]>
Commit | Line | Data |
---|---|---|
a6811666 SZ |
1 | /** @file\r |
2 | The internal header file includes the common header files, defines\r | |
3 | internal structure and functions used by AuthService module.\r | |
4 | \r | |
5 | Caution: This module requires additional review when modified.\r | |
6 | This driver will have external input - variable data. It may be input in SMM mode.\r | |
7 | This external input must be validated carefully to avoid security issue like\r | |
8 | buffer overflow, integer overflow.\r | |
9 | Variable attribute should also be checked to avoid authentication bypass.\r | |
10 | The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r | |
11 | which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r | |
12 | may not be modified without authorization. If platform fails to protect these resources,\r | |
13 | the authentication service provided in this driver will be broken, and the behavior is undefined.\r | |
14 | \r | |
98c2d961 | 15 | Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r |
a6811666 SZ |
16 | This program and the accompanying materials\r |
17 | are licensed and made available under the terms and conditions of the BSD License\r | |
18 | which accompanies this distribution. The full text of the license may be found at\r | |
19 | http://opensource.org/licenses/bsd-license.php\r | |
20 | \r | |
21 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
22 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
23 | \r | |
24 | **/\r | |
25 | \r | |
26 | #ifndef _AUTHSERVICE_INTERNAL_H_\r | |
27 | #define _AUTHSERVICE_INTERNAL_H_\r | |
28 | \r | |
29 | #include <Library/AuthVariableLib.h>\r | |
30 | #include <Library/BaseLib.h>\r | |
31 | #include <Library/BaseMemoryLib.h>\r | |
32 | #include <Library/DebugLib.h>\r | |
33 | #include <Library/MemoryAllocationLib.h>\r | |
34 | #include <Library/BaseCryptLib.h>\r | |
35 | #include <Library/PlatformSecureLib.h>\r | |
36 | \r | |
37 | #include <Guid/AuthenticatedVariableFormat.h>\r | |
38 | #include <Guid/ImageAuthentication.h>\r | |
39 | \r | |
40 | ///\r | |
41 | /// Struct to record signature requirement defined by UEFI spec.\r | |
42 | /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.\r | |
43 | ///\r | |
44 | typedef struct {\r | |
45 | EFI_GUID SigType;\r | |
46 | // Expected SignatureHeader size in Bytes.\r | |
47 | UINT32 SigHeaderSize;\r | |
48 | // Expected SignatureData size in Bytes.\r | |
49 | UINT32 SigDataSize;\r | |
50 | } EFI_SIGNATURE_ITEM;\r | |
51 | \r | |
52 | typedef enum {\r | |
53 | AuthVarTypePk,\r | |
54 | AuthVarTypeKek,\r | |
55 | AuthVarTypePriv,\r | |
56 | AuthVarTypePayload\r | |
57 | } AUTHVAR_TYPE;\r | |
58 | \r | |
59 | ///\r | |
60 | /// "AuthVarKeyDatabase" variable for the Public Key store\r | |
61 | /// of variables with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r | |
62 | ///\r | |
63 | /// GUID: gEfiAuthenticatedVariableGuid\r | |
64 | ///\r | |
65 | /// We need maintain atomicity.\r | |
66 | ///\r | |
67 | /// Format:\r | |
68 | /// +----------------------------+\r | |
69 | /// | AUTHVAR_KEY_DB_DATA | <-- First AuthVarKey\r | |
70 | /// +----------------------------+\r | |
71 | /// | ...... |\r | |
72 | /// +----------------------------+\r | |
73 | /// | AUTHVAR_KEY_DB_DATA | <-- Last AuthKey\r | |
74 | /// +----------------------------+\r | |
75 | ///\r | |
76 | #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"\r | |
77 | \r | |
78 | #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r | |
79 | #define EFI_CERT_TYPE_RSA2048_SIZE 256\r | |
80 | \r | |
81 | #pragma pack(1)\r | |
82 | typedef struct {\r | |
83 | UINT32 KeyIndex;\r | |
84 | UINT8 KeyData[EFI_CERT_TYPE_RSA2048_SIZE];\r | |
85 | } AUTHVAR_KEY_DB_DATA;\r | |
86 | #pragma pack()\r | |
87 | \r | |
88 | ///\r | |
98c2d961 CZ |
89 | /// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r |
90 | /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS|EFI_VARIABLE_NON_VOLATILE set.\r | |
91 | /// "certdbv" variable stores the signer's certificates for non PK/KEK/DB/DBX\r | |
92 | /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r | |
a6811666 SZ |
93 | ///\r |
94 | /// GUID: gEfiCertDbGuid\r | |
95 | ///\r | |
96 | /// We need maintain atomicity.\r | |
97 | ///\r | |
98 | /// Format:\r | |
99 | /// +----------------------------+\r | |
100 | /// | UINT32 | <-- CertDbListSize, including this UINT32\r | |
101 | /// +----------------------------+\r | |
102 | /// | AUTH_CERT_DB_DATA | <-- First CERT\r | |
103 | /// +----------------------------+\r | |
104 | /// | ........ |\r | |
105 | /// +----------------------------+\r | |
106 | /// | AUTH_CERT_DB_DATA | <-- Last CERT\r | |
107 | /// +----------------------------+\r | |
108 | ///\r | |
98c2d961 CZ |
109 | #define EFI_CERT_DB_NAME L"certdb"\r |
110 | #define EFI_CERT_DB_VOLATILE_NAME L"certdbv"\r | |
a6811666 SZ |
111 | \r |
112 | #pragma pack(1)\r | |
113 | typedef struct {\r | |
114 | EFI_GUID VendorGuid;\r | |
115 | UINT32 CertNodeSize;\r | |
116 | UINT32 NameSize;\r | |
117 | UINT32 CertDataSize;\r | |
118 | /// CHAR16 VariableName[NameSize];\r | |
119 | /// UINT8 CertData[CertDataSize];\r | |
120 | } AUTH_CERT_DB_DATA;\r | |
121 | #pragma pack()\r | |
122 | \r | |
123 | extern UINT8 *mPubKeyStore;\r | |
124 | extern UINT32 mPubKeyNumber;\r | |
125 | extern UINT32 mMaxKeyNumber;\r | |
126 | extern UINT32 mMaxKeyDbSize;\r | |
127 | extern UINT8 *mCertDbStore;\r | |
128 | extern UINT32 mMaxCertDbSize;\r | |
129 | extern UINT32 mPlatformMode;\r | |
130 | extern UINT8 mVendorKeyState;\r | |
90fa5321 | 131 | extern BOOLEAN mUserPhysicalPresent;\r |
a6811666 SZ |
132 | \r |
133 | extern VOID *mHashCtx;\r | |
134 | \r | |
135 | extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;\r | |
136 | \r | |
4fc08e8d | 137 | \r |
a6811666 SZ |
138 | /**\r |
139 | Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r | |
140 | \r | |
141 | Caution: This function may receive untrusted input.\r | |
142 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
143 | This function will do basic validation, before parse the data.\r | |
144 | This function will parse the authentication carefully to avoid security issues, like\r | |
145 | buffer overflow, integer overflow.\r | |
146 | \r | |
147 | @param[in] VariableName Name of Variable to be found.\r | |
148 | @param[in] VendorGuid Variable vendor GUID.\r | |
149 | @param[in] Data Data pointer.\r | |
150 | @param[in] DataSize Size of Data found. If size is less than the\r | |
151 | data, this value contains the required size.\r | |
152 | @param[in] Attributes Attribute value of the variable.\r | |
153 | @param[in] AuthVarType Verify against PK, KEK database, private database or certificate in data payload.\r | |
154 | @param[out] VarDel Delete the variable or not.\r | |
155 | \r | |
156 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
157 | @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r | |
158 | check carried out by the firmware.\r | |
159 | @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack\r | |
160 | of resources.\r | |
161 | @retval EFI_SUCCESS Variable pass validation successfully.\r | |
162 | \r | |
163 | **/\r | |
164 | EFI_STATUS\r | |
165 | VerifyTimeBasedPayloadAndUpdate (\r | |
166 | IN CHAR16 *VariableName,\r | |
167 | IN EFI_GUID *VendorGuid,\r | |
168 | IN VOID *Data,\r | |
169 | IN UINTN DataSize,\r | |
170 | IN UINT32 Attributes,\r | |
171 | IN AUTHVAR_TYPE AuthVarType,\r | |
172 | OUT BOOLEAN *VarDel\r | |
173 | );\r | |
174 | \r | |
175 | /**\r | |
176 | Delete matching signer's certificates when deleting common authenticated\r | |
98c2d961 CZ |
177 | variable by corresponding VariableName and VendorGuid from "certdb" or \r |
178 | "certdbv" according to authenticated variable attributes.\r | |
a6811666 SZ |
179 | \r |
180 | @param[in] VariableName Name of authenticated Variable.\r | |
181 | @param[in] VendorGuid Vendor GUID of authenticated Variable.\r | |
98c2d961 | 182 | @param[in] Attributes Attributes of authenticated variable.\r |
a6811666 SZ |
183 | \r |
184 | @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r | |
98c2d961 | 185 | @retval EFI_NOT_FOUND Fail to find "certdb"/"certdbv" or matching certs.\r |
a6811666 SZ |
186 | @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r |
187 | @retval EFI_SUCCESS The operation is completed successfully.\r | |
188 | \r | |
189 | **/\r | |
190 | EFI_STATUS\r | |
191 | DeleteCertsFromDb (\r | |
192 | IN CHAR16 *VariableName,\r | |
98c2d961 CZ |
193 | IN EFI_GUID *VendorGuid,\r |
194 | IN UINT32 Attributes\r | |
a6811666 SZ |
195 | );\r |
196 | \r | |
64b6a3ff CZ |
197 | /**\r |
198 | Clean up signer's certificates for common authenticated variable\r | |
199 | by corresponding VariableName and VendorGuid from "certdb".\r | |
200 | Sytem may break down during Timebased Variable update & certdb update,\r | |
201 | make them inconsistent, this function is called in AuthVariable Init to ensure \r | |
202 | consistency\r | |
203 | \r | |
204 | @retval EFI_NOT_FOUND Fail to find matching certs.\r | |
205 | @retval EFI_SUCCESS Find matching certs and output parameters.\r | |
206 | \r | |
207 | **/\r | |
208 | EFI_STATUS\r | |
209 | CleanCertsFromDb (\r | |
210 | VOID\r | |
211 | );\r | |
212 | \r | |
a6811666 SZ |
213 | /**\r |
214 | Filter out the duplicated EFI_SIGNATURE_DATA from the new data by comparing to the original data.\r | |
215 | \r | |
216 | @param[in] Data Pointer to original EFI_SIGNATURE_LIST.\r | |
217 | @param[in] DataSize Size of Data buffer.\r | |
218 | @param[in, out] NewData Pointer to new EFI_SIGNATURE_LIST.\r | |
219 | @param[in, out] NewDataSize Size of NewData buffer.\r | |
220 | \r | |
221 | **/\r | |
222 | EFI_STATUS\r | |
223 | FilterSignatureList (\r | |
224 | IN VOID *Data,\r | |
225 | IN UINTN DataSize,\r | |
226 | IN OUT VOID *NewData,\r | |
227 | IN OUT UINTN *NewDataSize\r | |
228 | );\r | |
229 | \r | |
230 | /**\r | |
231 | Process variable with platform key for verification.\r | |
232 | \r | |
233 | Caution: This function may receive untrusted input.\r | |
234 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
235 | This function will do basic validation, before parse the data.\r | |
236 | This function will parse the authentication carefully to avoid security issues, like\r | |
237 | buffer overflow, integer overflow.\r | |
238 | This function will check attribute carefully to avoid authentication bypass.\r | |
239 | \r | |
240 | @param[in] VariableName Name of Variable to be found.\r | |
241 | @param[in] VendorGuid Variable vendor GUID.\r | |
242 | @param[in] Data Data pointer.\r | |
243 | @param[in] DataSize Size of Data found. If size is less than the\r | |
244 | data, this value contains the required size.\r | |
245 | @param[in] Attributes Attribute value of the variable\r | |
246 | @param[in] IsPk Indicate whether it is to process pk.\r | |
247 | \r | |
248 | @return EFI_INVALID_PARAMETER Invalid parameter.\r | |
249 | @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation.\r | |
250 | check carried out by the firmware.\r | |
251 | @return EFI_SUCCESS Variable passed validation successfully.\r | |
252 | \r | |
253 | **/\r | |
254 | EFI_STATUS\r | |
255 | ProcessVarWithPk (\r | |
256 | IN CHAR16 *VariableName,\r | |
257 | IN EFI_GUID *VendorGuid,\r | |
258 | IN VOID *Data,\r | |
259 | IN UINTN DataSize,\r | |
260 | IN UINT32 Attributes OPTIONAL,\r | |
261 | IN BOOLEAN IsPk\r | |
262 | );\r | |
263 | \r | |
264 | /**\r | |
265 | Process variable with key exchange key for verification.\r | |
266 | \r | |
267 | Caution: This function may receive untrusted input.\r | |
268 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
269 | This function will do basic validation, before parse the data.\r | |
270 | This function will parse the authentication carefully to avoid security issues, like\r | |
271 | buffer overflow, integer overflow.\r | |
272 | This function will check attribute carefully to avoid authentication bypass.\r | |
273 | \r | |
274 | @param[in] VariableName Name of Variable to be found.\r | |
275 | @param[in] VendorGuid Variable vendor GUID.\r | |
276 | @param[in] Data Data pointer.\r | |
277 | @param[in] DataSize Size of Data found. If size is less than the\r | |
278 | data, this value contains the required size.\r | |
279 | @param[in] Attributes Attribute value of the variable.\r | |
280 | \r | |
281 | @return EFI_INVALID_PARAMETER Invalid parameter.\r | |
282 | @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r | |
283 | check carried out by the firmware.\r | |
284 | @return EFI_SUCCESS Variable pass validation successfully.\r | |
285 | \r | |
286 | **/\r | |
287 | EFI_STATUS\r | |
288 | ProcessVarWithKek (\r | |
289 | IN CHAR16 *VariableName,\r | |
290 | IN EFI_GUID *VendorGuid,\r | |
291 | IN VOID *Data,\r | |
292 | IN UINTN DataSize,\r | |
293 | IN UINT32 Attributes OPTIONAL\r | |
294 | );\r | |
295 | \r | |
296 | /**\r | |
297 | Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r | |
298 | \r | |
299 | Caution: This function may receive untrusted input.\r | |
300 | This function may be invoked in SMM mode, and datasize and data are external input.\r | |
301 | This function will do basic validation, before parse the data.\r | |
302 | This function will parse the authentication carefully to avoid security issues, like\r | |
303 | buffer overflow, integer overflow.\r | |
304 | This function will check attribute carefully to avoid authentication bypass.\r | |
305 | \r | |
306 | @param[in] VariableName Name of the variable.\r | |
307 | @param[in] VendorGuid Variable vendor GUID.\r | |
308 | @param[in] Data Data pointer.\r | |
309 | @param[in] DataSize Size of Data.\r | |
310 | @param[in] Attributes Attribute value of the variable.\r | |
311 | \r | |
312 | @return EFI_INVALID_PARAMETER Invalid parameter.\r | |
313 | @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with\r | |
314 | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r | |
315 | @return EFI_OUT_OF_RESOURCES The Database to save the public key is full.\r | |
316 | @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r | |
317 | set, but the AuthInfo does NOT pass the validation\r | |
318 | check carried out by the firmware.\r | |
319 | @return EFI_SUCCESS Variable is not write-protected or pass validation successfully.\r | |
320 | \r | |
321 | **/\r | |
322 | EFI_STATUS\r | |
323 | ProcessVariable (\r | |
324 | IN CHAR16 *VariableName,\r | |
325 | IN EFI_GUID *VendorGuid,\r | |
326 | IN VOID *Data,\r | |
327 | IN UINTN DataSize,\r | |
98c2d961 | 328 | IN UINT32 Attributes\r |
a6811666 SZ |
329 | );\r |
330 | \r | |
331 | /**\r | |
332 | Finds variable in storage blocks of volatile and non-volatile storage areas.\r | |
333 | \r | |
334 | This code finds variable in storage blocks of volatile and non-volatile storage areas.\r | |
335 | If VariableName is an empty string, then we just return the first\r | |
336 | qualified variable without comparing VariableName and VendorGuid.\r | |
337 | \r | |
338 | @param[in] VariableName Name of the variable to be found.\r | |
339 | @param[in] VendorGuid Variable vendor GUID to be found.\r | |
340 | @param[out] Data Pointer to data address.\r | |
341 | @param[out] DataSize Pointer to data size.\r | |
342 | \r | |
343 | @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,\r | |
344 | while VendorGuid is NULL.\r | |
345 | @retval EFI_SUCCESS Variable successfully found.\r | |
346 | @retval EFI_NOT_FOUND Variable not found\r | |
347 | \r | |
348 | **/\r | |
349 | EFI_STATUS\r | |
350 | AuthServiceInternalFindVariable (\r | |
351 | IN CHAR16 *VariableName,\r | |
352 | IN EFI_GUID *VendorGuid,\r | |
353 | OUT VOID **Data,\r | |
354 | OUT UINTN *DataSize\r | |
355 | );\r | |
356 | \r | |
357 | /**\r | |
358 | Update the variable region with Variable information.\r | |
359 | \r | |
360 | @param[in] VariableName Name of variable.\r | |
361 | @param[in] VendorGuid Guid of variable.\r | |
362 | @param[in] Data Data pointer.\r | |
363 | @param[in] DataSize Size of Data.\r | |
364 | @param[in] Attributes Attribute value of the variable.\r | |
365 | \r | |
366 | @retval EFI_SUCCESS The update operation is success.\r | |
367 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
368 | @retval EFI_WRITE_PROTECTED Variable is write-protected.\r | |
369 | @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r | |
370 | \r | |
371 | **/\r | |
372 | EFI_STATUS\r | |
373 | AuthServiceInternalUpdateVariable (\r | |
374 | IN CHAR16 *VariableName,\r | |
375 | IN EFI_GUID *VendorGuid,\r | |
376 | IN VOID *Data,\r | |
377 | IN UINTN DataSize,\r | |
378 | IN UINT32 Attributes\r | |
379 | );\r | |
380 | \r | |
381 | /**\r | |
382 | Update the variable region with Variable information.\r | |
383 | \r | |
384 | @param[in] VariableName Name of variable.\r | |
385 | @param[in] VendorGuid Guid of variable.\r | |
386 | @param[in] Data Data pointer.\r | |
387 | @param[in] DataSize Size of Data.\r | |
388 | @param[in] Attributes Attribute value of the variable.\r | |
389 | @param[in] KeyIndex Index of associated public key.\r | |
390 | @param[in] MonotonicCount Value of associated monotonic count.\r | |
391 | \r | |
392 | @retval EFI_SUCCESS The update operation is success.\r | |
393 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
394 | @retval EFI_WRITE_PROTECTED Variable is write-protected.\r | |
395 | @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r | |
396 | \r | |
397 | **/\r | |
398 | EFI_STATUS\r | |
399 | AuthServiceInternalUpdateVariableWithMonotonicCount (\r | |
400 | IN CHAR16 *VariableName,\r | |
401 | IN EFI_GUID *VendorGuid,\r | |
402 | IN VOID *Data,\r | |
403 | IN UINTN DataSize,\r | |
404 | IN UINT32 Attributes,\r | |
405 | IN UINT32 KeyIndex,\r | |
406 | IN UINT64 MonotonicCount\r | |
407 | );\r | |
408 | \r | |
409 | /**\r | |
410 | Update the variable region with Variable information.\r | |
411 | \r | |
412 | @param[in] VariableName Name of variable.\r | |
413 | @param[in] VendorGuid Guid of variable.\r | |
414 | @param[in] Data Data pointer.\r | |
415 | @param[in] DataSize Size of Data.\r | |
416 | @param[in] Attributes Attribute value of the variable.\r | |
417 | @param[in] TimeStamp Value of associated TimeStamp.\r | |
418 | \r | |
419 | @retval EFI_SUCCESS The update operation is success.\r | |
420 | @retval EFI_INVALID_PARAMETER Invalid parameter.\r | |
421 | @retval EFI_WRITE_PROTECTED Variable is write-protected.\r | |
422 | @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r | |
423 | \r | |
424 | **/\r | |
425 | EFI_STATUS\r | |
426 | AuthServiceInternalUpdateVariableWithTimeStamp (\r | |
427 | IN CHAR16 *VariableName,\r | |
428 | IN EFI_GUID *VendorGuid,\r | |
429 | IN VOID *Data,\r | |
430 | IN UINTN DataSize,\r | |
431 | IN UINT32 Attributes,\r | |
432 | IN EFI_TIME *TimeStamp\r | |
433 | );\r | |
434 | \r | |
435 | #endif\r |