| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
GCC is case sensitive. Also add BaseMemoryLib in INF.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Gao Liming <liming.gao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
|
|
Several issues exist in TCG2 PP
1. TCG2 PP use NVS PPRQ/PPRM as PP parameter as well as current
PP state cache. But it doesn't handle PP set failure case
2. TCG2 PP Submit TPM Operation Request to Pre-OS Environment forgets
to clean PPRM
3. Potential alignment issue
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Qin Long <qin.long@intel.com>
|
|
This patch extracts function Tpm2GetCapabilitySupportedAndActivePcrs()
from drivers and also update Tcg2ExecutePhysicalPresence() to call
Tpm2GetCapabilitySupportedAndActivePcrs() instead of
Tcg2Protocol->GetCapability to query the TPM to determine which
hashing algorithms are supported.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
This patch just moves function CopyDigestListToBuffer() from
drivers to library with HashAlgorithmMask parameter added to
make the interface more applicable.
The related function IsHashAlgSupportedInHashAlgorithmMask()
is also moved from drivers to library as internal function.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
This patch just moves function GetDigestListSize() from
drivers to library and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
Update the return status description and use OUT identifier instead of
IN for Digest parameter, no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
This patch just moves function Tpm2GetDigestFromDigestList() from
drivers to library as GetDigestFromDigestList() and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
Check response return code before return from Tpm12Extend and
Tpm12PhysicalPresence.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
|
|
Instead of comparing a GUID with gZeroGuid via the CompareGuid API, the
commit uses the IsZeroGuid API to check if the given GUID is a zero GUID.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
2 steps are used to create/delete a time based variable.
For create
step 1: Insert Signer Cert to CertDB.
Step 2: Insert Payload to Variable.
For delete
step 1: Delete Variable.
Step 2: Delete Cert from CertDB.
System may breaks between step 1 & step 2, so CertDB may contains useless
Cert in the next reboot. AuthVariableLib choose to sync consistent state
between CertDB & Time Auth Variable on initialization. However, it doesn't
apply Time Auth attribute check. Now add it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
|
|
AuthVariableLib
Physical Presence state reporting is constrained by physical presence caching in variable driver. For example, reporting must be prior to Physical Presence caching. Physical Presence state becomes constant rather than instant after caching. Therefore, PlatformSecureLib is responsible for reporting Physical Presence state in expected way.
This reverts commit 90fa53213ec458b5c4f8851c09aeb3de977531e5.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
|
|
The input PeImage in TcgMeasurePeImage() has been checked.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
The input PeImage in HashPeImage() has been checked.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
This is an incompatible change. It uses PcdUserPhysicalPresence value instead
of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE,
this patch changes UserPhysicalPresent() return value from TRUE to FALSE.
From Security point, it is not safe to always return TRUE. If user wants this
behavior, he can still configure PcdUserPhysicalPresence value to TRUE in
the platform DSC file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
|
|
AuthVariableLib is updated to cache the UserPhysicalPresent state to global variable. This avoids calling PlatformSecureLib during runtime and makes PhysicalPresent state consistent during one boot.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
|
|
Cc: Shumin Qiu <shumin.qiu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Qiu Shumin <shumin.qiu@intel.com>
|
|
TcgDxePassThroughToTpm should be able to handle all TPM12 Command & Response correctly.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
|
|
verification failures
Add DEBUG messages in DxeImageerificationLib to help debug Secure Boot image verification failures
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Samer EL-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
Remove a non-ASCII apostrophe character from TPM_WARNING_MAINTAIN
message
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
For Pyrite SSC device, it may not supports Active Key, So
add check logic before enable it.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Check the BlockSid feature capability through check
BlockSid header in the DiscoveryHeader.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
The ComId for Block SID authentication command is
0x0005 according to "TCG Storage Feature Set: Block
SID Authentication Specification Version 1.0.0". Update code to
follow this spec requirement.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Remove Customized SecureBoot Mode transition logic for Mantis 1263, including AuditMode/DeployedMode/PK update management.
Also remove image verification logic in AuditMode.
The feature has been moved to
https://github.com/tianocore/edk2-staging/tree/Customized-Secure-Boot
Previous check-in hash is
SHA-1: 4fc08e8d683522f255727626197d919a40d4836c
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: El-Haj-Mahmoud Samer <samer.el-haj-mahmoud@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
Fix Tpm12NvWriteValue() command/response length byte order.
Tpm12SubmitCommand() was using the value from Command.Hdr.paramSize
which was swapped to be Big Endian, but the function was
expecting it in UINT32 Little Endian
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
|
|
Fix uninitialized command Length variable in TPM1.2 Self Test command
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
|
|
Add DEBUG messages for TPM12Startup to distinguish between TPM_SUCCESS
and
TPM_INVALID_POSTINIT. This helps debugging some hardware problems.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
|
|
Add DEBUG messages for TPM2Startup to distinguish between TPM_RC_SUCCESS
and TPM_RC_INITIALIZE. This helps debugging some hardware problems.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
|
|
This patch enhance OPAL password lib SMM communication by using fixed
SMM communication buffer.
Update OPAL password lib to consume EDKII_PI_SMM_COMMUNICATION_REGION_TABLE
as fixed communication buffer for SMM communication.
This is designed to meet Microsoft WSMT table definition on FIXED_COMM_BUFFERS
requirement.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
In image verification, if image verified pass in DBT, still need to verify if it is blocked by any other cert/cert hash from DBX.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Dick Wilkins <dick_wilkins@phoenix.com>
|
|
PK inconsistency issue
Revert previous fix in AuthVariable driver init which breaks SecureBootEnable original behavior. Add more error handling logic in SecureBootConfigDxe to prevent wrong display info when SecureBootEnable & PK inconsistency happens.
Commit hash for the reverted patch in AuthVariable driver is
SHA-1: a6811666b0bef18871fa62b6c5abf18fb076fd0d
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
|
Update TCG and Library module uses gEdkiiVariableLockProtocolGuid
as SOMETIMES_CONSUMES instead of CONSUMES to follow the code logic.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
inf file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
APIs used to support opal password solution to trig opal command.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Library APIs used to create commands defined by TCG storage opal spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
APIs used to create commands defined by TCG storage core spec.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
|
|
Some commands in DxeTcg2PhysicalPresenceLib accept
AuthSession as input parameter and copy to local
command buffer. After use, this AuthSession content
should be zeroed, because there might be some secrete
there.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
|
|
Tpm2Ptp.c is library, but it miss Tpm2 prefix for
IsPtpPresence() and GetPtpInterface(). There might
be risk as name symbol conflict. This patch adds Tpm2
prefix for them.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
Tested-by: "Wu, Hao A" <hao.a.wu@intel.com>
|
|
Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction()
has check if current request is same as previous.
But it forget check RequestParameter, which causes
second request fail to process, if RequestParameter
is different.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
|
|
Auth variable
Add a new cert data base "certdbv" to store signer certs for volatile time based
Auth variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19786 6f19259b-4bc3-4df7-8a09-765794883524
|
|
1) NvPublic.dataSize data should be got from original
receive buffer, instead of returned NvPublic.
2) NvNameSize means the size of NvName without size field.
The original code treats it to be size of NvName with size
field, so the last 2 bytes are missing.
This patch fixed problem.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19756 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Previously, we only add PTP detection in Tpm12RequestUseTpm,
because RequestUseTpm does not check TPM command.
This patch also adds similar check in Tpm12SubmitCommand.
PTP device does not accept TPM12 command, so that it can
return error on PTP device, instead of wait till timeout.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19755 6f19259b-4bc3-4df7-8a09-765794883524
|
|
The TPM RequestUseTpm API can only set register to
use the hardware, but it can not be used to distinguish
TPM12 or TPM2 device.
TPM PTP defines same address with TIS, so we need
detect the TPM device is PTP or TIS in RequestUseTpm.
Also, Tcg2Config driver call RequestUseTpm to detect
TPM hardware device. So we have to add check here.
There is no need to support PTP CRB style SubmitCommand(),
because TPM2 device can not accept TPM12 style command.
This patch also uses TpmTis.h instead of duplicate
definition.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19742 6f19259b-4bc3-4df7-8a09-765794883524
|
|
TPM2 hardware may support PTP FIFO/TIS interface
or PTP CRB interface. The original lib only handles
PTP FIFO/TIS interface. This patch adds PTP CRB
interface support.
The current logic is that lib will runtime detect
TPM device interface (CRB or FIFO/TIS) and call
proper function to access hardware.
It is compatible for old TPM2 FIFO/TIS device and
new TPM2 CRB device.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19740 6f19259b-4bc3-4df7-8a09-765794883524
|
|
Add the following APIs that are required by TcgPei and/or TcgDxe to
the Tpm12CommandLib instance:
Tpm12Extend()
Tpm12PhysicalPresence()
Tpm12ContinueSelfTest()
Tpm12GetCapabilityFlagPermanent()
Tpm12GetCapabilityFlagVolatile()
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19727 6f19259b-4bc3-4df7-8a09-765794883524
|
