]>
Commit | Line | Data |
---|---|---|
b6477d82 SZ |
1 | /** @file\r |
2 | Provides services to initialize and process authenticated variables.\r | |
3 | \r | |
4 | Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r | |
5 | This program and the accompanying materials are licensed and made available under\r | |
6 | the terms and conditions of the BSD License that accompanies this distribution.\r | |
7 | The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php.\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #ifndef _AUTH_VARIABLE_LIB_H_\r | |
16 | #define _AUTH_VARIABLE_LIB_H_\r | |
17 | \r | |
18 | #include <Protocol/VarCheck.h>\r | |
19 | \r | |
20 | ///\r | |
21 | /// Size of AuthInfo prior to the data payload.\r | |
22 | ///\r | |
23 | #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \\r | |
24 | (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \\r | |
25 | sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r | |
26 | \r | |
27 | #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r | |
28 | (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)\r | |
29 | \r | |
30 | #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r | |
31 | (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))\r | |
32 | \r | |
33 | typedef struct {\r | |
34 | CHAR16 *VariableName;\r | |
35 | EFI_GUID *VendorGuid;\r | |
36 | UINT32 Attributes;\r | |
37 | UINTN DataSize;\r | |
38 | VOID *Data;\r | |
39 | UINT32 PubKeyIndex;\r | |
40 | UINT64 MonotonicCount;\r | |
41 | EFI_TIME *TimeStamp;\r | |
42 | } AUTH_VARIABLE_INFO;\r | |
43 | \r | |
44 | /**\r | |
45 | Finds variable in storage blocks of volatile and non-volatile storage areas.\r | |
46 | \r | |
47 | This code finds variable in storage blocks of volatile and non-volatile storage areas.\r | |
48 | If VariableName is an empty string, then we just return the first\r | |
49 | qualified variable without comparing VariableName and VendorGuid.\r | |
50 | \r | |
51 | @param[in] VariableName Name of the variable to be found.\r | |
52 | @param[in] VendorGuid Variable vendor GUID to be found.\r | |
53 | @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for\r | |
54 | output of the variable found.\r | |
55 | \r | |
56 | @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,\r | |
57 | while VendorGuid is NULL.\r | |
58 | @retval EFI_SUCCESS Variable successfully found.\r | |
59 | @retval EFI_NOT_FOUND Variable not found\r | |
60 | \r | |
61 | **/\r | |
62 | typedef\r | |
63 | EFI_STATUS\r | |
64 | (EFIAPI *AUTH_VAR_LIB_FIND_VARIABLE) (\r | |
65 | IN CHAR16 *VariableName,\r | |
66 | IN EFI_GUID *VendorGuid,\r | |
67 | OUT AUTH_VARIABLE_INFO *AuthVariableInfo\r | |
68 | );\r | |
69 | \r | |
70 | /**\r | |
71 | Finds next variable in storage blocks of volatile and non-volatile storage areas.\r | |
72 | \r | |
73 | This code finds next variable in storage blocks of volatile and non-volatile storage areas.\r | |
74 | If VariableName is an empty string, then we just return the first\r | |
75 | qualified variable without comparing VariableName and VendorGuid.\r | |
76 | \r | |
77 | @param[in] VariableName Name of the variable to be found.\r | |
78 | @param[in] VendorGuid Variable vendor GUID to be found.\r | |
79 | @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for\r | |
80 | output of the next variable.\r | |
81 | \r | |
82 | @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,\r | |
83 | while VendorGuid is NULL.\r | |
84 | @retval EFI_SUCCESS Variable successfully found.\r | |
85 | @retval EFI_NOT_FOUND Variable not found\r | |
86 | \r | |
87 | **/\r | |
88 | typedef\r | |
89 | EFI_STATUS\r | |
90 | (EFIAPI *AUTH_VAR_LIB_FIND_NEXT_VARIABLE) (\r | |
91 | IN CHAR16 *VariableName,\r | |
92 | IN EFI_GUID *VendorGuid,\r | |
93 | OUT AUTH_VARIABLE_INFO *AuthVariableInfo\r | |
94 | );\r | |
95 | \r | |
96 | /**\r | |
97 | Update the variable region with Variable information.\r | |
98 | \r | |
99 | @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for\r | |
100 | input of the variable.\r | |
101 | \r | |
102 | @retval EFI_SUCCESS The update operation is success.\r | |
103 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
104 | @retval EFI_WRITE_PROTECTED Variable is write-protected.\r | |
105 | @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r | |
106 | \r | |
107 | **/\r | |
108 | typedef\r | |
109 | EFI_STATUS\r | |
110 | (EFIAPI *AUTH_VAR_LIB_UPDATE_VARIABLE) (\r | |
111 | IN AUTH_VARIABLE_INFO *AuthVariableInfo\r | |
112 | );\r | |
113 | \r | |
114 | /**\r | |
115 | Get scratch buffer.\r | |
116 | \r | |
117 | @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than\r | |
118 | the maximum supported buffer size, this value contains\r | |
119 | the maximum supported buffer size as output.\r | |
120 | @param[out] ScratchBuffer Pointer to scratch buffer address.\r | |
121 | \r | |
122 | @retval EFI_SUCCESS Get scratch buffer successfully.\r | |
123 | @retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.\r | |
124 | \r | |
125 | **/\r | |
126 | typedef\r | |
127 | EFI_STATUS\r | |
128 | (EFIAPI *AUTH_VAR_LIB_GET_SCRATCH_BUFFER) (\r | |
129 | IN OUT UINTN *ScratchBufferSize,\r | |
130 | OUT VOID **ScratchBuffer\r | |
131 | );\r | |
132 | \r | |
133 | /**\r | |
134 | This function is to check if the remaining variable space is enough to set\r | |
135 | all Variables from argument list successfully. The purpose of the check\r | |
136 | is to keep the consistency of the Variables to be in variable storage.\r | |
137 | \r | |
138 | Note: Variables are assumed to be in same storage.\r | |
139 | The set sequence of Variables will be same with the sequence of VariableEntry from argument list,\r | |
140 | so follow the argument sequence to check the Variables.\r | |
141 | \r | |
142 | @param[in] Attributes Variable attributes for Variable entries.\r | |
143 | @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.\r | |
144 | A NULL terminates the list. The VariableSize of\r | |
145 | VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.\r | |
146 | It will be changed to variable total size as output.\r | |
147 | \r | |
148 | @retval TRUE Have enough variable space to set the Variables successfully.\r | |
149 | @retval FALSE No enough variable space to set the Variables successfully.\r | |
150 | \r | |
151 | **/\r | |
152 | typedef\r | |
153 | BOOLEAN\r | |
154 | (EFIAPI *AUTH_VAR_LIB_CHECK_REMAINING_SPACE) (\r | |
155 | IN UINT32 Attributes,\r | |
156 | ...\r | |
157 | );\r | |
158 | \r | |
159 | /**\r | |
160 | Return TRUE if at OS runtime.\r | |
161 | \r | |
162 | @retval TRUE If at OS runtime.\r | |
163 | @retval FALSE If at boot time.\r | |
164 | \r | |
165 | **/\r | |
166 | typedef\r | |
167 | BOOLEAN\r | |
168 | (EFIAPI *AUTH_VAR_LIB_AT_RUNTIME) (\r | |
169 | VOID\r | |
170 | );\r | |
171 | \r | |
172 | #define AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION 0x01\r | |
173 | \r | |
174 | typedef struct {\r | |
175 | UINTN StructVersion;\r | |
176 | UINTN StructSize;\r | |
177 | //\r | |
178 | // Reflect the overhead associated with the saving\r | |
179 | // of a single EFI authenticated variable with the exception\r | |
180 | // of the overhead associated with the length\r | |
181 | // of the string name of the EFI variable.\r | |
182 | //\r | |
183 | UINTN MaxAuthVariableSize;\r | |
184 | AUTH_VAR_LIB_FIND_VARIABLE FindVariable;\r | |
185 | AUTH_VAR_LIB_FIND_NEXT_VARIABLE FindNextVariable;\r | |
186 | AUTH_VAR_LIB_UPDATE_VARIABLE UpdateVariable;\r | |
187 | AUTH_VAR_LIB_GET_SCRATCH_BUFFER GetScratchBuffer;\r | |
188 | AUTH_VAR_LIB_CHECK_REMAINING_SPACE CheckRemainingSpaceForConsistency;\r | |
189 | AUTH_VAR_LIB_AT_RUNTIME AtRuntime;\r | |
190 | } AUTH_VAR_LIB_CONTEXT_IN;\r | |
191 | \r | |
192 | #define AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION 0x01\r | |
193 | \r | |
194 | typedef struct {\r | |
195 | UINTN StructVersion;\r | |
196 | UINTN StructSize;\r | |
197 | //\r | |
198 | // Caller needs to set variable property for the variables.\r | |
199 | //\r | |
200 | VARIABLE_ENTRY_PROPERTY *AuthVarEntry;\r | |
201 | UINTN AuthVarEntryCount;\r | |
202 | //\r | |
203 | // Caller needs to ConvertPointer() for the pointers.\r | |
204 | //\r | |
e43525ee | 205 | VOID ***AddressPointer;\r |
b6477d82 SZ |
206 | UINTN AddressPointerCount;\r |
207 | } AUTH_VAR_LIB_CONTEXT_OUT;\r | |
208 | \r | |
209 | /**\r | |
210 | Initialization for authenticated varibale services.\r | |
211 | If this initialization returns error status, other APIs will not work\r | |
212 | and expect to be not called then.\r | |
213 | \r | |
214 | @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.\r | |
215 | @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.\r | |
216 | \r | |
217 | @retval EFI_SUCCESS Function successfully executed.\r | |
218 | @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r | |
219 | @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.\r | |
220 | @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r | |
221 | \r | |
222 | **/\r | |
223 | EFI_STATUS\r | |
224 | EFIAPI\r | |
225 | AuthVariableLibInitialize (\r | |
226 | IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,\r | |
227 | OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut\r | |
228 | );\r | |
229 | \r | |
230 | /**\r | |
231 | Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r | |
232 | \r | |
233 | @param[in] VariableName Name of the variable.\r | |
234 | @param[in] VendorGuid Variable vendor GUID.\r | |
235 | @param[in] Data Data pointer.\r | |
236 | @param[in] DataSize Size of Data.\r | |
237 | @param[in] Attributes Attribute value of the variable.\r | |
238 | \r | |
239 | @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r | |
240 | defined by the Attributes.\r | |
241 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
242 | @retval EFI_WRITE_PROTECTED Variable is write-protected.\r | |
243 | @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r | |
244 | @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r | |
245 | or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS\r | |
246 | set, but the AuthInfo does NOT pass the validation\r | |
247 | check carried out by the firmware.\r | |
248 | @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r | |
249 | \r | |
250 | **/\r | |
251 | EFI_STATUS\r | |
252 | EFIAPI\r | |
253 | AuthVariableLibProcessVariable (\r | |
254 | IN CHAR16 *VariableName,\r | |
255 | IN EFI_GUID *VendorGuid,\r | |
256 | IN VOID *Data,\r | |
257 | IN UINTN DataSize,\r | |
258 | IN UINT32 Attributes\r | |
259 | );\r | |
260 | \r | |
261 | #endif\r |