2 The internal header file includes the common header files, defines
3 internal structure and functions used by AuthService module.
5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #ifndef _AUTHSERVICE_H_
17 #define _AUTHSERVICE_H_
19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
20 #define EFI_CERT_TYPE_RSA2048_SIZE 256
23 /// Size of AuthInfo prior to the data payload
25 #define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
28 /// "AuthVarKeyDatabase" variable for the Public Key store.
30 #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
31 #define AUTHVAR_KEYDB_NAME_SIZE 38
34 /// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
36 #define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)
37 #define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
40 /// Item number of support signature types.
42 #define SIGSUPPORT_NUM 2
46 Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
48 @param[in] VariableName Name of Variable to be found.
49 @param[in] VendorGuid Variable vendor GUID.
51 @param[in] Data Data pointer.
52 @param[in] DataSize Size of Data found. If size is less than the
53 data, this value contains the required size.
54 @param[in] Variable The variable information which is used to keep track of variable usage.
55 @param[in] Attributes Attribute value of the variable.
57 @return EFI_INVALID_PARAMETER Invalid parameter
58 @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
59 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
60 @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
61 set, but the AuthInfo does NOT pass the validation
62 check carried out by the firmware.
63 @return EFI_SUCCESS Variable is not write-protected, or passed validation successfully.
68 IN CHAR16
*VariableName
,
69 IN EFI_GUID
*VendorGuid
,
72 IN VARIABLE_POINTER_TRACK
*Variable
,
77 Initializes for authenticated varibale service.
79 @retval EFI_SUCCESS Function successfully executed.
80 @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.
84 AutenticatedVariableServiceInitialize (
89 Initializes for cryptlib service before use, include register algrithm and allocate scratch.
93 CryptLibraryInitialize (
98 Process variable with platform key for verification.
100 @param[in] VariableName Name of Variable to be found.
101 @param[in] VendorGuid Variable vendor GUID.
102 @param[in] Data Data pointer.
103 @param[in] DataSize Size of Data found. If size is less than the
104 data, this value contains the required size.
105 @param[in] Variable The variable information which is used to keep track of variable usage.
106 @param[in] Attributes Attribute value of the variable.
107 @param[in] IsPk Indicate whether it is to process pk.
109 @return EFI_INVALID_PARAMETER Invalid parameter
110 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
111 check carried out by the firmware.
112 @return EFI_SUCCESS Variable passed validation successfully.
117 IN CHAR16
*VariableName
,
118 IN EFI_GUID
*VendorGuid
,
121 IN VARIABLE_POINTER_TRACK
*Variable
,
122 IN UINT32 Attributes OPTIONAL
,
127 Process variable with key exchange key for verification.
129 @param[in] VariableName Name of Variable to be found.
130 @param[in] VendorGuid Variable vendor GUID.
131 @param[in] Data Data pointer.
132 @param[in] DataSize Size of Data found. If size is less than the
133 data, this value contains the required size.
134 @param[in] Variable The variable information that is used to keep track of variable usage.
135 @param[in] Attributes Attribute value of the variable.
137 @return EFI_INVALID_PARAMETER Invalid parameter.
138 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
139 check carried out by the firmware.
140 @return EFI_SUCCESS Variable passed validation successfully.
145 IN CHAR16
*VariableName
,
146 IN EFI_GUID
*VendorGuid
,
149 IN VARIABLE_POINTER_TRACK
*Variable
,
150 IN UINT32 Attributes OPTIONAL
154 Compare two EFI_TIME data.
157 @param FirstTime A pointer to the first EFI_TIME data.
158 @param SecondTime A pointer to the second EFI_TIME data.
160 @retval TRUE The FirstTime is not later than the SecondTime.
161 @retval FALSE The FirstTime is later than the SecondTime.
166 IN EFI_TIME
*FirstTime
,
167 IN EFI_TIME
*SecondTime
172 Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
174 @param[in] VariableName Name of Variable to be found.
175 @param[in] VendorGuid Variable vendor GUID.
176 @param[in] Data Data pointer.
177 @param[in] DataSize Size of Data found. If size is less than the
178 data, this value contains the required size.
179 @param[in] Variable The variable information which is used to keep track of variable usage.
180 @param[in] Attributes Attribute value of the variable.
181 @param[in] Pk Verify against PK or KEK database.
182 @param[out] VarDel Delete the variable or not.
184 @retval EFI_INVALID_PARAMETER Invalid parameter.
185 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
186 check carried out by the firmware.
187 @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack
189 @retval EFI_SUCCESS Variable pass validation successfully.
193 VerifyTimeBasedPayload (
194 IN CHAR16
*VariableName
,
195 IN EFI_GUID
*VendorGuid
,
198 IN VARIABLE_POINTER_TRACK
*Variable
,
199 IN UINT32 Attributes
,
204 extern UINT8 mPubKeyStore
[MAX_KEYDB_SIZE
];
205 extern UINT32 mPubKeyNumber
;
206 extern VOID
*mHashCtx
;
207 extern VOID
*mStorageArea
;