[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.h

/** @file\r
  The header file of HII Config Access protocol implementation of SecureBoot\r
  configuration module.\r
\r
Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#ifndef __SECUREBOOT_CONFIG_IMPL_H__\r
#define __SECUREBOOT_CONFIG_IMPL_H__\r
\r
#include <Uefi.h>\r
\r
#include <Protocol/HiiConfigAccess.h>\r
#include <Protocol/HiiConfigRouting.h>\r
#include <Protocol/SimpleFileSystem.h>\r
#include <Protocol/BlockIo.h>\r
#include <Protocol/DevicePath.h>\r
#include <Protocol/DebugPort.h>\r
#include <Protocol/LoadFile.h>\r
\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Library/UefiRuntimeServicesTableLib.h>\r
#include <Library/UefiHiiServicesLib.h>\r
#include <Library/UefiLib.h>\r
#include <Library/HiiLib.h>\r
#include <Library/DevicePathLib.h>\r
#include <Library/PrintLib.h>\r
#include <Library/PlatformSecureLib.h>\r
#include <Library/BaseCryptLib.h>\r
#include <Library/FileExplorerLib.h>\r
#include <Library/PeCoffLib.h>\r
\r
#include <Guid/MdeModuleHii.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
#include <Guid/FileSystemVolumeLabelInfo.h>\r
#include <Guid/ImageAuthentication.h>\r
#include <Guid/FileInfo.h>\r
#include <Guid/WinCertificate.h>\r
\r
#include "SecureBootConfigNvData.h"\r
\r
//\r
// Tool generated IFR binary data and String package data\r
//\r
extern  UINT8                      SecureBootConfigBin[];\r
extern  UINT8                      SecureBootConfigDxeStrings[];\r
\r
//\r
// Shared IFR form update data\r
//\r
extern  VOID                       *mStartOpCodeHandle;\r
extern  VOID                       *mEndOpCodeHandle;\r
extern  EFI_IFR_GUID_LABEL         *mStartLabel;\r
extern  EFI_IFR_GUID_LABEL         *mEndLabel;\r
\r
#define MAX_CHAR              480\r
#define TWO_BYTE_ENCODE       0x82\r
#define BUFFER_MAX_SIZE       100\r
\r
//\r
// SHA-256 digest size in bytes\r
//\r
#define SHA256_DIGEST_SIZE  32\r
//\r
// SHA-384 digest size in bytes\r
//\r
#define SHA384_DIGEST_SIZE  48\r
//\r
// SHA-512 digest size in bytes\r
//\r
#define SHA512_DIGEST_SIZE  64\r
\r
//\r
// Set max digest size as SHA512 Output (64 bytes) by far\r
//\r
#define MAX_DIGEST_SIZE    SHA512_DIGEST_SIZE\r
\r
#define WIN_CERT_UEFI_RSA2048_SIZE               256\r
\r
//\r
// Support hash types\r
//\r
#define HASHALG_SHA224                         0x00000000\r
#define HASHALG_SHA256                         0x00000001\r
#define HASHALG_SHA384                         0x00000002\r
#define HASHALG_SHA512                         0x00000003\r
#define HASHALG_RAW                            0x00000004\r
#define HASHALG_MAX                            0x00000004\r
\r
\r
typedef struct {\r
  UINTN             Signature;\r
  LIST_ENTRY        Head;\r
  UINTN             MenuNumber;\r
} SECUREBOOT_MENU_OPTION;\r
\r
typedef struct {\r
  EFI_FILE_HANDLE                   FHandle;\r
  UINT16                            *FileName;\r
  UINT8                             FileType;\r
} SECUREBOOT_FILE_CONTEXT;\r
\r
#define SECUREBOOT_FREE_NON_NULL(Pointer)   \\r
  do {                                      \\r
    if ((Pointer) != NULL) {                \\r
      FreePool((Pointer));                  \\r
      (Pointer) = NULL;                     \\r
    }                                       \\r
  } while (FALSE)\r
\r
#define SECUREBOOT_FREE_NON_OPCODE(Handle)  \\r
  do{                                       \\r
    if ((Handle) != NULL) {                 \\r
      HiiFreeOpCodeHandle((Handle));        \\r
    }                                       \\r
  } while (FALSE)\r
\r
#define SIGNATURE_DATA_COUNTS(List)         \\r
  (((List)->SignatureListSize - sizeof(EFI_SIGNATURE_LIST) - (List)->SignatureHeaderSize) / (List)->SignatureSize)\r
\r
//\r
// We define another format of 5th directory entry: security directory\r
//\r
typedef struct {\r
  UINT32               Offset;      // Offset of certificate\r
  UINT32               SizeOfCert;  // size of certificate appended\r
} EFI_IMAGE_SECURITY_DATA_DIRECTORY;\r
\r
typedef enum{\r
  ImageType_IA32,\r
  ImageType_X64\r
} IMAGE_TYPE;\r
\r
///\r
/// HII specific Vendor Device Path definition.\r
///\r
typedef struct {\r
  VENDOR_DEVICE_PATH                VendorDevicePath;\r
  EFI_DEVICE_PATH_PROTOCOL          End;\r
} HII_VENDOR_DEVICE_PATH;\r
\r
typedef enum {\r
  Variable_DB,\r
  Variable_DBX,\r
  Variable_DBT,\r
  Variable_MAX\r
} CURRENT_VARIABLE_NAME;\r
\r
typedef enum {\r
  Delete_Signature_List_All,\r
  Delete_Signature_List_One,\r
  Delete_Signature_Data\r
}SIGNATURE_DELETE_TYPE;\r
\r
typedef struct {\r
  UINTN                             Signature;\r
\r
  EFI_HII_CONFIG_ACCESS_PROTOCOL    ConfigAccess;\r
  EFI_HII_HANDLE                    HiiHandle;\r
  EFI_HANDLE                        DriverHandle;\r
\r
  SECUREBOOT_FILE_CONTEXT           *FileContext;\r
\r
  EFI_GUID                          *SignatureGUID;\r
\r
  CURRENT_VARIABLE_NAME             VariableName;     // The variable name we are processing.\r
  UINT32                            ListCount;        // Record current variable has how many signature list.\r
  UINTN                             ListIndex;        // Record which signature list is processing.\r
  BOOLEAN                           *CheckArray;      // Record whcih siganture data checked.\r
} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
\r
extern SECUREBOOT_CONFIG_PRIVATE_DATA      mSecureBootConfigPrivateDateTemplate;\r
extern SECUREBOOT_CONFIG_PRIVATE_DATA      *gSecureBootPrivateData;\r
\r
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE     SIGNATURE_32 ('S', 'E', 'C', 'B')\r
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a)  CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
\r
//\r
// Cryptograhpic Key Information\r
//\r
#pragma pack(1)\r
typedef struct _CPL_KEY_INFO {\r
  UINT32        KeyLengthInBits;    // Key Length In Bits\r
  UINT32        BlockSize;          // Operation Block Size in Bytes\r
  UINT32        CipherBlockSize;    // Output Cipher Block Size in Bytes\r
  UINT32        KeyType;            // Key Type\r
  UINT32        CipherMode;         // Cipher Mode for Symmetric Algorithm\r
  UINT32        Flags;              // Additional Key Property Flags\r
} CPL_KEY_INFO;\r
#pragma pack()\r
\r
\r
/**\r
  Retrieves the size, in bytes, of the context buffer required for hash operations.\r
\r
  @return  The size, in bytes, of the context buffer required for hash operations.\r
\r
**/\r
typedef\r
EFI_STATUS\r
(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
  VOID\r
  );\r
\r
/**\r
  Initializes user-supplied memory pointed by HashContext as hash context for\r
  subsequent use.\r
\r
  If HashContext is NULL, then ASSERT().\r
\r
  @param[in, out]  HashContext  Pointer to  Context being initialized.\r
\r
  @retval TRUE   HASH context initialization succeeded.\r
  @retval FALSE  HASH context initialization failed.\r
\r
**/\r
typedef\r
BOOLEAN\r
(EFIAPI *HASH_INIT)(\r
  IN OUT  VOID  *HashContext\r
  );\r
\r
\r
/**\r
  Performs digest on a data buffer of the specified length. This function can\r
  be called multiple times to compute the digest of long or discontinuous data streams.\r
\r
  If HashContext is NULL, then ASSERT().\r
\r
  @param[in, out]  HashContext  Pointer to the MD5 context.\r
  @param[in]       Data        Pointer to the buffer containing the data to be hashed.\r
  @param[in]       DataLength  Length of Data buffer in bytes.\r
\r
  @retval TRUE   HASH data digest succeeded.\r
  @retval FALSE  Invalid HASH context. After HashFinal function has been called, the\r
                 HASH context cannot be reused.\r
\r
**/\r
typedef\r
BOOLEAN\r
(EFIAPI *HASH_UPDATE)(\r
  IN OUT  VOID        *HashContext,\r
  IN      CONST VOID  *Data,\r
  IN      UINTN       DataLength\r
  );\r
\r
/**\r
  Completes hash computation and retrieves the digest value into the specified\r
  memory. After this function has been called, the context cannot be used again.\r
\r
  If HashContext is NULL, then ASSERT().\r
  If HashValue is NULL, then ASSERT().\r
\r
  @param[in, out]  HashContext  Pointer to the MD5 context\r
  @param[out]      HashValue   Pointer to a buffer that receives the HASH digest\r
                               value (16 bytes).\r
\r
  @retval TRUE   HASH digest computation succeeded.\r
  @retval FALSE  HASH digest computation failed.\r
\r
**/\r
typedef\r
BOOLEAN\r
(EFIAPI *HASH_FINAL)(\r
  IN OUT  VOID   *HashContext,\r
  OUT     UINT8  *HashValue\r
  );\r
\r
//\r
// Hash Algorithm Table\r
//\r
typedef struct {\r
  CHAR16                   *Name;           ///< Name for Hash Algorithm\r
  UINTN                    DigestLength;    ///< Digest Length\r
  UINT8                    *OidValue;       ///< Hash Algorithm OID ASN.1 Value\r
  UINTN                    OidLength;       ///< Length of Hash OID Value\r
  HASH_GET_CONTEXT_SIZE    GetContextSize;  ///< Pointer to Hash GetContentSize function\r
  HASH_INIT                HashInit;        ///< Pointer to Hash Init function\r
  HASH_UPDATE              HashUpdate;      ///< Pointer to Hash Update function\r
  HASH_FINAL               HashFinal;       ///< Pointer to Hash Final function\r
} HASH_TABLE;\r
\r
typedef struct {\r
  WIN_CERTIFICATE Hdr;\r
  UINT8           CertData[1];\r
} WIN_CERTIFICATE_EFI_PKCS;\r
\r
\r
/**\r
  This function publish the SecureBoot configuration Form.\r
\r
  @param[in, out]  PrivateData   Points to SecureBoot configuration private data.\r
\r
  @retval EFI_SUCCESS            HII Form is installed successfully.\r
  @retval EFI_OUT_OF_RESOURCES   Not enough resource for HII Form installation.\r
  @retval Others                 Other errors as indicated.\r
\r
**/\r
EFI_STATUS\r
InstallSecureBootConfigForm (\r
  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA  *PrivateData\r
  );\r
\r
\r
/**\r
  This function removes SecureBoot configuration Form.\r
\r
  @param[in, out]  PrivateData   Points to SecureBoot configuration private data.\r
\r
**/\r
VOID\r
UninstallSecureBootConfigForm (\r
  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA    *PrivateData\r
  );\r
\r
\r
/**\r
  This function allows a caller to extract the current configuration for one\r
  or more named elements from the target driver.\r
\r
  @param[in]   This              Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
  @param[in]   Request           A null-terminated Unicode string in\r
                                 <ConfigRequest> format.\r
  @param[out]  Progress          On return, points to a character in the Request\r
                                 string. Points to the string's null terminator if\r
                                 request was successful. Points to the most recent\r
                                 '&' before the first failing name/value pair (or\r
                                 the beginning of the string if the failure is in\r
                                 the first name/value pair) if the request was not\r
                                 successful.\r
  @param[out]  Results           A null-terminated Unicode string in\r
                                 <ConfigAltResp> format which has all values filled\r
                                 in for the names in the Request string. String to\r
                                 be allocated by the called function.\r
\r
  @retval EFI_SUCCESS            The Results is filled with the requested values.\r
  @retval EFI_OUT_OF_RESOURCES   Not enough memory to store the results.\r
  @retval EFI_INVALID_PARAMETER  Request is illegal syntax, or unknown name.\r
  @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this\r
                                 driver.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
SecureBootExtractConfig (\r
  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL        *This,\r
  IN CONST EFI_STRING                            Request,\r
       OUT EFI_STRING                            *Progress,\r
       OUT EFI_STRING                            *Results\r
  );\r
\r
\r
/**\r
  This function processes the results of changes in configuration.\r
\r
  @param[in]  This               Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
  @param[in]  Configuration      A null-terminated Unicode string in <ConfigResp>\r
                                 format.\r
  @param[out] Progress           A pointer to a string filled in with the offset of\r
                                 the most recent '&' before the first failing\r
                                 name/value pair (or the beginning of the string if\r
                                 the failure is in the first name/value pair) or\r
                                 the terminating NULL if all was successful.\r
\r
  @retval EFI_SUCCESS            The Results is processed successfully.\r
  @retval EFI_INVALID_PARAMETER  Configuration is NULL.\r
  @retval EFI_NOT_FOUND          Routing data doesn't match any storage in this\r
                                 driver.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
SecureBootRouteConfig (\r
  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL      *This,\r
  IN CONST EFI_STRING                          Configuration,\r
       OUT EFI_STRING                          *Progress\r
  );\r
\r
\r
/**\r
  This function processes the results of changes in configuration.\r
\r
  @param[in]  This               Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
  @param[in]  Action             Specifies the type of action taken by the browser.\r
  @param[in]  QuestionId         A unique value which is sent to the original\r
                                 exporting driver so that it can identify the type\r
                                 of data to expect.\r
  @param[in]  Type               The type of value for the question.\r
  @param[in]  Value              A pointer to the data being sent to the original\r
                                 exporting driver.\r
  @param[out] ActionRequest      On return, points to the action requested by the\r
                                 callback function.\r
\r
  @retval EFI_SUCCESS            The callback successfully handled the action.\r
  @retval EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the\r
                                 variable and its data.\r
  @retval EFI_DEVICE_ERROR       The variable could not be saved.\r
  @retval EFI_UNSUPPORTED        The specified Action is not supported by the\r
                                 callback.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
SecureBootCallback (\r
  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL      *This,\r
  IN     EFI_BROWSER_ACTION                    Action,\r
  IN     EFI_QUESTION_ID                       QuestionId,\r
  IN     UINT8                                 Type,\r
  IN     EFI_IFR_TYPE_VALUE                    *Value,\r
     OUT EFI_BROWSER_ACTION_REQUEST            *ActionRequest\r
  );\r
\r
\r
/**\r
  This function converts an input device structure to a Unicode string.\r
\r
  @param[in] DevPath                  A pointer to the device path structure.\r
\r
  @return A new allocated Unicode string that represents the device path.\r
\r
**/\r
CHAR16 *\r
EFIAPI\r
DevicePathToStr (\r
  IN EFI_DEVICE_PATH_PROTOCOL     *DevPath\r
  );\r
\r
\r
/**\r
  Clean up the dynamic opcode at label and form specified by both LabelId.\r
\r
  @param[in] LabelId         It is both the Form ID and Label ID for opcode deletion.\r
  @param[in] PrivateData     Module private data.\r
\r
**/\r
VOID\r
CleanUpPage (\r
  IN UINT16                           LabelId,\r
  IN SECUREBOOT_CONFIG_PRIVATE_DATA   *PrivateData\r
  );\r
\r
\r
/**\r
  Read file content into BufferPtr, the size of the allocate buffer\r
  is *FileSize plus AddtionAllocateSize.\r
\r
  @param[in]       FileHandle            The file to be read.\r
  @param[in, out]  BufferPtr             Pointers to the pointer of allocated buffer.\r
  @param[out]      FileSize              Size of input file\r
  @param[in]       AddtionAllocateSize   Addtion size the buffer need to be allocated.\r
                                         In case the buffer need to contain others besides the file content.\r
\r
  @retval   EFI_SUCCESS                  The file was read into the buffer.\r
  @retval   EFI_INVALID_PARAMETER        A parameter was invalid.\r
  @retval   EFI_OUT_OF_RESOURCES         A memory allocation failed.\r
  @retval   others                       Unexpected error.\r
\r
**/\r
EFI_STATUS\r
ReadFileContent (\r
  IN      EFI_FILE_HANDLE           FileHandle,\r
  IN OUT  VOID                      **BufferPtr,\r
     OUT  UINTN                     *FileSize,\r
  IN      UINTN                     AddtionAllocateSize\r
  );\r
\r
\r
/**\r
  Close an open file handle.\r
\r
  @param[in] FileHandle           The file handle to close.\r
\r
**/\r
VOID\r
CloseFile (\r
  IN EFI_FILE_HANDLE   FileHandle\r
  );\r
\r
\r
/**\r
  Converts a nonnegative integer to an octet string of a specified length.\r
\r
  @param[in]   Integer          Pointer to the nonnegative integer to be converted\r
  @param[in]   IntSizeInWords   Length of integer buffer in words\r
  @param[out]  OctetString      Converted octet string of the specified length\r
  @param[in]   OSSizeInBytes    Intended length of resulting octet string in bytes\r
\r
Returns:\r
\r
  @retval   EFI_SUCCESS            Data conversion successfully\r
  @retval   EFI_BUFFER_TOOL_SMALL  Buffer is too small for output string\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
Int2OctStr (\r
  IN     CONST UINTN       *Integer,\r
  IN     UINTN             IntSizeInWords,\r
     OUT UINT8             *OctetString,\r
  IN     UINTN             OSSizeInBytes\r
  );\r
\r
/**\r
  Worker function that prints an EFI_GUID into specified Buffer.\r
\r
  @param[in]     Guid          Pointer to GUID to print.\r
  @param[in]     Buffer        Buffer to print Guid into.\r
  @param[in]     BufferSize    Size of Buffer.\r
\r
  @retval    Number of characters printed.\r
\r
**/\r
UINTN\r
GuidToString (\r
  IN  EFI_GUID  *Guid,\r
  IN  CHAR16    *Buffer,\r
  IN  UINTN     BufferSize\r
  );\r
\r
/**\r
  Update the PK form base on the input file path info.\r
\r
  @param FilePath    Point to the file path.\r
\r
  @retval TRUE   Exit caller function.\r
  @retval FALSE  Not exit caller function.\r
**/\r
BOOLEAN\r
EFIAPI\r
UpdatePKFromFile (\r
  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath\r
  );\r
\r
/**\r
  Update the KEK form base on the input file path info.\r
\r
  @param FilePath    Point to the file path.\r
\r
  @retval TRUE   Exit caller function.\r
  @retval FALSE  Not exit caller function.\r
**/\r
BOOLEAN\r
EFIAPI\r
UpdateKEKFromFile (\r
  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath\r
  );\r
\r
/**\r
  Update the DB form base on the input file path info.\r
\r
  @param FilePath    Point to the file path.\r
\r
  @retval TRUE   Exit caller function.\r
  @retval FALSE  Not exit caller function.\r
**/\r
BOOLEAN\r
EFIAPI\r
UpdateDBFromFile (\r
  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath\r
  );\r
\r
/**\r
  Update the DBX form base on the input file path info.\r
\r
  @param FilePath    Point to the file path.\r
\r
  @retval TRUE   Exit caller function.\r
  @retval FALSE  Not exit caller function.\r
**/\r
BOOLEAN\r
EFIAPI\r
UpdateDBXFromFile (\r
  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath\r
  );\r
\r
/**\r
  Update the DBT form base on the input file path info.\r
\r
  @param FilePath    Point to the file path.\r
\r
  @retval TRUE   Exit caller function.\r
  @retval FALSE  Not exit caller function.\r
**/\r
BOOLEAN\r
EFIAPI\r
UpdateDBTFromFile (\r
  IN EFI_DEVICE_PATH_PROTOCOL    *FilePath\r
  );\r
\r
#endif\r
Commit	Line	Data
beda2356	1	/** @file\r
	2	The header file of HII Config Access protocol implementation of SecureBoot\r
	3	configuration module.\r
	4	\r
c035e373	5	Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
289b714b	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
beda2356	7	\r
	8	**/\r
	9	\r
	10	#ifndef __SECUREBOOT_CONFIG_IMPL_H__\r
	11	#define __SECUREBOOT_CONFIG_IMPL_H__\r
	12	\r
	13	#include <Uefi.h>\r
	14	\r
	15	#include <Protocol/HiiConfigAccess.h>\r
	16	#include <Protocol/HiiConfigRouting.h>\r
ecc722ad	17	#include <Protocol/SimpleFileSystem.h>\r
	18	#include <Protocol/BlockIo.h>\r
	19	#include <Protocol/DevicePath.h>\r
ecc722ad	20	#include <Protocol/DebugPort.h>\r
ecc722ad	21	#include <Protocol/LoadFile.h>\r
beda2356	22	\r
	23	#include <Library/BaseLib.h>\r
	24	#include <Library/BaseMemoryLib.h>\r
	25	#include <Library/DebugLib.h>\r
	26	#include <Library/MemoryAllocationLib.h>\r
	27	#include <Library/UefiBootServicesTableLib.h>\r
	28	#include <Library/UefiRuntimeServicesTableLib.h>\r
	29	#include <Library/UefiHiiServicesLib.h>\r
	30	#include <Library/UefiLib.h>\r
	31	#include <Library/HiiLib.h>\r
	32	#include <Library/DevicePathLib.h>\r
bc0c99b3	33	#include <Library/PrintLib.h>\r
ecc722ad	34	#include <Library/PlatformSecureLib.h>\r
ecc722ad	35	#include <Library/BaseCryptLib.h>\r
762d8ddb	36	#include <Library/FileExplorerLib.h>\r
5e9dfc67	37	#include <Library/PeCoffLib.h>\r
762d8ddb	38	\r
beda2356	39	#include <Guid/MdeModuleHii.h>\r
beda2356	40	#include <Guid/AuthenticatedVariableFormat.h>\r
ecc722ad	41	#include <Guid/FileSystemVolumeLabelInfo.h>\r
	42	#include <Guid/ImageAuthentication.h>\r
	43	#include <Guid/FileInfo.h>\r
4de754e1	44	#include <Guid/WinCertificate.h>\r
beda2356	45	\r
	46	#include "SecureBootConfigNvData.h"\r
	47	\r
	48	//\r
	49	// Tool generated IFR binary data and String package data\r
	50	//\r
ecc722ad	51	extern UINT8 SecureBootConfigBin[];\r
	52	extern UINT8 SecureBootConfigDxeStrings[];\r
	53	\r
	54	//\r
	55	// Shared IFR form update data\r
	56	//\r
	57	extern VOID *mStartOpCodeHandle;\r
	58	extern VOID *mEndOpCodeHandle;\r
	59	extern EFI_IFR_GUID_LABEL *mStartLabel;\r
	60	extern EFI_IFR_GUID_LABEL *mEndLabel;\r
	61	\r
	62	#define MAX_CHAR 480\r
	63	#define TWO_BYTE_ENCODE 0x82\r
65c77f02	64	#define BUFFER_MAX_SIZE 100\r
c035e373	65	\r
ecc722ad	66	//\r
	67	// SHA-256 digest size in bytes\r
	68	//\r
	69	#define SHA256_DIGEST_SIZE 32\r
	70	//\r
20333c6d	71	// SHA-384 digest size in bytes\r
ecc722ad	72	//\r
20333c6d QL	73	#define SHA384_DIGEST_SIZE 48\r
	74	//\r
	75	// SHA-512 digest size in bytes\r
	76	//\r
	77	#define SHA512_DIGEST_SIZE 64\r
	78	\r
	79	//\r
	80	// Set max digest size as SHA512 Output (64 bytes) by far\r
	81	//\r
	82	#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE\r
ecc722ad	83	\r
	84	#define WIN_CERT_UEFI_RSA2048_SIZE 256\r
	85	\r
	86	//\r
	87	// Support hash types\r
	88	//\r
e9429e79 ZL	89	#define HASHALG_SHA224 0x00000000\r
	90	#define HASHALG_SHA256 0x00000001\r
	91	#define HASHALG_SHA384 0x00000002\r
	92	#define HASHALG_SHA512 0x00000003\r
	93	#define HASHALG_RAW 0x00000004\r
	94	#define HASHALG_MAX 0x00000004\r
ecc722ad	95	\r
ecc722ad	96	\r
ecc722ad	97	typedef struct {\r
	98	UINTN Signature;\r
	99	LIST_ENTRY Head;\r
	100	UINTN MenuNumber;\r
	101	} SECUREBOOT_MENU_OPTION;\r
	102	\r
ecc722ad	103	typedef struct {\r
ecc722ad	104	EFI_FILE_HANDLE FHandle;\r
ecc722ad	105	UINT16 *FileName;\r
4de754e1	106	UINT8 FileType;\r
ecc722ad	107	} SECUREBOOT_FILE_CONTEXT;\r
ecc722ad	108	\r
85974aef	109	#define SECUREBOOT_FREE_NON_NULL(Pointer) \\r
	110	do { \\r
	111	if ((Pointer) != NULL) { \\r
	112	FreePool((Pointer)); \\r
	113	(Pointer) = NULL; \\r
	114	} \\r
	115	} while (FALSE)\r
	116	\r
	117	#define SECUREBOOT_FREE_NON_OPCODE(Handle) \\r
	118	do{ \\r
	119	if ((Handle) != NULL) { \\r
	120	HiiFreeOpCodeHandle((Handle)); \\r
	121	} \\r
	122	} while (FALSE)\r
	123	\r
	124	#define SIGNATURE_DATA_COUNTS(List) \\r
	125	(((List)->SignatureListSize - sizeof(EFI_SIGNATURE_LIST) - (List)->SignatureHeaderSize) / (List)->SignatureSize)\r
ecc722ad	126	\r
	127	//\r
	128	// We define another format of 5th directory entry: security directory\r
	129	//\r
	130	typedef struct {\r
	131	UINT32 Offset; // Offset of certificate\r
	132	UINT32 SizeOfCert; // size of certificate appended\r
	133	} EFI_IMAGE_SECURITY_DATA_DIRECTORY;\r
	134	\r
	135	typedef enum{\r
	136	ImageType_IA32,\r
	137	ImageType_X64\r
	138	} IMAGE_TYPE;\r
beda2356	139	\r
	140	///\r
	141	/// HII specific Vendor Device Path definition.\r
	142	///\r
	143	typedef struct {\r
	144	VENDOR_DEVICE_PATH VendorDevicePath;\r
	145	EFI_DEVICE_PATH_PROTOCOL End;\r
	146	} HII_VENDOR_DEVICE_PATH;\r
	147	\r
85974aef	148	typedef enum {\r
0085d619	149	Variable_DB,\r
	150	Variable_DBX,\r
	151	Variable_DBT,\r
	152	Variable_MAX\r
85974aef	153	} CURRENT_VARIABLE_NAME;\r
	154	\r
	155	typedef enum {\r
0085d619	156	Delete_Signature_List_All,\r
	157	Delete_Signature_List_One,\r
	158	Delete_Signature_Data\r
85974aef	159	}SIGNATURE_DELETE_TYPE;\r
85974aef	160	\r
beda2356	161	typedef struct {\r
	162	UINTN Signature;\r
	163	\r
	164	EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;\r
	165	EFI_HII_HANDLE HiiHandle;\r
	166	EFI_HANDLE DriverHandle;\r
	167	\r
ecc722ad	168	SECUREBOOT_FILE_CONTEXT *FileContext;\r
	169	\r
	170	EFI_GUID *SignatureGUID;\r
85974aef	171	\r
	172	CURRENT_VARIABLE_NAME VariableName; // The variable name we are processing.\r
	173	UINT32 ListCount; // Record current variable has how many signature list.\r
	174	UINTN ListIndex; // Record which signature list is processing.\r
	175	BOOLEAN *CheckArray; // Record whcih siganture data checked.\r
beda2356	176	} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
	177	\r
	178	extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
762d8ddb	179	extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;\r
beda2356	180	\r
beda2356	181	#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
bc0c99b3	182	#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
bc0c99b3	183	\r
ecc722ad	184	//\r
	185	// Cryptograhpic Key Information\r
	186	//\r
1413b8e9	187	#pragma pack(1)\r
ecc722ad	188	typedef struct _CPL_KEY_INFO {\r
	189	UINT32 KeyLengthInBits; // Key Length In Bits\r
	190	UINT32 BlockSize; // Operation Block Size in Bytes\r
	191	UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes\r
	192	UINT32 KeyType; // Key Type\r
	193	UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm\r
	194	UINT32 Flags; // Additional Key Property Flags\r
	195	} CPL_KEY_INFO;\r
1413b8e9	196	#pragma pack()\r
ecc722ad	197	\r
	198	\r
	199	/**\r
	200	Retrieves the size, in bytes, of the context buffer required for hash operations.\r
	201	\r
	202	@return The size, in bytes, of the context buffer required for hash operations.\r
	203	\r
	204	**/\r
	205	typedef\r
	206	EFI_STATUS\r
	207	(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
	208	VOID\r
	209	);\r
	210	\r
	211	/**\r
	212	Initializes user-supplied memory pointed by HashContext as hash context for\r
	213	subsequent use.\r
	214	\r
	215	If HashContext is NULL, then ASSERT().\r
	216	\r
	217	@param[in, out] HashContext Pointer to Context being initialized.\r
	218	\r
	219	@retval TRUE HASH context initialization succeeded.\r
	220	@retval FALSE HASH context initialization failed.\r
	221	\r
	222	**/\r
	223	typedef\r
	224	BOOLEAN\r
	225	(EFIAPI *HASH_INIT)(\r
	226	IN OUT VOID *HashContext\r
	227	);\r
	228	\r
	229	\r
	230	/**\r
	231	Performs digest on a data buffer of the specified length. This function can\r
	232	be called multiple times to compute the digest of long or discontinuous data streams.\r
	233	\r
	234	If HashContext is NULL, then ASSERT().\r
	235	\r
	236	@param[in, out] HashContext Pointer to the MD5 context.\r
	237	@param[in] Data Pointer to the buffer containing the data to be hashed.\r
	238	@param[in] DataLength Length of Data buffer in bytes.\r
	239	\r
	240	@retval TRUE HASH data digest succeeded.\r
	241	@retval FALSE Invalid HASH context. After HashFinal function has been called, the\r
	242	HASH context cannot be reused.\r
	243	\r
	244	**/\r
	245	typedef\r
	246	BOOLEAN\r
	247	(EFIAPI *HASH_UPDATE)(\r
	248	IN OUT VOID *HashContext,\r
	249	IN CONST VOID *Data,\r
	250	IN UINTN DataLength\r
	251	);\r
	252	\r
	253	/**\r
	254	Completes hash computation and retrieves the digest value into the specified\r
	255	memory. After this function has been called, the context cannot be used again.\r
	256	\r
	257	If HashContext is NULL, then ASSERT().\r
	258	If HashValue is NULL, then ASSERT().\r
	259	\r
	260	@param[in, out] HashContext Pointer to the MD5 context\r
261	@param[out] HashValue Pointer to a buffer that receives the HASH digest\r
262	value (16 bytes).\r
263	\r
264	@retval TRUE HASH digest computation succeeded.\r
265	@retval FALSE HASH digest computation failed.\r
266	\r
267	**/\r
268	typedef\r
269	BOOLEAN\r
270	(EFIAPI *HASH_FINAL)(\r
271	IN OUT VOID *HashContext,\r
272	OUT UINT8 *HashValue\r
273	);\r
274	\r
275	//\r
276	// Hash Algorithm Table\r
277	//\r
278	typedef struct {\r
279	CHAR16 *Name; ///< Name for Hash Algorithm\r
280	UINTN DigestLength; ///< Digest Length\r
20333c6d	281	UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value\r
ecc722ad	282	UINTN OidLength; ///< Length of Hash OID Value\r
	283	HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function\r
	284	HASH_INIT HashInit; ///< Pointer to Hash Init function\r
	285	HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function\r
	286	HASH_FINAL HashFinal; ///< Pointer to Hash Final function\r
	287	} HASH_TABLE;\r
	288	\r
	289	typedef struct {\r
	290	WIN_CERTIFICATE Hdr;\r
	291	UINT8 CertData[1];\r
	292	} WIN_CERTIFICATE_EFI_PKCS;\r
	293	\r
beda2356	294	\r
	295	/**\r
	296	This function publish the SecureBoot configuration Form.\r
	297	\r
	298	@param[in, out] PrivateData Points to SecureBoot configuration private data.\r
	299	\r
ecc722ad	300	@retval EFI_SUCCESS HII Form is installed successfully.\r
beda2356	301	@retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
	302	@retval Others Other errors as indicated.\r
	303	\r
	304	**/\r
	305	EFI_STATUS\r
	306	InstallSecureBootConfigForm (\r
	307	IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
	308	);\r
	309	\r
ecc722ad	310	\r
beda2356	311	/**\r
	312	This function removes SecureBoot configuration Form.\r
	313	\r
	314	@param[in, out] PrivateData Points to SecureBoot configuration private data.\r
	315	\r
	316	**/\r
beda2356	317	VOID\r
	318	UninstallSecureBootConfigForm (\r
	319	IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
	320	);\r
	321	\r
ecc722ad	322	\r
beda2356	323	/**\r
	324	This function allows a caller to extract the current configuration for one\r
	325	or more named elements from the target driver.\r
	326	\r
	327	@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
	328	@param[in] Request A null-terminated Unicode string in\r
	329	<ConfigRequest> format.\r
	330	@param[out] Progress On return, points to a character in the Request\r
	331	string. Points to the string's null terminator if\r
	332	request was successful. Points to the most recent\r
	333	'&' before the first failing name/value pair (or\r
	334	the beginning of the string if the failure is in\r
	335	the first name/value pair) if the request was not\r
	336	successful.\r
	337	@param[out] Results A null-terminated Unicode string in\r
	338	<ConfigAltResp> format which has all values filled\r
	339	in for the names in the Request string. String to\r
	340	be allocated by the called function.\r
	341	\r
	342	@retval EFI_SUCCESS The Results is filled with the requested values.\r
	343	@retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.\r
	344	@retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.\r
	345	@retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
	346	driver.\r
	347	\r
	348	**/\r
	349	EFI_STATUS\r
	350	EFIAPI\r
	351	SecureBootExtractConfig (\r
	352	IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
	353	IN CONST EFI_STRING Request,\r
	354	OUT EFI_STRING *Progress,\r
	355	OUT EFI_STRING *Results\r
	356	);\r
	357	\r
ecc722ad	358	\r
beda2356	359	/**\r
	360	This function processes the results of changes in configuration.\r
	361	\r
	362	@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
	363	@param[in] Configuration A null-terminated Unicode string in <ConfigResp>\r
	364	format.\r
	365	@param[out] Progress A pointer to a string filled in with the offset of\r
	366	the most recent '&' before the first failing\r
	367	name/value pair (or the beginning of the string if\r
	368	the failure is in the first name/value pair) or\r
	369	the terminating NULL if all was successful.\r
	370	\r
	371	@retval EFI_SUCCESS The Results is processed successfully.\r
	372	@retval EFI_INVALID_PARAMETER Configuration is NULL.\r
	373	@retval EFI_NOT_FOUND Routing data doesn't match any storage in this\r
	374	driver.\r
	375	\r
	376	**/\r
	377	EFI_STATUS\r
	378	EFIAPI\r
	379	SecureBootRouteConfig (\r
	380	IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
	381	IN CONST EFI_STRING Configuration,\r
	382	OUT EFI_STRING *Progress\r
	383	);\r
	384	\r
ecc722ad	385	\r
beda2356	386	/**\r
	387	This function processes the results of changes in configuration.\r
	388	\r
	389	@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.\r
	390	@param[in] Action Specifies the type of action taken by the browser.\r
	391	@param[in] QuestionId A unique value which is sent to the original\r
	392	exporting driver so that it can identify the type\r
	393	of data to expect.\r
	394	@param[in] Type The type of value for the question.\r
	395	@param[in] Value A pointer to the data being sent to the original\r
	396	exporting driver.\r
	397	@param[out] ActionRequest On return, points to the action requested by the\r
	398	callback function.\r
	399	\r
	400	@retval EFI_SUCCESS The callback successfully handled the action.\r
	401	@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the\r
	402	variable and its data.\r
	403	@retval EFI_DEVICE_ERROR The variable could not be saved.\r
	404	@retval EFI_UNSUPPORTED The specified Action is not supported by the\r
	405	callback.\r
	406	\r
	407	**/\r
	408	EFI_STATUS\r
	409	EFIAPI\r
	410	SecureBootCallback (\r
	411	IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,\r
	412	IN EFI_BROWSER_ACTION Action,\r
	413	IN EFI_QUESTION_ID QuestionId,\r
	414	IN UINT8 Type,\r
	415	IN EFI_IFR_TYPE_VALUE *Value,\r
	416	OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
	417	);\r
	418	\r
ecc722ad	419	\r
	420	/**\r
	421	This function converts an input device structure to a Unicode string.\r
	422	\r
	423	@param[in] DevPath A pointer to the device path structure.\r
	424	\r
	425	@return A new allocated Unicode string that represents the device path.\r
	426	\r
	427	**/\r
	428	CHAR16 *\r
	429	EFIAPI\r
	430	DevicePathToStr (\r
	431	IN EFI_DEVICE_PATH_PROTOCOL *DevPath\r
	432	);\r
	433	\r
	434	\r
	435	/**\r
20333c6d	436	Clean up the dynamic opcode at label and form specified by both LabelId.\r
ecc722ad	437	\r
	438	@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.\r
	439	@param[in] PrivateData Module private data.\r
	440	\r
	441	**/\r
	442	VOID\r
	443	CleanUpPage (\r
	444	IN UINT16 LabelId,\r
	445	IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
	446	);\r
	447	\r
	448	\r
ecc722ad	449	/**\r
20333c6d	450	Read file content into BufferPtr, the size of the allocate buffer\r
ecc722ad	451	is *FileSize plus AddtionAllocateSize.\r
	452	\r
	453	@param[in] FileHandle The file to be read.\r
	454	@param[in, out] BufferPtr Pointers to the pointer of allocated buffer.\r
	455	@param[out] FileSize Size of input file\r
20333c6d	456	@param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.\r
ecc722ad	457	In case the buffer need to contain others besides the file content.\r
20333c6d	458	\r
ecc722ad	459	@retval EFI_SUCCESS The file was read into the buffer.\r
	460	@retval EFI_INVALID_PARAMETER A parameter was invalid.\r
	461	@retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
	462	@retval others Unexpected error.\r
	463	\r
	464	**/\r
	465	EFI_STATUS\r
	466	ReadFileContent (\r
	467	IN EFI_FILE_HANDLE FileHandle,\r
	468	IN OUT VOID **BufferPtr,\r
	469	OUT UINTN *FileSize,\r
	470	IN UINTN AddtionAllocateSize\r
	471	);\r
	472	\r
	473	\r
	474	/**\r
	475	Close an open file handle.\r
	476	\r
	477	@param[in] FileHandle The file handle to close.\r
20333c6d	478	\r
ecc722ad	479	**/\r
	480	VOID\r
	481	CloseFile (\r
	482	IN EFI_FILE_HANDLE FileHandle\r
	483	);\r
	484	\r
	485	\r
	486	/**\r
	487	Converts a nonnegative integer to an octet string of a specified length.\r
	488	\r
	489	@param[in] Integer Pointer to the nonnegative integer to be converted\r
	490	@param[in] IntSizeInWords Length of integer buffer in words\r
20333c6d	491	@param[out] OctetString Converted octet string of the specified length\r
ecc722ad	492	@param[in] OSSizeInBytes Intended length of resulting octet string in bytes\r
	493	\r
	494	Returns:\r
	495	\r
	496	@retval EFI_SUCCESS Data conversion successfully\r
	497	@retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string\r
	498	\r
	499	**/\r
	500	EFI_STATUS\r
	501	EFIAPI\r
	502	Int2OctStr (\r
	503	IN CONST UINTN *Integer,\r
	504	IN UINTN IntSizeInWords,\r
	505	OUT UINT8 *OctetString,\r
	506	IN UINTN OSSizeInBytes\r
	507	);\r
	508	\r
ecc722ad	509	/**\r
	510	Worker function that prints an EFI_GUID into specified Buffer.\r
	511	\r
	512	@param[in] Guid Pointer to GUID to print.\r
	513	@param[in] Buffer Buffer to print Guid into.\r
	514	@param[in] BufferSize Size of Buffer.\r
20333c6d	515	\r
ecc722ad	516	@retval Number of characters printed.\r
	517	\r
	518	**/\r
	519	UINTN\r
	520	GuidToString (\r
	521	IN EFI_GUID *Guid,\r
	522	IN CHAR16 *Buffer,\r
	523	IN UINTN BufferSize\r
	524	);\r
	525	\r
762d8ddb DB	526	/**\r
	527	Update the PK form base on the input file path info.\r
	528	\r
	529	@param FilePath Point to the file path.\r
	530	\r
	531	@retval TRUE Exit caller function.\r
	532	@retval FALSE Not exit caller function.\r
	533	**/\r
	534	BOOLEAN\r
bac308be	535	EFIAPI\r
762d8ddb DB	536	UpdatePKFromFile (\r
	537	IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
	538	);\r
	539	\r
	540	/**\r
	541	Update the KEK form base on the input file path info.\r
	542	\r
	543	@param FilePath Point to the file path.\r
	544	\r
	545	@retval TRUE Exit caller function.\r
	546	@retval FALSE Not exit caller function.\r
	547	**/\r
	548	BOOLEAN\r
bac308be	549	EFIAPI\r
762d8ddb DB	550	UpdateKEKFromFile (\r
	551	IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
	552	);\r
	553	\r
	554	/**\r
	555	Update the DB form base on the input file path info.\r
	556	\r
	557	@param FilePath Point to the file path.\r
	558	\r
	559	@retval TRUE Exit caller function.\r
	560	@retval FALSE Not exit caller function.\r
	561	**/\r
	562	BOOLEAN\r
bac308be	563	EFIAPI\r
762d8ddb DB	564	UpdateDBFromFile (\r
	565	IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
	566	);\r
	567	\r
	568	/**\r
	569	Update the DBX form base on the input file path info.\r
	570	\r
	571	@param FilePath Point to the file path.\r
	572	\r
	573	@retval TRUE Exit caller function.\r
	574	@retval FALSE Not exit caller function.\r
	575	**/\r
	576	BOOLEAN\r
bac308be	577	EFIAPI\r
762d8ddb DB	578	UpdateDBXFromFile (\r
	579	IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
	580	);\r
	581	\r
	582	/**\r
	583	Update the DBT form base on the input file path info.\r
	584	\r
	585	@param FilePath Point to the file path.\r
	586	\r
	587	@retval TRUE Exit caller function.\r
	588	@retval FALSE Not exit caller function.\r
	589	**/\r
	590	BOOLEAN\r
bac308be	591	EFIAPI\r
762d8ddb DB	592	UpdateDBTFromFile (\r
	593	IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
	594	);\r
	595	\r
2e728930	596	#endif\r