]>
Commit | Line | Data |
---|---|---|
b6477d82 SZ |
1 | /** @file\r |
2 | Provides services to initialize and process authenticated variables.\r | |
3 | \r | |
4073f85d | 4 | Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>\r |
9d510e61 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
b6477d82 SZ |
6 | \r |
7 | **/\r | |
8 | \r | |
9 | #ifndef _AUTH_VARIABLE_LIB_H_\r | |
10 | #define _AUTH_VARIABLE_LIB_H_\r | |
11 | \r | |
12 | #include <Protocol/VarCheck.h>\r | |
13 | \r | |
14 | ///\r | |
15 | /// Size of AuthInfo prior to the data payload.\r | |
16 | ///\r | |
17 | #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \\r | |
18 | (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \\r | |
19 | sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r | |
20 | \r | |
21 | #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r | |
22 | (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)\r | |
23 | \r | |
24 | #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r | |
25 | (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))\r | |
26 | \r | |
27 | typedef struct {\r | |
28 | CHAR16 *VariableName;\r | |
29 | EFI_GUID *VendorGuid;\r | |
30 | UINT32 Attributes;\r | |
31 | UINTN DataSize;\r | |
32 | VOID *Data;\r | |
33 | UINT32 PubKeyIndex;\r | |
34 | UINT64 MonotonicCount;\r | |
35 | EFI_TIME *TimeStamp;\r | |
36 | } AUTH_VARIABLE_INFO;\r | |
37 | \r | |
38 | /**\r | |
39 | Finds variable in storage blocks of volatile and non-volatile storage areas.\r | |
40 | \r | |
41 | This code finds variable in storage blocks of volatile and non-volatile storage areas.\r | |
42 | If VariableName is an empty string, then we just return the first\r | |
43 | qualified variable without comparing VariableName and VendorGuid.\r | |
44 | \r | |
45 | @param[in] VariableName Name of the variable to be found.\r | |
46 | @param[in] VendorGuid Variable vendor GUID to be found.\r | |
47 | @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for\r | |
48 | output of the variable found.\r | |
49 | \r | |
50 | @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,\r | |
51 | while VendorGuid is NULL.\r | |
52 | @retval EFI_SUCCESS Variable successfully found.\r | |
53 | @retval EFI_NOT_FOUND Variable not found\r | |
54 | \r | |
55 | **/\r | |
56 | typedef\r | |
57 | EFI_STATUS\r | |
58 | (EFIAPI *AUTH_VAR_LIB_FIND_VARIABLE) (\r | |
59 | IN CHAR16 *VariableName,\r | |
60 | IN EFI_GUID *VendorGuid,\r | |
61 | OUT AUTH_VARIABLE_INFO *AuthVariableInfo\r | |
62 | );\r | |
63 | \r | |
64 | /**\r | |
65 | Finds next variable in storage blocks of volatile and non-volatile storage areas.\r | |
66 | \r | |
67 | This code finds next variable in storage blocks of volatile and non-volatile storage areas.\r | |
68 | If VariableName is an empty string, then we just return the first\r | |
69 | qualified variable without comparing VariableName and VendorGuid.\r | |
70 | \r | |
71 | @param[in] VariableName Name of the variable to be found.\r | |
72 | @param[in] VendorGuid Variable vendor GUID to be found.\r | |
73 | @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for\r | |
74 | output of the next variable.\r | |
75 | \r | |
76 | @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,\r | |
77 | while VendorGuid is NULL.\r | |
78 | @retval EFI_SUCCESS Variable successfully found.\r | |
79 | @retval EFI_NOT_FOUND Variable not found\r | |
80 | \r | |
81 | **/\r | |
82 | typedef\r | |
83 | EFI_STATUS\r | |
84 | (EFIAPI *AUTH_VAR_LIB_FIND_NEXT_VARIABLE) (\r | |
85 | IN CHAR16 *VariableName,\r | |
86 | IN EFI_GUID *VendorGuid,\r | |
87 | OUT AUTH_VARIABLE_INFO *AuthVariableInfo\r | |
88 | );\r | |
89 | \r | |
90 | /**\r | |
91 | Update the variable region with Variable information.\r | |
92 | \r | |
93 | @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for\r | |
94 | input of the variable.\r | |
95 | \r | |
96 | @retval EFI_SUCCESS The update operation is success.\r | |
97 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
98 | @retval EFI_WRITE_PROTECTED Variable is write-protected.\r | |
99 | @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r | |
100 | \r | |
101 | **/\r | |
102 | typedef\r | |
103 | EFI_STATUS\r | |
104 | (EFIAPI *AUTH_VAR_LIB_UPDATE_VARIABLE) (\r | |
105 | IN AUTH_VARIABLE_INFO *AuthVariableInfo\r | |
106 | );\r | |
107 | \r | |
108 | /**\r | |
109 | Get scratch buffer.\r | |
110 | \r | |
111 | @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than\r | |
112 | the maximum supported buffer size, this value contains\r | |
113 | the maximum supported buffer size as output.\r | |
114 | @param[out] ScratchBuffer Pointer to scratch buffer address.\r | |
115 | \r | |
116 | @retval EFI_SUCCESS Get scratch buffer successfully.\r | |
117 | @retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.\r | |
118 | \r | |
119 | **/\r | |
120 | typedef\r | |
121 | EFI_STATUS\r | |
122 | (EFIAPI *AUTH_VAR_LIB_GET_SCRATCH_BUFFER) (\r | |
123 | IN OUT UINTN *ScratchBufferSize,\r | |
124 | OUT VOID **ScratchBuffer\r | |
125 | );\r | |
126 | \r | |
127 | /**\r | |
128 | This function is to check if the remaining variable space is enough to set\r | |
129 | all Variables from argument list successfully. The purpose of the check\r | |
130 | is to keep the consistency of the Variables to be in variable storage.\r | |
131 | \r | |
132 | Note: Variables are assumed to be in same storage.\r | |
133 | The set sequence of Variables will be same with the sequence of VariableEntry from argument list,\r | |
134 | so follow the argument sequence to check the Variables.\r | |
135 | \r | |
136 | @param[in] Attributes Variable attributes for Variable entries.\r | |
137 | @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.\r | |
138 | A NULL terminates the list. The VariableSize of\r | |
139 | VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.\r | |
140 | It will be changed to variable total size as output.\r | |
141 | \r | |
142 | @retval TRUE Have enough variable space to set the Variables successfully.\r | |
143 | @retval FALSE No enough variable space to set the Variables successfully.\r | |
144 | \r | |
145 | **/\r | |
146 | typedef\r | |
147 | BOOLEAN\r | |
148 | (EFIAPI *AUTH_VAR_LIB_CHECK_REMAINING_SPACE) (\r | |
149 | IN UINT32 Attributes,\r | |
150 | ...\r | |
151 | );\r | |
152 | \r | |
153 | /**\r | |
154 | Return TRUE if at OS runtime.\r | |
155 | \r | |
156 | @retval TRUE If at OS runtime.\r | |
157 | @retval FALSE If at boot time.\r | |
158 | \r | |
159 | **/\r | |
160 | typedef\r | |
161 | BOOLEAN\r | |
162 | (EFIAPI *AUTH_VAR_LIB_AT_RUNTIME) (\r | |
163 | VOID\r | |
164 | );\r | |
165 | \r | |
166 | #define AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION 0x01\r | |
167 | \r | |
168 | typedef struct {\r | |
169 | UINTN StructVersion;\r | |
170 | UINTN StructSize;\r | |
171 | //\r | |
172 | // Reflect the overhead associated with the saving\r | |
173 | // of a single EFI authenticated variable with the exception\r | |
174 | // of the overhead associated with the length\r | |
175 | // of the string name of the EFI variable.\r | |
176 | //\r | |
177 | UINTN MaxAuthVariableSize;\r | |
178 | AUTH_VAR_LIB_FIND_VARIABLE FindVariable;\r | |
179 | AUTH_VAR_LIB_FIND_NEXT_VARIABLE FindNextVariable;\r | |
180 | AUTH_VAR_LIB_UPDATE_VARIABLE UpdateVariable;\r | |
181 | AUTH_VAR_LIB_GET_SCRATCH_BUFFER GetScratchBuffer;\r | |
182 | AUTH_VAR_LIB_CHECK_REMAINING_SPACE CheckRemainingSpaceForConsistency;\r | |
183 | AUTH_VAR_LIB_AT_RUNTIME AtRuntime;\r | |
184 | } AUTH_VAR_LIB_CONTEXT_IN;\r | |
185 | \r | |
186 | #define AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION 0x01\r | |
187 | \r | |
188 | typedef struct {\r | |
189 | UINTN StructVersion;\r | |
190 | UINTN StructSize;\r | |
191 | //\r | |
192 | // Caller needs to set variable property for the variables.\r | |
193 | //\r | |
194 | VARIABLE_ENTRY_PROPERTY *AuthVarEntry;\r | |
195 | UINTN AuthVarEntryCount;\r | |
196 | //\r | |
197 | // Caller needs to ConvertPointer() for the pointers.\r | |
198 | //\r | |
e43525ee | 199 | VOID ***AddressPointer;\r |
b6477d82 SZ |
200 | UINTN AddressPointerCount;\r |
201 | } AUTH_VAR_LIB_CONTEXT_OUT;\r | |
202 | \r | |
203 | /**\r | |
204 | Initialization for authenticated varibale services.\r | |
205 | If this initialization returns error status, other APIs will not work\r | |
206 | and expect to be not called then.\r | |
207 | \r | |
208 | @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.\r | |
209 | @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.\r | |
210 | \r | |
211 | @retval EFI_SUCCESS Function successfully executed.\r | |
212 | @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r | |
213 | @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.\r | |
214 | @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r | |
215 | \r | |
216 | **/\r | |
217 | EFI_STATUS\r | |
218 | EFIAPI\r | |
219 | AuthVariableLibInitialize (\r | |
220 | IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,\r | |
221 | OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut\r | |
222 | );\r | |
223 | \r | |
224 | /**\r | |
4073f85d | 225 | Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r |
b6477d82 SZ |
226 | \r |
227 | @param[in] VariableName Name of the variable.\r | |
228 | @param[in] VendorGuid Variable vendor GUID.\r | |
229 | @param[in] Data Data pointer.\r | |
230 | @param[in] DataSize Size of Data.\r | |
231 | @param[in] Attributes Attribute value of the variable.\r | |
232 | \r | |
233 | @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r | |
234 | defined by the Attributes.\r | |
235 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
236 | @retval EFI_WRITE_PROTECTED Variable is write-protected.\r | |
237 | @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r | |
4073f85d | 238 | @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS\r |
b6477d82 SZ |
239 | set, but the AuthInfo does NOT pass the validation\r |
240 | check carried out by the firmware.\r | |
241 | @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r | |
242 | \r | |
243 | **/\r | |
244 | EFI_STATUS\r | |
245 | EFIAPI\r | |
246 | AuthVariableLibProcessVariable (\r | |
247 | IN CHAR16 *VariableName,\r | |
248 | IN EFI_GUID *VendorGuid,\r | |
249 | IN VOID *Data,\r | |
250 | IN UINTN DataSize,\r | |
251 | IN UINT32 Attributes\r | |
252 | );\r | |
253 | \r | |
254 | #endif\r |