The internal header file includes the common header files, defines\r
internal structure and functions used by AuthService module.\r
\r
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
UINT32 SigDataSize;\r
} EFI_SIGNATURE_ITEM;\r
\r
+typedef enum {\r
+ AuthVarTypePk,\r
+ AuthVarTypeKek,\r
+ AuthVarTypePriv\r
+} AUTHVAR_TYPE;\r
+\r
+#pragma pack(1)\r
+typedef struct {\r
+ EFI_GUID VendorGuid;\r
+ UINT32 CertNodeSize;\r
+ UINT32 NameSize;\r
+ UINT32 CertDataSize;\r
+ /// CHAR16 VariableName[NameSize];\r
+ /// UINT8 CertData[CertDataSize];\r
+} AUTH_CERT_DB_DATA;\r
+#pragma pack()\r
+\r
/**\r
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
\r
/**\r
Process variable with platform key for verification.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
/**\r
Process variable with key exchange key for verification.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
/**\r
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
data, this value contains the required size.\r
@param[in] Variable The variable information which is used to keep track of variable usage.\r
@param[in] Attributes Attribute value of the variable.\r
- @param[in] Pk Verify against PK or KEK database.\r
+ @param[in] AuthVarType Verify against PK or KEK database or private database.\r
@param[out] VarDel Delete the variable or not.\r
\r
@retval EFI_INVALID_PARAMETER Invalid parameter.\r
IN UINTN DataSize,\r
IN VARIABLE_POINTER_TRACK *Variable,\r
IN UINT32 Attributes,\r
- IN BOOLEAN Pk,\r
+ IN AUTHVAR_TYPE AuthVarType,\r
OUT BOOLEAN *VarDel\r
);\r
\r
projects / mirror_edk2.git / blobdiff