--- /dev/null
+/** @file\r
+ The header file of HII Config Access protocol implementation of SecureBoot\r
+ configuration module.\r
+\r
+Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __SECUREBOOT_CONFIG_IMPL_H__\r
+#define __SECUREBOOT_CONFIG_IMPL_H__\r
+\r
+#include <Uefi.h>\r
+\r
+#include <Protocol/HiiConfigAccess.h>\r
+#include <Protocol/HiiConfigRouting.h>\r
+#include <Protocol/SimpleFileSystem.h>\r
+#include <Protocol/BlockIo.h>\r
+#include <Protocol/DevicePath.h>\r
+#include <Protocol/DevicePathToText.h>\r
+#include <Protocol/DebugPort.h>\r
+#include <Protocol/LoadFile.h>\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/UefiHiiServicesLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/HiiLib.h>\r
+#include <Library/DevicePathLib.h>\r
+#include <Library/PrintLib.h>\r
+#include <Library/PlatformSecureLib.h>\r
+#include <Library/BaseCryptLib.h>\r
+#include <Guid/MdeModuleHii.h>\r
+#include <Guid/AuthenticatedVariableFormat.h>\r
+#include <Guid/FileSystemVolumeLabelInfo.h>\r
+#include <Guid/ImageAuthentication.h>\r
+#include <Guid/FileInfo.h>\r
+\r
+#include "SecureBootConfigNvData.h"\r
+\r
+//\r
+// Tool generated IFR binary data and String package data\r
+//\r
+extern UINT8 SecureBootConfigBin[];\r
+extern UINT8 SecureBootConfigDxeStrings[];\r
+\r
+//\r
+// Shared IFR form update data\r
+//\r
+extern VOID *mStartOpCodeHandle;\r
+extern VOID *mEndOpCodeHandle;\r
+extern EFI_IFR_GUID_LABEL *mStartLabel;\r
+extern EFI_IFR_GUID_LABEL *mEndLabel;\r
+\r
+#define MAX_CHAR 480\r
+#define TWO_BYTE_ENCODE 0x82\r
+\r
+//\r
+// SHA-1 digest size in bytes.\r
+//\r
+#define SHA1_DIGEST_SIZE 20\r
+//\r
+// SHA-256 digest size in bytes\r
+//\r
+#define SHA256_DIGEST_SIZE 32\r
+//\r
+// Set max digest size as SHA256 Output (32 bytes) by far\r
+//\r
+#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE\r
+\r
+#define WIN_CERT_UEFI_RSA2048_SIZE 256\r
+\r
+//\r
+// Support hash types\r
+//\r
+#define HASHALG_SHA1 0x00000000\r
+#define HASHALG_SHA224 0x00000001\r
+#define HASHALG_SHA256 0x00000002\r
+#define HASHALG_SHA384 0x00000003\r
+#define HASHALG_SHA512 0x00000004\r
+#define HASHALG_MAX 0x00000005\r
+\r
+\r
+#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')\r
+#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')\r
+\r
+typedef struct {\r
+ EFI_DEVICE_PATH_PROTOCOL Header;\r
+ EFI_GUID Guid;\r
+ UINT8 VendorDefinedData[1];\r
+} VENDOR_DEVICE_PATH_WITH_DATA;\r
+\r
+typedef struct {\r
+ EFI_DEVICE_PATH_PROTOCOL Header;\r
+ UINT16 NetworkProtocol;\r
+ UINT16 LoginOption;\r
+ UINT64 Lun;\r
+ UINT16 TargetPortalGroupTag;\r
+ CHAR16 TargetName[1];\r
+} ISCSI_DEVICE_PATH_WITH_NAME;\r
+\r
+typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {\r
+ FileExplorerDisplayFileSystem,\r
+ FileExplorerDisplayDirectory,\r
+ FileExplorerDisplayUnknown\r
+} FILE_EXPLORER_DISPLAY_CONTEXT;\r
+\r
+typedef enum _FILE_EXPLORER_STATE {\r
+ FileExplorerStateInActive = 0,\r
+ FileExplorerStateEnrollPkFile,\r
+ FileExplorerStateEnrollKekFile,\r
+ FileExplorerStateEnrollSignatureFileToDb,\r
+ FileExplorerStateEnrollSignatureFileToDbx,\r
+ FileExplorerStateUnknown\r
+} FILE_EXPLORER_STATE;\r
+\r
+typedef struct {\r
+ CHAR16 *Str;\r
+ UINTN Len;\r
+ UINTN Maxlen;\r
+} POOL_PRINT;\r
+\r
+typedef\r
+VOID\r
+(*DEV_PATH_FUNCTION) (\r
+ IN OUT POOL_PRINT *Str,\r
+ IN VOID *DevPath\r
+ );\r
+\r
+typedef struct {\r
+ UINT8 Type;\r
+ UINT8 SubType;\r
+ DEV_PATH_FUNCTION Function;\r
+} DEVICE_PATH_STRING_TABLE;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ LIST_ENTRY Head;\r
+ UINTN MenuNumber;\r
+} SECUREBOOT_MENU_OPTION;\r
+\r
+extern SECUREBOOT_MENU_OPTION FsOptionMenu;\r
+extern SECUREBOOT_MENU_OPTION DirectoryMenu;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ LIST_ENTRY Link;\r
+ UINTN OptionNumber;\r
+ UINT16 *DisplayString;\r
+ UINT16 *HelpString;\r
+ EFI_STRING_ID DisplayStringToken;\r
+ EFI_STRING_ID HelpStringToken;\r
+ VOID *FileContext;\r
+} SECUREBOOT_MENU_ENTRY;\r
+\r
+typedef struct {\r
+ EFI_HANDLE Handle;\r
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
+ EFI_FILE_HANDLE FHandle;\r
+ UINT16 *FileName;\r
+ EFI_FILE_SYSTEM_VOLUME_LABEL *Info;\r
+\r
+ BOOLEAN IsRoot;\r
+ BOOLEAN IsDir;\r
+ BOOLEAN IsRemovableMedia;\r
+ BOOLEAN IsLoadFile;\r
+ BOOLEAN IsBootLegacy;\r
+} SECUREBOOT_FILE_CONTEXT;\r
+\r
+\r
+//\r
+// We define another format of 5th directory entry: security directory\r
+//\r
+typedef struct {\r
+ UINT32 Offset; // Offset of certificate\r
+ UINT32 SizeOfCert; // size of certificate appended\r
+} EFI_IMAGE_SECURITY_DATA_DIRECTORY;\r
+\r
+typedef enum{\r
+ ImageType_IA32,\r
+ ImageType_X64\r
+} IMAGE_TYPE;\r
+\r
+///\r
+/// HII specific Vendor Device Path definition.\r
+///\r
+typedef struct {\r
+ VENDOR_DEVICE_PATH VendorDevicePath;\r
+ EFI_DEVICE_PATH_PROTOCOL End;\r
+} HII_VENDOR_DEVICE_PATH;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+\r
+ EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;\r
+ EFI_HII_HANDLE HiiHandle;\r
+ EFI_HANDLE DriverHandle;\r
+\r
+ FILE_EXPLORER_STATE FeCurrentState;\r
+ FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;\r
+\r
+ SECUREBOOT_MENU_ENTRY *MenuEntry;\r
+ SECUREBOOT_FILE_CONTEXT *FileContext;\r
+\r
+ EFI_GUID *SignatureGUID;\r
+} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
+\r
+extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
+\r
+#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
+#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
+\r
+//\r
+// Cryptograhpic Key Information\r
+//\r
+#pragma pack(1)\r
+typedef struct _CPL_KEY_INFO {\r
+ UINT32 KeyLengthInBits; // Key Length In Bits\r
+ UINT32 BlockSize; // Operation Block Size in Bytes\r
+ UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes\r
+ UINT32 KeyType; // Key Type\r
+ UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm\r
+ UINT32 Flags; // Additional Key Property Flags\r
+} CPL_KEY_INFO;\r
+#pragma pack()\r
+\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for hash operations.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by HashContext as hash context for\r
+ subsequent use.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to Context being initialized.\r
+\r
+ @retval TRUE HASH context initialization succeeded.\r
+ @retval FALSE HASH context initialization failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_INIT)(\r
+ IN OUT VOID *HashContext\r
+ );\r
+\r
+\r
+/**\r
+ Performs digest on a data buffer of the specified length. This function can\r
+ be called multiple times to compute the digest of long or discontinuous data streams.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataLength Length of Data buffer in bytes.\r
+\r
+ @retval TRUE HASH data digest succeeded.\r
+ @retval FALSE Invalid HASH context. After HashFinal function has been called, the\r
+ HASH context cannot be reused.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_UPDATE)(\r
+ IN OUT VOID *HashContext,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataLength\r
+ );\r
+\r
+/**\r
+ Completes hash computation and retrieves the digest value into the specified\r
+ memory. After this function has been called, the context cannot be used again.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+ If HashValue is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context\r
+ @param[out] HashValue Pointer to a buffer that receives the HASH digest\r
+ value (16 bytes).\r
+\r
+ @retval TRUE HASH digest computation succeeded.\r
+ @retval FALSE HASH digest computation failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_FINAL)(\r
+ IN OUT VOID *HashContext,\r
+ OUT UINT8 *HashValue\r
+ );\r
+\r
+//\r
+// Hash Algorithm Table\r
+//\r
+typedef struct {\r
+ CHAR16 *Name; ///< Name for Hash Algorithm\r
+ UINTN DigestLength; ///< Digest Length\r
+ UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value \r
+ UINTN OidLength; ///< Length of Hash OID Value\r
+ HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function\r
+ HASH_INIT HashInit; ///< Pointer to Hash Init function\r
+ HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function\r
+ HASH_FINAL HashFinal; ///< Pointer to Hash Final function\r
+} HASH_TABLE;\r
+\r
+typedef struct {\r
+ WIN_CERTIFICATE Hdr;\r
+ UINT8 CertData[1];\r
+} WIN_CERTIFICATE_EFI_PKCS;\r
+\r
+\r
+/**\r
+ This function publish the SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+ @retval EFI_SUCCESS HII Form is installed successfully.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
+ @retval Others Other errors as indicated.\r
+\r
+**/\r
+EFI_STATUS\r
+InstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+\r
+/**\r
+ This function removes SecureBoot configuration Form.\r
+\r
+ @param[in, out] PrivateData Points to SecureBoot configuration private data.\r
+\r
+**/\r
+VOID\r
+UninstallSecureBootConfigForm (\r
+ IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+\r
+/**\r
+ This function allows a caller to extract the current configuration for one\r
+ or more named elements from the target driver.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Request A null-terminated Unicode string in\r
+ <ConfigRequest> format.\r
+ @param[out] Progress On return, points to a character in the Request\r
+ string. Points to the string's null terminator if\r
+ request was successful. Points to the most recent\r
+ '&' before the first failing name/value pair (or\r
+ the beginning of the string if the failure is in\r
+ the first name/value pair) if the request was not\r
+ successful.\r
+ @param[out] Results A null-terminated Unicode string in\r
+ <ConfigAltResp> format which has all values filled\r
+ in for the names in the Request string. String to\r
+ be allocated by the called function.\r
+\r
+ @retval EFI_SUCCESS The Results is filled with the requested values.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.\r
+ @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootExtractConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Request,\r
+ OUT EFI_STRING *Progress,\r
+ OUT EFI_STRING *Results\r
+ );\r
+\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Configuration A null-terminated Unicode string in <ConfigResp>\r
+ format.\r
+ @param[out] Progress A pointer to a string filled in with the offset of\r
+ the most recent '&' before the first failing\r
+ name/value pair (or the beginning of the string if\r
+ the failure is in the first name/value pair) or\r
+ the terminating NULL if all was successful.\r
+\r
+ @retval EFI_SUCCESS The Results is processed successfully.\r
+ @retval EFI_INVALID_PARAMETER Configuration is NULL.\r
+ @retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
+ driver.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootRouteConfig (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN CONST EFI_STRING Configuration,\r
+ OUT EFI_STRING *Progress\r
+ );\r
+\r
+\r
+/**\r
+ This function processes the results of changes in configuration.\r
+\r
+ @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
+ @param[in] Action Specifies the type of action taken by the browser.\r
+ @param[in] QuestionId A unique value which is sent to the original\r
+ exporting driver so that it can identify the type\r
+ of data to expect.\r
+ @param[in] Type The type of value for the question.\r
+ @param[in] Value A pointer to the data being sent to the original\r
+ exporting driver.\r
+ @param[out] ActionRequest On return, points to the action requested by the\r
+ callback function.\r
+\r
+ @retval EFI_SUCCESS The callback successfully handled the action.\r
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the\r
+ variable and its data.\r
+ @retval EFI_DEVICE_ERROR The variable could not be saved.\r
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the\r
+ callback.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SecureBootCallback (\r
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
+ IN EFI_BROWSER_ACTION Action,\r
+ IN EFI_QUESTION_ID QuestionId,\r
+ IN UINT8 Type,\r
+ IN EFI_IFR_TYPE_VALUE *Value,\r
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
+ );\r
+\r
+\r
+/**\r
+ This function converts an input device structure to a Unicode string.\r
+\r
+ @param[in] DevPath A pointer to the device path structure.\r
+\r
+ @return A new allocated Unicode string that represents the device path.\r
+\r
+**/\r
+CHAR16 *\r
+EFIAPI\r
+DevicePathToStr (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath\r
+ );\r
+\r
+\r
+/**\r
+ Clean up the dynamic opcode at label and form specified by both LabelId. \r
+\r
+ @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.\r
+ @param[in] PrivateData Module private data.\r
+\r
+**/\r
+VOID\r
+CleanUpPage (\r
+ IN UINT16 LabelId,\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+\r
+/**\r
+ Update the file explorer page with the refreshed file system.\r
+\r
+ @param[in] PrivateData Module private data.\r
+ @param[in] KeyValue Key value to identify the type of data to expect.\r
+\r
+ @retval TRUE Inform the caller to create a callback packet to exit file explorer.\r
+ @retval FALSE Indicate that there is no need to exit file explorer.\r
+\r
+**/\r
+BOOLEAN\r
+UpdateFileExplorer (\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
+ IN UINT16 KeyValue\r
+ );\r
+\r
+\r
+/**\r
+ Free resources allocated in Allocate Rountine.\r
+\r
+ @param[in, out] MenuOption Menu to be freed\r
+ \r
+**/\r
+VOID\r
+FreeMenu (\r
+ IN OUT SECUREBOOT_MENU_OPTION *MenuOption\r
+ );\r
+\r
+\r
+/**\r
+ Read file content into BufferPtr, the size of the allocate buffer \r
+ is *FileSize plus AddtionAllocateSize.\r
+\r
+ @param[in] FileHandle The file to be read.\r
+ @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.\r
+ @param[out] FileSize Size of input file\r
+ @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. \r
+ In case the buffer need to contain others besides the file content.\r
+ \r
+ @retval EFI_SUCCESS The file was read into the buffer.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
+ @retval others Unexpected error.\r
+\r
+**/\r
+EFI_STATUS\r
+ReadFileContent (\r
+ IN EFI_FILE_HANDLE FileHandle,\r
+ IN OUT VOID **BufferPtr,\r
+ OUT UINTN *FileSize,\r
+ IN UINTN AddtionAllocateSize\r
+ );\r
+\r
+\r
+/**\r
+ Close an open file handle.\r
+\r
+ @param[in] FileHandle The file handle to close.\r
+ \r
+**/\r
+VOID\r
+CloseFile (\r
+ IN EFI_FILE_HANDLE FileHandle\r
+ );\r
+\r
+\r
+/**\r
+ Converts a nonnegative integer to an octet string of a specified length.\r
+\r
+ @param[in] Integer Pointer to the nonnegative integer to be converted\r
+ @param[in] IntSizeInWords Length of integer buffer in words\r
+ @param[out] OctetString Converted octet string of the specified length \r
+ @param[in] OSSizeInBytes Intended length of resulting octet string in bytes\r
+\r
+Returns:\r
+\r
+ @retval EFI_SUCCESS Data conversion successfully\r
+ @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Int2OctStr (\r
+ IN CONST UINTN *Integer,\r
+ IN UINTN IntSizeInWords,\r
+ OUT UINT8 *OctetString,\r
+ IN UINTN OSSizeInBytes\r
+ );\r
+\r
+\r
+/**\r
+ Convert a String to Guid Value.\r
+\r
+ @param[in] Str Specifies the String to be converted.\r
+ @param[in] StrLen Number of Unicode Characters of String (exclusive \0)\r
+ @param[out] Guid Return the result Guid value.\r
+\r
+ @retval EFI_SUCCESS The operation is finished successfully.\r
+ @retval EFI_NOT_FOUND Invalid string.\r
+\r
+**/\r
+EFI_STATUS\r
+StringToGuid (\r
+ IN CHAR16 *Str, \r
+ IN UINTN StrLen, \r
+ OUT EFI_GUID *Guid\r
+ );\r
+\r
+\r
+/**\r
+ Worker function that prints an EFI_GUID into specified Buffer.\r
+\r
+ @param[in] Guid Pointer to GUID to print.\r
+ @param[in] Buffer Buffer to print Guid into.\r
+ @param[in] BufferSize Size of Buffer.\r
+ \r
+ @retval Number of characters printed.\r
+\r
+**/\r
+UINTN\r
+GuidToString (\r
+ IN EFI_GUID *Guid,\r
+ IN CHAR16 *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
+#endif\r