[mirror_edk2.git] / SecurityPkg / Library / AuthVariableLib / AuthVariableLib.c

/** @file\r
  Implement authentication services for the authenticated variables.\r
\r
  Caution: This module requires additional review when modified.\r
  This driver will have external input - variable data. It may be input in SMM mode.\r
  This external input must be validated carefully to avoid security issue like\r
  buffer overflow, integer overflow.\r
  Variable attribute should also be checked to avoid authentication bypass.\r
     The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
  which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory\r
  may not be modified without authorization. If platform fails to protect these resources,\r
  the authentication service provided in this driver will be broken, and the behavior is undefined.\r
\r
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "AuthServiceInternal.h"\r
\r
///\r
/// Global database array for scratch\r
///\r
UINT8   *mCertDbStore;\r
UINT32  mMaxCertDbSize;\r
UINT32  mPlatformMode;\r
UINT8   mVendorKeyState;\r
\r
EFI_GUID  mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID };\r
\r
//\r
// Hash context pointer\r
//\r
VOID  *mHashCtx = NULL;\r
\r
VARIABLE_ENTRY_PROPERTY  mAuthVarEntry[] = {\r
  {\r
    &gEfiSecureBootEnableDisableGuid,\r
    EFI_SECURE_BOOT_ENABLE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      0,\r
      VARIABLE_ATTRIBUTE_NV_BS,\r
      sizeof (UINT8),\r
      sizeof (UINT8)\r
    }\r
  },\r
  {\r
    &gEfiCustomModeEnableGuid,\r
    EFI_CUSTOM_MODE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      0,\r
      VARIABLE_ATTRIBUTE_NV_BS,\r
      sizeof (UINT8),\r
      sizeof (UINT8)\r
    }\r
  },\r
  {\r
    &gEfiVendorKeysNvGuid,\r
    EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
      VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
      sizeof (UINT8),\r
      sizeof (UINT8)\r
    }\r
  },\r
  {\r
    &gEfiCertDbGuid,\r
    EFI_CERT_DB_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
      VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
      sizeof (UINT32),\r
      MAX_UINTN\r
    }\r
  },\r
  {\r
    &gEfiCertDbGuid,\r
    EFI_CERT_DB_VOLATILE_NAME,\r
    {\r
      VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
      VARIABLE_ATTRIBUTE_BS_RT_AT,\r
      sizeof (UINT32),\r
      MAX_UINTN\r
    }\r
  },\r
};\r
\r
VOID  **mAuthVarAddressPointer[9];\r
\r
AUTH_VAR_LIB_CONTEXT_IN  *mAuthVarLibContextIn = NULL;\r
\r
/**\r
  Initialization for authenticated variable services.\r
  If this initialization returns error status, other APIs will not work\r
  and expect to be not called then.\r
\r
  @param[in]  AuthVarLibContextIn   Pointer to input auth variable lib context.\r
  @param[out] AuthVarLibContextOut  Pointer to output auth variable lib context.\r
\r
  @retval EFI_SUCCESS               Function successfully executed.\r
  @retval EFI_INVALID_PARAMETER     If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r
  @retval EFI_OUT_OF_RESOURCES      Fail to allocate enough resource.\r
  @retval EFI_UNSUPPORTED           Unsupported to process authenticated variable.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
AuthVariableLibInitialize (\r
  IN  AUTH_VAR_LIB_CONTEXT_IN   *AuthVarLibContextIn,\r
  OUT AUTH_VAR_LIB_CONTEXT_OUT  *AuthVarLibContextOut\r
  )\r
{\r
  EFI_STATUS  Status;\r
  UINT32      VarAttr;\r
  UINT8       *Data;\r
  UINTN       DataSize;\r
  UINTN       CtxSize;\r
  UINT8       SecureBootMode;\r
  UINT8       SecureBootEnable;\r
  UINT8       CustomMode;\r
  UINT32      ListSize;\r
\r
  if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  mAuthVarLibContextIn = AuthVarLibContextIn;\r
\r
  //\r
  // Initialize hash context.\r
  //\r
  CtxSize  = Sha256GetContextSize ();\r
  mHashCtx = AllocateRuntimePool (CtxSize);\r
  if (mHashCtx == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  //\r
  // Reserve runtime buffer for certificate database. The size excludes variable header and name size.\r
  // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.\r
  //\r
  mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));\r
  mCertDbStore   = AllocateRuntimePool (mMaxCertDbSize);\r
  if (mCertDbStore == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));\r
  } else {\r
    DEBUG ((DEBUG_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));\r
  }\r
\r
  //\r
  // Create "SetupMode" variable with BS+RT attribute set.\r
  //\r
  if (EFI_ERROR (Status)) {\r
    mPlatformMode = SETUP_MODE;\r
  } else {\r
    mPlatformMode = USER_MODE;\r
  }\r
\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_SETUP_MODE_NAME,\r
             &gEfiGlobalVariableGuid,\r
             &mPlatformMode,\r
             sizeof (UINT8),\r
             EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // Create "SignatureSupport" variable with BS+RT attribute set.\r
  //\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_SIGNATURE_SUPPORT_NAME,\r
             &gEfiGlobalVariableGuid,\r
             mSignatureSupport,\r
             sizeof (mSignatureSupport),\r
             EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
  // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
  // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
  //\r
  SecureBootEnable = SECURE_BOOT_DISABLE;\r
  Status           = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);\r
  if (!EFI_ERROR (Status)) {\r
    if (mPlatformMode == USER_MODE) {\r
      SecureBootEnable = *(UINT8 *)Data;\r
    }\r
  } else if (mPlatformMode == USER_MODE) {\r
    //\r
    // "SecureBootEnable" not exist, initialize it in USER_MODE.\r
    //\r
    SecureBootEnable = SECURE_BOOT_ENABLE;\r
    Status           = AuthServiceInternalUpdateVariable (\r
                         EFI_SECURE_BOOT_ENABLE_NAME,\r
                         &gEfiSecureBootEnableDisableGuid,\r
                         &SecureBootEnable,\r
                         sizeof (UINT8),\r
                         EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
                         );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Create "SecureBoot" variable with BS+RT attribute set.\r
  //\r
  if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {\r
    SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
  } else {\r
    SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
  }\r
\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_SECURE_BOOT_MODE_NAME,\r
             &gEfiGlobalVariableGuid,\r
             &SecureBootMode,\r
             sizeof (UINT8),\r
             EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));\r
  DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));\r
  DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));\r
\r
  //\r
  // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.\r
  //\r
  CustomMode = STANDARD_SECURE_BOOT_MODE;\r
  Status     = AuthServiceInternalUpdateVariable (\r
                 EFI_CUSTOM_MODE_NAME,\r
                 &gEfiCustomModeEnableGuid,\r
                 &CustomMode,\r
                 sizeof (UINT8),\r
                 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
                 );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));\r
\r
  //\r
  // Check "certdb" variable's existence.\r
  // If it doesn't exist, then create a new one with\r
  // EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
  //\r
  Status = AuthServiceInternalFindVariable (\r
             EFI_CERT_DB_NAME,\r
             &gEfiCertDbGuid,\r
             (VOID **)&Data,\r
             &DataSize\r
             );\r
  if (EFI_ERROR (Status)) {\r
    VarAttr  = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
    ListSize = sizeof (UINT32);\r
    Status   = AuthServiceInternalUpdateVariable (\r
                 EFI_CERT_DB_NAME,\r
                 &gEfiCertDbGuid,\r
                 &ListSize,\r
                 sizeof (UINT32),\r
                 VarAttr\r
                 );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  } else {\r
    //\r
    // Clean up Certs to make certDB & Time based auth variable consistent\r
    //\r
    Status = CleanCertsFromDb ();\r
    if (EFI_ERROR (Status)) {\r
      DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status));\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Create "certdbv" variable with RT+BS+AT set.\r
  //\r
  VarAttr  = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
  ListSize = sizeof (UINT32);\r
  Status   = AuthServiceInternalUpdateVariable (\r
               EFI_CERT_DB_VOLATILE_NAME,\r
               &gEfiCertDbGuid,\r
               &ListSize,\r
               sizeof (UINT32),\r
               VarAttr\r
               );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.\r
  //\r
  Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize);\r
  if (!EFI_ERROR (Status)) {\r
    mVendorKeyState = *(UINT8 *)Data;\r
  } else {\r
    //\r
    // "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.\r
    //\r
    mVendorKeyState = VENDOR_KEYS_VALID;\r
    Status          = AuthServiceInternalUpdateVariable (\r
                        EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
                        &gEfiVendorKeysNvGuid,\r
                        &mVendorKeyState,\r
                        sizeof (UINT8),\r
                        EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
                        );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Create "VendorKeys" variable with BS+RT attribute set.\r
  //\r
  Status = AuthServiceInternalUpdateVariable (\r
             EFI_VENDOR_KEYS_VARIABLE_NAME,\r
             &gEfiGlobalVariableGuid,\r
             &mVendorKeyState,\r
             sizeof (UINT8),\r
             EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));\r
\r
  AuthVarLibContextOut->StructVersion       = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;\r
  AuthVarLibContextOut->StructSize          = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);\r
  AuthVarLibContextOut->AuthVarEntry        = mAuthVarEntry;\r
  AuthVarLibContextOut->AuthVarEntryCount   = ARRAY_SIZE (mAuthVarEntry);\r
  mAuthVarAddressPointer[0]                 = (VOID **)&mCertDbStore;\r
  mAuthVarAddressPointer[1]                 = (VOID **)&mHashCtx;\r
  mAuthVarAddressPointer[2]                 = (VOID **)&mAuthVarLibContextIn;\r
  mAuthVarAddressPointer[3]                 = (VOID **)&(mAuthVarLibContextIn->FindVariable),\r
  mAuthVarAddressPointer[4]                 = (VOID **)&(mAuthVarLibContextIn->FindNextVariable),\r
  mAuthVarAddressPointer[5]                 = (VOID **)&(mAuthVarLibContextIn->UpdateVariable),\r
  mAuthVarAddressPointer[6]                 = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer),\r
  mAuthVarAddressPointer[7]                 = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),\r
  mAuthVarAddressPointer[8]                 = (VOID **)&(mAuthVarLibContextIn->AtRuntime),\r
  AuthVarLibContextOut->AddressPointer      = mAuthVarAddressPointer;\r
  AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);\r
\r
  return Status;\r
}\r
\r
/**\r
  Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
\r
  @param[in] VariableName           Name of the variable.\r
  @param[in] VendorGuid             Variable vendor GUID.\r
  @param[in] Data                   Data pointer.\r
  @param[in] DataSize               Size of Data.\r
  @param[in] Attributes             Attribute value of the variable.\r
\r
  @retval EFI_SUCCESS               The firmware has successfully stored the variable and its data as\r
                                    defined by the Attributes.\r
  @retval EFI_INVALID_PARAMETER     Invalid parameter.\r
  @retval EFI_WRITE_PROTECTED       Variable is write-protected.\r
  @retval EFI_OUT_OF_RESOURCES      There is not enough resource.\r
  @retval EFI_SECURITY_VIOLATION    The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
                                    set, but the AuthInfo does NOT pass the validation\r
                                    check carried out by the firmware.\r
  @retval EFI_UNSUPPORTED           Unsupported to process authenticated variable.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
AuthVariableLibProcessVariable (\r
  IN CHAR16    *VariableName,\r
  IN EFI_GUID  *VendorGuid,\r
  IN VOID      *Data,\r
  IN UINTN     DataSize,\r
  IN UINT32    Attributes\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {\r
    Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);\r
  } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {\r
    Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
  } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&\r
             ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE)  == 0) ||\r
              (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||\r
              (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)\r
             ))\r
  {\r
    Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
    if (EFI_ERROR (Status)) {\r
      Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);\r
    }\r
  } else {\r
    Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes);\r
  }\r
\r
  return Status;\r
}\r
Commit	Line	Data
	1	/** @file\r
	2	Implement authentication services for the authenticated variables.\r
	3	\r
	4	Caution: This module requires additional review when modified.\r
	5	This driver will have external input - variable data. It may be input in SMM mode.\r
	6	This external input must be validated carefully to avoid security issue like\r
	7	buffer overflow, integer overflow.\r
	8	Variable attribute should also be checked to avoid authentication bypass.\r
	9	The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
	10	which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
	11	may not be modified without authorization. If platform fails to protect these resources,\r
	12	the authentication service provided in this driver will be broken, and the behavior is undefined.\r
	13	\r
	14	Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
	15	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	16	\r
	17	**/\r
	18	\r
	19	#include "AuthServiceInternal.h"\r
	20	\r
	21	///\r
	22	/// Global database array for scratch\r
	23	///\r
	24	UINT8 *mCertDbStore;\r
	25	UINT32 mMaxCertDbSize;\r
	26	UINT32 mPlatformMode;\r
	27	UINT8 mVendorKeyState;\r
	28	\r
	29	EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID };\r
	30	\r
	31	//\r
	32	// Hash context pointer\r
	33	//\r
	34	VOID *mHashCtx = NULL;\r
	35	\r
	36	VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {\r
	37	{\r
	38	&gEfiSecureBootEnableDisableGuid,\r
	39	EFI_SECURE_BOOT_ENABLE_NAME,\r
	40	{\r
	41	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	42	0,\r
	43	VARIABLE_ATTRIBUTE_NV_BS,\r
	44	sizeof (UINT8),\r
	45	sizeof (UINT8)\r
	46	}\r
	47	},\r
	48	{\r
	49	&gEfiCustomModeEnableGuid,\r
	50	EFI_CUSTOM_MODE_NAME,\r
	51	{\r
	52	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	53	0,\r
	54	VARIABLE_ATTRIBUTE_NV_BS,\r
	55	sizeof (UINT8),\r
	56	sizeof (UINT8)\r
	57	}\r
	58	},\r
	59	{\r
	60	&gEfiVendorKeysNvGuid,\r
	61	EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
	62	{\r
	63	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	64	VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
	65	VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
	66	sizeof (UINT8),\r
	67	sizeof (UINT8)\r
	68	}\r
	69	},\r
	70	{\r
	71	&gEfiCertDbGuid,\r
	72	EFI_CERT_DB_NAME,\r
	73	{\r
	74	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	75	VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
	76	VARIABLE_ATTRIBUTE_NV_BS_RT_AT,\r
	77	sizeof (UINT32),\r
	78	MAX_UINTN\r
	79	}\r
	80	},\r
	81	{\r
	82	&gEfiCertDbGuid,\r
	83	EFI_CERT_DB_VOLATILE_NAME,\r
	84	{\r
	85	VAR_CHECK_VARIABLE_PROPERTY_REVISION,\r
	86	VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,\r
	87	VARIABLE_ATTRIBUTE_BS_RT_AT,\r
	88	sizeof (UINT32),\r
	89	MAX_UINTN\r
	90	}\r
	91	},\r
	92	};\r
	93	\r
	94	VOID **mAuthVarAddressPointer[9];\r
	95	\r
	96	AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;\r
	97	\r
	98	/**\r
	99	Initialization for authenticated variable services.\r
	100	If this initialization returns error status, other APIs will not work\r
	101	and expect to be not called then.\r
	102	\r
	103	@param[in] AuthVarLibContextIn Pointer to input auth variable lib context.\r
	104	@param[out] AuthVarLibContextOut Pointer to output auth variable lib context.\r
	105	\r
	106	@retval EFI_SUCCESS Function successfully executed.\r
	107	@retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r
	108	@retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.\r
	109	@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
	110	\r
	111	**/\r
	112	EFI_STATUS\r
	113	EFIAPI\r
	114	AuthVariableLibInitialize (\r
	115	IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,\r
	116	OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut\r
	117	)\r
	118	{\r
	119	EFI_STATUS Status;\r
	120	UINT32 VarAttr;\r
	121	UINT8 *Data;\r
	122	UINTN DataSize;\r
	123	UINTN CtxSize;\r
	124	UINT8 SecureBootMode;\r
	125	UINT8 SecureBootEnable;\r
	126	UINT8 CustomMode;\r
	127	UINT32 ListSize;\r
	128	\r
	129	if ((AuthVarLibContextIn == NULL) \|\| (AuthVarLibContextOut == NULL)) {\r
	130	return EFI_INVALID_PARAMETER;\r
	131	}\r
	132	\r
	133	mAuthVarLibContextIn = AuthVarLibContextIn;\r
	134	\r
	135	//\r
	136	// Initialize hash context.\r
	137	//\r
	138	CtxSize = Sha256GetContextSize ();\r
	139	mHashCtx = AllocateRuntimePool (CtxSize);\r
	140	if (mHashCtx == NULL) {\r
	141	return EFI_OUT_OF_RESOURCES;\r
	142	}\r
	143	\r
	144	//\r
	145	// Reserve runtime buffer for certificate database. The size excludes variable header and name size.\r
	146	// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.\r
	147	//\r
	148	mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));\r
	149	mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);\r
	150	if (mCertDbStore == NULL) {\r
	151	return EFI_OUT_OF_RESOURCES;\r
	152	}\r
	153	\r
	154	Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);\r
	155	if (EFI_ERROR (Status)) {\r
	156	DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));\r
	157	} else {\r
	158	DEBUG ((DEBUG_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));\r
	159	}\r
	160	\r
	161	//\r
	162	// Create "SetupMode" variable with BS+RT attribute set.\r
	163	//\r
	164	if (EFI_ERROR (Status)) {\r
	165	mPlatformMode = SETUP_MODE;\r
	166	} else {\r
	167	mPlatformMode = USER_MODE;\r
	168	}\r
	169	\r
	170	Status = AuthServiceInternalUpdateVariable (\r
	171	EFI_SETUP_MODE_NAME,\r
	172	&gEfiGlobalVariableGuid,\r
	173	&mPlatformMode,\r
	174	sizeof (UINT8),\r
	175	EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS\r
	176	);\r
	177	if (EFI_ERROR (Status)) {\r
	178	return Status;\r
	179	}\r
	180	\r
	181	//\r
	182	// Create "SignatureSupport" variable with BS+RT attribute set.\r
	183	//\r
	184	Status = AuthServiceInternalUpdateVariable (\r
	185	EFI_SIGNATURE_SUPPORT_NAME,\r
	186	&gEfiGlobalVariableGuid,\r
	187	mSignatureSupport,\r
	188	sizeof (mSignatureSupport),\r
	189	EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS\r
	190	);\r
	191	if (EFI_ERROR (Status)) {\r
	192	return Status;\r
	193	}\r
	194	\r
	195	//\r
	196	// If "SecureBootEnable" variable exists, then update "SecureBoot" variable.\r
	197	// If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.\r
	198	// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.\r
	199	//\r
	200	SecureBootEnable = SECURE_BOOT_DISABLE;\r
	201	Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);\r
	202	if (!EFI_ERROR (Status)) {\r
	203	if (mPlatformMode == USER_MODE) {\r
	204	SecureBootEnable = (UINT8 )Data;\r
	205	}\r
	206	} else if (mPlatformMode == USER_MODE) {\r
	207	//\r
	208	// "SecureBootEnable" not exist, initialize it in USER_MODE.\r
	209	//\r
	210	SecureBootEnable = SECURE_BOOT_ENABLE;\r
	211	Status = AuthServiceInternalUpdateVariable (\r
	212	EFI_SECURE_BOOT_ENABLE_NAME,\r
	213	&gEfiSecureBootEnableDisableGuid,\r
	214	&SecureBootEnable,\r
	215	sizeof (UINT8),\r
	216	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	217	);\r
	218	if (EFI_ERROR (Status)) {\r
	219	return Status;\r
	220	}\r
	221	}\r
	222	\r
	223	//\r
	224	// Create "SecureBoot" variable with BS+RT attribute set.\r
	225	//\r
	226	if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {\r
	227	SecureBootMode = SECURE_BOOT_MODE_ENABLE;\r
	228	} else {\r
	229	SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
	230	}\r
	231	\r
	232	Status = AuthServiceInternalUpdateVariable (\r
	233	EFI_SECURE_BOOT_MODE_NAME,\r
	234	&gEfiGlobalVariableGuid,\r
	235	&SecureBootMode,\r
	236	sizeof (UINT8),\r
	237	EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	238	);\r
	239	if (EFI_ERROR (Status)) {\r
	240	return Status;\r
	241	}\r
	242	\r
	243	DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));\r
	244	DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));\r
	245	DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));\r
	246	\r
	247	//\r
	248	// Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.\r
	249	//\r
	250	CustomMode = STANDARD_SECURE_BOOT_MODE;\r
	251	Status = AuthServiceInternalUpdateVariable (\r
	252	EFI_CUSTOM_MODE_NAME,\r
	253	&gEfiCustomModeEnableGuid,\r
	254	&CustomMode,\r
	255	sizeof (UINT8),\r
	256	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	257	);\r
	258	if (EFI_ERROR (Status)) {\r
	259	return Status;\r
	260	}\r
	261	\r
	262	DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));\r
	263	\r
	264	//\r
	265	// Check "certdb" variable's existence.\r
	266	// If it doesn't exist, then create a new one with\r
	267	// EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
	268	//\r
	269	Status = AuthServiceInternalFindVariable (\r
	270	EFI_CERT_DB_NAME,\r
	271	&gEfiCertDbGuid,\r
	272	(VOID **)&Data,\r
	273	&DataSize\r
	274	);\r
	275	if (EFI_ERROR (Status)) {\r
	276	VarAttr = EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
	277	ListSize = sizeof (UINT32);\r
	278	Status = AuthServiceInternalUpdateVariable (\r
	279	EFI_CERT_DB_NAME,\r
	280	&gEfiCertDbGuid,\r
	281	&ListSize,\r
	282	sizeof (UINT32),\r
	283	VarAttr\r
	284	);\r
	285	if (EFI_ERROR (Status)) {\r
	286	return Status;\r
	287	}\r
	288	} else {\r
	289	//\r
	290	// Clean up Certs to make certDB & Time based auth variable consistent\r
	291	//\r
	292	Status = CleanCertsFromDb ();\r
	293	if (EFI_ERROR (Status)) {\r
	294	DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status));\r
	295	return Status;\r
	296	}\r
	297	}\r
	298	\r
	299	//\r
	300	// Create "certdbv" variable with RT+BS+AT set.\r
	301	//\r
	302	VarAttr = EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
	303	ListSize = sizeof (UINT32);\r
	304	Status = AuthServiceInternalUpdateVariable (\r
	305	EFI_CERT_DB_VOLATILE_NAME,\r
	306	&gEfiCertDbGuid,\r
	307	&ListSize,\r
	308	sizeof (UINT32),\r
	309	VarAttr\r
	310	);\r
	311	if (EFI_ERROR (Status)) {\r
	312	return Status;\r
	313	}\r
	314	\r
	315	//\r
	316	// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.\r
	317	//\r
	318	Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize);\r
	319	if (!EFI_ERROR (Status)) {\r
	320	mVendorKeyState = (UINT8 )Data;\r
	321	} else {\r
	322	//\r
	323	// "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.\r
	324	//\r
	325	mVendorKeyState = VENDOR_KEYS_VALID;\r
	326	Status = AuthServiceInternalUpdateVariable (\r
	327	EFI_VENDOR_KEYS_NV_VARIABLE_NAME,\r
	328	&gEfiVendorKeysNvGuid,\r
	329	&mVendorKeyState,\r
	330	sizeof (UINT8),\r
	331	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
	332	);\r
	333	if (EFI_ERROR (Status)) {\r
	334	return Status;\r
	335	}\r
	336	}\r
	337	\r
	338	//\r
	339	// Create "VendorKeys" variable with BS+RT attribute set.\r
	340	//\r
	341	Status = AuthServiceInternalUpdateVariable (\r
	342	EFI_VENDOR_KEYS_VARIABLE_NAME,\r
	343	&gEfiGlobalVariableGuid,\r
	344	&mVendorKeyState,\r
	345	sizeof (UINT8),\r
	346	EFI_VARIABLE_RUNTIME_ACCESS \| EFI_VARIABLE_BOOTSERVICE_ACCESS\r
	347	);\r
	348	if (EFI_ERROR (Status)) {\r
	349	return Status;\r
	350	}\r
	351	\r
	352	DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));\r
	353	\r
	354	AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;\r
	355	AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);\r
	356	AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;\r
	357	AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);\r
	358	mAuthVarAddressPointer[0] = (VOID **)&mCertDbStore;\r
	359	mAuthVarAddressPointer[1] = (VOID **)&mHashCtx;\r
	360	mAuthVarAddressPointer[2] = (VOID **)&mAuthVarLibContextIn;\r
	361	mAuthVarAddressPointer[3] = (VOID **)&(mAuthVarLibContextIn->FindVariable),\r
	362	mAuthVarAddressPointer[4] = (VOID **)&(mAuthVarLibContextIn->FindNextVariable),\r
	363	mAuthVarAddressPointer[5] = (VOID **)&(mAuthVarLibContextIn->UpdateVariable),\r
	364	mAuthVarAddressPointer[6] = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer),\r
	365	mAuthVarAddressPointer[7] = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),\r
	366	mAuthVarAddressPointer[8] = (VOID **)&(mAuthVarLibContextIn->AtRuntime),\r
	367	AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;\r
	368	AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);\r
	369	\r
	370	return Status;\r
	371	}\r
	372	\r
	373	/**\r
	374	Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
	375	\r
	376	@param[in] VariableName Name of the variable.\r
	377	@param[in] VendorGuid Variable vendor GUID.\r
	378	@param[in] Data Data pointer.\r
	379	@param[in] DataSize Size of Data.\r
	380	@param[in] Attributes Attribute value of the variable.\r
	381	\r
	382	@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r
	383	defined by the Attributes.\r
	384	@retval EFI_INVALID_PARAMETER Invalid parameter.\r
	385	@retval EFI_WRITE_PROTECTED Variable is write-protected.\r
	386	@retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
	387	@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
	388	set, but the AuthInfo does NOT pass the validation\r
	389	check carried out by the firmware.\r
	390	@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
	391	\r
	392	**/\r
	393	EFI_STATUS\r
	394	EFIAPI\r
	395	AuthVariableLibProcessVariable (\r
	396	IN CHAR16 *VariableName,\r
	397	IN EFI_GUID *VendorGuid,\r
	398	IN VOID *Data,\r
	399	IN UINTN DataSize,\r
	400	IN UINT32 Attributes\r
	401	)\r
	402	{\r
	403	EFI_STATUS Status;\r
	404	\r
	405	if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {\r
	406	Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);\r
	407	} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {\r
	408	Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
	409	} else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&\r
	410	((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) \|\|\r
	411	(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) \|\|\r
	412	(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)\r
	413	))\r
	414	{\r
	415	Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);\r
	416	if (EFI_ERROR (Status)) {\r
	417	Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);\r
	418	}\r
	419	} else {\r
	420	Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes);\r
	421	}\r
	422	\r
	423	return Status;\r
	424	}\r