The header file of HII Config Access protocol implementation of SecureBoot\r
configuration module.\r
\r
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <Protocol/HiiConfigAccess.h>\r
#include <Protocol/HiiConfigRouting.h>\r
+#include <Protocol/SimpleFileSystem.h>\r
+#include <Protocol/BlockIo.h>\r
+#include <Protocol/DevicePath.h>\r
+#include <Protocol/DebugPort.h>\r
+#include <Protocol/LoadFile.h>\r
\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/UefiLib.h>\r
#include <Library/HiiLib.h>\r
#include <Library/DevicePathLib.h>\r
+#include <Library/PrintLib.h>\r
+#include <Library/PlatformSecureLib.h>\r
+#include <Library/BaseCryptLib.h>\r
+#include <Library/FileExplorerLib.h>\r
+#include <Library/PeCoffLib.h>\r
\r
#include <Guid/MdeModuleHii.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
+#include <Guid/FileSystemVolumeLabelInfo.h>\r
+#include <Guid/ImageAuthentication.h>\r
+#include <Guid/FileInfo.h>\r
+#include <Guid/WinCertificate.h>\r
\r
#include "SecureBootConfigNvData.h"\r
\r
//\r
// Tool generated IFR binary data and String package data\r
//\r
-extern UINT8 SecureBootConfigBin[];\r
-extern UINT8 SecureBootConfigDxeStrings[];\r
+extern UINT8 SecureBootConfigBin[];\r
+extern UINT8 SecureBootConfigDxeStrings[];\r
+\r
+//\r
+// Shared IFR form update data\r
+//\r
+extern VOID *mStartOpCodeHandle;\r
+extern VOID *mEndOpCodeHandle;\r
+extern EFI_IFR_GUID_LABEL *mStartLabel;\r
+extern EFI_IFR_GUID_LABEL *mEndLabel;\r
+\r
+#define MAX_CHAR 480\r
+#define TWO_BYTE_ENCODE 0x82\r
+#define BUFFER_MAX_SIZE 100\r
+\r
+//\r
+// SHA-256 digest size in bytes\r
+//\r
+#define SHA256_DIGEST_SIZE 32\r
+//\r
+// SHA-384 digest size in bytes\r
+//\r
+#define SHA384_DIGEST_SIZE 48\r
+//\r
+// SHA-512 digest size in bytes\r
+//\r
+#define SHA512_DIGEST_SIZE 64\r
+\r
+//\r
+// Set max digest size as SHA512 Output (64 bytes) by far\r
+//\r
+#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE\r
+\r
+#define WIN_CERT_UEFI_RSA2048_SIZE 256\r
+\r
+//\r
+// Support hash types\r
+//\r
+#define HASHALG_SHA224 0x00000000\r
+#define HASHALG_SHA256 0x00000001\r
+#define HASHALG_SHA384 0x00000002\r
+#define HASHALG_SHA512 0x00000003\r
+#define HASHALG_RAW 0x00000004\r
+#define HASHALG_MAX 0x00000004\r
+\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ LIST_ENTRY Head;\r
+ UINTN MenuNumber;\r
+} SECUREBOOT_MENU_OPTION;\r
+\r
+typedef struct {\r
+ EFI_FILE_HANDLE FHandle;\r
+ UINT16 *FileName;\r
+ UINT8 FileType;\r
+} SECUREBOOT_FILE_CONTEXT;\r
+\r
+#define SECUREBOOT_FREE_NON_NULL(Pointer) \\r
+ do { \\r
+ if ((Pointer) != NULL) { \\r
+ FreePool((Pointer)); \\r
+ (Pointer) = NULL; \\r
+ } \\r
+ } while (FALSE)\r
+\r
+#define SECUREBOOT_FREE_NON_OPCODE(Handle) \\r
+ do{ \\r
+ if ((Handle) != NULL) { \\r
+ HiiFreeOpCodeHandle((Handle)); \\r
+ } \\r
+ } while (FALSE)\r
+\r
+#define SIGNATURE_DATA_COUNTS(List) \\r
+ (((List)->SignatureListSize - sizeof(EFI_SIGNATURE_LIST) - (List)->SignatureHeaderSize) / (List)->SignatureSize)\r
+\r
+//\r
+// We define another format of 5th directory entry: security directory\r
+//\r
+typedef struct {\r
+ UINT32 Offset; // Offset of certificate\r
+ UINT32 SizeOfCert; // size of certificate appended\r
+} EFI_IMAGE_SECURITY_DATA_DIRECTORY;\r
+\r
+typedef enum{\r
+ ImageType_IA32,\r
+ ImageType_X64\r
+} IMAGE_TYPE;\r
\r
///\r
/// HII specific Vendor Device Path definition.\r
EFI_DEVICE_PATH_PROTOCOL End;\r
} HII_VENDOR_DEVICE_PATH;\r
\r
+typedef enum {\r
+ Variable_DB,\r
+ Variable_DBX,\r
+ Variable_DBT,\r
+ Variable_MAX\r
+} CURRENT_VARIABLE_NAME;\r
+\r
+typedef enum {\r
+ Delete_Signature_List_All,\r
+ Delete_Signature_List_One,\r
+ Delete_Signature_Data\r
+}SIGNATURE_DELETE_TYPE;\r
+\r
typedef struct {\r
UINTN Signature;\r
\r
EFI_HII_HANDLE HiiHandle;\r
EFI_HANDLE DriverHandle;\r
\r
+ SECUREBOOT_FILE_CONTEXT *FileContext;\r
+\r
+ EFI_GUID *SignatureGUID;\r
+\r
+ CURRENT_VARIABLE_NAME VariableName; // The variable name we are processing.\r
+ UINT32 ListCount; // Record current variable has how many signature list.\r
+ UINTN ListIndex; // Record which signature list is processing.\r
+ BOOLEAN *CheckArray; // Record whcih siganture data checked.\r
} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
\r
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
+extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;\r
\r
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
-#define SECUREBOOT_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
+#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
+\r
+//\r
+// Cryptograhpic Key Information\r
+//\r
+#pragma pack(1)\r
+typedef struct _CPL_KEY_INFO {\r
+ UINT32 KeyLengthInBits; // Key Length In Bits\r
+ UINT32 BlockSize; // Operation Block Size in Bytes\r
+ UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes\r
+ UINT32 KeyType; // Key Type\r
+ UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm\r
+ UINT32 Flags; // Additional Key Property Flags\r
+} CPL_KEY_INFO;\r
+#pragma pack()\r
+\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for hash operations.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by HashContext as hash context for\r
+ subsequent use.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to Context being initialized.\r
+\r
+ @retval TRUE HASH context initialization succeeded.\r
+ @retval FALSE HASH context initialization failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_INIT)(\r
+ IN OUT VOID *HashContext\r
+ );\r
+\r
+\r
+/**\r
+ Performs digest on a data buffer of the specified length. This function can\r
+ be called multiple times to compute the digest of long or discontinuous data streams.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataLength Length of Data buffer in bytes.\r
+\r
+ @retval TRUE HASH data digest succeeded.\r
+ @retval FALSE Invalid HASH context. After HashFinal function has been called, the\r
+ HASH context cannot be reused.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_UPDATE)(\r
+ IN OUT VOID *HashContext,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataLength\r
+ );\r
+\r
+/**\r
+ Completes hash computation and retrieves the digest value into the specified\r
+ memory. After this function has been called, the context cannot be used again.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+ If HashValue is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context\r
+ @param[out] HashValue Pointer to a buffer that receives the HASH digest\r
+ value (16 bytes).\r
+\r
+ @retval TRUE HASH digest computation succeeded.\r
+ @retval FALSE HASH digest computation failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_FINAL)(\r
+ IN OUT VOID *HashContext,\r
+ OUT UINT8 *HashValue\r
+ );\r
+\r
+//\r
+// Hash Algorithm Table\r
+//\r
+typedef struct {\r
+ CHAR16 *Name; ///< Name for Hash Algorithm\r
+ UINTN DigestLength; ///< Digest Length\r
+ UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value\r
+ UINTN OidLength; ///< Length of Hash OID Value\r
+ HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function\r
+ HASH_INIT HashInit; ///< Pointer to Hash Init function\r
+ HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function\r
+ HASH_FINAL HashFinal; ///< Pointer to Hash Final function\r
+} HASH_TABLE;\r
+\r
+typedef struct {\r
+ WIN_CERTIFICATE Hdr;\r
+ UINT8 CertData[1];\r
+} WIN_CERTIFICATE_EFI_PKCS;\r
\r
\r
/**\r
\r
@param[in, out] PrivateData Points to SecureBoot configuration private data.\r
\r
- @retval EFI_SUCCESS HII Form is installed for this network device.\r
+ @retval EFI_SUCCESS HII Form is installed successfully.\r
@retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
@retval Others Other errors as indicated.\r
\r
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
);\r
\r
+\r
/**\r
This function removes SecureBoot configuration Form.\r
\r
@param[in, out] PrivateData Points to SecureBoot configuration private data.\r
\r
**/\r
-\r
VOID\r
UninstallSecureBootConfigForm (\r
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
);\r
\r
+\r
/**\r
This function allows a caller to extract the current configuration for one\r
or more named elements from the target driver.\r
OUT EFI_STRING *Results\r
);\r
\r
+\r
/**\r
This function processes the results of changes in configuration.\r
\r
OUT EFI_STRING *Progress\r
);\r
\r
+\r
/**\r
This function processes the results of changes in configuration.\r
\r
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
);\r
\r
+\r
+/**\r
+ This function converts an input device structure to a Unicode string.\r
+\r
+ @param[in] DevPath A pointer to the device path structure.\r
+\r
+ @return A new allocated Unicode string that represents the device path.\r
+\r
+**/\r
+CHAR16 *\r
+EFIAPI\r
+DevicePathToStr (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath\r
+ );\r
+\r
+\r
+/**\r
+ Clean up the dynamic opcode at label and form specified by both LabelId.\r
+\r
+ @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.\r
+ @param[in] PrivateData Module private data.\r
+\r
+**/\r
+VOID\r
+CleanUpPage (\r
+ IN UINT16 LabelId,\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+\r
+/**\r
+ Read file content into BufferPtr, the size of the allocate buffer\r
+ is *FileSize plus AddtionAllocateSize.\r
+\r
+ @param[in] FileHandle The file to be read.\r
+ @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.\r
+ @param[out] FileSize Size of input file\r
+ @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.\r
+ In case the buffer need to contain others besides the file content.\r
+\r
+ @retval EFI_SUCCESS The file was read into the buffer.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
+ @retval others Unexpected error.\r
+\r
+**/\r
+EFI_STATUS\r
+ReadFileContent (\r
+ IN EFI_FILE_HANDLE FileHandle,\r
+ IN OUT VOID **BufferPtr,\r
+ OUT UINTN *FileSize,\r
+ IN UINTN AddtionAllocateSize\r
+ );\r
+\r
+\r
+/**\r
+ Close an open file handle.\r
+\r
+ @param[in] FileHandle The file handle to close.\r
+\r
+**/\r
+VOID\r
+CloseFile (\r
+ IN EFI_FILE_HANDLE FileHandle\r
+ );\r
+\r
+\r
+/**\r
+ Converts a nonnegative integer to an octet string of a specified length.\r
+\r
+ @param[in] Integer Pointer to the nonnegative integer to be converted\r
+ @param[in] IntSizeInWords Length of integer buffer in words\r
+ @param[out] OctetString Converted octet string of the specified length\r
+ @param[in] OSSizeInBytes Intended length of resulting octet string in bytes\r
+\r
+Returns:\r
+\r
+ @retval EFI_SUCCESS Data conversion successfully\r
+ @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Int2OctStr (\r
+ IN CONST UINTN *Integer,\r
+ IN UINTN IntSizeInWords,\r
+ OUT UINT8 *OctetString,\r
+ IN UINTN OSSizeInBytes\r
+ );\r
+\r
+/**\r
+ Worker function that prints an EFI_GUID into specified Buffer.\r
+\r
+ @param[in] Guid Pointer to GUID to print.\r
+ @param[in] Buffer Buffer to print Guid into.\r
+ @param[in] BufferSize Size of Buffer.\r
+\r
+ @retval Number of characters printed.\r
+\r
+**/\r
+UINTN\r
+GuidToString (\r
+ IN EFI_GUID *Guid,\r
+ IN CHAR16 *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
+/**\r
+ Update the PK form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdatePKFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the KEK form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateKEKFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DB form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DBX form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBXFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DBT form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBTFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
#endif\r