]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update SignatureSupport variable to reflect firmware capability.
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / AuthService.h
1 /** @file
2 The internal header file includes the common header files, defines
3 internal structure and functions used by AuthService module.
4
5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef _AUTHSERVICE_H_
17 #define _AUTHSERVICE_H_
18
19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
20 #define EFI_CERT_TYPE_RSA2048_SIZE 256
21
22 ///
23 /// Size of AuthInfo prior to the data payload.
24 ///
25 #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
26 (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
27 sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
28
29 #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
30 (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
31
32 #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
33 (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
34
35 ///
36 /// "AuthVarKeyDatabase" variable for the Public Key store.
37 ///
38 #define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
39 #define AUTHVAR_KEYDB_NAME_SIZE 38
40
41 ///
42 /// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.
43 ///
44 #define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)
45 #define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
46
47 ///
48 /// Struct to record signature requirement defined by UEFI spec.
49 /// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.
50 ///
51 typedef struct {
52 EFI_GUID SigType;
53 // Expected SignatureHeader size in Bytes.
54 UINT32 SigHeaderSize;
55 // Expected SignatureData size in Bytes.
56 UINT32 SigDataSize;
57 } EFI_SIGNATURE_ITEM;
58
59 /**
60 Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
61
62 @param[in] VariableName Name of Variable to be found.
63 @param[in] VendorGuid Variable vendor GUID.
64
65 @param[in] Data Data pointer.
66 @param[in] DataSize Size of Data found. If size is less than the
67 data, this value contains the required size.
68 @param[in] Variable The variable information which is used to keep track of variable usage.
69 @param[in] Attributes Attribute value of the variable.
70
71 @return EFI_INVALID_PARAMETER Invalid parameter
72 @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
73 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
74 @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
75 set, but the AuthInfo does NOT pass the validation
76 check carried out by the firmware.
77 @return EFI_SUCCESS Variable is not write-protected, or passed validation successfully.
78
79 **/
80 EFI_STATUS
81 ProcessVariable (
82 IN CHAR16 *VariableName,
83 IN EFI_GUID *VendorGuid,
84 IN VOID *Data,
85 IN UINTN DataSize,
86 IN VARIABLE_POINTER_TRACK *Variable,
87 IN UINT32 Attributes
88 );
89
90 /**
91 Update platform mode.
92
93 @param[in] Mode SETUP_MODE or USER_MODE.
94
95 @return EFI_INVALID_PARAMETER Invalid parameter.
96 @return EFI_SUCCESS Update platform mode successfully.
97
98 **/
99 EFI_STATUS
100 UpdatePlatformMode (
101 IN UINT32 Mode
102 );
103
104 /**
105 Initializes for authenticated varibale service.
106
107 @retval EFI_SUCCESS Function successfully executed.
108 @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.
109
110 **/
111 EFI_STATUS
112 AutenticatedVariableServiceInitialize (
113 VOID
114 );
115
116 /**
117 Initializes for cryptlib service before use, include register algrithm and allocate scratch.
118
119 **/
120 VOID
121 CryptLibraryInitialize (
122 VOID
123 );
124
125 /**
126 Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK variable.
127
128 @param[in] VariableName Name of Variable to be check.
129 @param[in] VendorGuid Variable vendor GUID.
130 @param[in] Data Point to the variable data to be checked.
131 @param[in] DataSize Size of Data.
132
133 @return EFI_INVALID_PARAMETER Invalid signature list format.
134 @return EFI_SUCCESS Passed signature list format check successfully.
135
136 **/
137 EFI_STATUS
138 CheckSignatureListFormat(
139 IN CHAR16 *VariableName,
140 IN EFI_GUID *VendorGuid,
141 IN VOID *Data,
142 IN UINTN DataSize
143 );
144
145 /**
146 Process variable with platform key for verification.
147
148 @param[in] VariableName Name of Variable to be found.
149 @param[in] VendorGuid Variable vendor GUID.
150 @param[in] Data Data pointer.
151 @param[in] DataSize Size of Data found. If size is less than the
152 data, this value contains the required size.
153 @param[in] Variable The variable information which is used to keep track of variable usage.
154 @param[in] Attributes Attribute value of the variable.
155 @param[in] IsPk Indicate whether it is to process pk.
156
157 @return EFI_INVALID_PARAMETER Invalid parameter
158 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
159 check carried out by the firmware.
160 @return EFI_SUCCESS Variable passed validation successfully.
161
162 **/
163 EFI_STATUS
164 ProcessVarWithPk (
165 IN CHAR16 *VariableName,
166 IN EFI_GUID *VendorGuid,
167 IN VOID *Data,
168 IN UINTN DataSize,
169 IN VARIABLE_POINTER_TRACK *Variable,
170 IN UINT32 Attributes OPTIONAL,
171 IN BOOLEAN IsPk
172 );
173
174 /**
175 Process variable with key exchange key for verification.
176
177 @param[in] VariableName Name of Variable to be found.
178 @param[in] VendorGuid Variable vendor GUID.
179 @param[in] Data Data pointer.
180 @param[in] DataSize Size of Data found. If size is less than the
181 data, this value contains the required size.
182 @param[in] Variable The variable information that is used to keep track of variable usage.
183 @param[in] Attributes Attribute value of the variable.
184
185 @return EFI_INVALID_PARAMETER Invalid parameter.
186 @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
187 check carried out by the firmware.
188 @return EFI_SUCCESS Variable passed validation successfully.
189
190 **/
191 EFI_STATUS
192 ProcessVarWithKek (
193 IN CHAR16 *VariableName,
194 IN EFI_GUID *VendorGuid,
195 IN VOID *Data,
196 IN UINTN DataSize,
197 IN VARIABLE_POINTER_TRACK *Variable,
198 IN UINT32 Attributes OPTIONAL
199 );
200
201 /**
202 Merge two buffers which formatted as EFI_SIGNATURE_LIST. Only the new EFI_SIGNATURE_DATA
203 will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA
204 will be ignored.
205
206 @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.
207 @param[in] DataSize Size of Data buffer.
208 @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.
209 @param[in] NewDataSize Size of NewData buffer.
210
211 @return Size of the merged buffer.
212
213 **/
214 UINTN
215 AppendSignatureList (
216 IN OUT VOID *Data,
217 IN UINTN DataSize,
218 IN VOID *NewData,
219 IN UINTN NewDataSize
220 );
221
222 /**
223 Compare two EFI_TIME data.
224
225
226 @param FirstTime A pointer to the first EFI_TIME data.
227 @param SecondTime A pointer to the second EFI_TIME data.
228
229 @retval TRUE The FirstTime is not later than the SecondTime.
230 @retval FALSE The FirstTime is later than the SecondTime.
231
232 **/
233 BOOLEAN
234 CompareTimeStamp (
235 IN EFI_TIME *FirstTime,
236 IN EFI_TIME *SecondTime
237 );
238
239
240 /**
241 Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
242
243 @param[in] VariableName Name of Variable to be found.
244 @param[in] VendorGuid Variable vendor GUID.
245 @param[in] Data Data pointer.
246 @param[in] DataSize Size of Data found. If size is less than the
247 data, this value contains the required size.
248 @param[in] Variable The variable information which is used to keep track of variable usage.
249 @param[in] Attributes Attribute value of the variable.
250 @param[in] Pk Verify against PK or KEK database.
251 @param[out] VarDel Delete the variable or not.
252
253 @retval EFI_INVALID_PARAMETER Invalid parameter.
254 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
255 check carried out by the firmware.
256 @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack
257 of resources.
258 @retval EFI_SUCCESS Variable pass validation successfully.
259
260 **/
261 EFI_STATUS
262 VerifyTimeBasedPayload (
263 IN CHAR16 *VariableName,
264 IN EFI_GUID *VendorGuid,
265 IN VOID *Data,
266 IN UINTN DataSize,
267 IN VARIABLE_POINTER_TRACK *Variable,
268 IN UINT32 Attributes,
269 IN BOOLEAN Pk,
270 OUT BOOLEAN *VarDel
271 );
272
273 extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
274 extern UINT32 mPubKeyNumber;
275 extern VOID *mHashCtx;
276 extern VOID *mStorageArea;
277 extern UINT8 *mSerializationRuntimeBuffer;
278
279 #endif
EFI Development Kit II mirror for PVE