summaryrefslogtreecommitdiffstats
path: root/SecurityPkg
Commit message (Collapse)AuthorAgeFilesLines
* Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twicePeter Jones2017-09-051-2/+11
| | | | | | | | | | | | | This patch makes Pkcs7VerifyDxe check that it has not already been installed before installing its protocols. This prevents the case where loading it as an external driver (either manually, through Driver#### variables, etc.) will refuse to add a second provider of the API. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Peter Jones <pjones@redhat.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg/Pkcs7Verify: Complete the Pkcs7VerifyDxe protocolLong Qin2017-09-051-3/+376
| | | | | | | | | | | | | VerifySignature can be implemented using a mirror of the AuthenticodeVerify function that's already in use in the ImageVerificationDXE environment, so this patch simply wires up VerifySignature using that code. <NOTE: Only Authenticode-signature verification was supported by this VerifySignature() implementation now.) Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg: Add ARM/AARCH64 arch to enable RngTest module build.Long Qin2017-08-302-2/+2
| | | | | | | | | | | | | | | Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=680 Adding ARM and AARCH64 to SUPPORTED_ARCHITECTURES in SecurityPkg.dsc to enable RngTest module build, since this is one platform-independent application. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* SecurityPkg/Tcg2Dxe: Properly shutdown TPM before resetRuiyu Ni2017-08-252-0/+69
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
* edk2: Move License.txt file to rootMichael D Kinney2017-08-031-25/+0
| | | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=642 Add top level License.txt file with the BSD 2-Clause License that is used by the majority of the EKD II open source project content. Merge copyright statements from the BSD 2-Clause License files in each package directory and remove the duplication License.txt file from package directories. Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Andrew Fish <afish@apple.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
* edk2: Move TianoCore Contribution Agreement to rootMichael D Kinney2017-08-031-218/+0
| | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=629 Move Contributions.txt that contains the TianoCore Contribution Agreement 1.0 to the root of the edk2 repository and remove the duplicate Contributions.txt files from all packages. Cc: Leif Lindholm <leif.lindholm@linaro.org> Cc: Andrew Fish <afish@apple.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
* SecurityPkg OpalPasswordSupportLib: Remove include to UefiAcpiDataTable.hStar Zeng2017-07-271-2/+1
| | | | | | | | | | | Remove redundant include to UefiAcpiDataTable.h as SmmCommunication.h will help to include it. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg TcgDxe: Simplify debug msg when "TPM not working properly"Star Zeng2017-06-101-3/+1
| | | | | | | | | | | | | | | | | | | | Current code for case "TPM not working properly" uses the predefined macro __FILE__ in debug format string, but uses predefined macro __LINE__ as parameter, and it also uses multiple pairs of "" in debug format string. To be simple and clear, this patch is to update the code to just use "DriverEntry: TPM not working properly\n" as the debug message. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Amy Chan <amy.chan@intel.com> Cc: Chasel Chiu <chasel.chiu@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chasel Chiu <chasel.chiu@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Add TCG Spec info to TCG related modulesZhang, Chao B2017-05-115-5/+31
| | | | | | | | | | | Add TCG Spec compliance info to TCG related module INFs. Cc: Qin Long <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg/Pkcs7VerifyDxe: Add format check in DB list contentsLong Qin2017-05-051-6/+60
| | | | | | | | | | Add the size check for invalid format detection in AllowedDb, RevokedDb and TimeStampDb list contents. Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Update package version to 0.97Zhang, Chao B2017-05-052-2/+2
| | | | | | | | | Update package version of SecurityPkg to 0.97. Cc: Qin Long <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Qin Long <qin.long@intel.com>
* SecurityPkg: Consume SmmIoLib.Eric Dong2017-05-041-0/+1
| | | | | | | | Update code to consume SmmIoLib to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg OpalPasswordSmm: Consume SmmIoLib.Eric Dong2017-05-044-83/+3
| | | | | | | | Update code to consume SmmIoLib to check Mmio validation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/SecurityPkg.dec: Update PcdPkcs7CertBuffer PCD.Long Qin2017-04-121-1/+1
| | | | | | | | | | | | | | | | This patch updates the PcdPkcs7CertBuffer PCD to use the new generated test certificate data for PKCS7 verification. This was used as sample trusted certificate in the verification of Signed Capsule Update. (The updated value is still only for test purpose.) Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Long Qin <qin.long@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Error Level is not used correctlyJeff Fan2017-04-126-11/+11
| | | | | | | Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jeff Fan <jeff.fan@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: SecureBootConfigDxe: Update CloseEnrolledFile commentZhang, Chao B2017-04-061-6/+2
| | | | | | | | | Update function CloseEnrolledFile comment introduced in 4de754e15fec9c94ce7677904efd0022c211721b Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com>
* SecurityPkg: SecureBootConfigDxe: Support AUTH_2 enrollment to DBXZhang, Chao B2017-04-065-84/+338
| | | | | | | | | | | Update SecureBootConfigDxe to support AUTH_2 format data enrollment to DBX. Free opened file handle resource after exit PK/KEK/DB/DBX/DBT enrollment page. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg/Opal: Refine casting expression result to bigger sizeHao Wu2017-03-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are cases that the operands of an expression are all with rank less than UINT64/INT64 and the result of the expression is explicitly cast to UINT64/INT64 to fit the target size. An example will be: UINT32 a,b; // a and b can be any unsigned int type with rank less than UINT64, like // UINT8, UINT16, etc. UINT64 c; c = (UINT64) (a + b); Some static code checkers may warn that the expression result might overflow within the rank of "int" (integer promotions) and the result is then cast to a bigger size. The commit refines codes by the following rules: 1). When the expression is possible to overflow the range of unsigned int/ int: c = (UINT64)a + b; 2). When the expression will not overflow within the rank of "int", remove the explicit type casts: c = a + b; 3). When the expression will be cast to pointer of possible greater size: UINT32 a,b; VOID *c; c = (VOID *)(UINTN)(a + b); --> c = (VOID *)((UINTN)a + b); 4). When one side of a comparison expression contains only operands with rank less than UINT32: UINT8 a; UINT16 b; UINTN c; if ((UINTN)(a + b) > c) {...} --> if (((UINT32)a + b) > c) {...} For rule 4), if we remove the 'UINTN' type cast like: if (a + b > c) {...} The VS compiler will complain with warning C4018 (signed/unsigned mismatch, level 3 warning) due to promoting 'a + b' to type 'int'. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
* SecurityPkg: Refine type cast for pointer subtractionHao Wu2017-03-066-32/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For pointer subtraction, the result is of type "ptrdiff_t". According to the C11 standard (Committee Draft - April 12, 2011): "When two pointers are subtracted, both shall point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. The size of the result is implementation-defined, and its type (a signed integer type) is ptrdiff_t defined in the <stddef.h> header. If the result is not representable in an object of that type, the behavior is undefined." In our codes, there are cases that the pointer subtraction is not performed by pointers to elements of the same array object. This might lead to potential issues, since the behavior is undefined according to C11 standard. Also, since the size of type "ptrdiff_t" is implementation-defined. Some static code checkers may warn that the pointer subtraction might underflow first and then being cast to a bigger size. For example: UINT8 *Ptr1, *Ptr2; UINTN PtrDiff; ... PtrDiff = (UINTN) (Ptr1 - Ptr2); The commit will refine the pointer subtraction expressions by casting each pointer to UINTN first and then perform the subtraction: PtrDiff = (UINTN) Ptr1 - (UINTN) Ptr2; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7]Zhang, Chao B2017-03-061-1/+18
| | | | | | | | | | | | | | Measure DBT into PCR[7] in initial measurement phase if present and not empty by following TCG PC Client PFP 00.49. The previous patch according to 00.21 is removed 1404e3a1508473643efba89af34bd133ab082dd5 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Dxe: Measure BootOrder, Boot#### to PCR[1]Zhang, Chao B2017-03-061-2/+3
| | | | | | | | | | | | | Measure BootOrder, Boot#### to PCR[1] according to TCG PC-Client PFP Spec 00.21 Section 2.4.4.2 http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Fix potential bug in Security Boot dxe.Zhang Lubo2017-03-012-11/+11
| | | | | | | | | | | | | | | | | v2: update hash value in SecureBootConfig.vfr to keep them consistent with macro definition in SecureBootConfigImpl.h since we removed the sha-1 definition in Hash table and related macro, but the macro definition HashAlg index may be value 4 which is exceed the range of the Hash table array. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg/SecureBootConfigDxe: Use StrToGuid in BaseLibRuiyu Ni2017-02-283-166/+5
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/TpmCommandLib: Add Tpm2ReadPublic.Jiewen Yao2017-02-213-2/+369
| | | | | | | | Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* Security Tcg2Smm: Add missing gEfiTcg2ProtocolGuid dependencyStar Zeng2017-02-211-1/+2
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=380 gEfiTcgProtocolGuid dependency was added in TcgSmm. But gEfiTcg2ProtocolGuid dependency is missing in Tcg2Smm. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.Zhang Lubo2017-02-204-18/+35
| | | | | | | | | | | | | | | | V3: code clean up prohibit Image SHA-1 hash option in SecureBootConfigDxe. Timebased Auth Variable driver should ensure AuthAlgorithm is SHA256 before further verification Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Zhang Lubo <lubo.zhang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmapStar Zeng2017-02-086-39/+254
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=244 Currently, when software HashLib (HashLibBaseCryptoRouter) and related HashInstanceLib instances are used, PcdTcg2HashAlgorithmBitmap is expected to be configured to 0 in platform dsc. But PcdTcg2HashAlgorithmBitmap has default value 0xFFFFFFFF in SecurityPkg.dec, and some platforms forget to configure it to 0 or still configure it to 0xFFFFFFFF in platform dsc, that will make final PcdTcg2HashAlgorithmBitmap value incorrect. This patch is to add CONSTRUCTOR in HashLib (HashLibBaseCryptoRouter) and PcdTcg2HashAlgorithmBitmap will be set to 0 in the CONSTRUCTOR. Current HASH_LIB_PEI_ROUTER_GUID HOB created in HashLibBaseCryptoRouterPei is shared between modules that link HashLibBaseCryptoRouterPei. To avoid mutual interference, separated HASH_LIB_PEI_ROUTER_GUID HOBs with gEfiCallerIdGuid Identifier will be created for those modules. This patch is also to add check in HashLib (HashLibBaseCryptoRouter) for the mismatch of supported HashMask between modules that may link different HashInstanceLib instances, warning will be reported if mismatch is found. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Tcg2Dxe: Log EV_NO_ACTION event in TCG_PCR_EVENT2 formatZhang, Chao B2017-02-061-18/+96
| | | | | | | | | | | | All the event log entry in TCG2 Event log format should be TCG_PCR_EVENT2 except event log header. Defined by TCG EFI Spec 2.0 00.13 https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg: Tcg2Dxe: Update PCR[4] measure logicZhang, Chao B2017-01-261-3/+22
| | | | | | | | | | | | | Update PCR[4] measure logic for each boot attempt. 1. Measure event to PCR[4] instead of PCR[5] 2. Measure “Calling UEFI Application from Boot Option” http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg/Tpm12CommandLib: Always check response returnCodeMichael Kinney2017-01-252-3/+25
| | | | | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=338 Update the Tpm12CommandLib to consistently check the returnCode field of a response packet. These checks are missing from the GetCapability and SelfTest commands. The functions Tpm12ContinueSelfTest(), Tpm12GetCapabilityFlagPermanent(), and Tpm12GetCapabilityFlagVolatile() are updated to verify that the response returnCode is not an error. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: Tcg2Dxe: Use UEFI_VARIABLE_DATAZhang, Chao B2017-01-252-9/+8
| | | | | | | | | | | | | Use UEFI_VARIABLE_DATA data structure according to TCG PC-Client PFP Spec 00.21. http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Dxe: Log Startup Locality EventZhang, Chao B2017-01-244-14/+60
| | | | | | | | | | | | Log Startup Locality Event according to TCG PC Client PFP 00.21. Event should be placed before any extend to PCR[0] http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7]Zhang, Chao B2017-01-221-1/+2
| | | | | | | | | | | | Measure DBT into PCR[7] in initial measurement phase according to TCG PC Client PFP 00.37. http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: DxeImageVerificationLib: Update PCR[7] measure logicZhang, Chao B2017-01-221-3/+7
| | | | | | | | | | | | | | Update PCR[7] measure logic according to TCG PC Client PFP 00.37. Only entries in DB that is used for image authentication need to be measured. http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg/FmpAuthenticationLib: Refine to compare with same typeHao Wu2017-01-122-4/+4
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/TcgDxe: Refine to compare 2 values with the same typeHao Wu2017-01-121-2/+2
| | | | | | Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecuritPkg: Tcg2Smm: Add PlatformClass to TPM2 TableZhang, Chao B2017-01-122-0/+11
| | | | | | | | | | | | Add PlatformClass info into TPM2 ACPI table, it is only valid with table Rev 4 and later. Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Smm: Fix incompatible changeZhang, Chao B2017-01-111-3/+3
| | | | | | | | | | | Address incompatible change introduced in patch 8f07a374b1d0497b6676491de8cbe2f08f4f7e9f Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2ConfigDxe/Tcg2Smm: Fix TPM2 HID issueZhang, Chao B2017-01-102-4/+4
| | | | | | | | | | | Fix wrong TPM2 HID generation logic. Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Config: TPM2 ACPI Table Rev OptionZhang, Chao B2017-01-1013-8/+113
| | | | | | | | | | | | Add TPM2 ACPI Table Rev Option in Tcg2Config UI. Rev 4 is defined in TCG ACPI Specification 00.37 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg Tcg2ConfigDxe: Refine debug message and commentsStar Zeng2017-01-092-5/+5
| | | | | | | Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg Tcg2ConfigDxe: Typecast to (CHAR8*) as para of AsciiStrSizeStar Zeng2017-01-092-3/+3
| | | | | | | | | | Cc: Dandan Bi <dandan.bi@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
* SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI versionStar Zeng2017-01-0610-11/+281
| | | | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=288 gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer was introduced to configure physical presence interface version. but test or user needs to build different images to support different versions separately as the PCD does not support Dynamic types. This patch is to extend the PCD to support Dynamic types and add a setup option in Tcg2ConfigDxe driver to configure the physical presence interface version, the PCD needs to be DynamicHii type and maps to the setup option. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
* SecurityPkg: TcgPei: Sync TCG PP lifetime lock stateZhang, Chao B2017-01-061-1/+2
| | | | | | | | | | Sync TCG lifetime lock state after performing PP command. Later logic checks such state. Cc: Long Qin <qin.long@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
* SecurityPkg: Tcg2ConfigDxe: Remove duplicate local variableZhang, Chao B2017-01-061-1/+0
| | | | | | | | | Remove duplicate local status variable declaration. Cc: Bi Dandan <dandan.bi@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com>
* SecurityPkg: Add Pcd PROMPT/HELP & Chang default settingZhang, Chao B2017-01-052-3/+7
| | | | | | | | | | Update PCD PcdTcg2PhysicalPresenceFlags default setting. Also add PROMPT, HELP string. Cc: Star Zeng <star.zeng@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
* SecuritPkg: Tcg2: Fix coding style issueZhang, Chao B2017-01-052-15/+15
| | | | | | | | | Fix coding style issue Cc: Bi Dandan <dandan.bi@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Bi Dandan <dandan.bi@intel.com>
* SecurityPkg: Tcg2ConfigDxe: Display TPM2 HID in Tcg2ConfigZhang, Chao B2017-01-055-7/+125
| | | | | | | | | | | Display TPM2 HID from TPM2 ACPI device object in Tcg2Config UI Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2Smm: Update HID patch logicZhang, Chao B2017-01-043-10/+11
| | | | | | | | | | | | Update HID patch logic. NOOP in ASL template may cause syntax error when disassembled and recompiled. Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
* SecurityPkg: Tcg2PhysicalPresence: Define TCG2 PP Flags Initial PcdZhang, Chao B2016-12-293-2/+12
| | | | | | | | | | | Define PcdTcg2PhysicalPresenceFlags to initialize TCG2 PP Flags setting. Cc: Yao Jiewen <jiewen.yao@intel.com> Cc: Star Zeng <star.zeng@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>