2 The internal header file includes the common header files, defines
3 internal structure and functions used by AuthService module.
5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #ifndef _AUTHSERVICE_H_
17 #define _AUTHSERVICE_H_
19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
20 #define EFI_CERT_TYPE_RSA2048_SIZE 256
23 /// Size of AuthInfo prior to the data payload.
25 #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
26 (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
27 sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
29 #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
30 (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
32 #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
33 (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
36 /// "AuthVarKeyDatabase" variable for the Public Key store.
38 #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
39 #define AUTHVAR_KEYDB_NAME_SIZE 38
42 /// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
44 #define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)
45 #define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
48 /// Struct to record signature requirement defined by UEFI spec.
49 /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.
53 // Expected SignatureHeader size in Bytes.
55 // Expected SignatureData size in Bytes.
60 Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
62 @param[in] VariableName Name of Variable to be found.
63 @param[in] VendorGuid Variable vendor GUID.
65 @param[in] Data Data pointer.
66 @param[in] DataSize Size of Data found. If size is less than the
67 data, this value contains the required size.
68 @param[in] Variable The variable information which is used to keep track of variable usage.
69 @param[in] Attributes Attribute value of the variable.
71 @return EFI_INVALID_PARAMETER Invalid parameter
72 @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
73 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
74 @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
75 set, but the AuthInfo does NOT pass the validation
76 check carried out by the firmware.
77 @return EFI_SUCCESS Variable is not write-protected, or passed validation successfully.
82 IN CHAR16
*VariableName
,
83 IN EFI_GUID
*VendorGuid
,
86 IN VARIABLE_POINTER_TRACK
*Variable
,
93 @param[in] Mode SETUP_MODE or USER_MODE.
95 @return EFI_INVALID_PARAMETER Invalid parameter.
96 @return EFI_SUCCESS Update platform mode successfully.
105 Initializes for authenticated varibale service.
107 @retval EFI_SUCCESS Function successfully executed.
108 @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.
112 AutenticatedVariableServiceInitialize (
117 Initializes for cryptlib service before use, include register algrithm and allocate scratch.
121 CryptLibraryInitialize (
126 Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK variable.
128 @param[in] VariableName Name of Variable to be check.
129 @param[in] VendorGuid Variable vendor GUID.
130 @param[in] Data Point to the variable data to be checked.
131 @param[in] DataSize Size of Data.
133 @return EFI_INVALID_PARAMETER Invalid signature list format.
134 @return EFI_SUCCESS Passed signature list format check successfully.
138 CheckSignatureListFormat(
139 IN CHAR16
*VariableName
,
140 IN EFI_GUID
*VendorGuid
,
146 Process variable with platform key for verification.
148 @param[in] VariableName Name of Variable to be found.
149 @param[in] VendorGuid Variable vendor GUID.
150 @param[in] Data Data pointer.
151 @param[in] DataSize Size of Data found. If size is less than the
152 data, this value contains the required size.
153 @param[in] Variable The variable information which is used to keep track of variable usage.
154 @param[in] Attributes Attribute value of the variable.
155 @param[in] IsPk Indicate whether it is to process pk.
157 @return EFI_INVALID_PARAMETER Invalid parameter
158 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
159 check carried out by the firmware.
160 @return EFI_SUCCESS Variable passed validation successfully.
165 IN CHAR16
*VariableName
,
166 IN EFI_GUID
*VendorGuid
,
169 IN VARIABLE_POINTER_TRACK
*Variable
,
170 IN UINT32 Attributes OPTIONAL
,
175 Process variable with key exchange key for verification.
177 @param[in] VariableName Name of Variable to be found.
178 @param[in] VendorGuid Variable vendor GUID.
179 @param[in] Data Data pointer.
180 @param[in] DataSize Size of Data found. If size is less than the
181 data, this value contains the required size.
182 @param[in] Variable The variable information that is used to keep track of variable usage.
183 @param[in] Attributes Attribute value of the variable.
185 @return EFI_INVALID_PARAMETER Invalid parameter.
186 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
187 check carried out by the firmware.
188 @return EFI_SUCCESS Variable passed validation successfully.
193 IN CHAR16
*VariableName
,
194 IN EFI_GUID
*VendorGuid
,
197 IN VARIABLE_POINTER_TRACK
*Variable
,
198 IN UINT32 Attributes OPTIONAL
202 Merge two buffers which formatted as EFI_SIGNATURE_LIST. Only the new EFI_SIGNATURE_DATA
203 will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA
206 @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.
207 @param[in] DataSize Size of Data buffer.
208 @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.
209 @param[in] NewDataSize Size of NewData buffer.
211 @return Size of the merged buffer.
215 AppendSignatureList (
223 Compare two EFI_TIME data.
226 @param FirstTime A pointer to the first EFI_TIME data.
227 @param SecondTime A pointer to the second EFI_TIME data.
229 @retval TRUE The FirstTime is not later than the SecondTime.
230 @retval FALSE The FirstTime is later than the SecondTime.
235 IN EFI_TIME
*FirstTime
,
236 IN EFI_TIME
*SecondTime
241 Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
243 @param[in] VariableName Name of Variable to be found.
244 @param[in] VendorGuid Variable vendor GUID.
245 @param[in] Data Data pointer.
246 @param[in] DataSize Size of Data found. If size is less than the
247 data, this value contains the required size.
248 @param[in] Variable The variable information which is used to keep track of variable usage.
249 @param[in] Attributes Attribute value of the variable.
250 @param[in] Pk Verify against PK or KEK database.
251 @param[out] VarDel Delete the variable or not.
253 @retval EFI_INVALID_PARAMETER Invalid parameter.
254 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
255 check carried out by the firmware.
256 @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack
258 @retval EFI_SUCCESS Variable pass validation successfully.
262 VerifyTimeBasedPayload (
263 IN CHAR16
*VariableName
,
264 IN EFI_GUID
*VendorGuid
,
267 IN VARIABLE_POINTER_TRACK
*Variable
,
268 IN UINT32 Attributes
,
273 extern UINT8 mPubKeyStore
[MAX_KEYDB_SIZE
];
274 extern UINT32 mPubKeyNumber
;
275 extern VOID
*mHashCtx
;
276 extern VOID
*mStorageArea
;
277 extern UINT8
*mSerializationRuntimeBuffer
;