From b3548d32ddb553a9e95503457c66d11462622d16 Mon Sep 17 00:00:00 2001 From: Liming Gao Date: Wed, 27 Jun 2018 21:13:09 +0800 Subject: [PATCH] SecurityPkg: Clean up source files 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao --- SecurityPkg/Hash2DxeCrypto/Driver.c | 4 +- SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c | 4 +- SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf | 4 +- SecurityPkg/Include/Guid/MeasuredFvHob.h | 14 +- .../Include/Guid/PhysicalPresenceData.h | 16 +- .../Include/Guid/PwdCredentialProviderHii.h | 10 +- .../Include/Guid/SecureBootConfigHii.h | 14 +- .../Include/Guid/SecurityPkgTokenSpace.h | 10 +- SecurityPkg/Include/Guid/Tcg2ConfigHii.h | 14 +- .../Include/Guid/Tcg2PhysicalPresenceData.h | 6 +- SecurityPkg/Include/Guid/TcgConfigHii.h | 14 +- SecurityPkg/Include/Guid/TcgEventHob.h | 16 +- .../Include/Guid/UsbCredentialProviderHii.h | 10 +- .../Include/Guid/UserIdentifyManagerHii.h | 10 +- .../Include/Guid/UserProfileManagerHii.h | 12 +- .../Include/Library/PlatformSecureLib.h | 14 +- .../Include/Library/Tcg2PhysicalPresenceLib.h | 22 +- SecurityPkg/Include/Library/Tcg2PpVendorLib.h | 22 +- .../Include/Library/TcgPhysicalPresenceLib.h | 22 +- SecurityPkg/Include/Library/TcgPpVendorLib.h | 22 +- .../Include/Library/TcgStorageCoreLib.h | 2 +- SecurityPkg/Include/Library/Tpm12CommandLib.h | 8 +- SecurityPkg/Include/Library/Tpm12DeviceLib.h | 4 +- SecurityPkg/Include/Library/Tpm2CommandLib.h | 78 +-- SecurityPkg/Include/Library/Tpm2DeviceLib.h | 4 +- SecurityPkg/Include/Library/TpmCommLib.h | 26 +- .../FirmwareVolumeInfoMeasurementExcluded.h | 10 +- .../Include/Ppi/LockPhysicalPresence.h | 24 +- SecurityPkg/Include/Ppi/TpmInitialized.h | 16 +- .../Library/AuthVariableLib/AuthService.c | 10 +- .../AuthVariableLib/AuthServiceInternal.h | 8 +- .../DxeDeferImageLoadLib.c | 208 +++---- .../DxeDeferImageLoadLib.h | 40 +- .../DxeDeferImageLoadLib.inf | 14 +- .../DxeImageAuthenticationStatusLib.c | 6 +- .../DxeImageAuthenticationStatusLib.inf | 4 +- .../DxeImageVerificationLib.c | 14 +- .../DxeImageVerificationLib.uni | 4 +- .../DxeImageVerificationLib/Measurement.c | 20 +- .../DxeRsa2048Sha256GuidedSectionExtractLib.c | 50 +- ...xeRsa2048Sha256GuidedSectionExtractLib.inf | 12 +- ...xeRsa2048Sha256GuidedSectionExtractLib.uni | 4 +- .../DxeTcg2PhysicalPresenceLib.c | 106 ++-- .../DxeTcg2PhysicalPresenceLib.inf | 4 +- .../DxeTcg2PhysicalPresenceLib.uni | 4 +- .../PhysicalPresenceStrings.uni | 18 +- .../DxeTcgPhysicalPresenceLib.c | 170 +++--- .../DxeTcgPhysicalPresenceLib.inf | 8 +- .../DxeTcgPhysicalPresenceLib.uni | 4 +- .../PhysicalPresenceStrings.uni | 14 +- .../DxeTpm2MeasureBootLib.c | 88 +-- .../DxeTpm2MeasureBootLib.inf | 8 +- .../DxeTpm2MeasureBootLib.uni | 4 +- .../DxeTpmMeasureBootLib.c | 106 ++-- .../DxeTpmMeasureBootLib.inf | 8 +- .../DxeTpmMeasureBootLib.uni | 4 +- .../DxeTpmMeasurementLib.c | 4 +- .../DxeTpmMeasurementLib.inf | 8 +- .../HashInstanceLibSha1/HashInstanceLibSha1.c | 8 +- .../HashInstanceLibSha256.c | 8 +- .../HashLibBaseCryptoRouterDxe.c | 8 +- .../HashLibBaseCryptoRouterDxe.inf | 6 +- .../HashLibBaseCryptoRouterPei.c | 4 +- .../HashLibBaseCryptoRouterPei.inf | 4 +- SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c | 4 +- .../Library/HashLibTpm2/HashLibTpm2.inf | 4 +- .../PeiRsa2048Sha256GuidedSectionExtractLib.c | 48 +- ...eiRsa2048Sha256GuidedSectionExtractLib.inf | 10 +- ...eiRsa2048Sha256GuidedSectionExtractLib.uni | 4 +- .../PeiTcg2PhysicalPresenceLib.c | 14 +- .../PeiTcg2PhysicalPresenceLib.inf | 6 +- .../PeiTcg2PhysicalPresenceLib.uni | 4 +- .../PlatformSecureLibNull.c | 18 +- .../PlatformSecureLibNull.inf | 4 +- .../SmmTcg2PhysicalPresenceLib.c | 28 +- .../SmmTcg2PhysicalPresenceLib.inf | 2 +- .../SmmTcg2PhysicalPresenceLib.uni | 4 +- .../Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c | 20 +- .../Tcg2PpVendorLibNull.inf | 6 +- .../TcgPpVendorLibNull/TcgPpVendorLibNull.c | 20 +- .../TcgPpVendorLibNull/TcgPpVendorLibNull.inf | 6 +- .../TcgStorageOpalLib/TcgStorageOpalCore.c | 2 +- .../Library/Tpm12CommandLib/Tpm12NvStorage.c | 6 +- .../Library/Tpm12CommandLib/Tpm12Ownership.c | 4 +- .../Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf | 10 +- .../Library/Tpm12DeviceLibDTpm/Tpm12Tis.c | 38 +- .../Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c | 6 +- .../Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf | 4 +- .../Library/Tpm2CommandLib/Tpm2Capability.c | 162 +++--- .../Library/Tpm2CommandLib/Tpm2Context.c | 6 +- .../Tpm2EnhancedAuthorization.c | 12 +- SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 2 +- .../Library/Tpm2CommandLib/Tpm2Hierarchy.c | 20 +- .../Library/Tpm2CommandLib/Tpm2Integrity.c | 22 +- .../Library/Tpm2CommandLib/Tpm2NVStorage.c | 16 +- .../Library/Tpm2CommandLib/Tpm2Sequences.c | 8 +- .../Library/Tpm2CommandLib/Tpm2Session.c | 4 +- .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c | 6 +- .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf | 2 +- .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c | 4 +- .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf | 2 +- .../Library/Tpm2DeviceLibDTpm/Tpm2Tis.c | 36 +- .../Tpm2DeviceLibRouterDxe.c | 4 +- .../Tpm2DeviceLibRouterDxe.inf | 4 +- .../Tpm2DeviceLibRouterPei.c | 4 +- .../Tpm2DeviceLibRouterPei.inf | 4 +- .../Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c | 6 +- .../Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf | 4 +- SecurityPkg/Library/TpmCommLib/CommonHeader.h | 10 +- SecurityPkg/Library/TpmCommLib/TisPc.c | 22 +- SecurityPkg/Library/TpmCommLib/TpmComm.c | 12 +- SecurityPkg/Library/TpmCommLib/TpmCommLib.inf | 4 +- .../Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni | 4 +- .../Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni | 6 +- .../RandomNumberGenerator/RngDxe/AesCore.c | 62 +-- .../RandomNumberGenerator/RngDxe/RdRand.c | 4 +- .../RandomNumberGenerator/RngDxe/RngDxe.c | 20 +- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 4 +- .../RandomNumberGenerator/RngDxe/RngDxe.uni | 4 +- .../RngDxe/RngDxeExtra.uni | 6 +- SecurityPkg/SecurityPkg.dec | 72 +-- SecurityPkg/SecurityPkg.uni | 4 +- SecurityPkg/SecurityPkgExtra.uni | 6 +- .../Tcg/MemoryOverwriteControl/TcgMor.c | 38 +- .../Tcg/MemoryOverwriteControl/TcgMor.h | 10 +- .../MemoryOverwriteControl/TcgMorExtra.uni | 6 +- .../TcgMorLock.c | 18 +- .../TcgMorLock.h | 14 +- .../TcgMorLockExtra.uni | 6 +- .../TcgMorLockSmm.c | 14 +- .../Tcg/Opal/OpalPassword/OpalAhciMode.h | 4 +- .../Tcg/Opal/OpalPassword/OpalDriver.h | 4 +- SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c | 2 +- .../PhysicalPresencePei/PhysicalPresencePei.c | 30 +- .../PhysicalPresencePei.inf | 8 +- .../PhysicalPresencePeiExtra.uni | 6 +- SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr | 14 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c | 28 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf | 4 +- .../Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni | 6 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 28 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h | 12 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h | 12 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 6 +- .../Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni | 6 +- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c | 10 +- .../Tcg/Tcg2Config/Tcg2ConfigStrings.uni | 10 +- SecurityPkg/Tcg/Tcg2Config/TpmDetection.c | 10 +- SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c | 26 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 126 ++--- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni | 4 +- SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni | 6 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 48 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni | 6 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 30 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h | 10 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf | 8 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni | 4 +- SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni | 6 +- SecurityPkg/Tcg/Tcg2Smm/Tpm.asl | 52 +- SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr | 14 +- .../Tcg/TcgConfigDxe/TcgConfigDriver.c | 28 +- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf | 6 +- .../Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni | 6 +- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c | 38 +- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h | 12 +- .../Tcg/TcgConfigDxe/TcgConfigNvData.h | 10 +- .../Tcg/TcgConfigDxe/TcgConfigStrings.uni | 12 +- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 166 +++--- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 6 +- SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni | 6 +- SecurityPkg/Tcg/TcgPei/TcgPei.c | 70 +-- SecurityPkg/Tcg/TcgPei/TcgPei.inf | 8 +- SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni | 6 +- SecurityPkg/Tcg/TcgSmm/TcgSmm.c | 34 +- SecurityPkg/Tcg/TcgSmm/TcgSmm.h | 12 +- SecurityPkg/Tcg/TcgSmm/TcgSmm.inf | 12 +- SecurityPkg/Tcg/TcgSmm/TcgSmm.uni | 4 +- SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni | 6 +- SecurityPkg/Tcg/TcgSmm/Tpm.asl | 56 +- .../PwdCredentialProvider.c | 268 ++++----- .../PwdCredentialProvider.h | 114 ++-- .../PwdCredentialProviderData.h | 14 +- .../PwdCredentialProviderDxe.inf | 12 +- .../PwdCredentialProviderExtra.uni | 6 +- .../PwdCredentialProviderStrings.uni | 18 +- .../UsbCredentialProvider.c | 298 +++++----- .../UsbCredentialProvider.h | 118 ++-- .../UsbCredentialProviderDxe.inf | 14 +- .../UsbCredentialProviderExtra.uni | 6 +- .../UsbCredentialProviderStrings.uni | 4 +- .../LoadDeferredImage.c | 30 +- .../UserIdentifyManager.c | 516 +++++++++--------- .../UserIdentifyManager.h | 38 +- .../UserIdentifyManagerData.h | 12 +- .../UserIdentifyManagerDxe.inf | 18 +- .../UserIdentifyManagerExtra.uni | 6 +- .../UserIdentifyManagerStrings.uni | 8 +- .../ModifyAccessPolicy.c | 98 ++-- .../ModifyIdentityPolicy.c | 64 +-- .../UserProfileManagerDxe/UserProfileAdd.c | 66 +-- .../UserProfileManagerDxe/UserProfileDelete.c | 32 +- .../UserProfileManager.c | 84 +-- .../UserProfileManager.h | 54 +- .../UserProfileManagerData.h | 18 +- .../UserProfileManagerDxe.inf | 8 +- .../UserProfileManagerExtra.uni | 6 +- .../UserProfileManagerStrings.uni | 264 ++++----- .../UserProfileManagerDxe/UserProfileModify.c | 136 ++--- .../EsalVariableDxeSal/AuthService.c | 166 +++--- .../EsalVariableDxeSal/AuthService.h | 22 +- .../EsalVariableDxeSal/EsalVariableDxeSal.inf | 14 +- .../EsalVariableDxeSalExtra.uni | 6 +- .../EsalVariableDxeSal/InitVariable.c | 12 +- .../EsalVariableDxeSal/Reclaim.c | 10 +- .../EsalVariableDxeSal/Variable.c | 368 ++++++------- .../EsalVariableDxeSal/Variable.h | 60 +- .../SecureBootConfigDxe/SecureBootConfig.vfr | 4 +- .../SecureBootConfigDriver.c | 30 +- .../SecureBootConfigDxeExtra.uni | 6 +- .../SecureBootConfigImpl.c | 10 +- .../SecureBootConfigMisc.c | 32 +- .../SecureBootConfigStrings.uni | 6 +- 224 files changed, 3243 insertions(+), 3243 deletions(-) diff --git a/SecurityPkg/Hash2DxeCrypto/Driver.c b/SecurityPkg/Hash2DxeCrypto/Driver.c index d63ca2c209..ed44d7f23d 100644 --- a/SecurityPkg/Hash2DxeCrypto/Driver.c +++ b/SecurityPkg/Hash2DxeCrypto/Driver.c @@ -1,7 +1,7 @@ /** @file This is service binding for Hash driver. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -239,4 +239,4 @@ Hash2DriverEntryPoint ( } return Status; -} \ No newline at end of file +} diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c index 93e3273916..476cc3f964 100644 --- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c +++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c @@ -2,7 +2,7 @@ This module implements Hash2 Protocol. (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -374,7 +374,7 @@ BaseCrypto2Hash ( if (HashInfo == NULL) { return EFI_UNSUPPORTED; } - + Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); if (Instance->HashContext != NULL) { FreePool (Instance->HashContext); diff --git a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf index 557dedbbea..ffc0efc4d8 100644 --- a/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf +++ b/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf @@ -4,7 +4,7 @@ # This module will use EDKII crypto libary to HASH2 protocol. # # (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
-# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -61,4 +61,4 @@ gEfiHash2ServiceBindingProtocolGuid ## PRODUCES [UserExtensions.TianoCore."ExtraFiles"] - Hash2DxeCryptoExtra.uni \ No newline at end of file + Hash2DxeCryptoExtra.uni diff --git a/SecurityPkg/Include/Guid/MeasuredFvHob.h b/SecurityPkg/Include/Guid/MeasuredFvHob.h index a2e6922335..4e43c75fee 100644 --- a/SecurityPkg/Include/Guid/MeasuredFvHob.h +++ b/SecurityPkg/Include/Guid/MeasuredFvHob.h @@ -1,14 +1,14 @@ /** @file - Defines the HOB GUID used to pass all PEI measured FV info to + Defines the HOB GUID used to pass all PEI measured FV info to DXE Driver. - -Copyright (c) 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/PhysicalPresenceData.h b/SecurityPkg/Include/Guid/PhysicalPresenceData.h index 165b4647c0..3190da3982 100644 --- a/SecurityPkg/Include/Guid/PhysicalPresenceData.h +++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h @@ -1,16 +1,16 @@ /** @file Define the variable data structures used for TCG physical presence. The TPM request from firmware or OS is saved to variable. And it is - cleared after it is processed in the next boot cycle. The TPM response + cleared after it is processed in the next boot cycle. The TPM response is saved to variable. -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -38,7 +38,7 @@ typedef struct { #define PHYSICAL_PRESENCE_ENABLE 1 #define PHYSICAL_PRESENCE_DISABLE 2 #define PHYSICAL_PRESENCE_ACTIVATE 3 -#define PHYSICAL_PRESENCE_DEACTIVATE 4 +#define PHYSICAL_PRESENCE_DEACTIVATE 4 #define PHYSICAL_PRESENCE_CLEAR 5 #define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6 #define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7 @@ -60,7 +60,7 @@ typedef struct { // // This variable is used to save TPM Management Flags and corresponding operations. -// It should be protected from malicious software (e.g. Set it as read-only variable). +// It should be protected from malicious software (e.g. Set it as read-only variable). // #define PHYSICAL_PRESENCE_FLAGS_VARIABLE L"PhysicalPresenceFlags" typedef struct { diff --git a/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h b/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h index 007144abfd..0b203e536f 100644 --- a/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h +++ b/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h @@ -1,13 +1,13 @@ /** @file GUID used as HII FormSet and HII Package list GUID in PwdCredentialProviderDxe driver. -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/SecureBootConfigHii.h b/SecurityPkg/Include/Guid/SecureBootConfigHii.h index 5f162486f4..70c2f471ad 100644 --- a/SecurityPkg/Include/Guid/SecureBootConfigHii.h +++ b/SecurityPkg/Include/Guid/SecureBootConfigHii.h @@ -1,13 +1,13 @@ /** @file - GUIDs used as HII FormSet and HII Package list GUID in SecureBootConfigDxe driver. - -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials are licensed and made available under -the terms and conditions of the BSD License that accompanies this distribution. + GUIDs used as HII FormSet and HII Package list GUID in SecureBootConfigDxe driver. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under +the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. +http://opensource.org/licenses/bsd-license.php. -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h index b1b7666f18..f8fd905ef0 100644 --- a/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h +++ b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h @@ -1,13 +1,13 @@ /** @file GUID for SecurityPkg PCD Token Space. -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/Tcg2ConfigHii.h b/SecurityPkg/Include/Guid/Tcg2ConfigHii.h index 28e31e3475..67b770b334 100644 --- a/SecurityPkg/Include/Guid/Tcg2ConfigHii.h +++ b/SecurityPkg/Include/Guid/Tcg2ConfigHii.h @@ -1,13 +1,13 @@ /** @file - GUIDs used as HII FormSet and HII Package list GUID in Tcg2Config driver. - -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials are licensed and made available under -the terms and conditions of the BSD License that accompanies this distribution. + GUIDs used as HII FormSet and HII Package list GUID in Tcg2Config driver. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under +the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. +http://opensource.org/licenses/bsd-license.php. -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h b/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h index df43fd9c80..5215983928 100644 --- a/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h +++ b/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h @@ -1,10 +1,10 @@ /** @file Define the variable data structures used for TCG2 physical presence. The TPM2 request from firmware or OS is saved to variable. And it is - cleared after it is processed in the next boot cycle. The TPM2 response + cleared after it is processed in the next boot cycle. The TPM2 response is saved to variable. -Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -34,7 +34,7 @@ typedef struct { // // This variable is used to save TCG2 Management Flags and corresponding operations. -// It should be protected from malicious software (e.g. Set it as read-only variable). +// It should be protected from malicious software (e.g. Set it as read-only variable). // #define TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE L"Tcg2PhysicalPresenceFlags" typedef struct { diff --git a/SecurityPkg/Include/Guid/TcgConfigHii.h b/SecurityPkg/Include/Guid/TcgConfigHii.h index d316299f8f..c56dc169a1 100644 --- a/SecurityPkg/Include/Guid/TcgConfigHii.h +++ b/SecurityPkg/Include/Guid/TcgConfigHii.h @@ -1,13 +1,13 @@ /** @file - GUIDs used as HII FormSet and HII Package list GUID in TcgConfig driver. - -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials are licensed and made available under -the terms and conditions of the BSD License that accompanies this distribution. + GUIDs used as HII FormSet and HII Package list GUID in TcgConfig driver. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under +the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php. +http://opensource.org/licenses/bsd-license.php. -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/TcgEventHob.h b/SecurityPkg/Include/Guid/TcgEventHob.h index 943a7c601c..2f79d94b6b 100644 --- a/SecurityPkg/Include/Guid/TcgEventHob.h +++ b/SecurityPkg/Include/Guid/TcgEventHob.h @@ -1,15 +1,15 @@ /** @file - Defines the HOB GUID used to pass a TCG_PCR_EVENT or TCG_PCR_EVENT2 from a TPM PEIM to - a TPM DXE Driver. A GUIDed HOB is generated for each measurement + Defines the HOB GUID used to pass a TCG_PCR_EVENT or TCG_PCR_EVENT2 from a TPM PEIM to + a TPM DXE Driver. A GUIDed HOB is generated for each measurement made in the PEI Phase. - -Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h b/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h index 217aef6567..059d68f32e 100644 --- a/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h +++ b/SecurityPkg/Include/Guid/UsbCredentialProviderHii.h @@ -1,13 +1,13 @@ /** @file GUID used as HII Package list GUID in UsbCredentialProviderDxe driver. -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h b/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h index 11d215c5dd..323c51f0f6 100644 --- a/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h +++ b/SecurityPkg/Include/Guid/UserIdentifyManagerHii.h @@ -1,13 +1,13 @@ /** @file GUID used as HII FormSet and HII Package list GUID in UserIdentifyManagerDxe driver. -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Guid/UserProfileManagerHii.h b/SecurityPkg/Include/Guid/UserProfileManagerHii.h index e53e5a13e6..105059350c 100644 --- a/SecurityPkg/Include/Guid/UserProfileManagerHii.h +++ b/SecurityPkg/Include/Guid/UserProfileManagerHii.h @@ -1,13 +1,13 @@ /** @file GUID used as HII FormSet and HII Package list GUID in UserProfileManagerDxe driver. -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -22,4 +22,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. extern EFI_GUID gUserProfileManagerGuid; -#endif \ No newline at end of file +#endif diff --git a/SecurityPkg/Include/Library/PlatformSecureLib.h b/SecurityPkg/Include/Library/PlatformSecureLib.h index 6a4cb147a6..d645376917 100644 --- a/SecurityPkg/Include/Library/PlatformSecureLib.h +++ b/SecurityPkg/Include/Library/PlatformSecureLib.h @@ -1,13 +1,13 @@ /** @file Provides a secure platform-specific method to detect physically present user. -Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -19,7 +19,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /** This function provides a platform-specific method to detect whether the platform - is operating by a physically present user. + is operating by a physically present user. Programmatic changing of platform security policy (such as disable Secure Boot, or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during @@ -28,7 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. NOTE THAT: This function cannot depend on any EFI Variable Service since they are not available when this function is called in AuthenticateVariable driver. - + @retval TRUE The platform is operated by a physically present user. @retval FALSE The platform is NOT operated by a physically present user. diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h index 3e446acab2..e08719003d 100644 --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h @@ -2,13 +2,13 @@ This library is intended to be used by BDS modules. This library will execute TPM2 request. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -62,13 +62,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /** Check and execute the pending TPM request. - The TPM request may come from OS or BIOS. This API will display request information and wait + The TPM request may come from OS or BIOS. This API will display request information and wait for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to + the TPM request is confirmed, and one or more reset may be required to make TPM request to take effect. - + This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. + to display request information and get user input to confirm the request. @param PlatformAuth platform auth value. NULL means no platform auth change. **/ @@ -83,7 +83,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( The TPM request may come from OS. This API will check if TPM request exists and need user input to confirmation. - + @retval TRUE TPM needs input to confirm user physical presence. @retval FALSE TPM doesn't need input to confirm user physical presence. @@ -173,7 +173,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + @param[in] OperationRequest TPM physical presence operation request. @return Return Code for Get User Confirmation Status for Operation. diff --git a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h b/SecurityPkg/Include/Library/Tcg2PpVendorLib.h index 5ae7413273..6bc5beda3a 100644 --- a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h +++ b/SecurityPkg/Include/Library/Tcg2PpVendorLib.h @@ -4,16 +4,16 @@ The Vendor Specific PPI operation may change TPM state, BIOS TPM management flags, and may need additional boot cycle. - + Caution: This function may receive untrusted input. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -29,9 +29,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. Check and execute the requested physical presence command. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] PlatformAuth platform auth value. NULL means no platform auth change. @@ -56,7 +56,7 @@ Tcg2PpVendorLibExecutePendingRequest ( Check if there is a valid physical presence command request. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. If OperationRequest < 128, then ASSERT(). @@ -86,7 +86,7 @@ Tcg2PpVendorLibHasValidRequest ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. @@ -111,7 +111,7 @@ Tcg2PpVendorLibSubmitRequestToPreOSFunction ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. diff --git a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h index b451823bdf..f6f1d50f80 100644 --- a/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h @@ -2,13 +2,13 @@ This library is intended to be used by BDS modules. This library will lock TPM after executing TPM request. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -19,15 +19,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /** Check and execute the pending TPM request and Lock TPM. - The TPM request may come from OS or BIOS. This API will display request information and wait + The TPM request may come from OS or BIOS. This API will display request information and wait for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to + the TPM request is confirmed, and one or more reset may be required to make TPM request to take effect. At last, it will lock TPM to prevent TPM state change by malware. - + This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. This API should also + to display request information and get user input to confirm the request. This API should also be invoked as early as possible as TPM is locked in this function. - + **/ VOID EFIAPI @@ -40,7 +40,7 @@ TcgPhysicalPresenceLibProcessRequest ( The TPM request may come from OS. This API will check if TPM request exists and need user input to confirmation. - + @retval TRUE TPM needs input to confirm user physical presence. @retval FALSE TPM doesn't need input to confirm user physical presence. diff --git a/SecurityPkg/Include/Library/TcgPpVendorLib.h b/SecurityPkg/Include/Library/TcgPpVendorLib.h index 284aa9ed72..26c7ef9024 100644 --- a/SecurityPkg/Include/Library/TcgPpVendorLib.h +++ b/SecurityPkg/Include/Library/TcgPpVendorLib.h @@ -4,16 +4,16 @@ The Vendor Specific PPI operation may change TPM state, BIOS TPM management flags, and may need additional boot cycle. - + Caution: This function may receive untrusted input. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -63,9 +63,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. Check and execute the requested physical presence command. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. @@ -88,7 +88,7 @@ TcgPpVendorLibExecutePendingRequest ( Check if there is a valid physical presence command request. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. If OperationRequest < 128, then ASSERT(). @@ -118,7 +118,7 @@ TcgPpVendorLibHasValidRequest ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. @@ -141,7 +141,7 @@ TcgPpVendorLibSubmitRequestToPreOSFunction ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. diff --git a/SecurityPkg/Include/Library/TcgStorageCoreLib.h b/SecurityPkg/Include/Library/TcgStorageCoreLib.h index 6e178c968f..b2a0ef8f0c 100644 --- a/SecurityPkg/Include/Library/TcgStorageCoreLib.h +++ b/SecurityPkg/Include/Library/TcgStorageCoreLib.h @@ -1,6 +1,6 @@ /** @file Public API for the Tcg Core library to perform the lowest level TCG Data encoding. - + (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00, https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/) diff --git a/SecurityPkg/Include/Library/Tpm12CommandLib.h b/SecurityPkg/Include/Library/Tpm12CommandLib.h index f7c098f283..6695a0c94b 100644 --- a/SecurityPkg/Include/Library/Tpm12CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm12CommandLib.h @@ -1,7 +1,7 @@ /** @file This library is used by other modules to send TPM12 command. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -84,7 +84,7 @@ typedef struct { /** Send NV DefineSpace command to TPM1.2. - + @param PubInfo The public parameters of the NV area. @param EncAuth The encrypted AuthData, only valid if the attributes require subsequent authorization. @@ -100,7 +100,7 @@ Tpm12NvDefineSpace ( /** Send NV ReadValue command to TPM1.2. - + @param NvIndex The index of the area to set. @param Offset The offset into the area. @param DataSize The size of the data area. @@ -120,7 +120,7 @@ Tpm12NvReadValue ( /** Send NV WriteValue command to TPM1.2. - + @param NvIndex The index of the area to set. @param Offset The offset into the NV Area. @param DataSize The size of the data parameter. diff --git a/SecurityPkg/Include/Library/Tpm12DeviceLib.h b/SecurityPkg/Include/Library/Tpm12DeviceLib.h index ab1f522ad0..8c39764e4e 100644 --- a/SecurityPkg/Include/Library/Tpm12DeviceLib.h +++ b/SecurityPkg/Include/Library/Tpm12DeviceLib.h @@ -1,7 +1,7 @@ /** @file This library abstract how to access TPM12 hardware device. -Copyright (c) 2013, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -27,7 +27,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index 80ada7397b..32096b175b 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -1,7 +1,7 @@ /** @file This library is used by other modules to send TPM2 command. -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -25,7 +25,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @param[in] HashAlg The hash algorithm to use for the hash sequence An Event sequence starts if this is TPM_ALG_NULL. @param[out] SequenceHandle A handle to reference the sequence - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -43,7 +43,7 @@ Tpm2HashSequenceStart ( @param[in] SequenceHandle Handle for the sequence object @param[in] Buffer Data to be added to hash - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -64,7 +64,7 @@ Tpm2SequenceUpdate ( @param[in] SequenceHandle Authorization for the sequence @param[in] Buffer Data to be added to the Event @param[out] Results List of digests computed for the PCR - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -83,7 +83,7 @@ Tpm2EventSequenceComplete ( @param[in] SequenceHandle Authorization for the sequence @param[in] Buffer Data to be added to the hash/HMAC @param[out] Result The returned HMAC or digest in a sized buffer - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -166,7 +166,7 @@ Tpm2SetPrimaryPolicy ( @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} @param[in] AuthSession Auth Session context - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -316,7 +316,7 @@ Tpm2DictionaryAttackParameters ( @param[in] NvIndex The NV Index. @param[out] NvPublic The public area of the index. @param[out] NvName The Name of the nvIndex. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -337,7 +337,7 @@ Tpm2NvReadPublic ( @param[in] AuthSession Auth Session context @param[in] Auth The authorization data. @param[in] NvPublic The public area of the index. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined. @@ -357,7 +357,7 @@ Tpm2NvDefineSpace ( @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. @param[in] NvIndex The NV Index. @param[in] AuthSession Auth Session context - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. @@ -379,7 +379,7 @@ Tpm2NvUndefineSpace ( @param[in] Size Number of bytes to read. @param[in] Offset Byte offset into the area. @param[in,out] OutData The data read. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. @@ -403,7 +403,7 @@ Tpm2NvRead ( @param[in] AuthSession Auth Session context @param[in] InData The data to write. @param[in] Offset The offset into the NV Area. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. @@ -521,7 +521,7 @@ Tpm2PcrEvent ( @param[out] PcrUpdateCounter The current value of the PCR update counter. @param[out] PcrSelectionOut The PCR in the returned list. @param[out] PcrValues The contents of the PCR indicated in pcrSelect. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -544,7 +544,7 @@ Tpm2PcrRead ( @param[out] MaxPCR maximum number of PCR that may be in a bank @param[out] SizeNeeded number of octets required to satisfy the request @param[out] SizeAvailable Number of octets available. Computed before the allocation - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -580,25 +580,25 @@ Tpm2PcrAllocateBanks ( /** This command returns various information regarding the TPM and its current state. - The capability parameter determines the category of data returned. The property parameter - selects the first value of the selected category to be returned. If there is no property + The capability parameter determines the category of data returned. The property parameter + selects the first value of the selected category to be returned. If there is no property that corresponds to the value of property, the next higher value is returned, if it exists. - The moreData parameter will have a value of YES if there are more values of the requested + The moreData parameter will have a value of YES if there are more values of the requested type that were not returned. - If no next capability exists, the TPM will return a zero-length list and moreData will have + If no next capability exists, the TPM will return a zero-length list and moreData will have a value of NO. - NOTE: - To simplify this function, leave returned CapabilityData for caller to unpack since there are + NOTE: + To simplify this function, leave returned CapabilityData for caller to unpack since there are many capability categories and only few categories will be used in firmware. It means the caller need swap the byte order for the feilds in CapabilityData. @param[in] Capability Group selection; determines the format of the response. - @param[in] Property Further definition of information. + @param[in] Property Further definition of information. @param[in] PropertyCount Number of properties of the indicated type to return. @param[out] MoreData Flag to indicate if there are more values of this type. @param[out] CapabilityData The capability data. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -618,7 +618,7 @@ Tpm2GetCapability ( This function parse the value got from TPM2_GetCapability and return the Family. @param[out] Family The Family of TPM. (a 4-octet character string) - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -634,7 +634,7 @@ Tpm2GetCapabilityFamily ( This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID. @param[out] ManufactureId The manufacture ID of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -651,7 +651,7 @@ Tpm2GetCapabilityManufactureID ( @param[out] FirmwareVersion1 The FirmwareVersion1. @param[out] FirmwareVersion2 The FirmwareVersion2. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -669,7 +669,7 @@ Tpm2GetCapabilityFirmwareVersion ( @param[out] MaxCommandSize The maximum value for commandSize in a command. @param[out] MaxResponseSize The maximum value for responseSize in a command. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -682,12 +682,12 @@ Tpm2GetCapabilityMaxCommandResponseSize ( /** This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an - algorithm ID and a set of properties of the algorithm. + algorithm ID and a set of properties of the algorithm. This function parse the value got from TPM2_GetCapability and return the list. @param[out] AlgList List of algorithm. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -703,7 +703,7 @@ Tpm2GetCapabilitySupportedAlg ( This function parse the value got from TPM2_GetCapability and return the LockoutCounter. @param[out] LockoutCounter The LockoutCounter of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -719,7 +719,7 @@ Tpm2GetCapabilityLockoutCounter ( This function parse the value got from TPM2_GetCapability and return the LockoutInterval. @param[out] LockoutInterval The LockoutInterval of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -736,7 +736,7 @@ Tpm2GetCapabilityLockoutInterval ( @param[out] InputBufferSize The InputBufferSize of TPM. the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER) - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -752,7 +752,7 @@ Tpm2GetCapabilityInputBufferSize ( This function parse the value got from TPM2_GetCapability and return the PcrSelection. @param[out] Pcrs The Pcr Selection - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -786,7 +786,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs( This function parse the value got from TPM2_GetCapability and return the AlgorithmSet. @param[out] AlgorithmSet The AlgorithmSet of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -843,7 +843,7 @@ Tpm2SetAlgorithmSet ( @param[in] AuthHash Hash algorithm to use for the session. @param[out] SessionHandle Handle for the newly created session. @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -865,7 +865,7 @@ Tpm2StartAuthSession ( This command causes all context associated with a loaded object or session to be removed from TPM memory. @param[in] FlushHandle The handle of the item to flush. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -879,7 +879,7 @@ Tpm2FlushContext ( This command includes a secret-based authorization to a policy. The caller proves knowledge of the secret value using an authorization session using the authValue associated with authHandle. - + @param[in] AuthHandle Handle for an entity providing the authorization @param[in] PolicySession Handle for the policy session being extended. @param[in] AuthSession Auth Session context @@ -889,7 +889,7 @@ Tpm2FlushContext ( @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. @param[out] Timeout Time value used to indicate to the TPM when the ticket expires. @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -915,7 +915,7 @@ Tpm2PolicySecret ( @param[in] PolicySession Handle for the policy session being extended. @param[in] HashList the list of hashes to check for a match. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -931,7 +931,7 @@ Tpm2PolicyOR ( @param[in] PolicySession Handle for the policy session being extended. @param[in] Code The allowed commandCode. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -948,7 +948,7 @@ Tpm2PolicyCommandCode ( @param[in] PolicySession Handle for the policy session. @param[out] PolicyHash the current value of the policyHash of policySession. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ diff --git a/SecurityPkg/Include/Library/Tpm2DeviceLib.h b/SecurityPkg/Include/Library/Tpm2DeviceLib.h index f072a24925..8002da57e4 100644 --- a/SecurityPkg/Include/Library/Tpm2DeviceLib.h +++ b/SecurityPkg/Include/Library/Tpm2DeviceLib.h @@ -37,7 +37,7 @@ typedef enum { @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI @@ -71,7 +71,7 @@ Tpm2RequestUseTpm ( @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ typedef EFI_STATUS diff --git a/SecurityPkg/Include/Library/TpmCommLib.h b/SecurityPkg/Include/Library/TpmCommLib.h index 6c97569c67..bdb15fd3f6 100644 --- a/SecurityPkg/Include/Library/TpmCommLib.h +++ b/SecurityPkg/Include/Library/TpmCommLib.h @@ -2,13 +2,13 @@ This library is only intended to be used by TPM modules. It provides basic TPM Interface Specification (TIS) and Command functions. -Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -161,7 +161,7 @@ typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR; #define TIS_PC_ACC_ESTABLISH BIT0 /// -/// When this bit is 1, TPM is in the Ready state, +/// When this bit is 1, TPM is in the Ready state, /// indicating it is ready to receive a new command. /// #define TIS_PC_STS_READY BIT6 @@ -210,13 +210,13 @@ EFI_STATUS EFIAPI TisPcWaitRegisterBits ( IN UINT8 *Register, - IN UINT8 BitSet, - IN UINT8 BitClear, - IN UINT32 TimeOut + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut ); /** - Get BurstCount by reading the burstCount field of a TIS regiger + Get BurstCount by reading the burstCount field of a TIS regiger in the time of default TIS_TIMEOUT_D. @param[in] TisReg Pointer to TIS register. @@ -234,7 +234,7 @@ TisPcReadBurstCount ( ); /** - Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY to Status Register in time. @param[in] TisReg Pointer to TIS register. @@ -250,7 +250,7 @@ TisPcPrepareCommand ( ); /** - Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE to ACCESS Register in the time of default TIS_TIMEOUT_D. @param[in] TisReg Pointer to TIS register. @@ -273,7 +273,7 @@ TisPcRequestUseTpm ( @param[in] Data Raw data to be digested. @param[in] DataLen Size of the raw data. @param[out] Digest Pointer to a buffer that stores the final digest. - + @retval EFI_SUCCESS Always successfully calculate the final digest. **/ EFI_STATUS diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h index d99fc1db38..6ff018d251 100644 --- a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h @@ -1,13 +1,13 @@ /** @file This PPI means a FV does not need to be extended to PCR by TCG modules. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Include/Ppi/LockPhysicalPresence.h b/SecurityPkg/Include/Ppi/LockPhysicalPresence.h index 0ae3b7b0ab..5afdd389ec 100644 --- a/SecurityPkg/Include/Ppi/LockPhysicalPresence.h +++ b/SecurityPkg/Include/Ppi/LockPhysicalPresence.h @@ -1,15 +1,15 @@ /** @file - This file defines the lock physical Presence PPI. This PPI is - produced by a platform specific PEIM and consumed by the TPM + This file defines the lock physical Presence PPI. This PPI is + produced by a platform specific PEIM and consumed by the TPM PEIM. -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -18,7 +18,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define __PEI_LOCK_PHYSICAL_PRESENCE_H__ /// -/// Global ID for the PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID. +/// Global ID for the PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID. /// #define PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID \ { \ @@ -46,9 +46,9 @@ BOOLEAN ); /// -/// This service abstracts TPM physical presence lock interface. It is necessary for -/// safety to convey this information to the TPM driver so that TPM physical presence -/// can be locked as early as possible. This PPI is produced by a platform specific +/// This service abstracts TPM physical presence lock interface. It is necessary for +/// safety to convey this information to the TPM driver so that TPM physical presence +/// can be locked as early as possible. This PPI is produced by a platform specific /// PEIM and consumed by the TPM PEIM. /// struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI { @@ -57,4 +57,4 @@ struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI { extern EFI_GUID gPeiLockPhysicalPresencePpiGuid; -#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__ \ No newline at end of file +#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__ diff --git a/SecurityPkg/Include/Ppi/TpmInitialized.h b/SecurityPkg/Include/Ppi/TpmInitialized.h index 7d458f5e12..fa13f956c1 100644 --- a/SecurityPkg/Include/Ppi/TpmInitialized.h +++ b/SecurityPkg/Include/Ppi/TpmInitialized.h @@ -2,14 +2,14 @@ Tag GUID that must be installed by the TPM PEIM after the TPM hardware is initialized. PEIMs that must execute after TPM hardware initialization may use this GUID in their dependency expressions. - -Copyright (c) 2008 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -18,7 +18,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define _PEI_TPM_INITIALIZED_PPI_H_ /// -/// Global ID for the PEI_TPM_INITIALIZED_PPI which always uses a NULL interface. +/// Global ID for the PEI_TPM_INITIALIZED_PPI which always uses a NULL interface. /// #define PEI_TPM_INITIALIZED_PPI_GUID \ { \ @@ -28,7 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. extern EFI_GUID gPeiTpmInitializedPpiGuid; /// -/// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface. +/// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface. /// #define PEI_TPM_INITIALIZATION_DONE_PPI_GUID \ { \ diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 213a524f27..05d75a1ee3 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -18,7 +18,7 @@ They will do basic validation for authentication data structure, then call crypto library to verify the signature. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -1303,7 +1303,7 @@ GetCertsFromDb ( return EFI_INVALID_PARAMETER; } - + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { // // Get variable "certdb". @@ -1355,7 +1355,7 @@ GetCertsFromDb ( /** Delete matching signer's certificates when deleting common authenticated - variable by corresponding VariableName and VendorGuid from "certdb" or + variable by corresponding VariableName and VendorGuid from "certdb" or "certdbv" according to authenticated variable attributes. @param[in] VariableName Name of authenticated Variable. @@ -1904,13 +1904,13 @@ VerifyTimeBasedPayload ( // digestAlgorithms DigestAlgorithmIdentifiers, // contentInfo ContentInfo, // .... } - // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm + // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm // in VARIABLE_AUTHENTICATION_2 descriptor. // This field has the fixed offset (+13) and be calculated based on two bytes of length encoding. // if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { if (SigDataSize >= (13 + sizeof (mSha256OidValue))) { - if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) || + if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) || (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) { return EFI_SECURITY_VIOLATION; } diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h index 2886260925..1d495b08a3 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -12,7 +12,7 @@ may not be modified without authorization. If platform fails to protect these resources, the authentication service provided in this driver will be broken, and the behavior is undefined. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -142,7 +142,7 @@ VerifyTimeBasedPayloadAndUpdate ( /** Delete matching signer's certificates when deleting common authenticated - variable by corresponding VariableName and VendorGuid from "certdb" or + variable by corresponding VariableName and VendorGuid from "certdb" or "certdbv" according to authenticated variable attributes. @param[in] VariableName Name of authenticated Variable. @@ -166,9 +166,9 @@ DeleteCertsFromDb ( Clean up signer's certificates for common authenticated variable by corresponding VariableName and VendorGuid from "certdb". Sytem may break down during Timebased Variable update & certdb update, - make them inconsistent, this function is called in AuthVariable Init to ensure + make them inconsistent, this function is called in AuthVariable Init to ensure consistency - + @retval EFI_NOT_FOUND Fail to find matching certs. @retval EFI_SUCCESS Find matching certs and output parameters. diff --git a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c index 02a87f9077..41ad52563e 100644 --- a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c +++ b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c @@ -1,13 +1,13 @@ /** @file Implement defer image load services for user identification in UEFI2.2. -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -33,9 +33,9 @@ EFI_DEFERRED_IMAGE_LOAD_PROTOCOL gDeferredImageLoad = { Get the image type. @param[in] File This is a pointer to the device path of the file - that is being dispatched. + that is being dispatched. - @return UINT32 Image Type + @return UINT32 Image Type **/ UINT32 @@ -44,7 +44,7 @@ GetFileType ( ) { EFI_STATUS Status; - EFI_HANDLE DeviceHandle; + EFI_HANDLE DeviceHandle; EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; EFI_BLOCK_IO_PROTOCOL *BlockIo; @@ -110,7 +110,7 @@ GetFileType ( } // - // File is not in a Firmware Volume or on a Block I/O device, so check to see if + // File is not in a Firmware Volume or on a Block I/O device, so check to see if // the device path supports the Simple File System Protocol. // DeviceHandle = NULL; @@ -129,12 +129,12 @@ GetFileType ( // // File is not from an FV, Block I/O or Simple File System, so the only options - // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC. + // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC. // TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File; while (!IsDevicePathEndType (TempDevicePath)) { switch (DevicePathType (TempDevicePath)) { - + case MEDIA_DEVICE_PATH: if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) { return IMAGE_FROM_OPTION_ROM; @@ -144,7 +144,7 @@ GetFileType ( case MESSAGING_DEVICE_PATH: if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) { return IMAGE_FROM_REMOVABLE_MEDIA; - } + } break; default: @@ -152,7 +152,7 @@ GetFileType ( } TempDevicePath = NextDevicePathNode (TempDevicePath); } - return IMAGE_UNKNOWN; + return IMAGE_UNKNOWN; } @@ -191,7 +191,7 @@ GetAccessControl ( if (EFI_ERROR (Status)) { return EFI_NOT_FOUND; } - + // // Get current user access information. // @@ -234,12 +234,12 @@ GetAccessControl ( if (EFI_ERROR (Status)) { break; } - + ASSERT (Info != NULL); if (Info->InfoType != EFI_USER_INFO_ACCESS_POLICY_RECORD) { continue; } - + // // Get specified access information. // @@ -256,7 +256,7 @@ GetAccessControl ( CheckLen += Access->Size; } } - + if (Info != NULL) { FreePool (Info); } @@ -266,17 +266,17 @@ GetAccessControl ( /** Get file name from device path. - The file name may contain one or more device path node. Save the file name in a - buffer if file name is found. The caller is responsible to free the buffer. - + The file name may contain one or more device path node. Save the file name in a + buffer if file name is found. The caller is responsible to free the buffer. + @param[in] DevicePath A pointer to a device path. @param[out] FileName The callee allocated buffer to save the file name if file name is found. @param[out] FileNameOffset The offset of file name in device path if file name is found. - + @retval UINTN The file name length. 0 means file name is not found. **/ -UINTN +UINTN GetFileName ( IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath, OUT UINT8 **FileName, @@ -342,26 +342,26 @@ GetFileName ( FirstNodeChar = (CHAR16) ReadUnaligned16 ((UINT16 *)((UINT8 *)TmpDevicePath + sizeof (EFI_DEVICE_PATH_PROTOCOL))); NodeStr = (CHAR8 *)TmpDevicePath + sizeof (EFI_DEVICE_PATH_PROTOCOL); NodeStrLength = DevicePathNodeLength (TmpDevicePath) - sizeof (EFI_DEVICE_PATH_PROTOCOL) - sizeof(CHAR16); - + if ((FirstNodeChar == '\\') && (LastNodeChar == '\\')) { // // Skip separator "\" when there are two separators. // NodeStr += sizeof (CHAR16); - NodeStrLength -= sizeof (CHAR16); + NodeStrLength -= sizeof (CHAR16); } else if ((FirstNodeChar != '\\') && (LastNodeChar != '\\')) { // // Add separator "\" when there is no separator. // WriteUnaligned16 ((UINT16 *)(*FileName + Length), '\\'); Length += sizeof (CHAR16); - } + } CopyMem (*FileName + Length, NodeStr, NodeStrLength); Length += NodeStrLength; - + LastNodeChar = (CHAR16) ReadUnaligned16 ((UINT16 *) (NodeStr + NodeStrLength - sizeof(CHAR16))); TmpDevicePath = NextDevicePathNode (TmpDevicePath); - } + } return Length; } @@ -373,16 +373,16 @@ GetFileName ( If DevicePath2 is identical with DevicePath1, or with DevicePath1's child device path, then TRUE returned. Otherwise, FALSE is returned. - + If DevicePath1 is NULL, then ASSERT(). If DevicePath2 is NULL, then ASSERT(). @param[in] DevicePath1 A pointer to a device path. @param[in] DevicePath2 A pointer to a device path. - @retval TRUE Two device paths are identical , or DevicePath2 is + @retval TRUE Two device paths are identical , or DevicePath2 is DevicePath1's child device path. - @retval FALSE Two device paths are not identical, and DevicePath2 + @retval FALSE Two device paths are not identical, and DevicePath2 is not DevicePath1's child device path. **/ @@ -410,9 +410,9 @@ CheckDevicePath ( if (IsDevicePathEnd (DevicePath1)) { return FALSE; } - + // - // The file name may contain one or more device path node. + // The file name may contain one or more device path node. // To compare the file name, copy file name to a buffer and compare the buffer. // FileNameSize1 = GetFileName (DevicePath1, &FileName1, &FileNameOffset1); @@ -422,7 +422,7 @@ CheckDevicePath ( DevicePathEqual = FALSE; goto Done; } - if (CompareMem (DevicePath1, DevicePath2, FileNameOffset1) != 0) { + if (CompareMem (DevicePath1, DevicePath2, FileNameOffset1) != 0) { DevicePathEqual = FALSE; goto Done; } @@ -430,7 +430,7 @@ CheckDevicePath ( DevicePathEqual = FALSE; goto Done; } - if (CompareMem (FileName1, FileName2, FileNameSize1) != 0) { + if (CompareMem (FileName1, FileName2, FileNameSize1) != 0) { DevicePathEqual = FALSE; goto Done; } @@ -449,9 +449,9 @@ CheckDevicePath ( DevicePathSize -= sizeof (EFI_DEVICE_PATH_PROTOCOL); if (CompareMem (DevicePath1, DevicePath2, DevicePathSize) != 0) { DevicePathEqual = FALSE; - } - -Done: + } + +Done: if (FileName1 != NULL) { FreePool (FileName1); } @@ -463,12 +463,12 @@ Done: /** - Check whether the image pointed to by DevicePath is in the device path list - specified by AccessType. + Check whether the image pointed to by DevicePath is in the device path list + specified by AccessType. @param[in] DevicePath Points to device path. @param[in] AccessType The type of user access control. - + @retval TRUE The DevicePath is in the specified List. @retval FALSE The DevicePath is not in the specified List. @@ -482,36 +482,36 @@ IsDevicePathInList ( EFI_STATUS Status; EFI_USER_INFO_ACCESS_CONTROL *Access; EFI_DEVICE_PATH_PROTOCOL *Path; - UINTN OffSet; + UINTN OffSet; Status = GetAccessControl (&Access, AccessType); if (EFI_ERROR (Status)) { return FALSE; - } + } OffSet = 0; while (OffSet < Access->Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL)) { - Path = (EFI_DEVICE_PATH_PROTOCOL*)((UINT8*)(Access + 1) + OffSet); + Path = (EFI_DEVICE_PATH_PROTOCOL*)((UINT8*)(Access + 1) + OffSet); if (CheckDevicePath (Path, DevicePath)) { // // The device path is found in list. // FreePool (Access); return TRUE; - } + } OffSet += GetDevicePathSize (Path); } - + FreePool (Access); - return FALSE; + return FALSE; } /** - Check whether the image pointed to by DevicePath is permitted to load. + Check whether the image pointed to by DevicePath is permitted to load. @param[in] DevicePath Points to device path - + @retval TRUE The image pointed by DevicePath is permitted to load. @retval FALSE The image pointed by DevicePath is forbidden to load. @@ -523,28 +523,28 @@ VerifyDevicePath ( { if (IsDevicePathInList (DevicePath, EFI_USER_INFO_ACCESS_PERMIT_LOAD)) { // - // This access control overrides any restrictions put in place by the + // This access control overrides any restrictions put in place by the // EFI_USER_INFO_ACCESS_FORBID_LOAD record. // return TRUE; } - + if (IsDevicePathInList (DevicePath, EFI_USER_INFO_ACCESS_FORBID_LOAD)) { // // The device path is found in the forbidden list. // return FALSE; } - - return TRUE; + + return TRUE; } /** - Check the image pointed by DevicePath is a boot option or not. + Check the image pointed by DevicePath is a boot option or not. @param[in] DevicePath Points to device path. - + @retval TRUE The image pointed by DevicePath is a boot option. @retval FALSE The image pointed by DevicePath is not a boot option. @@ -562,31 +562,31 @@ IsBootOption ( UINT8 *OptionBuffer; UINT8 *OptionPtr; EFI_DEVICE_PATH_PROTOCOL *OptionDevicePath; - + // // Get BootOrder // BootOrderListSize = 0; - BootOrderList = NULL; + BootOrderList = NULL; Status = gRT->GetVariable ( - L"BootOrder", - &gEfiGlobalVariableGuid, - NULL, - &BootOrderListSize, + L"BootOrder", + &gEfiGlobalVariableGuid, + NULL, + &BootOrderListSize, NULL ); if (Status == EFI_BUFFER_TOO_SMALL) { BootOrderList = AllocateZeroPool (BootOrderListSize); ASSERT (BootOrderList != NULL); Status = gRT->GetVariable ( - L"BootOrder", - &gEfiGlobalVariableGuid, - NULL, - &BootOrderListSize, + L"BootOrder", + &gEfiGlobalVariableGuid, + NULL, + &BootOrderListSize, BootOrderList ); } - + if (EFI_ERROR (Status)) { // // No Boot option @@ -608,7 +608,7 @@ IsBootOption ( // // Check whether the image is forbidden. // - + OptionPtr = OptionBuffer; // // Skip attribute. @@ -624,7 +624,7 @@ IsBootOption ( // Skip descript string // OptionPtr += StrSize ((UINT16 *) OptionPtr); - + // // Now OptionPtr points to Device Path. // @@ -650,11 +650,11 @@ IsBootOption ( /** Add the image info to a deferred image list. - @param[in] ImageDevicePath A pointer to the device path of a image. - @param[in] Image Points to the first byte of the image, or NULL if the + @param[in] ImageDevicePath A pointer to the device path of a image. + @param[in] Image Points to the first byte of the image, or NULL if the image is not available. @param[in] ImageSize The size of the image, or 0 if the image is not available. - + **/ VOID PutDefferedImageInfo ( @@ -675,9 +675,9 @@ PutDefferedImageInfo ( } else { CurImageInfo = AllocatePool ((mDeferredImage.Count + 1) * sizeof (DEFERRED_IMAGE_INFO)); ASSERT (CurImageInfo != NULL); - + CopyMem ( - CurImageInfo, + CurImageInfo, mDeferredImage.ImageInfo, mDeferredImage.Count * sizeof (DEFERRED_IMAGE_INFO) ); @@ -685,7 +685,7 @@ PutDefferedImageInfo ( mDeferredImage.ImageInfo = CurImageInfo; } mDeferredImage.Count++; - + // // Save the deferred image information. // @@ -704,29 +704,29 @@ PutDefferedImageInfo ( /** Returns information about a deferred image. - This function returns information about a single deferred image. The deferred images are - numbered consecutively, starting with 0. If there is no image which corresponds to - ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by + This function returns information about a single deferred image. The deferred images are + numbered consecutively, starting with 0. If there is no image which corresponds to + ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by iteratively calling this function until EFI_NOT_FOUND is returned. - Image may be NULL and ImageSize set to 0 if the decision to defer execution was made - because of the location of the executable image, rather than its actual contents. + Image may be NULL and ImageSize set to 0 if the decision to defer execution was made + because of the location of the executable image, rather than its actual contents. @param[in] This Points to this instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL. @param[in] ImageIndex Zero-based index of the deferred index. - @param[out] ImageDevicePath On return, points to a pointer to the device path of the image. - The device path should not be freed by the caller. - @param[out] Image On return, points to the first byte of the image or NULL if the + @param[out] ImageDevicePath On return, points to a pointer to the device path of the image. + The device path should not be freed by the caller. + @param[out] Image On return, points to the first byte of the image or NULL if the image is not available. The image should not be freed by the caller - unless LoadImage() has been successfully called. + unless LoadImage() has been successfully called. @param[out] ImageSize On return, the size of the image, or 0 if the image is not available. - @param[out] BootOption On return, points to TRUE if the image was intended as a boot option - or FALSE if it was not intended as a boot option. - + @param[out] BootOption On return, points to TRUE if the image was intended as a boot option + or FALSE if it was not intended as a boot option. + @retval EFI_SUCCESS Image information returned successfully. @retval EFI_NOT_FOUND ImageIndex does not refer to a valid image. - @retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or + @retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or BootOption is NULL. - + **/ EFI_STATUS EFIAPI @@ -748,7 +748,7 @@ GetDefferedImageInfo ( if ((This == NULL) || (ImageSize == NULL) || (Image == NULL)) { return EFI_INVALID_PARAMETER; } - + if ((ImageDevicePath == NULL) || (BootOption == NULL)) { return EFI_INVALID_PARAMETER; } @@ -756,17 +756,17 @@ GetDefferedImageInfo ( if (ImageIndex >= mDeferredImage.Count) { return EFI_NOT_FOUND; } - + // // Get the request deferred image. - // + // ReqImageInfo = &mDeferredImage.ImageInfo[ImageIndex]; - + *ImageDevicePath = ReqImageInfo->ImageDevicePath; *Image = ReqImageInfo->Image; *ImageSize = ReqImageInfo->ImageSize; *BootOption = ReqImageInfo->BootOption; - + return EFI_SUCCESS; } @@ -775,7 +775,7 @@ GetDefferedImageInfo ( Provides the service of deferring image load based on platform policy control, and installs Deferred Image Load Protocol. - @param[in] AuthenticationStatus This is the authentication status returned from the + @param[in] AuthenticationStatus This is the authentication status returned from the security measurement services for the input file. @param[in] File This is a pointer to the device path of the file that is being dispatched. This will optionally be used for @@ -824,7 +824,7 @@ DxeDeferImageLoadHandler ( // // Check whether user has a logon. - // + // CurrentUser = NULL; if (mUserManager != NULL) { mUserManager->Current (mUserManager, &CurrentUser); @@ -839,7 +839,7 @@ DxeDeferImageLoadHandler ( return EFI_SUCCESS; } } - + // // Still no user logon. // Check the file type and get policy setting. @@ -852,7 +852,7 @@ DxeDeferImageLoadHandler ( // return EFI_SUCCESS; } - + DEBUG ((EFI_D_INFO, "[Security] No user identified, the image is deferred to load!\n")); PutDefferedImageInfo (File, FileBuffer, FileSize); @@ -874,10 +874,10 @@ DxeDeferImageLoadHandler ( } /** - Locate user manager protocol when user manager is installed. + Locate user manager protocol when user manager is installed. @param[in] Event The Event that is being processed, not used. - @param[in] Context Event Context, not used. + @param[in] Context Event Context, not used. **/ VOID @@ -892,7 +892,7 @@ FindUserManagerProtocol ( NULL, (VOID **) &mUserManager ); - + } @@ -912,22 +912,22 @@ DxeDeferImageLoadLibConstructor ( ) { VOID *Registration; - + // // Register user manager notification function. // EfiCreateProtocolNotifyEvent ( - &gEfiUserManagerProtocolGuid, + &gEfiUserManagerProtocolGuid, TPL_CALLBACK, FindUserManagerProtocol, NULL, &Registration ); - + return RegisterSecurity2Handler ( DxeDeferImageLoadHandler, - EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD - ); + EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD + ); } diff --git a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h index fd750be512..1390974a84 100644 --- a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h +++ b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.h @@ -2,13 +2,13 @@ The internal header file includes the common header files, defines internal structure and functions used by DeferImageLoadLib. -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -67,29 +67,29 @@ typedef struct { /** Returns information about a deferred image. - This function returns information about a single deferred image. The deferred images are - numbered consecutively, starting with 0. If there is no image which corresponds to - ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by + This function returns information about a single deferred image. The deferred images are + numbered consecutively, starting with 0. If there is no image which corresponds to + ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by iteratively calling this function until EFI_NOT_FOUND is returned. - Image may be NULL and ImageSize set to 0 if the decision to defer execution was made - because of the location of the executable image, rather than its actual contents. + Image may be NULL and ImageSize set to 0 if the decision to defer execution was made + because of the location of the executable image, rather than its actual contents. @param[in] This Points to this instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL. @param[in] ImageIndex Zero-based index of the deferred index. - @param[out] ImageDevicePath On return, points to a pointer to the device path of the image. - The device path should not be freed by the caller. - @param[out] Image On return, points to the first byte of the image or NULL if the + @param[out] ImageDevicePath On return, points to a pointer to the device path of the image. + The device path should not be freed by the caller. + @param[out] Image On return, points to the first byte of the image or NULL if the image is not available. The image should not be freed by the caller - unless LoadImage() has been called successfully. + unless LoadImage() has been called successfully. @param[out] ImageSize On return, the size of the image, or 0 if the image is not available. - @param[out] BootOption On return, points to TRUE if the image was intended as a boot option - or FALSE if it was not intended as a boot option. - + @param[out] BootOption On return, points to TRUE if the image was intended as a boot option + or FALSE if it was not intended as a boot option. + @retval EFI_SUCCESS Image information returned successfully. @retval EFI_NOT_FOUND ImageIndex does not refer to a valid image. - @retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or + @retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or BootOption is NULL. - + **/ EFI_STATUS EFIAPI @@ -101,5 +101,5 @@ GetDefferedImageInfo ( OUT UINTN *ImageSize, OUT BOOLEAN *BootOption ); - + #endif diff --git a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf index 8297230bed..3399d7a3bd 100644 --- a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf +++ b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf @@ -1,11 +1,11 @@ ## @file # Provides security service of deferred image load # -# The platform may need to defer the execution of an image because of security -# considerations. These deferred images will be recorded and then reported by +# The platform may need to defer the execution of an image because of security +# considerations. These deferred images will be recorded and then reported by # installing an instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -48,9 +48,9 @@ DevicePathLib BaseMemoryLib PrintLib - DebugLib + DebugLib UefiLib - PcdLib + PcdLib [Protocols] gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES @@ -60,9 +60,9 @@ ## SOMETIMES_CONSUMES ## NOTIFY gEfiUserManagerProtocolGuid - + [Guids] gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootOrder" - + [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c index bc1acd1fed..f0d41b8b9c 100644 --- a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c +++ b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c @@ -1,7 +1,7 @@ /** @file Implement image authentication status check in UEFI2.3.1. -Copyright (c) 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -18,8 +18,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /** Check image authentication status returned from Section Extraction Protocol - - @param[in] AuthenticationStatus This is the authentication status returned from + + @param[in] AuthenticationStatus This is the authentication status returned from the Section Extraction Protocol when reading the input file. @param[in] File This is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging. diff --git a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf index 62fcdaacc6..6c826a9cbf 100644 --- a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf +++ b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf @@ -3,7 +3,7 @@ # # Authentication Status Library module supports UEFI2.3.1 # -# Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,7 +20,7 @@ FILE_GUID = EB92D1DE-7C36-4680-BB88-A67E96049F72 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER CONSTRUCTOR = DxeImageAuthenticationStatusLibConstructor # diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 588072c6a1..0f795c0af1 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -12,7 +12,7 @@ DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept untrusted PE/COFF image and validate its data structure within this image buffer before use. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -275,12 +275,12 @@ GetImageType ( /** Calculate hash of Pe/Coff image based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A - + Caution: This function may receive untrusted input. PE/COFF image is external input, so this function will validate its data structure within this image buffer before use. - Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in + Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in its caller function DxeImageVerificationHandler(). @param[in] HashAlg Hash algorithm type. @@ -1109,14 +1109,14 @@ IsTimeZero ( } /** - Check whether the timestamp signature is valid and the signing time is also earlier than + Check whether the timestamp signature is valid and the signing time is also earlier than the revocation time. @param[in] AuthData Pointer to the Authenticode signature retrieved from signed image. @param[in] AuthDataSize Size of the Authenticode signature in bytes. @param[in] RevocationTime The time that the certificate was revoked. - @retval TRUE Timestamp signature is valid and signing time is no later than the + @retval TRUE Timestamp signature is valid and signing time is no later than the revocation time. @retval FALSE Timestamp signature is not valid or the signing time is later than the revocation time. @@ -1226,9 +1226,9 @@ Done: **/ BOOLEAN -IsForbiddenByDbx ( +IsForbiddenByDbx ( IN UINT8 *AuthData, - IN UINTN AuthDataSize + IN UINTN AuthDataSize ) { EFI_STATUS Status; diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni index 6575e1c4b9..75994a2453 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni @@ -2,13 +2,13 @@ // Provides security service of image verification // // This library hooks LoadImage() API to verify every image by the verification policy. -// +// // Caution: This module requires additional review when modified. // This library will have external input - PE/COFF image. // This external input must be validated carefully to avoid security issues such as // buffer overflow or integer overflow. // -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c b/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c index 6b98747d4a..3f0d4f25eb 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c @@ -1,7 +1,7 @@ /** @file Measure TCG required variable. -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -97,9 +97,9 @@ AssignVendorGuid ( @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[in] VarData The content of the variable data. - @param[in] VarSize The size of the variable data. - + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. **/ @@ -151,8 +151,8 @@ AddDataMeasured ( @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[in] VarData The content of the variable data. - @param[in] VarSize The size of the variable data. + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. @retval TRUE The data is already measured. @retval FALSE The data is not measured yet. @@ -197,7 +197,7 @@ IsSecureAuthorityVariable ( UINTN Index; for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { - if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && + if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) { return TRUE; } @@ -210,9 +210,9 @@ IsSecureAuthorityVariable ( @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[in] VarData The content of the variable data. - @param[in] VarSize The size of the variable data. - + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. @retval EFI_DEVICE_ERROR The operation was unsuccessful. diff --git a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c index d6f4207a50..8421545c11 100644 --- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c @@ -1,17 +1,17 @@ /** @file - This library registers RSA 2048 SHA 256 guided section handler + This library registers RSA 2048 SHA 256 guided section handler to parse RSA 2048 SHA 256 encapsulation section and extract raw data. It uses the BaseCrypyLib based on OpenSSL to authenticate the signature. -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -50,7 +50,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; /** GetInfo gets raw data size and attribute of the input guided section. - It first checks whether the input guid section is supported. + It first checks whether the input guid section is supported. If not, EFI_INVALID_PARAMETER will return. @param InputSection Buffer containing the input GUIDed section to be processed. @@ -58,7 +58,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; @param ScratchBufferSize The size of ScratchBuffer. @param SectionAttribute The attribute of the input guided section. - @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and + @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and the attribute of the input section are successfully retrieved. @retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid. @@ -111,7 +111,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( Extraction handler tries to extract raw data from the input guided section. It also does authentication check for RSA 2048 SHA 256 signature in the input guided section. - It first checks whether the input guid section is supported. + It first checks whether the input guid section is supported. If not, EFI_INVALID_PARAMETER will return. @param InputSection Buffer containing the input GUIDed section to be processed. @@ -143,10 +143,10 @@ Rsa2048Sha256GuidedSectionHandler ( UINTN PublicKeyBufferSize; VOID *HashContext; VOID *Rsa; - + HashContext = NULL; Rsa = NULL; - + if (IS_SECTION2 (InputSection)) { // // Check whether the input guid section is recognized. @@ -156,7 +156,7 @@ Rsa2048Sha256GuidedSectionHandler ( &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { return EFI_INVALID_PARAMETER; } - + // // Get the RSA 2048 SHA 256 information. // @@ -184,7 +184,7 @@ Rsa2048Sha256GuidedSectionHandler ( &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { return EFI_INVALID_PARAMETER; } - + // // Get the RSA 2048 SHA 256 information. // @@ -214,7 +214,7 @@ Rsa2048Sha256GuidedSectionHandler ( // If SecurityPolicy Protocol exist, AUTH platform override bit is set. // *AuthenticationStatus |= EFI_AUTH_STATUS_PLATFORM_OVERRIDE; - + return EFI_SUCCESS; } @@ -222,7 +222,7 @@ Rsa2048Sha256GuidedSectionHandler ( // All paths from here return EFI_SUCESS and result is returned in AuthenticationStatus // Status = EFI_SUCCESS; - + // // Fail if the HashType is not SHA 256 // @@ -264,7 +264,7 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - + // // Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer // @@ -299,8 +299,8 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - - // + + // // Set RSA Key Components. // NOTE: Only N and E are needed to be set as RSA public key for signature verification. // @@ -347,10 +347,10 @@ Rsa2048Sha256GuidedSectionHandler ( // PERF_INMODULE_BEGIN ("DxeRsaVerify"); CryptoStatus = RsaPkcs1Verify ( - Rsa, - Digest, - SHA256_DIGEST_SIZE, - CertBlockRsa2048Sha256->Signature, + Rsa, + Digest, + SHA256_DIGEST_SIZE, + CertBlockRsa2048Sha256->Signature, sizeof (CertBlockRsa2048Sha256->Signature) ); PERF_INMODULE_END ("DxeRsaVerify"); diff --git a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf index 4681f08643..cbb553c0bf 100644 --- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf +++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf @@ -1,11 +1,11 @@ ## @file -# This library doesn't produce any library class. The constructor function uses +# This library doesn't produce any library class. The constructor function uses # ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler # that parses RSA 2048 SHA 256 encapsulation section and extracts raw data. # # It uses the BaseCrypyLib based on OpenSSL to authenticate the signature. # -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -39,7 +39,7 @@ MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec SecurityPkg/SecurityPkg.dec - + [LibraryClasses] ExtractGuidedSectionLib UefiBootServicesTableLib @@ -50,13 +50,13 @@ PcdLib PerformanceLib -[Pcd] +[Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## SOMETIMES_CONSUMES [Protocols] gEfiSecurityPolicyProtocolGuid ## SOMETIMES_CONSUMES (Set platform override AUTH status if exist) - + [Guids] gEfiCertTypeRsa2048Sha256Guid ## PRODUCES ## UNDEFINED # Specifies RSA 2048 SHA 256 authentication algorithm. gEfiHashAlgorithmSha256Guid ## SOMETIMES_CONSUMES ## UNDEFINED - \ No newline at end of file + diff --git a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni index 5a043efbb2..19131a71ab 100644 --- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni +++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni @@ -3,10 +3,10 @@ // // ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler // that parses RSA 2048 SHA 256 encapsulation section and extracts raw data. -// +// // It uses the BaseCrypyLib based on OpenSSL to authenticate the signature. // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 5ece8e513a..a271c81388 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -7,13 +7,13 @@ Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -109,7 +109,7 @@ Done: Change EPS. @param[in] PlatformAuth platform auth value. NULL means no platform auth change. - + @retval EFI_SUCCESS Operation completed successfully. **/ EFI_STATUS @@ -145,9 +145,9 @@ Tpm2CommandChangeEps ( @param[in] CommandCode Physical presence operation value. @param[in] CommandParameter Physical presence operation parameter. @param[in, out] PpiFlags The physical presence interface flags. - + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation. - @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or receiving response from TPM. @retval Others Return code from the TPM device after command execution. **/ @@ -274,8 +274,8 @@ Tcg2ReadUserKey ( EFI_STATUS Status; EFI_INPUT_KEY Key; UINT16 InputKey; - - InputKey = 0; + + InputKey = 0; do { Status = gBS->CheckEvent (gST->ConIn->WaitForKey); if (!EFI_ERROR (Status)) { @@ -289,13 +289,13 @@ Tcg2ReadUserKey ( if ((Key.ScanCode == SCAN_F12) && CautionKey) { InputKey = Key.ScanCode; } - } + } } while (InputKey == 0); if (InputKey != SCAN_ESC) { return TRUE; } - + return FALSE; } @@ -364,7 +364,7 @@ Tcg2UserConfirm ( { CHAR16 *ConfirmText; CHAR16 *TmpStr1; - CHAR16 *TmpStr2; + CHAR16 *TmpStr2; UINTN BufSize; BOOLEAN CautionKey; BOOLEAN NoPpiInfo; @@ -376,7 +376,7 @@ Tcg2UserConfirm ( EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; UINT32 CurrentPCRBanks; EFI_STATUS Status; - + TmpStr2 = NULL; CautionKey = FALSE; NoPpiInfo = FALSE; @@ -403,7 +403,7 @@ Tcg2UserConfirm ( TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); break; @@ -423,7 +423,7 @@ Tcg2UserConfirm ( TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); break; @@ -453,11 +453,11 @@ Tcg2UserConfirm ( TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_1)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_2)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter); Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks); @@ -468,7 +468,7 @@ Tcg2UserConfirm ( StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); break; @@ -482,11 +482,11 @@ Tcg2UserConfirm ( TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_1)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); - + FreePool (TmpStr1); + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_2)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); break; @@ -571,10 +571,10 @@ Tcg2UserConfirm ( DstStr[80] = L'\0'; for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { - StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); - Print (DstStr); + StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); + Print (DstStr); } - + FreePool (TmpStr1); FreePool (TmpStr2); FreePool (ConfirmText); @@ -584,17 +584,17 @@ Tcg2UserConfirm ( return TRUE; } - return FALSE; + return FALSE; } /** - Check if there is a valid physical presence command request. Also updates parameter value + Check if there is a valid physical presence command request. Also updates parameter value to whether the requested physical presence command already confirmed by user - - @param[in] TcgPpData EFI Tcg2 Physical Presence request data. + + @param[in] TcgPpData EFI Tcg2 Physical Presence request data. @param[in] Flags The physical presence interface flags. @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. - True, it indicates the command doesn't require user confirm, or already confirmed + True, it indicates the command doesn't require user confirm, or already confirmed in last boot cycle by user. False, it indicates the command need user confirm from UI. @@ -657,7 +657,7 @@ Tcg2HaveValidTpmRequest ( *RequestConfirmed = TRUE; } break; - + case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: *RequestConfirmed = TRUE; break; @@ -778,7 +778,7 @@ Tcg2ExecutePendingTpmRequest ( } else { if (!RequestConfirmed) { // - // Print confirm text and wait for approval. + // Print confirm text and wait for approval. // RequestConfirmed = Tcg2UserConfirm (TcgPpData->PPRequest, TcgPpData->PPRequestParameter); } @@ -791,8 +791,8 @@ Tcg2ExecutePendingTpmRequest ( if (RequestConfirmed) { TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence ( PlatformAuth, - TcgPpData->PPRequest, - TcgPpData->PPRequestParameter, + TcgPpData->PPRequest, + TcgPpData->PPRequestParameter, &NewFlags ); } @@ -809,7 +809,7 @@ Tcg2ExecutePendingTpmRequest ( EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS), &NewFlags - ); + ); } // @@ -817,7 +817,7 @@ Tcg2ExecutePendingTpmRequest ( // if ((NewFlags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) == 0) { TcgPpData->LastPPRequest = TcgPpData->PPRequest; - TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; + TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; TcgPpData->PPRequestParameter = 0; } @@ -879,19 +879,19 @@ Tcg2ExecutePendingTpmRequest ( Print (L"Rebooting system to make TPM2 settings in effect\n"); gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); - ASSERT (FALSE); + ASSERT (FALSE); } /** Check and execute the pending TPM request. - The TPM request may come from OS or BIOS. This API will display request information and wait + The TPM request may come from OS or BIOS. This API will display request information and wait for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to + the TPM request is confirmed, and one or more reset may be required to make TPM request to take effect. - + This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. + to display request information and get user input to confirm the request. @param[in] PlatformAuth platform auth value. NULL means no platform auth change. **/ @@ -908,7 +908,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; // - // This flags variable controls whether physical presence is required for TPM command. + // This flags variable controls whether physical presence is required for TPM command. // It should be protected from malicious software. We set it as read-only variable here. // Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); @@ -923,7 +923,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( ASSERT_EFI_ERROR (Status); } } - + // // Check S4 resume // @@ -958,7 +958,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( } DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags)); } - + // // Initialize physical presence variable. // @@ -990,7 +990,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( // // Execute pending TPM request. - // + // Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags); DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)); @@ -1001,7 +1001,7 @@ Tcg2PhysicalPresenceLibProcessRequest ( The TPM request may come from OS. This API will check if TPM request exists and need user input to confirmation. - + @retval TRUE TPM needs input to confirm user physical presence. @retval FALSE TPM doesn't need input to confirm user physical presence. @@ -1052,7 +1052,7 @@ Tcg2PhysicalPresenceLibNeedUserConfirm( if (EFI_ERROR (Status)) { return FALSE; } - + if (TcgPpData.PPRequest == TCG2_PHYSICAL_PRESENCE_NO_ACTION) { // // No operation request @@ -1097,7 +1097,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( EFI_STATUS Status; UINTN DataSize; EFI_TCG2_PHYSICAL_PRESENCE PpData; - + DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); // @@ -1117,7 +1117,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; } - + *MostRecentRequest = PpData.LastPPRequest; *Response = PpData.PPResponse; @@ -1130,7 +1130,7 @@ Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( Submit TPM Operation Request to Pre-OS Environment 2. Caution: This function may receive untrusted input. - + @param[in] OperationRequest TPM physical presence operation request. @param[in] RequestParameter TPM physical presence operation request parameter. @@ -1148,9 +1148,9 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( UINTN DataSize; EFI_TCG2_PHYSICAL_PRESENCE PpData; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; - + DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter)); - + // // Get the Physical Presence variable // @@ -1184,7 +1184,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( DataSize, &PpData ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status)); return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; } diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf index fc10129989..d74f000203 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf @@ -8,7 +8,7 @@ # This driver will have external input - variable. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -25,7 +25,7 @@ FILE_GUID = 7E507A86-DE8B-4AD3-BC4C-0498389098D3 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER # # The following information is for reference only and not required by the build tools. diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni index 7cb7072c17..472b9d9e51 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni @@ -3,12 +3,12 @@ // // This library will check and execute TPM 2.0 request from OS or BIOS. The request may // ask for user confirmation before execution. -// +// // Caution: This module requires additional review when modified. // This driver will have external input - variable. // This external input must be validated carefully to avoid security issue. // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni index 0271b890e0..50f53e6511 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni @@ -1,13 +1,13 @@ /** @file String definitions for TPM 2.0 physical presence confirm text. -Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -17,8 +17,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string TPM_HEAD_STR #language en-US "A configuration change was requested to %s this computer's TPM (Trusted Platform Module)\n\n" #string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n" -#string TPM_ACCEPT_KEY #language en-US "Press F10 " -#string TPM_CAUTION_KEY #language en-US "Press F12 " +#string TPM_ACCEPT_KEY #language en-US "Press F10 " +#string TPM_CAUTION_KEY #language en-US "Press F12 " #string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n" #string TPM_ENABLE #language en-US "enable" @@ -48,8 +48,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n" #string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n" -#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 " -#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 " +#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 " +#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 " #string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n" #string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests " diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c index 4f35be80bb..32e0700096 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c @@ -8,13 +8,13 @@ ExecutePendingTpmRequest() will receive untrusted input and do validation. -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -60,10 +60,10 @@ PhysicalPresenceGetStringById ( /** Get TPM physical presence permanent flags. - @param[in] TcgProtocol EFI TCG Protocol instance. - @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag. + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag. @param[out] CmdEnable physicalPresenceCMDEnable permanent flag. - + @retval EFI_SUCCESS Flags were returns successfully. @retval other Failed to locate EFI TCG Protocol. @@ -82,13 +82,13 @@ GetTpmCapability ( UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3]; TPM_PERMANENT_FLAGS *TpmPermanentFlags; UINT8 RecvBuffer[40]; - + // // Fill request header // TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer; TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer; - + TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer)); TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability); @@ -99,8 +99,8 @@ GetTpmCapability ( SendBufPtr = (UINT32*)(TpmRqu + 1); WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG)); WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT))); - WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); - + WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); + Status = TcgProtocol->PassThroughToTpm ( TcgProtocol, sizeof (SendBuffer), @@ -111,9 +111,9 @@ GetTpmCapability ( ASSERT_EFI_ERROR (Status); ASSERT (TpmRsp->tag == SwapBytes16 (TPM_TAG_RSP_COMMAND)); ASSERT (TpmRsp->returnCode == 0); - + TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)]; - + if (LifetimeLock != NULL) { *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock; } @@ -128,9 +128,9 @@ GetTpmCapability ( /** Issue TSC_PhysicalPresence command to TPM. - @param[in] TcgProtocol EFI TCG Protocol instance. - @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. - + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. + @retval EFI_SUCCESS TPM executed the command successfully. @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command. @retval other Failed to locate EFI TCG Protocol. @@ -154,7 +154,7 @@ TpmPhysicalPresence ( TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer)); TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence); - WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); + WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); Status = TcgProtocol->PassThroughToTpm ( TcgProtocol, @@ -171,19 +171,19 @@ TpmPhysicalPresence ( // return EFI_SECURITY_VIOLATION; } - + return Status; } /** Issue a TPM command for which no additional output data will be returned. - @param[in] TcgProtocol EFI TCG Protocol instance. - @param[in] Ordinal TPM command code. - @param[in] AdditionalParameterSize Additional parameter size. - @param[in] AdditionalParameters Pointer to the Additional paramaters. - - @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[in] Ordinal TPM command code. + @param[in] AdditionalParameterSize Additional parameter size. + @param[in] AdditionalParameters Pointer to the Additional paramaters. + + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or receiving response from TPM. @retval Others Return code from the TPM device after command execution. @@ -232,9 +232,9 @@ TpmCommandNoReturnData ( @param[in] TcgProtocol EFI TCG Protocol instance. @param[in] CommandCode Physical presence operation value. @param[in, out] PpiFlags The physical presence interface flags. - + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation. - @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or receiving response from TPM. @retval Others Return code from the TPM device after command execution. @@ -397,7 +397,7 @@ ExecutePhysicalPresence ( case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE; return 0; - + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: // // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR @@ -423,7 +423,7 @@ ExecutePhysicalPresence ( } else { TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags); PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; - } + } return TpmResponse; default: @@ -453,7 +453,7 @@ ReadUserKey ( UINT16 InputKey; UINTN Index; - InputKey = 0; + InputKey = 0; do { Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); if (Status == EFI_NOT_READY) { @@ -479,18 +479,18 @@ ReadUserKey ( if (InputKey != SCAN_ESC) { return TRUE; } - + return FALSE; } /** The constructor function register UNI strings into imageHandle. - - It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. @param ImageHandle The firmware allocated handle for the EFI image. @param SystemTable A pointer to the EFI System Table. - + @retval EFI_SUCCESS The constructor successfully added string package. @retval Other value The constructor can't add string package. @@ -523,12 +523,12 @@ UserConfirm ( { CHAR16 *ConfirmText; CHAR16 *TmpStr1; - CHAR16 *TmpStr2; + CHAR16 *TmpStr2; UINTN BufSize; BOOLEAN CautionKey; UINT16 Index; CHAR16 DstStr[81]; - + TmpStr2 = NULL; CautionKey = FALSE; BufSize = CONFIRM_BUFFER_SIZE; @@ -538,7 +538,7 @@ UserConfirm ( switch (TpmPpCommand) { case PHYSICAL_PRESENCE_ENABLE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE)); - + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); @@ -550,7 +550,7 @@ UserConfirm ( case PHYSICAL_PRESENCE_DISABLE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE)); - + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); @@ -563,10 +563,10 @@ UserConfirm ( StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); break; - + case PHYSICAL_PRESENCE_ACTIVATE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE)); - + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); @@ -589,7 +589,7 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); break; case PHYSICAL_PRESENCE_CLEAR: @@ -603,7 +603,7 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); @@ -628,15 +628,15 @@ UserConfirm ( case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE)); - - TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); - + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); @@ -648,8 +648,8 @@ UserConfirm ( case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP)); - - TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); @@ -660,8 +660,8 @@ UserConfirm ( case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP)); - - TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); @@ -688,15 +688,15 @@ UserConfirm ( case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF)); - - TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); - + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); @@ -709,11 +709,11 @@ UserConfirm ( case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: CautionKey = TRUE; TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE)); - - TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); FreePool (TmpStr1); - + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); FreePool (TmpStr1); @@ -787,7 +787,7 @@ UserConfirm ( TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); - FreePool (TmpStr1); + FreePool (TmpStr1); TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); @@ -877,10 +877,10 @@ UserConfirm ( DstStr[80] = L'\0'; for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { - StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); - Print (DstStr); + StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); + Print (DstStr); } - + FreePool (TmpStr1); FreePool (TmpStr2); FreePool (ConfirmText); @@ -889,17 +889,17 @@ UserConfirm ( return TRUE; } - return FALSE; + return FALSE; } /** - Check if there is a valid physical presence command request. Also updates parameter value + Check if there is a valid physical presence command request. Also updates parameter value to whether the requested physical presence command already confirmed by user - + @param[in] TcgPpData EFI TCG Physical Presence request data. - @param[in] Flags The physical presence interface flags. + @param[in] Flags The physical presence interface flags. @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. - True, it indicates the command doesn't require user confirm, or already confirmed + True, it indicates the command doesn't require user confirm, or already confirmed in last boot cycle by user. False, it indicates the command need user confirm from UI. @@ -1006,7 +1006,7 @@ HaveValidTpmRequest ( TcgPpData variable is external input, so this function will validate its data structure to be valid value. - @param[in] TcgProtocol EFI TCG Protocol instance. + @param[in] TcgProtocol EFI TCG Protocol instance. @param[in] TcgPpData Point to the physical presence NV variable. @param[in] Flags The physical presence interface flags. @@ -1052,7 +1052,7 @@ ExecutePendingTpmRequest ( } else { if (!RequestConfirmed) { // - // Print confirm text and wait for approval. + // Print confirm text and wait for approval. // RequestConfirmed = UserConfirm (TcgPpData->PPRequest); } @@ -1077,18 +1077,18 @@ ExecutePendingTpmRequest ( EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, sizeof (EFI_PHYSICAL_PRESENCE_FLAGS), &NewFlags - ); + ); if (EFI_ERROR (Status)) { return; } } - + // // Clear request // if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { TcgPpData->LastPPRequest = TcgPpData->PPRequest; - TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; + TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; } // @@ -1124,7 +1124,7 @@ ExecutePendingTpmRequest ( case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: - case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: break; default: if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { @@ -1142,21 +1142,21 @@ ExecutePendingTpmRequest ( Print (L"Rebooting system to make TPM settings in effect\n"); gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); - ASSERT (FALSE); + ASSERT (FALSE); } /** Check and execute the pending TPM request and Lock TPM. - The TPM request may come from OS or BIOS. This API will display request information and wait + The TPM request may come from OS or BIOS. This API will display request information and wait for user confirmation if TPM request exists. The TPM request will be sent to TPM device after - the TPM request is confirmed, and one or more reset may be required to make TPM request to + the TPM request is confirmed, and one or more reset may be required to make TPM request to take effect. At last, it will lock TPM to prevent TPM state change by malware. - + This API should be invoked after console in and console out are all ready as they are required - to display request information and get user input to confirm the request. This API should also + to display request information and get user input to confirm the request. This API should also be invoked as early as possible as TPM is locked in this function. - + **/ VOID EFIAPI @@ -1172,7 +1172,7 @@ TcgPhysicalPresenceLibProcessRequest ( EFI_TCG_PROTOCOL *TcgProtocol; EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; - + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); if (EFI_ERROR (Status)) { return ; @@ -1206,7 +1206,7 @@ TcgPhysicalPresenceLibProcessRequest ( DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags)); // - // This flags variable controls whether physical presence is required for TPM command. + // This flags variable controls whether physical presence is required for TPM command. // It should be protected from malicious software. We set it as read-only variable here. // Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); @@ -1221,7 +1221,7 @@ TcgPhysicalPresenceLibProcessRequest ( ASSERT_EFI_ERROR (Status); } } - + // // Initialize physical presence variable. // @@ -1262,7 +1262,7 @@ TcgPhysicalPresenceLibProcessRequest ( if (EFI_ERROR (Status)) { return ; } - + if (!CmdEnable) { if (LifetimeLock) { // @@ -1275,7 +1275,7 @@ TcgPhysicalPresenceLibProcessRequest ( return ; } } - + // // Set operator physical presence flags // @@ -1283,7 +1283,7 @@ TcgPhysicalPresenceLibProcessRequest ( // // Execute pending TPM request. - // + // ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags); DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse)); @@ -1298,7 +1298,7 @@ TcgPhysicalPresenceLibProcessRequest ( The TPM request may come from OS. This API will check if TPM request exists and need user input to confirmation. - + @retval TRUE TPM needs input to confirm user physical presence. @retval FALSE TPM doesn't need input to confirm user physical presence. @@ -1317,7 +1317,7 @@ TcgPhysicalPresenceLibNeedUserConfirm( BOOLEAN CmdEnable; EFI_TCG_PROTOCOL *TcgProtocol; EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; - + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); if (EFI_ERROR (Status)) { return FALSE; @@ -1349,7 +1349,7 @@ TcgPhysicalPresenceLibNeedUserConfirm( if (EFI_ERROR (Status)) { return FALSE; } - + if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) { // // No operation request diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf index 3aacba5c2b..bf7e16ccb7 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf @@ -2,14 +2,14 @@ # Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM # # This library will check and execute TPM 1.2 request from OS or BIOS. The request may -# ask for user confirmation before execution. This Library will also lock TPM physical +# ask for user confirmation before execution. This Library will also lock TPM physical # presence at last. # # Caution: This module requires additional review when modified. # This driver will have external input - variable. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -26,9 +26,9 @@ FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER CONSTRUCTOR = TcgPhysicalPresenceLibConstructor - + # # The following information is for reference only and not required by the build tools. # diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni index 26f8dd3e99..1d238918b1 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni @@ -4,12 +4,12 @@ // This library will check and execute TPM 1.2 request from OS or BIOS. The request may // ask for user confirmation before execution. This Library will also lock TPM physical // presence at last. -// +// // Caution: This module requires additional review when modified. // This driver will have external input - variable. // This external input must be validated carefully to avoid security issue. // -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni index 065cd63be1..91995f85ef 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni @@ -1,14 +1,14 @@ /** @file String definitions for TPM 1.2 physical presence confirm text. -Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -19,8 +19,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n" #string TPM_UPGRADE_HEAD_STR #language en-US "A configuration change was requested to %s to the TPM's (Trusted Platform Module) firmware.\n\n" -#string TPM_ACCEPT_KEY #language en-US "Press F10 " -#string TPM_CAUTION_KEY #language en-US "Press F12 " +#string TPM_ACCEPT_KEY #language en-US "Press F10 " +#string TPM_CAUTION_KEY #language en-US "Press F12 " #string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n" #string TPM_ENABLE #language en-US "enable" diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c index aacafa83b3..96f905aaad 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c @@ -15,14 +15,14 @@ Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse partition data carefully. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -70,11 +70,11 @@ MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL; @param FileHandle Pointer to the file handle to read the PE/COFF image. @param FileOffset Offset into the PE/COFF image to begin the read operation. - @param ReadSize On input, the size in bytes of the requested read operation. + @param ReadSize On input, the size in bytes of the requested read operation. On output, the number of bytes actually read. @param Buffer Output buffer that contains the data read from the PE/COFF image. - - @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size + + @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size **/ EFI_STATUS EFIAPI @@ -157,11 +157,11 @@ Tcg2MeasureGptTable ( } // // Read the EFI Partition Table Header - // + // PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); if (PrimaryHeader == NULL) { return EFI_OUT_OF_RESOURCES; - } + } Status = DiskIo->ReadDisk ( DiskIo, BlockIo->Media->MediaId, @@ -173,7 +173,7 @@ Tcg2MeasureGptTable ( DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n")); FreePool (PrimaryHeader); return EFI_DEVICE_ERROR; - } + } // // Read the partition entry. // @@ -194,7 +194,7 @@ Tcg2MeasureGptTable ( FreePool (EntryPtr); return EFI_DEVICE_ERROR; } - + // // Count the valid partition // @@ -202,15 +202,15 @@ Tcg2MeasureGptTable ( NumberOfPartition = 0; for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { - NumberOfPartition++; + NumberOfPartition++; } PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); } // // Prepare Data for Measurement - // - EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) + // + EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); if (Tcg2Event == NULL) { @@ -224,11 +224,11 @@ Tcg2MeasureGptTable ( Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; Tcg2Event->Header.PCRIndex = 5; Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT; - GptData = (EFI_GPT_DATA *) Tcg2Event->Event; + GptData = (EFI_GPT_DATA *) Tcg2Event->Event; // // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition - // + // CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); GptData->NumberOfPartitions = NumberOfPartition; // @@ -286,7 +286,7 @@ Tcg2MeasureGptTable ( @retval EFI_SUCCESS Successfully measure image. @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. - @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. + @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. @retval other error value **/ @@ -381,27 +381,27 @@ Finish: } /** - The security handler is used to abstract platform-specific policy - from the DXE core response to an attempt to use a file that returns a - given status for the authentication check from the section extraction protocol. + The security handler is used to abstract platform-specific policy + from the DXE core response to an attempt to use a file that returns a + given status for the authentication check from the section extraction protocol. - The possible responses in a given SAP implementation may include locking - flash upon failure to authenticate, attestation logging for all signed drivers, - and other exception operations. The File parameter allows for possible logging + The possible responses in a given SAP implementation may include locking + flash upon failure to authenticate, attestation logging for all signed drivers, + and other exception operations. The File parameter allows for possible logging within the SAP of the driver. If File is NULL, then EFI_INVALID_PARAMETER is returned. - If the file specified by File with an authentication status specified by + If the file specified by File with an authentication status specified by AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned. - If the file specified by File with an authentication status specified by - AuthenticationStatus is not safe for the DXE Core to use under any circumstances, + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use under any circumstances, then EFI_ACCESS_DENIED is returned. - If the file specified by File with an authentication status specified by - AuthenticationStatus is not safe for the DXE Core to use right now, but it - might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use right now, but it + might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is returned. @param[in] AuthenticationStatus This is the authentication status returned @@ -453,7 +453,7 @@ DxeTpm2MeasureBootHandler ( ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); Status = Tcg2Protocol->GetCapability ( - Tcg2Protocol, + Tcg2Protocol, &ProtocolCapability ); if (EFI_ERROR (Status) || (!ProtocolCapability.TPMPresentFlag)) { @@ -468,7 +468,7 @@ DxeTpm2MeasureBootHandler ( // Copy File Device Path // OrigDevicePathNode = DuplicateDevicePath (File); - + // // 1. Check whether this device path support BlockIo protocol. // Is so, this device path may be a GPT device path. @@ -489,8 +489,8 @@ DxeTpm2MeasureBootHandler ( DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { // // Check whether it is a gpt partition or not - // - if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && + // + if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { // @@ -526,7 +526,7 @@ DxeTpm2MeasureBootHandler ( DevicePathNode = NextDevicePathNode (DevicePathNode); } } - + // // 2. Measure PE image. // @@ -560,7 +560,7 @@ DxeTpm2MeasureBootHandler ( TempHandle = Handle; do { Status = gBS->HandleProtocol( - TempHandle, + TempHandle, &gEfiFirmwareVolumeBlockProtocolGuid, (VOID**)&FvbProtocol ); @@ -619,16 +619,16 @@ DxeTpm2MeasureBootHandler ( // goto Finish; } - + // // Measure only application if Application flag is set // Measure drivers and applications if Application flag is not set // - if ((!ApplicationRequired) || - (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { + if ((!ApplicationRequired) || + (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { // // Print the image path to be measured. - // + // DEBUG_CODE_BEGIN (); CHAR16 *ToText; ToText = ConvertDevicePathToText ( @@ -647,10 +647,10 @@ DxeTpm2MeasureBootHandler ( // Status = Tcg2MeasurePeImage ( Tcg2Protocol, - (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, - FileSize, - (UINTN) ImageContext.ImageAddress, - ImageContext.ImageType, + (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, + FileSize, + (UINTN) ImageContext.ImageAddress, + ImageContext.ImageType, DevicePathNode ); DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - Tcg2MeasurePeImage - %r\n", Status)); diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf index 939f6fb19b..e5aaba2407 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf @@ -4,15 +4,15 @@ # Spec Compliance Info: # "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 00.21" # -# This library instance hooks LoadImage() API to measure every image that +# This library instance hooks LoadImage() API to measure every image that # is not measured in PEI phase. And, it will also measure GPT partition. # # Caution: This module requires additional review when modified. # This library will have external input - PE/COFF image and GPT partition. -# This external input must be validated carefully to avoid security issues such +# This external input must be validated carefully to avoid security issues such # as buffer overflow or integer overflow. # -# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -29,7 +29,7 @@ FILE_GUID = 778CE4F4-36BD-4ae7-B8F0-10B420B0D174 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER CONSTRUCTOR = DxeTpm2MeasureBootLibConstructor # diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni index 260dd04481..20f7453098 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni @@ -3,13 +3,13 @@ // // This library instance hooks LoadImage() API to measure every image that // is not measured in PEI phase. And, it will also measure GPT partition. -// +// // Caution: This module requires additional review when modified. // This library will have external input - PE/COFF image and GPT partition. // This external input must be validated carefully to avoid security issues such // as buffer overflow or integer overflow. // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index 8167a21929..c54ab62e27 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -1,5 +1,5 @@ /** @file - The library instance provides security service of TPM measure boot. + The library instance provides security service of TPM measure boot. Caution: This file requires additional review when modified. This library will have external input - PE/COFF image and GPT partition. @@ -15,13 +15,13 @@ TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse partition data carefully. -Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -68,11 +68,11 @@ MEASURED_HOB_DATA *mMeasuredHobData = NULL; @param FileHandle Pointer to the file handle to read the PE/COFF image. @param FileOffset Offset into the PE/COFF image to begin the read operation. - @param ReadSize On input, the size in bytes of the requested read operation. + @param ReadSize On input, the size in bytes of the requested read operation. On output, the number of bytes actually read. @param Buffer Output buffer that contains the data read from the PE/COFF image. - - @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size + + @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size **/ EFI_STATUS EFIAPI @@ -157,11 +157,11 @@ TcgMeasureGptTable ( } // // Read the EFI Partition Table Header - // + // PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); if (PrimaryHeader == NULL) { return EFI_OUT_OF_RESOURCES; - } + } Status = DiskIo->ReadDisk ( DiskIo, BlockIo->Media->MediaId, @@ -173,7 +173,7 @@ TcgMeasureGptTable ( DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n")); FreePool (PrimaryHeader); return EFI_DEVICE_ERROR; - } + } // // Read the partition entry. // @@ -194,7 +194,7 @@ TcgMeasureGptTable ( FreePool (EntryPtr); return EFI_DEVICE_ERROR; } - + // // Count the valid partition // @@ -202,15 +202,15 @@ TcgMeasureGptTable ( NumberOfPartition = 0; for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { - NumberOfPartition++; + NumberOfPartition++; } PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); } // // Prepare Data for Measurement - // - EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) + // + EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR)); if (TcgEvent == NULL) { @@ -222,11 +222,11 @@ TcgMeasureGptTable ( TcgEvent->PCRIndex = 5; TcgEvent->EventType = EV_EFI_GPT_EVENT; TcgEvent->EventSize = EventSize; - GptData = (EFI_GPT_DATA *) TcgEvent->Event; + GptData = (EFI_GPT_DATA *) TcgEvent->Event; // // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition - // + // CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); GptData->NumberOfPartitions = NumberOfPartition; // @@ -278,7 +278,7 @@ TcgMeasureGptTable ( PE/COFF image is external input, so this function will validate its data structure within this image buffer before use. - Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in + Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in its caller function DxeTpmMeasureBootHandler(). @param[in] TcgProtocol Pointer to the located TCG protocol instance. @@ -290,7 +290,7 @@ TcgMeasureGptTable ( @retval EFI_SUCCESS Successfully measure image. @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. - @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. + @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. @retval other error value **/ @@ -420,8 +420,8 @@ TcgMeasurePeImage ( // if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value - // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the + // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value + // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC // @@ -432,7 +432,7 @@ TcgMeasurePeImage ( // Magic = Hdr.Pe32->OptionalHeader.Magic; } - + // // 3. Calculate the distance from the base of the image header to the image checksum address. // 4. Hash the image header from its base to beginning of the image checksum. @@ -455,7 +455,7 @@ TcgMeasurePeImage ( HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); if (!HashStatus) { goto Finish; - } + } // // 5. Skip over the image checksum (it occupies a single ULONG). @@ -484,7 +484,7 @@ TcgMeasurePeImage ( if (!HashStatus) { goto Finish; } - } + } } else { // // 7. Hash everything from the end of the checksum to the start of the Cert Directory. @@ -498,7 +498,7 @@ TcgMeasurePeImage ( } else { // // Use PE32+ offset - // + // HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } @@ -527,7 +527,7 @@ TcgMeasurePeImage ( HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); } - + if (HashSize != 0) { HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); if (!HashStatus) { @@ -690,27 +690,27 @@ Finish: } /** - The security handler is used to abstract platform-specific policy - from the DXE core response to an attempt to use a file that returns a - given status for the authentication check from the section extraction protocol. + The security handler is used to abstract platform-specific policy + from the DXE core response to an attempt to use a file that returns a + given status for the authentication check from the section extraction protocol. - The possible responses in a given SAP implementation may include locking - flash upon failure to authenticate, attestation logging for all signed drivers, - and other exception operations. The File parameter allows for possible logging + The possible responses in a given SAP implementation may include locking + flash upon failure to authenticate, attestation logging for all signed drivers, + and other exception operations. The File parameter allows for possible logging within the SAP of the driver. If File is NULL, then EFI_INVALID_PARAMETER is returned. - If the file specified by File with an authentication status specified by + If the file specified by File with an authentication status specified by AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned. - If the file specified by File with an authentication status specified by - AuthenticationStatus is not safe for the DXE Core to use under any circumstances, + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use under any circumstances, then EFI_ACCESS_DENIED is returned. - If the file specified by File with an authentication status specified by - AuthenticationStatus is not safe for the DXE Core to use right now, but it - might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use right now, but it + might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is returned. @param[in] AuthenticationStatus This is the authentication status returned @@ -764,7 +764,7 @@ DxeTpmMeasureBootHandler ( ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); Status = TcgProtocol->StatusCheck ( - TcgProtocol, + TcgProtocol, &ProtocolCapability, &TCGFeatureFlags, &EventLogLocation, @@ -781,7 +781,7 @@ DxeTpmMeasureBootHandler ( // Copy File Device Path // OrigDevicePathNode = DuplicateDevicePath (File); - + // // 1. Check whether this device path support BlockIo protocol. // Is so, this device path may be a GPT device path. @@ -802,8 +802,8 @@ DxeTpmMeasureBootHandler ( DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { // // Check whether it is a gpt partition or not - // - if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && + // + if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { // @@ -838,7 +838,7 @@ DxeTpmMeasureBootHandler ( DevicePathNode = NextDevicePathNode (DevicePathNode); } } - + // // 2. Measure PE image. // @@ -872,7 +872,7 @@ DxeTpmMeasureBootHandler ( TempHandle = Handle; do { Status = gBS->HandleProtocol( - TempHandle, + TempHandle, &gEfiFirmwareVolumeBlockProtocolGuid, (VOID**)&FvbProtocol ); @@ -931,16 +931,16 @@ DxeTpmMeasureBootHandler ( // goto Finish; } - + // // Measure only application if Application flag is set // Measure drivers and applications if Application flag is not set // - if ((!ApplicationRequired) || - (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { + if ((!ApplicationRequired) || + (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { // // Print the image path to be measured. - // + // DEBUG_CODE_BEGIN (); CHAR16 *ToText; ToText = ConvertDevicePathToText ( @@ -959,10 +959,10 @@ DxeTpmMeasureBootHandler ( // Status = TcgMeasurePeImage ( TcgProtocol, - (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, - FileSize, - (UINTN) ImageContext.ImageAddress, - ImageContext.ImageType, + (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, + FileSize, + (UINTN) ImageContext.ImageAddress, + ImageContext.ImageType, DevicePathNode ); } diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf index 553e68321e..a2c5847747 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf @@ -1,15 +1,15 @@ ## @file # Provides security service for TPM 1.2 measured boot # -# This library instance hooks LoadImage() API to measure every image that +# This library instance hooks LoadImage() API to measure every image that # is not measured in PEI phase. And, it will also measure GPT partition. # # Caution: This module requires additional review when modified. # This library will have external input - PE/COFF image and GPT partition. -# This external input must be validated carefully to avoid security issues such +# This external input must be validated carefully to avoid security issues such # as buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -26,7 +26,7 @@ FILE_GUID = 6C60C7D0-922A-4b7c-87D7-E503EDD73BBF MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER CONSTRUCTOR = DxeTpmMeasureBootLibConstructor # diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni index 74d6e76d52..f3f64395f1 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni @@ -3,13 +3,13 @@ // // This library instance hooks LoadImage() API to measure every image that // is not measured in PEI phase. And, it will also measure GPT partition. -// +// // Caution: This module requires additional review when modified. // This library will have external input - PE/COFF image and GPT partition. // This external input must be validated carefully to avoid security issues such // as buffer overflow or integer overflow. // -// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c index 7a2ec7f221..8c56a713d8 100644 --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c @@ -1,7 +1,7 @@ /** @file This library is used by other modules to measure data to TPM. -Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -171,7 +171,7 @@ Tpm20MeasureAndLogData ( @retval EFI_DEVICE_ERROR The operation was unsuccessful. **/ EFI_STATUS -EFIAPI +EFIAPI TpmMeasureAndLogData ( IN UINT32 PcrIndex, IN UINT32 EventType, diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf index 410eb788db..17527ba025 100644 --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf @@ -1,10 +1,10 @@ ## @file # Provides TPM measurement functions for TPM1.2 and TPM 2.0 -# -# This library provides TpmMeasureAndLogData() to measure and log data, and +# +# This library provides TpmMeasureAndLogData() to measure and log data, and # extend the measurement result into a specific PCR. # -# Copyright (c) 2012 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,7 +20,7 @@ FILE_GUID = 30930D10-AF5B-4abf-80E6-EB4FFC0AE9D1 MODULE_TYPE = UEFI_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER MODULE_UNI_FILE = DxeTpmMeasurementLib.uni # diff --git a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c index 6dc3508be0..d09b68c8b1 100644 --- a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c +++ b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c @@ -2,7 +2,7 @@ This library is BaseCrypto SHA1 hash instance. It can be registered to BaseCrypto router, to serve as hash engine. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -118,7 +118,7 @@ Sha1HashFinal ( Sha1Final (Sha1Ctx, Digest); FreePool (Sha1Ctx); - + Tpm2SetSha1ToDigestList (DigestList, Digest); return EFI_SUCCESS; @@ -133,7 +133,7 @@ HASH_INTERFACE mSha1InternalHashInstance = { /** The function register SHA1 instance. - + @retval EFI_SUCCESS SHA1 instance is registered, or system dose not surpport registr SHA1 instance **/ EFI_STATUS @@ -152,4 +152,4 @@ HashInstanceLibSha1Constructor ( return EFI_SUCCESS; } return Status; -} \ No newline at end of file +} diff --git a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c index 32e03120be..44dc77928e 100644 --- a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c +++ b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c @@ -2,7 +2,7 @@ This library is BaseCrypto SHA256 hash instance. It can be registered to BaseCrypto router, to serve as hash engine. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -118,7 +118,7 @@ Sha256HashFinal ( Sha256Final (Sha256Ctx, Digest); FreePool (Sha256Ctx); - + Tpm2SetSha256ToDigestList (DigestList, Digest); return EFI_SUCCESS; @@ -133,7 +133,7 @@ HASH_INTERFACE mSha256InternalHashInstance = { /** The function register SHA256 instance. - + @retval EFI_SUCCESS SHA256 instance is registered, or system dose not surpport registr SHA256 instance **/ EFI_STATUS @@ -152,4 +152,4 @@ HashInstanceLibSha256Constructor ( return EFI_SUCCESS; } return Status; -} \ No newline at end of file +} diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c index 7bb5087550..73a616a0df 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -3,7 +3,7 @@ hash handler registerd, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines. -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -269,16 +269,16 @@ RegisterHashInterfaceLib ( CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof(*HashInterface)); mHashInterfaceCount ++; - + return EFI_SUCCESS; } /** The constructor function of HashLibBaseCryptoRouterDxe. - + @param ImageHandle The firmware allocated handle for the EFI image. @param SystemTable A pointer to the EFI System Table. - + @retval EFI_SUCCESS The constructor executed correctly. **/ diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf index 6e660d4f14..4e9ce56c69 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf @@ -2,10 +2,10 @@ # Provides hash service by registered hash handler # # This library is BaseCrypto router. It will redirect hash request to each individual -# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to +# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to # mask some hash engines. # -# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -22,7 +22,7 @@ FILE_GUID = 158DC712-F15A-44dc-93BB-1675045BE066 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = HashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = HashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER CONSTRUCTOR = HashLibBaseCryptoRouterDxeConstructor # diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c index bf6e1336ee..b9868e6b9d 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c @@ -3,7 +3,7 @@ hash handler registerd, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines. -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -374,7 +374,7 @@ RegisterHashInterfaceLib ( CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface)); HashInterfaceHob->HashInterfaceCount ++; - + return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf index 018090b8fa..20824ce75e 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf @@ -2,10 +2,10 @@ # Provides hash service by registered hash handler # # This library is BaseCrypto router. It will redirect hash request to each individual -# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to +# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to # mask some hash engines. # -# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at diff --git a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c index cd5dde5be3..fac27eef11 100644 --- a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c +++ b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c @@ -1,7 +1,7 @@ /** @file This library uses TPM2 device to calculation hash. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -339,4 +339,4 @@ RegisterHashInterfaceLib ( ) { return EFI_UNSUPPORTED; -} \ No newline at end of file +} diff --git a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf index f807cc7f3d..db97d4547d 100644 --- a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf +++ b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf @@ -1,10 +1,10 @@ ## @file # Provides hash service using TPM2 device # -# This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to +# This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to # mask some hash calculation. # -# Copyright (c) 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c index 2272308ddc..e059f64c9b 100644 --- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c +++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c @@ -1,17 +1,17 @@ /** @file - This library registers RSA 2048 SHA 256 guided section handler + This library registers RSA 2048 SHA 256 guided section handler to parse RSA 2048 SHA 256 encapsulation section and extract raw data. It uses the BaseCrypyLib based on OpenSSL to authenticate the signature. -Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -48,7 +48,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; /** GetInfo gets raw data size and attribute of the input guided section. - It first checks whether the input guid section is supported. + It first checks whether the input guid section is supported. If not, EFI_INVALID_PARAMETER will return. @param InputSection Buffer containing the input GUIDed section to be processed. @@ -56,7 +56,7 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; @param ScratchBufferSize The size of ScratchBuffer. @param SectionAttribute The attribute of the input guided section. - @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and + @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and the attribute of the input section are successfully retrieved. @retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid. @@ -109,7 +109,7 @@ Rsa2048Sha256GuidedSectionGetInfo ( Extraction handler tries to extract raw data from the input guided section. It also does authentication check for RSA 2048 SHA 256 signature in the input guided section. - It first checks whether the input guid section is supported. + It first checks whether the input guid section is supported. If not, EFI_INVALID_PARAMETER will return. @param InputSection Buffer containing the input GUIDed section to be processed. @@ -140,10 +140,10 @@ Rsa2048Sha256GuidedSectionHandler ( UINTN PublicKeyBufferSize; VOID *HashContext; VOID *Rsa; - + HashContext = NULL; Rsa = NULL; - + if (IS_SECTION2 (InputSection)) { // // Check whether the input guid section is recognized. @@ -153,7 +153,7 @@ Rsa2048Sha256GuidedSectionHandler ( &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { return EFI_INVALID_PARAMETER; } - + // // Get the RSA 2048 SHA 256 information. // @@ -181,7 +181,7 @@ Rsa2048Sha256GuidedSectionHandler ( &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { return EFI_INVALID_PARAMETER; } - + // // Get the RSA 2048 SHA 256 information. // @@ -206,7 +206,7 @@ Rsa2048Sha256GuidedSectionHandler ( // All paths from here return EFI_SUCESS and result is returned in AuthenticationStatus // Status = EFI_SUCCESS; - + // // Fail if the HashType is not SHA 256 // @@ -248,7 +248,7 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - + // // Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer // @@ -283,8 +283,8 @@ Rsa2048Sha256GuidedSectionHandler ( *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; goto Done; } - - // + + // // Set RSA Key Components. // NOTE: Only N and E are needed to be set as RSA public key for signature verification. // @@ -331,10 +331,10 @@ Rsa2048Sha256GuidedSectionHandler ( // PERF_INMODULE_BEGIN ("PeiRsaVerify"); CryptoStatus = RsaPkcs1Verify ( - Rsa, - Digest, - SHA256_DIGEST_SIZE, - CertBlockRsa2048Sha256->Signature, + Rsa, + Digest, + SHA256_DIGEST_SIZE, + CertBlockRsa2048Sha256->Signature, sizeof (CertBlockRsa2048Sha256->Signature) ); PERF_INMODULE_END ("PeiRsaVerify"); diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf index 3b781c71c7..d11d7309f9 100644 --- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf +++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf @@ -1,11 +1,11 @@ ## @file -# This library doesn't produce any library class. The constructor function uses +# This library doesn't produce any library class. The constructor function uses # ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler # that parses RSA 2048 SHA 256 encapsulation section and extracts raw data. # # It uses the BaseCrypyLib based on OpenSSL to authenticate the signature. # -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -49,10 +49,10 @@ PcdLib PerformanceLib -[Pcd] +[Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## SOMETIMES_CONSUMES - + [Guids] gEfiCertTypeRsa2048Sha256Guid ## PRODUCES ## UNDEFINED # Specifies RSA 2048 SHA 256 authentication algorithm. gEfiHashAlgorithmSha256Guid ## SOMETIMES_CONSUMES ## UNDEFINED - \ No newline at end of file + diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni index 5a043efbb2..19131a71ab 100644 --- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni +++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni @@ -3,10 +3,10 @@ // // ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler // that parses RSA 2048 SHA 256 encapsulation section and extracts raw data. -// +// // It uses the BaseCrypyLib based on OpenSSL to authenticate the signature. // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c index e190718907..a4c3cb8aeb 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c @@ -1,15 +1,15 @@ /** @file Get TPM 2.0 physical presence information. - + This library will get TPM 2.0 physical presence information. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -39,7 +39,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; UINTN DataSize; - + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); ASSERT_EFI_ERROR (Status); diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf index 6d0b7a00cb..adcbceedb3 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf @@ -3,7 +3,7 @@ # # This library will get TPM 2.0 physical presence information. # -# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -40,7 +40,7 @@ DebugLib PeiServicesLib PeiServicesTablePointerLib - + [Guids] ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" gEfiTcg2PhysicalPresenceGuid @@ -49,4 +49,4 @@ gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES [Depex] - gEfiPeiReadOnlyVariable2PpiGuid \ No newline at end of file + gEfiPeiReadOnlyVariable2PpiGuid diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni index b562ca223c..e41cbcbba4 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni @@ -2,8 +2,8 @@ // Get TPM 2.0 physical presence information. // // This library will get TPM 2.0 physical presence information. -// -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// +// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c index 8dc07ec74a..0c6ded22f3 100644 --- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c +++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c @@ -1,16 +1,16 @@ /** @file - NULL PlatformSecureLib instance does NOT really detect whether a physical present + NULL PlatformSecureLib instance does NOT really detect whether a physical present user exists but return TRUE directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -20,7 +20,7 @@ BOOLEAN mUserPhysicalPresence = FALSE; /** This function provides a platform-specific method to detect whether the platform - is operating by a physically present user. + is operating by a physically present user. Programmatic changing of platform security policy (such as disable Secure Boot, or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during @@ -29,7 +29,7 @@ BOOLEAN mUserPhysicalPresence = FALSE; NOTE THAT: This function cannot depend on any EFI Variable Service since they are not available when this function is called in AuthenticateVariable driver. - + @retval TRUE The platform is operated by a physically present user. @retval FALSE The platform is NOT operated by a physically present user. @@ -40,7 +40,7 @@ UserPhysicalPresent ( VOID ) { - return mUserPhysicalPresence; + return mUserPhysicalPresence; } diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf index be415f4166..2f2ea4fc25 100644 --- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf +++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf @@ -1,12 +1,12 @@ ## @file # NULL platform secure library instance that alway returns TRUE for a user physical present # -# NULL PlatformSecureLib instance does NOT really detect whether a physical present +# NULL PlatformSecureLib instance does NOT really detect whether a physical present # user exists but returns TRUE directly. This instance can be used to verify security # related features during platform enabling and development. It should be replaced # by a platform-specific method(e.g. Button pressed) in a real platform for product. # -# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c index 6a4dce9198..ddd223f4d9 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c @@ -1,6 +1,6 @@ /** @file Handle TPM 2.0 physical presence requests from OS. - + This library will handle TPM 2.0 physical presence request from OS. Caution: This module requires additional review when modified. @@ -11,12 +11,12 @@ will receive untrusted input and do validation. Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -151,7 +151,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( DataSize, &PpData ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status)); ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; goto EXIT; @@ -203,7 +203,7 @@ EXIT: This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + @param[in] OperationRequest TPM physical presence operation request. @param[in] RequestParameter TPM physical presence operation request parameter. @@ -233,7 +233,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + @param[in] OperationRequest TPM physical presence operation request. @return Return Code for Get User Confirmation Status for Operation. @@ -249,7 +249,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( EFI_TCG2_PHYSICAL_PRESENCE PpData; EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; BOOLEAN RequestConfirmed; - + DEBUG ((EFI_D_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest)); // @@ -314,7 +314,7 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( RequestConfirmed = TRUE; } break; - + case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: RequestConfirmed = TRUE; break; @@ -369,17 +369,17 @@ Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED; } else { return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED; - } + } } /** The constructor function locates SmmVariable protocol. - - It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. @param ImageHandle The firmware allocated handle for the EFI image. @param SystemTable A pointer to the EFI System Table. - + @retval EFI_SUCCESS The constructor successfully added string package. @retval Other value The constructor can't add string package. **/ diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf index 83670971c9..dd46e0ec21 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf @@ -57,4 +57,4 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES [Depex] - gEfiSmmVariableProtocolGuid \ No newline at end of file + gEfiSmmVariableProtocolGuid diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni index 268db455d9..e252a82ed7 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni @@ -2,12 +2,12 @@ // Handle TPM 2.0 physical presence requests from OS. // // This library will handle TPM 2.0 physical presence request from OS. -// +// // Caution: This module requires additional review when modified. // This driver will have external input - variable. // This external input must be validated carefully to avoid security issue. // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c index 93cb312d90..a1ec9e71c5 100644 --- a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c +++ b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c @@ -1,13 +1,13 @@ /** @file NULL Tcg2 PP Vendor library instance that does not support any vendor specific PPI. -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -19,9 +19,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. Check and execute the requested physical presence command. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] PlatformAuth platform auth value. NULL means no platform auth change. @@ -50,7 +50,7 @@ Tcg2PpVendorLibExecutePendingRequest ( Check if there is a valid physical presence command request. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. If OperationRequest < 128, then ASSERT(). @@ -84,7 +84,7 @@ Tcg2PpVendorLibHasValidRequest ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. @@ -113,7 +113,7 @@ Tcg2PpVendorLibSubmitRequestToPreOSFunction ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. diff --git a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf index f953fe95a7..0a1588a908 100644 --- a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf +++ b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf @@ -1,7 +1,7 @@ ## @file # NULL Tcg PP Vendor library instance that does not support any vendor specific PPI # -# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -32,6 +32,6 @@ [Packages] MdePkg/MdePkg.dec SecurityPkg/SecurityPkg.dec - + [LibraryClasses] - DebugLib \ No newline at end of file + DebugLib diff --git a/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c b/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c index ddd6d727cc..000f2be97e 100644 --- a/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c +++ b/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c @@ -1,13 +1,13 @@ /** @file NULL TCG PP Vendor library instance that does not support any vendor specific PPI. -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -19,9 +19,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. Check and execute the requested physical presence command. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. @@ -48,7 +48,7 @@ TcgPpVendorLibExecutePendingRequest ( Check if there is a valid physical presence command request. This API should be invoked in BIOS boot phase to process pending request. - + Caution: This function may receive untrusted input. If OperationRequest < 128, then ASSERT(). @@ -82,7 +82,7 @@ TcgPpVendorLibHasValidRequest ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. @@ -109,7 +109,7 @@ TcgPpVendorLibSubmitRequestToPreOSFunction ( This API should be invoked in OS runtime phase to interface with ACPI method. Caution: This function may receive untrusted input. - + If OperationRequest < 128, then ASSERT(). @param[in] OperationRequest TPM physical presence operation request. diff --git a/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf b/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf index 9674386abd..db1abb4c53 100644 --- a/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf +++ b/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf @@ -1,7 +1,7 @@ ## @file # NULL TCG PP Vendor library instance that does not support any vendor specific PPI # -# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -32,6 +32,6 @@ [Packages] MdePkg/MdePkg.dec SecurityPkg/SecurityPkg.dec - + [LibraryClasses] - DebugLib \ No newline at end of file + DebugLib diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c index cf37cad004..4947f4ff27 100644 --- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c +++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c @@ -1143,7 +1143,7 @@ OpalSetLockingSpAuthorityEnabledAndPin( ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); // - // For Pyrite type SSC, it not supports Active Key. + // For Pyrite type SSC, it not supports Active Key. // So here add check logic before enable it. // Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey); diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c index e176b00f6b..40bc2c3711 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c @@ -1,7 +1,7 @@ /** @file Implement TPM1.2 NV storage related command. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -58,7 +58,7 @@ typedef struct { /** Send NV DefineSpace command to TPM1.2. - + @param PubInfo The public parameters of the NV area. @param EncAuth The encrypted AuthData, only valid if the attributes require subsequent authorization. @@ -180,7 +180,7 @@ Tpm12NvReadValue ( /** Send NV WriteValue command to TPM1.2. - + @param NvIndex The index of the area to set. @param Offset The offset into the NV Area. @param DataSize The size of the data parameter. diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c index 0b1bf5c536..c4bad5ba1b 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c @@ -1,7 +1,7 @@ /** @file Implement TPM1.2 Ownership related command. -Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -52,4 +52,4 @@ Tpm12ForceClear ( default: return EFI_DEVICE_ERROR; } -} \ No newline at end of file +} diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf index 30b399499e..949493cae8 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf @@ -1,11 +1,11 @@ ## @file # Provides TPM 1.2 TIS functions -# -# This library implements TIS (TPM Interface Specification) functions which is -# used for every TPM 1.2 command. Choosing this library means platform uses and +# +# This library implements TIS (TPM Interface Specification) functions which is +# used for every TPM 1.2 command. Choosing this library means platform uses and # only uses TPM 1.2 device. # -# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -45,4 +45,4 @@ DebugLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES \ No newline at end of file + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c index c392b4b215..72802f44cc 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c +++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c @@ -1,14 +1,14 @@ /** @file TIS (TPM Interface Specification) functions used by TPM1.2. - -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+ +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -52,7 +52,7 @@ Tpm12TisPcPresenceCheck ( ) { UINT8 RegRead; - + RegRead = MmioRead8 ((UINTN)&TisReg->Access); return (BOOLEAN)(RegRead != (UINT8)-1); } @@ -127,7 +127,7 @@ Tpm12TisPcWaitRegisterBits ( } /** - Get BurstCount by reading the burstCount field of a TIS regiger + Get BurstCount by reading the burstCount field of a TIS regiger in the time of default TIS_TIMEOUT_D. @param[in] TisReg Pointer to TIS register. @@ -171,7 +171,7 @@ Tpm12TisPcReadBurstCount ( } /** - Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY to Status Register in time. @param[in] TisReg Pointer to TIS register. @@ -202,7 +202,7 @@ Tpm12TisPcPrepareCommand ( } /** - Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE to ACCESS Register in the time of default TIS_TIMEOUT_A. @param[in] TisReg Pointer to TIS register. @@ -218,11 +218,11 @@ Tpm12TisPcRequestUseTpm ( ) { EFI_STATUS Status; - + if (TisReg == NULL) { return EFI_INVALID_PARAMETER; } - + if (!Tpm12TisPcPresenceCheck (TisReg)) { return EFI_NOT_FOUND; } @@ -240,12 +240,12 @@ Tpm12TisPcRequestUseTpm ( /** Send a command to TPM for execution and return response data. - @param[in] TisReg TPM register space base address. - @param[in] BufferIn Buffer for command data. - @param[in] SizeIn Size of command data. - @param[in, out] BufferOut Buffer for response data. - @param[in, out] SizeOut Size of response data. - + @param[in] TisReg TPM register space base address. + @param[in] BufferIn Buffer for command data. + @param[in] SizeIn Size of command data. + @param[in, out] BufferOut Buffer for response data. + @param[in, out] SizeOut Size of response data. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. @retval EFI_DEVICE_ERROR Unexpected device behavior. @@ -422,7 +422,7 @@ Exit: @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI diff --git a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c index 126ec06cbd..e119f86320 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c +++ b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c @@ -1,7 +1,7 @@ /** @file This library is TPM12 TCG protocol lib. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -21,7 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include -EFI_TCG_PROTOCOL *mTcgProtocol = NULL; +EFI_TCG_PROTOCOL *mTcgProtocol = NULL; /** This service enables the sending of commands to the TPM12. @@ -33,7 +33,7 @@ EFI_TCG_PROTOCOL *mTcgProtocol = NULL; @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI diff --git a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf index 76ea4924a4..25b7260f72 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf +++ b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf @@ -4,7 +4,7 @@ # This library helps to use TPM 1.2 device in library function API # based on TCG protocol. # -# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -21,7 +21,7 @@ FILE_GUID = 4D8B77D9-E923-48f8-B070-4053D78B7E56 MODULE_TYPE = BASE VERSION_STRING = 1.0 - LIBRARY_CLASS = Tpm12DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = Tpm12DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER # # The following information is for reference only and not required by the build tools. diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c index b11a8ac3e2..734cea7c1f 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -48,25 +48,25 @@ typedef struct { /** This command returns various information regarding the TPM and its current state. - The capability parameter determines the category of data returned. The property parameter - selects the first value of the selected category to be returned. If there is no property + The capability parameter determines the category of data returned. The property parameter + selects the first value of the selected category to be returned. If there is no property that corresponds to the value of property, the next higher value is returned, if it exists. - The moreData parameter will have a value of YES if there are more values of the requested + The moreData parameter will have a value of YES if there are more values of the requested type that were not returned. - If no next capability exists, the TPM will return a zero-length list and moreData will have + If no next capability exists, the TPM will return a zero-length list and moreData will have a value of NO. - NOTE: - To simplify this function, leave returned CapabilityData for caller to unpack since there are + NOTE: + To simplify this function, leave returned CapabilityData for caller to unpack since there are many capability categories and only few categories will be used in firmware. It means the caller need swap the byte order for the feilds in CapabilityData. @param[in] Capability Group selection; determines the format of the response. - @param[in] Property Further definition of information. + @param[in] Property Further definition of information. @param[in] PropertyCount Number of properties of the indicated type to return. @param[out] MoreData Flag to indicate if there are more values of this type. @param[out] CapabilityData The capability data. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -95,10 +95,10 @@ Tpm2GetCapability ( SendBuffer.Capability = SwapBytes32 (Capability); SendBuffer.Property = SwapBytes32 (Property); SendBuffer.PropertyCount = SwapBytes32 (PropertyCount); - + SendBufferSize = (UINT32) sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); - + // // send Tpm command // @@ -128,7 +128,7 @@ Tpm2GetCapability ( // Does not unpack all possiable property here, the caller should unpack it and note the byte order. // CopyMem (CapabilityData, &RecvBuffer.CapabilityData, RecvBufferSize - sizeof (TPM2_RESPONSE_HEADER) - sizeof (UINT8)); - + return EFI_SUCCESS; } @@ -138,7 +138,7 @@ Tpm2GetCapability ( This function parse the value got from TPM2_GetCapability and return the Family. @param[out] Family The Family of TPM. (a 4-octet character string) - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -150,13 +150,13 @@ Tpm2GetCapabilityFamily ( { TPMS_CAPABILITY_DATA TpmCap; TPMI_YES_NO MoreData; - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_FAMILY_INDICATOR, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_FAMILY_INDICATOR, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -173,7 +173,7 @@ Tpm2GetCapabilityFamily ( This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID. @param[out] ManufactureId The manufacture ID of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -185,13 +185,13 @@ Tpm2GetCapabilityManufactureID ( { TPMS_CAPABILITY_DATA TpmCap; TPMI_YES_NO MoreData; - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_MANUFACTURER, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_MANUFACTURER, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -209,7 +209,7 @@ Tpm2GetCapabilityManufactureID ( @param[out] FirmwareVersion1 The FirmwareVersion1. @param[out] FirmwareVersion2 The FirmwareVersion2. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -222,13 +222,13 @@ Tpm2GetCapabilityFirmwareVersion ( { TPMS_CAPABILITY_DATA TpmCap; TPMI_YES_NO MoreData; - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_FIRMWARE_VERSION_1, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_FIRMWARE_VERSION_1, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -237,10 +237,10 @@ Tpm2GetCapabilityFirmwareVersion ( *FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_FIRMWARE_VERSION_2, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_FIRMWARE_VERSION_2, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -258,7 +258,7 @@ Tpm2GetCapabilityFirmwareVersion ( @param[out] MaxCommandSize The maximum value for commandSize in a command. @param[out] MaxResponseSize The maximum value for responseSize in a command. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -274,10 +274,10 @@ Tpm2GetCapabilityMaxCommandResponseSize ( EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_MAX_COMMAND_SIZE, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_MAX_COMMAND_SIZE, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -287,10 +287,10 @@ Tpm2GetCapabilityMaxCommandResponseSize ( *MaxCommandSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_MAX_RESPONSE_SIZE, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_MAX_RESPONSE_SIZE, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -298,17 +298,17 @@ Tpm2GetCapabilityMaxCommandResponseSize ( } *MaxResponseSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); - return EFI_SUCCESS; + return EFI_SUCCESS; } /** This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an - algorithm ID and a set of properties of the algorithm. + algorithm ID and a set of properties of the algorithm. This function parse the value got from TPM2_GetCapability and return the list. @param[out] AlgList List of algorithm. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -322,24 +322,24 @@ Tpm2GetCapabilitySupportedAlg ( TPMI_YES_NO MoreData; UINTN Index; EFI_STATUS Status; - + Status = Tpm2GetCapability ( - TPM_CAP_ALGS, - 1, - MAX_CAP_ALGS, - &MoreData, + TPM_CAP_ALGS, + 1, + MAX_CAP_ALGS, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { return Status; } - + CopyMem (AlgList, &TpmCap.data.algorithms, sizeof (TPML_ALG_PROPERTY)); AlgList->count = SwapBytes32 (AlgList->count); if (AlgList->count > MAX_CAP_ALGS) { DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilitySupportedAlg - AlgList->count error %x\n", AlgList->count)); - return EFI_DEVICE_ERROR; + return EFI_DEVICE_ERROR; } for (Index = 0; Index < AlgList->count; Index++) { @@ -356,7 +356,7 @@ Tpm2GetCapabilitySupportedAlg ( This function parse the value got from TPM2_GetCapability and return the LockoutCounter. @param[out] LockoutCounter The LockoutCounter of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -368,13 +368,13 @@ Tpm2GetCapabilityLockoutCounter ( { TPMS_CAPABILITY_DATA TpmCap; TPMI_YES_NO MoreData; - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_LOCKOUT_COUNTER, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_LOCKOUT_COUNTER, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -391,7 +391,7 @@ Tpm2GetCapabilityLockoutCounter ( This function parse the value got from TPM2_GetCapability and return the LockoutInterval. @param[out] LockoutInterval The LockoutInterval of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -403,13 +403,13 @@ Tpm2GetCapabilityLockoutInterval ( { TPMS_CAPABILITY_DATA TpmCap; TPMI_YES_NO MoreData; - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_LOCKOUT_INTERVAL, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_LOCKOUT_INTERVAL, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -427,7 +427,7 @@ Tpm2GetCapabilityLockoutInterval ( @param[out] InputBufferSize The InputBufferSize of TPM. the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER) - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -439,13 +439,13 @@ Tpm2GetCapabilityInputBufferSize ( { TPMS_CAPABILITY_DATA TpmCap; TPMI_YES_NO MoreData; - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_INPUT_BUFFER, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_INPUT_BUFFER, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -462,7 +462,7 @@ Tpm2GetCapabilityInputBufferSize ( This function parse the value got from TPM2_GetCapability and return the PcrSelection. @param[out] Pcrs The Pcr Selection - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -478,10 +478,10 @@ Tpm2GetCapabilityPcrs ( UINTN Index; Status = Tpm2GetCapability ( - TPM_CAP_PCRS, - 0, - 1, - &MoreData, + TPM_CAP_PCRS, + 0, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { @@ -605,7 +605,7 @@ Tpm2GetCapabilitySupportedAndActivePcrs ( This function parse the value got from TPM2_GetCapability and return the AlgorithmSet. @param[out] AlgorithmSet The AlgorithmSet of TPM. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -617,13 +617,13 @@ Tpm2GetCapabilityAlgorithmSet ( { TPMS_CAPABILITY_DATA TpmCap; TPMI_YES_NO MoreData; - EFI_STATUS Status; + EFI_STATUS Status; Status = Tpm2GetCapability ( - TPM_CAP_TPM_PROPERTIES, - TPM_PT_ALGORITHM_SET, - 1, - &MoreData, + TPM_CAP_TPM_PROPERTIES, + TPM_PT_ALGORITHM_SET, + 1, + &MoreData, &TpmCap ); if (EFI_ERROR (Status)) { diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c index 02a250127a..b9c86d76a0 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c @@ -1,7 +1,7 @@ /** @file Implement TPM2 Context related command. -Copyright (c) 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -36,7 +36,7 @@ typedef struct { This command causes all context associated with a loaded object or session to be removed from TPM memory. @param[in] FlushHandle The handle of the item to flush. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -59,7 +59,7 @@ Tpm2FlushContext ( SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext); SendBuffer.FlushHandle = SwapBytes32 (FlushHandle); - + SendBufferSize = (UINT32) sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c index a7a7bf2c65..9bf24da7a7 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c @@ -87,7 +87,7 @@ typedef struct { @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. @param[out] Timeout Time value used to indicate to the TPM when the ticket expires. @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -120,7 +120,7 @@ Tpm2PolicySecret ( SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret); SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); SendBuffer.PolicySession = SwapBytes32 (PolicySession); - + // // Add in Auth session // @@ -148,7 +148,7 @@ Tpm2PolicySecret ( Buffer += sizeof(UINT16); CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size); Buffer += PolicyRef->size; - + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration)); Buffer += sizeof(UINT32); @@ -220,7 +220,7 @@ Done: @param[in] PolicySession Handle for the policy session being extended. @param[in] HashList the list of hashes to check for a match. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -285,7 +285,7 @@ Tpm2PolicyOR ( @param[in] PolicySession Handle for the policy session being extended. @param[in] Code The allowed commandCode. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -341,7 +341,7 @@ Tpm2PolicyCommandCode ( @param[in] PolicySession Handle for the policy session. @param[out] PolicyHash the current value of the policyHash of policySession. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c index cc77785de1..6b2b6b4008 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -97,7 +97,7 @@ CopyAuthSessionCommand ( UINT8 *Buffer; Buffer = (UINT8 *)AuthSessionOut; - + // // Add in Auth session // diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c index 9bfbdad394..27fc6e2965 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c @@ -1,7 +1,7 @@ /** @file Implement TPM2 Hierarchy related command. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -214,7 +214,7 @@ Done: @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} @param[in] AuthSession Auth Session context - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -455,8 +455,8 @@ Tpm2HierarchyChangeAuth ( // Call the TPM // Status = Tpm2SubmitCommand ( - CmdSize, - (UINT8 *)&Cmd, + CmdSize, + (UINT8 *)&Cmd, &ResultBufSize, ResultBuf ); @@ -553,8 +553,8 @@ Tpm2ChangeEPS ( // Call the TPM // Status = Tpm2SubmitCommand ( - CmdSize, - (UINT8 *)&Cmd, + CmdSize, + (UINT8 *)&Cmd, &ResultBufSize, ResultBuf ); @@ -651,8 +651,8 @@ Tpm2ChangePPS ( // Call the TPM // Status = Tpm2SubmitCommand ( - CmdSize, - (UINT8 *)&Cmd, + CmdSize, + (UINT8 *)&Cmd, &ResultBufSize, ResultBuf ); @@ -759,8 +759,8 @@ Tpm2HierarchyControl ( // Call the TPM // Status = Tpm2SubmitCommand ( - CmdSize, - (UINT8 *)&Cmd, + CmdSize, + (UINT8 *)&Cmd, &ResultBufSize, ResultBuf ); diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c index af52322c27..741fe031a9 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -120,16 +120,16 @@ Tpm2PcrExtend ( // Add in Auth session // Buffer = (UINT8 *)&Cmd.AuthSessionPcr; - + // sessionInfoSize SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); Buffer += SessionInfoSize; Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); - + //Digest Count WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count)); Buffer += sizeof(UINT32); - + //Digest for (Index = 0; Index < Digests->count; Index++) { WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg)); @@ -241,7 +241,7 @@ Tpm2PcrEvent ( CopyMem (Buffer, EventData->buffer, EventData->size); Buffer += EventData->size; - + CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd); Cmd.Header.paramSize = SwapBytes32(CmdSize); @@ -311,7 +311,7 @@ Tpm2PcrEvent ( @param[out] PcrUpdateCounter The current value of the PCR update counter. @param[out] PcrSelectionOut The PCR in the returned list. @param[out] PcrValues The contents of the PCR indicated in pcrSelect. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -338,7 +338,7 @@ Tpm2PcrRead ( // SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read); - + SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count); for (Index = 0; Index < PcrSelectionIn->count; Index++) { SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); @@ -442,7 +442,7 @@ Tpm2PcrRead ( @param[out] MaxPCR maximum number of PCR that may be in a bank @param[out] SizeNeeded number of octets required to satisfy the request @param[out] SizeAvailable Number of octets available. Computed before the allocation - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -509,8 +509,8 @@ Tpm2PcrAllocate ( // Call the TPM // Status = Tpm2SubmitCommand ( - CmdSize, - (UINT8 *)&Cmd, + CmdSize, + (UINT8 *)&Cmd, &ResultBufSize, ResultBuf ); @@ -566,7 +566,7 @@ Done: @param[in] PlatformAuth platform auth value. NULL means no platform auth change. @param[in] SupportedPCRBanks Supported PCR banks @param[in] PCRBanks PCR banks - + @retval EFI_SUCCESS Operation completed successfully. **/ EFI_STATUS @@ -692,4 +692,4 @@ Tpm2PcrAllocateBanks ( Done: ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); return Status; -} \ No newline at end of file +} diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c index 14b1095241..ed30407185 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c @@ -162,7 +162,7 @@ typedef struct { @param[in] NvIndex The NV Index. @param[out] NvPublic The public area of the index. @param[out] NvName The Name of the nvIndex. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. @@ -192,7 +192,7 @@ Tpm2NvReadPublic ( SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic); SendBuffer.NvIndex = SwapBytes32 (NvIndex); - + SendBufferSize = (UINT32) sizeof (SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); @@ -265,7 +265,7 @@ Tpm2NvReadPublic ( CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize); NvName->size = NvNameSize; - + return EFI_SUCCESS; } @@ -278,7 +278,7 @@ Tpm2NvReadPublic ( @param[in] AuthSession Auth Session context @param[in] Auth The authorization data. @param[in] NvPublic The public area of the index. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined. @@ -414,7 +414,7 @@ Done: @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. @param[in] NvIndex The NV Index. @param[in] AuthSession Auth Session context - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. @@ -521,7 +521,7 @@ Done: @param[in] Size Number of bytes to read. @param[in] Offset Byte offset into the area. @param[in,out] OutData The data read. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. @@ -648,7 +648,7 @@ Tpm2NvRead ( } CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size); - + Done: // // Clear AuthSession Content @@ -666,7 +666,7 @@ Done: @param[in] AuthSession Auth Session context @param[in] InData The data to write. @param[in] Offset The offset into the NV Area. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c index 90877768d3..3322548f6f 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c @@ -90,7 +90,7 @@ typedef struct { @param[in] HashAlg The hash algorithm to use for the hash sequence An Event sequence starts if this is TPM_ALG_NULL. @param[out] SequenceHandle A handle to reference the sequence - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -178,7 +178,7 @@ Tpm2HashSequenceStart ( @param[in] SequenceHandle Handle for the sequence object @param[in] Buffer Data to be added to hash - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -277,7 +277,7 @@ Tpm2SequenceUpdate ( @param[in] SequenceHandle Authorization for the sequence @param[in] Buffer Data to be added to the Event @param[out] Results List of digests computed for the PCR - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ @@ -408,7 +408,7 @@ Tpm2EventSequenceComplete ( @param[in] SequenceHandle Authorization for the sequence @param[in] Buffer Data to be added to the hash/HMAC @param[out] Result The returned HMAC or digest in a sized buffer - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR Unexpected device behavior. **/ diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c index 35ad86a17a..65b15cb23c 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c @@ -53,7 +53,7 @@ typedef struct { @param[in] AuthHash Hash algorithm to use for the session. @param[out] SessionHandle Handle for the newly created session. @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey. - + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. **/ @@ -136,7 +136,7 @@ Tpm2StartAuthSession ( WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash)); Buffer += sizeof(UINT16); - + SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer); SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c index e9dad4a3b0..815a149c3d 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c @@ -53,7 +53,7 @@ Tpm2GetIdleByPass ( @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI @@ -87,7 +87,7 @@ DTpm2RequestUseTpm ( @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI @@ -142,7 +142,7 @@ Tpm2RegisterTpm2DeviceLib ( /** The function caches current active TPM interface type. - + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system dose not surpport registr DTPM2.0 instance **/ EFI_STATUS diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf index 2e54a78cc0..b41c6cbd2d 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf @@ -55,4 +55,4 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES - gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES \ No newline at end of file + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c index 5f6e163c0f..9bcf7a8a06 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c @@ -66,7 +66,7 @@ DumpPtpInfo ( @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI @@ -98,7 +98,7 @@ TPM2_DEVICE_INTERFACE mDTpm2InternalTpm2Device = { /** The function register DTPM2.0 instance and caches current active TPM interface type. - + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system dose not surpport registr DTPM2.0 instance **/ EFI_STATUS diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf index 24e4c35d55..b418e7380b 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf @@ -51,4 +51,4 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES - gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES \ No newline at end of file + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c index 0889162592..6f390bf5c9 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c @@ -1,14 +1,14 @@ /** @file TIS (TPM Interface Specification) functions used by dTPM2.0 library. - + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -46,7 +46,7 @@ TisPcPresenceCheck ( ) { UINT8 RegRead; - + RegRead = MmioRead8 ((UINTN)&TisReg->Access); return (BOOLEAN)(RegRead != (UINT8)-1); } @@ -83,7 +83,7 @@ TisPcWaitRegisterBits ( } /** - Get BurstCount by reading the burstCount field of a TIS regiger + Get BurstCount by reading the burstCount field of a TIS regiger in the time of default TIS_TIMEOUT_D. @param[in] TisReg Pointer to TIS register. @@ -127,7 +127,7 @@ TisPcReadBurstCount ( } /** - Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY to Status Register in time. @param[in] TisReg Pointer to TIS register. @@ -158,7 +158,7 @@ TisPcPrepareCommand ( } /** - Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE to ACCESS Register in the time of default TIS_TIMEOUT_A. @param[in] TisReg Pointer to TIS register. @@ -174,11 +174,11 @@ TisPcRequestUseTpm ( ) { EFI_STATUS Status; - + if (TisReg == NULL) { return EFI_INVALID_PARAMETER; } - + if (!TisPcPresenceCheck (TisReg)) { return EFI_NOT_FOUND; } @@ -196,12 +196,12 @@ TisPcRequestUseTpm ( /** Send a command to TPM for execution and return response data. - @param[in] TisReg TPM register space base address. - @param[in] BufferIn Buffer for command data. - @param[in] SizeIn Size of command data. - @param[in, out] BufferOut Buffer for response data. - @param[in, out] SizeOut Size of response data. - + @param[in] TisReg TPM register space base address. + @param[in] BufferIn Buffer for command data. + @param[in] SizeIn Size of command data. + @param[in, out] BufferOut Buffer for response data. + @param[in, out] SizeOut Size of response data. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. @retval EFI_DEVICE_ERROR Unexpected device behavior. @@ -403,7 +403,7 @@ Exit: @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c index eedc439228..d8d391cba1 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c @@ -3,7 +3,7 @@ via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. At most one TPM2 instance can be finally registered, and other will return unsupported. -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -32,7 +32,7 @@ TPM2_DEVICE_INTERFACE mInternalTpm2DeviceInterface; @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf index 28f381c7be..26684f9864 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf @@ -5,7 +5,7 @@ # it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. # At most one TPM 2.0 instance can be finally registered, and other will return unsupported. # -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -22,7 +22,7 @@ FILE_GUID = C3D69D87-5200-4aab-A6DB-2569BA1A92FC MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER # # The following information is for reference only and not required by the build tools. diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c index 7470fe347d..980a2a0550 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c @@ -3,7 +3,7 @@ via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. At most one TPM2 instance can be finally registered, and other will return unsupported. -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -54,7 +54,7 @@ InternalGetTpm2DeviceInterface ( @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf index 2eca146dd2..877cf95bc1 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf @@ -5,7 +5,7 @@ # it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. # At most one TPM 2.0 instance can be finally registered, and other will return unsupported. # -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -46,4 +46,4 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES - \ No newline at end of file + diff --git a/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c b/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c index 1d59050a0b..ca40a2324d 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c +++ b/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c @@ -1,7 +1,7 @@ /** @file This library is TPM2 TCG2 protocol lib. -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -20,7 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include -EFI_TCG2_PROTOCOL *mTcg2Protocol = NULL; +EFI_TCG2_PROTOCOL *mTcg2Protocol = NULL; /** This service enables the sending of commands to the TPM2. @@ -32,7 +32,7 @@ EFI_TCG2_PROTOCOL *mTcg2Protocol = NULL; @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI diff --git a/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf b/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf index 6d95ebdd50..cffc4afb4d 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf @@ -4,7 +4,7 @@ # This library helps to use TPM 2.0 device in library function API # based on TPM2 protocol. # -# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -21,7 +21,7 @@ FILE_GUID = A1B0B230-67DC-431E-A94A-A96AF1EBE637 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER # # The following information is for reference only and not required by the build tools. diff --git a/SecurityPkg/Library/TpmCommLib/CommonHeader.h b/SecurityPkg/Library/TpmCommLib/CommonHeader.h index b8496c7276..10839c95b2 100644 --- a/SecurityPkg/Library/TpmCommLib/CommonHeader.h +++ b/SecurityPkg/Library/TpmCommLib/CommonHeader.h @@ -1,13 +1,13 @@ /** @file The intenal header file for TpmCommLib. -Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Library/TpmCommLib/TisPc.c b/SecurityPkg/Library/TpmCommLib/TisPc.c index c157d41b72..77bf70c246 100644 --- a/SecurityPkg/Library/TpmCommLib/TisPc.c +++ b/SecurityPkg/Library/TpmCommLib/TisPc.c @@ -1,13 +1,13 @@ /** @file Basic TIS (TPM Interface Specification) functions. -Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -28,7 +28,7 @@ TisPcPresenceCheck ( ) { UINT8 RegRead; - + RegRead = MmioRead8 ((UINTN)&TisReg->Access); return (BOOLEAN)(RegRead != (UINT8)-1); } @@ -66,7 +66,7 @@ TisPcWaitRegisterBits ( } /** - Get BurstCount by reading the burstCount field of a TIS regiger + Get BurstCount by reading the burstCount field of a TIS regiger in the time of default TIS_TIMEOUT_D. @param[in] TisReg Pointer to TIS register. @@ -111,7 +111,7 @@ TisPcReadBurstCount ( } /** - Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY to Status Register in time. @param[in] TisReg Pointer to TIS register. @@ -143,7 +143,7 @@ TisPcPrepareCommand ( } /** - Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE to ACCESS Register in the time of default TIS_TIMEOUT_A. @param[in] TisReg Pointer to TIS register. @@ -160,11 +160,11 @@ TisPcRequestUseTpm ( ) { EFI_STATUS Status; - + if (TisReg == NULL) { return EFI_INVALID_PARAMETER; } - + if (!TisPcPresenceCheck (TisReg)) { return EFI_NOT_FOUND; } diff --git a/SecurityPkg/Library/TpmCommLib/TpmComm.c b/SecurityPkg/Library/TpmCommLib/TpmComm.c index 3197f96a99..69f5f5c05b 100644 --- a/SecurityPkg/Library/TpmCommLib/TpmComm.c +++ b/SecurityPkg/Library/TpmCommLib/TpmComm.c @@ -1,13 +1,13 @@ /** @file Basic TPM command functions. -Copyright (c) 2005 - 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -21,7 +21,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @param[in] Data Raw data to be digested. @param[in] DataLen Size of the raw data. @param[out] Digest Pointer to a buffer that stores the final digest. - + @retval EFI_SUCCESS Always successfully calculate the final digest. **/ EFI_STATUS diff --git a/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf b/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf index 7f05f59711..9ca66d1805 100644 --- a/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf +++ b/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf @@ -1,10 +1,10 @@ ## @file # Provides some common functions for the TCG feature # -# This instance provides basic TPM Interface Specification (TIS) functions +# This instance provides basic TPM Interface Specification (TIS) functions # and TPM hashall function. # -# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni index ba18ed7ec6..add855f8a3 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni @@ -6,13 +6,13 @@ // Verification Protocol which is used to verify data signed using PKCS#7 // structure. The PKCS#7 data to be verified must be ASN.1 (DER) encoded. // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License // which accompanies this distribution. The full text of the license may be found at // http://opensource.org/licenses/bsd-license.php -// +// // THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni index 55ae8d066a..d5d79e5b68 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni @@ -1,7 +1,7 @@ // /** @file // Pkcs7VerifyDxe Localized Strings and Content // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "UEFI PKCS7 Verification DXE" diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c index 13b424dc2e..ed366b2b87 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c @@ -1,9 +1,9 @@ /** @file Core Primitive Implementation of the Advanced Encryption Standard (AES) algorithm. - Refer to FIPS PUB 197 ("Advanced Encryption Standard (AES)") for detailed algorithm - description of AES. + Refer to FIPS PUB 197 ("Advanced Encryption Standard (AES)") for detailed algorithm + description of AES. -Copyright (c) 2013, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -29,47 +29,47 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // ShiftRows with MixColumns steps and transforming them into table lookups. // GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = { - 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, + 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, - 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, + 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, - 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, + 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, - 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, + 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, - 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, + 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, - 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e, + 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, - 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, + 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, - 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, + 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, - 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, + 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, - 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, + 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, - 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, + 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, - 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, + 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, - 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, + 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, - 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256, + 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, - 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, + 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, - 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, + 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, - 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, + 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, - 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42, + 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, - 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, + 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, - 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, + 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, - 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, + 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a }; @@ -113,7 +113,7 @@ typedef struct { } AES_KEY; /** - AES Key Expansion. + AES Key Expansion. This function expands the cipher key into encryption schedule. @param[in] Key AES symmetric key buffer. @@ -161,7 +161,7 @@ AesExpandKey ( for (Index1 = Index2 = 0; Index1 < Nk; Index1++, Index2 += 4) { LOAD32H (Ek[Index1], Key + Index2); } - + // // Initialize the encryption key scheduler // @@ -181,7 +181,7 @@ AesExpandKey ( } } else { // - // Different routine for key expansion If Cipher Key is 256 bits, + // Different routine for key expansion If Cipher Key is 256 bits, // for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) { Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; @@ -193,7 +193,7 @@ AesExpandKey ( (AES_FT0((Temp >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1((Temp) & 0xFF) & 0x000000FF); } - + for (Index1 = 5; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) { Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; } @@ -259,8 +259,8 @@ AesEncrypt ( StateY = TempState; // - // AES Cipher transformation rounds (Nr - 1 rounds), in which SubBytes(), - // ShiftRows() and MixColumns() operations were combined by a sequence of + // AES Cipher transformation rounds (Nr - 1 rounds), in which SubBytes(), + // ShiftRows() and MixColumns() operations were combined by a sequence of // table lookups to speed up the execution. // for (Round = 1; Round < Nr; Round++) { @@ -301,4 +301,4 @@ AesEncrypt ( } return EFI_SUCCESS; -} \ No newline at end of file +} diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c index 395b8867c8..acfdc71d35 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c @@ -1,7 +1,7 @@ /** @file Support routines for RDRAND instruction access. -Copyright (c) 2013, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -63,7 +63,7 @@ RdRandGetBytes ( This function takes multiple random numbers through RDRAND without intervening delays to ensure reseeding and performs AES-CBC-MAC over the data to compute the seed value. - + @param[out] SeedBuffer Pointer to a 128bit buffer to store the random seed. @retval EFI_SUCCESS Random seed generation succeeded. diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c index 32c46ab45f..852bbfadd7 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c @@ -1,7 +1,7 @@ -/** @file +/** @file RNG Driver to produce the UEFI Random Number Generator protocol. - The driver will use the new RDRAND instruction to produce high-quality, high-performance + The driver will use the new RDRAND instruction to produce high-quality, high-performance entropy and random number. RNG Algoritnms defined in UEFI 2.4: @@ -14,14 +14,14 @@ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported -Copyright (c) 2013, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -40,7 +40,7 @@ EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = { Returns information about the random number generation implementation. @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. - @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. On output with a return code of EFI_SUCCESS, the size in bytes of the data returned in RNGAlgorithmList. On output with a return code of EFI_BUFFER_TOO_SMALL, @@ -89,7 +89,7 @@ RngGetInfo ( } } *RNGAlgorithmListSize = RequiredSize; - + return Status; } @@ -151,7 +151,7 @@ RngGetRNG ( // if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { // - // When a DRBG is used on the output of a entropy source, + // When a DRBG is used on the output of a entropy source, // its security level must be at least 256 bits according to UEFI Spec. // if (RNGValueLength < 32) { diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 4d668a170a..3f39d47171 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -8,7 +8,7 @@ # -generator-drng-software-implementation-guide/ for more information about Intel # Secure Key technology. # -# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -50,7 +50,7 @@ UefiLib UefiBootServicesTableLib BaseLib - DebugLib + DebugLib UefiDriverEntryPoint TimerLib RngLib diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.uni b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.uni index 38f53c98a1..ff068e587a 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.uni +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.uni @@ -8,13 +8,13 @@ // -generator-drng-software-implementation-guide/ for more information about Intel // Secure Key technology. // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License // which accompanies this distribution. The full text of the license may be found at // http://opensource.org/licenses/bsd-license.php -// +// // THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeExtra.uni b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeExtra.uni index 1fdc7e2253..eddb639516 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeExtra.uni +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeExtra.uni @@ -1,7 +1,7 @@ // /** @file // RngDxe Localized Strings and Content // -// Copyright (c) 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "UEFI Random Number Generator DXE" diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index e24b563bdb..8d64b4fefe 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -30,46 +30,46 @@ [LibraryClasses] ## @libraryclass Provides hash interfaces from different implementations. - # + # HashLib|Include/Library/HashLib.h - + ## @libraryclass Provides a platform specific interface to detect physically present user. # PlatformSecureLib|Include/Library/PlatformSecureLib.h - + ## @libraryclass Provides interfaces to handle TPM 1.2 request. # TcgPhysicalPresenceLib|Include/Library/TcgPhysicalPresenceLib.h - + ## @libraryclass Provides support for TCG PP >= 128 Vendor Specific PPI Operation. # TcgPpVendorLib|Include/Library/TcgPpVendorLib.h - + ## @libraryclass Provides interfaces for other modules to send TPM 2.0 command. # Tpm2CommandLib|Include/Library/Tpm2CommandLib.h - + ## @libraryclass Provides interfaces on how to access TPM 2.0 hardware device. # Tpm2DeviceLib|Include/Library/Tpm2DeviceLib.h - + ## @libraryclass Provides interfaces for other modules to send TPM 1.2 command. # Tpm12CommandLib|Include/Library/Tpm12CommandLib.h - + ## @libraryclass Provides interfaces on how to access TPM 1.2 hardware device. # Tpm12DeviceLib|Include/Library/Tpm12DeviceLib.h - + ## @libraryclass Provides TPM Interface Specification (TIS) interfaces for TPM command. # TpmCommLib|Include/Library/TpmCommLib.h - ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification + ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification # >= 128 Vendor Specific PPI Operation. # Tcg2PpVendorLib|Include/Library/TcgPpVendorLib.h - + ## @libraryclass Handle TPM 2.0 physical presence request from OS. # Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h @@ -102,7 +102,7 @@ gEfiCustomModeEnableGuid = { 0xc076ec0c, 0x7028, 0x4399, { 0xa0, 0x72, 0x71, 0xee, 0x5c, 0x44, 0x8b, 0x9f } } ## GUID used to "VendorKeysNv" variable to record the out of band secure boot keys modification. - # This variable is a read-only NV variable that indicates whether someone other than the platform vendor has used a + # This variable is a read-only NV variable that indicates whether someone other than the platform vendor has used a # mechanism not defined by the UEFI Specification to transition the system to setup mode or to update secure boot keys. # Include/Guid/AuthenticatedVariableFormat.h gEfiVendorKeysNvGuid = { 0x9073e4e0, 0x60ec, 0x4b6e, { 0x99, 0x3, 0x4c, 0x22, 0x3c, 0x26, 0xf, 0x3c } } @@ -134,7 +134,7 @@ ## GUID used to "PhysicalPresence" variable and "PhysicalPresenceFlags" variable for TPM request and response. # Include/Guid/PhysicalPresenceData.h gEfiPhysicalPresenceGuid = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }} - + ## GUID used to "Tcg2PhysicalPresence" variable and "Tcg2PhysicalPresenceFlags" variable for TPM2 request and response. # Include/Guid/Tcg2PhysicalPresenceData.h gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} @@ -158,11 +158,11 @@ ## GUID used for FormSet. # Include/Guid/TcgConfigHii.h gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }} - + ## GUID used for FormSet and config variable. # Include/Guid/Tcg2ConfigHii.h gTcg2ConfigFormSetGuid = {0x6339d487, 0x26ba, 0x424b, { 0x9a, 0x5d, 0x68, 0x7e, 0x25, 0xd7, 0x40, 0xbc }} - + ## GUID used for FormSet. # Include/Guid/SecureBootConfigHii.h gSecureBootConfigFormSetGuid = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}} @@ -170,15 +170,15 @@ ## GUID value used for PcdTpmInstanceGuid to indicate TPM is disabled. # Include/Guid/TpmInstance.h gEfiTpmDeviceInstanceNoneGuid = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } } - + ## GUID value used for PcdTpmInstanceGuid to indicate TPM 1.2 device is selected to support. # Include/Guid/TpmInstance.h gEfiTpmDeviceInstanceTpm12Guid = { 0x8b01e5b6, 0x4f19, 0x46e8, { 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc } } - + ## GUID value used for PcdTpmInstanceGuid to indicate discrete TPM 2.0 device is selected to support. # Include/Guid/TpmInstance.h gEfiTpmDeviceInstanceTpm20DtpmGuid = { 0x286bf25a, 0xc2c3, 0x408c, { 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17 } } - + ## GUID used to select supported TPM instance from UI. # Include/Guid/TpmInstance.h gEfiTpmDeviceSelectedGuid = { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } } @@ -237,11 +237,11 @@ # 0x00000004 Deny execution when there is security violation.
# 0x00000005 Query user when there is security violation.
# @Prompt Set policy for the image from fixed media. - # @ValidRange 0x80000001 | 0x00000000 - 0x00000005 + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005 gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04|UINT32|0x00000003 - ## Defer Image Load policy settings. The policy is bitwise. - # If a bit is set, the image from corresponding device will be trusted when loading. Or + ## Defer Image Load policy settings. The policy is bitwise. + # If a bit is set, the image from corresponding device will be trusted when loading. Or # the image will be deferred. The deferred image will be checked after user is identified.

# BIT0 - Image from unknown device.
# BIT1 - Image from firmware volume.
@@ -249,7 +249,7 @@ # BIT3 - Image from removable media which includes CD-ROM, Floppy, USB and network.
# BIT4 - Image from fixed media device which includes hard disk.
# @Prompt Set policy whether trust image before user identification. - # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004 ## Null-terminated Unicode string of the file name that is the default name to save USB credential. @@ -260,15 +260,15 @@ ## The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable. # Note: This PCD is not been used. # @Prompt Max variable size for append operation. - gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005 + gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005 ## Specifies the type of TCG platform that contains TPM chip.

# If 0, TCG platform type is PC client.
# If 1, TCG platform type is PC server.
# @Prompt Select platform type. - # @ValidRange 0x80000001 | 0x00 - 0x1 + # @ValidRange 0x80000001 | 0x00 - 0x1 gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006 - + ## Progress Code for TPM device subclass definitions.

# EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D0000) = 0x010D0000
# @Prompt Status Code for TPM device definitions @@ -289,7 +289,7 @@ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001 ## Indicates the presence or absence of the platform operator during firmware booting. - # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands + # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands # that required operator physical presence can not run.

# TRUE - The platform operator is physically present.
# FALSE - The platform operator is not physically present.
@@ -297,7 +297,7 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] - ## Indicates whether TPM physical presence is locked during platform initialization. + ## Indicates whether TPM physical presence is locked during platform initialization. # Once it is locked, it can not be unlocked for TPM life time.

# TRUE - Lock TPM physical presence asserting method.
# FALSE - Not lock TPM physical presence asserting method.
@@ -329,35 +329,35 @@ # If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.
# If 1, initialization needed.
# @Prompt TPM 2.0 device initialization policy.
- # @ValidRange 0x80000001 | 0x00 - 0x1 + # @ValidRange 0x80000001 | 0x00 - 0x1 gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1|UINT8|0x0001000A ## This PCD indicates the initialization policy for TPM 1.2.

# If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.
# If 1, initialization needed.
# @Prompt TPM 1.2 device initialization policy. - # @ValidRange 0x80000001 | 0x00 - 0x1 + # @ValidRange 0x80000001 | 0x00 - 0x1 gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1|UINT8|0x0001000B ## This PCD indicates the TPM 2.0 SelfTest policy.

# if 0, no SelfTest needed - most likely used for fTPM, because it might already be tested.
# if 1, SelfTest needed.
# @Prompt TPM 2.0 device selftest. - # @ValidRange 0x80000001 | 0x00 - 0x1 + # @ValidRange 0x80000001 | 0x00 - 0x1 gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|1|UINT8|0x0001000C ## This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 2.0.

# if 0, no SCRTM measurement needed - In this case, it is already done.
# if 1, SCRTM measurement done by BIOS.
# @Prompt SCRTM policy setting for TPM 2.0 device. - # @ValidRange 0x80000001 | 0x00 - 0x1 + # @ValidRange 0x80000001 | 0x00 - 0x1 gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy|1|UINT8|0x0001000D ## This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 1.2.

# if 0, no SCRTM measurement needed - In this case, it is already done.
# if 1, SCRTM measurement done by BIOS.
# @Prompt SCRTM policy setting for TPM 1.2 device - # @ValidRange 0x80000001 | 0x00 - 0x1 + # @ValidRange 0x80000001 | 0x00 - 0x1 gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E ## Guid name to identify TPM instance.

@@ -382,7 +382,7 @@ # 0 means dynamic get from supported HASH algorithm # @Prompt OEM configurated number of PCR banks. gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks|0x0|UINT32|0x00010015 - + ## Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images # WARNING: The default value is treated as test key. Please do not use default value in the production. # @Prompt One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images @@ -412,7 +412,7 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOID*|0x00000008 ## Indicate whether a physical presence user exist. - # When it is configured to Dynamic or DynamicEx, it can be set through detection using + # When it is configured to Dynamic or DynamicEx, it can be set through detection using # a platform-specific method (e.g. Button pressed) in a actual platform in early boot phase.

# @Prompt A physical presence user status gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|FALSE|BOOLEAN|0x00010019 @@ -451,7 +451,7 @@ # BIT2 - SHA384.
# BIT3 - SHA512.
# @Prompt Hash mask for TPM 2.0 - # @ValidRange 0x80000001 | 0x00000000 - 0x0000000F + # @ValidRange 0x80000001 | 0x00000000 - 0x0000000F gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x0000000F|UINT32|0x00010010 ## This PCD indicated final BIOS supported Hash mask. @@ -475,7 +475,7 @@ gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType|0xFF|UINT8|0x0001001E ## This PCD records IdleByass status supported by current active TPM interface. - # Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and + # Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and # diretcly move to CmdReady state.
# 0x00 - Do not support IdleByPass.
# 0x01 - Support IdleByPass.
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index 000bc83d80..400fe6015e 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -11,7 +11,7 @@ // the terms and conditions of the BSD License which accompanies this distribution. // The full text of the license may be found at // http://opensource.org/licenses/bsd-license.php -// +// // THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // @@ -262,4 +262,4 @@ "Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and diretcly move to CmdReady state.
" "0x01 - Do not support IdleByPass.
\n" "0x02 - Support IdleByPass.
\n" - "0xFF - IdleByPass State is not synced with TPM hardware.
" \ No newline at end of file + "0xFF - IdleByPass State is not synced with TPM hardware.
" diff --git a/SecurityPkg/SecurityPkgExtra.uni b/SecurityPkg/SecurityPkgExtra.uni index d52875dbc6..21beb012e7 100644 --- a/SecurityPkg/SecurityPkgExtra.uni +++ b/SecurityPkg/SecurityPkgExtra.uni @@ -1,7 +1,7 @@ // /** @file // Security Package Localized Strings and Content. // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials are licensed and made available under // the terms and conditions of the BSD License which accompanies this distribution. @@ -13,7 +13,7 @@ // // **/ -#string STR_PROPERTIES_PACKAGE_NAME -#language en-US +#string STR_PROPERTIES_PACKAGE_NAME +#language en-US "Security package" diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c index 4fc3330c39..c16761bb3d 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c +++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c @@ -1,17 +1,17 @@ /** @file TCG MOR (Memory Overwrite Request) Control Driver. - This driver initilize MemoryOverwriteRequestControl variable. It + This driver initilize MemoryOverwriteRequestControl variable. It will clear MOR_CLEAR_MEMORY_BIT bit if it is set. It will also do TPer Reset for those encrypted drives through EFI_STORAGE_SECURITY_COMMAND_PROTOCOL at EndOfDxe. -Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -36,7 +36,7 @@ OnReadyToBoot ( { EFI_STATUS Status; UINTN DataSize; - + if (MOR_CLEAR_MEMORY_VALUE (mMorControl) == 0x0) { // // MorControl is expected, directly return to avoid unnecessary variable operation @@ -47,14 +47,14 @@ OnReadyToBoot ( // Clear MOR_CLEAR_MEMORY_BIT // DEBUG ((EFI_D_INFO, "TcgMor: Clear MorClearMemory bit\n")); - mMorControl &= 0xFE; + mMorControl &= 0xFE; DataSize = sizeof (mMorControl); Status = gRT->SetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, + DataSize, &mMorControl ); if (EFI_ERROR (Status)) { @@ -304,7 +304,7 @@ TPerResetAtEndOfDxe ( @param[in] ImageHandle Image handle of this driver. @param[in] SystemTable A Pointer to the EFI System Table. - @retval EFI_SUCEESS + @retval EFI_SUCEESS @return Others Some error occurs. **/ EFI_STATUS @@ -324,10 +324,10 @@ MorDriverEntryPoint ( DataSize = sizeof (mMorControl); Status = gRT->GetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, - NULL, - &DataSize, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, + &DataSize, &mMorControl ); if (EFI_ERROR (Status)) { @@ -336,10 +336,10 @@ MorDriverEntryPoint ( // mMorControl = 0; Status = gRT->SetVariable ( - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - &gEfiMemoryOverwriteControlDataGuid, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - DataSize, + DataSize, &mMorControl ); DEBUG ((EFI_D_INFO, "TcgMor: Create MOR variable! Status = %r\n", Status)); diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h index a4aae48a5f..d717362ffd 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h +++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h @@ -1,13 +1,13 @@ /** @file The header file for TcgMor. -Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMorExtra.uni b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMorExtra.uni index 7278fff4eb..fe4d60d765 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMorExtra.uni +++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMorExtra.uni @@ -1,7 +1,7 @@ // /** @file // TcgMor Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG (Trusted Computing Group) MOR" diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c index 7763b13694..7520be0c67 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c @@ -4,13 +4,13 @@ This driver initilize MemoryOverwriteRequestControlLock variable. This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once. -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -51,7 +51,7 @@ IsAnyMorVariable ( UINTN Index; for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) { - if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) && + if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) && (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) { return TRUE; } @@ -74,7 +74,7 @@ IsMorLockVariable ( IN EFI_GUID *VendorGuid ) { - if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && + if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) { return TRUE; } @@ -142,7 +142,7 @@ SetVariableCheckHandlerMor ( // return EFI_INVALID_PARAMETER; } - + // // Delete not OK // @@ -173,7 +173,7 @@ SetVariableCheckHandlerMor ( @param[in] ImageHandle Image handle of this driver. @param[in] SystemTable A Pointer to the EFI System Table. - @retval EFI_SUCEESS + @retval EFI_SUCEESS @return Others Some error occurs. **/ EFI_STATUS diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h index af30357533..6848f1cd38 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h @@ -1,13 +1,13 @@ /** @file TCG MOR (Memory Overwrite Request) Lock Control Driver header file. - -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -125,7 +125,7 @@ SetVariableCheckHandlerMor ( @param[in] ImageHandle Image handle of this driver. @param[in] SystemTable A Pointer to the EFI System Table. - @retval EFI_SUCEESS + @retval EFI_SUCEESS @return Others Some error occurs. **/ EFI_STATUS diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni index 770092dafc..67e0613cdc 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni @@ -1,7 +1,7 @@ // /** @file // TcgMorLock Localized Strings and Content // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG (Trusted Computing Group) MOR Lock" diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c index e5db98cc87..171504b912 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c +++ b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c @@ -1,13 +1,13 @@ /** @file TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper. - -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -130,7 +130,7 @@ MorLockDriverEntryPointSmm ( // This driver link to Smm Variable driver // DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n")); - + Status = gSmst->SmmLocateProtocol ( &gEfiSmmVariableProtocolGuid, NULL, diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalAhciMode.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalAhciMode.h index b1d6ed13d5..037f81ac24 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalAhciMode.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalAhciMode.h @@ -369,7 +369,7 @@ typedef struct _EFI_ATA_COMMAND_BLOCK { UINT8 AtaDeviceHead; UINT8 AtaSectorNumberExp; UINT8 AtaCylinderLowExp; - UINT8 AtaCylinderHighExp; + UINT8 AtaCylinderHighExp; UINT8 AtaFeaturesExp; UINT8 AtaSectorCount; UINT8 AtaSectorCountExp; @@ -386,7 +386,7 @@ typedef struct _EFI_ATA_STATUS_BLOCK { UINT8 AtaDeviceHead; UINT8 AtaSectorNumberExp; UINT8 AtaCylinderLowExp; - UINT8 AtaCylinderHighExp; + UINT8 AtaCylinderHighExp; UINT8 Reserved2; UINT8 AtaSectorCount; UINT8 AtaSectorCountExp; diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h index 3cfa80051f..2bca770620 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h @@ -77,7 +77,7 @@ extern EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2; // // The max timeout value assume the user can wait for the revert action. The unit of this macro is second. -// If the revert time value bigger than this one, driver needs to popup a dialog to let user confirm the +// If the revert time value bigger than this one, driver needs to popup a dialog to let user confirm the // revert action. // #define MAX_ACCEPTABLE_REVERTING_TIME 10 @@ -258,7 +258,7 @@ OpalSupportGetAvailableActions( @param[in] Msid Msid @param[in] MsidLength Msid Length @param[in] Password Admin password - @param[in] PassLength Length of password in bytes + @param[in] PassLength Length of password in bytes **/ TCG_RESULT diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c index 4817f99eff..4336604d0d 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c @@ -728,7 +728,7 @@ DriverCallback( } *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; return EFI_SUCCESS; - + case HII_KEY_ID_REVERT: DEBUG ((DEBUG_INFO, "HII_KEY_ID_REVERT\n")); gHiiConfiguration.OpalRequest.Revert = Value->b; diff --git a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c index e694db8cf1..5117c74411 100644 --- a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c +++ b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c @@ -1,15 +1,15 @@ /** @file - This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate - whether TPM need be locked or not. It can be replaced by a platform + This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate + whether TPM need be locked or not. It can be replaced by a platform specific driver. -Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -70,18 +70,18 @@ LockTpmPhysicalPresence ( EFI_PHYSICAL_PRESENCE TcgPpData; // - // The CRTM has sensed the physical presence assertion of the user. For example, - // the user has pressed the startup button or inserted a USB dongle. The details + // The CRTM has sensed the physical presence assertion of the user. For example, + // the user has pressed the startup button or inserted a USB dongle. The details // of the implementation are vendor-specific. Here we read a PCD value to indicate // whether operator physical presence. - // + // if (!PcdGetBool (PcdTpmPhysicalPresence)) { return TRUE; } // - // Check the pending TPM requests. Lock TPM physical presence if there is no TPM - // request. + // Check the pending TPM requests. Lock TPM physical presence if there is no TPM + // request. // Status = PeiServicesLocatePpi ( &gEfiPeiReadOnlyVariable2PpiGuid, @@ -91,8 +91,8 @@ LockTpmPhysicalPresence ( ); if (!EFI_ERROR (Status)) { DataSize = sizeof (EFI_PHYSICAL_PRESENCE); - Status = Variable->GetVariable ( - Variable, + Status = Variable->GetVariable ( + Variable, PHYSICAL_PRESENCE_VARIABLE, &gEfiPhysicalPresenceGuid, NULL, @@ -115,7 +115,7 @@ LockTpmPhysicalPresence ( /** Entry point of this module. - It installs lock physical presence PPI. + It installs lock physical presence PPI. @param[in] FileHandle Handle of the file being invoked. @param[in] PeiServices Describes the list of possible PEI Services. diff --git a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf index cac1abea34..f4c0e059e7 100644 --- a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf +++ b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf @@ -2,10 +2,10 @@ # Produces a PPI to indicate whether to lock TPM in PEI phase # # This module produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate whether -# TPM physical presence needs to be locked. It can be replaced by a +# TPM physical presence needs to be locked. It can be replaced by a # platform specific module. # -# Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -54,11 +54,11 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence ## SOMETIMES_CONSUMES -[Depex] +[Depex] gEfiPeiMemoryDiscoveredPpiGuid AND gEfiPeiReadOnlyVariable2PpiGuid AND gPeiTpmInitializedPpiGuid [UserExtensions.TianoCore."ExtraFiles"] PhysicalPresencePeiExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePeiExtra.uni b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePeiExtra.uni index 0fb38dba82..6a5d663ee4 100644 --- a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePeiExtra.uni +++ b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePeiExtra.uni @@ -1,7 +1,7 @@ // /** @file // PhysicalPresencePei Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "Physical Presence PEI" diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr index 1d44c99109..015ab45445 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -1,13 +1,13 @@ /** @file VFR file used by the TCG2 configuration component. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -19,7 +19,7 @@ formset title = STRING_TOKEN(STR_TCG2_TITLE), help = STRING_TOKEN(STR_TCG2_HELP), classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, - + efivarstore TCG2_CONFIGURATION_INFO, varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID, attribute = 0x02, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS @@ -154,7 +154,7 @@ formset option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED; endoneof; - + suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS; numeric name = Tpm2OperationParameter, questionid = KEY_TPM2_OPERATION_PARAMETER, diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c index 9c590dcb74..4caeef1939 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c @@ -1,13 +1,13 @@ /** @file The module entry point for Tcg2 configuration module. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -277,7 +277,7 @@ Tcg2ConfigDriverEntryPoint ( if (!EFI_ERROR (Status)) { return EFI_ALREADY_STARTED; } - + // // Create a private data structure. // @@ -286,7 +286,7 @@ Tcg2ConfigDriverEntryPoint ( mTcg2ConfigPrivateDate = PrivateData; // // Install private GUID. - // + // Status = gBS->InstallMultipleProtocolInterfaces ( &ImageHandle, &gEfiCallerIdGuid, @@ -398,7 +398,7 @@ Tcg2ConfigDriverEntryPoint ( ); ASSERT_EFI_ERROR (Status); } - + // // Install Tcg2 configuration form // @@ -414,8 +414,8 @@ Tcg2ConfigDriverEntryPoint ( ErrorExit: if (PrivateData != NULL) { UninstallTcg2ConfigForm (PrivateData); - } - + } + return Status; } @@ -441,11 +441,11 @@ Tcg2ConfigDriverUnload ( ImageHandle, &gEfiCallerIdGuid, (VOID **) &PrivateData - ); + ); if (EFI_ERROR (Status)) { - return Status; + return Status; } - + ASSERT (PrivateData->Signature == TCG2_CONFIG_PRIVATE_DATA_SIGNATURE); gBS->UninstallMultipleProtocolInterfaces ( @@ -454,7 +454,7 @@ Tcg2ConfigDriverUnload ( PrivateData, NULL ); - + UninstallTcg2ConfigForm (PrivateData); return EFI_SUCCESS; diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf index a52709669a..2343ab49aa 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf @@ -1,6 +1,6 @@ ## @file # TPM device configuration for TPM 2.0 -# +# # By this module, user may select TPM device, clear TPM state, etc. # NOTE: This module is only for reference only, each platform should have its own setup page. # @@ -87,6 +87,6 @@ gEfiHiiDatabaseProtocolGuid AND gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid - + [UserExtensions.TianoCore."ExtraFiles"] Tcg2ConfigDxeExtra.uni diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni index 37f81e17bd..b70db23970 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni @@ -1,7 +1,7 @@ // /** @file // Tcg2ConfigDxe Localized Strings and Content // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG2 (Trusted Computing Group) Configuration DXE" diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index af97628e2c..24ce3d29e1 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -4,12 +4,12 @@ Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -53,7 +53,7 @@ HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = { { END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, - { + { (UINT8) (END_DEVICE_PATH_LENGTH), (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) } @@ -66,7 +66,7 @@ UINT8 mCurrentPpRequest; Return if PTP CRB is supported. @param[in] Register Pointer to PTP register. - + @retval TRUE PTP CRB is supported. @retval FALSE PTP CRB is unsupported. **/ @@ -94,7 +94,7 @@ IsPtpCrbSupported ( Return if PTP FIFO is supported. @param[in] Register Pointer to PTP register. - + @retval TRUE PTP FIFO is supported. @retval FALSE PTP FIFO is unsupported. **/ @@ -124,7 +124,7 @@ IsPtpFifoSupported ( @param[in] Register Pointer to PTP register. @param[in] PtpInterface PTP interface type. - + @retval EFI_SUCCESS PTP interface type is set. @retval EFI_INVALID_PARAMETER PTP interface type is invalid. @retval EFI_UNSUPPORTED PTP interface type is unsupported. @@ -299,7 +299,7 @@ SaveTcg2PCRBanksRequest ( } else { mTcg2ConfigPrivateDate->PCRBanksDesired &= ~(0x1 << PCRBankIndex); } - + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS, mTcg2ConfigPrivateDate->PCRBanksDesired); if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { Status = EFI_SUCCESS; @@ -580,7 +580,7 @@ Tcg2Callback ( } } } - + if (Action == EFI_BROWSER_ACTION_CHANGED) { if (QuestionId == KEY_TPM_DEVICE) { return EFI_SUCCESS; @@ -829,11 +829,11 @@ InstallTcg2ConfigForm ( &gEfiHiiConfigAccessProtocolGuid, ConfigAccess, NULL - ); + ); return EFI_OUT_OF_RESOURCES; } - + PrivateData->HiiHandle = HiiHandle; // @@ -962,7 +962,7 @@ InstallTcg2ConfigForm ( DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n")); } - return EFI_SUCCESS; + return EFI_SUCCESS; } /** @@ -998,6 +998,6 @@ UninstallTcg2ConfigForm ( ); PrivateData->DriverHandle = NULL; } - + FreePool (PrivateData); } diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h index 504212baa8..617ce3d419 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h @@ -2,13 +2,13 @@ The header file of HII Config Access protocol implementation of TCG2 configuration module. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -62,7 +62,7 @@ typedef struct { EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; + EFI_HANDLE DriverHandle; UINT8 TpmDeviceDetected; EFI_TCG2_PROTOCOL *Tcg2Protocol; diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h index 5960446421..8f36d44c6a 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -1,13 +1,13 @@ /** @file Header file for NV data structure definition. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -65,7 +65,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 #define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2" -#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3" +#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3" // // Nv Data structure referenced by IFR, TPM device user desired diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf index 8dd0b63e48..0d151ba019 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -4,7 +4,7 @@ # This module initializes TPM device type based on variable and detection. # NOTE: This module is only for reference only, each platform should have its own setup page. # -# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -66,12 +66,12 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## PRODUCES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_CONSUMES [Depex] gEfiPeiMasterBootModePpiGuid AND gEfiPeiReadOnlyVariable2PpiGuid - + [UserExtensions.TianoCore."ExtraFiles"] Tcg2ConfigPeiExtra.uni diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni index 37f81e17bd..b70db23970 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni @@ -1,7 +1,7 @@ // /** @file // Tcg2ConfigDxe Localized Strings and Content // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG2 (Trusted Computing Group) Configuration DXE" diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c index 004c7efe70..c68aab35db 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -1,13 +1,13 @@ /** @file The module entry point for Tcg2 configuration module. -Copyright (c) 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni index a7d62bcbe6..69abe13f24 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni @@ -1,13 +1,13 @@ /** @file String definitions for TCG2 configuration form. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c b/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c index 7e6ca44205..12bb0947a1 100644 --- a/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c +++ b/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c @@ -1,13 +1,13 @@ /** @file TPM1.2/dTPM2.0 auto detection. -Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c index 8ee34a702e..29da2d70e6 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c @@ -1,18 +1,18 @@ /** @file This module implements measuring PeCoff image for Tcg2 Protocol. - + Caution: This file requires additional review when modified. This driver will have external input - PE/COFF image. This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -183,8 +183,8 @@ MeasurePeImageAndExtend ( // if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value - // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the + // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value + // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC // @@ -195,7 +195,7 @@ MeasurePeImageAndExtend ( // Magic = Hdr.Pe32->OptionalHeader.Magic; } - + // // 3. Calculate the distance from the base of the image header to the image checksum address. // 4. Hash the image header from its base to beginning of the image checksum. @@ -218,7 +218,7 @@ MeasurePeImageAndExtend ( Status = HashUpdate (HashHandle, HashBase, HashSize); if (EFI_ERROR (Status)) { goto Finish; - } + } // // 5. Skip over the image checksum (it occupies a single ULONG). @@ -247,7 +247,7 @@ MeasurePeImageAndExtend ( if (EFI_ERROR (Status)) { goto Finish; } - } + } } else { // // 7. Hash everything from the end of the checksum to the start of the Cert Directory. @@ -261,7 +261,7 @@ MeasurePeImageAndExtend ( } else { // // Use PE32+ offset - // + // HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; } @@ -290,7 +290,7 @@ MeasurePeImageAndExtend ( HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); } - + if (HashSize != 0) { Status = HashUpdate (HashHandle, HashBase, HashSize); if (EFI_ERROR (Status)) { diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index e2f346217a..aa463b287e 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -1,14 +1,14 @@ /** @file This module implements Tcg2 Protocol. - -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+ +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -372,11 +372,11 @@ GetProcessorsCpuLocation ( @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The command was unsuccessful. - The ProtocolCapability variable will not be populated. + The ProtocolCapability variable will not be populated. @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. The ProtocolCapability variable will not be populated. @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response. - It will be partially populated (required Size field will be set). + It will be partially populated (required Size field will be set). **/ EFI_STATUS EFIAPI @@ -390,7 +390,7 @@ Tcg2GetCapability ( if ((This == NULL) || (ProtocolCapability == NULL)) { return EFI_INVALID_PARAMETER; } - + DEBUG ((DEBUG_VERBOSE, "Size - 0x%x\n", ProtocolCapability->Size)); DEBUG ((DEBUG_VERBOSE, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY), sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0))); @@ -398,7 +398,7 @@ Tcg2GetCapability ( // // Handle the case that firmware support 1.1 but OS only support 1.0. // - if ((mTcgDxeData.BsCap.ProtocolVersion.Major > 0x01) || + if ((mTcgDxeData.BsCap.ProtocolVersion.Major > 0x01) || ((mTcgDxeData.BsCap.ProtocolVersion.Major == 0x01) && ((mTcgDxeData.BsCap.ProtocolVersion.Minor > 0x00)))) { if (ProtocolCapability->Size >= sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)) { CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)); @@ -563,7 +563,7 @@ DumpEvent2 ( /** This function returns size of TCG PCR event 2. - + @param[in] TcgPcrEvent2 TCG PCR event 2 structure. @return size of TCG PCR event 2. @@ -623,7 +623,7 @@ DumpEventLog ( UINTN NumberOfEvents; DEBUG ((EFI_D_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat)); - + switch (EventLogFormat) { case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; @@ -647,7 +647,7 @@ DumpEventLog ( break; case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: // - // Dump first event + // Dump first event // EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; DumpEvent (EventHdr); @@ -682,7 +682,7 @@ DumpEventLog ( /** The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to - retrieve the address of a given event log and its last entry. + retrieve the address of a given event log and its last entry. @param[in] This Indicates the calling context @param[in] EventLogFormat The type of the event log for which the information is requested. @@ -780,14 +780,14 @@ Tcg2GetEventLog ( /** Add a new entry to the Event Log. - @param[in, out] EventLogPtr Pointer to the Event Log data. - @param[in, out] LogSize Size of the Event Log. + @param[in, out] EventLogPtr Pointer to the Event Log data. + @param[in, out] LogSize Size of the Event Log. @param[in] MaxSize Maximum size of the Event Log. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventData Pointer to the new event data. @param[in] NewEventSize New event data size. - + @retval EFI_SUCCESS The new event log entry was added. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -838,9 +838,9 @@ TcgCommLogEvent ( Add a new entry to the Event Log. @param[in] EventLogFormat The type of the event log for which the information is requested. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventData Pointer to the new event data. @param[in] NewEventSize New event data size. @retval EFI_SUCCESS The new event log entry was added. @@ -859,7 +859,7 @@ TcgDxeLogEvent ( EFI_STATUS Status; UINTN Index; TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct; - + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) { break; @@ -889,7 +889,7 @@ TcgDxeLogEvent ( NewEventData, NewEventSize ); - + if (Status == EFI_OUT_OF_RESOURCES) { EventLogAreaStruct->EventLogTruncated = TRUE; return EFI_VOLUME_FULL; @@ -1122,11 +1122,11 @@ TcgDxeLogHashEvent ( and add an entry to the Event Log. @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data buffer + @param[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged. @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData - @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. - @param[in] NewEventData Pointer to the new event data. + @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -1176,13 +1176,13 @@ TcgDxeHashLogExtendEvent ( /** The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with an opportunity to extend and optionally log events without requiring - knowledge of actual TPM commands. + knowledge of actual TPM commands. The extend operation will occur even if this function cannot create an event - log entry (e.g. due to the event log being full). + log entry (e.g. due to the event log being full). @param[in] This Indicates the calling context @param[in] Flags Bitmap providing additional information. - @param[in] DataToHash Physical address of the start of the data buffer to be hashed. + @param[in] DataToHash Physical address of the start of the data buffer to be hashed. @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash. @param[in] Event Pointer to data buffer containing information about the event. @@ -1272,7 +1272,7 @@ Tcg2HashLogExtendEvent ( @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. **/ EFI_STATUS EFIAPI @@ -1322,7 +1322,7 @@ Tcg2SubmitCommand ( @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks. @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. **/ EFI_STATUS EFIAPI @@ -1412,7 +1412,7 @@ Tcg2GetResultOfSetActivePcrBanks ( if ((OperationPresent == NULL) || (Response == NULL)) { return EFI_INVALID_PARAMETER; } - + ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (OperationPresent, Response); if (ReturnCode == TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS) { return EFI_SUCCESS; @@ -1485,7 +1485,7 @@ SetupEventLog ( mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); // - // To initialize them as 0xFF is recommended + // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); @@ -1631,7 +1631,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE; // - // Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 + // Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 // Status = gBS->InstallConfigurationTable (&gEfiTcg2FinalEventsTableGuid, (VOID *)mTcgDxeData.FinalEventsTable[Index]); if (EFI_ERROR (Status)) { @@ -1652,7 +1652,7 @@ SetupEventLog ( } } } - + // // 3. Sync data from PEI to DXE // @@ -1661,7 +1661,7 @@ SetupEventLog ( if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { GuidHob.Raw = GetHobList (); Status = EFI_SUCCESS; - while (!EFI_ERROR (Status) && + while (!EFI_ERROR (Status) && (GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) { TcgEvent = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid)); ASSERT (TcgEvent != NULL); @@ -1729,8 +1729,8 @@ SetupEventLog ( Measure and log an action string, and extend the measurement result into PCR[PCRIndex]. @param[in] PCRIndex PCRIndex to extend - @param[in] String A specific string that indicates an Action event. - + @param[in] String A specific string that indicates an Action event. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -1778,7 +1778,7 @@ MeasureHandoffTables ( if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { // - // Tcg Server spec. + // Tcg Server spec. // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1] // Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); @@ -1810,7 +1810,7 @@ MeasureHandoffTables ( /** Measure and log Separator event, and extend the measurement result into a specific PCR. - @param[in] PCRIndex PCR index. + @param[in] PCRIndex PCR index. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -1842,13 +1842,13 @@ MeasureSeparatorEvent ( /** Measure and log an EFI variable, and extend the measurement result into a specific PCR. - @param[in] PCRIndex PCR Index. - @param[in] EventType Event type. + @param[in] PCRIndex PCR Index. + @param[in] EventType Event type. @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[in] VarData The content of the variable data. - @param[in] VarSize The size of the variable data. - + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -1928,13 +1928,13 @@ MeasureVariable ( /** Read then Measure and log an EFI variable, and extend the measurement result into a specific PCR. - @param[in] PCRIndex PCR Index. - @param[in] EventType Event type. + @param[in] PCRIndex PCR Index. + @param[in] EventType Event type. @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. - @param[out] VarData Pointer to the content of the variable. - + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -1987,9 +1987,9 @@ according to TCG PC Client PFP spec 0021 Section 2.4.4.2 @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. - @param[out] VarData Pointer to the content of the variable. - + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -2018,9 +2018,9 @@ ReadAndMeasureBootVariable ( @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. - @param[out] VarData Pointer to the content of the variable. - + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -2477,7 +2477,7 @@ OnResetNotificationInstall ( /** The function install Tcg2 protocol. - + @retval EFI_SUCCESS Tcg2 protocol is installed. @retval other Some error occurs. **/ @@ -2502,9 +2502,9 @@ InstallTcg2 ( /** The driver's entry point. It publishes EFI Tcg2 Protocol. - @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] ImageHandle The firmware allocated handle for the EFI image. @param[in] SystemTable A pointer to the EFI System Table. - + @retval EFI_SUCCESS The entry point is executed successfully. @retval other Some error occurs when executing this entry point. **/ @@ -2537,18 +2537,18 @@ DriverEntry ( DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); return EFI_DEVICE_ERROR; } - + Status = Tpm2RequestUseTpm (); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); return Status; } - + // // Fill information // ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])); - + mTcgDxeData.BsCap.Size = sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY); mTcgDxeData.BsCap.ProtocolVersion.Major = 1; mTcgDxeData.BsCap.ProtocolVersion.Minor = 1; @@ -2655,7 +2655,7 @@ DriverEntry ( ); // - // Measure Exit Boot Service failed + // Measure Exit Boot Service failed // Status = gBS->CreateEventEx ( EVT_NOTIFY_SIGNAL, diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index 59d6dc3dfb..2bc45bddf5 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -14,7 +14,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -78,7 +78,7 @@ ## SOMETIMES_CONSUMES ## Variable:L"db" ## SOMETIMES_CONSUMES ## Variable:L"dbx" gEfiImageSecurityDatabaseGuid - + gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB gTpmErrorHobGuid ## SOMETIMES_CONSUMES ## HOB gEfiEventExitBootServicesGuid ## CONSUMES ## Event diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni index dadcd1a79e..9e14a4e3fd 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni @@ -2,13 +2,13 @@ // Produces TCG2 protocol and measure boot environment // // This module will produce TCG2 protocol and measure boot environment. -// +// // Caution: This module requires additional review when modified. // This driver will have external input - PE/COFF image. // This external input must be validated carefully to avoid security issue like // buffer overflow, integer overflow. // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni index 1cd59a33a3..d772c56797 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni @@ -1,7 +1,7 @@ // /** @file // Tcg2Dxe Localized Strings and Content // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,6 +12,6 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG2 (Trusted Computing Group) DXE" diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 3758fc6a41..74cdd1fa88 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -1,14 +1,14 @@ /** @file Initialize TPM2 device and measure FVs before handing off control to DXE. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
Copyright (c) 2017, Microsoft Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -119,12 +119,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { { EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, &gEfiPeiFirmwareVolumeInfoPpiGuid, - FirmwareVolmeInfoPpiNotifyCallback + FirmwareVolmeInfoPpiNotifyCallback }, { EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, &gEfiPeiFirmwareVolumeInfo2PpiGuid, - FirmwareVolmeInfoPpiNotifyCallback + FirmwareVolmeInfoPpiNotifyCallback }, { (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), @@ -136,7 +136,7 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { /** Record all measured Firmware Volum Information into a Guid Hob - Guid Hob payload layout is + Guid Hob payload layout is UINT32 *************************** FIRMWARE_BLOB number EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array @@ -156,13 +156,13 @@ EndofPeiSignalNotifyCallBack ( IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, IN VOID *Ppi ) -{ +{ MEASURED_HOB_DATA *MeasuredHobData; MeasuredHobData = NULL; // - // Create a Guid hob to save all measured Fv + // Create a Guid hob to save all measured Fv // MeasuredHobData = BuildGuidHob( &gMeasuredFvHobGuid, @@ -358,11 +358,11 @@ LogHashEvent ( added into the Event Log. @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data buffer + @param[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged. @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. - @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -396,7 +396,7 @@ HashLogExtendEvent ( Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData); } } - + if (Status == EFI_DEVICE_ERROR) { DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); BuildGuidHob (&gTpmErrorHobGuid,0); @@ -443,13 +443,13 @@ MeasureCRTMVersion ( } /** - Measure FV image. - Add it into the measured FV list after the FV is measured successfully. + Measure FV image. + Add it into the measured FV list after the FV is measured successfully. @param[in] FvBase Base address of FV image. @param[in] FvLength Length of FV image. - @retval EFI_SUCCESS Fv image is measured successfully + @retval EFI_SUCCESS Fv image is measured successfully or it has been already measured. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @retval EFI_DEVICE_ERROR The command was unsuccessful. @@ -705,21 +705,21 @@ FirmwareVolmeInfoPpiNotifyCallback ( // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi. // Status = PeiServicesLocatePpi ( - &Fv->FvFormat, - 0, + &Fv->FvFormat, + 0, NULL, (VOID**)&FvPpi ); if (EFI_ERROR (Status)) { return EFI_SUCCESS; } - + // // This is an FV from an FFS file, and the parent FV must have already been measured, // No need to measure twice, so just record the FV and return // if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) { - + ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { // @@ -761,7 +761,7 @@ PeimEntryMP ( ASSERT (mMeasuredBaseFvInfo != NULL); mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)); ASSERT (mMeasuredChildFvInfo != NULL); - + if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) { Status = MeasureCRTMVersion (); } @@ -785,7 +785,7 @@ PeimEntryMP ( /** Measure and log Separator event with error, and extend the measurement result into a specific PCR. - @param[in] PCRIndex PCR index. + @param[in] PCRIndex PCR index. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -885,7 +885,7 @@ PeimEntryMA ( goto Done; } } - + // // Update Tpm2HashMask according to PCR bank. // diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni b/SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni index dea6dcc0e3..848b8b4d6d 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni @@ -1,7 +1,7 @@ // /** @file // Tcg2Pei Localized Strings and Content // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG2 (Trusted Computing Group) PEI" diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index 26f1fbdf8c..21b1014a3b 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -10,12 +10,12 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -82,7 +82,7 @@ PhysicalPresenceCallback ( mTcgNvs->PhysicalPresence.LastRequest = MostRecentRequest; mTcgNvs->PhysicalPresence.Response = Response; return EFI_SUCCESS; - } else if ((mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) + } else if ((mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) || (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) { OperationRequest = mTcgNvs->PhysicalPresence.Request; @@ -163,7 +163,7 @@ MemoryClearCallback ( DataSize, &MorControl ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status)) { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status)); } @@ -201,7 +201,7 @@ AssignOpRegion ( for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1); OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length); OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { - if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && + if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && (OpRegion->NameString == Name) && (OpRegion->DWordPrefix == AML_DWORD_PREFIX) && (OpRegion->BytePrefix == AML_BYTE_PREFIX)) { @@ -219,7 +219,7 @@ AssignOpRegion ( } /** - Patch version string of Physical Presence interface supported by platform. The initial string tag in TPM + Patch version string of Physical Presence interface supported by platform. The initial string tag in TPM ACPI table is "$PV". @param[in, out] Table The TPM item in ACPI table. @@ -536,7 +536,7 @@ UpdateHID ( if (!EFI_ERROR(Status)) { DEBUG((EFI_D_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); // - // ManufacturerID defined in TCG Vendor ID Registry + // ManufacturerID defined in TCG Vendor ID Registry // may tailed with 0x00 or 0x20 // if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) { @@ -571,7 +571,7 @@ UpdateHID ( } else { AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); } - + } else { DEBUG ((EFI_D_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status)); ASSERT(FALSE); @@ -742,7 +742,7 @@ PublishTpm2 ( // // PlatformClass is only valid for version 4 and above - // BIT0~15: PlatformClass + // BIT0~15: PlatformClass // BIT16~31: Reserved // if (mTpm2AcpiTemplate.Header.Revision >= EFI_TPM2_ACPI_TABLE_REVISION_4) { @@ -808,12 +808,12 @@ PublishTpm2 ( /** The driver's entry point. - It install callbacks for TPM physical presence and MemoryClear, and locate + It install callbacks for TPM physical presence and MemoryClear, and locate SMM variable to be used in the callback function. - @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] ImageHandle The firmware allocated handle for the EFI image. @param[in] SystemTable A pointer to the EFI System Table. - + @retval EFI_SUCCESS The entry point is executed successfully. @retval Others Some error occurs when executing this entry point. @@ -858,7 +858,7 @@ InitializeTcgSmm ( return Status; } mTcgNvs->MemoryClear.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue; - + // // Locate SmmVariableProtocol. // diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index e3a14e8339..176a8d59f0 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -1,13 +1,13 @@ /** @file The header file for Tcg2 SMM driver. - + Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf index 168f9779e6..142941e269 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -8,8 +8,8 @@ # TPM2.0 ACPI device object # "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 00.21" # -# This driver implements TPM 2.0 definition block in ACPI table and -# registers SMI callback functions for Tcg2 physical presence and +# This driver implements TPM 2.0 definition block in ACPI table and +# registers SMI callback functions for Tcg2 physical presence and # MemoryClear to handle the requests from ACPI method. # # Caution: This module requires additional review when modified. @@ -62,9 +62,9 @@ [Guids] ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" - ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" gEfiMemoryOverwriteControlDataGuid - + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier [Protocols] diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni index 297e71a06d..11f47fa5e8 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni @@ -4,12 +4,12 @@ // This driver implements TPM 2.0 definition block in ACPI table and // registers SMI callback functions for TCG2 physical presence and // MemoryClear to handle the requests from ACPI method. -// +// // Caution: This module requires additional review when modified. // This driver will have external input - variable and ACPINvs data in SMM mode. // This external input must be validated carefully to avoid security issue. // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni b/SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni index e2a7b1d02f..caef3f37e8 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni @@ -1,7 +1,7 @@ // /** @file // Tcg2Smm Localized Strings and Content // -// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG2 (Trusted Computing Group) SMM" diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl index f58efca144..50dea0ab9a 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl +++ b/SecurityPkg/Tcg/Tcg2Smm/Tpm.asl @@ -1,16 +1,16 @@ /** @file - The TPM2 definition block in ACPI table for TCG2 physical presence + The TPM2 definition block in ACPI table for TCG2 physical presence and MemoryClear. Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
(c)Copyright 2016 HP Development Company, L.P.
Copyright (c) 2017, Microsoft Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -49,7 +49,7 @@ DefinitionBlock ( // OperationRegion (SMIP, SystemIO, 0xB2, 1) Field (SMIP, ByteAcc, NoLock, Preserve) - { + { IOB2, 8 } @@ -247,12 +247,12 @@ DefinitionBlock ( } Method (PTS, 1, Serialized) - { + { // // Detect Sx state for MOR, only S4, S5 need to handle // If (LAnd (LLess (Arg0, 6), LGreater (Arg0, 3))) - { + { // // Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect. // @@ -262,7 +262,7 @@ DefinitionBlock ( // Triggle the SMI through ACPI _PTS method. // Store (0x02, MCIP) - + // // Triggle the SMI interrupt // @@ -270,7 +270,7 @@ DefinitionBlock ( } } Return (0) - } + } Method (_STA, 0) { @@ -320,12 +320,12 @@ DefinitionBlock ( } Name(TPM2, Package (0x02){ - Zero, + Zero, Zero }) Name(TPM3, Package (0x03){ - Zero, + Zero, Zero, Zero }) @@ -334,7 +334,7 @@ DefinitionBlock ( // TCG Physical Presence Interface // Method (TPPI, 3, Serialized, 0, {BuffObj, PkgObj, IntObj, StrObj}, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj - { + { // // Switch by function index // @@ -359,11 +359,11 @@ DefinitionBlock ( // // b) Submit TPM Operation Request to Pre-OS Environment // - + Store (DerefOf (Index (Arg2, 0x00)), PPRQ) Store (0, PPRM) Store (0x02, PPIP) - + // // Triggle the SMI interrupt // @@ -377,7 +377,7 @@ DefinitionBlock ( // // c) Get Pending TPM Operation Requested By the OS // - + Store (PPRQ, Index (TPM2, 0x01)) Return (TPM2) } @@ -394,12 +394,12 @@ DefinitionBlock ( // e) Return TPM Operation Response to OS Environment // Store (0x05, PPIP) - + // // Triggle the SMI interrupt // Store (PPIN, IOB2) - + Store (LPPR, Index (TPM3, 0x01)) Store (PPRP, Index (TPM3, 0x02)) @@ -426,11 +426,11 @@ DefinitionBlock ( If (LEqual (PPRQ, 23)) { Store (DerefOf (Index (Arg2, 0x01)), PPRM) } - + // - // Triggle the SMI interrupt + // Triggle the SMI interrupt // - Store (PPIN, IOB2) + Store (PPIN, IOB2) Return (FRET) } Case (8) @@ -440,12 +440,12 @@ DefinitionBlock ( // Store (8, PPIP) Store (DerefOf (Index (Arg2, 0x00)), UCRQ) - + // // Triggle the SMI interrupt // Store (PPIN, IOB2) - + Return (FRET) } @@ -474,12 +474,12 @@ DefinitionBlock ( // Save the Operation Value of the Request to MORD (reserved memory) // Store (DerefOf (Index (Arg2, 0x00)), MORD) - + // // Triggle the SMI through ACPI _DSM method. // Store (0x01, MCIP) - + // // Triggle the SMI interrupt // @@ -488,7 +488,7 @@ DefinitionBlock ( } Default {BreakPoint} } - Return (1) + Return (1) } Method (_DSM, 4, Serialized, 0, UnknownObj, {BuffObj, IntObj, IntObj, PkgObj}) diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr index 94e3229e88..b0a7bf6f47 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr @@ -1,13 +1,13 @@ /** @file VFR file used by the TCG configuration component. -Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -53,7 +53,7 @@ formset option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, flags = 0; endif // - // Clear (TPM_ORD_ForceClear) command is not available when disabled or deactivated. + // Clear (TPM_ORD_ForceClear) command is not available when disabled or deactivated. // suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0 OR ideqval TCG_CONFIGURATION.TpmActivate == 0; @@ -62,7 +62,7 @@ formset endif option text = STRING_TOKEN(STR_ENABLE), value = PHYSICAL_PRESENCE_ENABLE, flags = DEFAULT; - option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE, flags = 0; + option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE, flags = 0; option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, flags = 0; option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0; endoneof; diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c index a9d3105456..22e586bd19 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c @@ -1,13 +1,13 @@ /** @file The module entry point for Tcg configuration module. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -53,7 +53,7 @@ TcgConfigDriverEntryPoint ( if (EFI_ERROR (Status)) { TcgProtocol = NULL; } - + Status = gBS->OpenProtocol ( ImageHandle, &gEfiCallerIdGuid, @@ -65,7 +65,7 @@ TcgConfigDriverEntryPoint ( if (!EFI_ERROR (Status)) { return EFI_ALREADY_STARTED; } - + // // Create a private data structure. // @@ -92,7 +92,7 @@ TcgConfigDriverEntryPoint ( // // Install private GUID. - // + // Status = gBS->InstallMultipleProtocolInterfaces ( &ImageHandle, &gEfiCallerIdGuid, @@ -109,8 +109,8 @@ TcgConfigDriverEntryPoint ( ErrorExit: if (PrivateData != NULL) { UninstallTcgConfigForm (PrivateData); - } - + } + return Status; } @@ -136,11 +136,11 @@ TcgConfigDriverUnload ( ImageHandle, &gEfiCallerIdGuid, (VOID **) &PrivateData - ); + ); if (EFI_ERROR (Status)) { - return Status; + return Status; } - + ASSERT (PrivateData->Signature == TCG_CONFIG_PRIVATE_DATA_SIGNATURE); gBS->UninstallMultipleProtocolInterfaces ( @@ -149,7 +149,7 @@ TcgConfigDriverUnload ( PrivateData, NULL ); - + UninstallTcgConfigForm (PrivateData); return EFI_SUCCESS; diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf index 82fc35eea0..22ff80aae2 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf @@ -2,7 +2,7 @@ # Provides the capability to update TPM state setup browser # By this module, user may enable/disable/activate/deactivate/clear TPM, etc. # -# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -58,7 +58,7 @@ ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" gEfiPhysicalPresenceGuid - + gEfiIfrTianoGuid ## SOMETIMES_PRODUCES ## GUID # HII opcode ## PRODUCES ## HII ## CONSUMES ## HII @@ -78,6 +78,6 @@ gEfiHiiDatabaseProtocolGuid AND gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid - + [UserExtensions.TianoCore."ExtraFiles"] TcgConfigDxeExtra.uni diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni index 2856bf1d40..6b9928feee 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni @@ -1,7 +1,7 @@ // /** @file // TcgConfigDxe Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG (Trusted Computing Group) Config DXE" diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c index 7fa5611cfd..a306bbbb5c 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c @@ -1,13 +1,13 @@ /** @file HII Config Access protocol implementation of TCG configuration module. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -40,7 +40,7 @@ HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = { { END_DEVICE_PATH_TYPE, END_ENTIRE_DEVICE_PATH_SUBTYPE, - { + { (UINT8) (END_DEVICE_PATH_LENGTH), (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) } @@ -73,7 +73,7 @@ GetTpmState ( UINT8 CmdBuf[64]; ASSERT (TcgProtocol != NULL); - + // // Get TPM Permanent flags (TpmEnable, TpmActivate) // @@ -82,7 +82,7 @@ GetTpmState ( *(UINT16*)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND); *(UINT32*)&CmdBuf[2] = SwapBytes32 (TpmSendSize); *(UINT32*)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability); - + *(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG); *(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)); *(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT); @@ -93,12 +93,12 @@ GetTpmState ( CmdBuf, sizeof (CmdBuf), CmdBuf - ); + ); TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0]; if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) { return EFI_DEVICE_ERROR; } - + TpmPermanentFlags = (TPM_PERMANENT_FLAGS *) &CmdBuf[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)]; if (TpmEnable != NULL) { @@ -109,8 +109,8 @@ GetTpmState ( *TpmActivate = (BOOLEAN) !TpmPermanentFlags->deactivated; } } - - return EFI_SUCCESS; + + return EFI_SUCCESS; } /** @@ -175,7 +175,7 @@ TcgExtractConfig ( // // Convert buffer data to by helper function BlockToConfig() - // + // PrivateData->Configuration->TpmOperation = PHYSICAL_PRESENCE_ENABLE; // @@ -321,8 +321,8 @@ SavePpRequest ( ); if (EFI_ERROR (Status)) { return Status; - } - + } + PpData.PPRequest = PpRequest; Status = gRT->SetVariable ( PHYSICAL_PRESENCE_VARIABLE, @@ -400,7 +400,7 @@ TcgCallback ( SavePpRequest (Value->u8); *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT; - + return EFI_SUCCESS; } @@ -458,14 +458,14 @@ InstallTcgConfigForm ( &gEfiHiiConfigAccessProtocolGuid, ConfigAccess, NULL - ); + ); return EFI_OUT_OF_RESOURCES; } - + PrivateData->HiiHandle = HiiHandle; - return EFI_SUCCESS; + return EFI_SUCCESS; } /** diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h index a03abaa1dd..6d26a188be 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h @@ -2,13 +2,13 @@ The header file of HII Config Access protocol implementation of TCG configuration module. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -59,7 +59,7 @@ typedef struct { EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; + EFI_HANDLE DriverHandle; TCG_CONFIGURATION *Configuration; EFI_TCG_PROTOCOL *TcgProtocol; diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h index eaa6fe8018..d821a7218b 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h @@ -1,13 +1,13 @@ /** @file Header file for NV data structure definition. -Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigStrings.uni b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigStrings.uni index fd8458dc00..7a84462a6e 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigStrings.uni +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigStrings.uni @@ -1,13 +1,13 @@ /** @file String definitions for TCG configuration form. -Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -37,4 +37,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_NULL #language en-US "" #string STR_HIDE_TPM_PROMPT #language en-US "Hide TPM" -#string STR_HIDE_TPM_HELP #language en-US "Check to hide TPM in OS" \ No newline at end of file +#string STR_HIDE_TPM_HELP #language en-US "Check to hide TPM in OS" diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index 4a90c5ccef..21837fe3d3 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -1,6 +1,6 @@ -/** @file +/** @file This module implements TCG EFI Protocol. - + Caution: This module requires additional review when modified. This driver will have external input - TcgDxePassThroughToTpm This external input must be validated carefully to avoid security issue like @@ -8,14 +8,14 @@ buffer overflow, integer overflow. TcgDxePassThroughToTpm() will receive untrusted input and do basic validation. -Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -86,8 +86,8 @@ EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = { // // The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one example, // the TPM device connectes to LPC, and also defined the ACPI _UID as 0xFF, -// this _UID can be changed and should match with the _UID setting of the TPM -// ACPI device object +// this _UID can be changed and should match with the _UID setting of the TPM +// ACPI device object // EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = { { @@ -209,26 +209,26 @@ GetProcessorsCpuLocation ( } /** - This service provides EFI protocol capability information, state information + This service provides EFI protocol capability information, state information about the TPM, and Event Log state information. @param[in] This Indicates the calling context - @param[out] ProtocolCapability The callee allocates memory for a TCG_BOOT_SERVICE_CAPABILITY - structure and fills in the fields with the EFI protocol + @param[out] ProtocolCapability The callee allocates memory for a TCG_BOOT_SERVICE_CAPABILITY + structure and fills in the fields with the EFI protocol capability information and the current TPM state information. - @param[out] TCGFeatureFlags This is a pointer to the feature flags. No feature - flags are currently defined so this parameter - MUST be set to 0. However, in the future, - feature flags may be defined that, for example, + @param[out] TCGFeatureFlags This is a pointer to the feature flags. No feature + flags are currently defined so this parameter + MUST be set to 0. However, in the future, + feature flags may be defined that, for example, enable hash algorithm agility. @param[out] EventLogLocation This is a pointer to the address of the event log in memory. - @param[out] EventLogLastEntry If the Event Log contains more than one entry, - this is a pointer to the address of the start of - the last entry in the event log in memory. + @param[out] EventLogLastEntry If the Event Log contains more than one entry, + this is a pointer to the address of the start of + the last entry in the event log in memory. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_INVALID_PARAMETER ProtocolCapability does not match TCG capability. - + **/ EFI_STATUS EFIAPI @@ -307,21 +307,21 @@ TpmCommHashAll ( /** This service abstracts the capability to do a hash operation on a data buffer. - + @param[in] This Indicates the calling context @param[in] HashData Pointer to the data buffer to be hashed @param[in] HashDataLen Length of the data buffer to be hashed @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation @param[in, out] HashedDataLen Resultant length of the hashed data - @param[in, out] HashedDataResult Resultant buffer of the hashed data - + @param[in, out] HashedDataResult Resultant buffer of the hashed data + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_INVALID_PARAMETER HashDataLen is NULL. @retval EFI_INVALID_PARAMETER HashDataLenResult is NULL. @retval EFI_OUT_OF_RESOURCES Cannot allocate buffer of size *HashedDataLen. @retval EFI_UNSUPPORTED AlgorithmId not supported. @retval EFI_BUFFER_TOO_SMALL *HashedDataLen < sizeof (TCG_DIGEST). - + **/ EFI_STATUS EFIAPI @@ -356,7 +356,7 @@ TcgDxeHashAll ( if (*HashedDataResult == NULL) { *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen); - } + } return TpmCommHashAll ( HashData, @@ -419,9 +419,9 @@ TpmCommLogEvent ( Add a new entry to the Event Log. @param[in] TcgData TCG_DXE_DATA structure. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. - @param[in] NewEventData Pointer to the new event data. - + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + @retval EFI_SUCCESS The new event log entry was added. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -459,18 +459,18 @@ TcgDxeLogEventI ( This service abstracts the capability to add an entry to the Event Log. @param[in] This Indicates the calling context - @param[in] TCGLogData Pointer to the start of the data buffer containing - the TCG_PCR_EVENT data structure. All fields in + @param[in] TCGLogData Pointer to the start of the data buffer containing + the TCG_PCR_EVENT data structure. All fields in this structure are properly filled by the caller. @param[in, out] EventNumber The event number of the event just logged - @param[in] Flags Indicate additional flags. Only one flag has been - defined at this time, which is 0x01 and means the - extend operation should not be performed. All - other bits are reserved. - + @param[in] Flags Indicate additional flags. Only one flag has been + defined at this time, which is 0x01 and means the + extend operation should not be performed. All + other bits are reserved. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Insufficient memory in the event log to complete this action. - + **/ EFI_STATUS EFIAPI @@ -488,7 +488,7 @@ TcgDxeLogEvent ( } TcgData = TCG_DXE_DATA_FROM_THIS (This); - + if (TcgData->BsCap.TPMDeactivatedFlag || (!TcgData->BsCap.TPMPresentFlag)) { return EFI_DEVICE_ERROR; } @@ -512,7 +512,7 @@ TcgDxeLogEvent ( @retval EFI_INVALID_PARAMETER Invalid ordinal. @retval EFI_UNSUPPORTED Current Task Priority Level >= EFI_TPL_CALLBACK. @retval EFI_TIMEOUT The TIS timed-out. - + **/ EFI_STATUS EFIAPI @@ -524,8 +524,8 @@ TcgDxePassThroughToTpm ( IN UINT8 *TpmOutputParameterBlock ) { - if (TpmInputParameterBlock == NULL || - TpmOutputParameterBlock == NULL || + if (TpmInputParameterBlock == NULL || + TpmOutputParameterBlock == NULL || TpmInputParameterBlockSize == 0 || TpmOutputParameterBlockSize == 0) { return EFI_INVALID_PARAMETER; @@ -544,11 +544,11 @@ TcgDxePassThroughToTpm ( and add an entry to the Event Log. @param[in] TcgData TCG_DXE_DATA structure. - @param[in] HashData Physical address of the start of the data buffer + @param[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged. @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData - @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. - @param[in] NewEventData Pointer to the new event data. + @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -611,24 +611,24 @@ Done: extend a specific TPM PCR with the hash result, and add an entry to the Event Log @param[in] This Indicates the calling context - @param[in] HashData Physical address of the start of the data buffer + @param[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged. @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation - @param[in, out] TCGLogData The physical address of the start of the data + @param[in, out] TCGLogData The physical address of the start of the data buffer containing the TCG_PCR_EVENT data structure. @param[in, out] EventNumber The event number of the event just logged. - @param[out] EventLogLastEntry Physical address of the first byte of the entry - just placed in the Event Log. If the Event Log was - empty when this function was called then this physical - address will be the same as the physical address of + @param[out] EventLogLastEntry Physical address of the first byte of the entry + just placed in the Event Log. If the Event Log was + empty when this function was called then this physical + address will be the same as the physical address of the start of the Event Log. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_UNSUPPORTED AlgorithmId != TPM_ALG_SHA. @retval EFI_UNSUPPORTED Current TPL >= EFI_TPL_CALLBACK. @retval EFI_DEVICE_ERROR The command was unsuccessful. - + **/ EFI_STATUS EFIAPI @@ -650,15 +650,15 @@ TcgDxeHashLogExtendEvent ( } TcgData = TCG_DXE_DATA_FROM_THIS (This); - + if (TcgData->BsCap.TPMDeactivatedFlag || (!TcgData->BsCap.TPMPresentFlag)) { return EFI_DEVICE_ERROR; } - + if (AlgorithmId != TPM_ALG_SHA) { return EFI_UNSUPPORTED; } - + if (HashData == 0 && HashDataLen > 0) { return EFI_INVALID_PARAMETER; } @@ -717,10 +717,10 @@ SetupEventLog ( TCG_PCR_EVENT *TcgEvent; EFI_PEI_HOB_POINTERS GuidHob; EFI_PHYSICAL_ADDRESS Lasa; - + if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { Lasa = mTcgClientAcpiTemplate.Lasa; - + Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, @@ -732,15 +732,15 @@ SetupEventLog ( } mTcgClientAcpiTemplate.Lasa = Lasa; // - // To initialize them as 0xFF is recommended + // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); - + } else { Lasa = mTcgServerAcpiTemplate.Lasa; - + Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, @@ -752,7 +752,7 @@ SetupEventLog ( } mTcgServerAcpiTemplate.Lasa = Lasa; // - // To initialize them as 0xFF is recommended + // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); @@ -760,7 +760,7 @@ SetupEventLog ( } GuidHob.Raw = GetHobList (); - while (!EFI_ERROR (Status) && + while (!EFI_ERROR (Status) && (GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL) { TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid); GuidHob.Raw = GET_NEXT_HOB (GuidHob); @@ -777,8 +777,8 @@ SetupEventLog ( /** Measure and log an action string, and extend the measurement result into PCR[5]. - @param[in] String A specific string that indicates an Action event. - + @param[in] String A specific string that indicates an Action event. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -827,7 +827,7 @@ MeasureHandoffTables ( if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { // - // Tcg Server spec. + // Tcg Server spec. // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1] // Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); @@ -859,7 +859,7 @@ MeasureHandoffTables ( /** Measure and log Separator event, and extend the measurement result into a specific PCR. - @param[in] PCRIndex PCR index. + @param[in] PCRIndex PCR index. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -895,7 +895,7 @@ MeasureSeparatorEvent ( @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. + @param[out] VarSize The size of the variable data. @return A pointer to the buffer to return the contents of the variable.Otherwise NULL. @@ -944,13 +944,13 @@ ReadVariable ( /** Measure and log an EFI variable, and extend the measurement result into a specific PCR. - @param[in] PCRIndex PCR Index. - @param[in] EventType Event type. + @param[in] PCRIndex PCR Index. + @param[in] EventType Event type. @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[in] VarData The content of the variable data. - @param[in] VarSize The size of the variable data. - + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -1013,9 +1013,9 @@ MeasureVariable ( @param[in] VarName A Null-terminated string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. - @param[out] VarData Pointer to the content of the variable. - + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES Out of memory. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -1197,9 +1197,9 @@ OnReadyToBoot ( /** Install TCG ACPI Table when ACPI Table Protocol is available. - A system's firmware uses an ACPI table to identify the system's TCG capabilities - to the Post-Boot environment. The information in this ACPI table is not guaranteed - to be valid until the Host Platform transitions from pre-boot state to post-boot state. + A system's firmware uses an ACPI table to identify the system's TCG capabilities + to the Post-Boot environment. The information in this ACPI table is not guaranteed + to be valid until the Host Platform transitions from pre-boot state to post-boot state. @param[in] Event Event whose notification function is being invoked @param[in] Context Pointer to the notification function's context @@ -1230,7 +1230,7 @@ InstallAcpiTable ( mTcgClientAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); mTcgClientAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); // - // The ACPI table must be checksumed before calling the InstallAcpiTable() + // The ACPI table must be checksumed before calling the InstallAcpiTable() // service of the ACPI table protocol to install it. // Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate)); @@ -1250,7 +1250,7 @@ InstallAcpiTable ( mTcgServerAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); mTcgServerAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); // - // The ACPI table must be checksumed before calling the InstallAcpiTable() + // The ACPI table must be checksumed before calling the InstallAcpiTable() // service of the ACPI table protocol to install it. // Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate)); @@ -1341,7 +1341,7 @@ OnExitBootServicesFailed ( /** Get TPM Deactivated state. - @param[out] TPMDeactivatedFlag Returns TPM Deactivated state. + @param[out] TPMDeactivatedFlag Returns TPM Deactivated state. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_DEVICE_ERROR The operation was unsuccessful. @@ -1368,9 +1368,9 @@ GetTpmStatus ( It publishes EFI TCG Protocol. - @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] ImageHandle The firmware allocated handle for the EFI image. @param[in] SystemTable A pointer to the EFI System Table. - + @retval EFI_SUCCESS The entry point is executed successfully. @retval other Some error occurs when executing this entry point. @@ -1444,7 +1444,7 @@ DriverEntry ( ); // - // Measure Exit Boot Service failed + // Measure Exit Boot Service failed // Status = gBS->CreateEventEx ( EVT_NOTIFY_SIGNAL, @@ -1460,6 +1460,6 @@ DriverEntry ( // Install ACPI Table // EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration); - + return Status; } diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index 1b96ecbe2a..320f55210a 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -2,7 +2,7 @@ # Produces TCG protocol and measures boot environment # This module will produce TCG protocol and measure boot environment. # -# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -65,7 +65,7 @@ gEfiTcgProtocolGuid ## PRODUCES gEfiAcpiTableProtocolGuid ## NOTIFY gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES - + [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES @@ -83,4 +83,4 @@ [UserExtensions.TianoCore."ExtraFiles"] TcgDxeExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni b/SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni index f6f8b634e0..1d83daddfb 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni @@ -1,7 +1,7 @@ // /** @file // TcgDxe Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG (Trusted Computing Group) DXE" diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index 63807f44ff..1ed11a1b29 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -1,13 +1,13 @@ /** @file Initialize TPM device and measure FVs before handing off control to DXE. -Copyright (c) 2005 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -129,12 +129,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { { EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, &gEfiPeiFirmwareVolumeInfoPpiGuid, - FirmwareVolmeInfoPpiNotifyCallback + FirmwareVolmeInfoPpiNotifyCallback }, { EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, &gEfiPeiFirmwareVolumeInfo2PpiGuid, - FirmwareVolmeInfoPpiNotifyCallback + FirmwareVolmeInfoPpiNotifyCallback }, { (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), @@ -145,7 +145,7 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { /** Record all measured Firmware Volum Information into a Guid Hob - Guid Hob payload layout is + Guid Hob payload layout is UINT32 *************************** FIRMWARE_BLOB number EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array @@ -165,13 +165,13 @@ EndofPeiSignalNotifyCallBack ( IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, IN VOID *Ppi ) -{ +{ MEASURED_HOB_DATA *MeasuredHobData; MeasuredHobData = NULL; // - // Create a Guid hob to save all measured Fv + // Create a Guid hob to save all measured Fv // MeasuredHobData = BuildGuidHob( &gMeasuredFvHobGuid, @@ -238,11 +238,11 @@ TpmCommHashAll ( added into the Event Log. @param[in] PeiServices Describes the list of possible PEI Services. - @param[in] HashData Physical address of the start of the data buffer + @param[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged. @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. - @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. @retval EFI_SUCCESS Operation completed successfully. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -260,7 +260,7 @@ HashLogExtendEvent ( { EFI_STATUS Status; VOID *HobData; - + if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { return EFI_DEVICE_ERROR; } @@ -349,13 +349,13 @@ MeasureCRTMVersion ( } /** - Measure FV image. - Add it into the measured FV list after the FV is measured successfully. + Measure FV image. + Add it into the measured FV list after the FV is measured successfully. @param[in] FvBase Base address of FV image. @param[in] FvLength Length of FV image. - @retval EFI_SUCCESS Fv image is measured successfully + @retval EFI_SUCCESS Fv image is measured successfully or it has been already measured. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @retval EFI_DEVICE_ERROR The command was unsuccessful. @@ -394,7 +394,7 @@ MeasureFvImage ( return EFI_SUCCESS; } } - + // // Measure and record the FV to the TPM // @@ -450,7 +450,7 @@ MeasureMainBios ( EFI_PEI_FV_HANDLE VolumeHandle; EFI_FV_INFO VolumeInfo; EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - + FvInstances = 0; while (TRUE) { // @@ -462,7 +462,7 @@ MeasureMainBios ( if (EFI_ERROR (Status)) { break; } - + // // Measure and record the firmware volume that is dispatched by PeiCore // @@ -472,8 +472,8 @@ MeasureMainBios ( // Locate the corresponding FV_PPI according to founded FV's format guid // Status = PeiServicesLocatePpi ( - &VolumeInfo.FvFormat, - 0, + &VolumeInfo.FvFormat, + 0, NULL, (VOID**)&FvPpi ); @@ -517,21 +517,21 @@ FirmwareVolmeInfoPpiNotifyCallback ( // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi. // Status = PeiServicesLocatePpi ( - &Fv->FvFormat, - 0, + &Fv->FvFormat, + 0, NULL, (VOID**)&FvPpi ); if (EFI_ERROR (Status)) { return EFI_SUCCESS; } - + // // This is an FV from an FFS file, and the parent FV must have already been measured, // No need to measure twice, so just record the FV and return // if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) { - + ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { // @@ -588,7 +588,7 @@ PhysicalPresencePpiNotifyCallback ( // if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !TpmPermanentFlags.physicalPresenceLifetimeLock) { // - // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. + // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. // PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK; TpmPermanentFlags.physicalPresenceLifetimeLock = TRUE; @@ -605,8 +605,8 @@ PhysicalPresencePpiNotifyCallback ( PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE; } else { PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE; - } - + } + Status = Tpm12PhysicalPresence ( PhysicalPresenceValue ); @@ -614,7 +614,7 @@ PhysicalPresencePpiNotifyCallback ( return Status; } } - + // // 2. Lock physical presence if it is required. // @@ -645,7 +645,7 @@ PhysicalPresencePpiNotifyCallback ( // // Lock physical presence - // + // Status = Tpm12PhysicalPresence ( TPM_PHYSICAL_PRESENCE_LOCK ); @@ -695,8 +695,8 @@ PeimEntryMP ( EFI_STATUS Status; Status = PeiServicesLocatePpi ( - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, - 0, + &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, + 0, NULL, (VOID**)&mMeasurementExcludedFvPpi ); @@ -718,13 +718,13 @@ PeimEntryMP ( } Status = MeasureMainBios (PeiServices); - } + } // // Post callbacks: // 1). for the FvInfoPpi services to measure and record // the additional Fvs to TPM - // 2). for the OperatorPresencePpi service to determine whether to + // 2). for the OperatorPresencePpi service to determine whether to // lock the TPM // Status = PeiServicesNotifyPpi (&mNotifyList[0]); diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index 57ce7263e9..2573cd37d7 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -4,7 +4,7 @@ # This module will initialize TPM device, measure reported FVs and BIOS version. # This module may also lock TPM physical presence and physicalPresenceLifetimeLock. # -# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -73,8 +73,8 @@ gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES @@ -89,4 +89,4 @@ [UserExtensions.TianoCore."ExtraFiles"] TcgPeiExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni b/SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni index e469d984c8..c4395a6595 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni +++ b/SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni @@ -1,7 +1,7 @@ // /** @file // TcgPei Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG (Trusted Computing Group) PEI" diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c index 589bab694b..0b8a002a4d 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -8,13 +8,13 @@ PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -80,7 +80,7 @@ PhysicalPresenceCallback ( mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; mTcgNvs->PhysicalPresence.LastRequest = PpData.LastPPRequest; mTcgNvs->PhysicalPresence.Response = PpData.PPResponse; - } else if ((mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) + } else if ((mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) || (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) { if (EFI_ERROR (Status)) { mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; @@ -107,7 +107,7 @@ PhysicalPresenceCallback ( ); } - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status)) { mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; return EFI_SUCCESS; } @@ -186,7 +186,7 @@ PhysicalPresenceCallback ( if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { RequestConfirmed = TRUE; } - break; + break; case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: @@ -199,7 +199,7 @@ PhysicalPresenceCallback ( // // This command requires UI to prompt user for Auth data // - mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; return EFI_SUCCESS; default: break; @@ -209,11 +209,11 @@ PhysicalPresenceCallback ( mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED; } else { mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED; - } + } if (mTcgNvs->PhysicalPresence.Request >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { mTcgNvs->PhysicalPresence.ReturnCode = TcgPpVendorLibGetUserConfirmationStatusFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags); } - } + } return EFI_SUCCESS; } @@ -281,7 +281,7 @@ MemoryClearCallback ( DataSize, &MorControl ); - if (EFI_ERROR (Status)) { + if (EFI_ERROR (Status)) { mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status)); } @@ -319,7 +319,7 @@ AssignOpRegion ( for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1); OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length); OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { - if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && + if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && (OpRegion->NameString == Name) && (OpRegion->DWordPrefix == AML_DWORD_PREFIX) && (OpRegion->BytePrefix == AML_BYTE_PREFIX)) { @@ -403,12 +403,12 @@ PublishAcpiTable ( /** The driver's entry point. - It install callbacks for TPM physical presence and MemoryClear, and locate + It install callbacks for TPM physical presence and MemoryClear, and locate SMM variable to be used in the callback function. - @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] ImageHandle The firmware allocated handle for the EFI image. @param[in] SystemTable A pointer to the EFI System Table. - + @retval EFI_SUCCESS The entry point is executed successfully. @retval Others Some error occurs when executing this entry point. @@ -453,7 +453,7 @@ InitializeTcgSmm ( return Status; } mTcgNvs->MemoryClear.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue; - + // // Locate SmmVariableProtocol. // diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h index 21e4ad96d2..0aff3e3c4f 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h @@ -1,13 +1,13 @@ /** @file The header file for TCG SMM driver. - -Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf index be7a96bc62..806b8f9b4e 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf @@ -1,15 +1,15 @@ ## @file # Implements ACPI metholds for the TCG feature # -# This driver implements TPM definition block in ACPI table and registers SMI -# callback functions for physical presence and MemoryClear to handle the requests +# This driver implements TPM definition block in ACPI table and registers SMI +# callback functions for physical presence and MemoryClear to handle the requests # from ACPI method. # # Caution: This module requires additional review when modified. # This driver will have external input - variable and ACPINvs data in SMM mode. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -60,7 +60,7 @@ ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" gEfiMemoryOverwriteControlDataGuid - + gEfiTpmDeviceInstanceTpm12Guid ## PRODUCES ## GUID # TPM device identifier [Protocols] @@ -77,7 +77,7 @@ gEfiSmmSwDispatch2ProtocolGuid AND gEfiSmmVariableProtocolGuid AND gEfiTcgProtocolGuid - + [UserExtensions.TianoCore."ExtraFiles"] TcgSmmExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.uni b/SecurityPkg/Tcg/TcgSmm/TcgSmm.uni index 81f7f8d53a..8494332295 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.uni +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.uni @@ -4,12 +4,12 @@ // This driver implements TPM definition block in ACPI table and registers SMI // callback functions for physical presence and MemoryClear to handle the requests // from ACPI method. -// +// // Caution: This module requires additional review when modified. // This driver will have external input - variable and ACPINvs data in SMM mode. // This external input must be validated carefully to avoid security issue. // -// Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni b/SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni index b9ca98bb6e..42d21474d8 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni @@ -1,7 +1,7 @@ // /** @file // TcgSmm Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "TCG (Trusted Computing Group) SMM" diff --git a/SecurityPkg/Tcg/TcgSmm/Tpm.asl b/SecurityPkg/Tcg/TcgSmm/Tpm.asl index b5449d98b4..12f24f3996 100644 --- a/SecurityPkg/Tcg/TcgSmm/Tpm.asl +++ b/SecurityPkg/Tcg/TcgSmm/Tpm.asl @@ -1,14 +1,14 @@ /** @file - The TPM definition block in ACPI table for physical presence + The TPM definition block in ACPI table for physical presence and MemoryClear. -Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -49,7 +49,7 @@ DefinitionBlock ( // OperationRegion (SMIP, SystemIO, 0xB2, 1) Field (SMIP, ByteAcc, NoLock, Preserve) - { + { IOB2, 8 } @@ -79,16 +79,16 @@ DefinitionBlock ( MCIP, 32, // Used for save the Mor paramter MORD, 32, // Memory Overwrite Request Data MRET, 32, // Memory Overwrite function return code - UCRQ, 32 // Phyical Presence request operation to Get User Confirmation Status + UCRQ, 32 // Phyical Presence request operation to Get User Confirmation Status } Method (PTS, 1, Serialized) - { + { // // Detect Sx state for MOR, only S4, S5 need to handle // If (LAnd (LLess (Arg0, 6), LGreater (Arg0, 3))) - { + { // // Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect. // @@ -98,7 +98,7 @@ DefinitionBlock ( // Triggle the SMI through ACPI _PTS method. // Store (0x02, MCIP) - + // // Triggle the SMI interrupt // @@ -106,7 +106,7 @@ DefinitionBlock ( } } Return (0) - } + } Method (_STA, 0) { @@ -156,12 +156,12 @@ DefinitionBlock ( } Name(TPM2, Package (0x02){ - Zero, + Zero, Zero }) Name(TPM3, Package (0x03){ - Zero, + Zero, Zero, Zero }) @@ -170,7 +170,7 @@ DefinitionBlock ( // TCG Physical Presence Interface // Method (TPPI, 3, Serialized, 0, {BuffObj, PkgObj, IntObj, StrObj}, {UnknownObj, UnknownObj, UnknownObj}) // IntObj, IntObj, PkgObj - { + { // // Switch by function index // @@ -195,10 +195,10 @@ DefinitionBlock ( // // b) Submit TPM Operation Request to Pre-OS Environment // - + Store (DerefOf (Index (Arg2, 0x00)), PPRQ) Store (0x02, PPIP) - + // // Triggle the SMI interrupt // @@ -212,7 +212,7 @@ DefinitionBlock ( // // c) Get Pending TPM Operation Requested By the OS // - + Store (PPRQ, Index (TPM2, 0x01)) Return (TPM2) } @@ -229,12 +229,12 @@ DefinitionBlock ( // e) Return TPM Operation Response to OS Environment // Store (0x05, PPIP) - + // // Triggle the SMI interrupt // Store (PPIN, IOB2) - + Store (LPPR, Index (TPM3, 0x01)) Store (PPRP, Index (TPM3, 0x02)) @@ -257,11 +257,11 @@ DefinitionBlock ( // Store (7, PPIP) Store (DerefOf (Index (Arg2, 0x00)), PPRQ) - + // - // Triggle the SMI interrupt + // Triggle the SMI interrupt // - Store (PPIN, IOB2) + Store (PPIN, IOB2) Return (FRET) } Case (8) @@ -271,12 +271,12 @@ DefinitionBlock ( // Store (8, PPIP) Store (DerefOf (Index (Arg2, 0x00)), UCRQ) - + // // Triggle the SMI interrupt // Store (PPIN, IOB2) - + Return (FRET) } @@ -305,12 +305,12 @@ DefinitionBlock ( // Save the Operation Value of the Request to MORD (reserved memory) // Store (DerefOf (Index (Arg2, 0x00)), MORD) - + // // Triggle the SMI through ACPI _DSM method. // Store (0x01, MCIP) - + // // Triggle the SMI interrupt // @@ -319,7 +319,7 @@ DefinitionBlock ( } Default {BreakPoint} } - Return (1) + Return (1) } Method (_DSM, 4, Serialized, 0, UnknownObj, {BuffObj, IntObj, IntObj, PkgObj}) diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c index ec1e3893fc..52fc68b5ee 100644 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.c @@ -1,14 +1,14 @@ /** @file Password Credential Provider driver implementation. - -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+ +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -98,10 +98,10 @@ ExpandTableSize ( // Create new credential table. // NewTable = (CREDENTIAL_TABLE *) AllocateZeroPool ( - sizeof (CREDENTIAL_TABLE) + + sizeof (CREDENTIAL_TABLE) + (Count - 1) * sizeof (PASSWORD_INFO) ); - ASSERT (NewTable != NULL); + ASSERT (NewTable != NULL); NewTable->MaxCount = Count; NewTable->Count = mPwdTable->Count; @@ -110,8 +110,8 @@ ExpandTableSize ( // Copy old entries // CopyMem ( - &NewTable->UserInfo, - &mPwdTable->UserInfo, + &NewTable->UserInfo, + &mPwdTable->UserInfo, mPwdTable->Count * sizeof (PASSWORD_INFO) ); FreePool (mPwdTable); @@ -123,8 +123,8 @@ ExpandTableSize ( Add, update or delete info in table, and sync with NV variable. @param[in] Index The index of the password in table. If index is found in - table, update the info, else add the into to table. - @param[in] Info The new password info to add into table.If Info is NULL, + table, update the info, else add the into to table. + @param[in] Info The new password info to add into table.If Info is NULL, delete the info by Index. @retval EFI_INVALID_PARAMETER Info is NULL when save the info. @@ -151,7 +151,7 @@ ModifyTable ( mPwdTable->Count--; if (Index != mPwdTable->Count) { NewPasswordInfo = &mPwdTable->UserInfo[mPwdTable->Count]; - } + } } else { // // Update the specified entry. @@ -214,9 +214,9 @@ InitCredentialTable ( VarSize = 0; Var = NULL; Status = gRT->GetVariable ( - L"PwdCredential", - &gPwdCredentialProviderGuid, - NULL, + L"PwdCredential", + &gPwdCredentialProviderGuid, + NULL, &VarSize, Var ); @@ -226,9 +226,9 @@ InitCredentialTable ( return EFI_OUT_OF_RESOURCES; } Status = gRT->GetVariable ( - L"PwdCredential", - &gPwdCredentialProviderGuid, - NULL, + L"PwdCredential", + &gPwdCredentialProviderGuid, + NULL, &VarSize, Var ); @@ -236,13 +236,13 @@ InitCredentialTable ( if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { return Status; } - + // // Create the password credential table. // mPwdTable = AllocateZeroPool ( sizeof (CREDENTIAL_TABLE) - sizeof (PASSWORD_INFO) + - PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) + + PASSWORD_TABLE_INC * sizeof (PASSWORD_INFO) + VarSize ); if (mPwdTable == NULL) { @@ -270,7 +270,7 @@ InitCredentialTable ( @retval TRUE Hash the password successfully. @retval FALSE Failed to hash the password. - + **/ BOOLEAN GenerateCredential ( @@ -282,23 +282,23 @@ GenerateCredential ( BOOLEAN Status; UINTN HashSize; VOID *Hash; - + HashSize = Sha1GetContextSize (); Hash = AllocatePool (HashSize); ASSERT (Hash != NULL); - + Status = Sha1Init (Hash); if (!Status) { goto Done; } - + Status = Sha1Update (Hash, Password, PasswordSize); if (!Status) { goto Done; } - + Status = Sha1Final (Hash, Credential); - + Done: FreePool (Hash); return Status; @@ -325,7 +325,7 @@ GetPassword ( UINTN PasswordLen; CHAR16 *QuestionStr; CHAR16 *LineStr; - + PasswordLen = 0; while (TRUE) { PasswordMask[PasswordLen] = L'_'; @@ -346,7 +346,7 @@ GetPassword ( ); FreePool (QuestionStr); FreePool (LineStr); - + // // Check key stroke // @@ -357,8 +357,8 @@ GetPassword ( if (PasswordLen > 0) { PasswordLen--; } - } else if ((Key.UnicodeChar == CHAR_NULL) || - (Key.UnicodeChar == CHAR_TAB) || + } else if ((Key.UnicodeChar == CHAR_NULL) || + (Key.UnicodeChar == CHAR_TAB) || (Key.UnicodeChar == CHAR_LINEFEED)) { continue; } else { @@ -371,7 +371,7 @@ GetPassword ( } } } - + PasswordLen = PasswordLen * sizeof (CHAR16); GenerateCredential (Password, PasswordLen, (UINT8 *)Credential); } @@ -392,7 +392,7 @@ CheckPassword ( { UINTN Index; CHAR8 *Pwd; - + // // Check password credential. // @@ -412,16 +412,16 @@ CheckPassword ( /** Find a user infomation record by the information record type. - This function searches all user information records of User from beginning + This function searches all user information records of User from beginning until either the information is found, or there are no more user infomation records. A match occurs when a Info.InfoType field matches the user information record type. - @param[in] User Points to the user profile record to search. + @param[in] User Points to the user profile record to search. @param[in] InfoType The infomation type to be searched. @param[out] Info Points to the user info found, the caller is responsible to free. - + @retval EFI_SUCCESS Find the user information successfully. @retval Others Fail to find the user information. @@ -438,7 +438,7 @@ FindUserInfoByType ( UINTN UserInfoSize; EFI_USER_INFO_HANDLE UserInfoHandle; EFI_USER_MANAGER_PROTOCOL *UserManager; - + // // Find user information by information type. // @@ -501,7 +501,7 @@ FindUserInfoByType ( if (UserInfo->InfoType == InfoType) { *Info = UserInfo; return EFI_SUCCESS; - } + } } if (UserInfo != NULL) { @@ -570,7 +570,7 @@ CredentialDriverCallback ( return Status; } *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; - } + } return EFI_SUCCESS; } @@ -716,24 +716,24 @@ InitFormBrowser ( /** Enroll a user on a credential provider. - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; + This function enrolls a user on this credential provider. If the user exists on + this credential provider, update the user information on this credential provider; otherwise add the user information on credential provider. - + @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile to enroll. - + @retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile + on any user profile or cannot enroll on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support enrollment in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be created because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - + **/ EFI_STATUS EFIAPI @@ -769,12 +769,12 @@ CredentialEnroll ( return EFI_INVALID_PARAMETER; } - CopyMem (PwdInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER)); + CopyMem (PwdInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER)); FreePool (UserInfo); // // Get password from user. - // + // while (TRUE) { // // Input password. @@ -791,10 +791,10 @@ CredentialEnroll ( // if (CompareMem (PwdInfo.Password, Password, CREDENTIAL_LEN) == 0) { break; - } + } QuestionStr = GetStringById (STRING_TOKEN (STR_PASSWORD_MISMATCH)); - PromptStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN)); + PromptStr = GetStringById (STRING_TOKEN (STR_INPUT_PASSWORD_AGAIN)); CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, @@ -809,17 +809,17 @@ CredentialEnroll ( // // Check whether User is ever enrolled in the provider. - // + // for (Index = 0; Index < mPwdTable->Count; Index++) { UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; if (CompareMem (UserId, (UINT8 *) &PwdInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { // // User already exists, update the password. - // + // break; } } - + // // Enroll the User to the provider. // @@ -837,7 +837,7 @@ CredentialEnroll ( This function returns information about the form used when interacting with the user during user identification. The form is the first enabled form in the form-set - class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If + class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If the user credential provider does not require a form to identify the user, then this function should return EFI_NOT_FOUND. @@ -845,13 +845,13 @@ CredentialEnroll ( @param[out] Hii On return, holds the HII database handle. @param[out] FormSetId On return, holds the identifier of the form set which contains the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user + @param[out] FormId On return, holds the identifier of the form used during user identification. - + @retval EFI_SUCCESS Form returned successfully. @retval EFI_NOT_FOUND Form not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - + **/ EFI_STATUS EFIAPI @@ -862,7 +862,7 @@ CredentialForm ( OUT EFI_FORM_ID *FormId ) { - if ((This == NULL) || (Hii == NULL) || + if ((This == NULL) || (Hii == NULL) || (FormSetId == NULL) || (FormId == NULL)) { return EFI_INVALID_PARAMETER; } @@ -870,7 +870,7 @@ CredentialForm ( *Hii = mCallbackInfo->HiiHandle; *FormId = FORMID_GET_PASSWORD_FORM; CopyGuid (FormSetId, &gPwdCredentialProviderGuid); - + return EFI_SUCCESS; } @@ -880,22 +880,22 @@ CredentialForm ( This optional function returns a bitmap that is less than or equal to the number of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. + is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the + @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no + bitmap information will be returned. On exit, points to the width of the bitmap returned. @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the + bitmap information will be returned. On exit, points to the height of the bitmap returned - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - + @param[out] Hii On return, holds the HII database handle. + @param[out] Image On return, holds the HII image identifier. + @retval EFI_SUCCESS Image identifier returned successfully. @retval EFI_NOT_FOUND Image identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - + **/ EFI_STATUS EFIAPI @@ -906,7 +906,7 @@ CredentialTile ( OUT EFI_HII_HANDLE *Hii, OUT EFI_IMAGE_ID *Image ) -{ +{ if ((This == NULL) || (Hii == NULL) || (Image == NULL)) { return EFI_INVALID_PARAMETER; } @@ -918,16 +918,16 @@ CredentialTile ( Returns string used to describe the credential provider type. This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. + such string exists, then EFI_NOT_FOUND is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] Hii On return, holds the HII database handle. @param[out] String On return, holds the HII string identifier. - + @retval EFI_SUCCESS String identifier returned successfully. @retval EFI_NOT_FOUND String identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - + **/ EFI_STATUS EFIAPI @@ -940,7 +940,7 @@ CredentialTitle ( if ((This == NULL) || (Hii == NULL) || (String == NULL)) { return EFI_INVALID_PARAMETER; } - + // // Set Hii handle and String ID. // @@ -955,23 +955,23 @@ CredentialTitle ( Return the user identifier associated with the currently authenticated user. This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been + provider. This function is called after the credential-related information has been submitted on a form, OR after a call to Default() has returned that this credential is ready to log on. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being + @param[in] User The user profile handle of the user profile currently being considered by the user identity manager. If NULL, then no user profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - + @param[out] Identifier On return, points to the user identifier. + @retval EFI_SUCCESS User identifier returned successfully. @retval EFI_NOT_READY No user identifier can be returned. @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be found in user profile database - + **/ EFI_STATUS EFIAPI @@ -1000,19 +1000,19 @@ CredentialUser ( // return EFI_NOT_READY; } - + if (User == NULL) { // // Return the user ID whose password matches the input password. - // + // CopyMem ( - Identifier, - &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, + Identifier, + &mPwdTable->UserInfo[mPwdTable->ValidIndex - 1].UserId, sizeof (EFI_USER_INFO_IDENTIFIER) - ); + ); return EFI_SUCCESS; } - + // // Get the User's ID. // @@ -1024,7 +1024,7 @@ CredentialUser ( if (EFI_ERROR (Status)) { return EFI_NOT_FOUND; } - + // // Check whether the input password matches one in PwdTable. // @@ -1038,11 +1038,11 @@ CredentialUser ( CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); FreePool (UserInfo); return EFI_SUCCESS; - } + } } } - FreePool (UserInfo); + FreePool (UserInfo); return EFI_NOT_READY; } @@ -1050,17 +1050,17 @@ CredentialUser ( /** Indicate that user interface interaction has begun for the specified credential. - This function is called when a credential provider is selected by the user. If + This function is called when a credential provider is selected by the user. If AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. + Identity Manager. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - + @param[out] AutoLogon On return, points to the credential provider's capabilities + after the credential provider has been selected by the user. + @retval EFI_SUCCESS Credential provider successfully selected. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - + **/ EFI_STATUS EFIAPI @@ -1084,9 +1084,9 @@ CredentialSelect ( This function is called when a credential provider is deselected by the user. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - + @retval EFI_SUCCESS Credential provider successfully deselected. - + **/ EFI_STATUS EFIAPI @@ -1104,15 +1104,15 @@ CredentialDeselect ( /** Return the default logon behavior for this user credential. - This function reports the default login behavior regarding this credential provider. + This function reports the default login behavior regarding this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - + by default to automatically log on the user. + @retval EFI_SUCCESS Default information successfully returned. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - + **/ EFI_STATUS EFIAPI @@ -1125,7 +1125,7 @@ CredentialDefault ( return EFI_INVALID_PARAMETER; } *AutoLogon = 0; - + return EFI_SUCCESS; } @@ -1133,24 +1133,24 @@ CredentialDefault ( /** Return information attached to the credential provider. - This function returns user information. + This function returns user information. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. + @param[in] UserInfo Handle of the user information data record. @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user information. If the buffer is too small to hold the information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is updated to contain the number of bytes actually required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the + size of the user information. + @retval EFI_SUCCESS Information returned successfully. @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the user information. The size required is returned in *InfoSize. @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - + @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. + **/ EFI_STATUS EFIAPI @@ -1163,7 +1163,7 @@ CredentialGetInfo ( { EFI_USER_INFO *CredentialInfo; UINTN Index; - + if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1171,7 +1171,7 @@ CredentialGetInfo ( if ((UserInfo == NULL) || (mPwdInfoHandle == NULL)) { return EFI_NOT_FOUND; } - + // // Find information handle in credential info table. // @@ -1185,11 +1185,11 @@ CredentialGetInfo ( *InfoSize = CredentialInfo->InfoSize; return EFI_BUFFER_TOO_SMALL; } - CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); - return EFI_SUCCESS; + CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); + return EFI_SUCCESS; } } - + return EFI_NOT_FOUND; } @@ -1200,17 +1200,17 @@ CredentialGetInfo ( This function returns the next user information record. To retrieve the first user information record handle, point UserInfo at a NULL. Each subsequent call will retrieve another user information record handle until there are no more, at which point UserInfo - will point to NULL. + will point to NULL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in, out] UserInfo On entry, points to the previous user information handle or NULL to start enumeration. On exit, points to the next user information handle or NULL if there is no more user information. - + @retval EFI_SUCCESS User information returned. @retval EFI_NOT_FOUND No more user information found. @retval EFI_INVALID_PARAMETER UserInfo is NULL. - + **/ EFI_STATUS EFIAPI @@ -1224,7 +1224,7 @@ CredentialGetNextInfo ( UINTN InfoLen; UINTN Index; UINTN ProvStrLen; - + if ((This == NULL) || (UserInfo == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1246,13 +1246,13 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); CopyGuid ((EFI_GUID *)(Info + 1), &gPwdCredentialProviderGuid); - + mPwdInfoHandle->Info[0] = Info; mPwdInfoHandle->Count++; @@ -1264,7 +1264,7 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; @@ -1281,16 +1281,16 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassPasswordGuid); - + mPwdInfoHandle->Info[2] = Info; mPwdInfoHandle->Count++; - + // // The fourth information, Credential Provider type name info. // @@ -1299,18 +1299,18 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; CopyGuid (&Info->Credential, &gPwdCredentialProviderGuid); CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); FreePool (ProvNameStr); - + mPwdInfoHandle->Info[3] = Info; mPwdInfoHandle->Count++; } - + if (*UserInfo == NULL) { // // Return the first info handle. @@ -1318,7 +1318,7 @@ CredentialGetNextInfo ( *UserInfo = (EFI_USER_INFO_HANDLE) mPwdInfoHandle->Info[0]; return EFI_SUCCESS; } - + // // Find information handle in credential info table. // @@ -1335,10 +1335,10 @@ CredentialGetNextInfo ( *UserInfo = NULL; return EFI_NOT_FOUND; } - + Index++; *UserInfo = (EFI_USER_INFO_HANDLE)mPwdInfoHandle->Info[Index]; - return EFI_SUCCESS; + return EFI_SUCCESS; } } @@ -1349,15 +1349,15 @@ CredentialGetNextInfo ( /** Delete a user on this credential provider. - This function deletes a user on this credential provider. + This function deletes a user on this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile handle to delete. @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. + @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. + Either the user profile cannot delete on any user profile or cannot delete + on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. @@ -1374,7 +1374,7 @@ CredentialDelete ( UINT8 *UserId; UINT8 *NewUserId; UINTN Index; - + if ((This == NULL) || (User == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1394,7 +1394,7 @@ CredentialDelete ( // // Find the user by user identifier in mPwdTable. - // + // for (Index = 0; Index < mPwdTable->Count; Index++) { UserId = (UINT8 *) &mPwdTable->UserInfo[Index].UserId; NewUserId = (UINT8 *) (UserInfo + 1); @@ -1442,7 +1442,7 @@ PasswordProviderInit ( if (EFI_ERROR (Status)) { return Status; } - + // // Init Form Browser. // @@ -1450,7 +1450,7 @@ PasswordProviderInit ( if (EFI_ERROR (Status)) { return Status; } - + // // Install protocol interfaces for the password credential provider. // diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h index 7a51e7d078..fd782549fd 100644 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProvider.h @@ -1,13 +1,13 @@ /** @file Password Credential Provider driver header file. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -92,24 +92,24 @@ typedef struct { /** Enroll a user on a credential provider. - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; + This function enrolls a user on this credential provider. If the user exists on + this credential provider, update the user information on this credential provider; otherwise delete the user information on credential provider. - + @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile to enroll. - + @retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile + on any user profile or cannot enroll on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support enrollment in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be created because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - + **/ EFI_STATUS EFIAPI @@ -123,7 +123,7 @@ CredentialEnroll ( This function returns information about the form used when interacting with the user during user identification. The form is the first enabled form in the form-set - class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If + class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If the user credential provider does not require a form to identify the user, then this function should return EFI_NOT_FOUND. @@ -131,13 +131,13 @@ CredentialEnroll ( @param[out] Hii On return, holds the HII database handle. @param[out] FormSetId On return, holds the identifier of the form set which contains the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user + @param[out] FormId On return, holds the identifier of the form used during user identification. - + @retval EFI_SUCCESS Form returned successfully. @retval EFI_NOT_FOUND Form not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - + **/ EFI_STATUS EFIAPI @@ -153,22 +153,22 @@ CredentialForm ( This optional function returns a bitmap which is less than or equal to the number of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. + is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the + @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no + bitmap information will be returned. On exit, points to the width of the bitmap returned. @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the + bitmap information will be returned. On exit, points to the height of the bitmap returned - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - + @param[out] Hii On return, holds the HII database handle. + @param[out] Image On return, holds the HII image identifier. + @retval EFI_SUCCESS Image identifier returned successfully. @retval EFI_NOT_FOUND Image identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - + **/ EFI_STATUS EFIAPI @@ -184,16 +184,16 @@ CredentialTile ( Returns string used to describe the credential provider type. This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. + such string exists, then EFI_NOT_FOUND is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] Hii On return, holds the HII database handle. @param[out] String On return, holds the HII string identifier. - + @retval EFI_SUCCESS String identifier returned successfully. @retval EFI_NOT_FOUND String identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - + **/ EFI_STATUS EFIAPI @@ -207,23 +207,23 @@ CredentialTitle ( Return the user identifier associated with the currently authenticated user. This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been + provider. This function is called after the credential-related information has been submitted on a form OR after a call to Default() has returned that this credential is ready to log on. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being + @param[in] User The user profile handle of the user profile currently being considered by the user identity manager. If NULL, then no user profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - + @param[out] Identifier On return, points to the user identifier. + @retval EFI_SUCCESS User identifier returned successfully. @retval EFI_NOT_READY No user identifier can be returned. @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be found in user profile database - + **/ EFI_STATUS EFIAPI @@ -236,17 +236,17 @@ CredentialUser ( /** Indicate that user interface interaction has begun for the specified credential. - This function is called when a credential provider is selected by the user. If + This function is called when a credential provider is selected by the user. If AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. + Identity Manager. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - + @param[out] AutoLogon On return, points to the credential provider's capabilities + after the credential provider has been selected by the user. + @retval EFI_SUCCESS Credential provider successfully selected. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - + **/ EFI_STATUS EFIAPI @@ -261,9 +261,9 @@ CredentialSelect ( This function is called when a credential provider is deselected by the user. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - + @retval EFI_SUCCESS Credential provider successfully deselected. - + **/ EFI_STATUS EFIAPI @@ -274,12 +274,12 @@ CredentialDeselect ( /** Return the default logon behavior for this user credential. - This function reports the default login behavior regarding this credential provider. + This function reports the default login behavior regarding this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - + by default to automatically log on the user. + @retval EFI_SUCCESS Default information successfully returned. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. @@ -294,24 +294,24 @@ CredentialDefault ( /** Return information attached to the credential provider. - This function returns user information. + This function returns user information. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. + @param[in] UserInfo Handle of the user information data record. @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user information. If the buffer is too small to hold the information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is updated to contain the number of bytes actually required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the + size of the user information. + @retval EFI_SUCCESS Information returned successfully. @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the user information. The size required is returned in *InfoSize. @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - + @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. + **/ EFI_STATUS EFIAPI @@ -329,17 +329,17 @@ CredentialGetInfo ( This function returns the next user information record. To retrieve the first user information record handle, point UserInfo at a NULL. Each subsequent call will retrieve another user information record handle until there are no more, at which point UserInfo - will point to NULL. + will point to NULL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in, out] UserInfo On entry, points to the previous user information handle or NULL to start enumeration. On exit, points to the next user information handle or NULL if there is no more user information. - + @retval EFI_SUCCESS User information returned. @retval EFI_NOT_FOUND No more user information found. @retval EFI_INVALID_PARAMETER UserInfo is NULL. - + **/ EFI_STATUS EFIAPI @@ -351,15 +351,15 @@ CredentialGetNextInfo ( /** Delete a user on this credential provider. - This function deletes a user on this credential provider. + This function deletes a user on this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile handle to delete. @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. + @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. + Either the user profile cannot delete on any user profile or cannot delete + on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h index feeffcc6df..31bdfe4c50 100644 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderData.h @@ -1,13 +1,13 @@ /** @file Data structure used by the Password Credential Provider driver. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -24,7 +24,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // // Key defination -// +// #define KEY_GET_PASSWORD 0x1000 #endif diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf index 07e6163e8b..ab7ba2c913 100644 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf @@ -2,7 +2,7 @@ # Provides a password credential provider implementation # This module provides a password credential provider implementation. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -44,22 +44,22 @@ HiiLib UefiLib BaseCryptLib - + [Guids] gEfiUserCredentialClassPasswordGuid ## SOMETIMES_CONSUMES ## GUID - + ## PRODUCES ## Variable:L"PwdCredential" ## CONSUMES ## Variable:L"PwdCredential" ## CONSUMES ## HII ## SOMETIMES_CONSUMES ## GUID # The credential provider identifier gPwdCredentialProviderGuid - + [Protocols] gEfiDevicePathProtocolGuid ## PRODUCES gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiUserCredential2ProtocolGuid ## PRODUCES gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES - + [UserExtensions.TianoCore."ExtraFiles"] PwdCredentialProviderExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni index be332aa681..bcc220a51d 100644 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderExtra.uni @@ -1,7 +1,7 @@ // /** @file // PwdCredentialProvider Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "Password Credential Provider" diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni index ca0e5669c0..e7b3126f83 100644 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderStrings.uni @@ -1,7 +1,7 @@ /** @file String definitions for the Password Credential Provider. -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -15,20 +15,20 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #langdef en-US "English" #langdef fr-FR "Francais" -#string STR_CREDENTIAL_TITLE #language en-US "Password Credential Provider" +#string STR_CREDENTIAL_TITLE #language en-US "Password Credential Provider" #language fr-FR "Password Credential Provider (French)" -#string STR_FORM_TITLE #language en-US "Get Password" - #language fr-FR "Get Password(French)" +#string STR_FORM_TITLE #language en-US "Get Password" + #language fr-FR "Get Password(French)" #string STR_NULL_STRING #language en-US "" #language fr-FR "" -#string STR_INPUT_PASSWORD #language en-US "Please Input Password" - #language fr-FR "Please Input Password(French)" -#string STR_PROVIDER_NAME #language en-US "INTEL Password Credential Provider" +#string STR_INPUT_PASSWORD #language en-US "Please Input Password" + #language fr-FR "Please Input Password(French)" +#string STR_PROVIDER_NAME #language en-US "INTEL Password Credential Provider" #language fr-FR "INTEL Password Credential Provider(French)" #string STR_PROVIDER_TYPE_NAME #language en-US "Password Credential Provider" - #language fr-FR "Password Credential Provider(French)" + #language fr-FR "Password Credential Provider(French)" #string STR_INPUT_PASSWORD_AGAIN #language en-US "Input Password Again" - #language fr-FR "Input Password Again (French)" + #language fr-FR "Input Password Again (French)" #string STR_DRAW_A_LINE #language en-US "-----------------------------" #language fr-FR "------------------------------------" #string STR_PASSWORD_INCORRECT #language en-US " Incorrect Password! " diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c index f623f48304..841e975103 100644 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c +++ b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.c @@ -1,13 +1,13 @@ /** @file Usb Credential Provider driver implemenetation. - -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -78,7 +78,7 @@ ExpandTableSize ( sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + Count * sizeof (USB_INFO) ); - ASSERT (NewTable != NULL); + ASSERT (NewTable != NULL); NewTable->MaxCount = Count; NewTable->Count = mUsbTable->Count; @@ -87,8 +87,8 @@ ExpandTableSize ( // Copy old entries. // CopyMem ( - &NewTable->UserInfo, - &mUsbTable->UserInfo, + &NewTable->UserInfo, + &mUsbTable->UserInfo, mUsbTable->Count * sizeof (USB_INFO) ); FreePool (mUsbTable); @@ -100,8 +100,8 @@ ExpandTableSize ( Add, update or delete info in table, and sync with NV variable. @param[in] Index The index of the password in table. If index is found in - table, update the info, else add the into to table. - @param[in] Info The new credential info to add into table. If Info is NULL, + table, update the info, else add the into to table. + @param[in] Info The new credential info to add into table. If Info is NULL, delete the info by Index. @retval EFI_INVALID_PARAMETER Info is NULL when save the info. @@ -117,7 +117,7 @@ ModifyTable ( { EFI_STATUS Status; USB_INFO *NewUsbInfo; - + NewUsbInfo = NULL; if (Index < mUsbTable->Count) { if (Info == NULL) { @@ -127,7 +127,7 @@ ModifyTable ( mUsbTable->Count--; if (Index != mUsbTable->Count) { NewUsbInfo = &mUsbTable->UserInfo[mUsbTable->Count]; - } + } } else { // // Update the specified entry. @@ -190,9 +190,9 @@ InitCredentialTable ( VarSize = 0; Var = NULL; Status = gRT->GetVariable ( - L"UsbCredential", - &gUsbCredentialProviderGuid, - NULL, + L"UsbCredential", + &gUsbCredentialProviderGuid, + NULL, &VarSize, Var ); @@ -202,9 +202,9 @@ InitCredentialTable ( return EFI_OUT_OF_RESOURCES; } Status = gRT->GetVariable ( - L"UsbCredential", - &gUsbCredentialProviderGuid, - NULL, + L"UsbCredential", + &gUsbCredentialProviderGuid, + NULL, &VarSize, Var ); @@ -212,13 +212,13 @@ InitCredentialTable ( if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { return Status; } - + // // Init Usb credential table. // mUsbTable = AllocateZeroPool ( sizeof (CREDENTIAL_TABLE) - sizeof (USB_INFO) + - USB_TABLE_INC * sizeof (USB_INFO) + + USB_TABLE_INC * sizeof (USB_INFO) + VarSize ); if (mUsbTable == NULL) { @@ -306,7 +306,7 @@ GetFileData ( if (EFI_ERROR (Status)) { continue; } - + Status = SimpleFileSystem->OpenVolume ( SimpleFileSystem, &RootFs @@ -314,7 +314,7 @@ GetFileData ( if (EFI_ERROR (Status)) { continue; } - + Status = RootFs->Open ( RootFs, &FileHandle, @@ -324,7 +324,7 @@ GetFileData ( ); if (!EFI_ERROR (Status)) { break; - } + } } } @@ -335,7 +335,7 @@ GetFileData ( Status = EFI_NOT_FOUND; goto Done; } - + // // Figure out how big the file is. // @@ -352,7 +352,7 @@ GetFileData ( goto Done; } - FileInfo = AllocateZeroPool (ScratchBufferSize); + FileInfo = AllocateZeroPool (ScratchBufferSize); if (FileInfo == NULL) { DEBUG ((DEBUG_ERROR, "Can not allocate enough memory for the token file!\n")); Status = EFI_OUT_OF_RESOURCES; @@ -370,18 +370,18 @@ GetFileData ( Status = EFI_DEVICE_ERROR; goto Done; } - + // // Allocate a buffer for the file. // *BufferSize = (UINT32) FileInfo->FileSize; - *Buffer = AllocateZeroPool (*BufferSize); + *Buffer = AllocateZeroPool (*BufferSize); if (*Buffer == NULL) { DEBUG ((DEBUG_ERROR, "Can not allocate a buffer for the file!\n")); Status = EFI_OUT_OF_RESOURCES; goto Done; } - + // // Load file into the allocated memory. // @@ -392,7 +392,7 @@ GetFileData ( Status = EFI_DEVICE_ERROR; goto Done; } - + // // Close file. // @@ -416,13 +416,13 @@ Done: /** Hash the data to get credential. - @param[in] Buffer Points to the data buffer + @param[in] Buffer Points to the data buffer @param[in] BufferSize The size of data in buffer, in bytes. @param[out] Credential Points to the hashed result @retval TRUE Hash the data successfully. @retval FALSE Failed to hash the data. - + **/ BOOLEAN GenerateCredential ( @@ -434,23 +434,23 @@ GenerateCredential ( BOOLEAN Status; UINTN HashSize; VOID *Hash; - + HashSize = Sha1GetContextSize (); Hash = AllocatePool (HashSize); ASSERT (Hash != NULL); - + Status = Sha1Init (Hash); if (!Status) { goto Done; } - + Status = Sha1Update (Hash, Buffer, BufferSize); if (!Status) { goto Done; } - + Status = Sha1Final (Hash, Credential); - + Done: FreePool (Hash); return Status; @@ -464,7 +464,7 @@ Done: @retval EFI_SUCCESS Read a Token successfully. @retval Others Fails to read a Token. - + **/ EFI_STATUS GetToken ( @@ -484,14 +484,14 @@ GetToken ( DEBUG ((DEBUG_ERROR, "Read file %s from USB error! Status=(%r)\n", TokenFile, Status)); return Status; } - + if (!GenerateCredential (Buffer, BufSize, Token)) { DEBUG ((DEBUG_ERROR, "Generate credential from read data failed!\n")); FreePool (Buffer); return EFI_SECURITY_VIOLATION; } - - FreePool (Buffer); + + FreePool (Buffer); return EFI_SUCCESS; } @@ -499,16 +499,16 @@ GetToken ( /** Find a user infomation record by the information record type. - This function searches all user information records of User from beginning + This function searches all user information records of User from beginning until either the information is found or there are no more user infomation record. A match occurs when a Info.InfoType field matches the user information record type. - @param[in] User Points to the user profile record to search. + @param[in] User Points to the user profile record to search. @param[in] InfoType The infomation type to be searched. @param[out] Info Points to the user info found, the caller is responsible to free. - + @retval EFI_SUCCESS Find the user information successfully. @retval Others Fail to find the user information. @@ -525,7 +525,7 @@ FindUserInfoByType ( UINTN UserInfoSize; EFI_USER_INFO_HANDLE UserInfoHandle; EFI_USER_MANAGER_PROTOCOL *UserManager; - + // // Find user information by information type. // @@ -588,7 +588,7 @@ FindUserInfoByType ( if (UserInfo->InfoType == InfoType) { *Info = UserInfo; return EFI_SUCCESS; - } + } } if (UserInfo != NULL) { @@ -611,7 +611,7 @@ InitFormBrowser ( ) { USB_PROVIDER_CALLBACK_INFO *CallbackInfo; - + // // Initialize driver private data. // @@ -619,7 +619,7 @@ InitFormBrowser ( if (CallbackInfo == NULL) { return EFI_OUT_OF_RESOURCES; } - + CallbackInfo->DriverHandle = NULL; // @@ -643,24 +643,24 @@ InitFormBrowser ( /** Enroll a user on a credential provider. - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; + This function enrolls a user on this credential provider. If the user exists on + this credential provider, update the user information on this credential provider; otherwise add the user information on credential provider. - + @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile to enroll. - + @retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile + on any user profile or cannot enroll on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support enrollment in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be created because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - + **/ EFI_STATUS EFIAPI @@ -681,7 +681,7 @@ CredentialEnroll ( if ((This == NULL) || (User == NULL)) { return EFI_INVALID_PARAMETER; } - + // // Get User Identifier // @@ -695,16 +695,16 @@ CredentialEnroll ( return EFI_INVALID_PARAMETER; } - CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER)); + CopyMem (UsbInfo.UserId, (UINT8 *) (UserInfo + 1), sizeof (EFI_USER_INFO_IDENTIFIER)); FreePool (UserInfo); - + // // Get Token and User ID to UsbInfo. // Status = GetToken (UsbInfo.Token); if (EFI_ERROR (Status)) { QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR)); - PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); + PromptStr = GetStringById (STRING_TOKEN (STR_INSERT_USB_TOKEN)); CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, @@ -716,21 +716,21 @@ CredentialEnroll ( FreePool (QuestionStr); FreePool (PromptStr); return Status; - } + } // // Check whether User is ever enrolled in the provider. - // + // for (Index = 0; Index < mUsbTable->Count; Index++) { UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; if (CompareMem (UserId, (UINT8 *) &UsbInfo.UserId, sizeof (EFI_USER_INFO_IDENTIFIER)) == 0) { // // User already exists, update the password. - // + // break; } } - + // // Enroll the User to the provider. // @@ -748,7 +748,7 @@ CredentialEnroll ( This function returns information about the form used when interacting with the user during user identification. The form is the first enabled form in the form-set - class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If + class EFI_HII_USER_CREDENTIAL_FORMSET_GUID installed on the HII handle HiiHandle. If the user credential provider does not require a form to identify the user, then this function should return EFI_NOT_FOUND. @@ -756,13 +756,13 @@ CredentialEnroll ( @param[out] Hii On return, holds the HII database handle. @param[out] FormSetId On return, holds the identifier of the form set which contains the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user + @param[out] FormId On return, holds the identifier of the form used during user identification. - + @retval EFI_SUCCESS Form returned successfully. @retval EFI_NOT_FOUND Form not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - + **/ EFI_STATUS EFIAPI @@ -773,7 +773,7 @@ CredentialForm ( OUT EFI_FORM_ID *FormId ) { - if ((This == NULL) || (Hii == NULL) || + if ((This == NULL) || (Hii == NULL) || (FormSetId == NULL) || (FormId == NULL)) { return EFI_INVALID_PARAMETER; } @@ -786,22 +786,22 @@ CredentialForm ( This optional function returns a bitmap which is less than or equal to the number of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. + is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the + @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no + bitmap information will be returned. On exit, points to the width of the bitmap returned. @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the + bitmap information will be returned. On exit, points to the height of the bitmap returned. - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - + @param[out] Hii On return, holds the HII database handle. + @param[out] Image On return, holds the HII image identifier. + @retval EFI_SUCCESS Image identifier returned successfully. @retval EFI_NOT_FOUND Image identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - + **/ EFI_STATUS EFIAPI @@ -824,16 +824,16 @@ CredentialTile ( Returns string used to describe the credential provider type. This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. + such string exists, then EFI_NOT_FOUND is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] Hii On return, holds the HII database handle. @param[out] String On return, holds the HII string identifier. - + @retval EFI_SUCCESS String identifier returned successfully. @retval EFI_NOT_FOUND String identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - + **/ EFI_STATUS EFIAPI @@ -860,23 +860,23 @@ CredentialTitle ( Return the user identifier associated with the currently authenticated user. This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been + provider. This function is called after the credential-related information has been submitted on a form OR after a call to Default() has returned that this credential is ready to log on. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being + @param[in] User The user profile handle of the user profile currently being considered by the user identity manager. If NULL, then no user profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - + @param[out] Identifier On return, points to the user identifier. + @retval EFI_SUCCESS User identifier returned successfully. @retval EFI_NOT_READY No user identifier can be returned. @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be found in user profile database. - + **/ EFI_STATUS EFIAPI @@ -891,16 +891,16 @@ CredentialUser ( EFI_USER_INFO *UserInfo; UINT8 *UserId; UINT8 *NewUserId; - UINT8 *UserToken; + UINT8 *UserToken; UINT8 ReadToken[HASHED_CREDENTIAL_LEN]; EFI_INPUT_KEY Key; CHAR16 *QuestionStr; CHAR16 *PromptStr; - + if ((This == NULL) || (Identifier == NULL)) { return EFI_INVALID_PARAMETER; } - + if (User == NULL) { // // Verify the auto logon user, get user id by matched token. @@ -908,7 +908,7 @@ CredentialUser ( if (mUsbTable->Count == 0) { return EFI_NOT_READY; } - + // // No user selected, get token first and verify the user existed in user database. // @@ -916,7 +916,7 @@ CredentialUser ( if (EFI_ERROR (Status)) { return EFI_NOT_READY; } - + for (Index = 0; Index < mUsbTable->Count; Index++) { // // find the specified credential in the Usb credential database. @@ -929,15 +929,15 @@ CredentialUser ( } } - return EFI_NOT_READY; + return EFI_NOT_READY; } - - // - // User is not NULL here. Read a token, and check whether the token matches with - // the selected user's Token. If not, try to find a token in token DB to matches + + // + // User is not NULL here. Read a token, and check whether the token matches with + // the selected user's Token. If not, try to find a token in token DB to matches // with read token. - // - + // + Status = GetToken (ReadToken); if (EFI_ERROR (Status)) { QuestionStr = GetStringById (STRING_TOKEN (STR_READ_USB_TOKEN_ERROR)); @@ -961,8 +961,8 @@ CredentialUser ( Status = FindUserInfoByType (User, EFI_USER_INFO_IDENTIFIER_RECORD, &UserInfo); if (EFI_ERROR (Status)) { return EFI_NOT_FOUND; - } - + } + // // Check the selected user's Token with the read token. // @@ -981,12 +981,12 @@ CredentialUser ( CopyMem (Identifier, UserId, sizeof (EFI_USER_INFO_IDENTIFIER)); FreePool (UserInfo); return EFI_SUCCESS; - } + } } } - FreePool (UserInfo); - + FreePool (UserInfo); + return EFI_NOT_READY; } @@ -994,17 +994,17 @@ CredentialUser ( /** Indicate that user interface interaction has begun for the specified credential. - This function is called when a credential provider is selected by the user. If + This function is called when a credential provider is selected by the user. If AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. + Identity Manager. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - + @param[out] AutoLogon On return, points to the credential provider's capabilities + after the credential provider has been selected by the user. + @retval EFI_SUCCESS Credential provider successfully selected. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - + **/ EFI_STATUS EFIAPI @@ -1029,9 +1029,9 @@ CredentialSelect ( This function is called when a credential provider is deselected by the user. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - + @retval EFI_SUCCESS Credential provider successfully deselected. - + **/ EFI_STATUS EFIAPI @@ -1049,15 +1049,15 @@ CredentialDeselect ( /** Return the default logon behavior for this user credential. - This function reports the default login behavior regarding this credential provider. + This function reports the default login behavior regarding this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - + by default to automatically log on the user. + @retval EFI_SUCCESS Default information successfully returned. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - + **/ EFI_STATUS EFIAPI @@ -1078,24 +1078,24 @@ CredentialDefault ( /** Return information attached to the credential provider. - This function returns user information. + This function returns user information. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. + @param[in] UserInfo Handle of the user information data record. @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user information. If the buffer is too small to hold the information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is updated to contain the number of bytes actually required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the + size of the user information. + @retval EFI_SUCCESS Information returned successfully. @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the user information. The size required is returned in *InfoSize. @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - + @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. + **/ EFI_STATUS EFIAPI @@ -1108,7 +1108,7 @@ CredentialGetInfo ( { EFI_USER_INFO *CredentialInfo; UINTN Index; - + if ((This == NULL) || (InfoSize == NULL) || (Info == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1116,7 +1116,7 @@ CredentialGetInfo ( if ((UserInfo == NULL) || (mUsbInfoHandle == NULL)) { return EFI_NOT_FOUND; } - + // // Find information handle in credential info table. // @@ -1130,12 +1130,12 @@ CredentialGetInfo ( *InfoSize = CredentialInfo->InfoSize; return EFI_BUFFER_TOO_SMALL; } - - CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); - return EFI_SUCCESS; + + CopyMem (Info, CredentialInfo, CredentialInfo->InfoSize); + return EFI_SUCCESS; } } - + return EFI_NOT_FOUND; } @@ -1146,17 +1146,17 @@ CredentialGetInfo ( This function returns the next user information record. To retrieve the first user information record handle, point UserInfo at a NULL. Each subsequent call will retrieve another user information record handle until there are no more, at which point UserInfo - will point to NULL. + will point to NULL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in, out] UserInfo On entry, points to the previous user information handle or NULL to start enumeration. On exit, points to the next user information handle or NULL if there is no more user information. - + @retval EFI_SUCCESS User information returned. @retval EFI_NOT_FOUND No more user information found. @retval EFI_INVALID_PARAMETER UserInfo is NULL. - + **/ EFI_STATUS EFIAPI @@ -1170,7 +1170,7 @@ CredentialGetNextInfo ( UINTN InfoLen; UINTN Index; UINTN ProvStrLen; - + if ((This == NULL) || (UserInfo == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1192,13 +1192,13 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); CopyGuid ((EFI_GUID *)(Info + 1), &gUsbCredentialProviderGuid); - + mUsbInfoHandle->Info[0] = Info; mUsbInfoHandle->Count++; @@ -1210,14 +1210,14 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); FreePool (ProvNameStr); - + mUsbInfoHandle->Info[1] = Info; mUsbInfoHandle->Count++; @@ -1227,16 +1227,16 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + sizeof (EFI_GUID); Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_TYPE_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); CopyGuid ((EFI_GUID *)(Info + 1), &gEfiUserCredentialClassSecureCardGuid); - + mUsbInfoHandle->Info[2] = Info; mUsbInfoHandle->Count++; - + // // The fourth information, Credential Provider type name info. // @@ -1245,18 +1245,18 @@ CredentialGetNextInfo ( InfoLen = sizeof (EFI_USER_INFO) + ProvStrLen; Info = AllocateZeroPool (InfoLen); ASSERT (Info != NULL); - + Info->InfoType = EFI_USER_INFO_CREDENTIAL_PROVIDER_NAME_RECORD; Info->InfoSize = (UINT32) InfoLen; Info->InfoAttribs = EFI_USER_INFO_PROTECTED; CopyGuid (&Info->Credential, &gUsbCredentialProviderGuid); CopyMem ((UINT8*)(Info + 1), ProvNameStr, ProvStrLen); FreePool (ProvNameStr); - + mUsbInfoHandle->Info[3] = Info; mUsbInfoHandle->Count++; } - + if (*UserInfo == NULL) { // // Return the first info handle. @@ -1264,7 +1264,7 @@ CredentialGetNextInfo ( *UserInfo = (EFI_USER_INFO_HANDLE) mUsbInfoHandle->Info[0]; return EFI_SUCCESS; } - + // // Find information handle in credential info table. // @@ -1283,7 +1283,7 @@ CredentialGetNextInfo ( } Index++; *UserInfo = (EFI_USER_INFO_HANDLE)mUsbInfoHandle->Info[Index]; - return EFI_SUCCESS; + return EFI_SUCCESS; } } @@ -1295,15 +1295,15 @@ CredentialGetNextInfo ( /** Delete a user on this credential provider. - This function deletes a user on this credential provider. + This function deletes a user on this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile handle to delete. @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. + @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. + Either the user profile cannot delete on any user profile or cannot delete + on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. @@ -1320,7 +1320,7 @@ CredentialDelete ( UINT8 *UserId; UINT8 *NewUserId; UINTN Index; - + if ((This == NULL) || (User == NULL)) { return EFI_INVALID_PARAMETER; } @@ -1340,7 +1340,7 @@ CredentialDelete ( // // Find the user by user identifier in mPwdTable. - // + // for (Index = 0; Index < mUsbTable->Count; Index++) { UserId = (UINT8 *) &mUsbTable->UserInfo[Index].UserId; NewUserId = (UINT8 *) (UserInfo + 1); @@ -1388,7 +1388,7 @@ UsbProviderInit ( if (EFI_ERROR (Status)) { return Status; } - + // // Init Form Browser // @@ -1396,7 +1396,7 @@ UsbProviderInit ( if (EFI_ERROR (Status)) { return Status; } - + // // Install protocol interfaces for the Usb Credential Provider. // diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h index 83f7f9e2ca..63f6576045 100644 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h +++ b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProvider.h @@ -1,13 +1,13 @@ /** @file Usb Credential Provider driver header file. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -80,26 +80,26 @@ typedef struct { /** Enroll a user on a credential provider. - This function enrolls and deletes a user profile using this credential provider. - If a user profile is successfully enrolled, it calls the User Manager Protocol - function Notify() to notify the user manager driver that credential information - has changed. If an enrolled user does exist, delete the user on the credential + This function enrolls and deletes a user profile using this credential provider. + If a user profile is successfully enrolled, it calls the User Manager Protocol + function Notify() to notify the user manager driver that credential information + has changed. If an enrolled user does exist, delete the user on the credential provider. @param[in] This Points to this instance of EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile to enroll. - + @retval EFI_SUCCESS User profile was successfully enrolled. @retval EFI_ACCESS_DENIED Current user profile does not permit enrollment on the user profile handle. Either the user profile cannot enroll - on any user profile or cannot enroll on a user profile + on any user profile or cannot enroll on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support enrollment in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be created because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. - + **/ EFI_STATUS EFIAPI @@ -111,21 +111,21 @@ CredentialEnroll ( /** Returns the user interface information used during user identification. - This function enrolls a user on this credential provider. If the user exists on - this credential provider, update the user information on this credential provider; + This function enrolls a user on this credential provider. If the user exists on + this credential provider, update the user information on this credential provider; otherwise delete the user information on credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] Hii On return, holds the HII database handle. @param[out] FormSetId On return, holds the identifier of the form set which contains the form used during user identification. - @param[out] FormId On return, holds the identifier of the form used during user + @param[out] FormId On return, holds the identifier of the form used during user identification. - + @retval EFI_SUCCESS Form returned successfully. @retval EFI_NOT_FOUND Form not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or FormSetId is NULL or FormId is NULL. - + **/ EFI_STATUS EFIAPI @@ -141,22 +141,22 @@ CredentialForm ( This optional function returns a bitmap which is less than or equal to the number of pixels specified by Width and Height. If no such bitmap exists, then EFI_NOT_FOUND - is returned. + is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no - bitmap information will be returned. On exit, points to the + @param[in, out] Width On entry, points to the desired bitmap width. If NULL then no + bitmap information will be returned. On exit, points to the width of the bitmap returned. @param[in, out] Height On entry, points to the desired bitmap height. If NULL then no - bitmap information will be returned. On exit, points to the + bitmap information will be returned. On exit, points to the height of the bitmap returned. - @param[out] Hii On return, holds the HII database handle. - @param[out] Image On return, holds the HII image identifier. - + @param[out] Hii On return, holds the HII database handle. + @param[out] Image On return, holds the HII image identifier. + @retval EFI_SUCCESS Image identifier returned successfully. @retval EFI_NOT_FOUND Image identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or Image is NULL. - + **/ EFI_STATUS EFIAPI @@ -172,16 +172,16 @@ CredentialTile ( Returns string used to describe the credential provider type. This function returns a string which describes the credential provider. If no - such string exists, then EFI_NOT_FOUND is returned. + such string exists, then EFI_NOT_FOUND is returned. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] Hii On return, holds the HII database handle. @param[out] String On return, holds the HII string identifier. - + @retval EFI_SUCCESS String identifier returned successfully. @retval EFI_NOT_FOUND String identifier not returned. @retval EFI_INVALID_PARAMETER Hii is NULL or String is NULL. - + **/ EFI_STATUS EFIAPI @@ -195,23 +195,23 @@ CredentialTitle ( Return the user identifier associated with the currently authenticated user. This function returns the user identifier of the user authenticated by this credential - provider. This function is called after the credential-related information has been + provider. This function is called after the credential-related information has been submitted on a form OR after a call to Default() has returned that this credential is ready to log on. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] User The user profile handle of the user profile currently being + @param[in] User The user profile handle of the user profile currently being considered by the user identity manager. If NULL, then no user profile is currently under consideration. - @param[out] Identifier On return, points to the user identifier. - + @param[out] Identifier On return, points to the user identifier. + @retval EFI_SUCCESS User identifier returned successfully. @retval EFI_NOT_READY No user identifier can be returned. @retval EFI_ACCESS_DENIED The user has been locked out of this user credential. @retval EFI_INVALID_PARAMETER This is NULL, or Identifier is NULL. @retval EFI_NOT_FOUND User is not NULL, and the specified user handle can't be found in user profile database. - + **/ EFI_STATUS EFIAPI @@ -224,17 +224,17 @@ CredentialUser ( /** Indicate that user interface interaction has begun for the specified credential. - This function is called when a credential provider is selected by the user. If + This function is called when a credential provider is selected by the user. If AutoLogon returns FALSE, then the user interface will be constructed by the User - Identity Manager. + Identity Manager. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[out] AutoLogon On return, points to the credential provider's capabilities - after the credential provider has been selected by the user. - + @param[out] AutoLogon On return, points to the credential provider's capabilities + after the credential provider has been selected by the user. + @retval EFI_SUCCESS Credential provider successfully selected. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. - + **/ EFI_STATUS EFIAPI @@ -249,9 +249,9 @@ CredentialSelect ( This function is called when a credential provider is deselected by the user. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - + @retval EFI_SUCCESS Credential provider successfully deselected. - + **/ EFI_STATUS EFIAPI @@ -262,12 +262,12 @@ CredentialDeselect ( /** Return the default logon behavior for this user credential. - This function reports the default login behavior regarding this credential provider. + This function reports the default login behavior regarding this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[out] AutoLogon On return, holds whether the credential provider should be used - by default to automatically log on the user. - + by default to automatically log on the user. + @retval EFI_SUCCESS Default information successfully returned. @retval EFI_INVALID_PARAMETER AutoLogon is NULL. @@ -282,24 +282,24 @@ CredentialDefault ( /** Return information attached to the credential provider. - This function returns user information. + This function returns user information. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. - @param[in] UserInfo Handle of the user information data record. + @param[in] UserInfo Handle of the user information data record. @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user information. If the buffer is too small to hold the information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is updated to contain the number of bytes actually required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the - size of the user information. - + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the + size of the user information. + @retval EFI_SUCCESS Information returned successfully. @retval EFI_BUFFER_TOO_SMALL The size specified by InfoSize is too small to hold all of the user information. The size required is returned in *InfoSize. @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. - + @retval EFI_NOT_FOUND The specified UserInfo does not refer to a valid user info handle. + **/ EFI_STATUS EFIAPI @@ -316,17 +316,17 @@ CredentialGetInfo ( This function returns the next user information record. To retrieve the first user information record handle, point UserInfo at a NULL. Each subsequent call will retrieve another user information record handle until there are no more, at which point UserInfo - will point to NULL. + will point to NULL. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in, out] UserInfo On entry, points to the previous user information handle or NULL to start enumeration. On exit, points to the next user information handle or NULL if there is no more user information. - + @retval EFI_SUCCESS User information returned. @retval EFI_NOT_FOUND No more user information found. @retval EFI_INVALID_PARAMETER UserInfo is NULL. - + **/ EFI_STATUS EFIAPI @@ -338,15 +338,15 @@ CredentialGetNextInfo ( /** Delete a user on this credential provider. - This function deletes a user on this credential provider. + This function deletes a user on this credential provider. @param[in] This Points to this instance of the EFI_USER_CREDENTIAL2_PROTOCOL. @param[in] User The user profile handle to delete. @retval EFI_SUCCESS User profile was successfully deleted. - @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. - Either the user profile cannot delete on any user profile or cannot delete - on a user profile other than the current user profile. + @retval EFI_ACCESS_DENIED Current user profile does not permit deletion on the user profile handle. + Either the user profile cannot delete on any user profile or cannot delete + on a user profile other than the current user profile. @retval EFI_UNSUPPORTED This credential provider does not support deletion in the pre-OS. @retval EFI_DEVICE_ERROR The new credential could not be deleted because of a device error. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile handle. diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf index 87a66fbea0..1e8e42332f 100644 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf +++ b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf @@ -1,11 +1,11 @@ ## @file # Provides a USB credential provider implementation # -# This module reads a token from a token file that is saved in the root +# This module reads a token from a token file that is saved in the root # folder of a USB stick. The token file name can be specified by the PCD # PcdFixedUsbCredentialProviderTokenFileName. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -45,26 +45,26 @@ HiiLib UefiLib BaseCryptLib - + [Guids] ## PRODUCES ## Variable:L"UsbCredential" ## CONSUMES ## Variable:L"UsbCredential" ## CONSUMES ## HII ## SOMETIMES_CONSUMES ## GUID # The credential provider identifier gUsbCredentialProviderGuid - + gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID gEfiUserCredentialClassSecureCardGuid ## SOMETIMES_CONSUMES ## GUID [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName ## SOMETIMES_CONSUMES [Protocols] gEfiUserCredential2ProtocolGuid ## PRODUCES gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES - + [UserExtensions.TianoCore."ExtraFiles"] UsbCredentialProviderExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni index 0fc955e477..a20917d5f7 100644 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni +++ b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderExtra.uni @@ -1,7 +1,7 @@ // /** @file // UsbCredentialProvider Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "USB Credential Provider" diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni index b91fe9ca06..f306d50a4e 100644 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni +++ b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderStrings.uni @@ -1,7 +1,7 @@ /** @file String definitions for the USB Credential Provider. -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -24,6 +24,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_PROVIDER_TYPE_NAME #language en-US "Secure Card Credential Provider" #language fr-FR "Secure Card Credential Provider (French)" #string STR_READ_USB_TOKEN_ERROR #language en-US "Read USB Token File Error!" - #language fr-FR "Read USB Token File Error! (French)" + #language fr-FR "Read USB Token File Error! (French)" #string STR_INSERT_USB_TOKEN #language en-US "Please insert USB key with Token" #language fr-FR "Please insert USB key with Token (French)" diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c index da1201a5f9..2cfe130db8 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/LoadDeferredImage.c @@ -1,13 +1,13 @@ /** @file Load the deferred images after user is identified. - -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -39,7 +39,7 @@ LoadDeferredImage ( UINTN DriverIndex; EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath; VOID *DriverImage; - UINTN ImageSize; + UINTN ImageSize; BOOLEAN BootOption; EFI_HANDLE ImageHandle; UINTN ExitDataSize; @@ -77,16 +77,16 @@ LoadDeferredImage ( // Load all the deferred images in this protocol instance. // Status = DeferredImage->GetImageInfo( - DeferredImage, - DriverIndex, - &ImageDevicePath, + DeferredImage, + DriverIndex, + &ImageDevicePath, (VOID **) &DriverImage, - &ImageSize, + &ImageSize, &BootOption ); if (EFI_ERROR (Status)) { break; - } + } // // Load and start the image. @@ -106,7 +106,7 @@ LoadDeferredImage ( // gBS->SetWatchdogTimer (5 * 60, 0x0000, 0x00, NULL); Status = gBS->StartImage (ImageHandle, &ExitDataSize, &ExitData); - + // // Clear the Watchdog Timer after the image returns. // @@ -115,7 +115,7 @@ LoadDeferredImage ( DriverIndex++; } while (TRUE); } - FreePool (HandleBuf); + FreePool (HandleBuf); } @@ -134,7 +134,7 @@ LoadDeferredImageInit ( EFI_EVENT Event; mDeferredImageHandle = ImageHandle; - + Status = gBS->CreateEventEx ( EVT_NOTIFY_SIGNAL, TPL_CALLBACK, diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c index f9743db84d..fd941792c1 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.c @@ -1,14 +1,14 @@ /** @file This driver manages user information and produces user manager protocol. - -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+ +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -81,20 +81,20 @@ EFI_USER_MANAGER_PROTOCOL gUserIdentifyManager = { /** Find the specified user in the user database. - This function searches the specified user from the beginning of the user database. - And if NextUser is TRUE, return the next User in the user database. - - @param[in, out] User On entry, points to the user profile entry to search. + This function searches the specified user from the beginning of the user database. + And if NextUser is TRUE, return the next User in the user database. + + @param[in, out] User On entry, points to the user profile entry to search. On return, points to the user profile entry or NULL if not found. @param[in] NextUser If FALSE, find the user in user profile database specifyed by User - If TRUE, find the next user in user profile database specifyed - by User. - @param[out] ProfileIndex A pointer to the index of user profile database that matches the + If TRUE, find the next user in user profile database specifyed + by User. + @param[out] ProfileIndex A pointer to the index of user profile database that matches the user specifyed by User. @retval EFI_NOT_FOUND User was NULL, or User was not found, or the next user was not found. @retval EFI_SUCCESS User or the next user are found in user profile database - + **/ EFI_STATUS FindUserProfile ( @@ -111,7 +111,7 @@ FindUserProfile ( if ((mUserProfileDb == NULL) || (User == NULL)) { return EFI_NOT_FOUND; } - + // // Check whether the user profile is in the user profile database. // @@ -152,22 +152,22 @@ FindUserProfile ( /** Find the specified user information record in the specified User profile. - This function searches the specified user information record from the beginning of the user - profile. And if NextInfo is TRUE, return the next info in the user profile. - - @param[in] User Points to the user profile entry. + This function searches the specified user information record from the beginning of the user + profile. And if NextInfo is TRUE, return the next info in the user profile. + + @param[in] User Points to the user profile entry. @param[in, out] Info On entry, points to the user information record or NULL to start searching with the first user information record. - On return, points to the user information record or NULL if not found. + On return, points to the user information record or NULL if not found. @param[in] NextInfo If FALSE, find the user information record in profile specifyed by User. - If TRUE, find the next user information record in profile specifyed - by User. + If TRUE, find the next user information record in profile specifyed + by User. @param[out] Offset A pointer to the offset of the information record in the user profile. @retval EFI_INVALID_PARAMETER Info is NULL @retval EFI_NOT_FOUND Info was not found, or the next Info was not found. @retval EFI_SUCCESS Info or the next info are found in user profile. - + **/ EFI_STATUS FindUserInfo ( @@ -184,7 +184,7 @@ FindUserInfo ( if (Info == NULL) { return EFI_INVALID_PARAMETER; } - + // // Check user profile entry // @@ -207,7 +207,7 @@ FindUserInfo ( } InfoLen += ALIGN_VARIABLE (UserInfo->InfoSize); } - + // // Check whether to find the next user information. // @@ -245,21 +245,21 @@ FindUserInfo ( /** Find a user infomation record by the information record type. - This function searches all user information records of User. The search starts with the - user information record following Info and continues until either the information is found + This function searches all user information records of User. The search starts with the + user information record following Info and continues until either the information is found or there are no more user infomation record. A match occurs when a Info.InfoType field matches the user information record type. - @param[in] User Points to the user profile record to search. + @param[in] User Points to the user profile record to search. @param[in, out] Info On entry, points to the user information record or NULL to start searching with the first user information record. On return, points to the user information record or NULL if not found. @param[in] InfoType The infomation type to be searched. @retval EFI_SUCCESS User information was found. Info points to the user information record. - @retval EFI_NOT_FOUND User information was not found. + @retval EFI_NOT_FOUND User information was not found. @retval EFI_INVALID_PARAMETER User is NULL or Info is NULL. - + **/ EFI_STATUS FindUserInfoByType ( @@ -275,7 +275,7 @@ FindUserInfoByType ( if (Info == NULL) { return EFI_INVALID_PARAMETER; } - + // // Check whether the user has the specified user information. // @@ -289,7 +289,7 @@ FindUserInfoByType ( if (EFI_ERROR (Status)) { return EFI_NOT_FOUND; } - + while (InfoLen < User->UserProfileSize) { UserInfo = (EFI_USER_INFO *) (User->ProfileInfo + InfoLen); if (UserInfo->InfoType == InfoType) { @@ -309,27 +309,27 @@ FindUserInfoByType ( /** Find a user using a user information record. - This function searches all user profiles for the specified user information record. The - search starts with the user information record handle following UserInfo and continues + This function searches all user profiles for the specified user information record. The + search starts with the user information record handle following UserInfo and continues until either the information is found or there are no more user profiles. - A match occurs when the Info.InfoType field matches the user information record type and the + A match occurs when the Info.InfoType field matches the user information record type and the user information record data matches the portion of Info passed the EFI_USER_INFO header. - @param[in, out] User On entry, points to the previously returned user profile record, - or NULL to start searching with the first user profile. + @param[in, out] User On entry, points to the previously returned user profile record, + or NULL to start searching with the first user profile. On return, points to the user profile entry, or NULL if not found. - @param[in, out] UserInfo On entry, points to the previously returned user information record, - or NULL to start searching with the first. + @param[in, out] UserInfo On entry, points to the previously returned user information record, + or NULL to start searching with the first. On return, points to the user information record, or NULL if not found. - @param[in] Info Points to the buffer containing the user information to be compared + @param[in] Info Points to the buffer containing the user information to be compared to the user information record. @param[in] InfoSize The size of Info, in bytes. Same as Info->InfoSize. - @retval EFI_SUCCESS User information was found. User points to the user profile record, + @retval EFI_SUCCESS User information was found. User points to the user profile record, and UserInfo points to the user information record. - @retval EFI_NOT_FOUND User information was not found. + @retval EFI_NOT_FOUND User information was not found. @retval EFI_INVALID_PARAMETER User is NULL; Info is NULL; or, InfoSize is too small. - + **/ EFI_STATUS FindUserProfileByInfo ( @@ -362,7 +362,7 @@ FindUserProfileByInfo ( if (*User == NULL) { *User = mUserProfileDb->UserProfile[0]; } - + // // Check user profile handle. // @@ -377,7 +377,7 @@ FindUserProfileByInfo ( if (EFI_ERROR (Status)) { break; } - + if (InfoSize == Info->InfoSize) { if (CompareMem ((UINT8 *) (InfoEntry + 1), (UINT8 *) (Info + 1), InfoSize - sizeof (EFI_USER_INFO)) == 0) { // @@ -388,9 +388,9 @@ FindUserProfileByInfo ( } return EFI_SUCCESS; } - } + } } - + // // Get next user profile. // @@ -410,7 +410,7 @@ FindUserProfileByInfo ( @retval TRUE The policy is a valid access policy. @retval FALSE The access policy is not a valid access policy. - + **/ BOOLEAN CheckAccessPolicy ( @@ -430,7 +430,7 @@ CheckAccessPolicy ( // // Check access policy according to type. // - CopyMem (&Access, PolicyInfo + TotalLen, sizeof (Access)); + CopyMem (&Access, PolicyInfo + TotalLen, sizeof (Access)); ValueLen = Access.Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL); switch (Access.Type) { case EFI_USER_INFO_ACCESS_FORBID_LOAD: @@ -492,7 +492,7 @@ CheckAccessPolicy ( @retval TRUE The policy is a valid identity policy. @retval FALSE The access policy is not a valid identity policy. - + **/ BOOLEAN CheckIdentityPolicy ( @@ -602,7 +602,7 @@ CheckIdentityPolicy ( @retval TRUE The info is a valid user information record. @retval FALSE The info is not a valid user information record. - + **/ BOOLEAN CheckUserInfo ( @@ -697,7 +697,7 @@ CheckUserInfo ( @retval TRUE It is a valid user profile. @retval FALSE It is not a valid user profile. - + **/ BOOLEAN CheckProfileInfo ( @@ -711,7 +711,7 @@ CheckProfileInfo ( if (UserProfileInfo == NULL) { return FALSE; } - + // // Check user profile information length. // @@ -742,10 +742,10 @@ CheckProfileInfo ( @param[in] RightType Could be EFI_USER_INFO_ACCESS_MANAGE, EFI_USER_INFO_ACCESS_ENROLL_OTHERS or EFI_USER_INFO_ACCESS_ENROLL_SELF. - + @retval TRUE Find the specified RightType in current user profile. @retval FALSE Can't find the right in the profile. - + **/ BOOLEAN CheckCurrentUserAccessRight ( @@ -882,7 +882,7 @@ GenerateUserId ( @retval TRUE Success to expand user profile database. @retval FALSE Fail to expand user profile database. - + **/ BOOLEAN ExpandUsermUserProfileDb ( @@ -935,11 +935,11 @@ ExpandUsermUserProfileDb ( Expand user profile @param[in] User Points to user profile. - @param[in] ExpandSize The size of user profile. + @param[in] ExpandSize The size of user profile. @retval TRUE Success to expand user profile size. @retval FALSE Fail to expand user profile size. - + **/ BOOLEAN ExpandUserProfile ( @@ -959,7 +959,7 @@ ExpandUserProfile ( if (Info == NULL) { return FALSE; } - + // // Copy exist information. // @@ -981,7 +981,7 @@ ExpandUserProfile ( If FALSE, save the user profile. @retval EFI_SUCCESS Save or delete user profile successfully. @retval Others Fail to change the profile. - + **/ EFI_STATUS SaveNvUserProfile ( @@ -998,7 +998,7 @@ SaveNvUserProfile ( if (EFI_ERROR (Status)) { return Status; } - + // // Save the user profile to non-volatile memory. // @@ -1040,7 +1040,7 @@ AddUserInfo ( if ((Info == NULL) || (User == NULL)) { return EFI_INVALID_PARAMETER; } - + // // Check user profile handle. // @@ -1048,7 +1048,7 @@ AddUserInfo ( if (EFI_ERROR (Status)) { return Status; } - + // // Check user information memory size. // @@ -1057,7 +1057,7 @@ AddUserInfo ( return EFI_OUT_OF_RESOURCES; } } - + // // Add new user information. // @@ -1083,9 +1083,9 @@ AddUserInfo ( @param[in] User Point to the user profile. @param[in] UserInfo Point to the user information record to get. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. + @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, holds the user information. - @param[in, out] InfoSize On entry, points to the size of Info. + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the size of the user information. @param[in] ChkRight If TRUE, check the user info attribute. If FALSE, don't check the user info attribute. @@ -1093,7 +1093,7 @@ AddUserInfo ( @retval EFI_ACCESS_DENIED The information cannot be accessed by the current user. @retval EFI_INVALID_PARAMETER InfoSize is NULL or UserInfo is NULL. - @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by *InfoSize is too small to hold the + @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by *InfoSize is too small to hold the returned data. The actual size required is returned in *InfoSize. @retval EFI_SUCCESS Information returned successfully. @@ -1116,7 +1116,7 @@ GetUserInfo ( if ((*InfoSize != 0) && (Info == NULL)) { return EFI_INVALID_PARAMETER; } - + // // Find the user information to get. // @@ -1124,7 +1124,7 @@ GetUserInfo ( if (EFI_ERROR (Status)) { return Status; } - + // // Check information attributes. // @@ -1145,7 +1145,7 @@ GetUserInfo ( break; } } - + // // Get user information. // @@ -1197,7 +1197,7 @@ DelUserInfo ( if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { return EFI_ACCESS_DENIED; } - + // // Delete the specified user information. // @@ -1220,7 +1220,7 @@ DelUserInfo ( @param[in] User Point to the user profile. @param[in, out] UserInfo On entry, points to the user information to modify, - or NULL to add a new UserInfo. + or NULL to add a new UserInfo. On return, points to the modified user information. @param[in] Info Points to the new user information. @param[in] InfoSize The size of Info,in bytes. @@ -1249,14 +1249,14 @@ ModifyUserInfo ( if (InfoSize < sizeof (EFI_USER_INFO) || InfoSize != Info->InfoSize) { return EFI_INVALID_PARAMETER; } - + // // Check user information. // if (Info->InfoType == EFI_USER_INFO_IDENTIFIER_RECORD) { return EFI_ACCESS_DENIED; } - + if (!CheckUserInfo (Info)) { return EFI_INVALID_PARAMETER; } @@ -1274,7 +1274,7 @@ ModifyUserInfo ( } ASSERT (OldInfo != NULL); - if (((OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) || + if (((OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) || ((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0)) { // // Same type can not co-exist for exclusive information. @@ -1292,7 +1292,7 @@ ModifyUserInfo ( if (!CompareGuid (&OldInfo->Credential, &Info->Credential)) { continue; } - + PayloadLen = Info->InfoSize - sizeof (EFI_USER_INFO); if (PayloadLen == 0) { continue; @@ -1311,7 +1311,7 @@ ModifyUserInfo ( Status = AddUserInfo (User, (UINT8 *) Info, InfoSize, UserInfo, TRUE); return Status; } - + // // Modify existing user information. // @@ -1319,11 +1319,11 @@ ModifyUserInfo ( if (OldInfo->InfoType != Info->InfoType) { return EFI_INVALID_PARAMETER; } - - if (((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) && + + if (((Info->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) != 0) && (OldInfo->InfoAttribs & EFI_USER_INFO_EXCLUSIVE) == 0) { // - // Try to add exclusive attrib in new info. + // Try to add exclusive attrib in new info. // Check whether there is another information with the same type in profile. // OldInfo = NULL; @@ -1339,7 +1339,7 @@ ModifyUserInfo ( // return EFI_ACCESS_DENIED; } - } while (TRUE); + } while (TRUE); } Status = DelUserInfo (User, *UserInfo, FALSE); @@ -1358,7 +1358,7 @@ ModifyUserInfo ( @retval EFI_SUCCESS Delete user from the user profile successfully. @retval Others Fail to delete user from user profile - + **/ EFI_STATUS DelUserProfile ( @@ -1375,14 +1375,14 @@ DelUserProfile ( if (EFI_ERROR (Status)) { return EFI_INVALID_PARAMETER; } - + // // Check whether it is the current user. // if (User == mCurrentUser) { return EFI_ACCESS_DENIED; } - + // // Delete user profile from the non-volatile memory. // @@ -1449,7 +1449,7 @@ AddUserProfile ( if (!CheckProfileInfo (ProfileInfo, ProfileSize)) { return EFI_SECURITY_VIOLATION; } - + // // Create user profile entry. // @@ -1468,9 +1468,9 @@ AddUserProfile ( } UnicodeSPrint ( - User->UserVarName, + User->UserVarName, sizeof (User->UserVarName), - L"User%04x", + L"User%04x", mUserProfileDb->UserProfileNum ); User->UserProfileSize = 0; @@ -1532,7 +1532,7 @@ CreateUserProfile ( UserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_IDENTIFIER); UserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; GenerateUserId ((UINT8 *) (UserInfo + 1)); - + // // Add user profile to the user profile database. // @@ -1547,7 +1547,7 @@ CreateUserProfile ( @retval EFI_SUCCESS A default user profile is added successfully. @retval Others Fail to add a default user profile - + **/ EFI_STATUS AddDefaultUserProfile ( @@ -1562,7 +1562,7 @@ AddDefaultUserProfile ( EFI_USER_INFO_USAGE_COUNT UsageCount; EFI_USER_INFO_ACCESS_CONTROL *Access; EFI_USER_INFO_IDENTITY_POLICY *Policy; - + // // Create a user profile. // @@ -1570,7 +1570,7 @@ AddDefaultUserProfile ( if (EFI_ERROR (Status)) { return Status; } - + // // Allocate a buffer to add all default user information. // @@ -1591,7 +1591,7 @@ AddDefaultUserProfile ( if (EFI_ERROR (Status)) { goto Done; } - + // // Add user profile create date record. // @@ -1609,7 +1609,7 @@ AddDefaultUserProfile ( if (EFI_ERROR (Status)) { goto Done; } - + // // Add user profile usage count record. // @@ -1623,7 +1623,7 @@ AddDefaultUserProfile ( if (EFI_ERROR (Status)) { goto Done; } - + // // Add user access right. // @@ -1638,7 +1638,7 @@ AddDefaultUserProfile ( if (EFI_ERROR (Status)) { goto Done; } - + // // Add user identity policy. // @@ -1646,7 +1646,7 @@ AddDefaultUserProfile ( Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | EFI_USER_INFO_PRIVATE | EFI_USER_INFO_EXCLUSIVE; Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (Info + 1); Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; - Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); + Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); Info->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; NewInfo = NULL; Status = ModifyUserInfo (User, &NewInfo, Info, Info->InfoSize); @@ -1660,7 +1660,7 @@ Done: /** Publish current user information into EFI System Configuration Table. - By UEFI spec, the User Identity Manager will publish the current user profile + By UEFI spec, the User Identity Manager will publish the current user profile into the EFI System Configuration Table. Currently, only the user identifier and user name are published. @@ -1685,7 +1685,7 @@ PublishUserTable ( ); if (!EFI_ERROR (Status)) { // - // The table existed! + // The table existed! // return EFI_SUCCESS; } @@ -1707,13 +1707,13 @@ PublishUserTable ( if (EFI_ERROR (Status)) { return Status; } - + // // Allocate a buffer for user information table. // UserInfoTable = (EFI_USER_INFO_TABLE *) AllocateRuntimePool ( - sizeof (EFI_USER_INFO_TABLE) + - IdInfo->InfoSize + + sizeof (EFI_USER_INFO_TABLE) + + IdInfo->InfoSize + NameInfo->InfoSize ); if (UserInfoTable == NULL) { @@ -1721,8 +1721,8 @@ PublishUserTable ( return Status; } - UserInfoTable->Size = sizeof (EFI_USER_INFO_TABLE); - + UserInfoTable->Size = sizeof (EFI_USER_INFO_TABLE); + // // Append the user information to the user info table // @@ -1740,7 +1740,7 @@ PublishUserTable ( /** Get the user's identity type. - The identify manager only supports the identity policy in which the credential + The identify manager only supports the identity policy in which the credential provider handles are connected by the operator 'AND' or 'OR'. @@ -1771,7 +1771,7 @@ GetIdentifyType ( return Status; } ASSERT (IdentifyInfo != NULL); - + // // Search the user identify policy according to type. // @@ -1823,7 +1823,7 @@ IdentifyByProviderId ( if (Provider == NULL) { return EFI_INVALID_PARAMETER; } - + // // Check the user ID identified by the specified credential provider. // @@ -1843,12 +1843,12 @@ IdentifyByProviderId ( // Get credential provider form. // Status = UserCredential->Form ( - UserCredential, - &HiiHandle, - &FormSetId, + UserCredential, + &HiiHandle, + &FormSetId, &FormId ); - if (!EFI_ERROR (Status)) { + if (!EFI_ERROR (Status)) { // // Send form to get user input. // @@ -1863,8 +1863,8 @@ IdentifyByProviderId ( ); if (EFI_ERROR (Status)) { return Status; - } - } + } + } } Status = UserCredential->User (UserCredential, User, &UserId); @@ -1876,7 +1876,7 @@ IdentifyByProviderId ( if (EFI_ERROR (Status)) { return Status; } - + return EFI_SUCCESS; } } @@ -1914,7 +1914,7 @@ UpdateUserInfo ( if (Info == NULL) { return EFI_OUT_OF_RESOURCES; } - + // // Check create date record. // @@ -1938,7 +1938,7 @@ UpdateUserInfo ( return Status; } } - + // // Update usage date record. // @@ -1961,7 +1961,7 @@ UpdateUserInfo ( return Status; } } - + // // Update usage count record. // @@ -2043,7 +2043,7 @@ AddProviderSelection ( Add a username item in form. @param[in] Index The index of the user in the user name list. - @param[in] User Points to the user profile whose username is added. + @param[in] User Points to the user profile whose username is added. @param[in] OpCodeHandle Points to container for dynamic created opcodes. @retval EFI_SUCCESS Add a username successfully. @@ -2066,7 +2066,7 @@ AddUserSelection ( if (EFI_ERROR (Status)) { return Status; } - + // // Add user name selection. // @@ -2090,12 +2090,12 @@ AddUserSelection ( /** Identify the user whose identity policy does not contain the operator 'OR'. - + @param[in] User Points to the user profile. @retval EFI_SUCCESS The specified user is identified successfully. @retval Others Fail to identify the user. - + **/ EFI_STATUS IdentifyAndTypeUser ( @@ -2118,7 +2118,7 @@ IdentifyAndTypeUser ( return Status; } ASSERT (IdentifyInfo != NULL); - + // // Check each part of identification policy expression. // @@ -2213,12 +2213,12 @@ IdentifyAndTypeUser ( /** Identify the user whose identity policy does not contain the operator 'AND'. - + @param[in] User Points to the user profile. @retval EFI_SUCCESS The specified user is identified successfully. @retval Others Fail to identify the user. - + **/ EFI_STATUS IdentifyOrTypeUser ( @@ -2244,7 +2244,7 @@ IdentifyOrTypeUser ( return Status; } ASSERT (IdentifyInfo != NULL); - + // // Initialize the container for dynamic opcodes. // @@ -2354,16 +2354,16 @@ UserIdentifyManagerCallback ( if (QuestionId != FORM_OPEN_QUESTION_ID) { return EFI_SUCCESS; } - + // // Initialize the container for dynamic opcodes. // StartOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (StartOpCodeHandle != NULL); - + EndOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (EndOpCodeHandle != NULL); - + // // Create Hii Extend Label OpCode. // @@ -2375,7 +2375,7 @@ UserIdentifyManagerCallback ( ); StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; StartLabel->Number = LABEL_USER_NAME; - + EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( EndOpCodeHandle, &gEfiIfrTianoGuid, @@ -2384,7 +2384,7 @@ UserIdentifyManagerCallback ( ); EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; EndLabel->Number = LABEL_END; - + // // Add all the user profile in the user profile database. // @@ -2392,7 +2392,7 @@ UserIdentifyManagerCallback ( User = (USER_PROFILE_ENTRY *) mUserProfileDb->UserProfile[Index]; AddUserSelection ((UINT16)(LABEL_USER_NAME + Index), User, StartOpCodeHandle); } - + HiiUpdateForm ( mCallbackInfo->HiiHandle, // HII handle &gUserIdentifyManagerGuid,// Formset GUID @@ -2400,10 +2400,10 @@ UserIdentifyManagerCallback ( StartOpCodeHandle, // Label for where to insert opcodes EndOpCodeHandle // Replace data ); - + HiiFreeOpCodeHandle (StartOpCodeHandle); HiiFreeOpCodeHandle (EndOpCodeHandle); - + return EFI_SUCCESS; } break; @@ -2415,7 +2415,7 @@ UserIdentifyManagerCallback ( case EFI_BROWSER_ACTION_CHANGED: if (QuestionId >= LABEL_PROVIDER_NAME) { // - // QuestionId comes from the second Form (Select a Credential Provider if identity + // QuestionId comes from the second Form (Select a Credential Provider if identity // policy is OR type). Identify the user by the selected provider. // Status = IdentifyByProviderId (mCurrentUser, &mProviderDb->Provider[QuestionId & 0xFFF]->Identifier); @@ -2426,7 +2426,7 @@ UserIdentifyManagerCallback ( return EFI_SUCCESS; } break; - + case EFI_BROWSER_ACTION_CHANGING: // // QuestionId comes from the first Form (Select a user to identify). @@ -2483,12 +2483,12 @@ UserIdentifyManagerCallback ( /** This function construct user profile database from user data saved in the Flash. - If no user is found in Flash, add one default user "administrator" in the user + If no user is found in Flash, add one default user "administrator" in the user profile database. @retval EFI_SUCCESS Init user profile database successfully. @retval Others Fail to init user profile database. - + **/ EFI_STATUS InitUserProfileDb ( @@ -2522,7 +2522,7 @@ InitUserProfileDb ( if (VarData == NULL) { return EFI_OUT_OF_RESOURCES; } - + // // Get all user proifle entries. // @@ -2532,9 +2532,9 @@ InitUserProfileDb ( // Get variable name. // UnicodeSPrint ( - VarName, + VarName, sizeof (VarName), - L"User%04x", + L"User%04x", Index ); Index++; @@ -2562,7 +2562,7 @@ InitUserProfileDb ( } break; } - + // // Check variable attributes. // @@ -2570,7 +2570,7 @@ InitUserProfileDb ( Status = gRT->SetVariable (VarName, &gUserIdentifyManagerGuid, VarAttr, 0, NULL); continue; } - + // // Add user profile to the user profile database. // @@ -2602,7 +2602,7 @@ InitUserProfileDb ( if (EFI_ERROR (Status)) { return Status; } - + // // Check whether the user profile database is empty. // @@ -2629,7 +2629,7 @@ InitProviderInfo ( EFI_STATUS Status; UINTN HandleCount; EFI_HANDLE *HandleBuf; - UINTN Index; + UINTN Index; if (mProviderDb != NULL) { // @@ -2658,8 +2658,8 @@ InitProviderInfo ( // Get provider infomation. // mProviderDb = AllocateZeroPool ( - sizeof (CREDENTIAL_PROVIDER_INFO) - - sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + + sizeof (CREDENTIAL_PROVIDER_INFO) - + sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) ); if (mProviderDb == NULL) { @@ -2818,7 +2818,7 @@ InitFormBrowser ( CallbackInfo->FormBrowser2 = FormBrowser2; CallbackInfo->DriverHandle = NULL; - + // // Install Device Path Protocol and Config Access protocol to driver handle. // @@ -2892,7 +2892,7 @@ IdentifyAutoLogonUser ( FreePool (Info); return Status; } - + // // Find user with the specified user ID. // @@ -2911,7 +2911,7 @@ IdentifyAutoLogonUser ( // return EFI_NOT_READY; } - + return Status; } @@ -2920,22 +2920,22 @@ IdentifyAutoLogonUser ( Check whether the given console is ready. @param[in] ProtocolGuid Points to the protocol guid of sonsole . - + @retval TRUE The given console is ready. @retval FALSE The given console is not ready. - + **/ BOOLEAN CheckConsole ( - EFI_GUID *ProtocolGuid + EFI_GUID *ProtocolGuid ) { EFI_STATUS Status; UINTN HandleCount; EFI_HANDLE *HandleBuf; - UINTN Index; + UINTN Index; EFI_DEVICE_PATH_PROTOCOL *DevicePath; - + // // Try to find all the handle driver. // @@ -2959,7 +2959,7 @@ CheckConsole ( return TRUE; } } - FreePool (HandleBuf); + FreePool (HandleBuf); return FALSE; } @@ -2969,7 +2969,7 @@ CheckConsole ( @retval TRUE The console is ready. @retval FALSE The console is not ready. - + **/ BOOLEAN IsConsoleReady ( @@ -2985,7 +2985,7 @@ IsConsoleReady ( return FALSE; } } - + return TRUE; } @@ -3041,7 +3041,7 @@ IdentifyUser ( return EFI_SUCCESS; } } - + // // Find and login the default & AutoLogon user. // @@ -3062,7 +3062,7 @@ IdentifyUser ( } } } - + if (!IsConsoleReady ()) { // // The console is still not ready for user selection. @@ -3082,20 +3082,20 @@ IdentifyUser ( NULL, NULL ); - + if (mIdentified) { *User = (USER_PROFILE_ENTRY *) mCurrentUser; UpdateUserInfo (*User); return EFI_SUCCESS; } - + return EFI_ACCESS_DENIED; } /** An empty function to pass error checking of CreateEventEx (). - + @param Event Event whose notification function is being invoked. @param Context Pointer to the notification function's context, which is implementation-dependent. @@ -3140,19 +3140,19 @@ SignalEventUserProfileChanged ( /** Create a new user profile. - This function creates a new user profile with only a new user identifier attached and returns + This function creates a new user profile with only a new user identifier attached and returns its handle. The user profile is non-volatile, but the handle User can change across reboots. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[out] User On return, points to the new user profile handle. + @param[out] User On return, points to the new user profile handle. The user profile handle is unique only during this boot. - + @retval EFI_SUCCESS User profile was successfully created. - @retval EFI_ACCESS_DENIED Current user does not have sufficient permissions to create a + @retval EFI_ACCESS_DENIED Current user does not have sufficient permissions to create a user profile. @retval EFI_UNSUPPORTED Creation of new user profiles is not supported. @retval EFI_INVALID_PARAMETER The User parameter is NULL. - + **/ EFI_STATUS EFIAPI @@ -3175,7 +3175,7 @@ UserProfileCreate ( return EFI_ACCESS_DENIED; } } - + // // Create new user profile // @@ -3191,14 +3191,14 @@ UserProfileCreate ( Delete an existing user profile. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User User profile handle. + @param[in] User User profile handle. @retval EFI_SUCCESS User profile was successfully deleted. @retval EFI_ACCESS_DENIED Current user does not have sufficient permissions to delete a user profile or there is only one user profile. @retval EFI_UNSUPPORTED Deletion of new user profiles is not supported. @retval EFI_INVALID_PARAMETER User does not refer to a valid user profile. - + **/ EFI_STATUS EFIAPI @@ -3212,14 +3212,14 @@ UserProfileDelete ( if (This == NULL) { return EFI_INVALID_PARAMETER; } - + // // Check the right of the current user. // if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_MANAGE)) { return EFI_ACCESS_DENIED; } - + // // Delete user profile. // @@ -3238,16 +3238,16 @@ UserProfileDelete ( /** Enumerate all of the enrolled users on the platform. - This function returns the next enrolled user profile. To retrieve the first user profile handle, - point User at a NULL. Each subsequent call will retrieve another user profile handle until there - are no more, at which point User will point to NULL. + This function returns the next enrolled user profile. To retrieve the first user profile handle, + point User at a NULL. Each subsequent call will retrieve another user profile handle until there + are no more, at which point User will point to NULL. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in, out] User On entry, points to the previous user profile handle or NULL to + @param[in, out] User On entry, points to the previous user profile handle or NULL to start enumeration. On exit, points to the next user profile handle or NULL if there are no more user profiles. - @retval EFI_SUCCESS Next enrolled user profile successfully returned. + @retval EFI_SUCCESS Next enrolled user profile successfully returned. @retval EFI_ACCESS_DENIED Next enrolled user profile was not successfully returned. @retval EFI_INVALID_PARAMETER The User parameter is NULL. **/ @@ -3263,7 +3263,7 @@ UserProfileGetNext ( if ((This == NULL) || (User == NULL)) { return EFI_INVALID_PARAMETER; } - + Status = FindUserProfile ((USER_PROFILE_ENTRY **) User, TRUE, NULL); if (EFI_ERROR (Status)) { return EFI_ACCESS_DENIED; @@ -3278,9 +3278,9 @@ UserProfileGetNext ( @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. @param[out] CurrentUser On return, points to the current user profile handle. - @retval EFI_SUCCESS Current user profile handle returned successfully. + @retval EFI_SUCCESS Current user profile handle returned successfully. @retval EFI_INVALID_PARAMETER The CurrentUser parameter is NULL. - + **/ EFI_STATUS EFIAPI @@ -3288,7 +3288,7 @@ UserProfileCurrent ( IN CONST EFI_USER_MANAGER_PROTOCOL *This, OUT EFI_USER_PROFILE_HANDLE *CurrentUser ) -{ +{ // // Get current user profile. // @@ -3306,8 +3306,8 @@ UserProfileCurrent ( Identify the user and, if authenticated, returns the user handle and changes the current user profile. All user information marked as private in a previously selected profile - is no longer available for inspection. - Whenever the current user profile is changed then the an event with the GUID + is no longer available for inspection. + Whenever the current user profile is changed then the an event with the GUID EFI_EVENT_GROUP_USER_PROFILE_CHANGED is signaled. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. @@ -3317,7 +3317,7 @@ UserProfileCurrent ( @retval EFI_SUCCESS User was successfully identified. @retval EFI_ACCESS_DENIED User was not successfully identified. @retval EFI_INVALID_PARAMETER The User parameter is NULL. - + **/ EFI_STATUS EFIAPI @@ -3336,7 +3336,7 @@ UserProfileIdentify ( *User = mCurrentUser; return EFI_SUCCESS; } - + // // Identify user // @@ -3344,7 +3344,7 @@ UserProfileIdentify ( if (EFI_ERROR (Status)) { return EFI_ACCESS_DENIED; } - + // // Publish the user info into the EFI system configuration table. // @@ -3361,35 +3361,35 @@ UserProfileIdentify ( Find a user using a user information record. This function searches all user profiles for the specified user information record. - The search starts with the user information record handle following UserInfo and + The search starts with the user information record handle following UserInfo and continues until either the information is found or there are no more user profiles. A match occurs when the Info.InfoType field matches the user information record type and the user information record data matches the portion of Info. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in, out] User On entry, points to the previously returned user profile + @param[in, out] User On entry, points to the previously returned user profile handle, or NULL to start searching with the first user profile. On return, points to the user profile handle, or NULL if not found. @param[in, out] UserInfo On entry, points to the previously returned user information - handle, or NULL to start searching with the first. On return, + handle, or NULL to start searching with the first. On return, points to the user information handle of the user information - record, or NULL if not found. Can be NULL, in which case only - one user information record per user can be returned. - @param[in] Info Points to the buffer containing the user information to be - compared to the user information record. If the user information - record data is empty, then only the user information record type - is compared. If InfoSize is 0, then the user information record + record, or NULL if not found. Can be NULL, in which case only + one user information record per user can be returned. + @param[in] Info Points to the buffer containing the user information to be + compared to the user information record. If the user information + record data is empty, then only the user information record type + is compared. If InfoSize is 0, then the user information record must be empty. - @param[in] InfoSize The size of Info, in bytes. + @param[in] InfoSize The size of Info, in bytes. @retval EFI_SUCCESS User information was found. User points to the user profile handle, and UserInfo points to the user information handle. - @retval EFI_NOT_FOUND User information was not found. User points to NULL, and + @retval EFI_NOT_FOUND User information was not found. User points to NULL, and UserInfo points to NULL. - @retval EFI_INVALID_PARAMETER User is NULL. Or Info is NULL. - + @retval EFI_INVALID_PARAMETER User is NULL. Or Info is NULL. + **/ EFI_STATUS EFIAPI @@ -3420,8 +3420,8 @@ UserProfileFind ( return EFI_INVALID_PARAMETER; } } - Size = Info->InfoSize; - + Size = Info->InfoSize; + // // Find user profile accdoring to user information. // @@ -3438,7 +3438,7 @@ UserProfileFind ( } return EFI_NOT_FOUND; } - + return EFI_SUCCESS; } @@ -3446,31 +3446,31 @@ UserProfileFind ( /** Return information attached to the user. - This function returns user information. The format of the information is described in User - Information. The function may return EFI_ACCESS_DENIED if the information is marked private - and the handle specified by User is not the current user profile. The function may return - EFI_ACCESS_DENIED if the information is marked protected and the information is associated + This function returns user information. The format of the information is described in User + Information. The function may return EFI_ACCESS_DENIED if the information is marked private + and the handle specified by User is not the current user profile. The function may return + EFI_ACCESS_DENIED if the information is marked protected and the information is associated with a credential provider for which the user has not been authenticated. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User Handle of the user whose profile will be retrieved. - @param[in] UserInfo Handle of the user information data record. - @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, - holds the user information. If the buffer is too small to hold the - information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is - updated to contain the number of bytes actually required. - @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the size - of the user information. + @param[in] User Handle of the user whose profile will be retrieved. + @param[in] UserInfo Handle of the user information data record. + @param[out] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, + holds the user information. If the buffer is too small to hold the + information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is + updated to contain the number of bytes actually required. + @param[in, out] InfoSize On entry, points to the size of Info. On return, points to the size + of the user information. @retval EFI_SUCCESS Information returned successfully. - @retval EFI_ACCESS_DENIED The information about the specified user cannot be accessed by the + @retval EFI_ACCESS_DENIED The information about the specified user cannot be accessed by the current user. - @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by *InfoSize is too small to hold the + @retval EFI_BUFFER_TOO_SMALL The number of bytes specified by *InfoSize is too small to hold the returned data. The actual size required is returned in *InfoSize. - @retval EFI_NOT_FOUND User does not refer to a valid user profile or UserInfo does not refer + @retval EFI_NOT_FOUND User does not refer to a valid user profile or UserInfo does not refer to a valid user info handle. @retval EFI_INVALID_PARAMETER Info is NULL or InfoSize is NULL. - + **/ EFI_STATUS EFIAPI @@ -3491,11 +3491,11 @@ UserProfileGetInfo ( if ((*InfoSize != 0) && (Info == NULL)) { return EFI_INVALID_PARAMETER; } - + if ((User == NULL) || (UserInfo == NULL)) { return EFI_NOT_FOUND; } - + Status = GetUserInfo (User, UserInfo, Info, InfoSize, TRUE); if (EFI_ERROR (Status)) { if (Status == EFI_BUFFER_TOO_SMALL) { @@ -3510,32 +3510,32 @@ UserProfileGetInfo ( /** Add or update user information. - This function changes user information. If NULL is pointed to by UserInfo, then a new user - information record is created and its handle is returned in UserInfo. Otherwise, the existing + This function changes user information. If NULL is pointed to by UserInfo, then a new user + information record is created and its handle is returned in UserInfo. Otherwise, the existing one is replaced. - If EFI_USER_INFO_IDENITTY_POLICY_RECORD is changed, it is the caller's responsibility to keep + If EFI_USER_INFO_IDENITTY_POLICY_RECORD is changed, it is the caller's responsibility to keep it to be synced with the information on credential providers. - If EFI_USER_INFO_EXCLUSIVE is specified in Info and a user information record of the same + If EFI_USER_INFO_EXCLUSIVE is specified in Info and a user information record of the same type already exists in the user profile, then EFI_ACCESS_DENIED will be returned and UserInfo will point to the handle of the existing record. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] User Handle of the user whose profile will be retrieved. - @param[in, out] UserInfo Handle of the user information data record. - @param[in] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, - holds the user information. If the buffer is too small to hold the - information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is - updated to contain the number of bytes actually required. - @param[in] InfoSize On entry, points to the size of Info. On return, points to the size - of the user information. + @param[in] User Handle of the user whose profile will be retrieved. + @param[in, out] UserInfo Handle of the user information data record. + @param[in] Info On entry, points to a buffer of at least *InfoSize bytes. On exit, + holds the user information. If the buffer is too small to hold the + information, then EFI_BUFFER_TOO_SMALL is returned and InfoSize is + updated to contain the number of bytes actually required. + @param[in] InfoSize On entry, points to the size of Info. On return, points to the size + of the user information. @retval EFI_SUCCESS Information returned successfully. @retval EFI_ACCESS_DENIED The record is exclusive. - @retval EFI_SECURITY_VIOLATION The current user does not have permission to change the specified + @retval EFI_SECURITY_VIOLATION The current user does not have permission to change the specified user profile or user information record. - @retval EFI_NOT_FOUND User does not refer to a valid user profile or UserInfo does not + @retval EFI_NOT_FOUND User does not refer to a valid user profile or UserInfo does not refer to a valid user info handle. - @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. + @retval EFI_INVALID_PARAMETER UserInfo is NULL or Info is NULL. **/ EFI_STATUS EFIAPI @@ -3552,7 +3552,7 @@ UserProfileSetInfo ( if ((This == NULL) || (User == NULL) || (UserInfo == NULL) || (Info == NULL)) { return EFI_INVALID_PARAMETER; } - + // // Check the right of the current user. // @@ -3564,7 +3564,7 @@ UserProfileSetInfo ( // return EFI_SECURITY_VIOLATION; } - + if (!CheckCurrentUserAccessRight (EFI_USER_INFO_ACCESS_ENROLL_OTHERS)) { // // Can't add info into other profiles. @@ -3584,14 +3584,14 @@ UserProfileSetInfo ( } } } - + // // Modify user information. // Status = ModifyUserInfo (User, (EFI_USER_INFO **) UserInfo, Info, InfoSize); if (EFI_ERROR (Status)) { if (Status == EFI_ACCESS_DENIED) { - return EFI_ACCESS_DENIED; + return EFI_ACCESS_DENIED; } return EFI_SECURITY_VIOLATION; } @@ -3602,25 +3602,25 @@ UserProfileSetInfo ( /** Called by credential provider to notify of information change. - This function allows the credential provider to notify the User Identity Manager when user status + This function allows the credential provider to notify the User Identity Manager when user status has changed. - If the User Identity Manager doesn't support asynchronous changes in credentials, then this function - should return EFI_UNSUPPORTED. - If current user does not exist, and the credential provider can identify a user, then make the user + If the User Identity Manager doesn't support asynchronous changes in credentials, then this function + should return EFI_UNSUPPORTED. + If current user does not exist, and the credential provider can identify a user, then make the user to be current user and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. - If current user already exists, and the credential provider can identify another user, then switch + If current user already exists, and the credential provider can identify another user, then switch current user to the newly identified user, and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. - If current user was identified by this credential provider and now the credential provider cannot identify + If current user was identified by this credential provider and now the credential provider cannot identify current user, then logout current user and signal the EFI_EVENT_GROUP_USER_PROFILE_CHANGED event. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in] Changed Handle on which is installed an instance of the EFI_USER_CREDENTIAL2_PROTOCOL + @param[in] Changed Handle on which is installed an instance of the EFI_USER_CREDENTIAL2_PROTOCOL where the user has changed. @retval EFI_SUCCESS The User Identity Manager has handled the notification. @retval EFI_NOT_READY The function was called while the specified credential provider was not selected. @retval EFI_UNSUPPORTED The User Identity Manager doesn't support asynchronous notifications. - + **/ EFI_STATUS EFIAPI @@ -3628,7 +3628,7 @@ UserProfileNotify ( IN CONST EFI_USER_MANAGER_PROTOCOL *This, IN EFI_HANDLE Changed ) -{ +{ return EFI_UNSUPPORTED; } @@ -3644,8 +3644,8 @@ UserProfileNotify ( @retval EFI_SUCCESS User information deleted successfully. @retval EFI_NOT_FOUND User information record UserInfo does not exist in the user profile. - @retval EFI_ACCESS_DENIED The current user does not have permission to delete this user information. - + @retval EFI_ACCESS_DENIED The current user does not have permission to delete this user information. + **/ EFI_STATUS EFIAPI @@ -3660,7 +3660,7 @@ UserProfileDeleteInfo ( if (This == NULL) { return EFI_INVALID_PARAMETER; } - + // // Check the right of the current user. // @@ -3669,7 +3669,7 @@ UserProfileDeleteInfo ( return EFI_ACCESS_DENIED; } } - + // // Delete user information. // @@ -3679,7 +3679,7 @@ UserProfileDeleteInfo ( return EFI_NOT_FOUND; } return EFI_ACCESS_DENIED; - } + } return EFI_SUCCESS; } @@ -3687,10 +3687,10 @@ UserProfileDeleteInfo ( /** Enumerate user information of all the enrolled users on the platform. - This function returns the next user information record. To retrieve the first user - information record handle, point UserInfo at a NULL. Each subsequent call will retrieve - another user information record handle until there are no more, at which point UserInfo - will point to NULL. + This function returns the next user information record. To retrieve the first user + information record handle, point UserInfo at a NULL. Each subsequent call will retrieve + another user information record handle until there are no more, at which point UserInfo + will point to NULL. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. @param[in] User Handle of the user whose information will be deleted. @@ -3699,7 +3699,7 @@ UserProfileDeleteInfo ( @retval EFI_SUCCESS User information returned. @retval EFI_NOT_FOUND No more user information found. @retval EFI_INVALID_PARAMETER UserInfo is NULL. - + **/ EFI_STATUS EFIAPI @@ -3757,7 +3757,7 @@ UserIdentifyManagerInit ( EFI_NATIVE_INTERFACE, &gUserIdentifyManager ); - ASSERT_EFI_ERROR (Status); + ASSERT_EFI_ERROR (Status); LoadDeferredImageInit (ImageHandle); return EFI_SUCCESS; diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h index fab0605728..1c449b0128 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManager.h @@ -1,13 +1,13 @@ /** @file The header file for User identify Manager driver. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -239,34 +239,34 @@ UserProfileIdentify ( Find a user using a user information record. This function searches all user profiles for the specified user information record. - The search starts with the user information record handle following UserInfo and + The search starts with the user information record handle following UserInfo and continues until either the information is found or there are no more user profiles. A match occurs when the Info.InfoType field matches the user information record - type and the user information record data matches the portion of Info passed the + type and the user information record data matches the portion of Info passed the EFI_USER_INFO header. @param[in] This Points to this instance of the EFI_USER_MANAGER_PROTOCOL. - @param[in, out] User On entry, points to the previously returned user profile + @param[in, out] User On entry, points to the previously returned user profile handle, or NULL to start searching with the first user profile. On return, points to the user profile handle, or NULL if not found. @param[in, out] UserInfo On entry, points to the previously returned user information - handle, or NULL to start searching with the first. On return, + handle, or NULL to start searching with the first. On return, points to the user information handle of the user information - record, or NULL if not found. Can be NULL, in which case only - one user information record per user can be returned. - @param[in] Info Points to the buffer containing the user information to be - compared to the user information record. If NULL, then only - the user information record type is compared. If InfoSize is 0, + record, or NULL if not found. Can be NULL, in which case only + one user information record per user can be returned. + @param[in] Info Points to the buffer containing the user information to be + compared to the user information record. If NULL, then only + the user information record type is compared. If InfoSize is 0, then the user information record must be empty. - @param[in] InfoSize The size of Info, in bytes. + @param[in] InfoSize The size of Info, in bytes. @retval EFI_SUCCESS User information was found. User points to the user profile handle, and UserInfo points to the user information handle. - @retval EFI_NOT_FOUND User information was not found. User points to NULL and UserInfo + @retval EFI_NOT_FOUND User information was not found. User points to NULL and UserInfo points to NULL. - + **/ EFI_STATUS EFIAPI @@ -409,5 +409,5 @@ UserProfileGetNextInfo ( IN EFI_USER_PROFILE_HANDLE User, IN OUT EFI_USER_INFO_HANDLE *UserInfo ); - + #endif diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h index b08ac46437..4e07ddd309 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerData.h @@ -1,13 +1,13 @@ /** @file Data structure used by the user identify manager driver. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf index ac23818660..27e8ba19ad 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf @@ -2,8 +2,8 @@ # Produces user manager protocol # # This module manages user information and produces user manager protocol. -# -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# +# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -48,7 +48,7 @@ [Guids] gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID gEfiEventUserProfileChangedGuid ## SOMETIMES_PRODUCES ## Event - + ## SOMETIMES_PRODUCES ## Variable:L"Userxxxx" ## SOMETIMES_CONSUMES ## Variable:L"Userxxxx" ## CONSUMES ## HII @@ -64,16 +64,16 @@ gEfiSimpleTextInputExProtocolGuid ## SOMETIMES_CONSUMES gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiDevicePathProtocolGuid ## PRODUCES - + ## PRODUCES ## SOMETIMES_PRODUCES ## SystemTable - gEfiUserManagerProtocolGuid + gEfiUserManagerProtocolGuid [Depex] - gEfiHiiDatabaseProtocolGuid AND - gEfiHiiStringProtocolGuid AND - gEfiFormBrowser2ProtocolGuid + gEfiHiiDatabaseProtocolGuid AND + gEfiHiiStringProtocolGuid AND + gEfiFormBrowser2ProtocolGuid [UserExtensions.TianoCore."ExtraFiles"] UserIdentifyManagerExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni index b0418b6e30..8b7cba7b32 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerExtra.uni @@ -1,7 +1,7 @@ // /** @file // UserIdentifyManager Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "User Identify Manager" diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni index 8ac0cdfbec..fcbf5005cd 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerStrings.uni @@ -1,7 +1,7 @@ /** @file String definitions for the User Identify Manager driver. -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -16,12 +16,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #langdef fr-FR "Francais" #string STR_TITLE #language en-US "User Identity Manager" - #language fr-FR "User Identity Manager(French)" + #language fr-FR "User Identity Manager(French)" #string STR_USER_SELECT #language en-US "User Selection" #language fr-FR "User Selection(French)" #string STR_PROVIDER_SELECT #language en-US "Provider Selection" - #language fr-FR "User Selection(French)" + #language fr-FR "User Selection(French)" #string STR_NULL_STRING #language en-US "" #language fr-FR "" - + diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c index 5b4171ddec..56d3b1df98 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c @@ -1,13 +1,13 @@ /** @file The functions for access policy modification. - -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -15,7 +15,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "UserProfileManager.h" /** - Collect all the access policy data to mUserInfo.AccessPolicy, + Collect all the access policy data to mUserInfo.AccessPolicy, and save it to user profile. **/ @@ -38,7 +38,7 @@ SaveAccessPolicy ( mUserInfo.AccessPolicyLen = 0; mUserInfo.AccessPolicyModified = TRUE; OffSet = 0; - + // // Save access right. // @@ -51,7 +51,7 @@ SaveAccessPolicy ( Control.Size = (UINT32) Size; CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); OffSet += sizeof (Control); - + // // Save access setup. // @@ -61,10 +61,10 @@ SaveAccessPolicy ( } Control.Type = EFI_USER_INFO_ACCESS_SETUP; - Control.Size = (UINT32) Size; + Control.Size = (UINT32) Size; CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); OffSet += sizeof (Control); - + if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) { CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid); } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) { @@ -73,7 +73,7 @@ SaveAccessPolicy ( CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid); } OffSet += sizeof (EFI_GUID); - + // // Save access of boot order. // @@ -83,13 +83,13 @@ SaveAccessPolicy ( } Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER; - Control.Size = (UINT32) Size; + Control.Size = (UINT32) Size; CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); OffSet += sizeof (Control); CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32)); OffSet += sizeof (UINT32); - + // // Save permit load. // @@ -100,14 +100,14 @@ SaveAccessPolicy ( } Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD; - Control.Size = (UINT32) Size; + Control.Size = (UINT32) Size; CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); OffSet += sizeof (Control); - + CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen); OffSet += mAccessInfo.LoadPermitLen; } - + // // Save forbid load. // @@ -118,14 +118,14 @@ SaveAccessPolicy ( } Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD; - Control.Size = (UINT32) Size; + Control.Size = (UINT32) Size; CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); OffSet += sizeof (Control); - + CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen); OffSet += mAccessInfo.LoadForbidLen; } - + // // Save permit connect. // @@ -136,14 +136,14 @@ SaveAccessPolicy ( } Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT; - Control.Size = (UINT32) Size; + Control.Size = (UINT32) Size; CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); OffSet += sizeof (Control); - + CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen); OffSet += mAccessInfo.ConnectPermitLen; } - + // // Save forbid connect. // @@ -154,10 +154,10 @@ SaveAccessPolicy ( } Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT; - Control.Size = (UINT32) Size; + Control.Size = (UINT32) Size; CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); OffSet += sizeof (Control); - + CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen); OffSet += mAccessInfo.ConnectForbidLen; } @@ -264,11 +264,11 @@ AddDevicePath ( /** - Check whether the DevicePath is in the device path forbid list + Check whether the DevicePath is in the device path forbid list (mAccessInfo.LoadForbid). @param[in] DevicePath Points to device path. - + @retval TRUE The DevicePath is in the device path forbid list. @retval FALSE The DevicePath is not in the device path forbid list. @@ -330,10 +330,10 @@ DisplayLoadPermit( // OrderSize = 0; Status = gRT->GetVariable ( - L"DriverOrder", - &gEfiGlobalVariableGuid, - NULL, - &OrderSize, + L"DriverOrder", + &gEfiGlobalVariableGuid, + NULL, + &OrderSize, NULL ); if (Status != EFI_BUFFER_TOO_SMALL) { @@ -346,16 +346,16 @@ DisplayLoadPermit( } Status = gRT->GetVariable ( - L"DriverOrder", - &gEfiGlobalVariableGuid, - NULL, - &OrderSize, + L"DriverOrder", + &gEfiGlobalVariableGuid, + NULL, + &OrderSize, Order ); if (EFI_ERROR (Status)) { return ; } - + // // Initialize the container for dynamic opcodes. // @@ -400,11 +400,11 @@ DisplayLoadPermit( if (Var == NULL) { continue; } - + // // Check whether the driver is already forbidden. // - + VarPtr = Var; // // Skip attribute. @@ -545,7 +545,7 @@ DisplayConnectPermit ( ) { // - // Note: + // Note: // As no architect protocol/interface to be called in ConnectController() // to verify the device path, just add a place holder for permitted connect // device path. @@ -563,7 +563,7 @@ DisplayConnectForbid ( ) { // - // Note: + // Note: // As no architect protocol/interface to be called in ConnectController() // to verify the device path, just add a place holder for forbidden connect // device path. @@ -572,11 +572,11 @@ DisplayConnectForbid ( /** - Delete the specified device path by DriverIndex from the forbid device path + Delete the specified device path by DriverIndex from the forbid device path list (mAccessInfo.LoadForbid). @param[in] DriverIndex The index of driver in forbidden device path list. - + **/ VOID DeleteFromForbidLoad ( @@ -598,7 +598,7 @@ DeleteFromForbidLoad ( OffSet += DPSize; DriverIndex--; } - + // // Specified device path found. // @@ -608,8 +608,8 @@ DeleteFromForbidLoad ( OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize; if (OffLen > 0) { CopyMem ( - mAccessInfo.LoadForbid + OffSet, - mAccessInfo.LoadForbid + OffSet + DPSize, + mAccessInfo.LoadForbid + OffSet, + mAccessInfo.LoadForbid + OffSet + DPSize, OffLen ); } @@ -619,11 +619,11 @@ DeleteFromForbidLoad ( /** - Add the specified device path by DriverIndex to the forbid device path + Add the specified device path by DriverIndex to the forbid device path list (mAccessInfo.LoadForbid). @param[in] DriverIndex The index of driver saved in driver options. - + **/ VOID AddToForbidLoad ( @@ -645,11 +645,11 @@ AddToForbidLoad ( if (Var == NULL) { return; } - + // // Save forbid load driver. // - + VarPtr = Var; // // Skip attribute. diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c index 7c58329591..602c4a8397 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyIdentityPolicy.c @@ -1,13 +1,13 @@ /** @file The functions for identification policy modification. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -20,7 +20,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. provider can't appear twice in one identity policy. @param[in] NewGuid Points to the credential provider guid. - + @retval TRUE The NewGuid was found in the identity policy. @retval FALSE The NewGuid was not found. @@ -52,7 +52,7 @@ ProviderAlreadyInPolicy ( } Offset += Identity->Length; } - + return FALSE; } @@ -70,12 +70,12 @@ ProviderAlreadyInPolicy ( EFI_STATUS EnrollUserOnProvider ( IN EFI_USER_INFO_IDENTITY_POLICY *Identity, - IN EFI_USER_PROFILE_HANDLE User + IN EFI_USER_PROFILE_HANDLE User ) { UINTN Index; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - + // // Find the specified credential provider. // @@ -86,7 +86,7 @@ EnrollUserOnProvider ( } } - return EFI_NOT_FOUND; + return EFI_NOT_FOUND; } @@ -103,12 +103,12 @@ EnrollUserOnProvider ( EFI_STATUS DeleteUserOnProvider ( IN EFI_USER_INFO_IDENTITY_POLICY *Identity, - IN EFI_USER_PROFILE_HANDLE User + IN EFI_USER_PROFILE_HANDLE User ) { UINTN Index; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - + // // Find the specified credential provider. // @@ -119,13 +119,13 @@ DeleteUserOnProvider ( } } - return EFI_NOT_FOUND; + return EFI_NOT_FOUND; } /** Delete User's credental from all the providers that exist in User's identity policy. - + @param[in] IdentityPolicy Point to User's identity policy. @param[in] IdentityPolicyLen The length of the identity policy. @param[in] User Points to user profile. @@ -135,7 +135,7 @@ VOID DeleteCredentialFromProviders ( IN UINT8 *IdentityPolicy, IN UINTN IdentityPolicyLen, - IN EFI_USER_PROFILE_HANDLE User + IN EFI_USER_PROFILE_HANDLE User ) { EFI_USER_INFO_IDENTITY_POLICY *Identity; @@ -158,7 +158,7 @@ DeleteCredentialFromProviders ( /** Remove the provider specified by Offset from the new user identification record. - + @param[in] IdentityPolicy Point to user identity item in new identification policy. @param[in] Offset The item offset in the new identification policy. @@ -187,11 +187,11 @@ DeleteProviderFromPolicy ( if ((Offset + IdentityPolicy->Length) != mUserInfo.NewIdentityPolicyLen) { // // This provider is not the last item in the identification policy, delete it and the connector. - // + // RemainingLen = mUserInfo.NewIdentityPolicyLen - Offset - DeleteLen; CopyMem ((UINT8 *) IdentityPolicy, (UINT8 *) IdentityPolicy + DeleteLen, RemainingLen); } - mUserInfo.NewIdentityPolicyLen -= DeleteLen; + mUserInfo.NewIdentityPolicyLen -= DeleteLen; } @@ -201,7 +201,7 @@ DeleteProviderFromPolicy ( It is invoked when 'add option' in UI is pressed. @param[in] NewGuid Points to the credential provider guid. - + **/ VOID AddProviderToPolicy ( @@ -248,7 +248,7 @@ AddProviderToPolicy ( NewPolicyInfoLen = mUserInfo.NewIdentityPolicyLen + Policy->Length; FreePool (mUserInfo.NewIdentityPolicy); } - + // // Save credential provider. // @@ -325,7 +325,7 @@ UpdateCredentialProvider ( @retval TRUE The policy is a valid identity policy. @retval FALSE The policy is not a valid identity policy. - + **/ BOOLEAN CheckNewIdentityPolicy ( @@ -337,7 +337,7 @@ CheckNewIdentityPolicy ( EFI_INPUT_KEY Key; UINTN Offset; UINT32 OpCode; - + // // Check policy expression. // @@ -349,7 +349,7 @@ CheckNewIdentityPolicy ( // Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (PolicyInfo + Offset); switch (Identity->Type) { - + case EFI_USER_INFO_IDENTITY_TRUE: break; @@ -408,11 +408,11 @@ CheckNewIdentityPolicy ( /** Save the identity policy and update UI with it. - - This function will verify the new identity policy, in current implementation, + + This function will verify the new identity policy, in current implementation, the identity policy can be: T, P & P & P & ..., P | P | P | ... Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or". - Other identity policies are not supported. + Other identity policies are not supported. **/ VOID @@ -439,7 +439,7 @@ SaveIdentityPolicy ( if (EFI_ERROR (Status)) { return ; } - + // // Update the informantion on credential provider. // @@ -447,7 +447,7 @@ SaveIdentityPolicy ( if (EFI_ERROR (Status)) { return ; } - + // // Save new identification policy. // @@ -461,7 +461,7 @@ SaveIdentityPolicy ( Status = mUserManager->SetInfo (mUserManager, mModifyUser, &UserInfo, Info, Info->InfoSize); FreePool (Info); - + // // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy // @@ -473,7 +473,7 @@ SaveIdentityPolicy ( mUserInfo.NewIdentityPolicy = NULL; mUserInfo.NewIdentityPolicyLen = 0; - mUserInfo.NewIdentityPolicyModified = FALSE; + mUserInfo.NewIdentityPolicyModified = FALSE; // // Update identity policy choice. @@ -494,7 +494,7 @@ AddIdentityPolicyItem ( if (mProviderInfo->Count == 0) { return ; } - + // // Check the identity policy. // diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c index 11233a1509..6de7e75e79 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileAdd.c @@ -1,13 +1,13 @@ /** @file The functions to add a user profile. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -17,11 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /** Get user name from the popup windows. - + @param[in, out] UserNameLen On entry, point to UserName buffer lengh, in bytes. On exit, point to input user name length, in bytes. @param[out] UserName The buffer to hold the input user name. - + @retval EFI_ABORTED It is given up by pressing 'ESC' key. @retval EFI_NOT_READY Not a valid input at all. @retval EFI_SUCCESS Get a user name successfully. @@ -100,7 +100,7 @@ GetUserNameInput ( *UserNameLen = NameLen * sizeof (CHAR16); CopyMem (UserName, Name, *UserNameLen); - + return EFI_SUCCESS; } @@ -112,7 +112,7 @@ GetUserNameInput ( @param[in] UserName Point to the buffer of user name. @retval EFI_NOT_READY The usernme in mAddUserName had been used. - @retval EFI_SUCCESS Change the user's username successfully with + @retval EFI_SUCCESS Change the user's username successfully with username in mAddUserName. **/ @@ -127,13 +127,13 @@ SetUserName ( EFI_USER_INFO_HANDLE UserInfo; EFI_USER_PROFILE_HANDLE TempUser; EFI_USER_INFO *NewUserInfo; - + NewUserInfo = AllocateZeroPool (sizeof (EFI_USER_INFO) + UserNameLen); ASSERT (NewUserInfo != NULL); NewUserInfo->InfoType = EFI_USER_INFO_NAME_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | + NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | + EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; NewUserInfo->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + UserNameLen); CopyMem ((UINT8 *) (NewUserInfo + 1), UserName, UserNameLen); @@ -181,7 +181,7 @@ SetCreateDate ( EFI_USER_INFO_HANDLE UserInfo; EFI_USER_INFO_CREATE_DATE Date; EFI_USER_INFO *NewUserInfo; - + NewUserInfo = AllocateZeroPool ( sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_CREATE_DATE) @@ -189,8 +189,8 @@ SetCreateDate ( ASSERT (NewUserInfo != NULL); NewUserInfo->InfoType = EFI_USER_INFO_CREATE_DATE_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | + NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | + EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_CREATE_DATE); Status = gRT->GetTime (&Date, NULL); @@ -215,7 +215,7 @@ SetCreateDate ( /** Set the default identity policy of the specified user. - @param[in] User Handle of a user profile. + @param[in] User Handle of a user profile. **/ VOID @@ -226,20 +226,20 @@ SetIdentityPolicy ( EFI_USER_INFO_IDENTITY_POLICY *Policy; EFI_USER_INFO_HANDLE UserInfo; EFI_USER_INFO *NewUserInfo; - + NewUserInfo = AllocateZeroPool ( - sizeof (EFI_USER_INFO) + + sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_IDENTITY_POLICY) ); ASSERT (NewUserInfo != NULL); - + Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (NewUserInfo + 1); Policy->Type = EFI_USER_INFO_IDENTITY_TRUE; Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); NewUserInfo->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | + NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | + EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Policy->Length; UserInfo = NULL; @@ -257,7 +257,7 @@ SetIdentityPolicy ( /** Set the default access policy of the specified user. - @param[in] User Handle of a user profile. + @param[in] User Handle of a user profile. **/ VOID @@ -268,20 +268,20 @@ SetAccessPolicy ( EFI_USER_INFO_ACCESS_CONTROL *Control; EFI_USER_INFO_HANDLE UserInfo; EFI_USER_INFO *NewUserInfo; - + NewUserInfo = AllocateZeroPool ( - sizeof (EFI_USER_INFO) + + sizeof (EFI_USER_INFO) + sizeof (EFI_USER_INFO_ACCESS_CONTROL) ); ASSERT (NewUserInfo != NULL); - + Control = (EFI_USER_INFO_ACCESS_CONTROL *) (NewUserInfo + 1); Control->Type = EFI_USER_INFO_ACCESS_ENROLL_SELF; Control->Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); NewUserInfo->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; - NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | + NewUserInfo->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | + EFI_USER_INFO_PUBLIC | EFI_USER_INFO_EXCLUSIVE; NewUserInfo->InfoSize = sizeof (EFI_USER_INFO) + Control->Size; UserInfo = NULL; @@ -315,7 +315,7 @@ CallAddUser ( QuestionStr = NULL; PromptStr = NULL; - + // // Get user name to add. // @@ -324,7 +324,7 @@ CallAddUser ( if (EFI_ERROR (Status)) { if (Status != EFI_ABORTED) { QuestionStr = GetStringById (STRING_TOKEN (STR_GET_USERNAME_FAILED)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); + PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); goto Done; } return ; @@ -337,7 +337,7 @@ CallAddUser ( Status = mUserManager->Create (mUserManager, &User); if (EFI_ERROR (Status)) { QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_FAILED)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); + PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); } else { // // Add default user information. @@ -345,7 +345,7 @@ CallAddUser ( Status = SetUserName (User, UserNameLen, UserName); if (EFI_ERROR (Status)) { QuestionStr = GetStringById (STRING_TOKEN (STR_USER_ALREADY_EXISTED)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); + PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); goto Done; } @@ -354,7 +354,7 @@ CallAddUser ( SetAccessPolicy (User); QuestionStr = GetStringById (STRING_TOKEN (STR_CREATE_PROFILE_SUCCESS)); - PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); + PromptStr = GetStringById (STRING_TOKEN (STR_STROKE_KEY_CONTINUE)); } Done: diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c index 8be302e1cc..af5d3109dd 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileDelete.c @@ -1,13 +1,13 @@ /** @file The functions to delete a user profile. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -17,12 +17,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /** Get the username from the specified user. - @param[in] User Handle of a user profile. + @param[in] User Handle of a user profile. @retval EFI_STRING_ID The String Id of the user's username. **/ -EFI_STRING_ID +EFI_STRING_ID GetUserName ( IN EFI_USER_PROFILE_HANDLE User ) @@ -35,14 +35,14 @@ GetUserName ( UINTN NameLen; CHAR16 UserName[USER_NAME_LENGTH]; EFI_STRING_ID UserId; - + // // Allocate user information memory. // MemSize = sizeof (EFI_USER_INFO) + 63; Info = AllocateZeroPool (MemSize); ASSERT (Info != NULL); - + // // Get user name information. // @@ -116,7 +116,7 @@ GetUserName ( /** Add a username item in form. - @param[in] User Points to the user profile whose username is added. + @param[in] User Points to the user profile whose username is added. @param[in] Index The index of the user in the user name list @param[in] OpCodeHandle Points to container for dynamic created opcodes. @@ -137,7 +137,7 @@ AddUserToForm ( if (NameId == 0) { return ; } - + // // Create user name option. // @@ -173,7 +173,7 @@ AddUserToForm ( /** Delete the user specified by UserIndex in user profile database. - @param[in] UserIndex The index of user in the user name list + @param[in] UserIndex The index of user in the user name list to be deleted. **/ @@ -197,7 +197,7 @@ DeleteUser ( if (EFI_ERROR (Status)) { goto Done; } - + while (UserIndex > 1) { Status = mUserManager->GetNext (mUserManager, &User); if (EFI_ERROR (Status)) { @@ -232,7 +232,7 @@ DeleteUser ( ASSERT (Info != NULL); DeleteCredentialFromProviders ((UINT8 *)(Info + 1), Info->InfoSize - sizeof (EFI_USER_INFO), User); FreePool (Info); - + Status = mUserManager->Delete (mUserManager, User); if (EFI_ERROR (Status)) { goto Done; @@ -245,7 +245,7 @@ DeleteUser ( L"Please Press Any Key to Continue ...", NULL ); - return ; + return ; } Done: diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c index b84f2cdf9c..e73ba3a8fc 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.c @@ -1,17 +1,17 @@ /** @file - This driver is a configuration tool for adding, deleting or modifying user - profiles, including gathering the necessary information to ascertain their - identity in the future, updating user access policy and identification + This driver is a configuration tool for adding, deleting or modifying user + profiles, including gathering the necessary information to ascertain their + identity in the future, updating user access policy and identification policy, etc. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -71,12 +71,12 @@ GetStringById ( /** - This function gets all the credential providers in the system and saved them + This function gets all the credential providers in the system and saved them to mProviderInfo. @retval EFI_SUCESS Init credential provider database successfully. @retval Others Fail to init credential provider database. - + **/ EFI_STATUS InitProviderInfo ( @@ -86,8 +86,8 @@ InitProviderInfo ( EFI_STATUS Status; UINTN HandleCount; EFI_HANDLE *HandleBuf; - UINTN Index; - + UINTN Index; + // // Try to find all the user credential provider driver. // @@ -103,7 +103,7 @@ InitProviderInfo ( if (EFI_ERROR (Status)) { return Status; } - + // // Get provider infomation. // @@ -111,7 +111,7 @@ InitProviderInfo ( FreePool (mProviderInfo); } mProviderInfo = AllocateZeroPool ( - sizeof (CREDENTIAL_PROVIDER_INFO) - + sizeof (CREDENTIAL_PROVIDER_INFO) - sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) + HandleCount * sizeof (EFI_USER_CREDENTIAL2_PROTOCOL *) ); @@ -192,7 +192,7 @@ UserProfileManagerCallback ( if (QuestionId != QUESTIONID_USER_MANAGE) { return EFI_SUCCESS; } - + // // Get current user // @@ -202,7 +202,7 @@ UserProfileManagerCallback ( DEBUG ((DEBUG_ERROR, "Error: current user does not exist!\n")); return EFI_NOT_READY; } - + // // Get current user's right information. // @@ -210,7 +210,7 @@ UserProfileManagerCallback ( if (EFI_ERROR (Status)) { CurrentAccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; } - + // // Init credential provider information. // @@ -218,16 +218,16 @@ UserProfileManagerCallback ( if (EFI_ERROR (Status)) { return Status; } - + // // Initialize the container for dynamic opcodes. // StartOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (StartOpCodeHandle != NULL); - + EndOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (EndOpCodeHandle != NULL); - + // // Create Hii Extend Label OpCode. // @@ -239,7 +239,7 @@ UserProfileManagerCallback ( ); StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; StartLabel->Number = LABEL_USER_MANAGE_FUNC; - + EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( EndOpCodeHandle, &gEfiIfrTianoGuid, @@ -248,7 +248,7 @@ UserProfileManagerCallback ( ); EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; EndLabel->Number = LABEL_END; - + // // Add user profile option. // @@ -264,7 +264,7 @@ UserProfileManagerCallback ( 0 // Action String ID ); } - + // // Add modify user profile option. // @@ -276,7 +276,7 @@ UserProfileManagerCallback ( EFI_IFR_FLAG_CALLBACK, // Question flag KEY_MODIFY_USER // Question ID ); - + // // Add delete user profile option // @@ -290,7 +290,7 @@ UserProfileManagerCallback ( KEY_DEL_USER // Question ID ); } - + HiiUpdateForm ( mCallbackInfo->HiiHandle, // HII handle &gUserProfileManagerGuid, // Formset GUID @@ -298,10 +298,10 @@ UserProfileManagerCallback ( StartOpCodeHandle, // Label for where to insert opcodes EndOpCodeHandle // Replace data ); - + HiiFreeOpCodeHandle (StartOpCodeHandle); HiiFreeOpCodeHandle (EndOpCodeHandle); - + return EFI_SUCCESS; } break; @@ -311,14 +311,14 @@ UserProfileManagerCallback ( break; case EFI_BROWSER_ACTION_CHANGED: - { + { // // Handle the request from form. // if ((Value == NULL) || (ActionRequest == NULL)) { return EFI_INVALID_PARAMETER; } - + // // Judge first 2 bits. // @@ -392,7 +392,7 @@ UserProfileManagerCallback ( // // Change credential provider option. // - case KEY_MODIFY_PROV: + case KEY_MODIFY_PROV: mProviderChoice = Value->u8; break; @@ -556,14 +556,14 @@ UserProfileManagerCallback ( case EFI_BROWSER_ACTION_CHANGING: - { + { // // Handle the request from form. // if (Value == NULL) { return EFI_INVALID_PARAMETER; } - + // // Judge first 2 bits. // @@ -666,19 +666,19 @@ UserProfileManagerCallback ( case KEY_PERMIT_MODIFY: DisplayLoadPermit (); break; - + // // Forbid load device path. // case KEY_FORBID_MODIFY: DisplayLoadForbid (); break; - + default: break; } break; - + // // Connect device path form. // @@ -693,14 +693,14 @@ UserProfileManagerCallback ( case KEY_PERMIT_MODIFY: DisplayConnectPermit (); break; - + // // Forbid connect device path. // case KEY_FORBID_MODIFY: DisplayConnectForbid (); break; - + default: break; } @@ -839,7 +839,7 @@ UserProfileManagerInit ( if (EFI_ERROR (Status)) { return EFI_SUCCESS; } - + // // Initialize driver private data. // @@ -847,14 +847,14 @@ UserProfileManagerInit ( ZeroMem (&mAccessInfo, sizeof (mAccessInfo)); CallbackInfo = AllocateZeroPool (sizeof (USER_PROFILE_MANAGER_CALLBACK_INFO)); - ASSERT (CallbackInfo != NULL); + ASSERT (CallbackInfo != NULL); CallbackInfo->Signature = USER_PROFILE_MANAGER_SIGNATURE; CallbackInfo->ConfigAccess.ExtractConfig = FakeExtractConfig; CallbackInfo->ConfigAccess.RouteConfig = FakeRouteConfig; CallbackInfo->ConfigAccess.Callback = UserProfileManagerCallback; CallbackInfo->DriverHandle = NULL; - + // // Install Device Path Protocol and Config Access protocol to driver handle. // @@ -878,10 +878,10 @@ UserProfileManagerInit ( UserProfileManagerVfrBin, NULL ); - ASSERT (CallbackInfo->HiiHandle != NULL); + ASSERT (CallbackInfo->HiiHandle != NULL); mCallbackInfo = CallbackInfo; return Status; } - + diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h index 5ab5457a8f..aff1e28d9d 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManager.h @@ -1,13 +1,13 @@ /** @file The header file for user profile manager driver. - -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -55,7 +55,7 @@ typedef struct { EFI_TIME UsageDate; UINTN AccessPolicyLen; UINTN IdentityPolicyLen; - UINTN NewIdentityPolicyLen; + UINTN NewIdentityPolicyLen; UINT8 *AccessPolicy; UINT8 *IdentityPolicy; UINT8 *NewIdentityPolicy; @@ -197,7 +197,7 @@ DeleteUser ( /** Add a username item in form. - @param[in] User Points to the user profile whose username is added. + @param[in] User Points to the user profile whose username is added. @param[in] Index The index of the user in the user name list. @param[in] OpCodeHandle Points to container for dynamic created opcodes. @@ -216,7 +216,7 @@ AddUserToForm ( and access policy are displayed. @param[in] UserIndex The index of the user in display list to modify. - + **/ VOID ModifyUserInfo ( @@ -224,7 +224,7 @@ ModifyUserInfo ( ); /** - Get the username from user input and update username string in Hii + Get the username from user input and update username string in Hii database with it. **/ @@ -253,11 +253,11 @@ AddIdentityPolicyItem ( /** Save the identity policy and update UI with it. - - This function will verify the new identity policy, in current implementation, + + This function will verify the new identity policy, in current implementation, the identity policy can be: T, P & P & P & ..., P | P | P | ... Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or". - Other identity policies are not supported. + Other identity policies are not supported. **/ VOID @@ -270,7 +270,7 @@ SaveIdentityPolicy ( In this form, access right, access setu,p and access boot order are dynamically added. Load devicepath and connect devicepath are displayed too. - + **/ VOID ModidyAccessPolicy ( @@ -278,7 +278,7 @@ ModidyAccessPolicy ( ); /** - Collect all the access policy data to mUserInfo.AccessPolicy, + Collect all the access policy data to mUserInfo.AccessPolicy, and save it to user profile. **/ @@ -338,23 +338,23 @@ DisplayConnectForbid ( ); /** - Delete the specified device path by DriverIndex from the forbid device path + Delete the specified device path by DriverIndex from the forbid device path list (mAccessInfo.LoadForbid). @param[in] DriverIndex The index of driver in a forbidden device path list. - + **/ VOID DeleteFromForbidLoad ( IN UINT16 DriverIndex ); - + /** - Add the specified device path by DriverIndex to the forbid device path + Add the specified device path by DriverIndex to the forbid device path list (mAccessInfo.LoadForbid). @param[in] DriverIndex The index of driver saved in driver options. - + **/ VOID AddToForbidLoad ( @@ -363,11 +363,11 @@ AddToForbidLoad ( /** Get user name from the popup windows. - + @param[in, out] UserNameLen On entry, point to the buffer lengh of UserName. On exit, point to the input user name length. @param[out] UserName The buffer to hold the input user name. - + @retval EFI_ABORTED It is given up by pressing 'ESC' key. @retval EFI_NOT_READY Not a valid input at all. @retval EFI_SUCCESS Get a user name successfully. @@ -385,7 +385,7 @@ GetUserNameInput ( @param[in] User Handle of the user whose information will be searched. @param[in] InfoType The user information type to find. @param[out] UserInfo Points to user information handle found. - + @retval EFI_SUCCESS Find the user information successfully. @retval Others Fail to find the user information. @@ -418,7 +418,7 @@ ResolveIdentityPolicy ( @param[in] ValidLen The valid access policy length. @param[in] ExpandLen The length that is needed to expand. - + **/ VOID ExpandMemory ( @@ -428,7 +428,7 @@ ExpandMemory ( /** Delete User's credental from all the providers that exist in User's identity policy. - + @param[in] IdentityPolicy Point to User's identity policy. @param[in] IdentityPolicyLen The length of the identity policy. @param[in] User Points to user profile. @@ -438,7 +438,7 @@ VOID DeleteCredentialFromProviders ( IN UINT8 *IdentityPolicy, IN UINTN IdentityPolicyLen, - IN EFI_USER_PROFILE_HANDLE User + IN EFI_USER_PROFILE_HANDLE User ); - + #endif diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h index 4548c758b5..a83caac9ba 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerData.h @@ -1,13 +1,13 @@ /** @file The form data for user profile manager driver. - -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -47,7 +47,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define LABEL_END 0x00F0 // -// First form key (Add/modify/del user profile). +// First form key (Add/modify/del user profile). // First 2 bits (bit 16~15). // #define KEY_MODIFY_USER 0x4000 @@ -77,7 +77,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // // Specified key, used in VFR (KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_NAME). // -#define KEY_MODIFY_USER_NAME 0x5200 +#define KEY_MODIFY_USER_NAME 0x5200 // // Modify identity policy form key. @@ -134,7 +134,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // // Device path modify key. // 2 bits (bit 12~11). -// +// #define KEY_LOAD_PERMIT_MODIFY 0x0000 #define KEY_LOAD_FORBID_MODIFY 0x0400 #define KEY_CONNECT_PERMIT_MODIFY 0x0800 diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf index 619b2dd9f0..cdd97731b2 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf @@ -4,7 +4,7 @@ # By this module, user can add/update/delete user profiles, and can also # modify the user access policy and the user identification policy. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -50,7 +50,7 @@ HiiLib UefiLib DevicePathLib - + [Guids] gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID gEfiUserInfoAccessSetupAdminGuid ## SOMETIMES_CONSUMES ## GUID @@ -66,7 +66,7 @@ [Depex] gEfiUserManagerProtocolGuid - + [UserExtensions.TianoCore."ExtraFiles"] UserProfileManagerExtra.uni - \ No newline at end of file + diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni index c96bbeca6a..bf7ac7dc04 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerExtra.uni @@ -1,7 +1,7 @@ // /** @file // UserProfileManager Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "User Profile Manager" diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni index 65f714a5c8..3a003a9883 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerStrings.uni @@ -1,13 +1,13 @@ /** @file String definitions for User Profile Manager driver. -Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -20,139 +20,139 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_FORMSET_TITLE #language en-US "User Manager" #language fr-FR "User Manager(French)" #string STR_TITLE_HELP #language en-US "This selection will take you to the User Manager" - #language fr-FR "This selection will take you to the User Manager(French)" + #language fr-FR "This selection will take you to the User Manager(French)" #string STR_USERMAN_TITLE #language en-US "User Manager" #language fr-FR "User Manager(French)" -#string STR_ADD_USER_TITLE #language en-US "Add User Profile" - #language fr-FR "Add User Profile(French)" -#string STR_ADD_USER_HELP #language en-US "Add User Profile to User Database" - #language fr-FR "Add User Profile to User Database(French)" -#string STR_MODIFY_USER_TITLE #language en-US "Modify User Profile" - #language fr-FR "Modify User Profile(French)" -#string STR_MODIFY_USER_HELP #language en-US "Modify User Profile Information" - #language fr-FR "Modify User Profile Information(French)" -#string STR_DELETE_USER_TITLE #language en-US "Delete User Profile" - #language fr-FR "Delete User Profile(French)" +#string STR_ADD_USER_TITLE #language en-US "Add User Profile" + #language fr-FR "Add User Profile(French)" +#string STR_ADD_USER_HELP #language en-US "Add User Profile to User Database" + #language fr-FR "Add User Profile to User Database(French)" +#string STR_MODIFY_USER_TITLE #language en-US "Modify User Profile" + #language fr-FR "Modify User Profile(French)" +#string STR_MODIFY_USER_HELP #language en-US "Modify User Profile Information" + #language fr-FR "Modify User Profile Information(French)" +#string STR_DELETE_USER_TITLE #language en-US "Delete User Profile" + #language fr-FR "Delete User Profile(French)" #string STR_DELETE_USER_HELP #language en-US "Delete User Profile from User Database" - #language fr-FR "Delete User Profile from User Database(French)" -#string STR_USER_INFO #language en-US "User Profile Information" - #language fr-FR "User Profile Information(French)" -#string STR_USER_NAME #language en-US "User Name" - #language fr-FR "User Name(French)" -#string STR_USER_NAME_VAL #language en-US "" - #language fr-FR "" -#string STR_CREATE_DATE #language en-US "Create Date" - #language fr-FR "Create Date(French)" -#string STR_CREATE_DATE_VAL #language en-US "" - #language fr-FR "" -#string STR_USAGE_DATE #language en-US "Usage Date" - #language fr-FR "Usage Date(French)" -#string STR_USAGE_DATE_VAL #language en-US "" - #language fr-FR "" -#string STR_USAGE_COUNT #language en-US "Usage Count" - #language fr-FR "Usage Count(French)" -#string STR_USAGE_COUNT_VAL #language en-US "" - #language fr-FR "" -#string STR_IDENTIFY_POLICY #language en-US "Identify Policy" - #language fr-FR "Identify Policy(French)" -#string STR_IDENTIFY_POLICY_VAL #language en-US "" - #language fr-FR "" -#string STR_ACCESS_POLICY #language en-US "Access Policy" - #language fr-FR "Access Policy(French)" -#string STR_SAVE #language en-US "Save & Exit" - #language fr-FR "Save & Exit(French)" -#string STR_IDENTIFY_SAVE_HELP #language en-US "Save Identify Policy and Exit" - #language fr-FR "Save Identify Policy and Exit(French)" -#string STR_PROVIDER #language en-US "Credential Provider" - #language fr-FR "Credential Provider(French)" -#string STR_PROVIDER_HELP #language en-US "Select Credential Provider Option" - #language fr-FR "Select Credential Provider Option(French)" -#string STR_OR_CON #language en-US "Or" - #language fr-FR "Or(French)" -#string STR_AND_CON #language en-US "And" - #language fr-FR "And(French)" -#string STR_CONNECTOR #language en-US "Logical Connector" - #language fr-FR "Logical Connector(French)" -#string STR_CONNECTOR_HELP #language en-US "Select Logical Connector Option" - #language fr-FR "Select Logical Connector Option(French)" -#string STR_IDENTIFY_POLICY_VALUE #language en-US "" - #language fr-FR "" + #language fr-FR "Delete User Profile from User Database(French)" +#string STR_USER_INFO #language en-US "User Profile Information" + #language fr-FR "User Profile Information(French)" +#string STR_USER_NAME #language en-US "User Name" + #language fr-FR "User Name(French)" +#string STR_USER_NAME_VAL #language en-US "" + #language fr-FR "" +#string STR_CREATE_DATE #language en-US "Create Date" + #language fr-FR "Create Date(French)" +#string STR_CREATE_DATE_VAL #language en-US "" + #language fr-FR "" +#string STR_USAGE_DATE #language en-US "Usage Date" + #language fr-FR "Usage Date(French)" +#string STR_USAGE_DATE_VAL #language en-US "" + #language fr-FR "" +#string STR_USAGE_COUNT #language en-US "Usage Count" + #language fr-FR "Usage Count(French)" +#string STR_USAGE_COUNT_VAL #language en-US "" + #language fr-FR "" +#string STR_IDENTIFY_POLICY #language en-US "Identify Policy" + #language fr-FR "Identify Policy(French)" +#string STR_IDENTIFY_POLICY_VAL #language en-US "" + #language fr-FR "" +#string STR_ACCESS_POLICY #language en-US "Access Policy" + #language fr-FR "Access Policy(French)" +#string STR_SAVE #language en-US "Save & Exit" + #language fr-FR "Save & Exit(French)" +#string STR_IDENTIFY_SAVE_HELP #language en-US "Save Identify Policy and Exit" + #language fr-FR "Save Identify Policy and Exit(French)" +#string STR_PROVIDER #language en-US "Credential Provider" + #language fr-FR "Credential Provider(French)" +#string STR_PROVIDER_HELP #language en-US "Select Credential Provider Option" + #language fr-FR "Select Credential Provider Option(French)" +#string STR_OR_CON #language en-US "Or" + #language fr-FR "Or(French)" +#string STR_AND_CON #language en-US "And" + #language fr-FR "And(French)" +#string STR_CONNECTOR #language en-US "Logical Connector" + #language fr-FR "Logical Connector(French)" +#string STR_CONNECTOR_HELP #language en-US "Select Logical Connector Option" + #language fr-FR "Select Logical Connector Option(French)" +#string STR_IDENTIFY_POLICY_VALUE #language en-US "" + #language fr-FR "" #string STR_IDENTIFY_POLICY_HELP #language en-US "Current Identify Policy" - #language fr-FR "Current Identify Policy(French)" -#string STR_ADD_OPTION #language en-US "Add Option" - #language fr-FR "Add Option(French)" -#string STR_ADD_OPTION_HELP #language en-US "Add This Option to Identify Policy" - #language fr-FR "Add This Option to Identify Policy(French)" -#string STR_ACCESS_SAVE_HELP #language en-US "Save Access Policy and Exit" - #language fr-FR "Save Access Policy and Exit(French)" -#string STR_ACCESS_RIGHT #language en-US "Access Right" - #language fr-FR "Access Right(French)" -#string STR_ACCESS_RIGHT_HELP #language en-US "Select Access Right Option" - #language fr-FR "Select Access Right Option(French)" -#string STR_NORMAL #language en-US "Normal" - #language fr-FR "Normal(French)" -#string STR_ENROLL #language en-US "Enroll" - #language fr-FR "Enroll(French)" -#string STR_MANAGE #language en-US "Manage" - #language fr-FR "Manage(French)" -#string STR_ACCESS_SETUP #language en-US "Access Setup" - #language fr-FR "Access Setup(French)" -#string STR_ACCESS_SETUP_HELP #language en-US "Select Access Setup Option" - #language fr-FR "Selelct Access Setup Option(French)" -#string STR_RESTRICTED #language en-US "Restricted" - #language fr-FR "Restricted(French)" -#string STR_ADMIN #language en-US "Admin" - #language fr-FR "Admin(French)" -#string STR_BOOR_ORDER #language en-US "Access Boot Order" - #language fr-FR "Access Boot Order(French)" -#string STR_BOOT_ORDER_HELP #language en-US "Select Access Boot Order Option" - #language fr-FR "Select Access Boot Order Option(French)" -#string STR_INSERT #language en-US "Insert" - #language fr-FR "Insert(French)" -#string STR_APPEND #language en-US "Append" - #language fr-FR "Append(French)" -#string STR_REPLACE #language en-US "Replace" - #language fr-FR "Replace(French)" -#string STR_NODEFAULT #language en-US "Nodefault" - #language fr-FR "Nodefault(French)" -#string STR_LOAD #language en-US "Load Device Path" - #language fr-FR "Load Device Path(French)" -#string STR_LOAD_HELP #language en-US "Select Permit/Forbid Load Device Path" - #language fr-FR "Select Permit/Forbid Load Device Path(French)" -#string STR_CONNECT #language en-US "Connect Device Path" - #language fr-FR "Connect Device Path(French)" -#string STR_CONNECT_HELP #language en-US "Select Permit/Forbid Connect Device Path" - #language fr-FR "Select Permit/Forbid Connect Device Path(French)" -#string STR_LOAD_PERMIT #language en-US "Permit Load Device Path" - #language fr-FR "Permit Load Device Path(French)" -#string STR_LOAD_PERMIT_HELP #language en-US "Change Permit Load Device Path to Forbid" - #language fr-FR "Change Permit Load Device Path to Forbid(French)" -#string STR_LOAD_FORBID #language en-US "Forbid Load Device Path" - #language fr-FR "Forbid Load Device Path(French)" -#string STR_LOAD_FORBID_HELP #language en-US "Change Forbid Load Device Path to Permit" - #language fr-FR "Change Forbid Load Device Path to Permit(French)" -#string STR_CONNECT_PERMIT #language en-US "Permit Connect Device Path" - #language fr-FR "Permit Connect Device Path(French)" -#string STR_CONNECT_PERMIT_HELP #language en-US "Change Permit Connect Device Path to Forbid" - #language fr-FR "Change Permit Connect Device Path to Forbid(French)" -#string STR_CONNECT_FORBID #language en-US "Forbid Connect Device Path" - #language fr-FR "Forbid Connect Device Path(French)" -#string STR_CONNECT_FORBID_HELP #language en-US "Change Forbid Connect Device Path to Permit" - #language fr-FR "Change Forbid Connect Device Path to Permit(French)" -#string STR_PRESS_KEY_CONTINUE #language en-US "Press ENTER to Continue, Other Key to Cancel ..." - #language fr-FR "Press ENTER to Continue, Other Key to Cancel ...(French)" -#string STR_MOVE_TO_FORBID_LIST #language en-US "Are You Sure to Move It to Forbid List?" - #language fr-FR "Are You Sure to Move It to Forbid List?(French)" -#string STR_MOVE_TO_PERMIT_LIST #language en-US "Are You Sure to Move It to Permit List?" - #language fr-FR "Are You Sure to Move It to Permit List?(French)" + #language fr-FR "Current Identify Policy(French)" +#string STR_ADD_OPTION #language en-US "Add Option" + #language fr-FR "Add Option(French)" +#string STR_ADD_OPTION_HELP #language en-US "Add This Option to Identify Policy" + #language fr-FR "Add This Option to Identify Policy(French)" +#string STR_ACCESS_SAVE_HELP #language en-US "Save Access Policy and Exit" + #language fr-FR "Save Access Policy and Exit(French)" +#string STR_ACCESS_RIGHT #language en-US "Access Right" + #language fr-FR "Access Right(French)" +#string STR_ACCESS_RIGHT_HELP #language en-US "Select Access Right Option" + #language fr-FR "Select Access Right Option(French)" +#string STR_NORMAL #language en-US "Normal" + #language fr-FR "Normal(French)" +#string STR_ENROLL #language en-US "Enroll" + #language fr-FR "Enroll(French)" +#string STR_MANAGE #language en-US "Manage" + #language fr-FR "Manage(French)" +#string STR_ACCESS_SETUP #language en-US "Access Setup" + #language fr-FR "Access Setup(French)" +#string STR_ACCESS_SETUP_HELP #language en-US "Select Access Setup Option" + #language fr-FR "Selelct Access Setup Option(French)" +#string STR_RESTRICTED #language en-US "Restricted" + #language fr-FR "Restricted(French)" +#string STR_ADMIN #language en-US "Admin" + #language fr-FR "Admin(French)" +#string STR_BOOR_ORDER #language en-US "Access Boot Order" + #language fr-FR "Access Boot Order(French)" +#string STR_BOOT_ORDER_HELP #language en-US "Select Access Boot Order Option" + #language fr-FR "Select Access Boot Order Option(French)" +#string STR_INSERT #language en-US "Insert" + #language fr-FR "Insert(French)" +#string STR_APPEND #language en-US "Append" + #language fr-FR "Append(French)" +#string STR_REPLACE #language en-US "Replace" + #language fr-FR "Replace(French)" +#string STR_NODEFAULT #language en-US "Nodefault" + #language fr-FR "Nodefault(French)" +#string STR_LOAD #language en-US "Load Device Path" + #language fr-FR "Load Device Path(French)" +#string STR_LOAD_HELP #language en-US "Select Permit/Forbid Load Device Path" + #language fr-FR "Select Permit/Forbid Load Device Path(French)" +#string STR_CONNECT #language en-US "Connect Device Path" + #language fr-FR "Connect Device Path(French)" +#string STR_CONNECT_HELP #language en-US "Select Permit/Forbid Connect Device Path" + #language fr-FR "Select Permit/Forbid Connect Device Path(French)" +#string STR_LOAD_PERMIT #language en-US "Permit Load Device Path" + #language fr-FR "Permit Load Device Path(French)" +#string STR_LOAD_PERMIT_HELP #language en-US "Change Permit Load Device Path to Forbid" + #language fr-FR "Change Permit Load Device Path to Forbid(French)" +#string STR_LOAD_FORBID #language en-US "Forbid Load Device Path" + #language fr-FR "Forbid Load Device Path(French)" +#string STR_LOAD_FORBID_HELP #language en-US "Change Forbid Load Device Path to Permit" + #language fr-FR "Change Forbid Load Device Path to Permit(French)" +#string STR_CONNECT_PERMIT #language en-US "Permit Connect Device Path" + #language fr-FR "Permit Connect Device Path(French)" +#string STR_CONNECT_PERMIT_HELP #language en-US "Change Permit Connect Device Path to Forbid" + #language fr-FR "Change Permit Connect Device Path to Forbid(French)" +#string STR_CONNECT_FORBID #language en-US "Forbid Connect Device Path" + #language fr-FR "Forbid Connect Device Path(French)" +#string STR_CONNECT_FORBID_HELP #language en-US "Change Forbid Connect Device Path to Permit" + #language fr-FR "Change Forbid Connect Device Path to Permit(French)" +#string STR_PRESS_KEY_CONTINUE #language en-US "Press ENTER to Continue, Other Key to Cancel ..." + #language fr-FR "Press ENTER to Continue, Other Key to Cancel ...(French)" +#string STR_MOVE_TO_FORBID_LIST #language en-US "Are You Sure to Move It to Forbid List?" + #language fr-FR "Are You Sure to Move It to Forbid List?(French)" +#string STR_MOVE_TO_PERMIT_LIST #language en-US "Are You Sure to Move It to Permit List?" + #language fr-FR "Are You Sure to Move It to Permit List?(French)" #string STR_STROKE_KEY_CONTINUE #language en-US "Please Press Any Key to Continue ..." - #language fr-FR "Please Press Any Key to Continue ... (French)" + #language fr-FR "Please Press Any Key to Continue ... (French)" #string STR_CREATE_PROFILE_FAILED #language en-US "Create New User Profile Failed!" - #language fr-FR "Create New User Profile Failed! (French)" + #language fr-FR "Create New User Profile Failed! (French)" #string STR_CREATE_PROFILE_SUCCESS #language en-US "Create New User Profile Succeed!" - #language fr-FR "Create New User Profile Succeed! (French)" + #language fr-FR "Create New User Profile Succeed! (French)" #string STR_USER_ALREADY_EXISTED #language en-US "User Name Had Already Existed." - #language fr-FR "User Name Had Already Existed. (French)" + #language fr-FR "User Name Had Already Existed. (French)" #string STR_GET_USERNAME_FAILED #language en-US "Failed To Get User Name." - #language fr-FR "Failed To Get User Name. (French)" - + #language fr-FR "Failed To Get User Name. (French)" + diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c index 833307189a..d165e5ae9b 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c @@ -1,13 +1,13 @@ /** @file The functions to modify a user profile. - -Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -127,7 +127,7 @@ GetAllUserInfo ( mUserInfo.CreateDateExist = FALSE; mUserInfo.UsageDateExist = FALSE; mUserInfo.UsageCount = 0; - + mUserInfo.AccessPolicyLen = 0; mUserInfo.AccessPolicyModified = FALSE; if (mUserInfo.AccessPolicy != NULL) { @@ -140,7 +140,7 @@ GetAllUserInfo ( FreePool (mUserInfo.IdentityPolicy); mUserInfo.IdentityPolicy = NULL; } - + // // Allocate user information memory. // @@ -149,7 +149,7 @@ GetAllUserInfo ( if (Info == NULL) { return ; } - + // // Get each user information. // @@ -164,10 +164,10 @@ GetAllUserInfo ( // InfoSize = MemSize; Status = mUserManager->GetInfo ( - mUserManager, - mModifyUser, - UserInfo, - Info, + mUserManager, + mModifyUser, + UserInfo, + Info, &InfoSize ); if (Status == EFI_BUFFER_TOO_SMALL) { @@ -281,12 +281,12 @@ ResolveDate ( UnicodeSPrint ( Str + StrLen (Str), DateBufLen, - L"%2d:%2d:%2d", + L"%2d:%2d:%2d", Date->Hour, Date->Minute, Date->Second ); - + HiiSetString (mCallbackInfo->HiiHandle, DateId, Str, NULL); FreePool (Str); } @@ -308,7 +308,7 @@ ResolveCount ( { CHAR16 Count[10]; - UnicodeSPrint (Count, 20, L"%d", CountVal); + UnicodeSPrint (Count, 20, L"%d", CountVal); HiiSetString (mCallbackInfo->HiiHandle, CountId, Count, NULL); } @@ -318,7 +318,7 @@ ResolveCount ( Unicode string. @param[in, out] Source1 On entry, point to a Null-terminated Unicode string. - On exit, point to a new concatenated Unicode string + On exit, point to a new concatenated Unicode string @param[in] Source2 Pointer to a Null-terminated Unicode string. **/ @@ -380,9 +380,9 @@ ResolveIdentityPolicy ( EFI_STRING_ID ProvId; EFI_HII_HANDLE HiiHandle; EFI_USER_CREDENTIAL2_PROTOCOL *UserCredential; - + TmpStr = NULL; - + // // Resolve each policy. // @@ -413,10 +413,10 @@ ResolveIdentityPolicy ( case EFI_USER_INFO_IDENTITY_CREDENTIAL_TYPE: for (Index = 0; Index < mProviderInfo->Count; Index++) { UserCredential = mProviderInfo->Provider[Index]; - if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Type)) { + if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Type)) { UserCredential->Title ( - UserCredential, - &HiiHandle, + UserCredential, + &HiiHandle, &ProvId ); ProvStr = HiiGetString (HiiHandle, ProvId, NULL); @@ -432,7 +432,7 @@ ResolveIdentityPolicy ( case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: for (Index = 0; Index < mProviderInfo->Count; Index++) { UserCredential = mProviderInfo->Provider[Index]; - if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Identifier)) { + if (CompareGuid ((EFI_GUID *) (Identity + 1), &UserCredential->Identifier)) { UserCredential->Title ( UserCredential, &HiiHandle, @@ -466,7 +466,7 @@ ResolveIdentityPolicy ( and access policy. @param[in] UserIndex The index of the user in display list to modify. - + **/ VOID ModifyUserInfo ( @@ -527,7 +527,7 @@ ModifyUserInfo ( } UserIndex--; } - + // // Get user profile information. // @@ -541,7 +541,7 @@ ModifyUserInfo ( mUserInfo.UserName, NULL ); - + // // Update create date. // @@ -555,7 +555,7 @@ ModifyUserInfo ( NULL ); } - + // // Add usage date. // @@ -569,12 +569,12 @@ ModifyUserInfo ( NULL ); } - + // // Add usage count. // ResolveCount ((UINT32) mUserInfo.UsageCount, STRING_TOKEN (STR_USAGE_COUNT_VAL)); - + // // Add identity policy. // @@ -594,7 +594,7 @@ ModifyUserInfo ( KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_IP // Question ID ); } - + // // Add access policy. // @@ -643,7 +643,7 @@ ResolveAccessPolicy ( UINT8 *AccessData; // - // Set default value + // Set default value // mAccessInfo.AccessRight = EFI_USER_INFO_ACCESS_ENROLL_SELF; mAccessInfo.AccessSetup = ACCESS_SETUP_RESTRICTED; @@ -653,13 +653,13 @@ ResolveAccessPolicy ( mAccessInfo.LoadForbidLen = 0; mAccessInfo.ConnectPermitLen = 0; mAccessInfo.ConnectForbidLen = 0; - + // // Get each user access policy. // OffSet = 0; while (OffSet < mUserInfo.AccessPolicyLen) { - CopyMem (&Control, mUserInfo.AccessPolicy + OffSet, sizeof (Control)); + CopyMem (&Control, mUserInfo.AccessPolicy + OffSet, sizeof (Control)); ValLen = Control.Size - sizeof (Control); switch (Control.Type) { case EFI_USER_INFO_ACCESS_ENROLL_SELF: @@ -754,7 +754,7 @@ ResolveAccessPolicy ( @param[in] User Handle of the user whose information will be searched. @param[in] InfoType The user information type to find. @param[out] UserInfo Points to user information handle found. - + @retval EFI_SUCCESS Find the user information successfully. @retval Others Fail to find the user information. @@ -784,7 +784,7 @@ FindInfoByType ( if (Info == NULL) { return EFI_OUT_OF_RESOURCES; } - + // // Get each user information. // @@ -836,7 +836,7 @@ FindInfoByType ( In this form, access right, access setup and access boot order are dynamically added. Load devicepath and connect devicepath are displayed too. - + **/ VOID ModidyAccessPolicy ( @@ -849,7 +849,7 @@ ModidyAccessPolicy ( EFI_IFR_GUID_LABEL *StartLabel; EFI_IFR_GUID_LABEL *EndLabel; VOID *DefaultOpCodeHandle; - + // // Initialize the container for dynamic opcodes. // @@ -893,7 +893,7 @@ ModidyAccessPolicy ( ASSERT (OptionsOpCodeHandle != NULL); DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (DefaultOpCodeHandle != NULL); - + HiiCreateOneOfOptionOpCode ( OptionsOpCodeHandle, STRING_TOKEN (STR_NORMAL), @@ -919,12 +919,12 @@ ModidyAccessPolicy ( ); HiiCreateDefaultOpCode ( - DefaultOpCodeHandle, - EFI_HII_DEFAULT_CLASS_STANDARD, - EFI_IFR_NUMERIC_SIZE_1, + DefaultOpCodeHandle, + EFI_HII_DEFAULT_CLASS_STANDARD, + EFI_IFR_NUMERIC_SIZE_1, mAccessInfo.AccessRight ); - + HiiCreateOneOfOpCode ( StartOpCodeHandle, // Container for dynamic created opcodes KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | KEY_MODIFY_RIGHT, // Question ID @@ -948,7 +948,7 @@ ModidyAccessPolicy ( ASSERT (OptionsOpCodeHandle != NULL); DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (DefaultOpCodeHandle != NULL); - + HiiCreateOneOfOptionOpCode ( OptionsOpCodeHandle, STRING_TOKEN (STR_RESTRICTED), @@ -956,7 +956,7 @@ ModidyAccessPolicy ( EFI_IFR_NUMERIC_SIZE_1, ACCESS_SETUP_RESTRICTED ); - + HiiCreateOneOfOptionOpCode ( OptionsOpCodeHandle, STRING_TOKEN (STR_NORMAL), @@ -974,11 +974,11 @@ ModidyAccessPolicy ( ); HiiCreateDefaultOpCode ( - DefaultOpCodeHandle, - EFI_HII_DEFAULT_CLASS_STANDARD, - EFI_IFR_NUMERIC_SIZE_1, + DefaultOpCodeHandle, + EFI_HII_DEFAULT_CLASS_STANDARD, + EFI_IFR_NUMERIC_SIZE_1, mAccessInfo.AccessSetup - ); + ); HiiCreateOneOfOpCode ( StartOpCodeHandle, // Container for dynamic created opcodes @@ -994,7 +994,7 @@ ModidyAccessPolicy ( ); HiiFreeOpCodeHandle (DefaultOpCodeHandle); HiiFreeOpCodeHandle (OptionsOpCodeHandle); - + // // Add boot order one-of-code. // @@ -1002,7 +1002,7 @@ ModidyAccessPolicy ( ASSERT (OptionsOpCodeHandle != NULL); DefaultOpCodeHandle = HiiAllocateOpCodeHandle (); ASSERT (DefaultOpCodeHandle != NULL); - + HiiCreateOneOfOptionOpCode ( OptionsOpCodeHandle, STRING_TOKEN (STR_INSERT), @@ -1026,7 +1026,7 @@ ModidyAccessPolicy ( EFI_IFR_NUMERIC_SIZE_4, EFI_USER_INFO_ACCESS_BOOT_ORDER_REPLACE ); - + HiiCreateOneOfOptionOpCode ( OptionsOpCodeHandle, STRING_TOKEN (STR_NODEFAULT), @@ -1036,12 +1036,12 @@ ModidyAccessPolicy ( ); HiiCreateDefaultOpCode ( - DefaultOpCodeHandle, - EFI_HII_DEFAULT_CLASS_STANDARD, - EFI_IFR_NUMERIC_SIZE_4, + DefaultOpCodeHandle, + EFI_HII_DEFAULT_CLASS_STANDARD, + EFI_IFR_NUMERIC_SIZE_4, mAccessInfo.AccessBootOrder ); - + HiiCreateOneOfOpCode ( StartOpCodeHandle, // Container for dynamic created opcodes KEY_MODIFY_USER | KEY_SELECT_USER | KEY_MODIFY_AP | KEY_MODIFY_BOOT, // Question ID @@ -1054,7 +1054,7 @@ ModidyAccessPolicy ( OptionsOpCodeHandle, // Option Opcode list DefaultOpCodeHandle // Default Opcode ); - HiiFreeOpCodeHandle (DefaultOpCodeHandle); + HiiFreeOpCodeHandle (DefaultOpCodeHandle); HiiFreeOpCodeHandle (OptionsOpCodeHandle); // @@ -1078,7 +1078,7 @@ ModidyAccessPolicy ( @param[in] ValidLen The valid access policy length. @param[in] ExpandLen The length that is needed to expand. - + **/ VOID ExpandMemory ( @@ -1107,7 +1107,7 @@ ExpandMemory ( /** - Get the username from user input, and update username string in the Hii + Get the username from user input, and update username string in the Hii database with it. **/ @@ -1142,7 +1142,7 @@ ModifyUserName ( } return ; } - + // // Check whether the username had been used or not. // @@ -1178,15 +1178,15 @@ ModifyUserName ( FreePool (Info); return ; } - + // // Update username display in the form. // CopyMem (mUserInfo.UserName, UserName, Len); HiiSetString ( - mCallbackInfo->HiiHandle, - STRING_TOKEN (STR_USER_NAME_VAL), - mUserInfo.UserName, + mCallbackInfo->HiiHandle, + STRING_TOKEN (STR_USER_NAME_VAL), + mUserInfo.UserName, NULL ); @@ -1303,7 +1303,7 @@ ModifyIdentityPolicy ( HiiFreeOpCodeHandle (OptionsOpCodeHandle); } - + // // Add logical connector Option OpCode. // @@ -1345,8 +1345,8 @@ ModifyIdentityPolicy ( // Update identity policy in the form. // ResolveIdentityPolicy ( - mUserInfo.IdentityPolicy, - mUserInfo.IdentityPolicyLen, + mUserInfo.IdentityPolicy, + mUserInfo.IdentityPolicyLen, STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE) ); @@ -1404,7 +1404,7 @@ GetAccessRight ( if (Info == NULL) { return EFI_OUT_OF_RESOURCES; } - + // // Get user access information. // @@ -1445,7 +1445,7 @@ GetAccessRight ( if (EFI_ERROR (Status)) { break; } - + // // Check user information. // diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c index 490a8b3417..87994587da 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c @@ -2,13 +2,13 @@ Implement authentication services for the authenticated variable service in UEFI2.2. -Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -61,13 +61,13 @@ AutenticatedVariableServiceInitialize ( mVariableModuleGlobal->HashContext[Physical] = AllocateRuntimePool (CtxSize); ASSERT (mVariableModuleGlobal->HashContext[Physical] != NULL); // - // Check "AuthVarKeyDatabase" variable's existence. - // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. + // Check "AuthVarKeyDatabase" variable's existence. + // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. // Status = FindVariable ( - mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB], - &gEfiAuthenticatedVariableGuid, - &Variable, + mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB], + &gEfiAuthenticatedVariableGuid, + &Variable, &mVariableModuleGlobal->VariableGlobal[Physical], mVariableModuleGlobal->FvbInstance ); @@ -96,10 +96,10 @@ AutenticatedVariableServiceInitialize ( // Load database in global variable for cache. // Valid = IsValidVariableHeader ( - Variable.CurrPtr, - Variable.Volatile, - &mVariableModuleGlobal->VariableGlobal[Physical], - mVariableModuleGlobal->FvbInstance, + Variable.CurrPtr, + Variable.Volatile, + &mVariableModuleGlobal->VariableGlobal[Physical], + mVariableModuleGlobal->FvbInstance, &VariableHeader ); ASSERT (Valid); @@ -117,23 +117,23 @@ AutenticatedVariableServiceInitialize ( mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE); } // - // Check "SetupMode" variable's existence. + // Check "SetupMode" variable's existence. // If it doesn't exist, check PK database's existence to determine the value. - // Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. + // Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. // Status = FindVariable ( - mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE], - &gEfiGlobalVariableGuid, - &Variable, + mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE], + &gEfiGlobalVariableGuid, + &Variable, &mVariableModuleGlobal->VariableGlobal[Physical], mVariableModuleGlobal->FvbInstance ); if (Variable.CurrPtr == 0x0) { Status = FindVariable ( - mVariableModuleGlobal->VariableName[Physical][VAR_PLATFORM_KEY], - &gEfiGlobalVariableGuid, - &Variable, + mVariableModuleGlobal->VariableName[Physical][VAR_PLATFORM_KEY], + &gEfiGlobalVariableGuid, + &Variable, &mVariableModuleGlobal->VariableGlobal[Physical], mVariableModuleGlobal->FvbInstance ); @@ -169,13 +169,13 @@ AutenticatedVariableServiceInitialize ( ); } // - // Check "SignatureSupport" variable's existence. - // If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. + // Check "SignatureSupport" variable's existence. + // If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. // Status = FindVariable ( - EFI_SIGNATURE_SUPPORT_NAME, - &gEfiGlobalVariableGuid, - &Variable, + EFI_SIGNATURE_SUPPORT_NAME, + &gEfiGlobalVariableGuid, + &Variable, &mVariableModuleGlobal->VariableGlobal[Physical], mVariableModuleGlobal->FvbInstance ); @@ -364,7 +364,7 @@ VerifyDataPayload ( // Rsa = RsaNew (); ASSERT (Rsa != NULL); - // + // // Set RSA Key Components. // NOTE: Only N and E are needed to be set as RSA public key for signature verification. // @@ -380,10 +380,10 @@ VerifyDataPayload ( // Verify the signature. // Status = RsaPkcs1Verify ( - Rsa, - Digest, - SHA256_DIGEST_SIZE, - CertBlock->Signature, + Rsa, + Digest, + SHA256_DIGEST_SIZE, + CertBlock->Signature, EFI_CERT_TYPE_RSA2048_SHA256_SIZE ); @@ -419,9 +419,9 @@ UpdatePlatformMode ( UINT32 VarAttr; Status = FindVariable ( - Global->VariableName[VirtualMode][VAR_SETUP_MODE], - Global->GlobalVariableGuid[VirtualMode], - &Variable, + Global->VariableName[VirtualMode][VAR_SETUP_MODE], + Global->GlobalVariableGuid[VirtualMode], + &Variable, &Global->VariableGlobal[VirtualMode], Global->FvbInstance ); @@ -459,8 +459,8 @@ UpdatePlatformMode ( @param[in] IsPk Indicates whether to process pk. @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation - check carried out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. @retval EFI_SUCCESS The variable passed validation successfully. **/ @@ -507,10 +507,10 @@ ProcessVarWithPk ( if (Variable->CurrPtr != 0x0) { Valid = IsValidVariableHeader ( - Variable->CurrPtr, - Variable->Volatile, - &Global->VariableGlobal[VirtualMode], - Global->FvbInstance, + Variable->CurrPtr, + Variable->Volatile, + &Global->VariableGlobal[VirtualMode], + Global->FvbInstance, &VariableHeader ); ASSERT (Valid); @@ -526,9 +526,9 @@ ProcessVarWithPk ( // Get platform key from variable. // Status = FindVariable ( - Global->VariableName[VirtualMode][VAR_PLATFORM_KEY], - Global->GlobalVariableGuid[VirtualMode], - &PkVariable, + Global->VariableName[VirtualMode][VAR_PLATFORM_KEY], + Global->GlobalVariableGuid[VirtualMode], + &PkVariable, &Global->VariableGlobal[VirtualMode], Global->FvbInstance ); @@ -548,14 +548,14 @@ ProcessVarWithPk ( Status = VerifyDataPayload (VirtualMode, Global, Data, DataSize, OldPkData->SignatureData); if (!EFI_ERROR (Status)) { Status = UpdateVariable ( - VariableName, - VendorGuid, - (UINT8*)Data + AUTHINFO_SIZE, - DataSize - AUTHINFO_SIZE, - Attributes, - 0, - CertData->MonotonicCount, - VirtualMode, + VariableName, + VendorGuid, + (UINT8*)Data + AUTHINFO_SIZE, + DataSize - AUTHINFO_SIZE, + Attributes, + 0, + CertData->MonotonicCount, + VirtualMode, Global, Variable ); @@ -596,8 +596,8 @@ ProcessVarWithPk ( @param[in] Attributes The attribute value of the variable. @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation - check carried out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation + check carried out by the firmware. @retval EFI_SUCCESS The variable passed validation successfully. **/ @@ -640,10 +640,10 @@ ProcessVarWithKek ( CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData); if (Variable->CurrPtr != 0x0) { Valid = IsValidVariableHeader ( - Variable->CurrPtr, - Variable->Volatile, - &Global->VariableGlobal[VirtualMode], - Global->FvbInstance, + Variable->CurrPtr, + Variable->Volatile, + &Global->VariableGlobal[VirtualMode], + Global->FvbInstance, &VariableHeader ); ASSERT (Valid); @@ -659,9 +659,9 @@ ProcessVarWithKek ( // Get KEK database from variable. // Status = FindVariable ( - Global->VariableName[VirtualMode][VAR_KEY_EXCHANGE_KEY], - Global->GlobalVariableGuid[VirtualMode], - &KekVariable, + Global->VariableName[VirtualMode][VAR_KEY_EXCHANGE_KEY], + Global->GlobalVariableGuid[VirtualMode], + &KekVariable, &Global->VariableGlobal[VirtualMode], Global->FvbInstance ); @@ -698,13 +698,13 @@ ProcessVarWithKek ( Status = VerifyDataPayload (VirtualMode, Global, Data, DataSize, CertBlock->PublicKey); if (!EFI_ERROR (Status)) { Status = UpdateVariable ( - VariableName, - VendorGuid, - (UINT8*)Data + AUTHINFO_SIZE, - DataSize - AUTHINFO_SIZE, - Attributes, - 0, - CertData->MonotonicCount, + VariableName, + VendorGuid, + (UINT8*)Data + AUTHINFO_SIZE, + DataSize - AUTHINFO_SIZE, + Attributes, + 0, + CertData->MonotonicCount, VirtualMode, Global, Variable @@ -715,13 +715,13 @@ ProcessVarWithKek ( // If in setup mode, no authentication needed. // Status = UpdateVariable ( - VariableName, - VendorGuid, - Data, - DataSize, - Attributes, - 0, - 0, + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + 0, + 0, VirtualMode, Global, Variable @@ -748,8 +748,8 @@ ProcessVarWithKek ( @retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS - set, but the AuthInfo does NOT pass the validation - check carried out by the firmware. + set, but the AuthInfo does NOT pass the validation + check carried out by the firmware. @retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully. **/ @@ -789,10 +789,10 @@ VerifyVariable ( ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER)); if (Variable->CurrPtr != 0x0) { Valid = IsValidVariableHeader ( - Variable->CurrPtr, - Variable->Volatile, - &Global->VariableGlobal[VirtualMode], - Global->FvbInstance, + Variable->CurrPtr, + Variable->Volatile, + &Global->VariableGlobal[VirtualMode], + Global->FvbInstance, &VariableHeader ); ASSERT (Valid); @@ -820,7 +820,7 @@ VerifyVariable ( *KeyIndex = VariableHeader.PubKeyIndex; IsFirstTime = FALSE; } - } else if (Valid && (VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) { + } else if (Valid && (VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) { // // If the variable is already write-protected, it always needs authentication before update. // @@ -864,7 +864,7 @@ VerifyVariable ( // return EFI_SECURITY_VIOLATION; } - } + } // // Verify the certificate in Data payload. // diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h index f3e15f61e2..9df3020116 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h @@ -2,13 +2,13 @@ The internal header file includes the common header files, defines internal structure and functions used by AuthService module. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -46,8 +46,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS - set, but the AuthInfo does NOT pass the validation - check carried out by the firmware. + set, but the AuthInfo does NOT pass the validation + check carried out by the firmware. @retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully. **/ @@ -99,8 +99,8 @@ CryptLibraryInitialize ( @param[in] IsPk Indicates whether to process pk. @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation - check carried out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. @retval EFI_SUCCESS The variable passed validation successfully. **/ @@ -131,8 +131,8 @@ ProcessVarWithPk ( @param[in] Attributes The attribute value of the variable. @retval EFI_INVALID_PARAMETER Invalid parameter. - @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation - check carried out by the firmware. + @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. @retval EFI_SUCCESS The variable passed validation successfully. **/ diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf index 16caa30dad..fcfda3d452 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf @@ -4,7 +4,7 @@ # This module installs variable arch protocol and variable write arch protocol to provide # four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -29,7 +29,7 @@ # # VALID_ARCHITECTURES = IPF # -# VIRTUAL_ADDRESS_MAP_CALLBACK = VariableClassAddressChangeEvent +# VIRTUAL_ADDRESS_MAP_CALLBACK = VariableClassAddressChangeEvent # [Sources.common] @@ -73,13 +73,13 @@ ## CONSUMES ## Variable:L"SignatureSupport" ## PRODUCES ## Variable:L"SignatureSupport" gEfiGlobalVariableGuid - + ## PRODUCES ## GUID # Variable store header ## CONSUMES ## GUID # Variable store header ## SOMETIMES_CONSUMES ## HOB ## SOMETIMES_PRODUCES ## SystemTable gEfiAuthenticatedVariableGuid - + gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event gEfiCertRsa2048Sha256Guid ## CONSUMES ## GUID # Unique ID for the format of the CertType. @@ -94,12 +94,12 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES - + [FeaturePcd.common] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. [Depex] - gEfiExtendedSalFvBlockServicesProtocolGuid AND gEfiFaultTolerantWriteProtocolGuid + gEfiExtendedSalFvBlockServicesProtocolGuid AND gEfiFaultTolerantWriteProtocolGuid [UserExtensions.TianoCore."ExtraFiles"] - EsalVariableDxeSalExtra.uni \ No newline at end of file + EsalVariableDxeSalExtra.uni diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSalExtra.uni b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSalExtra.uni index cb65895210..6b3342c806 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSalExtra.uni +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSalExtra.uni @@ -1,7 +1,7 @@ // /** @file // EsalVariableDxeSal Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "Esal Authenticated Variable DXE" diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/InitVariable.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/InitVariable.c index 0f1d645622..a9e739dd25 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/InitVariable.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/InitVariable.c @@ -1,13 +1,13 @@ /** @file Entrypoint of Extended SAL variable service module. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -55,7 +55,7 @@ EsalVariableCommonEntry ( ) { SAL_RETURN_REGS ReturnVal; - + ReturnVal.r9 = 0; ReturnVal.r10 = 0; ReturnVal.r11 = 0; diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Reclaim.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Reclaim.c index 1cbf9ac877..898974cba5 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Reclaim.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Reclaim.c @@ -2,13 +2,13 @@ Handles non-volatile variable store garbage collection, using FTW (Fault Tolerant Write) protocol. -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c index dfa85973f4..b8a0af4b5c 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c @@ -1,13 +1,13 @@ /** @file The implementation of Extended SAL variable services. -Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -162,7 +162,7 @@ AccessVariableStore ( if ((StartAddress + DataSize) > ((UINTN) ((UINT8 *) VolatileBase + VolatileBase->Size))) { return EFI_INVALID_PARAMETER; } - + // // For volatile variable, a simple memory copy is enough. // @@ -181,13 +181,13 @@ AccessVariableStore ( Status = (EFI_STATUS) EsalCall ( EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, - GetPhysicalAddressFunctionId, - Instance, - (UINT64) &FvVolHdr, - 0, - 0, - 0, - 0, + GetPhysicalAddressFunctionId, + Instance, + (UINT64) &FvVolHdr, + 0, + 0, + 0, + 0, 0 ).Status; ASSERT_EFI_ERROR (Status); @@ -199,7 +199,7 @@ AccessVariableStore ( if ((StartAddress + DataSize) > ((EFI_PHYSICAL_ADDRESS) (UINTN) ((CHAR8 *)VariableStoreHeader + VariableStoreHeader->Size))) { return EFI_INVALID_PARAMETER; } - + LinearOffset = (UINTN) FwVolHeader; CurrWritePtr = StartAddress; CurrWriteSize = DataSize; @@ -227,26 +227,26 @@ AccessVariableStore ( Status = (EFI_STATUS) EsalCall ( EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, - WriteFunctionId, - Instance, - LbaNumber, - (CurrWritePtr - LinearOffset), - (UINT64) &CurrWriteSize, - (UINT64) CurrBuffer, - 0, + WriteFunctionId, + Instance, + LbaNumber, + (CurrWritePtr - LinearOffset), + (UINT64) &CurrWriteSize, + (UINT64) CurrBuffer, + 0, 0 ).Status; } else { Status = (EFI_STATUS) EsalCall ( EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, - ReadFunctionId, - Instance, - LbaNumber, - (CurrWritePtr - LinearOffset), - (UINT64) &CurrWriteSize, - (UINT64) CurrBuffer, - 0, + ReadFunctionId, + Instance, + LbaNumber, + (CurrWritePtr - LinearOffset), + (UINT64) &CurrWriteSize, + (UINT64) CurrBuffer, + 0, 0 ).Status; } @@ -260,26 +260,26 @@ AccessVariableStore ( Status = (EFI_STATUS) EsalCall ( EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, - WriteFunctionId, - Instance, - LbaNumber, - (CurrWritePtr - LinearOffset), - (UINT64) &Size, - (UINT64) CurrBuffer, - 0, + WriteFunctionId, + Instance, + LbaNumber, + (CurrWritePtr - LinearOffset), + (UINT64) &Size, + (UINT64) CurrBuffer, + 0, 0 ).Status; } else { Status = (EFI_STATUS) EsalCall ( EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, - ReadFunctionId, - Instance, - LbaNumber, - (CurrWritePtr - LinearOffset), - (UINT64) &Size, - (UINT64) CurrBuffer, - 0, + ReadFunctionId, + Instance, + LbaNumber, + (CurrWritePtr - LinearOffset), + (UINT64) &Size, + (UINT64) CurrBuffer, + 0, 0 ).Status; } @@ -332,7 +332,7 @@ GetVarStoreHeader ( Instance, VarStoreAddress, sizeof (VARIABLE_STORE_HEADER), - VarStoreHeader + VarStoreHeader ); ASSERT_EFI_ERROR (Status); } @@ -372,7 +372,7 @@ IsValidVariableHeader ( Instance, VariableAddress, sizeof (AUTHENTICATED_VARIABLE_HEADER), - &LocalVariableHeader + &LocalVariableHeader ); if (EFI_ERROR (Status) || LocalVariableHeader.StartId != VARIABLE_DATA) { @@ -520,7 +520,7 @@ GetVariableNamePtr ( Instance, Address, VariableHeader.NameSize, - VariableName + VariableName ); ASSERT_EFI_ERROR (Status); } @@ -571,7 +571,7 @@ GetVariableDataPtr ( Instance, Address, VariableHeader.DataSize, - VariableData + VariableData ); ASSERT_EFI_ERROR (Status); } @@ -626,7 +626,7 @@ GetNextVariablePtr ( /** Gets the pointer to the first variable header in given variable store area. - This function gets the pointer to the first variable header in given variable + This function gets the pointer to the first variable header in given variable store area. The variable store area is given by its start address. @param[in] VarStoreHeaderAddress Pointer to the header of variable store area. @@ -675,7 +675,7 @@ GetEndPointer ( Instance, VarStoreHeaderAddress, sizeof (VARIABLE_STORE_HEADER), - &VariableStoreHeader + &VariableStoreHeader ); ASSERT_EFI_ERROR (Status); @@ -685,12 +685,12 @@ GetEndPointer ( /** Updates variable info entry in EFI system table for statistical information. - Routine used to track statistical information about variable usage. + Routine used to track statistical information about variable usage. The data is stored in the EFI system table so it can be accessed later. - VariableInfo.efi can dump out the table. Only Boot Services variable + VariableInfo.efi can dump out the table. Only Boot Services variable accesses are tracked by this code. The PcdVariableCollectStatistics - build flag controls if this feature is enabled. - A read that hits in the cache will have Read and Cache true for + build flag controls if this feature is enabled. + A read that hits in the cache will have Read and Cache true for the transaction. Data is allocated by this routine, but never freed. @@ -742,7 +742,7 @@ UpdateVariableInfo ( gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, gVariableInfo); } - + for (Entry = gVariableInfo; Entry != NULL; Entry = Entry->Next) { if (CompareGuid (VendorGuid, &Entry->VendorGuid)) { if (StrCmp (VariableName, Entry->Name) == 0) { @@ -826,7 +826,7 @@ UpdateVariableCache ( // for (Index = 0, Entry = mVariableCache; Index < sizeof (mVariableCache)/sizeof (VARIABLE_CACHE_ENTRY); Index++, Entry++) { if (CompareGuid (VendorGuid, Entry->Guid)) { - if (StrCmp (VariableName, Entry->Name) == 0) { + if (StrCmp (VariableName, Entry->Name) == 0) { Entry->Attributes = Attributes; if (DataSize == 0) { // @@ -928,7 +928,7 @@ FindVariableInCache ( } } } - + return EFI_NOT_FOUND; } @@ -1003,7 +1003,7 @@ FindVariable ( Volatile = FALSE; } while (IsValidVariableHeader (Variable[Index], Volatile, Global, Instance, &VariableHeader)) { - if (VariableHeader.State == VAR_ADDED || + if (VariableHeader.State == VAR_ADDED || VariableHeader.State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED) ) { if (!EfiAtRuntime () || ((VariableHeader.Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) { @@ -1162,7 +1162,7 @@ Reclaim ( // // Collect VAR_ADDED variables, and variables in delete transition status. // - if (VariableHeader.State == VAR_ADDED || + if (VariableHeader.State == VAR_ADDED || VariableHeader.State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED) ) { VariableSize = NextVariable - Variable; @@ -1173,9 +1173,9 @@ Reclaim ( } // - // Reserve the 1 Bytes with Oxff to identify the - // end of the variable buffer. - // + // Reserve the 1 Bytes with Oxff to identify the + // end of the variable buffer. + // MaximumBufferSize += 1; ValidBuffer = AllocatePool (MaximumBufferSize); if (ValidBuffer == NULL) { @@ -1192,7 +1192,7 @@ Reclaim ( // // Reinstall all ADDED variables - // + // Variable = GetStartPointer (VariableBase); while (IsValidVariableHeader (Variable, IsVolatile, VariableGlobal, Instance, &VariableHeader)) { NextVariable = GetNextVariablePtr (Variable, IsVolatile, VariableGlobal, Instance); @@ -1210,17 +1210,17 @@ Reclaim ( } // // Reinstall in delete transition variables - // + // Variable = GetStartPointer (VariableBase); while (IsValidVariableHeader (Variable, IsVolatile, VariableGlobal, Instance, &VariableHeader)) { NextVariable = GetNextVariablePtr (Variable, IsVolatile, VariableGlobal, Instance); if (VariableHeader.State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { // - // Buffer has cached all ADDED variable. + // Buffer has cached all ADDED variable. // Per IN_DELETED variable, we have to guarantee that - // no ADDED one in previous buffer. - // + // no ADDED one in previous buffer. + // FoundAdded = FALSE; AddedVariable = GetStartPointer ((EFI_PHYSICAL_ADDRESS) ValidBuffer); while (IsValidVariableHeader (AddedVariable, IsVolatile, VariableGlobal, Instance, &AddedVariableHeader)) { @@ -1327,7 +1327,7 @@ GetIndexFromSupportedLangCodes( IN CHAR8 *SupportedLang, IN CHAR8 *Lang, IN BOOLEAN Iso639Language - ) + ) { UINTN Index; UINTN CompareLength; @@ -1362,8 +1362,8 @@ GetIndexFromSupportedLangCodes( // Determine the length of the next language code in SupportedLang // for (CompareLength = 0; SupportedLang[CompareLength] != '\0' && SupportedLang[CompareLength] != ';'; CompareLength++); - - if ((CompareLength == LanguageLength) && + + if ((CompareLength == LanguageLength) && (AsciiStrnCmp (Lang, SupportedLang, CompareLength) == 0)) { // // Successfully find the index of Lang string in SupportedLang string. @@ -1465,10 +1465,10 @@ GetLangFromSupportedLangCodes ( } /** - Returns a pointer to an allocated buffer that contains the best matching language - from a set of supported languages. - - This function supports both ISO 639-2 and RFC 4646 language codes, but language + Returns a pointer to an allocated buffer that contains the best matching language + from a set of supported languages. + + This function supports both ISO 639-2 and RFC 4646 language codes, but language code types may not be mixed in a single call to this function. This function supports a variable argument list that allows the caller to pass in a prioritized list of language codes to test against all the language codes in SupportedLanguages. @@ -1476,37 +1476,37 @@ GetLangFromSupportedLangCodes ( If SupportedLanguages is NULL, then ASSERT(). @param[in] SupportedLanguages A pointer to a Null-terminated ASCII string that - contains a set of language codes in the format + contains a set of language codes in the format specified by Iso639Language. @param[in] Iso639Language If TRUE, then all language codes are assumed to be in ISO 639-2 format. If FALSE, then all language codes are assumed to be in RFC 4646 language format. @param[in] VirtualMode Current calling mode for this function. - @param[in] ... A variable argument list that contains pointers to + @param[in] ... A variable argument list that contains pointers to Null-terminated ASCII strings that contain one or more language codes in the format specified by Iso639Language. The first language code from each of these language code lists is used to determine if it is an exact or - close match to any of the language codes in + close match to any of the language codes in SupportedLanguages. Close matches only apply to RFC 4646 language codes, and the matching algorithm from RFC 4647 - is used to determine if a close match is present. If + is used to determine if a close match is present. If an exact or close match is found, then the matching language code from SupportedLanguages is returned. If no matches are found, then the next variable argument - parameter is evaluated. The variable argument list + parameter is evaluated. The variable argument list is terminated by a NULL. @retval NULL The best matching language could not be found in SupportedLanguages. - @retval NULL There are not enough resources available to return the best matching + @retval NULL There are not enough resources available to return the best matching language. - @retval Other A pointer to a Null-terminated ASCII string that is the best matching + @retval Other A pointer to a Null-terminated ASCII string that is the best matching language in SupportedLanguages. **/ CHAR8 * VariableGetBestLanguage ( - IN CONST CHAR8 *SupportedLanguages, + IN CONST CHAR8 *SupportedLanguages, IN BOOLEAN Iso639Language, IN BOOLEAN VirtualMode, ... @@ -1582,7 +1582,7 @@ VariableGetBestLanguage ( LanguageLength = 0; } else { // - // If RFC 4646 mode, then trim Language from the right to the next '-' character + // If RFC 4646 mode, then trim Language from the right to the next '-' character // for (LanguageLength--; LanguageLength > 0 && Language[LanguageLength] != '-'; LanguageLength--); } @@ -1591,7 +1591,7 @@ VariableGetBestLanguage ( VA_END (Args); // - // No matches were found + // No matches were found // return NULL; } @@ -1664,7 +1664,7 @@ AutoUpdateLangVariable( ASSERT (Global->PlatformLangCodes[VirtualMode] != NULL); // - // PlatformLang holds a single language from PlatformLangCodes, + // PlatformLang holds a single language from PlatformLangCodes, // so the size of PlatformLangCodes is enough for the PlatformLang. // if (Global->PlatformLang[VirtualMode] != NULL) { @@ -1694,7 +1694,7 @@ AutoUpdateLangVariable( ASSERT (Global->LangCodes[VirtualMode] != NULL); } - if (SetLanguageCodes + if (SetLanguageCodes && (Global->PlatformLangCodes[VirtualMode] != NULL) && (Global->LangCodes[VirtualMode] != NULL)) { // @@ -1732,7 +1732,7 @@ AutoUpdateLangVariable( (UINTN) &(((AUTHENTICATED_VARIABLE_HEADER *)Variable.CurrPtr)->DataSize), sizeof (DataSize), &DataSize - ); + ); ASSERT_EFI_ERROR (Status); } @@ -1811,15 +1811,15 @@ AutoUpdateLangVariable( FindVariable (PredefinedVariableName[VAR_PLATFORM_LANG], Global->GlobalVariableGuid[VirtualMode], &Variable, VariableGlobal, Instance); Status = UpdateVariable ( - PredefinedVariableName[VAR_PLATFORM_LANG], - Global->GlobalVariableGuid[VirtualMode], - BestPlatformLang, - AsciiStrSize (BestPlatformLang), - Attributes, + PredefinedVariableName[VAR_PLATFORM_LANG], + Global->GlobalVariableGuid[VirtualMode], + BestPlatformLang, + AsciiStrSize (BestPlatformLang), + Attributes, 0, 0, - VirtualMode, - Global, + VirtualMode, + Global, &Variable ); @@ -1831,7 +1831,7 @@ AutoUpdateLangVariable( } /** - Update the variable region with Variable information. These are the same + Update the variable region with Variable information. These are the same arguments as the EFI Variable services. @param[in] VariableName Name of variable. @@ -1840,7 +1840,7 @@ AutoUpdateLangVariable( @param[in] DataSize Size of data. 0 means delete. @param[in] Attributes Attributes of the variable. @param[in] KeyIndex Index of associated public key. - @param[in] MonotonicCount Value of associated monotonic count. + @param[in] MonotonicCount Value of associated monotonic count. @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. @param[in] Variable The variable information which is used to keep track of variable usage. @@ -1856,7 +1856,7 @@ UpdateVariable ( IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, - IN UINT32 Attributes OPTIONAL, + IN UINT32 Attributes OPTIONAL, IN UINT32 KeyIndex OPTIONAL, IN UINT64 MonotonicCount OPTIONAL, IN BOOLEAN VirtualMode, @@ -1898,11 +1898,11 @@ UpdateVariable ( // Update/Delete existing variable // Volatile = Variable->Volatile; - - if (EfiAtRuntime ()) { + + if (EfiAtRuntime ()) { // - // If EfiAtRuntime and the variable is Volatile and Runtime Access, - // the volatile is ReadOnly, and SetVariable should be aborted and + // If EfiAtRuntime and the variable is Volatile and Runtime Access, + // the volatile is ReadOnly, and SetVariable should be aborted and // return EFI_WRITE_PROTECTED. // if (Variable->Volatile) { @@ -1914,14 +1914,14 @@ UpdateVariable ( // if ((VariableHeader.Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) { Status = EFI_INVALID_PARAMETER; - goto Done; + goto Done; } } // // Setting a data variable with no access, or zero DataSize attributes // specified causes it to be deleted. // - if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) { + if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) { State = VariableHeader.State; State &= VAR_DELETED; @@ -1933,12 +1933,12 @@ UpdateVariable ( (UINTN) &(((AUTHENTICATED_VARIABLE_HEADER *)Variable->CurrPtr)->State), sizeof (UINT8), &State - ); + ); if (!EFI_ERROR (Status)) { UpdateVariableInfo (VariableName, VendorGuid, Volatile, FALSE, FALSE, TRUE, FALSE); UpdateVariableCache (VariableName, VendorGuid, Attributes, DataSize, Data); } - goto Done; + goto Done; } // // Logic comes here to update variable. @@ -1971,25 +1971,25 @@ UpdateVariable ( (UINTN) &(((AUTHENTICATED_VARIABLE_HEADER *)Variable->CurrPtr)->State), sizeof (UINT8), &State - ); + ); if (EFI_ERROR (Status)) { - goto Done; + goto Done; } - } + } } else { // // Create a new variable - // - + // + // // Make sure we are trying to create a new variable. - // Setting a data variable with no access, or zero DataSize attributes means to delete it. + // Setting a data variable with no access, or zero DataSize attributes means to delete it. // if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) { Status = EFI_NOT_FOUND; goto Done; } - + // // Only variable have NV|RT attribute can be created in Runtime // @@ -1997,7 +1997,7 @@ UpdateVariable ( (((Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) || ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0))) { Status = EFI_INVALID_PARAMETER; goto Done; - } + } } // @@ -2050,11 +2050,11 @@ UpdateVariable ( // Create a nonvolatile variable // Volatile = FALSE; - + GetVarStoreHeader (VariableGlobal->NonVolatileVariableBase, FALSE, VariableGlobal, Instance, &VariableStoreHeader); - if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) + if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) && ((HEADER_ALIGN (VarSize) + Global->HwErrVariableTotalSize) > PcdGet32(PcdHwErrStorageSize))) - || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) + || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) && ((HEADER_ALIGN (VarSize) + Global->CommonVariableTotalSize) > VariableStoreHeader.Size - sizeof (VARIABLE_STORE_HEADER) - PcdGet32(PcdHwErrStorageSize)))) { if (EfiAtRuntime ()) { Status = EFI_OUT_OF_RESOURCES; @@ -2072,9 +2072,9 @@ UpdateVariable ( // // If still no enough space, return out of resources // - if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) + if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) && ((HEADER_ALIGN (VarSize) + Global->HwErrVariableTotalSize) > PcdGet32(PcdHwErrStorageSize))) - || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) + || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) && ((HEADER_ALIGN (VarSize) + Global->CommonVariableTotalSize) > VariableStoreHeader.Size - sizeof (VARIABLE_STORE_HEADER) - PcdGet32(PcdHwErrStorageSize)))) { Status = EFI_OUT_OF_RESOURCES; goto Done; @@ -2083,7 +2083,7 @@ UpdateVariable ( // // Four steps // 1. Write variable header - // 2. Set variable state to header valid + // 2. Set variable state to header valid // 3. Write variable data // 4. Set variable state to valid // @@ -2165,7 +2165,7 @@ UpdateVariable ( } else { // // Create a volatile variable - // + // Volatile = TRUE; if ((UINT32) (HEADER_ALIGN(VarSize) + Global->VolatileLastVariableOffset) > @@ -2240,22 +2240,22 @@ Done: This function implements EsalGetVariable function of Extended SAL Variable Services Class. It is equivalent in functionality to the EFI Runtime Service GetVariable(). - + @param[in] VariableName A Null-terminated Unicode string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[out] Attributes If not NULL, a pointer to the memory location to return the + @param[out] Attributes If not NULL, a pointer to the memory location to return the attributes bitmask for the variable. @param[in, out] DataSize Size of Data found. If size is less than the data, this value contains the required size. - @param[out] Data On input, the size in bytes of the return Data buffer. + @param[out] Data On input, the size in bytes of the return Data buffer. On output, the size of data returned in Data. @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. - @retval EFI_SUCCESS The function completed successfully. + @retval EFI_SUCCESS The function completed successfully. @retval EFI_NOT_FOUND The variable was not found. - @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has + @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has been updated with the size needed to complete the request. @retval EFI_INVALID_PARAMETER VariableName is NULL. @retval EFI_INVALID_PARAMETER VendorGuid is NULL. @@ -2349,7 +2349,7 @@ EsalGetVariable ( *DataSize = VarDataSize; UpdateVariableInfo (VariableName, VendorGuid, Variable.Volatile, TRUE, FALSE, FALSE, FALSE); UpdateVariableCache (VariableName, VendorGuid, VariableHeader.Attributes, VarDataSize, Data); - + Status = EFI_SUCCESS; goto Done; } else { @@ -2371,18 +2371,18 @@ Done: This function implements EsalGetNextVariableName function of Extended SAL Variable Services Class. It is equivalent in functionality to the EFI Runtime Service GetNextVariableName(). - + @param[in, out] VariableNameSize Size of the variable @param[in, out] VariableName On input, supplies the last VariableName that was returned by GetNextVariableName(). On output, returns the Null-terminated Unicode string of the current variable. @param[in, out] VendorGuid On input, supplies the last VendorGuid that was returned by GetNextVariableName(). - On output, returns the VendorGuid of the current variable. + On output, returns the VendorGuid of the current variable. @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. - @retval EFI_SUCCESS The function completed successfully. + @retval EFI_SUCCESS The function completed successfully. @retval EFI_NOT_FOUND The next variable was not found. - @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. + @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. VariableNameSize has been updated with the size needed to complete the request. @retval EFI_INVALID_PARAMETER VariableNameSize is NULL. @retval EFI_INVALID_PARAMETER VariableName is NULL. @@ -2512,11 +2512,11 @@ Done: This function implements EsalSetVariable function of Extended SAL Variable Services Class. It is equivalent in functionality to the EFI Runtime Service SetVariable(). - + @param[in] VariableName A Null-terminated Unicode string that is the name of the vendor's - variable. Each VariableName is unique for each - VendorGuid. VariableName must contain 1 or more - Unicode characters. If VariableName is an empty Unicode + variable. Each VariableName is unique for each + VendorGuid. VariableName must contain 1 or more + Unicode characters. If VariableName is an empty Unicode string, then EFI_INVALID_PARAMETER is returned. @param[in] VendorGuid A unique identifier for the vendor. @param[in] Attributes Attributes bitmask to set for the variable. @@ -2526,9 +2526,9 @@ Done: @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. - @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as defined by the Attributes. - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the DataSize exceeds the maximum allowed. @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. @@ -2566,7 +2566,7 @@ EsalSetVariable ( // if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) { return EFI_INVALID_PARAMETER; - } + } if (DataSize != 0 && Data == NULL) { return EFI_INVALID_PARAMETER; @@ -2585,17 +2585,17 @@ EsalSetVariable ( // Try to write Authencated Variable without AuthInfo // return EFI_SECURITY_VIOLATION; - } - PayloadSize = DataSize - AUTHINFO_SIZE; + } + PayloadSize = DataSize - AUTHINFO_SIZE; } else { - PayloadSize = DataSize; + PayloadSize = DataSize; } - + if ((UINTN)(~0) - PayloadSize < StrSize(VariableName)){ // - // Prevent whole variable size overflow - // + // Prevent whole variable size overflow + // return EFI_INVALID_PARAMETER; } @@ -2625,8 +2625,8 @@ EsalSetVariable ( // if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER)) { return EFI_INVALID_PARAMETER; - } - } + } + } AcquireLockOnlyAtBootTime(&VariableGlobal->VariableServicesLock); @@ -2676,31 +2676,31 @@ EsalSetVariable ( // Cut the certificate size before set // Status = UpdateVariable ( - VariableName, - VendorGuid, - (UINT8*)Data + AUTHINFO_SIZE, - DataSize - AUTHINFO_SIZE, - Attributes, - KeyIndex, - MonotonicCount, - VirtualMode, - Global, + VariableName, + VendorGuid, + (UINT8*)Data + AUTHINFO_SIZE, + DataSize - AUTHINFO_SIZE, + Attributes, + KeyIndex, + MonotonicCount, + VirtualMode, + Global, &Variable ); } else { // - // Update variable as usual + // Update variable as usual // Status = UpdateVariable ( - VariableName, - VendorGuid, - Data, - DataSize, - Attributes, - 0, - 0, - VirtualMode, - Global, + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + 0, + 0, + VirtualMode, + Global, &Variable ); } @@ -2720,19 +2720,19 @@ EsalSetVariable ( @param[in] Attributes Attributes bitmask to specify the type of variables on which to return information. - @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for - the EFI variables associated with the attributes specified. - @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI + @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for + the EFI variables associated with the attributes specified. + @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI variables associated with the attributes specified. - @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable + @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable associated with the attributes specified. @param[in] VirtualMode Current calling mode for this function @param[in] Global Context of this Extended SAL Variable Services Class call @retval EFI_SUCCESS Valid answer returned. @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied. - @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the - MaximumVariableStorageSize, RemainingVariableStorageSize, + @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the + MaximumVariableStorageSize, RemainingVariableStorageSize, MaximumVariableSize are undefined. **/ EFI_STATUS @@ -2764,12 +2764,12 @@ EsalQueryVariableInfo ( if(MaximumVariableStorageSize == NULL || RemainingVariableStorageSize == NULL || MaximumVariableSize == NULL || Attributes == 0) { return EFI_INVALID_PARAMETER; } - + if((Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == 0) { // // Make sure the Attributes combination is supported by the platform. // - return EFI_UNSUPPORTED; + return EFI_UNSUPPORTED; } else if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) { // // Make sure if runtime bit is set, boot service bit is set also. @@ -2917,20 +2917,20 @@ ReclaimForOS( UINTN RemainingHwErrVariableSpace; VarSize = ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal[Physical].NonVolatileVariableBase))->Size; - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; // //Allowable max size of common variable storage space // CommonVariableSpace = VarSize - sizeof (VARIABLE_STORE_HEADER) - PcdGet32(PcdHwErrStorageSize); RemainingCommonVariableSpace = CommonVariableSpace - mVariableModuleGlobal->CommonVariableTotalSize; - + RemainingHwErrVariableSpace = PcdGet32 (PcdHwErrStorageSize) - mVariableModuleGlobal->HwErrVariableTotalSize; // // If the free area is below a threshold, then performs reclaim operation. // if ((RemainingCommonVariableSpace < PcdGet32 (PcdMaxVariableSize)) - || ((PcdGet32 (PcdHwErrStorageSize) != 0) && + || ((PcdGet32 (PcdHwErrStorageSize) != 0) && (RemainingHwErrVariableSpace < PcdGet32 (PcdMaxHardwareErrorVariableSize)))){ Status = Reclaim ( mVariableModuleGlobal->VariableGlobal[Physical].NonVolatileVariableBase, @@ -3056,7 +3056,7 @@ VariableCommonInitialize ( // // Note that in EdkII variable driver implementation, Hardware Error Record type variable // is stored with common variable in the same NV region. So the platform integrator should - // ensure that the value of PcdHwErrStorageSize is less than or equal to the value of + // ensure that the value of PcdHwErrStorageSize is less than or equal to the value of // PcdFlashNvStorageVariableSize. // ASSERT (PcdGet32(PcdHwErrStorageSize) <= PcdGet32 (PcdFlashNvStorageVariableSize)); @@ -3133,13 +3133,13 @@ VariableCommonInitialize ( Status = (EFI_STATUS) EsalCall ( EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, - GetPhysicalAddressFunctionId, - Instance, - (UINT64) &FvVolHdr, - 0, - 0, - 0, - 0, + GetPhysicalAddressFunctionId, + Instance, + (UINT64) &FvVolHdr, + 0, + 0, + 0, + 0, 0 ).Status; if (EFI_ERROR (Status)) { @@ -3237,9 +3237,9 @@ VariableCommonInitialize ( // Register the event handling function to reclaim variable for OS usage. // Status = EfiCreateEventReadyToBootEx ( - TPL_NOTIFY, - ReclaimForOS, - NULL, + TPL_NOTIFY, + ReclaimForOS, + NULL, &ReadyToBootEvent ); } else { diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h index b32ef741bf..76d4ac552a 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h @@ -1,13 +1,13 @@ /** @file Internal header file for Extended SAL variable service module. -Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -63,7 +63,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define AUTHVAR_KEYDB_NAME_SIZE 38 /// -/// The maximum size of the public key database, restricted by maximum individal EFI +/// The maximum size of the public key database, restricted by maximum individal EFI /// varible size, and excluding the variable header and name size. /// #define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE) @@ -191,22 +191,22 @@ VariableClassAddressChangeEvent ( This function implements EsalGetVariable function of Extended SAL Variable Services Class. It is equivalent in functionality to the EFI Runtime Service GetVariable(). - + @param[in] VariableName A Null-terminated Unicode string that is the name of the vendor's variable. @param[in] VendorGuid A unique identifier for the vendor. - @param[out] Attributes If not NULL, a pointer to the memory location to return the + @param[out] Attributes If not NULL, a pointer to the memory location to return the attributes bitmask for the variable. @param[in, out] DataSize Size of Data found. If size is less than the data, this value contains the required size. - @param[out] Data On input, the size in bytes of the return Data buffer. + @param[out] Data On input, the size in bytes of the return Data buffer. On output, the size of data returned in Data. @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. - @retval EFI_SUCCESS The function completed successfully. + @retval EFI_SUCCESS The function completed successfully. @retval EFI_NOT_FOUND The variable was not found. - @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has + @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has been updated with the size needed to complete the request. @retval EFI_INVALID_PARAMETER VariableName is NULL. @retval EFI_INVALID_PARAMETER VendorGuid is NULL. @@ -233,18 +233,18 @@ EsalGetVariable ( This function implements EsalGetNextVariableName function of Extended SAL Variable Services Class. It is equivalent in functionality to the EFI Runtime Service GetNextVariableName(). - + @param[in, out] VariableNameSize Size of the variable @param[in, out] VariableName On input, supplies the last VariableName that was returned by GetNextVariableName(). On output, returns the Null-terminated Unicode string of the current variable. @param[in, out] VendorGuid On input, supplies the last VendorGuid that was returned by GetNextVariableName(). - On output, returns the VendorGuid of the current variable. + On output, returns the VendorGuid of the current variable. @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. - @retval EFI_SUCCESS The function completed successfully. + @retval EFI_SUCCESS The function completed successfully. @retval EFI_NOT_FOUND The next variable was not found. - @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. + @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. VariableNameSize has been updated with the size needed to complete the request. @retval EFI_INVALID_PARAMETER VariableNameSize is NULL. @retval EFI_INVALID_PARAMETER VariableName is NULL. @@ -267,11 +267,11 @@ EsalGetNextVariableName ( This function implements EsalSetVariable function of Extended SAL Variable Services Class. It is equivalent in functionality to the EFI Runtime Service SetVariable(). - + @param[in] VariableName A Null-terminated Unicode string that is the name of the vendor's - variable. Each VariableName is unique for each - VendorGuid. VariableName must contain 1 or more - Unicode characters. If VariableName is an empty Unicode + variable. Each VariableName is unique for each + VendorGuid. VariableName must contain 1 or more + Unicode characters. If VariableName is an empty Unicode string, then EFI_INVALID_PARAMETER is returned. @param[in] VendorGuid A unique identifier for the vendor. @param[in] Attributes Attributes bitmask to set for the variable. @@ -281,9 +281,9 @@ EsalGetNextVariableName ( @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. - @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as defined by the Attributes. - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the DataSize exceeds the maximum allowed. @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. @@ -314,19 +314,19 @@ EsalSetVariable ( @param[in] Attributes Attributes bitmask to specify the type of variables on which to return information. - @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for - the EFI variables associated with the attributes specified. - @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI + @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for + the EFI variables associated with the attributes specified. + @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI variables associated with the attributes specified. - @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable + @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable associated with the attributes specified. @param[in] VirtualMode Current calling mode for this function @param[in] Global Context of this Extended SAL Variable Services Class call @retval EFI_SUCCESS Valid answer returned. @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied. - @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the - MaximumVariableStorageSize, RemainingVariableStorageSize, + @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the + MaximumVariableStorageSize, RemainingVariableStorageSize, MaximumVariableSize are undefined. **/ EFI_STATUS @@ -436,7 +436,7 @@ DataSizeOfVariable ( ); /** - Update the variable region with Variable information. These are the same + Update the variable region with Variable information. These are the same arguments as the EFI Variable services. @param[in] VariableName Name of variable. @@ -445,7 +445,7 @@ DataSizeOfVariable ( @param[in] DataSize Size of data. 0 means delete. @param[in] Attributes Attributes of the variable. @param[in] KeyIndex Index of associated public key. - @param[in] MonotonicCount Value of associated monotonic count. + @param[in] MonotonicCount Value of associated monotonic count. @param[in] VirtualMode Current calling mode for this function. @param[in] Global Context of this Extended SAL Variable Services Class call. @param[in] Variable The variable information which is used to keep track of variable usage. @@ -461,7 +461,7 @@ UpdateVariable ( IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, - IN UINT32 Attributes OPTIONAL, + IN UINT32 Attributes OPTIONAL, IN UINT32 KeyIndex OPTIONAL, IN UINT64 MonotonicCount OPTIONAL, IN BOOLEAN VirtualMode, diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr index 296b9c9b9e..9abf84a14a 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -1,7 +1,7 @@ /** @file VFR file used by the SecureBoot configuration component. -Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -608,4 +608,4 @@ formset endform; -endformset; \ No newline at end of file +endformset; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c index 1d6c4ac6e8..a5fa281851 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c @@ -1,13 +1,13 @@ /** @file The module entry point for SecureBoot configuration module. -Copyright (c) 2011, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -35,7 +35,7 @@ SecureBootConfigDriverEntryPoint ( { EFI_STATUS Status; SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; - + // // If already started, return. // @@ -50,7 +50,7 @@ SecureBootConfigDriverEntryPoint ( if (!EFI_ERROR (Status)) { return EFI_ALREADY_STARTED; } - + // // Create a private data structure. // @@ -58,7 +58,7 @@ SecureBootConfigDriverEntryPoint ( if (PrivateData == NULL) { return EFI_OUT_OF_RESOURCES; } - + // // Install SecureBoot configuration form // @@ -69,7 +69,7 @@ SecureBootConfigDriverEntryPoint ( // // Install private GUID. - // + // Status = gBS->InstallMultipleProtocolInterfaces ( &ImageHandle, &gEfiCallerIdGuid, @@ -86,8 +86,8 @@ SecureBootConfigDriverEntryPoint ( ErrorExit: if (PrivateData != NULL) { UninstallSecureBootConfigForm (PrivateData); - } - + } + return Status; } @@ -113,11 +113,11 @@ SecureBootConfigDriverUnload ( ImageHandle, &gEfiCallerIdGuid, (VOID **) &PrivateData - ); + ); if (EFI_ERROR (Status)) { - return Status; + return Status; } - + ASSERT (PrivateData->Signature == SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE); gBS->UninstallMultipleProtocolInterfaces ( @@ -126,7 +126,7 @@ SecureBootConfigDriverUnload ( PrivateData, NULL ); - + UninstallSecureBootConfigForm (PrivateData); return EFI_SUCCESS; diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxeExtra.uni b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxeExtra.uni index 2bc7f3d537..8f14272ecb 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxeExtra.uni +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxeExtra.uni @@ -1,7 +1,7 @@ // /** @file // SecureBootConfigDxe Localized Strings and Content // -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
// // This program and the accompanying materials // are licensed and made available under the terms and conditions of the BSD License @@ -12,8 +12,8 @@ // // **/ -#string STR_PROPERTIES_MODULE_NAME -#language en-US +#string STR_PROPERTIES_MODULE_NAME +#language en-US "Secure Boot Config DXE" diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 6123b56697..9acaa7b975 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1,7 +1,7 @@ /** @file HII Config Access protocol implementation of SecureBoot configuration module. -Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -1816,7 +1816,7 @@ LoadPeImage ( Calculate hash of Pe/Coff image based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A - Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in + Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in the function LoadPeImage (). @param[in] HashAlg Hash algorithm type. @@ -3327,12 +3327,12 @@ SecureBootExtractConfigFromVariable ( } // - // Check SecureBootEnable & Pk status, fix the inconsistence. + // Check SecureBootEnable & Pk status, fix the inconsistence. // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable // Checkbox. // ConfigData->AttemptSecureBoot = FALSE; - GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); // // Fix Pk, SecureBootEnable inconsistence @@ -4385,7 +4385,7 @@ SecureBootCallback ( Value->u8 = SECURE_BOOT_MODE_STANDARD; Status = EFI_SUCCESS; } - } + } goto EXIT; } diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c index 038707ca83..22b7cfdd1f 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c @@ -1,7 +1,7 @@ /** @file Helper functions for SecureBoot configuration module. -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -15,15 +15,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "SecureBootConfigImpl.h" /** - Read file content into BufferPtr, the size of the allocate buffer + Read file content into BufferPtr, the size of the allocate buffer is *FileSize plus AddtionAllocateSize. @param[in] FileHandle The file to be read. @param[in, out] BufferPtr Pointers to the pointer of allocated buffer. @param[out] FileSize Size of input file - @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. + @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. In case the buffer need to contain others besides the file content. - + @retval EFI_SUCCESS The file was read into the buffer. @retval EFI_INVALID_PARAMETER A parameter was invalid. @retval EFI_OUT_OF_RESOURCES A memory allocation failed. @@ -62,7 +62,7 @@ ReadFileContent ( if (EFI_ERROR (Status)) { goto ON_EXIT; } - + Status = FileHandle->SetPosition (FileHandle, 0); if (EFI_ERROR (Status)) { goto ON_EXIT; @@ -86,7 +86,7 @@ ReadFileContent ( } ON_EXIT: - + *BufferPtr = Buffer; return Status; } @@ -95,7 +95,7 @@ ON_EXIT: Close an open file handle. @param[in] FileHandle The file handle to close. - + **/ VOID CloseFile ( @@ -103,7 +103,7 @@ CloseFile ( ) { if (FileHandle != NULL) { - FileHandle->Close (FileHandle); + FileHandle->Close (FileHandle); } } @@ -112,7 +112,7 @@ CloseFile ( @param[in] Integer Pointer to the nonnegative integer to be converted @param[in] IntSizeInWords Length of integer buffer in words - @param[out] OctetString Converted octet string of the specified length + @param[out] OctetString Converted octet string of the specified length @param[in] OSSizeInBytes Intended length of resulting octet string in bytes Returns: @@ -138,17 +138,17 @@ Int2OctStr ( Ptr1++, Ptr2--) { *Ptr2 = *Ptr1; } - + for (; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++); - + if (Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords)) { return EFI_BUFFER_TOO_SMALL; } - + if (Ptr2 >= OctetString) { ZeroMem (OctetString, Ptr2 - OctetString + 1); } - + return EFI_SUCCESS; } @@ -158,7 +158,7 @@ Int2OctStr ( @param[in] Guid Pointer to GUID to print. @param[in] Buffer Buffer to print Guid into. @param[in] BufferSize Size of Buffer. - + @retval Number of characters printed. **/ @@ -173,9 +173,9 @@ GuidToString ( Size = UnicodeSPrint ( Buffer, - BufferSize, + BufferSize, L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", - (UINTN)Guid->Data1, + (UINTN)Guid->Data1, (UINTN)Guid->Data2, (UINTN)Guid->Data3, (UINTN)Guid->Data4[0], diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni index bf42598fa3..97f698c551 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni @@ -1,7 +1,7 @@ /** @file String definitions for Secure Boot Configuration form. -Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -98,7 +98,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_SECURE_BOOT_ENROLL_PK_FILE #language en-US "Enroll PK Using File" #string STR_DELETE_PK #language en-US "Delete Pk" -#string STR_DELETE_PK_HELP #language en-US "Choose to Delete PK, Otherwise keep the PK" +#string STR_DELETE_PK_HELP #language en-US "Choose to Delete PK, Otherwise keep the PK" #string STR_ENROLL_PK_TITLE #language en-US "Enroll PK" @@ -106,7 +106,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #string STR_ENROLL_KEK_HELP #language en-US "Enter into Enroll KEK Form" #string STR_DELETE_KEK #language en-US "Delete KEK" -#string STR_DELETE_KEK_HELP #language en-US "Enter into Delete KEK Form" +#string STR_DELETE_KEK_HELP #language en-US "Enter into Delete KEK Form" #string STR_ENROLL_KEK_TITLE #language en-US "Enroll KEK" #string STR_DELETE_KEK_TITLE #language en-US "Delete KEK" -- 2.39.2