summaryrefslogtreecommitdiffstats
path: root/SecurityPkg
Commit message (Collapse)AuthorAgeFilesLines
* SecurityPkg/Tcg2PhysicalPresenceLib: Fix incorrect TCG VER comparisionTerry Lee2020-10-181-1/+1
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2697 Tcg2PhysicalPresenceLibConstructor set the module variable mIsTcg2PPVerLowerThan_1_3 with incorrect TCG version comparision. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/PeiTpmMeasurementLib: remove gEfiTpmDeviceSelectedGuidQi Zhang2020-09-161-2/+1
| | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2963 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACROZhichao Gao2020-09-071-0/+6
| | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2943 Disable SHA1 base on the MACRO DISABLE_SHA1_DEPRECATED_INTERFACES. SHA1 is deprecated function and the MACRO is used to remove the whole implementation of the SHA1. For the platforms that do not need SHA1 for security, the MACRO should works for DxeImageVerificationLib as well. Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/DxeImageVerificationLib: catch alignment overflow (CVE-2019-14562)Laszlo Ersek2020-09-021-1/+3
| | | | | | | | | | | | | | | | | | | | | | | The DxeImageVerificationHandler() function currently checks whether "SecDataDir" has enough room for "WinCertificate->dwLength". However, for advancing "OffSet", "WinCertificate->dwLength" is aligned to the next multiple of 8. If "WinCertificate->dwLength" is large enough, the alignment will return 0, and "OffSet" will be stuck at the same value. Check whether "SecDataDir" has room left for both "WinCertificate->dwLength" and the alignment. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200901091221.20948-4-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: assign WinCertificate after size checkLaszlo Ersek2020-09-021-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently the (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) check only guards the de-referencing of the "WinCertificate" pointer. It does not guard the calculation of the pointer itself: WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet); This is wrong; if we don't know for sure that we have enough room for a WIN_CERTIFICATE, then even creating such a pointer, not just de-referencing it, may invoke undefined behavior. Move the pointer calculation after the size check. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200901091221.20948-3-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: extract SecDataDirEnd, SecDataDirLeftLaszlo Ersek2020-09-021-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following two quantities: SecDataDir->VirtualAddress + SecDataDir->Size SecDataDir->VirtualAddress + SecDataDir->Size - OffSet are used multiple times in DxeImageVerificationHandler(). Introduce helper variables for them: "SecDataDirEnd" and "SecDataDirLeft", respectively. This saves us multiple calculations and significantly simplifies the code. Note that all three summands above have type UINT32, therefore the new variables are also of type UINT32. This patch does not change behavior. (Note that the code already handles the case when the SecDataDir->VirtualAddress + SecDataDir->Size UINT32 addition overflows -- namely, in that case, the certificate loop is never entered, and the corruption check right after the loop fires.) Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Wenyi Xie <xiewenyi2@huawei.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200901091221.20948-2-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Wenyi Xie <xiewenyi2@huawei.com> Reviewed-by: Min M Xu <min.m.xu@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Initailize variable Status before it is consumed.Zhiguang Liu2020-09-011-0/+1
| | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2945 V2: Move "Status = EFI_SUCCESS;" before the EDKII_TCG_PRE_HASH check. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com> Message-Id: <20200901005505.1722-1-zhiguang.liu@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
* SecurityPkg/Tcg2: handle PRE HASH and LOG ONLYQi Zhang2020-08-262-5/+12
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Message-Id: <20200818062618.3698-8-qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/dsc: add FvEventLogRecordLibQi Zhang2020-08-262-0/+5
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Message-Id: <20200818062618.3698-6-qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurementQi Zhang2020-08-264-0/+351
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Message-Id: <20200818062618.3698-2-qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Fix spelling mistake for occurredMichael D Kinney2020-08-191-1/+1
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2361 Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/OpalPassword: Fix spelling mistakeMichael D Kinney2020-08-191-1/+1
| | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2346 Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/SecurityPkg.ci.yaml: Add configuration for Ecc checkShenglei Zhang2020-08-171-0/+12
| | | | | | | | | | | | Add configuration ExceptionList and IgnoreFiles for package config files. So users can rely on this to ignore some Ecc issues. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* SecurityPkg/SecurityPkg.ci.yaml: Add configuration for LicenseCheckShenglei Zhang2020-07-311-0/+3
| | | | | | | | | | | | Add configuration IgnoreFiles for package config files. So users can rely on this to skip license conflict for some generated files. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/Tcg2Config: remove TPM2_ChangEPS if it is not supported.Qi Zhang2020-07-283-0/+10
| | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2793 In current implementation TPM2_ChangeEPS command is always available in the TPM2 operation pull down list in TCG2 Configuration, which is confusing when the command is not supported by specific TPM chip. As a user experience improvement, TPM2_ChangeEPS command should be removed from the list when it is not supported. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/Tpm2CommandLib: add a new functionZhang, Qi2020-07-282-0/+56
| | | | | | | | | | | | | | | | Tpm2GetCapabilityIsCommandImplemented REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2793 check if the commad is supported by comparing the command code with command index. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash ↵Guomin Jiang2020-07-282-2/+28
| | | | | | | | | | | | | | | | | | | | | (CVE-2019-11098) REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 When we allocate pool to save rebased the PEIMs, the address will change randomly, therefore the hash will change and result PCR0 change as well. To avoid this, we save the raw PEIMs and use it to calculate hash. The TcgPei calculate the hash and it use the Migrated FV Info. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash ↵Guomin Jiang2020-07-282-3/+29
| | | | | | | | | | | | | | | | | | | | | (CVE-2019-11098) REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 When we allocate pool to save rebased the PEIMs, the address will change randomly, therefore the hash will change and result PCR0 change as well. To avoid this, we save the raw PEIMs and use it to calculate hash. The Tcg2Pei calculate the hash and it use the Migrated FV Info. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com>
* SecurityPkg/dsc: Add PeiTpmMeasurementLib.Jiewen Yao2020-07-231-1/+3
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.Jiewen Yao2020-07-233-0/+141
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg2: Add TcgPpiJiewen Yao2020-07-232-27/+86
| | | | | | | | | | | | | | And do some code clean with updated function REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg: Add TcgPpiJiewen Yao2020-07-232-6/+58
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/dec: Add TcgPpi.Jiewen Yao2020-07-231-0/+3
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/TcgPpi: Add TcgPpi header file.Jiewen Yao2020-07-231-0/+60
| | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Qi Zhang <qi1.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg2Pei: Add missing PCRIndex in FvBlob event.Jiewen Yao2020-07-111-0/+1
| | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2840 Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/Tcg2Dxe: Add PcdTcgPfpMeasurementRevision in SpecId event.Jiewen Yao2020-07-112-1/+2
| | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2839 Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg: Change default value sourceMaggie Chu2020-05-217-27/+30
| | | | | | | | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2713 In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not exist, code will get default value from two places. This fix is to make the default value comes from the PCD gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags Signed-off-by: Maggie Chu <maggie.chu@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: Mark the File parameter as OPTIONALGuomin Jiang2020-04-221-1/+1
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652 According to the File description, the File is optional and can be NULL. Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/DxeImageAuth: Mark the File parameter as OPTIONALGuomin Jiang2020-04-221-1/+1
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652 According to the File description, The File is optional and can be NULL. Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg/TPM: measure UEFI images without associated device paths againGuomin Jiang2020-04-222-20/+20
| | | | | | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2652 DxeTpm2MeasureBootHandler() and DxeTpmMeasureBootHandler() functions may receive a FileBuffer argument that is not associated with any particular device path (e.g., because the UEFI image has not been loaded from any particular device path). Therefore rejecting (File==NULL) at the top of the function is invalid. Fixes: 4b026f0d5af36faf3a3629a3ad49c51b5b3be12f Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
* SecurityPkg Tcg: Use SW SMI IO port PCD in Tpm.aslMichael Kubacki2020-04-214-17/+26
| | | | | | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2416 Replaces the hardcoded value of 0xB2 with a PCD for the SMI port access operation region. This allows platforms to customize the IO port value if necessary. Cc: Kun Qin <Kun.Qin@microsoft.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
* SecurityPkg: Add PCD for SW SMI Command portMichael Kubacki2020-04-211-1/+7
| | | | | | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2416 Adds a PCD to SecurityPkg used to specify the SW SMI Command port. This value may vary across platforms and is current hardcoded to 0xB2 in package code. Cc: Kun Qin <Kun.Qin@microsoft.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
* SecurityPkg/HddPassword: Use BaseLib linked list iteration macrosMichael Kubacki2020-04-212-12/+8
| | | | | | | | | | | | | | | | | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1959 Replaces usage of the linked list iteration macros defined in HddPasswordDxe.h with the common definition in BaseLib.h. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Sean Brogan <sean.brogan@microsoft.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Bret Barkelew <bret.barkelew@microsoft.com>
* SecurityPkg: Security package changes for RISC-V EDK2 CI.Abner Chang2020-04-031-2/+2
| | | | | | | | | | | | | | | | | Add RISC-V architecture to SecurityPkg for EDK2 CI testing. BZ:2562: https://bugzilla.tianocore.org/show_bug.cgi?id=2562 Signed-off-by: Abner Chang <abner.chang@hpe.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Gilbert Chen <gilbert.chen@hpe.com> Cc: Daniel Schaefer <daniel.schaefer@hpe.com>
* SecurityPkg: add null version of VariableKeyLibJian J Wang2020-03-273-0/+102
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 Add null version of VariableKeyLib instance. The full version should be provided by platforms which supports key generator. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
* SecurityPkg: add null version of RpmcLibJian J Wang2020-03-273-0/+86
| | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 Add null version of RpmcLib instance. The full version should be provided by platform which supports RPMC device. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: add RpmcLib and VariableKeyLib public headersJian J Wang2020-03-273-0/+111
| | | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 RpmcLib.h and VariableKeyLib.h are header files required to access RPMC device and Key generator from platform. They will be used to ensure the integrity and confidentiality of NV variables. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: change IsCertHashFoundInDatabase name ↵Jian J Wang2020-02-191-3/+3
| | | | | | | | | | | | | | (CVE-2019-14575) IsCertHashFoundInDatabase() is actually used only for searching dbx, according to the function logic, its comments and its use cases. Changing it to IsCertHashFoundInDbx to avoid confusion. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (2) ↵Jian J Wang2020-02-191-19/+58
| | | | | | | | | | | | | | | | | | | | | | | | (CVE-2019-14575) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 To avoid false-negative issue in check hash against dbx, both error condition (as return value) and check result (as out parameter) of IsSignatureFoundInDatabase() are added. So the caller of this function will know exactly if a failure is caused by a black list hit or other error happening, and enforce a more secure operation to prevent secure boot from being bypassed. For a white list check (db), there's no such necessity. All intermediate results inside this function will be checked and returned immediately upon any failure or error, like out-of-resource, hash calculation error or certificate retrieval failure. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: plug Data leak in IsForbiddenByDbx() ↵Laszlo Ersek2020-02-191-1/+1
| | | | | | | | | | | | | | (CVE-2019-14575) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 If the second GetVariable() call for "dbx" fails, in IsForbiddenByDbx(), we have to free Data. Jump to "Done" for that. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: tighten default result (CVE-2019-14575)Jian J Wang2020-02-191-1/+10
| | | | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 All intermediate results inside this function will be checked and returned immediately upon any failure or error, like out-of-resource, hash calculation error or certificate retrieval failure. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (1) ↵Jian J Wang2020-02-191-22/+42
| | | | | | | | | | | | | | | | | | | | (CVE-2019-14575) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 To avoid false-negative issue in check hash against dbx, both error condition (as return value) and check result (as out parameter) of IsCertHashFoundInDatabase() are added. So the caller of this function will know exactly if a failure is caused by a black list hit or other error happening, and enforce a more secure operation to prevent secure boot from being bypassed. For a white list check (db), there's no such necessity. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: refactor db/dbx fetching code ↵Jian J Wang2020-02-191-61/+83
| | | | | | | | | | | | | | | | | | | (CVE-2019-14575) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 The dbx fetching code inside the while/for-loop causes code hard to understand. Since there's no need to get dbx more than once, this patch simplify the code logic by moving related code to be outside the while- loop. db fetching code is also refined accordingly to reduce the indent level of code. More comments are also added or refined to explain more details. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: avoid bypass in fetching dbx ↵Jian J Wang2020-02-191-0/+11
| | | | | | | | | | | | | | | | | | | | | (CVE-2019-14575) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 In timestamp check after the cert is found in db, the original code jumps to 'Done' if any error happens in fetching dbx variable. At any of the jump, VerifyStatus equals to TRUE, which means allowed-by-db. This should not be allowed except to EFI_NOT_FOUND case (meaning dbx doesn't exist), because it could be used to bypass timestamp check. This patch add code to change VerifyStatus to FALSE in the case of memory allocation failure and dbx fetching failure to avoid potential bypass issue. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: fix wrong fetch dbx in IsAllowedByDb ↵Jian J Wang2020-02-191-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | (CVE-2019-14575) REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 Normally two times of calling gRT->GetVariable() are needed to get the data of a variable: get the variable size by passing zero variable size, and then allocate enough memory and pass the correct variable size and buffer. But in the inner loop in IsAllowedByDb(), the DbxDataSize was not initialized to zero before calling gRT->GetVariable(). It won't cause problem if dbx does not exist. But it will give wrong result if dbx exists and the DbxDataSize happens to be a small enough value. In this situation, EFI_BUFFER_TOO_SMALL will be returned. Then the result check code followed will jump to 'Done', which is not correct because it's actually the value expected. if (Status == EFI_BUFFER_TOO_SMALL) { goto Done; } Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 per DBX ↵Jian J Wang2020-02-191-1/+1
| | | | | | | | | | | | | | (CVE-2019-14575) In case the signers' certificate stack, retrieved from the PE/COFF image's Authenticode blob, has zero elements (=there are zero signer certificates), then we should consider the image forbidden by DBX, not accepted by DBX. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg/DxeImageVerificationLib: Fix memory leaks (CVE-2019-14575)Jian J Wang2020-02-191-0/+3
| | | | | | | | | | | | REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 Pointer HashCtx used in IsCertHashFoundInDatabase() is not freed inside the while-loop, if it will run more than once. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
* SecurityPkg: Issues reported by ECC in EDK2.GuoMinJ2020-02-142-4/+4
| | | | | | | | | https://bugzilla.tianocore.org/show_bug.cgi?id=2515 Change the SecurityPkg to match the ECC check rule Signed-off-by: GuoMinJ <newexplorerj@gmail.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
* SecurityPkg/VariableAuthenticated: Fix few typosAntoine Coeur2020-02-102-2/+2
| | | | | | | | | | | | | Fix few typos in comments and documentation. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-67-philmd@redhat.com>
* SecurityPkg/Tcg: Fix various typosAntoine Coeur2020-02-1014-27/+27
| | | | | | | | | | | | | | Fix various typos in documentation, comments and debug strings. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Antoine Coeur <coeur@gmx.fr> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <20200207010831.9046-66-philmd@redhat.com> [lersek@redhat.com: replace EFI_D_xxx w/ DEBUG_xxx to shut up PatchCheck]
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 14:57:50 +0000