[mirror_edk2.git] / SecurityPkg / Library / AuthVariableLib / AuthVariableLib.c

/** @file\r
  Implement authentication services for the authenticated variables.\r
\r
  Caution: This module requires additional review when modified.\r
  This driver will have external input - variable data. It may be input in SMM mode.\r
  This external input must be validated carefully to avoid security issue like\r
  buffer overflow, integer overflow.\r
  Variable attribute should also be checked to avoid authentication bypass.\r
     The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
  which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory\r
  may not be modified without authorization. If platform fails to protect these resources,\r
  the authentication service provided in this driver will be broken, and the behavior is undefined.\r
\r
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "AuthServiceInternal.h"\r
\r
///\r
/// Global database array for scratch\r
///\r
UINT8    *mCertDbStore;\r
UINT32   mMaxCertDbSize;\r
UINT32   mPlatformMode;\r
UINT8    mVendorKeyState;\r
\r
EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};\r
\r
//\r
// Hash context pointer\r
//\r
VOID  *mHashCtx = NULL;\r
\r
VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {\r
  {\r
    &gEfiSecureBootEnableDisableGuid,\r
    EFI_SECURE_BOOT_ENABLE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      0,\r
      VARIABLE_ATTRIBUTE_NV_BS,\r
      sizeof (UINT8),\r
      sizeof (UINT8)\r
    }\r
  },\r
  {\r
    &gEfiCustomModeEnableGuid,\r
    EFI_CUSTOM_MODE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      0,\r
      VARIABLE_ATTRIBUTE_NV_BS,\r
      sizeof (UINT8),\r
      sizeof (UINT8)\r
    }\r
  },\r
  {\r
    &gEfiVendorKeysNvGuid,\r
    EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
      VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
      sizeof (UINT8),\r
      sizeof (UINT8)\r
    }\r
  },\r
  {\r
    &gEfiCertDbGuid,\r
    EFI_CERT_DB_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
      VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
      sizeof (UINT32),\r
      MAX_UINTN\r
    }\r
  },\r
  {\r
    &gEfiCertDbGuid,\r
    EFI_CERT_DB_VOLATILE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
      VARIABLE_ATTRIBUTE_BS_RT_AT,\r
      sizeof (UINT32),\r
      MAX_UINTN\r
    }\r
  },\r
};\r
\r
VOID **mAuthVarAddressPointer[9];\r
\r
AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;\r
\r
/**\r
  Initialization for authenticated variable services.\r
  If this initialization returns error status, other APIs will not work\r
  and expect to be not called then.\r
\r
  @param[in]  AuthVarLibContextIn   Pointer to input auth variable lib context.\r
  @param[out] AuthVarLibContextOut  Pointer to output auth variable lib context.\r
\r
  @retval EFI_SUCCESS               Function successfully executed.\r
  @retval EFI_INVALID_PARAMETER     If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r
  @retval EFI_OUT_OF_RESOURCES      Fail to allocate enough resource.\r
  @retval EFI_UNSUPPORTED           Unsupported to process authenticated variable.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
AuthVariableLibInitialize (\r
  IN  AUTH_VAR_LIB_CONTEXT_IN   *AuthVarLibContextIn,\r
  OUT AUTH_VAR_LIB_CONTEXT_OUT  *AuthVarLibContextOut\r
  )\r
{\r
  EFI_STATUS            Status;\r
  UINT32                VarAttr;\r
  UINT8                 *Data;\r
  UINTN                 DataSize;\r
  UINTN                 CtxSize;\r
  UINT8                 SecureBootMode;\r
  UINT8                 SecureBootEnable;\r
  UINT8                 CustomMode;\r
  UINT32                ListSize;\r
\r
  if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  mAuthVarLibContextIn = AuthVarLibContextIn;\r
\r
  //\r
  // Initialize hash context.\r
  //\r
  CtxSize   = Sha256GetContextSize ();\r
  mHashCtx  = AllocateRuntimePool (CtxSize);\r
  if (mHashCtx == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  //\r
  // Reserve runtime buffer for certificate database. The size excludes variable header and name size.\r
  // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.\r
  //\r
  mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));\r
  mCertDbStore   = AllocateRuntimePool (mMaxCertDbSize);\r
  if (mCertDbStore == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));\r
  } else {\r
    DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));\r
  }\r
\r
  //\r
  // Create "SetupMode" variable with BS+RT attribute set.\r
  //\r
  if (EFI_ERROR (Status)) {\r
    mPlatformMode = SETUP_MODE;\r
  } else {\r
    mPlatformMode = USER_MODE;\r
  }\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_SETUP_MODE_NAME,\r
             &gEfiGlobalVariableGuid,\r
             &mPlatformMode,\r
             sizeof(UINT8),\r
             EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // Create "SignatureSupport" variable with BS+RT attribute set.\r
  //\r
  Status  = AuthServiceInternalUpdateVariable (\r
              EFI_SIGNATURE_SUPPORT_NAME,\r
              &gEfiGlobalVariableGuid,\r
              mSignatureSupport,\r
              sizeof(mSignatureSupport),\r
              EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS\r
              );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
  // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
  // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
  //\r
  SecureBootEnable = SECURE_BOOT_DISABLE;\r
  Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);\r
  if (!EFI_ERROR (Status)) {\r
    if (mPlatformMode == USER_MODE){\r
      SecureBootEnable = *(UINT8 *) Data;\r
    }\r
  } else if (mPlatformMode == USER_MODE) {\r
    //\r
    // "SecureBootEnable" not exist, initialize it in USER_MODE.\r
    //\r
    SecureBootEnable = SECURE_BOOT_ENABLE;\r
    Status = AuthServiceInternalUpdateVariable (\r
               EFI_SECURE_BOOT_ENABLE_NAME,\r
               &gEfiSecureBootEnableDisableGuid,\r
               &SecureBootEnable,\r
               sizeof (UINT8),\r
               EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
               );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Create "SecureBoot" variable with BS+RT attribute set.\r
  //\r
  if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {\r
    SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
  } else {\r
    SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
  }\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_SECURE_BOOT_MODE_NAME,\r
             &gEfiGlobalVariableGuid,\r
             &SecureBootMode,\r
             sizeof (UINT8),\r
             EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));\r
  DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));\r
  DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));\r
\r
  //\r
  // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.\r
  //\r
  CustomMode = STANDARD_SECURE_BOOT_MODE;\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_CUSTOM_MODE_NAME,\r
             &gEfiCustomModeEnableGuid,\r
             &CustomMode,\r
             sizeof (UINT8),\r
             EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));\r
\r
  //\r
  // Check "certdb" variable's existence.\r
  // If it doesn't exist, then create a new one with\r
  // EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
  //\r
  Status = AuthServiceInternalFindVariable (\r
             EFI_CERT_DB_NAME,\r
             &gEfiCertDbGuid,\r
             (VOID **) &Data,\r
             &DataSize\r
             );\r
  if (EFI_ERROR (Status)) {\r
    VarAttr  = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
    ListSize = sizeof (UINT32);\r
    Status   = AuthServiceInternalUpdateVariable (\r
                 EFI_CERT_DB_NAME,\r
                 &gEfiCertDbGuid,\r
                 &ListSize,\r
                 sizeof (UINT32),\r
                 VarAttr\r
                 );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  } else {\r
    //\r
    // Clean up Certs to make certDB & Time based auth variable consistent\r
    //\r
    Status = CleanCertsFromDb();\r
    if (EFI_ERROR (Status)) {\r
      DEBUG ((EFI_D_ERROR, "Clean up CertDB fail! Status %x\n", Status));\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Create "certdbv" variable with RT+BS+AT set.\r
  //\r
  VarAttr  = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
  ListSize = sizeof (UINT32);\r
  Status   = AuthServiceInternalUpdateVariable (\r
               EFI_CERT_DB_VOLATILE_NAME,\r
               &gEfiCertDbGuid,\r
               &ListSize,\r
               sizeof (UINT32),\r
               VarAttr\r
               );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.\r
  //\r
  Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);\r
  if (!EFI_ERROR (Status)) {\r
    mVendorKeyState = *(UINT8 *)Data;\r
  } else {\r
    //\r
    // "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.\r
    //\r
    mVendorKeyState = VENDOR_KEYS_VALID;\r
    Status = AuthServiceInternalUpdateVariable (\r
               EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
               &gEfiVendorKeysNvGuid,\r
               &mVendorKeyState,\r
               sizeof (UINT8),\r
               EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
               );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Create "VendorKeys" variable with BS+RT attribute set.\r
  //\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_VENDOR_KEYS_VARIABLE_NAME,\r
             &gEfiGlobalVariableGuid,\r
             &mVendorKeyState,\r
             sizeof (UINT8),\r
             EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));\r
\r
  AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;\r
  AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);\r
  AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;\r
  AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);\r
  mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;\r
  mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;\r
  mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;\r
  mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),\r
  mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),\r
  mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),\r
  mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),\r
  mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),\r
  mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),\r
  AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;\r
  AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);\r
\r
  return Status;\r
}\r
\r
/**\r
  Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
\r
  @param[in] VariableName           Name of the variable.\r
  @param[in] VendorGuid             Variable vendor GUID.\r
  @param[in] Data                   Data pointer.\r
  @param[in] DataSize               Size of Data.\r
  @param[in] Attributes             Attribute value of the variable.\r
\r
  @retval EFI_SUCCESS               The firmware has successfully stored the variable and its data as\r
                                    defined by the Attributes.\r
  @retval EFI_INVALID_PARAMETER     Invalid parameter.\r
  @retval EFI_WRITE_PROTECTED       Variable is write-protected.\r
  @retval EFI_OUT_OF_RESOURCES      There is not enough resource.\r
  @retval EFI_SECURITY_VIOLATION    The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
                                    set, but the AuthInfo does NOT pass the validation\r
                                    check carried out by the firmware.\r
  @retval EFI_UNSUPPORTED           Unsupported to process authenticated variable.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
AuthVariableLibProcessVariable (\r
  IN CHAR16         *VariableName,\r
  IN EFI_GUID       *VendorGuid,\r
  IN VOID           *Data,\r
  IN UINTN          DataSize,\r
  IN UINT32         Attributes\r
  )\r
{\r
  EFI_STATUS        Status;\r
\r
  if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){\r
    Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);\r
  } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {\r
    Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
  } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&\r
             ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE)  == 0) ||\r
              (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||\r
              (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)\r
             )) {\r
    Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
    if (EFI_ERROR (Status)) {\r
      Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);\r
    }\r
  } else {\r
    Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes);\r
  }\r
\r
  return Status;\r
}\r
Commit	Line	Data
a6811666 SZ	1	/** @file\r
	2	Implement authentication services for the authenticated variables.\r
	3	\r
	4	Caution: This module requires additional review when modified.\r
	5	This driver will have external input - variable data. It may be input in SMM mode.\r
	6	This external input must be validated carefully to avoid security issue like\r
	7	buffer overflow, integer overflow.\r
	8	Variable attribute should also be checked to avoid authentication bypass.\r
	9	The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
	10	which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
	11	may not be modified without authorization. If platform fails to protect these resources,\r
	12	the authentication service provided in this driver will be broken, and the behavior is undefined.\r
	13	\r
98c2d961	14	Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
289b714b	15	SPDX-License-Identifier: BSD-2-Clause-Patent\r
a6811666 SZ	16	\r
	17	**/\r
	18	\r
	19	#include "AuthServiceInternal.h"\r
	20	\r
	21	///\r
	22	/// Global database array for scratch\r
	23	///\r
a6811666 SZ	24	UINT8 *mCertDbStore;\r
a6811666 SZ	25	UINT32 mMaxCertDbSize;\r
560ac77e	26	UINT32 mPlatformMode;\r
a6811666 SZ	27	UINT8 mVendorKeyState;\r
	28	\r
	29	EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};\r
	30	\r
	31	//\r
	32	// Hash context pointer\r
	33	//\r
	34	VOID *mHashCtx = NULL;\r
	35	\r
	36	VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {\r
	37	{\r
	38	&gEfiSecureBootEnableDisableGuid,\r
	39	EFI_SECURE_BOOT_ENABLE_NAME,\r
	40	{\r
	41	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	42	0,\r
	43	VARIABLE_ATTRIBUTE_NV_BS,\r
	44	sizeof (UINT8),\r
	45	sizeof (UINT8)\r
	46	}\r
	47	},\r
	48	{\r
	49	&gEfiCustomModeEnableGuid,\r
	50	EFI_CUSTOM_MODE_NAME,\r
	51	{\r
	52	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	53	0,\r
	54	VARIABLE_ATTRIBUTE_NV_BS,\r
	55	sizeof (UINT8),\r
	56	sizeof (UINT8)\r
	57	}\r
	58	},\r
	59	{\r
	60	&gEfiVendorKeysNvGuid,\r
	61	EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
	62	{\r
	63	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	64	VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
	65	VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
	66	sizeof (UINT8),\r
	67	sizeof (UINT8)\r
	68	}\r
	69	},\r
a6811666 SZ	70	{\r
	71	&gEfiCertDbGuid,\r
	72	EFI_CERT_DB_NAME,\r
	73	{\r
	74	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	75	VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
	76	VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
	77	sizeof (UINT32),\r
	78	MAX_UINTN\r
	79	}\r
	80	},\r
98c2d961 CZ	81	{\r
	82	&gEfiCertDbGuid,\r
	83	EFI_CERT_DB_VOLATILE_NAME,\r
	84	{\r
	85	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	86	VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
	87	VARIABLE_ATTRIBUTE_BS_RT_AT,\r
	88	sizeof (UINT32),\r
	89	MAX_UINTN\r
	90	}\r
	91	},\r
a6811666 SZ	92	};\r
a6811666 SZ	93	\r
0130fdde	94	VOID **mAuthVarAddressPointer[9];\r
a6811666 SZ	95	\r
	96	AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;\r
	97	\r
	98	/**\r
d6b926e7	99	Initialization for authenticated variable services.\r
a6811666 SZ	100	If this initialization returns error status, other APIs will not work\r
	101	and expect to be not called then.\r
	102	\r
	103	@param[in] AuthVarLibContextIn Pointer to input auth variable lib context.\r
	104	@param[out] AuthVarLibContextOut Pointer to output auth variable lib context.\r
	105	\r
	106	@retval EFI_SUCCESS Function successfully executed.\r
	107	@retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r
	108	@retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.\r
	109	@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
	110	\r
	111	**/\r
	112	EFI_STATUS\r
	113	EFIAPI\r
	114	AuthVariableLibInitialize (\r
	115	IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,\r
	116	OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut\r
	117	)\r
	118	{\r
	119	EFI_STATUS Status;\r
a6811666 SZ	120	UINT32 VarAttr;\r
	121	UINT8 *Data;\r
	122	UINTN DataSize;\r
	123	UINTN CtxSize;\r
560ac77e ZC	124	UINT8 SecureBootMode;\r
560ac77e ZC	125	UINT8 SecureBootEnable;\r
a6811666 SZ	126	UINT8 CustomMode;\r
	127	UINT32 ListSize;\r
	128	\r
	129	if ((AuthVarLibContextIn == NULL) \|\| (AuthVarLibContextOut == NULL)) {\r
	130	return EFI_INVALID_PARAMETER;\r
	131	}\r
	132	\r
	133	mAuthVarLibContextIn = AuthVarLibContextIn;\r
	134	\r
	135	//\r
	136	// Initialize hash context.\r
	137	//\r
	138	CtxSize = Sha256GetContextSize ();\r
	139	mHashCtx = AllocateRuntimePool (CtxSize);\r
	140	if (mHashCtx == NULL) {\r
	141	return EFI_OUT_OF_RESOURCES;\r
	142	}\r
	143	\r
a6811666 SZ	144	//\r
a6811666 SZ	145	// Reserve runtime buffer for certificate database. The size excludes variable header and name size.\r
98c2d961	146	// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.\r
a6811666	147	//\r
98c2d961	148	mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));\r
a6811666 SZ	149	mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);\r
	150	if (mCertDbStore == NULL) {\r
	151	return EFI_OUT_OF_RESOURCES;\r
	152	}\r
	153	\r
560ac77e ZC	154	Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);\r
	155	if (EFI_ERROR (Status)) {\r
	156	DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));\r
	157	} else {\r
	158	DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));\r
	159	}\r
	160	\r
a6811666	161	//\r
560ac77e	162	// Create "SetupMode" variable with BS+RT attribute set.\r
a6811666	163	//\r
560ac77e ZC	164	if (EFI_ERROR (Status)) {\r
	165	mPlatformMode = SETUP_MODE;\r
	166	} else {\r
	167	mPlatformMode = USER_MODE;\r
	168	}\r
	169	Status = AuthServiceInternalUpdateVariable (\r
	170	EFI_SETUP_MODE_NAME,\r
	171	&gEfiGlobalVariableGuid,\r
	172	&mPlatformMode,\r
	173	sizeof(UINT8),\r
	174	EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS\r
	175	);\r
	176	if (EFI_ERROR (Status)) {\r
	177	return Status;\r
	178	}\r
a6811666 SZ	179	\r
	180	//\r
	181	// Create "SignatureSupport" variable with BS+RT attribute set.\r
	182	//\r
	183	Status = AuthServiceInternalUpdateVariable (\r
	184	EFI_SIGNATURE_SUPPORT_NAME,\r
	185	&gEfiGlobalVariableGuid,\r
	186	mSignatureSupport,\r
	187	sizeof(mSignatureSupport),\r
	188	EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS\r
	189	);\r
	190	if (EFI_ERROR (Status)) {\r
	191	return Status;\r
	192	}\r
	193	\r
560ac77e ZC	194	//\r
	195	// If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
	196	// If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
	197	// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
	198	//\r
	199	SecureBootEnable = SECURE_BOOT_DISABLE;\r
	200	Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);\r
	201	if (!EFI_ERROR (Status)) {\r
	202	if (mPlatformMode == USER_MODE){\r
	203	SecureBootEnable = (UINT8 ) Data;\r
	204	}\r
	205	} else if (mPlatformMode == USER_MODE) {\r
	206	//\r
	207	// "SecureBootEnable" not exist, initialize it in USER_MODE.\r
	208	//\r
	209	SecureBootEnable = SECURE_BOOT_ENABLE;\r
	210	Status = AuthServiceInternalUpdateVariable (\r
	211	EFI_SECURE_BOOT_ENABLE_NAME,\r
	212	&gEfiSecureBootEnableDisableGuid,\r
	213	&SecureBootEnable,\r
	214	sizeof (UINT8),\r
	215	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	216	);\r
	217	if (EFI_ERROR (Status)) {\r
	218	return Status;\r
	219	}\r
	220	}\r
	221	\r
	222	//\r
	223	// Create "SecureBoot" variable with BS+RT attribute set.\r
	224	//\r
	225	if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {\r
	226	SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
	227	} else {\r
	228	SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
	229	}\r
	230	Status = AuthServiceInternalUpdateVariable (\r
	231	EFI_SECURE_BOOT_MODE_NAME,\r
	232	&gEfiGlobalVariableGuid,\r
	233	&SecureBootMode,\r
	234	sizeof (UINT8),\r
	235	EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	236	);\r
	237	if (EFI_ERROR (Status)) {\r
	238	return Status;\r
	239	}\r
	240	\r
	241	DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));\r
	242	DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));\r
	243	DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));\r
	244	\r
a6811666 SZ	245	//\r
	246	// Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.\r
	247	//\r
	248	CustomMode = STANDARD_SECURE_BOOT_MODE;\r
	249	Status = AuthServiceInternalUpdateVariable (\r
	250	EFI_CUSTOM_MODE_NAME,\r
	251	&gEfiCustomModeEnableGuid,\r
	252	&CustomMode,\r
	253	sizeof (UINT8),\r
	254	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	255	);\r
	256	if (EFI_ERROR (Status)) {\r
	257	return Status;\r
	258	}\r
	259	\r
	260	DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));\r
	261	\r
	262	//\r
	263	// Check "certdb" variable's existence.\r
	264	// If it doesn't exist, then create a new one with\r
	265	// EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
	266	//\r
	267	Status = AuthServiceInternalFindVariable (\r
	268	EFI_CERT_DB_NAME,\r
	269	&gEfiCertDbGuid,\r
	270	(VOID **) &Data,\r
	271	&DataSize\r
	272	);\r
	273	if (EFI_ERROR (Status)) {\r
	274	VarAttr = EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
	275	ListSize = sizeof (UINT32);\r
	276	Status = AuthServiceInternalUpdateVariable (\r
	277	EFI_CERT_DB_NAME,\r
	278	&gEfiCertDbGuid,\r
	279	&ListSize,\r
	280	sizeof (UINT32),\r
	281	VarAttr\r
	282	);\r
	283	if (EFI_ERROR (Status)) {\r
	284	return Status;\r
	285	}\r
64b6a3ff CZ	286	} else {\r
	287	//\r
	288	// Clean up Certs to make certDB & Time based auth variable consistent\r
	289	//\r
	290	Status = CleanCertsFromDb();\r
	291	if (EFI_ERROR (Status)) {\r
f3964772	292	DEBUG ((EFI_D_ERROR, "Clean up CertDB fail! Status %x\n", Status));\r
64b6a3ff CZ	293	return Status;\r
64b6a3ff CZ	294	}\r
a6811666 SZ	295	}\r
a6811666 SZ	296	\r
98c2d961 CZ	297	//\r
	298	// Create "certdbv" variable with RT+BS+AT set.\r
	299	//\r
	300	VarAttr = EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
	301	ListSize = sizeof (UINT32);\r
	302	Status = AuthServiceInternalUpdateVariable (\r
	303	EFI_CERT_DB_VOLATILE_NAME,\r
	304	&gEfiCertDbGuid,\r
	305	&ListSize,\r
	306	sizeof (UINT32),\r
	307	VarAttr\r
	308	);\r
	309	if (EFI_ERROR (Status)) {\r
	310	return Status;\r
	311	}\r
	312	\r
a6811666 SZ	313	//\r
	314	// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.\r
	315	//\r
	316	Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);\r
	317	if (!EFI_ERROR (Status)) {\r
	318	mVendorKeyState = (UINT8 )Data;\r
	319	} else {\r
	320	//\r
	321	// "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.\r
	322	//\r
	323	mVendorKeyState = VENDOR_KEYS_VALID;\r
	324	Status = AuthServiceInternalUpdateVariable (\r
	325	EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
	326	&gEfiVendorKeysNvGuid,\r
	327	&mVendorKeyState,\r
	328	sizeof (UINT8),\r
	329	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
	330	);\r
	331	if (EFI_ERROR (Status)) {\r
	332	return Status;\r
	333	}\r
	334	}\r
	335	\r
	336	//\r
	337	// Create "VendorKeys" variable with BS+RT attribute set.\r
	338	//\r
	339	Status = AuthServiceInternalUpdateVariable (\r
	340	EFI_VENDOR_KEYS_VARIABLE_NAME,\r
	341	&gEfiGlobalVariableGuid,\r
	342	&mVendorKeyState,\r
	343	sizeof (UINT8),\r
	344	EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	345	);\r
	346	if (EFI_ERROR (Status)) {\r
	347	return Status;\r
	348	}\r
	349	\r
	350	DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));\r
	351	\r
	352	AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;\r
	353	AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);\r
	354	AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;\r
3318f893	355	AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);\r
0130fdde ZC	356	mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;\r
	357	mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;\r
	358	mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;\r
	359	mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),\r
	360	mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),\r
	361	mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),\r
	362	mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),\r
	363	mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),\r
	364	mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),\r
f18b2162	365	AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;\r
3318f893	366	AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);\r
a6811666 SZ	367	\r
	368	return Status;\r
	369	}\r
	370	\r
	371	/**\r
0130fdde	372	Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
a6811666 SZ	373	\r
	374	@param[in] VariableName Name of the variable.\r
	375	@param[in] VendorGuid Variable vendor GUID.\r
	376	@param[in] Data Data pointer.\r
	377	@param[in] DataSize Size of Data.\r
	378	@param[in] Attributes Attribute value of the variable.\r
	379	\r
	380	@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r
	381	defined by the Attributes.\r
	382	@retval EFI_INVALID_PARAMETER Invalid parameter.\r
	383	@retval EFI_WRITE_PROTECTED Variable is write-protected.\r
	384	@retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
d6b926e7	385	@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
a6811666 SZ	386	set, but the AuthInfo does NOT pass the validation\r
	387	check carried out by the firmware.\r
	388	@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
	389	\r
	390	**/\r
	391	EFI_STATUS\r
	392	EFIAPI\r
	393	AuthVariableLibProcessVariable (\r
	394	IN CHAR16 *VariableName,\r
	395	IN EFI_GUID *VendorGuid,\r
	396	IN VOID *Data,\r
	397	IN UINTN DataSize,\r
	398	IN UINT32 Attributes\r
	399	)\r
	400	{\r
	401	EFI_STATUS Status;\r
	402	\r
	403	if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){\r
	404	Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);\r
	405	} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {\r
	406	Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
	407	} else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&\r
	408	((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) \|\|\r
	409	(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) \|\|\r
	410	(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)\r
	411	)) {\r
	412	Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
	413	if (EFI_ERROR (Status)) {\r
	414	Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);\r
	415	}\r
	416	} else {\r
	417	Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes);\r
	418	}\r
	419	\r
	420	return Status;\r
	421	}\r