Add BS+RT+AT variable attribute definition.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
MdeModulePkg/Include/Guid/VariableFormat.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
Add a new cert data base "certdbv" to store signer certs for volatile time based
Auth variable.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 144 ++---
Add a new cert database "certdbv" for signer certs of volatile time based
variable
Zhang, Chao B (2):
MdeModulePkg: Add BS+RT+AT variable attribute definition
SecurityPkg: AuthVariableLib: Add new cert database for volatile time
based Auth variable
MdeModulePkg/In
Siyuan:
You are correct. CleanCertsFromDb is dedicated for NV time based variable.
The change is just to cooperate DeleteCertsFromDb interface change.
Thanks & Best regards
Chao Zhang
-Original Message-
From: Fu, Siyuan
Sent: Friday, January 29, 2016 3:06 PM
To: Zhang, Ch
Jiewen:
The patch is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Tuesday, January 26, 2016 10:35 AM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] S
Jiewen:
The patch is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Tuesday, January 26, 2016 10:30 AM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] S
Fix SecureBoot potential NULL pointer dereference.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff
Jiewen:
Patch 1-6 are good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, January 22, 2016 3:14 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject:
Jiewen:
Please also update copyright.
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Thursday, January 21, 2016 4:41 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subje
Mike
The patch 1-12 are good to me.
Reviewed-by: Chao Zhang<chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Kinney, Michael D
Sent: Thursday, January 21, 2016 1:24 PM
To: Zhang, Chao B; edk2-devel@lists.01.org; Kinney, Michael D
Cc: Y
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Monday, January 18, 2016 2:52 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B; Zeng, Star
Subject: [patch V2 3/3] MdeModulePkg: A
Jiewen:
The patch is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Monday, January 18, 2016 3:37 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B; Zeng, Star
Subje
Jiewen:
The patch is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Monday, January 18, 2016 2:52 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B; Zeng, Star
Subject:
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, January 15, 2016 2:24 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch 1/2] MdePkg: Update MorLock comment to
ExtractConfig is called many times, so it's not efficient to update Secure Boot
STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in
ExtractConfig. As these 2 strings are displayed on one form, so always update
them when opening the form.
Contributed-under: TianoCore
Fix transition string typo.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 6 +++---
.../SecureBootConfigDxe/SecureBootConfigStrings.uni | 4 ++--
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, January 15, 2016 11:55 AM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg: Correct NumberOfPCRBanks c
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, January 15, 2016 12:06 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg: Update final event log c
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, January 15, 2016 11:49 AM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg: Replace TREE macro with TC
ExtractConfig is called several times, it's not sufficient to update Secure
Boot STR_SECURE_BOOT_STATE_CONTENT, STR_CUR_SECURE_BOOT_MODE_CONTENT string in
ExtractConfig. Remove them to 4 places
1. SecureBootConfigDxe driver entry
2. Enroll PK
3. Delete PK
4. Change SecureBootMode
Change KEY_TRANS_SECURE_BOOT_MODE value, as it conflicts with
OPTION_DEL_KEK_QUESTION_ID.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
.../SecureBootConfigDxe/SecureBootConfigNvData.h | 4 ++--
1 file
It is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, January 08, 2016 4:23 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg: Add T
TCG event log and TCG2 final event log area length can be configurable to meet
platform event log
requirement.
PcdTcgLogAreaMinLen: 0x1 based on minimum requirement in TCG ACPI Spec
00.37
PcdTcg2FinalLogAreaLen : 0x8000 based on experience value
Contributed-under: TianoCore
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, January 08, 2016 2:05 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg: MOR drivers use Tcg2Protoc
d Hoffmann; Justen, Jordan L; Zhang, Chao B
Subject: [PATCH 0/2] OvmfPkg: run unsigned iPXE (and other) option ROMs
Much work has gone into iPXE over several months that improves its
compatibility with UEFI in general and with OVMF on QEMU in particular.
Now that we have SMM / SMRAM based variables
en, Jordan L; Zhang, Chao B
Subject: [PATCH 2/2] OvmfPkg: execute option ROM images regardless of Secure
Boot
Change the image verification policy for option ROM images to 0x00
(ALWAYS_EXECUTE).
While this may not be a good idea for physical platforms (see e.g.
<https://trmm.net/
Mike:
It is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Kinney, Michael D
Sent: Thursday, January 07, 2016 9:53 AM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B; Yao, Jiewen
Subject: [Patch] Secur
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: El-Haj-Mahmoud, Samer [mailto:samer.el-haj-mahm...@hpe.com]
Sent: Thursday, December 24, 2015 11:02 PM
To: Zhang, Chao B; edk2-devel@lists.01.org
Cc: El-Haj-Mahm
Star:
The patch is good to me.
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Zeng, Star
Sent: Monday, December 28, 2015 2:53 PM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B
Subject: [PATCH] S
wrong & suggest not to include this debug print
Thanks & Best regards
Chao Zhang
-Original Message-
From: Samer El-Haj-Mahmoud [mailto:samer.el-haj-mahm...@hpe.com]
Sent: Tuesday, December 22, 2015 8:02 AM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B; Samer El-Haj-Mahmoud
UG ((EFI_D_VERBOSE, "\n"));
);
Thanks & Best regards
Chao Zhang
-Original Message-
From: Samer El-Haj-Mahmoud [mailto:samer.el-haj-mahm...@hpe.com]
Sent: Tuesday, December 22, 2015 8:10 AM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B; Samer El-Haj-Mahmoud;
Liming:
The patch is good to me. Reviewed-by: Chao Zhang<chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Gao, Liming
Sent: Thursday, December 17, 2015 12:57 PM
To: Zhang, Chao B
Subject: FW: [edk2] [Patch 2/4] SecurityPkg: Correct
Liming:
The patch is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Gao, Liming
Sent: Thursday, December 17, 2015 12:58 PM
To: Zhang, Chao B
Subject: FW: [edk2] [Patch 1/4] SecurityPkg: Correct
Jordan:
The patch is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Justen, Jordan L
Sent: Monday, December 14, 2015 10:31 AM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B
Subject: Re: [PATC
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Long, Qin
Sent: Thursday, December 10, 2015 10:08 AM
To: ard.biesheu...@linaro.org; Zhang, Chao B
Cc: edk2-devel@lists.01.org
Subject: [Patch] CryptoPkg/OpensslLi
Ard:
Sorry for the inconvenience, your fix is good.
Thanks & Best regards
Chao Zhang
-Original Message-
From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
Sent: Monday, December 07, 2015 4:35 PM
To: Zhang, Chao B
Cc: edk2-devel@lists.01.org; qin.l...@inte.com; Zeng,
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang, Chao
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 34 +++
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git
Restore SetupMode macro definition to keep backward compatibility. No current
module is referencing them now.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
MdePkg/Include/Guid/ImageAuthentication.h | 3 +++
1 file changed, 3
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang, Chao
---
.../SecureBootConfigDxe/SecureBootConfig.vfr | 77 +++-
.../SecureBootConfigDxe/SecureBootConfigImpl.c | 432 ++---
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang, Chao
Reviewed-by: Zeng Star
Reviewed-by: Long Qin
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 1414 +---
Zhang, Chao B (3):
SecurityPkg: Enable Customized Secure Boot feature
SecurityPkg: AuthVariableLib: Customized SecureBoot Mode transition.
Implement Customized SecureBoot Mode transition logic according
to Mantis 1263, including AuditMode/DeployedMode/PK update
management
Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add
gEfiSecureBootModeGuid definition
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
Reviewed-by: Zeng Star
Reviewed-by: Long Qin
---
Ard:
It is good to me. Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org]
Sent: Thursday, December 03, 2015 4:38 PM
To: edk2-devel@lists.01.org; Zhang, Chao B
Cc: G
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zhang, Chao
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 1404 +---
.../Library/AuthVariableLib/AuthServiceInternal.h | 73 +
ge-
From: Zeng, Star
Sent: Wednesday, December 02, 2015 11:54 AM
To: Zhang, Chao B; edk2-devel@lists.01.org
Cc: Zeng, Star; Long, Qin
Subject: Re: [edk2] [PATCH 4/5] SecurityPkg: Enable Customized Secure Boot
feature
Hi Chao,
I have comments below to this patch about AuthVariableLib upd
Implement Customized Secure Boot feature accordingt to Mantis 1263. Patch
includes
Customized Secure Boot Mode transition, Secure Boot UI update and
ImageVerificationLib
logic update in AuditMode.
https://mantis.uefi.org/mantis/view.php?id=1263
Zhang, Chao B (2):
SecurityPkg
@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] SecurityPkg/Tcg2Pei: Add error handling for TPM in S3 resume
failure.
If TPM2_Startup(TPM_SU_STATE) to return an error, the system firmware that
resumes from S3 MUST deal with a TPM2_Startup error appropriately.
For example, is
Jiewen:
Should we do HashLogExtendEvent after SetTpm2HashMask?
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, November 06, 2015 8:09 PM
To: edk2-de...@ml01.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] Add error handling for
Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add
AuditMode/DeployedMode value definition.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
MdePkg/Include/Guid/GlobalVariable.h | 14 ++
Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add
gEfiSecureBootModeGuid definition
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h | 1 +
SecurityPkg/SecurityPkg.dec
Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add VarCheck for
AuditMode/DeployedMode
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
.../VarCheckUefiLib/VarCheckUefiLibNullClass.c | 22 ++
1 file
Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add
AuthVariable implementation logic.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 1221 +---
Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add
SecureBoot UI update.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang
---
.../SecureBootConfigDxe/SecureBootConfig.vfr | 77 +++-
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Long, Qin
Sent: Tuesday, November 03, 2015 2:38 PM
To: Ye, Ting; Zhang, Chao B
Cc: edk2-devel@lists.01.org
Subject: [Patch] CryptoPkg: Add o
after
your private Security Handler is hooked when you have more than one PEI FV.
Thanks & Best regards
Chao Zhang
-Original Message-
From: Cohen, Eugene [mailto:eug...@hp.com]
Sent: Monday, November 02, 2015 9:48 PM
To: Zhang, Chao B
Cc: edk2-devel@lists.01.org
Subject: RE: Securit
PeiCore supports EFI_PEI_SECURITY_PPI to handle section extraction failure. The
wrong returning status is no longer needed.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Zhang, Chao B" <chao.b.zh...@intel.com>
---
.../PeiRsa2048Sha256GuidedSec
Thanks & Best regards
Chao Zhang
From: Cohen, Eugene [mailto:eug...@hp.com]
Sent: Friday, October 30, 2015 7:45 PM
To: Zhang, Chao B
Cc: edk2-devel@lists.01.org
Subject: SecurityPkg: PeiRsa2048Sha256GuidedSectionExtractLib error handling
Dear SecurityPkg maintainer,
I'm trying to track
It is good to me.
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Monday, October 26, 2015 3:45 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B; Zeng, Star
Subject: [patch] M
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Cohen, Eugene [mailto:eug...@hp.com]
Sent: Thursday, October 15, 2015 9:12 PM
To: Zhang, Chao B
Cc: edk2-devel@lists.01.org
Subject: [PATCH] Securi
Sent: Tuesday, September 15, 2015 4:40 AM
To: edk2-devel@lists.01.org
Cc: Zhang, Chao B; Samer El-Haj-Mahmoud; Samer El-Haj-Mahmoud
Subject: [PATCH] SecurityPkg: Reduce verbosity of TPM DEBUG messages
Some of the TPM/TPM2 DEBUG messages are at EFI_D_INFO level, even though they
are simply tra
Good to me.
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Qiu, Shumin
Sent: Sunday, September 06, 2015 2:04 PM
To: edk2-devel@lists.01.org
Cc: Qiu, Shumin; Zhang, Chao B
Subject: [PATCH] SecurityPkg: Use point
It is good to me.
Reviewed-by: Chao Zhang <chao.b.zh...@intel.com>
Thanks & Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Wednesday, September 02, 2015 1:11 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] Add more st
Good to me.
Reviewed-by: Chao Zhang chao.b.zh...@intel.com
Thanks Best regards
Chao Zhang
-Original Message-
From: Qiu, Shumin
Sent: Thursday, August 27, 2015 1:13 PM
To: edk2-devel@lists.01.org
Cc: Qiu, Shumin; Yao, Jiewen; Zhang, Chao B
Subject: [PATCH 1/3] SecurityPkg: Add
Qin:
The patch is good to me.
Reviewed-by: Chao Zhang chao.b.zh...@intel.com
Thanks Best regards
Chao Zhang
-Original Message-
From: Long, Qin
Sent: Wednesday, August 26, 2015 1:24 AM
To: Zhang, Chao B; edk2-devel@lists.01.org
Subject: [patch] SecurityPkg: Fix one returned code
Qin:
In this case, Should AttachedData be freed before return UNSUPPORTED
Thanks Best regards
Chao Zhang
-Original Message-
From: Long, Qin
Sent: Tuesday, August 25, 2015 4:53 PM
To: Zhang, Chao B; edk2-devel@lists.01.org
Subject: [patch] SecurityPkg: Fix one returned status
Update Package version to 0.96
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang chao.b.zh...@intel.com
---
SecurityPkg/SecurityPkg.dec | 2 +-
SecurityPkg/SecurityPkg.dsc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
The patch is good to me
Reviewed-by: Chao Zhangchao.b.zh...@intel.com
Thanks Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Saturday, August 15, 2015 6:59 AM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] Fix typo
It is good to me.
Reviewed-by: Chao Zhang chao.b.zh...@intel.com
Thanks Best regards
Chao Zhang
-Original Message-
From: Yao, Jiewen
Sent: Friday, August 14, 2015 2:08 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch] Clean up unused data type - BOOL
: Tuesday, August 11, 2015 8:09 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B
Subject: [patch 1/2] Add TPM2 definition in trusted computing group.
1) TCG Physical Presence Interface Specification 1.30 at
http://www.trustedcomputinggroup.org/resources
Update to EDK2 coding style
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang chao.b.zh...@intel.com
---
SecurityPkg/Library/AuthVariableLib/AuthService.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
301 - 370 of 370 matches
Mail list logo