2 The internal header file includes the common header files, defines
3 internal structure and functions used by AuthService module.
5 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #ifndef _AUTHSERVICE_H_
17 #define _AUTHSERVICE_H_
19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
20 #define EFI_CERT_TYPE_RSA2048_SIZE 256
23 /// Size of AuthInfo prior to the data payload.
25 #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
26 (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
27 sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
29 #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
30 (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
32 #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
33 (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
36 /// "AuthVarKeyDatabase" variable for the Public Key store.
38 #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
39 #define AUTHVAR_KEYDB_NAME_SIZE 38
42 /// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
44 #define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)
45 #define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
48 /// Struct to record signature requirement defined by UEFI spec.
49 /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.
53 // Expected SignatureHeader size in Bytes.
55 // Expected SignatureData size in Bytes.
71 /// CHAR16 VariableName[NameSize];
72 /// UINT8 CertData[CertDataSize];
77 Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
79 @param[in] VariableName Name of Variable to be found.
80 @param[in] VendorGuid Variable vendor GUID.
82 @param[in] Data Data pointer.
83 @param[in] DataSize Size of Data found. If size is less than the
84 data, this value contains the required size.
85 @param[in] Variable The variable information which is used to keep track of variable usage.
86 @param[in] Attributes Attribute value of the variable.
88 @return EFI_INVALID_PARAMETER Invalid parameter
89 @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
90 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
91 @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
92 set, but the AuthInfo does NOT pass the validation
93 check carried out by the firmware.
94 @return EFI_SUCCESS Variable is not write-protected, or passed validation successfully.
99 IN CHAR16
*VariableName
,
100 IN EFI_GUID
*VendorGuid
,
103 IN VARIABLE_POINTER_TRACK
*Variable
,
108 Update platform mode.
110 @param[in] Mode SETUP_MODE or USER_MODE.
112 @return EFI_INVALID_PARAMETER Invalid parameter.
113 @return EFI_SUCCESS Update platform mode successfully.
122 Initializes for authenticated varibale service.
124 @retval EFI_SUCCESS Function successfully executed.
125 @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.
129 AutenticatedVariableServiceInitialize (
134 Initializes for cryptlib service before use, include register algrithm and allocate scratch.
138 CryptLibraryInitialize (
143 Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK variable.
145 @param[in] VariableName Name of Variable to be check.
146 @param[in] VendorGuid Variable vendor GUID.
147 @param[in] Data Point to the variable data to be checked.
148 @param[in] DataSize Size of Data.
150 @return EFI_INVALID_PARAMETER Invalid signature list format.
151 @return EFI_SUCCESS Passed signature list format check successfully.
155 CheckSignatureListFormat(
156 IN CHAR16
*VariableName
,
157 IN EFI_GUID
*VendorGuid
,
163 Process variable with platform key for verification.
165 @param[in] VariableName Name of Variable to be found.
166 @param[in] VendorGuid Variable vendor GUID.
167 @param[in] Data Data pointer.
168 @param[in] DataSize Size of Data found. If size is less than the
169 data, this value contains the required size.
170 @param[in] Variable The variable information which is used to keep track of variable usage.
171 @param[in] Attributes Attribute value of the variable.
172 @param[in] IsPk Indicate whether it is to process pk.
174 @return EFI_INVALID_PARAMETER Invalid parameter
175 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
176 check carried out by the firmware.
177 @return EFI_SUCCESS Variable passed validation successfully.
182 IN CHAR16
*VariableName
,
183 IN EFI_GUID
*VendorGuid
,
186 IN VARIABLE_POINTER_TRACK
*Variable
,
187 IN UINT32 Attributes OPTIONAL
,
192 Process variable with key exchange key for verification.
194 @param[in] VariableName Name of Variable to be found.
195 @param[in] VendorGuid Variable vendor GUID.
196 @param[in] Data Data pointer.
197 @param[in] DataSize Size of Data found. If size is less than the
198 data, this value contains the required size.
199 @param[in] Variable The variable information that is used to keep track of variable usage.
200 @param[in] Attributes Attribute value of the variable.
202 @return EFI_INVALID_PARAMETER Invalid parameter.
203 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
204 check carried out by the firmware.
205 @return EFI_SUCCESS Variable passed validation successfully.
210 IN CHAR16
*VariableName
,
211 IN EFI_GUID
*VendorGuid
,
214 IN VARIABLE_POINTER_TRACK
*Variable
,
215 IN UINT32 Attributes OPTIONAL
219 Merge two buffers which formatted as EFI_SIGNATURE_LIST. Only the new EFI_SIGNATURE_DATA
220 will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA
223 @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.
224 @param[in] DataSize Size of Data buffer.
225 @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.
226 @param[in] NewDataSize Size of NewData buffer.
228 @return Size of the merged buffer.
232 AppendSignatureList (
240 Compare two EFI_TIME data.
243 @param FirstTime A pointer to the first EFI_TIME data.
244 @param SecondTime A pointer to the second EFI_TIME data.
246 @retval TRUE The FirstTime is not later than the SecondTime.
247 @retval FALSE The FirstTime is later than the SecondTime.
252 IN EFI_TIME
*FirstTime
,
253 IN EFI_TIME
*SecondTime
258 Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
260 @param[in] VariableName Name of Variable to be found.
261 @param[in] VendorGuid Variable vendor GUID.
262 @param[in] Data Data pointer.
263 @param[in] DataSize Size of Data found. If size is less than the
264 data, this value contains the required size.
265 @param[in] Variable The variable information which is used to keep track of variable usage.
266 @param[in] Attributes Attribute value of the variable.
267 @param[in] AuthVarType Verify against PK or KEK database or private database.
268 @param[out] VarDel Delete the variable or not.
270 @retval EFI_INVALID_PARAMETER Invalid parameter.
271 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
272 check carried out by the firmware.
273 @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack
275 @retval EFI_SUCCESS Variable pass validation successfully.
279 VerifyTimeBasedPayload (
280 IN CHAR16
*VariableName
,
281 IN EFI_GUID
*VendorGuid
,
284 IN VARIABLE_POINTER_TRACK
*Variable
,
285 IN UINT32 Attributes
,
286 IN AUTHVAR_TYPE AuthVarType
,
290 extern UINT8 mPubKeyStore
[MAX_KEYDB_SIZE
];
291 extern UINT32 mPubKeyNumber
;
292 extern VOID
*mHashCtx
;
293 extern VOID
*mStorageArea
;
294 extern UINT8
*mSerializationRuntimeBuffer
;