X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=OvmfPkg%2FEnrollDefaultKeys%2FEnrollDefaultKeys.c;fp=OvmfPkg%2FEnrollDefaultKeys%2FEnrollDefaultKeys.c;h=fefea6638887ff4ac15a27179a65337808a0a0af;hb=1c9418fcafe3d2eea336be092d9cdd29762537fe;hp=671efef8d6ad434fe51f6fcf71649610ac6fae72;hpb=a2491a6c82e4c64df637ab60493a5a625bd4c521;p=mirror_edk2.git diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c index 671efef8d6..fefea66388 100644 --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c @@ -15,6 +15,8 @@ #include // AsciiPrint() #include // gRT +#include "EnrollDefaultKeys.h" + // // We'll use the certificate below as both Platform Key and as first Key // Exchange Key. @@ -543,97 +545,6 @@ STATIC CONST EFI_GUID mMicrosoftOwnerGuid = { { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, }; -// -// The most important thing about the variable payload is that it is a list of -// lists, where the element size of any given *inner* list is constant. -// -// Since X509 certificates vary in size, each of our *inner* lists will contain -// one element only (one X.509 certificate). This is explicitly mentioned in -// the UEFI specification, in "28.4.1 Signature Database", in a Note. -// -// The list structure looks as follows: -// -// struct EFI_VARIABLE_AUTHENTICATION_2 { | -// struct EFI_TIME { | -// UINT16 Year; | -// UINT8 Month; | -// UINT8 Day; | -// UINT8 Hour; | -// UINT8 Minute; | -// UINT8 Second; | -// UINT8 Pad1; | -// UINT32 Nanosecond; | -// INT16 TimeZone; | -// UINT8 Daylight; | -// UINT8 Pad2; | -// } TimeStamp; | -// | -// struct WIN_CERTIFICATE_UEFI_GUID { | | -// struct WIN_CERTIFICATE { | | -// UINT32 dwLength; ----------------------------------------+ | -// UINT16 wRevision; | | -// UINT16 wCertificateType; | | -// } Hdr; | +- DataSize -// | | -// EFI_GUID CertType; | | -// UINT8 CertData[1] = { <--- "struct hack" | | -// struct EFI_SIGNATURE_LIST { | | | -// EFI_GUID SignatureType; | | | -// UINT32 SignatureListSize; -------------------------+ | | -// UINT32 SignatureHeaderSize; | | | -// UINT32 SignatureSize; ---------------------------+ | | | -// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | -// v | | | -// struct EFI_SIGNATURE_DATA { | | | | -// EFI_GUID SignatureOwner; | | | | -// UINT8 SignatureData[1] = { <--- "struct hack" | | | | -// X.509 payload | | | | -// } | | | | -// } Signatures[]; | | | -// } SigLists[]; | | -// }; | | -// } AuthInfo; | | -// }; | -// -// Given that the "struct hack" invokes undefined behavior (which is why C99 -// introduced the flexible array member), and because subtracting those pesky -// sizes of 1 is annoying, and because the format is fully specified in the -// UEFI specification, we'll introduce two matching convenience structures that -// are customized for our X.509 purposes. -// -#pragma pack (1) -typedef struct { - EFI_TIME TimeStamp; - - // - // dwLength covers data below - // - UINT32 dwLength; - UINT16 wRevision; - UINT16 wCertificateType; - EFI_GUID CertType; -} SINGLE_HEADER; - -typedef struct { - // - // SignatureListSize covers data below - // - EFI_GUID SignatureType; - UINT32 SignatureListSize; - UINT32 SignatureHeaderSize; // constant 0 - UINT32 SignatureSize; - - // - // SignatureSize covers data below - // - EFI_GUID SignatureOwner; - - // - // X.509 certificate follows - // -} REPEATING_HEADER; -#pragma pack () - /** Enroll a set of certificates in a global variable, overwriting it. @@ -844,14 +755,6 @@ GetExact ( return EFI_SUCCESS; } -typedef struct { - UINT8 SetupMode; - UINT8 SecureBoot; - UINT8 SecureBootEnable; - UINT8 CustomMode; - UINT8 VendorKeys; -} SETTINGS; - STATIC EFI_STATUS GetSettings (