]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg: Cleanup unused structure definition
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.h
1 /** @file
2 The header file of HII Config Access protocol implementation of SecureBoot
3 configuration module.
4
5 Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef __SECUREBOOT_CONFIG_IMPL_H__
17 #define __SECUREBOOT_CONFIG_IMPL_H__
18
19 #include <Uefi.h>
20
21 #include <Protocol/HiiConfigAccess.h>
22 #include <Protocol/HiiConfigRouting.h>
23 #include <Protocol/SimpleFileSystem.h>
24 #include <Protocol/BlockIo.h>
25 #include <Protocol/DevicePath.h>
26 #include <Protocol/DebugPort.h>
27 #include <Protocol/LoadFile.h>
28
29 #include <Library/BaseLib.h>
30 #include <Library/BaseMemoryLib.h>
31 #include <Library/DebugLib.h>
32 #include <Library/MemoryAllocationLib.h>
33 #include <Library/UefiBootServicesTableLib.h>
34 #include <Library/UefiRuntimeServicesTableLib.h>
35 #include <Library/UefiHiiServicesLib.h>
36 #include <Library/UefiLib.h>
37 #include <Library/HiiLib.h>
38 #include <Library/DevicePathLib.h>
39 #include <Library/PrintLib.h>
40 #include <Library/PlatformSecureLib.h>
41 #include <Library/BaseCryptLib.h>
42 #include <Library/FileExplorerLib.h>
43
44 #include <Guid/MdeModuleHii.h>
45 #include <Guid/AuthenticatedVariableFormat.h>
46 #include <Guid/FileSystemVolumeLabelInfo.h>
47 #include <Guid/ImageAuthentication.h>
48 #include <Guid/FileInfo.h>
49
50 #include "SecureBootConfigNvData.h"
51
52 //
53 // Tool generated IFR binary data and String package data
54 //
55 extern UINT8 SecureBootConfigBin[];
56 extern UINT8 SecureBootConfigDxeStrings[];
57
58 //
59 // Shared IFR form update data
60 //
61 extern VOID *mStartOpCodeHandle;
62 extern VOID *mEndOpCodeHandle;
63 extern EFI_IFR_GUID_LABEL *mStartLabel;
64 extern EFI_IFR_GUID_LABEL *mEndLabel;
65
66 #define MAX_CHAR 480
67 #define TWO_BYTE_ENCODE 0x82
68
69 //
70 // SHA-1 digest size in bytes.
71 //
72 #define SHA1_DIGEST_SIZE 20
73 //
74 // SHA-256 digest size in bytes
75 //
76 #define SHA256_DIGEST_SIZE 32
77 //
78 // SHA-384 digest size in bytes
79 //
80 #define SHA384_DIGEST_SIZE 48
81 //
82 // SHA-512 digest size in bytes
83 //
84 #define SHA512_DIGEST_SIZE 64
85
86 //
87 // Set max digest size as SHA512 Output (64 bytes) by far
88 //
89 #define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
90
91 #define WIN_CERT_UEFI_RSA2048_SIZE 256
92
93 //
94 // Support hash types
95 //
96 #define HASHALG_SHA1 0x00000000
97 #define HASHALG_SHA224 0x00000001
98 #define HASHALG_SHA256 0x00000002
99 #define HASHALG_SHA384 0x00000003
100 #define HASHALG_SHA512 0x00000004
101 #define HASHALG_RAW 0x00000005
102 #define HASHALG_MAX 0x00000005
103
104
105 typedef struct {
106 UINTN Signature;
107 LIST_ENTRY Head;
108 UINTN MenuNumber;
109 } SECUREBOOT_MENU_OPTION;
110
111 typedef struct {
112 EFI_FILE_HANDLE FHandle;
113 UINT16 *FileName;
114 } SECUREBOOT_FILE_CONTEXT;
115
116
117 //
118 // We define another format of 5th directory entry: security directory
119 //
120 typedef struct {
121 UINT32 Offset; // Offset of certificate
122 UINT32 SizeOfCert; // size of certificate appended
123 } EFI_IMAGE_SECURITY_DATA_DIRECTORY;
124
125 typedef enum{
126 ImageType_IA32,
127 ImageType_X64
128 } IMAGE_TYPE;
129
130 ///
131 /// HII specific Vendor Device Path definition.
132 ///
133 typedef struct {
134 VENDOR_DEVICE_PATH VendorDevicePath;
135 EFI_DEVICE_PATH_PROTOCOL End;
136 } HII_VENDOR_DEVICE_PATH;
137
138 typedef struct {
139 UINTN Signature;
140
141 EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
142 EFI_HII_HANDLE HiiHandle;
143 EFI_HANDLE DriverHandle;
144
145 SECUREBOOT_FILE_CONTEXT *FileContext;
146
147 EFI_GUID *SignatureGUID;
148 } SECUREBOOT_CONFIG_PRIVATE_DATA;
149
150 extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
151 extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;
152
153 #define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
154 #define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
155
156 //
157 // Cryptograhpic Key Information
158 //
159 #pragma pack(1)
160 typedef struct _CPL_KEY_INFO {
161 UINT32 KeyLengthInBits; // Key Length In Bits
162 UINT32 BlockSize; // Operation Block Size in Bytes
163 UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
164 UINT32 KeyType; // Key Type
165 UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
166 UINT32 Flags; // Additional Key Property Flags
167 } CPL_KEY_INFO;
168 #pragma pack()
169
170
171 /**
172 Retrieves the size, in bytes, of the context buffer required for hash operations.
173
174 @return The size, in bytes, of the context buffer required for hash operations.
175
176 **/
177 typedef
178 EFI_STATUS
179 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
180 VOID
181 );
182
183 /**
184 Initializes user-supplied memory pointed by HashContext as hash context for
185 subsequent use.
186
187 If HashContext is NULL, then ASSERT().
188
189 @param[in, out] HashContext Pointer to Context being initialized.
190
191 @retval TRUE HASH context initialization succeeded.
192 @retval FALSE HASH context initialization failed.
193
194 **/
195 typedef
196 BOOLEAN
197 (EFIAPI *HASH_INIT)(
198 IN OUT VOID *HashContext
199 );
200
201
202 /**
203 Performs digest on a data buffer of the specified length. This function can
204 be called multiple times to compute the digest of long or discontinuous data streams.
205
206 If HashContext is NULL, then ASSERT().
207
208 @param[in, out] HashContext Pointer to the MD5 context.
209 @param[in] Data Pointer to the buffer containing the data to be hashed.
210 @param[in] DataLength Length of Data buffer in bytes.
211
212 @retval TRUE HASH data digest succeeded.
213 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
214 HASH context cannot be reused.
215
216 **/
217 typedef
218 BOOLEAN
219 (EFIAPI *HASH_UPDATE)(
220 IN OUT VOID *HashContext,
221 IN CONST VOID *Data,
222 IN UINTN DataLength
223 );
224
225 /**
226 Completes hash computation and retrieves the digest value into the specified
227 memory. After this function has been called, the context cannot be used again.
228
229 If HashContext is NULL, then ASSERT().
230 If HashValue is NULL, then ASSERT().
231
232 @param[in, out] HashContext Pointer to the MD5 context
233 @param[out] HashValue Pointer to a buffer that receives the HASH digest
234 value (16 bytes).
235
236 @retval TRUE HASH digest computation succeeded.
237 @retval FALSE HASH digest computation failed.
238
239 **/
240 typedef
241 BOOLEAN
242 (EFIAPI *HASH_FINAL)(
243 IN OUT VOID *HashContext,
244 OUT UINT8 *HashValue
245 );
246
247 //
248 // Hash Algorithm Table
249 //
250 typedef struct {
251 CHAR16 *Name; ///< Name for Hash Algorithm
252 UINTN DigestLength; ///< Digest Length
253 UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
254 UINTN OidLength; ///< Length of Hash OID Value
255 HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
256 HASH_INIT HashInit; ///< Pointer to Hash Init function
257 HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function
258 HASH_FINAL HashFinal; ///< Pointer to Hash Final function
259 } HASH_TABLE;
260
261 typedef struct {
262 WIN_CERTIFICATE Hdr;
263 UINT8 CertData[1];
264 } WIN_CERTIFICATE_EFI_PKCS;
265
266
267 /**
268 This function publish the SecureBoot configuration Form.
269
270 @param[in, out] PrivateData Points to SecureBoot configuration private data.
271
272 @retval EFI_SUCCESS HII Form is installed successfully.
273 @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
274 @retval Others Other errors as indicated.
275
276 **/
277 EFI_STATUS
278 InstallSecureBootConfigForm (
279 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
280 );
281
282
283 /**
284 This function removes SecureBoot configuration Form.
285
286 @param[in, out] PrivateData Points to SecureBoot configuration private data.
287
288 **/
289 VOID
290 UninstallSecureBootConfigForm (
291 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
292 );
293
294
295 /**
296 This function allows a caller to extract the current configuration for one
297 or more named elements from the target driver.
298
299 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
300 @param[in] Request A null-terminated Unicode string in
301 <ConfigRequest> format.
302 @param[out] Progress On return, points to a character in the Request
303 string. Points to the string's null terminator if
304 request was successful. Points to the most recent
305 '&' before the first failing name/value pair (or
306 the beginning of the string if the failure is in
307 the first name/value pair) if the request was not
308 successful.
309 @param[out] Results A null-terminated Unicode string in
310 <ConfigAltResp> format which has all values filled
311 in for the names in the Request string. String to
312 be allocated by the called function.
313
314 @retval EFI_SUCCESS The Results is filled with the requested values.
315 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
316 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
317 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
318 driver.
319
320 **/
321 EFI_STATUS
322 EFIAPI
323 SecureBootExtractConfig (
324 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
325 IN CONST EFI_STRING Request,
326 OUT EFI_STRING *Progress,
327 OUT EFI_STRING *Results
328 );
329
330
331 /**
332 This function processes the results of changes in configuration.
333
334 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
335 @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
336 format.
337 @param[out] Progress A pointer to a string filled in with the offset of
338 the most recent '&' before the first failing
339 name/value pair (or the beginning of the string if
340 the failure is in the first name/value pair) or
341 the terminating NULL if all was successful.
342
343 @retval EFI_SUCCESS The Results is processed successfully.
344 @retval EFI_INVALID_PARAMETER Configuration is NULL.
345 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
346 driver.
347
348 **/
349 EFI_STATUS
350 EFIAPI
351 SecureBootRouteConfig (
352 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
353 IN CONST EFI_STRING Configuration,
354 OUT EFI_STRING *Progress
355 );
356
357
358 /**
359 This function processes the results of changes in configuration.
360
361 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
362 @param[in] Action Specifies the type of action taken by the browser.
363 @param[in] QuestionId A unique value which is sent to the original
364 exporting driver so that it can identify the type
365 of data to expect.
366 @param[in] Type The type of value for the question.
367 @param[in] Value A pointer to the data being sent to the original
368 exporting driver.
369 @param[out] ActionRequest On return, points to the action requested by the
370 callback function.
371
372 @retval EFI_SUCCESS The callback successfully handled the action.
373 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
374 variable and its data.
375 @retval EFI_DEVICE_ERROR The variable could not be saved.
376 @retval EFI_UNSUPPORTED The specified Action is not supported by the
377 callback.
378
379 **/
380 EFI_STATUS
381 EFIAPI
382 SecureBootCallback (
383 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
384 IN EFI_BROWSER_ACTION Action,
385 IN EFI_QUESTION_ID QuestionId,
386 IN UINT8 Type,
387 IN EFI_IFR_TYPE_VALUE *Value,
388 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
389 );
390
391
392 /**
393 This function converts an input device structure to a Unicode string.
394
395 @param[in] DevPath A pointer to the device path structure.
396
397 @return A new allocated Unicode string that represents the device path.
398
399 **/
400 CHAR16 *
401 EFIAPI
402 DevicePathToStr (
403 IN EFI_DEVICE_PATH_PROTOCOL *DevPath
404 );
405
406
407 /**
408 Clean up the dynamic opcode at label and form specified by both LabelId.
409
410 @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
411 @param[in] PrivateData Module private data.
412
413 **/
414 VOID
415 CleanUpPage (
416 IN UINT16 LabelId,
417 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
418 );
419
420
421 /**
422 Read file content into BufferPtr, the size of the allocate buffer
423 is *FileSize plus AddtionAllocateSize.
424
425 @param[in] FileHandle The file to be read.
426 @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
427 @param[out] FileSize Size of input file
428 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
429 In case the buffer need to contain others besides the file content.
430
431 @retval EFI_SUCCESS The file was read into the buffer.
432 @retval EFI_INVALID_PARAMETER A parameter was invalid.
433 @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
434 @retval others Unexpected error.
435
436 **/
437 EFI_STATUS
438 ReadFileContent (
439 IN EFI_FILE_HANDLE FileHandle,
440 IN OUT VOID **BufferPtr,
441 OUT UINTN *FileSize,
442 IN UINTN AddtionAllocateSize
443 );
444
445
446 /**
447 Close an open file handle.
448
449 @param[in] FileHandle The file handle to close.
450
451 **/
452 VOID
453 CloseFile (
454 IN EFI_FILE_HANDLE FileHandle
455 );
456
457
458 /**
459 Converts a nonnegative integer to an octet string of a specified length.
460
461 @param[in] Integer Pointer to the nonnegative integer to be converted
462 @param[in] IntSizeInWords Length of integer buffer in words
463 @param[out] OctetString Converted octet string of the specified length
464 @param[in] OSSizeInBytes Intended length of resulting octet string in bytes
465
466 Returns:
467
468 @retval EFI_SUCCESS Data conversion successfully
469 @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
470
471 **/
472 EFI_STATUS
473 EFIAPI
474 Int2OctStr (
475 IN CONST UINTN *Integer,
476 IN UINTN IntSizeInWords,
477 OUT UINT8 *OctetString,
478 IN UINTN OSSizeInBytes
479 );
480
481
482 /**
483 Convert a String to Guid Value.
484
485 @param[in] Str Specifies the String to be converted.
486 @param[in] StrLen Number of Unicode Characters of String (exclusive \0)
487 @param[out] Guid Return the result Guid value.
488
489 @retval EFI_SUCCESS The operation is finished successfully.
490 @retval EFI_NOT_FOUND Invalid string.
491
492 **/
493 EFI_STATUS
494 StringToGuid (
495 IN CHAR16 *Str,
496 IN UINTN StrLen,
497 OUT EFI_GUID *Guid
498 );
499
500
501 /**
502 Worker function that prints an EFI_GUID into specified Buffer.
503
504 @param[in] Guid Pointer to GUID to print.
505 @param[in] Buffer Buffer to print Guid into.
506 @param[in] BufferSize Size of Buffer.
507
508 @retval Number of characters printed.
509
510 **/
511 UINTN
512 GuidToString (
513 IN EFI_GUID *Guid,
514 IN CHAR16 *Buffer,
515 IN UINTN BufferSize
516 );
517
518 /**
519 Update the PK form base on the input file path info.
520
521 @param FilePath Point to the file path.
522
523 @retval TRUE Exit caller function.
524 @retval FALSE Not exit caller function.
525 **/
526 BOOLEAN
527 EFIAPI
528 UpdatePKFromFile (
529 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
530 );
531
532 /**
533 Update the KEK form base on the input file path info.
534
535 @param FilePath Point to the file path.
536
537 @retval TRUE Exit caller function.
538 @retval FALSE Not exit caller function.
539 **/
540 BOOLEAN
541 EFIAPI
542 UpdateKEKFromFile (
543 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
544 );
545
546 /**
547 Update the DB form base on the input file path info.
548
549 @param FilePath Point to the file path.
550
551 @retval TRUE Exit caller function.
552 @retval FALSE Not exit caller function.
553 **/
554 BOOLEAN
555 EFIAPI
556 UpdateDBFromFile (
557 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
558 );
559
560 /**
561 Update the DBX form base on the input file path info.
562
563 @param FilePath Point to the file path.
564
565 @retval TRUE Exit caller function.
566 @retval FALSE Not exit caller function.
567 **/
568 BOOLEAN
569 EFIAPI
570 UpdateDBXFromFile (
571 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
572 );
573
574 /**
575 Update the DBT form base on the input file path info.
576
577 @param FilePath Point to the file path.
578
579 @retval TRUE Exit caller function.
580 @retval FALSE Not exit caller function.
581 **/
582 BOOLEAN
583 EFIAPI
584 UpdateDBTFromFile (
585 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
586 );
587
588 #endif
EFI Development Kit II mirror for PVE