Some hashes were simply ignored (lack of all CompareGuid in
conditions) and it caused the browser to enter an infinite loop.
Because CertList variable was never updated, the exit condition
for the while loop never met.
Also add formatting for displaying image hashes or certificate
hashes instead of prue GUIDs.
Fixes https://github.com/Dasharo/dasharo-issues/issues/1365
TEST=Enroll DTS grubx64.efi to DB then delete its signature
from DB using the Secure Boot menu on QEMU OVMF.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Reset Secure Boot Keys option should only touch the keys and nothing
else. Keep the SecureBootEnable variable value from before selecting
to reset the keys as re-enrolling PK would unconditionally enable
Secure Boot.
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Display certificate Common Name instead of GUIDs when attempting to
delete KEK or DB certificates.
Display currently enrolled PK Common Name at the top of PK Options menu.
Signed-off-by: Filip Golas <filip.golas@3mdeb.com>
Enrolling or removing any signature should require a reset to avoid
booting a system with some weird value of PCR-7. The PCR is extended
on writes into SecureBoot-related variables (see SecureBootHook() in
SecurityPkg/DxeImageVerificationLib) and then right before booting (in
TcgDxe or Tcg2Dxe in OnReadyToBoot() handler), meaning that editing
SecureBoot configuration and continuing boot process without a reset
results in an unexpected value of PCR-7 even if the end result of
changes is the same as it would be without any changes.
Now reset is required in the following cases as well:
* enrolling/deletion of a KEK signature
* enrolling/deletion of a DB signature
* enrolling/deletion of a DBX signature (one or all of them)
* enrolling/deletion of a DBT signature
Addition cases are handled in VFR while deletion options are checkboxes
generated in C and that's where the flags get set (number of updated
places is fewer than number of handled cases because functions are
shared by menus).
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Currently "Delete Signature" Setup page lists enrolled signatures and each
signature is shown with signature GUID (prompt) and type (help). It is
possible for some signatures to be shown with same signature GUID and
type. In this case, it is difficult to identify the target signature to
delete. The update enhances help information to distinguish signatures.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4713
In UEFI_Spec_2_10_Aug29.pdf page 1694 section 35.5.4 for
EFI_BROWSER_ACTION_FORM_OPEN:
NOTE: EFI_FORM_BROWSER2_PROTOCOL.BrowserCallback() cannot be used with
this browser action because question values have not been retrieved yet.
So should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN
call back function.
Now call SecureBootExtractConfigFromVariable() and update
IfrNvData->ListCount to save the change to EFI variable, then HII use EFI
variable to control the UI.
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Felix Polyudov <Felixp@ami.com>
Signed-off-by: Ming Tan <ming.tan@intel.com>
Reviewed-by: Felix Polyudov <Felixp@ami.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among
others support, while __func__ was standardized in C99.
Since it's more standard, replace __FUNCTION__ with __func__ throughout
SecurityPkg.
Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
This commit add option which allows reset content of Secure Boot
keys and databases to default variables.
Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Pete Batard <pete@akeo.ie>
Tested-by: Pete Batard <pete@akeo.ie> # on Raspberry Pi 4
This commit removes functions which were added
to SecureBootVariableLib. It also adds dependecy
on that library.
Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3293
Add constraints on the key strength of enrolled platform key(PK), which
must be greater than or equal to 2048 bit. PK key strength is required
by Intel SDL and MSFT, etc. This limitation prevents user from using
weak keys as PK.
The original code to check the certificate file type is placed in a new
function CheckX509Certificate(), which checks if the X.509 certificate
meets the requirements of encode type, RSA-Key strengh, etc.
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Unlike the InstallMultipleProtocolInterfaces() boot service, which takes
an (EFI_HANDLE*) as first parameter, the
UninstallMultipleProtocolInterfaces() boot service takes an EFI_HANDLE as
first parameter.
These are actual bugs. They must have remained hidden until now because
they are all in Unload() functions, which are probably exercised
infrequently. Fix the UninstallMultipleProtocolInterfaces() calls.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Replace the OpenFileByDevicePath() function with EfiOpenFileByDevicePath()
from UefiLib, correcting the following issues:
- imprecise comments on OpenFileByDevicePath(),
- code duplication between this module and other modules,
- local variable name "EfiSimpleFileSystemProtocol" starting with "Efi"
prefix,
- bogus "FileHandle = NULL" assignments,
- leaking "Handle1" when the device path type/subtype check or the
realignment-motivated AllocateCopyPool() fails in the loop,
- stale SHELL_FILE_HANDLE reference in a comment.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Roman Bacik <roman.bacik@broadcom.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1008
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Jaben Carsey <jaben.carsey@intel.com>
Michał Żygowski
Filip Gołaś
Sergii Dmytruk
Michał Kopeć
Phil Noh
Ming Tan
Sheng Wei
Rebecca Cran
Kun Qin
Michael Kubacki
Michael D Kinney
Grzegorz Bernacki
Jiaqi Gao
Antoine Coeur
Sean Brogan
Laszlo Ersek
Chen A Chen
Ard Biesheuvel
Roman Bacik