summaryrefslogtreecommitdiffstats
path: root/SecurityPkg
Commit message (Collapse)AuthorAgeFilesLines
...
* SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 per DBX ↵Jian J Wang2020-02-191-1/+1
| | | | | | | | | | | | | | (CVE-2019-14575) In case the signers' certificate stack, retrieved from the PE/COFF image's Authenticode blob, has zero elements (=there are zero signer certificates), then we should consider the image forbidden by DBX, not accepted by DBX. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: Fix memory leaks (CVE-2019-14575)Jian J Wang2020-02-191-0/+3
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 Pointer HashCtx used in IsCertHashFoundInDatabase() is not freed inside the while-loop, if it will run more than once. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Issues reported by ECC in EDK2.GuoMinJ2020-02-142-4/+4
| | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2515 Change the SecurityPkg to match the ECC check rule Signed-off-by: GuoMinJ <newexplorerj@gmail.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* SecurityPkg/VariableAuthenticated: Fix few typosAntoine Coeur2020-02-102-2/+2
| | | | | | | | | | | | | Fix few typos in comments and documentation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-67-philmd@redhat.com>
* SecurityPkg/Tcg: Fix various typosAntoine Coeur2020-02-1014-27/+27
| | | | | | | | | | | | | | Fix various typos in documentation, comments and debug strings. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-66-philmd@redhat.com> [lersek@redhat.com: replace EFI_D_xxx w/ DEBUG_xxx to shut up PatchCheck]
* SecurityPkg/Library/Tpm: Fix various typosAntoine Coeur2020-02-106-11/+11
| | | | | | | | | | | | | Fix various typos in comments and documentation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-65-philmd@redhat.com>
* SecurityPkg/Hash2DxeCrypto: Fix few typosAntoine Coeur2020-02-103-4/+4
| | | | | | | | | | | | | Fix few typos in documentation, comments and debug strings. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-64-philmd@redhat.com>
* SecurityPkg: Fix few typosAntoine Coeur2020-02-109-9/+9
| | | | | | | | | | | | | Fix few typos in comments and documentation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-63-philmd@redhat.com>
* SecurityPkg: Fix incorrect return value when File is NULLPhilippe Mathieu-Daudé2020-02-102-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | The DxeTpmMeasureBootHandler and DxeTpm2MeasureBootHandler handlers are SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. This prototype can not return EFI_INVALID_PARAMETER. The prototype documentation states it returns EFI_ACCESS_DENIED if: "The file specified by File and FileBuffer did not authenticate, and the platform policy dictates that the DXE Foundation may not use File." Correct the documentation, and add a early check, returning EFI_ACCESS_DENIED when File is NULL. Noticed while reviewing commit 6d57592740cdd0b6868baeef7929d6e6fef. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/TcgPhysicalPresenceLib: Replace the ASSERT with error codeZhichao Gao2020-02-071-6/+19
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2472 Replace the ASSERT with the error code return in the TpmPhysicalPresence and GetTpmCapability. Add missing error checking after call TpmPhysicalPresence in TcgPhysicalPresenceLibProcessRequest. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
* SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policiesLaszlo Ersek2020-01-311-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In DxeImageVerificationHandler(), we should return EFI_SECURITY_VIOLATION for a rejected image only if the platform sets DEFER_EXECUTE_ON_SECURITY_VIOLATION as the policy for the image's source. Otherwise, EFI_ACCESS_DENIED must be returned. Right now, EFI_SECURITY_VIOLATION is returned for all rejected images, which is wrong -- it causes LoadImage() to hold on to rejected images (in untrusted state), for further platform actions. However, if a platform already set DENY_EXECUTE_ON_SECURITY_VIOLATION, the platform will not expect the rejected image to stick around in memory (regardless of its untrusted state). Therefore, adhere to the platform policy in the return value of the DxeImageVerificationHandler() function. Furthermore, according to "32.4.2 Image Execution Information Table" in the UEFI v2.8 spec, and considering that edk2 only supports (AuditMode==0) at the moment: > When AuditMode==0, if the image's signature is not found in the > authorized database, or is found in the forbidden database, the image > will not be started and instead, information about it will be placed in > this table. we have to store an EFI_IMAGE_EXECUTION_INFO record in both the "defer" case and the "deny" case. Thus, the AddImageExeInfo() call is not being made conditional on (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION); the documentation is updated instead. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Fixes: 5db28a6753d307cdfb1cfdeb2f63739a9f959837 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-12-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc failLaszlo Ersek2020-01-311-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It makes no sense to call AddImageExeInfo() with (Signature == NULL) and (SignatureSize > 0). AddImageExeInfo() does not crash in such a case -- it avoids the CopyMem() call --, but it creates an invalid EFI_IMAGE_EXECUTION_INFO record. Namely, the "EFI_IMAGE_EXECUTION_INFO.InfoSize" field includes "SignatureSize", but the actual signature bytes are not filled in. Document and ASSERT() this condition in AddImageExeInfo(). In DxeImageVerificationHandler(), zero out "SignatureListSize" if we set "SignatureList" to NULL due to AllocateZeroPool() failure. (Another approach could be to avoid calling AddImageExeInfo() completely, in case AllocateZeroPool() fails. Unfortunately, the UEFI v2.8 spec does not seem to state clearly whether a signature is mandatory in EFI_IMAGE_EXECUTION_INFO, if the "Action" field is EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED or EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND. For now, the EFI_IMAGE_EXECUTION_INFO addition logic is not changed; we only make sure that the record we add is not malformed.) Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-11-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL)Laszlo Ersek2020-01-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | "FileBuffer" is a non-optional input (pointer) parameter to DxeImageVerificationHandler(). Normally, when an edk2 function receives a NULL argument for such a parameter, we return EFI_INVALID_PARAMETER or RETURN_INVALID_PARAMETER. However, those don't conform to the SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. Return EFI_ACCESS_DENIED when "FileBuffer" is NULL; it means that no image has been loaded. This patch does not change the control flow in the function, it only changes the "Status" outcome from API-incompatible error codes to EFI_ACCESS_DENIED, under some circumstances. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-10-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variableLaszlo Ersek2020-01-311-4/+1
| | | | | | | | | | | | | | | | | | | | | | | The "Status" variable is set to EFI_ACCESS_DENIED at the top of the function. Then it is overwritten with EFI_SECURITY_VIOLATION under the "Failed" (earlier: "Done") label. We finally return "Status". The above covers the complete usage of "Status" in DxeImageVerificationHandler(). Remove the variable, and simply return EFI_SECURITY_VIOLATION in the end. This patch is a no-op, regarding behavior. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-9-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() callLaszlo Ersek2020-01-311-18/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Before the "Done" label at the end of DxeImageVerificationHandler(), we now have a single access to "Status": we set "Status" to EFI_ACCESS_DENIED at the top of the function. Therefore, the (Status != EFI_SUCCESS) condition is always true under the "Done" label. Accordingly, unnest the AddImageExeInfo() call dependent on that condition, remove the condition, and also rename the "Done" label to "Failed". Functionally, this patch is a no-op. It's easier to review with: git show -b -W Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-8-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: replace EFI_D_INFO w/ DEBUG_INFO for PatchCheck.py] [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: remove superfluous Status settingLaszlo Ersek2020-01-311-1/+0
| | | | | | | | | | | | | | | | | | | After the final "IsVerified" check, we set "Status" to EFI_ACCESS_DENIED. This is superfluous, as "Status" already carries EFI_ACCESS_DENIED value there, from the top of the function. Remove the assignment. Functionally, this change is a no-op. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-7-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failureLaszlo Ersek2020-01-311-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | A SECURITY2_FILE_AUTHENTICATION_HANDLER function is not expected to return EFI_OUT_OF_RESOURCES. We should only return EFI_SUCCESS, EFI_SECURITY_VIOLATION, or EFI_ACCESS_DENIED. In case we run out of memory while preparing "SignatureList" for AddImageExeInfo(), we should simply stick with the EFI_ACCESS_DENIED value that is already in "Status" -- from just before the "Action" condition --, and not suppress it with EFI_OUT_OF_RESOURCES. This patch does not change the control flow in the function, it only changes the "Status" outcome from API-incompatible error codes to EFI_ACCESS_DENIED, under some circumstances. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-6-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash statusLaszlo Ersek2020-01-311-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Inside the "for" loop that scans the signatures of the image, we call HashPeImageByType(), and assign its return value to "Status". Beyond the immediate retval check, this assignment is useless (never consumed). That's because a subsequent access to "Status" may only be one of the following: - the "Status" assignment when we call HashPeImageByType() in the next iteration of the loop, - the "Status = EFI_ACCESS_DENIED" assignment right after the final "IsVerified" check. To make it clear that the assignment is only useful for the immediate HashPeImageByType() retval check, introduce a specific helper variable, called "HashStatus". This patch is a no-op, functionally. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-5-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internalLaszlo Ersek2020-01-311-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PeCoffLoaderGetImageInfo() function may return various error codes, such as RETURN_INVALID_PARAMETER and RETURN_UNSUPPORTED. Such error values should not be assigned to our "Status" variable in the DxeImageVerificationHandler() function, because "Status" generally stands for the main exit value of the function. And SECURITY2_FILE_AUTHENTICATION_HANDLER functions are expected to return one of EFI_SUCCESS, EFI_SECURITY_VIOLATION, and EFI_ACCESS_DENIED only. Introduce the "PeCoffStatus" helper variable for keeping the return value of PeCoffLoaderGetImageInfo() internal to the function. If PeCoffLoaderGetImageInfo() fails, we'll jump to the "Done" label with "Status" being EFI_ACCESS_DENIED, inherited from the top of the function. Note that this is consistent with the subsequent PE/COFF Signature check, where we jump to the "Done" label with "Status" having been re-set to EFI_ACCESS_DENIED. As a consequence, we can at once remove the Status = EFI_ACCESS_DENIED; assignment right after the "PeCoffStatus" check. This patch does not change the control flow in the function, it only changes the "Status" outcome from API-incompatible error codes to EFI_ACCESS_DENIED, under some circumstances. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-4-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: remove "else" after return/breakLaszlo Ersek2020-01-311-20/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the code structure if (condition) { // // block1 // return; } else { // // block2 // } nesting "block2" in an "else" branch is superfluous, and harms readability. It can be transformed to: if (condition) { // // block1 // return; } // // block2 // with identical behavior, and improved readability (less nesting). The same applies to "break" (instead of "return") in a loop body. Perform these transformations on DxeImageVerificationHandler(). This patch is a no-op for behavior. Use git show -b -W for reviewing it more easily. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-3-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"Laszlo Ersek2020-01-311-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | In the DxeImageVerificationHandler() function, the "VerifyStatus" variable can only contain one of two values: EFI_SUCCESS and EFI_ACCESS_DENIED. Furthermore, the variable is only consumed with EFI_ERROR(). Therefore, using the EFI_STATUS type for the variable is unnecessary. Worse, given the complex meanings of the function's return values, using EFI_STATUS for "VerifyStatus" is actively confusing. Rename the variable to "IsVerified", and make it a simple BOOLEAN. This patch is a no-op, regarding behavior. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200116190705.18816-2-lersek@redhat.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> [lersek@redhat.com: push with Mike's R-b due to Chinese New Year Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid <d3fbb76dabed4e1987c512c328c82810@intel.com>]
* SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.Jiewen Yao2020-01-062-14/+89
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439 Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105. Use FvName as the description for the FV. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event.Jiewen Yao2020-01-062-29/+131
| | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439 The TCG2 DXE supports to parse the 800-155 event GUID from PEI and puts to the beginning of the TCG2 event. The TCG2 DXE also supports a DXE driver produces 800-155 event and let TCG2 DXE driver record. The 800-155 is a NO-ACTION event which does not need extend anything to TPM2. The TCG2 DXE also supports that. Multiple 800-155 events are supported. All of them will be put to the beginning of the TCG2 event, just after the SpecId event. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Guid: Add TCG 800-155 event GUID definition.Jiewen Yao2020-01-062-0/+15
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439 The PEIM can produce the 800-155 event and the event will be recorded to TCG event log by the TCG2 DXE. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg2Smm: Measure the table before patch.Jiewen Yao2019-12-101-27/+30
| | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1940 According to TCG PFP specification: the ACPI table must be measured prior to any modification, and the measurement must be same cross every boot cycle. There is a fix 3a63c17ebc853cbb27d190729d01e27f68e65b94 for the HID data. However that is not enough. The LAML/LASA and PCD configuration change may also cause similar problem. We need measure the table before any update. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <Jiewen.Yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Add YAML files for CI buildsMichael D Kinney2019-11-112-2/+110
| | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2315 Add YAML file to the package directory with the configuration of the checks to perform during a CI build. Use BaseCryptLibNull for package CI builds to reduce package build times. Enabled with CONTINUOUS_INTEGRATION in YAML files. By default CONTINUOUS_INTEGRATION is not defined, and the original lib mappings are preserved. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Fix TPM2 ACPI measurement.Derek Lin2019-11-071-14/+16
| | | | | | | | | | | | | | | We have discussed in this thread. https://edk2.groups.io/g/devel/topic/32205028 Before the change, TPM FW upgrade will impact TPM2 ACPI PCR value because TPM2 ACPI HID include FW version. This change make the measurement before TPM2 HID fixup. So, after TPM FW upgrade, the ACPI PCR record remains the same. Signed-off-by: Derek Lin <derek.lin2@hpe.com> Reviewed by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOLChu, Maggie2019-11-061-43/+27
| | | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2327 RAID drivers abstract their physical drives that make up the array into a single unit, and do not supply individual EFI_BLOCK_IO_PROTOCOL instances for each physical drive in the array. This breaks support for the Security Storage Command Protocol, which currently requires an EFI_BLOCK_IO_PROTOCOL to be associated with the same device the protocol is installed on and provide all the same parameters. This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and allows access to Opal drive members of a RAID array. Signed-off-by: Maggie Chu <maggie.chu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Fix spelling errorsSean Brogan2019-10-2381-205/+205
| | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2265 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Change EFI_D_INFO to DEBUG_INFOMichael D Kinney2019-10-231-1/+1
| | | | | | | | | | | Update DEBUG() macro to use DEBUG_INFO to address PatchCheck.py error. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg Tcg2Dxe: Add Variable Arch protocol dependencyLiming Gao2019-10-181-1/+5
| | | | | | | | | | | | | commit a7e2d20193e853020a1415c25b53280955055394 introduces the code to get PcdTpm2AcpiTableRev in the driver entry point. This PCD is designed as DynamicHii or DynamicHiiEx PCD. So, this PCD depends on Variable service. To make sure PcdTpm2AcpiTableRev value be got, add Variable service as Depex. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/Tcg2: Add Support Laml, Lasa for TPM2 ACPI.Jiewen Yao2019-10-114-9/+60
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=978 Tcg2Dxe produces PcdTpm2AcpiTableLaml/Lasa for event log address. Tcg2Smm consumes PcdTpm2AcpiTableLaml/Lasa to fill TPM2 ACPI table. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/dsc: Add PCD for Laml, Lasa for TPM2.Jiewen Yao2019-10-112-0/+17
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=978 Those PCDs will be used for TPM2 ACPI table. Tcg2Dxe need produce those for event log address. Tcg2Smm need consume those to fill TPM2 ACPI table. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: stop abusing EFI_EVENT for protocol notify registrationLaszlo Ersek2019-10-091-1/+1
| | | | | | | | | | | | | | | | | | EfiCreateProtocolNotifyEvent() takes a (VOID**) for "Registration", similarly to gBS->RegisterProtocolNotify(). We should pass the address of an actual pointer-to-VOID, and not the address of an EFI_EVENT. EFI_EVENT just happens to be specified as (VOID*), and has nothing to do with the registration. This change is a no-op in practice; it's a semantic improvement. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: fix UninstallMultipleProtocolInterfaces() callsLaszlo Ersek2019-10-093-3/+3
| | | | | | | | | | | | | | | | | | | Unlike the InstallMultipleProtocolInterfaces() boot service, which takes an (EFI_HANDLE*) as first parameter, the UninstallMultipleProtocolInterfaces() boot service takes an EFI_HANDLE as first parameter. These are actual bugs. They must have remained hidden until now because they are all in Unload() functions, which are probably exercised infrequently. Fix the UninstallMultipleProtocolInterfaces() calls. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg Tcg2Config: Move common definitions to new Tcg2Internal.hLiming Gao2019-09-177-35/+33
| | | | | | | | | | | | Common definitions are not consumed by VFR. They are not required to be defined in Tcg2ConfigNvData.h with WA way. New shared internal header file is added to include those common definitions. Cc: Jian Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecurityPkg.dec: Update TcgPpVendorLib.h to Tcg2PpVendorLib.hShenglei Zhang2019-09-171-1/+1
| | | | | | | | | | | | | | | Tcg2PpVendorLib library class header should be Include/Library/Tcg2PpVendorLib.h instead of Include/Library/TcgPpVendorLib.h. https://bugzilla.tianocore.org/show_bug.cgi?id=2146 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecurityPkg.uni: Add missing strings for new PCDsJian J Wang2019-08-161-0/+23
| | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2026 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Shenglei Zhang <shenglei.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecurityPkg.dec: Remove trailing white spaceShenglei Zhang2019-08-051-1/+1
| | | | | | | | | Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/FvReportPei: Change HashAlgoId to HashAlgIdShenglei Zhang2019-08-021-1/+1
| | | | | | | | Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: set SM3 bit in TPM 2.0 hash mask by defaultImran Desai2019-07-191-2/+3
| | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 GITHUB: https://github.com/idesai/edk2/tree/enable_sm3_measured_boot_v6 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch sets SM3 bit in TPM2.0 hash mask by default. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Signed-off-by: Imran Desai <imran.desai@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Message-Id: <20190718225326.40839-4-imran.desai@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/HashLibBaseCryptoRouter: recognize the SM3 digest algorithmImran Desai2019-07-191-0/+1
| | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 GITHUB: https://github.com/idesai/edk2/tree/enable_sm3_measured_boot_v6 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch adds SM3 as an available digest algorithm to crypto router. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Signed-off-by: Imran Desai <imran.desai@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Message-Id: <20190718225326.40839-3-imran.desai@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: introduce the SM3 digest algorithmImran Desai2019-07-195-0/+213
| | | | | | | | | | | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 GITHUB: https://github.com/idesai/edk2/tree/enable_sm3_measured_boot_v6 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch add SM3 algorithm in the hashinstance library. Delta in v7: 1. Dropped 95a040cff from v6 to address https://edk2.groups.io/g/devel/topic/ 32454898?p=,,,20,0,0,0::Created,,sm3,20,2,0,32454898,ct=1&ct=1 2. Relocated SM3 GUID definition from MdePkg to SecurityPkg in 9728b54f4 Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Signed-off-by: Imran Desai <imran.desai@intel.com> Message-Id: <20190718225326.40839-2-imran.desai@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* Revert "SecurityPkg: introduce the SM3 digest algorithm"Laszlo Ersek2019-07-045-210/+0
| | | | | | | | | | | | | | | | | | | This reverts commit 06dd5863b66edd9908834371e07fb4e11383c172. The reason is that said commit directly depends on commit 49c1e683c452 ("MdePkg/Protocol/Hash: introduce GUID for SM3", 2019-07-03), and the latter commit is going to be reverted, due to its review process not having followed established edk2 norms. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Imran Desai <imran.desai@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
* Revert "SecurityPkg/HashLibBaseCryptoRouter: recognize the SM3 digest algorithm"Laszlo Ersek2019-07-041-1/+0
| | | | | | | | | | | | | | | | | | | This reverts commit 542d04e2a4fec0df0340d2ad7b59f011f20d03cc. The reason is that said commit indirectly depends on commit 49c1e683c452 ("MdePkg/Protocol/Hash: introduce GUID for SM3", 2019-07-03), and the latter commit is going to be reverted, due to its review process not having followed established edk2 norms. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Imran Desai <imran.desai@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
* Revert "SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default"Laszlo Ersek2019-07-041-3/+2
| | | | | | | | | | | | | | | | | | | This reverts commit d5af8fc5a975feb6c745587d0d834733ad2048fd. The reason is that said commit indirectly depends on commit 49c1e683c452 ("MdePkg/Protocol/Hash: introduce GUID for SM3", 2019-07-03), and the latter commit is going to be reverted, due to its review process not having followed established edk2 norms. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Imran Desai <imran.desai@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Leif Lindholm <leif.lindholm@linaro.org> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
* SecurityPkg: set SM3 bit in TPM 2.0 hash mask by defaultImran Desai2019-07-031-2/+3
| | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch sets SM3 bit in TPM2.0 hash mask by default. Signed-off-by: Imran Desai <imran.desai@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: jiewen.yao@intel.com
* SecurityPkg/HashLibBaseCryptoRouter: recognize the SM3 digest algorithmImran Desai2019-07-031-0/+1
| | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch adds SM3 as an available digest algorithm to crypto router. Signed-off-by: Imran Desai <imran.desai@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: jiewen.yao@intel.com
* SecurityPkg: introduce the SM3 digest algorithmImran Desai2019-07-035-0/+210
| | | | | | | | | | | | | | | | | BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=1781 EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 PCR banks. This digest algorithm is part of the China Crypto algorithm suite. This integration has dependency on the openssl_1_1_1b integration into edk2. This patch add SM3 algorithm in the hashinstance library. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Signed-off-by: Imran Desai <imran.desai@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: jiewen.yao@intel.com
* SecurityPkg: Remove DxeDeferImageLoadLib in DSCShenglei Zhang2019-07-011-1/+0
| | | | | | | | | | | | The current version will cause build fail because DxeDeferImageLoadLib exists in DSC file but it was actually deleted. So it should be removed. https://bugzilla.tianocore.org/show_bug.cgi?id=1919 Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>