | | | | | | | | | The Tcg/TrEE PhysicalPresence library will depend on Tcg/TrEE PpVendor library. The default NULL library instance is provided in this package. OEM can create OemPpVendorLib as override to handle >=128 operation value. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16597 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM12 NV related function.Yao, Jiewen2015-01-083-1/+340
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16590 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg Variable: Implement VarCheck PROTOCOLStar Zeng2015-01-059-192/+1660
| | | | | | | | | | and follow UEFI spec to check UEFI defined variables. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16580 6f19259b-4bc3-4df7-8a09-765794883524
* Remove the FV header assumption in variable driver.Dong Guo2014-12-311-3/+11
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Gao Liming <liming.gao@intel.com> Reviewed-by: Zeng Star <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16565 6f19259b-4bc3-4df7-8a09-765794883524
* Correct the Hash Calculation for Revoked X.509 Certificate to align with ↵Long, Qin2014-12-252-5/+24
| | | | | | | | | | | | | RFC3280 and UEFI 2.4 Spec. This patch added one new X509GetTBSCert() interface in BaseCryptLib to retrieve the TBSCertificate, and also corrected the hash calculation for revoked certificate to aligned the RFC3280 and UEFI 2.4 spec. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Long, Qin" <qin.long@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@initel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16559 6f19259b-4bc3-4df7-8a09-765794883524
* Correct AuthHandle definition for Tpm2SetPrimaryPolicy.Yao, Jiewen2014-12-231-1/+1
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Long, Qin" <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16549 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM2 commands which might be used in provision.Yao, Jiewen2014-12-232-0/+97
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> Reviewed-by: "Long, Qin" <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16548 6f19259b-4bc3-4df7-8a09-765794883524
* Use better coding style.Yao, Jiewen2014-12-191-1/+1
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Qiu, Shumin" <shumin.qiu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16540 6f19259b-4bc3-4df7-8a09-765794883524
* Add TPM2 commands which might be used in field upgrade.Yao, Jiewen2014-12-126-1/+785
| | | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Dong, Guo" <guo.dong@intel.com> Reviewed-by: "Long, Qin" <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16505 6f19259b-4bc3-4df7-8a09-765794883524
* correct a data type error.Dong Guo2014-12-111-1/+1
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Dong Eric <eric.dong@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16498 6f19259b-4bc3-4df7-8a09-765794883524
* Fix potential NULL pointer dereference issue in TcgDxe & TreeDxe.Chao Zhang2014-12-102-3/+3
| | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16494 6f19259b-4bc3-4df7-8a09-765794883524
* Add failed image Name in the Image Execution Information Table.Dong Guo2014-12-101-2/+8
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong Guo <guo.dong@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16493 6f19259b-4bc3-4df7-8a09-765794883524
* Code clean-up to eliminate potential "dereferenced pointer" warning. Qin Long2014-12-031-17/+20
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16468 6f19259b-4bc3-4df7-8a09-765794883524
* Correct the alignment calculation of PE/COFF attribute certificate entry.Qin Long2014-11-261-1/+1
| | | | | | | | | | | | This is to resolve the possible certificate entry retrieving issue caused by un-aligned (8-bytes) VirtualAddress in some PE/COFF image, which may break secure boot. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16449 6f19259b-4bc3-4df7-8a09-765794883524
* MdeModulePkg/SecurityPkg VariablePei: Fix VS2013 build failure.Star Zeng2014-11-191-0/+4
| | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16406 6f19259b-4bc3-4df7-8a09-765794883524
* SecurityPkg: VariableServiceSetVariable(): fix dbt <-> GUID associationLaszlo Ersek2014-11-141-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SVN r16380 ("UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot") broke the "dbt" variable's association with its expected namespace GUID. According to "MdePkg/Include/Guid/ImageAuthentication.h", *all* of the "db", "dbx", and "dbt" (== EFI_IMAGE_SECURITY_DATABASE2) variables have their special meanings in the EFI_IMAGE_SECURITY_DATABASE_GUID namespace. However, the above commit introduced the following expression in VariableServiceSetVariable(): > - } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && > - ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) { > + } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && > + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0)) > + || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2)) == 0) { Simply replacing the individual expressions with the predicates "GuidMatch", "DbMatch", "DbxMatch", and "DbtMatch", the above transformation becomes: > - } else if (GuidMatch && > - ((DbMatch) || (DbxMatch))) { > + } else if (GuidMatch && > + ((DbMatch) || (DbxMatch)) > + || DbtMatch) { In shorter form, we change GuidMatch && (DbMatch || DbxMatch) into GuidMatch && (DbMatch || DbxMatch) || DbtMatch which is incorrect, because this way "dbt" will match outside of the intended namespace / GUID. The error was caught by gcc: > SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c: In function > 'VariableServiceSetVariable': > > SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c:3188:71: error: > suggest parentheses around '&&' within '||' [-Werror=parentheses] > > } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && > ^ > cc1: all warnings being treated as errors Fix the parentheses. This change may have security implications. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16389 6f19259b-4bc3-4df7-8a09-765794883524
* UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support ↵Qin Long2014-11-1412-535/+1833
| | | | | | | | | | | | | | | | | for Secure Boot Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
* Fix execution status & DEBUG message level mismatch. EFI_D_ERROR is used ↵Chao Zhang2014-11-1012-57/+57
| | | | | | | | | | only when failure/case can’t be resolved by code. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dong Guo <guo.dong@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16320 6f19259b-4bc3-4df7-8a09-765794883524
* EDK II Contributions.txt: Update patch format informationJordan Justen2014-10-311-13/+29
| | | | | | | | | | | | | Update to show what the patch looks like in email form. NOTE: This does not modify the wording of the "TianoCore Contribution Agreement 1.0" section Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Jaben Carsey <jaben.carsey@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16297 6f19259b-4bc3-4df7-8a09-765794883524
* Remove redundant ASSERT in TcgDxe & TreeDxe. Some asserts are removed ↵Chao Zhang2014-10-312-25/+51
| | | | | | | | | | | | directly, some are replaced by debug output. ASSERT for SetupEventLog is kept. It is the foundation of TcgProtocol and TrEEProtocol Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16281 6f19259b-4bc3-4df7-8a09-765794883524
* MdeModulePkg/SecurityPkg Variable: Add boundary check for while ↵Star Zeng2014-10-312-30/+48
| | | | | | | | | | (IsValidVariableHeader (Variable)). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16280 6f19259b-4bc3-4df7-8a09-765794883524
* Add comments to clarify mPubKeyStore buffer MemCopy. There is no memory ↵Chao, Zhang2014-10-224-0/+30
| | | | | | | | | | overflow issue. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao, Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao, Jiewen <jiewen.yao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16227 6f19259b-4bc3-4df7-8a09-765794883524
* Clean up the code. Action statement should not have text two opcode.Eric Dong2014-10-214-6/+1
| | | | | | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16221 6f19259b-4bc3-4df7-8a09-765794883524
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 06:52:36 +0000