f740c0ae755f193415bb60d903b4efef7cf764cb
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.c
1 /** @file
2 HII Config Access protocol implementation of SecureBoot configuration module.
3
4 Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "SecureBootConfigImpl.h"
16
17 CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";
18
19 SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = {
20 SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE,
21 {
22 SecureBootExtractConfig,
23 SecureBootRouteConfig,
24 SecureBootCallback
25 }
26 };
27
28 HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = {
29 {
30 {
31 HARDWARE_DEVICE_PATH,
32 HW_VENDOR_DP,
33 {
34 (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
35 (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
36 }
37 },
38 SECUREBOOT_CONFIG_FORM_SET_GUID
39 },
40 {
41 END_DEVICE_PATH_TYPE,
42 END_ENTIRE_DEVICE_PATH_SUBTYPE,
43 {
44 (UINT8) (END_DEVICE_PATH_LENGTH),
45 (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
46 }
47 }
48 };
49
50
51 //
52 // OID ASN.1 Value for Hash Algorithms
53 //
54 UINT8 mHashOidValue[] = {
55 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5
56 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1
57 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224
58 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
59 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
60 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
61 };
62
63 HASH_TABLE mHash[] = {
64 { L"SHA1", 20, &mHashOidValue[8], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
65 { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL },
66 { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize,Sha256Init, Sha256Update, Sha256Final},
67 { L"SHA384", 48, &mHashOidValue[31], 9, NULL, NULL, NULL, NULL },
68 { L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }
69 };
70
71
72 // Variable Definitions
73 UINT32 mPeCoffHeaderOffset = 0;
74 WIN_CERTIFICATE *mCertificate = NULL;
75 IMAGE_TYPE mImageType;
76 UINT8 *mImageBase = NULL;
77 UINTN mImageSize = 0;
78 UINT8 mImageDigest[MAX_DIGEST_SIZE];
79 UINTN mImageDigestSize;
80 EFI_GUID mCertType;
81 EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL;
82 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
83
84
85 /**
86 Set Secure Boot option into variable space.
87
88 @param[in] VarValue The option of Secure Boot.
89
90 @retval EFI_SUCCESS The operation is finished successfully.
91 @retval Others Other errors as indicated.
92
93 **/
94 EFI_STATUS
95 SaveSecureBootVariable (
96 IN UINT8 VarValue
97 )
98 {
99 EFI_STATUS Status;
100
101 Status = gRT->SetVariable (
102 EFI_SECURE_BOOT_ENABLE_NAME,
103 &gEfiSecureBootEnableDisableGuid,
104 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
105 sizeof (UINT8),
106 &VarValue
107 );
108 return Status;
109 }
110
111 /**
112 Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2
113 descriptor with the input data. NO authentication is required in this function.
114
115 @param[in, out] DataSize On input, the size of Data buffer in bytes.
116 On output, the size of data returned in Data
117 buffer in bytes.
118 @param[in, out] Data On input, Pointer to data buffer to be wrapped or
119 pointer to NULL to wrap an empty payload.
120 On output, Pointer to the new payload date buffer allocated from pool,
121 it's caller's responsibility to free the memory when finish using it.
122
123 @retval EFI_SUCCESS Create time based payload successfully.
124 @retval EFI_OUT_OF_RESOURCES There are not enough memory resourses to create time based payload.
125 @retval EFI_INVALID_PARAMETER The parameter is invalid.
126 @retval Others Unexpected error happens.
127
128 **/
129 EFI_STATUS
130 CreateTimeBasedPayload (
131 IN OUT UINTN *DataSize,
132 IN OUT UINT8 **Data
133 )
134 {
135 EFI_STATUS Status;
136 UINT8 *NewData;
137 UINT8 *Payload;
138 UINTN PayloadSize;
139 EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;
140 UINTN DescriptorSize;
141 EFI_TIME Time;
142
143 if (Data == NULL || DataSize == NULL) {
144 return EFI_INVALID_PARAMETER;
145 }
146
147 //
148 // In Setup mode or Custom mode, the variable does not need to be signed but the
149 // parameters to the SetVariable() call still need to be prepared as authenticated
150 // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor without certificate
151 // data in it.
152 //
153 Payload = *Data;
154 PayloadSize = *DataSize;
155
156 DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
157 NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize);
158 if (NewData == NULL) {
159 return EFI_OUT_OF_RESOURCES;
160 }
161
162 if ((Payload != NULL) && (PayloadSize != 0)) {
163 CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
164 }
165
166 DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
167
168 ZeroMem (&Time, sizeof (EFI_TIME));
169 Status = gRT->GetTime (&Time, NULL);
170 if (EFI_ERROR (Status)) {
171 FreePool(NewData);
172 return Status;
173 }
174 Time.Pad1 = 0;
175 Time.Nanosecond = 0;
176 Time.TimeZone = 0;
177 Time.Daylight = 0;
178 Time.Pad2 = 0;
179 CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME));
180
181 DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
182 DescriptorData->AuthInfo.Hdr.wRevision = 0x0200;
183 DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID;
184 CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
185
186 if (Payload != NULL) {
187 FreePool(Payload);
188 }
189
190 *DataSize = DescriptorSize + PayloadSize;
191 *Data = NewData;
192 return EFI_SUCCESS;
193 }
194
195 /**
196 Internal helper function to delete a Variable given its name and GUID, NO authentication
197 required.
198
199 @param[in] VariableName Name of the Variable.
200 @param[in] VendorGuid GUID of the Variable.
201
202 @retval EFI_SUCCESS Variable deleted successfully.
203 @retval Others The driver failed to start the device.
204
205 **/
206 EFI_STATUS
207 DeleteVariable (
208 IN CHAR16 *VariableName,
209 IN EFI_GUID *VendorGuid
210 )
211 {
212 EFI_STATUS Status;
213 VOID* Variable;
214 UINT8 *Data;
215 UINTN DataSize;
216 UINT32 Attr;
217
218 Variable = GetVariable (VariableName, VendorGuid);
219 if (Variable == NULL) {
220 return EFI_SUCCESS;
221 }
222
223 Data = NULL;
224 DataSize = 0;
225 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
226 | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
227
228 Status = CreateTimeBasedPayload (&DataSize, &Data);
229 if (EFI_ERROR (Status)) {
230 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
231 return Status;
232 }
233
234 Status = gRT->SetVariable (
235 VariableName,
236 VendorGuid,
237 Attr,
238 DataSize,
239 Data
240 );
241 if (Data != NULL) {
242 FreePool (Data);
243 }
244 return Status;
245 }
246
247 /**
248 Generate the PK signature list from the X509 Certificate storing file (.cer)
249
250 @param[in] X509File FileHandle of X509 Certificate storing file.
251 @param[out] PkCert Point to the data buffer to store the signature list.
252
253 @return EFI_UNSUPPORTED Unsupported Key Length.
254 @return EFI_OUT_OF_RESOURCES There are not enough memory resourses to form the signature list.
255
256 **/
257 EFI_STATUS
258 CreatePkX509SignatureList (
259 IN EFI_FILE_HANDLE X509File,
260 OUT EFI_SIGNATURE_LIST **PkCert
261 )
262 {
263 EFI_STATUS Status;
264 UINT8 *X509Data;
265 UINTN X509DataSize;
266 EFI_SIGNATURE_DATA *PkCertData;
267
268 X509Data = NULL;
269 PkCertData = NULL;
270 X509DataSize = 0;
271
272 Status = ReadFileContent (X509File, (VOID**) &X509Data, &X509DataSize, 0);
273 if (EFI_ERROR (Status)) {
274 goto ON_EXIT;
275 }
276 ASSERT (X509Data != NULL);
277
278 //
279 // Allocate space for PK certificate list and initialize it.
280 // Create PK database entry with SignatureHeaderSize equals 0.
281 //
282 *PkCert = (EFI_SIGNATURE_LIST*) AllocateZeroPool (
283 sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1
284 + X509DataSize
285 );
286 if (*PkCert == NULL) {
287 Status = EFI_OUT_OF_RESOURCES;
288 goto ON_EXIT;
289 }
290
291 (*PkCert)->SignatureListSize = (UINT32) (sizeof(EFI_SIGNATURE_LIST)
292 + sizeof(EFI_SIGNATURE_DATA) - 1
293 + X509DataSize);
294 (*PkCert)->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
295 (*PkCert)->SignatureHeaderSize = 0;
296 CopyGuid (&(*PkCert)->SignatureType, &gEfiCertX509Guid);
297 PkCertData = (EFI_SIGNATURE_DATA*) ((UINTN)(*PkCert)
298 + sizeof(EFI_SIGNATURE_LIST)
299 + (*PkCert)->SignatureHeaderSize);
300 CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid);
301 //
302 // Fill the PK database with PKpub data from X509 certificate file.
303 //
304 CopyMem (&(PkCertData->SignatureData[0]), X509Data, X509DataSize);
305
306 ON_EXIT:
307
308 if (X509Data != NULL) {
309 FreePool (X509Data);
310 }
311
312 if (EFI_ERROR(Status) && *PkCert != NULL) {
313 FreePool (*PkCert);
314 *PkCert = NULL;
315 }
316
317 return Status;
318 }
319
320 /**
321 Enroll new PK into the System without original PK's authentication.
322
323 The SignatureOwner GUID will be the same with PK's vendorguid.
324
325 @param[in] PrivateData The module's private data.
326
327 @retval EFI_SUCCESS New PK enrolled successfully.
328 @retval EFI_INVALID_PARAMETER The parameter is invalid.
329 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
330
331 **/
332 EFI_STATUS
333 EnrollPlatformKey (
334 IN SECUREBOOT_CONFIG_PRIVATE_DATA* Private
335 )
336 {
337 EFI_STATUS Status;
338 UINT32 Attr;
339 UINTN DataSize;
340 EFI_SIGNATURE_LIST *PkCert;
341 UINT16* FilePostFix;
342
343 if (Private->FileContext->FileName == NULL) {
344 return EFI_INVALID_PARAMETER;
345 }
346
347 PkCert = NULL;
348
349 //
350 // Parse the file's postfix. Only support *.cer(X509) files.
351 //
352 FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
353 if (CompareMem (FilePostFix, L".cer",4)) {
354 DEBUG ((EFI_D_ERROR, "Don't support the file, only *.cer is supported."));
355 return EFI_INVALID_PARAMETER;
356 }
357 DEBUG ((EFI_D_INFO, "FileName= %s\n", Private->FileContext->FileName));
358 DEBUG ((EFI_D_INFO, "FilePostFix = %s\n", FilePostFix));
359
360 //
361 // Prase the selected PK file and generature PK certificate list.
362 //
363 Status = CreatePkX509SignatureList (
364 Private->FileContext->FHandle,
365 &PkCert
366 );
367 if (EFI_ERROR (Status)) {
368 goto ON_EXIT;
369 }
370 ASSERT (PkCert != NULL);
371
372 //
373 // Set Platform Key variable.
374 //
375 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
376 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
377 DataSize = PkCert->SignatureListSize;
378 Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &PkCert);
379 if (EFI_ERROR (Status)) {
380 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
381 goto ON_EXIT;
382 }
383
384 Status = gRT->SetVariable(
385 EFI_PLATFORM_KEY_NAME,
386 &gEfiGlobalVariableGuid,
387 Attr,
388 DataSize,
389 PkCert
390 );
391 if (EFI_ERROR (Status)) {
392 if (Status == EFI_OUT_OF_RESOURCES) {
393 DEBUG ((EFI_D_ERROR, "Enroll PK failed with out of resource.\n"));
394 }
395 goto ON_EXIT;
396 }
397
398 ON_EXIT:
399
400 if (PkCert != NULL) {
401 FreePool(PkCert);
402 }
403
404 if (Private->FileContext->FHandle != NULL) {
405 CloseFile (Private->FileContext->FHandle);
406 Private->FileContext->FHandle = NULL;
407 }
408
409 return Status;
410 }
411
412 /**
413 Remove the PK variable.
414
415 @retval EFI_SUCCESS Delete PK successfully.
416 @retval Others Could not allow to delete PK.
417
418 **/
419 EFI_STATUS
420 DeletePlatformKey (
421 VOID
422 )
423 {
424 EFI_STATUS Status;
425
426 Status = DeleteVariable (
427 EFI_PLATFORM_KEY_NAME,
428 &gEfiGlobalVariableGuid
429 );
430 return Status;
431 }
432
433 /**
434 Enroll a new KEK item from public key storing file (*.pbk).
435
436 @param[in] PrivateData The module's private data.
437
438 @retval EFI_SUCCESS New KEK enrolled successfully.
439 @retval EFI_INVALID_PARAMETER The parameter is invalid.
440 @retval EFI_UNSUPPORTED Unsupported command.
441 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
442
443 **/
444 EFI_STATUS
445 EnrollRsa2048ToKek (
446 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
447 )
448 {
449 EFI_STATUS Status;
450 UINT32 Attr;
451 UINTN DataSize;
452 EFI_SIGNATURE_LIST *KekSigList;
453 UINTN KeyBlobSize;
454 UINT8 *KeyBlob;
455 CPL_KEY_INFO *KeyInfo;
456 EFI_SIGNATURE_DATA *KEKSigData;
457 UINTN KekSigListSize;
458 UINT8 *KeyBuffer;
459 UINTN KeyLenInBytes;
460
461 Attr = 0;
462 DataSize = 0;
463 KeyBuffer = NULL;
464 KeyBlobSize = 0;
465 KeyBlob = NULL;
466 KeyInfo = NULL;
467 KEKSigData = NULL;
468 KekSigList = NULL;
469 KekSigListSize = 0;
470
471 //
472 // Form the KeKpub certificate list into EFI_SIGNATURE_LIST type.
473 // First, We have to parse out public key data from the pbk key file.
474 //
475 Status = ReadFileContent (
476 Private->FileContext->FHandle,
477 (VOID**) &KeyBlob,
478 &KeyBlobSize,
479 0
480 );
481 if (EFI_ERROR (Status)) {
482 goto ON_EXIT;
483 }
484 ASSERT (KeyBlob != NULL);
485 KeyInfo = (CPL_KEY_INFO *) KeyBlob;
486 if (KeyInfo->KeyLengthInBits / 8 != WIN_CERT_UEFI_RSA2048_SIZE) {
487 DEBUG ((DEBUG_ERROR, "Unsupported key length, Only RSA2048 is supported.\n"));
488 Status = EFI_UNSUPPORTED;
489 goto ON_EXIT;
490 }
491
492 //
493 // Convert the Public key to fix octet string format represented in RSA PKCS#1.
494 //
495 KeyLenInBytes = KeyInfo->KeyLengthInBits / 8;
496 KeyBuffer = AllocateZeroPool (KeyLenInBytes);
497 if (KeyBuffer == NULL) {
498 Status = EFI_OUT_OF_RESOURCES;
499 goto ON_EXIT;
500 }
501 Int2OctStr (
502 (UINTN*) (KeyBlob + sizeof (CPL_KEY_INFO)),
503 KeyLenInBytes / sizeof (UINTN),
504 KeyBuffer,
505 KeyLenInBytes
506 );
507 CopyMem(KeyBlob + sizeof(CPL_KEY_INFO), KeyBuffer, KeyLenInBytes);
508
509 //
510 // Form an new EFI_SIGNATURE_LIST.
511 //
512 KekSigListSize = sizeof(EFI_SIGNATURE_LIST)
513 + sizeof(EFI_SIGNATURE_DATA) - 1
514 + WIN_CERT_UEFI_RSA2048_SIZE;
515
516 KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize);
517 if (KekSigList == NULL) {
518 Status = EFI_OUT_OF_RESOURCES;
519 goto ON_EXIT;
520 }
521
522 KekSigList->SignatureListSize = sizeof(EFI_SIGNATURE_LIST)
523 + sizeof(EFI_SIGNATURE_DATA) - 1
524 + WIN_CERT_UEFI_RSA2048_SIZE;
525 KekSigList->SignatureHeaderSize = 0;
526 KekSigList->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE;
527 CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid);
528
529 KEKSigData = (EFI_SIGNATURE_DATA*)((UINT8*)KekSigList + sizeof(EFI_SIGNATURE_LIST));
530 CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID);
531 CopyMem (
532 KEKSigData->SignatureData,
533 KeyBlob + sizeof(CPL_KEY_INFO),
534 WIN_CERT_UEFI_RSA2048_SIZE
535 );
536
537 //
538 // Check if KEK entry has been already existed.
539 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
540 // new KEK to original variable.
541 //
542 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
543 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
544 Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList);
545 if (EFI_ERROR (Status)) {
546 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
547 goto ON_EXIT;
548 }
549
550 Status = gRT->GetVariable(
551 EFI_KEY_EXCHANGE_KEY_NAME,
552 &gEfiGlobalVariableGuid,
553 NULL,
554 &DataSize,
555 NULL
556 );
557 if (Status == EFI_BUFFER_TOO_SMALL) {
558 Attr |= EFI_VARIABLE_APPEND_WRITE;
559 } else if (Status != EFI_NOT_FOUND) {
560 goto ON_EXIT;
561 }
562
563 //
564 // Done. Now we have formed the correct KEKpub database item, just set it into variable storage,
565 //
566 Status = gRT->SetVariable(
567 EFI_KEY_EXCHANGE_KEY_NAME,
568 &gEfiGlobalVariableGuid,
569 Attr,
570 KekSigListSize,
571 KekSigList
572 );
573 if (EFI_ERROR (Status)) {
574 goto ON_EXIT;
575 }
576
577 ON_EXIT:
578
579 CloseFile (Private->FileContext->FHandle);
580 Private->FileContext->FHandle = NULL;
581 Private->FileContext->FileName = NULL;
582
583 if (Private->SignatureGUID != NULL) {
584 FreePool (Private->SignatureGUID);
585 Private->SignatureGUID = NULL;
586 }
587
588 if (KeyBlob != NULL) {
589 FreePool (KeyBlob);
590 }
591 if (KeyBuffer != NULL) {
592 FreePool (KeyBuffer);
593 }
594 if (KekSigList != NULL) {
595 FreePool (KekSigList);
596 }
597
598 return Status;
599 }
600
601 /**
602 Enroll a new KEK item from X509 certificate file.
603
604 @param[in] PrivateData The module's private data.
605
606 @retval EFI_SUCCESS New X509 is enrolled successfully.
607 @retval EFI_INVALID_PARAMETER The parameter is invalid.
608 @retval EFI_UNSUPPORTED Unsupported command.
609 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
610
611 **/
612 EFI_STATUS
613 EnrollX509ToKek (
614 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
615 )
616 {
617 EFI_STATUS Status;
618 UINTN X509DataSize;
619 VOID *X509Data;
620 EFI_SIGNATURE_DATA *KEKSigData;
621 EFI_SIGNATURE_LIST *KekSigList;
622 UINTN DataSize;
623 UINTN KekSigListSize;
624 UINT32 Attr;
625
626 X509Data = NULL;
627 X509DataSize = 0;
628 KekSigList = NULL;
629 KekSigListSize = 0;
630 DataSize = 0;
631 KEKSigData = NULL;
632
633 Status = ReadFileContent (
634 Private->FileContext->FHandle,
635 &X509Data,
636 &X509DataSize,
637 0
638 );
639 if (EFI_ERROR (Status)) {
640 goto ON_EXIT;
641 }
642 ASSERT (X509Data != NULL);
643
644 KekSigListSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
645 KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize);
646 if (KekSigList == NULL) {
647 Status = EFI_OUT_OF_RESOURCES;
648 goto ON_EXIT;
649 }
650
651 //
652 // Fill Certificate Database parameters.
653 //
654 KekSigList->SignatureListSize = (UINT32) KekSigListSize;
655 KekSigList->SignatureHeaderSize = 0;
656 KekSigList->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
657 CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid);
658
659 KEKSigData = (EFI_SIGNATURE_DATA*) ((UINT8*) KekSigList + sizeof (EFI_SIGNATURE_LIST));
660 CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID);
661 CopyMem (KEKSigData->SignatureData, X509Data, X509DataSize);
662
663 //
664 // Check if KEK been already existed.
665 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
666 // new kek to original variable
667 //
668 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
669 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
670 Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList);
671 if (EFI_ERROR (Status)) {
672 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
673 goto ON_EXIT;
674 }
675
676 Status = gRT->GetVariable(
677 EFI_KEY_EXCHANGE_KEY_NAME,
678 &gEfiGlobalVariableGuid,
679 NULL,
680 &DataSize,
681 NULL
682 );
683 if (Status == EFI_BUFFER_TOO_SMALL) {
684 Attr |= EFI_VARIABLE_APPEND_WRITE;
685 } else if (Status != EFI_NOT_FOUND) {
686 goto ON_EXIT;
687 }
688
689 Status = gRT->SetVariable(
690 EFI_KEY_EXCHANGE_KEY_NAME,
691 &gEfiGlobalVariableGuid,
692 Attr,
693 KekSigListSize,
694 KekSigList
695 );
696 if (EFI_ERROR (Status)) {
697 goto ON_EXIT;
698 }
699
700 ON_EXIT:
701
702 CloseFile (Private->FileContext->FHandle);
703 Private->FileContext->FileName = NULL;
704 Private->FileContext->FHandle = NULL;
705
706 if (Private->SignatureGUID != NULL) {
707 FreePool (Private->SignatureGUID);
708 Private->SignatureGUID = NULL;
709 }
710
711 if (KekSigList != NULL) {
712 FreePool (KekSigList);
713 }
714
715 return Status;
716 }
717
718 /**
719 Enroll new KEK into the System without PK's authentication.
720 The SignatureOwner GUID will be Private->SignatureGUID.
721
722 @param[in] PrivateData The module's private data.
723
724 @retval EFI_SUCCESS New KEK enrolled successful.
725 @retval EFI_INVALID_PARAMETER The parameter is invalid.
726 @retval others Fail to enroll KEK data.
727
728 **/
729 EFI_STATUS
730 EnrollKeyExchangeKey (
731 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private
732 )
733 {
734 UINT16* FilePostFix;
735
736 if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) {
737 return EFI_INVALID_PARAMETER;
738 }
739
740 //
741 // Parse the file's postfix. Supports .cer and .der file as X509 certificate,
742 // and .pbk as RSA public key file.
743 //
744 FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
745 if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {
746 return EnrollX509ToKek (Private);
747 } else if (CompareMem (FilePostFix, L".pbk",4) == 0) {
748 return EnrollRsa2048ToKek (Private);
749 } else {
750 return EFI_INVALID_PARAMETER;
751 }
752 }
753
754 /**
755 Enroll a new X509 certificate into Signature Database (DB or DBX) without
756 KEK's authentication.
757
758 @param[in] PrivateData The module's private data.
759 @param[in] VariableName Variable name of signature database, must be
760 EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1.
761
762 @retval EFI_SUCCESS New X509 is enrolled successfully.
763 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
764
765 **/
766 EFI_STATUS
767 EnrollX509toSigDB (
768 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
769 IN CHAR16 *VariableName
770 )
771 {
772 EFI_STATUS Status;
773 UINTN X509DataSize;
774 VOID *X509Data;
775 EFI_SIGNATURE_LIST *SigDBCert;
776 EFI_SIGNATURE_DATA *SigDBCertData;
777 VOID *Data;
778 UINTN DataSize;
779 UINTN SigDBSize;
780 UINT32 Attr;
781
782 X509DataSize = 0;
783 SigDBSize = 0;
784 DataSize = 0;
785 X509Data = NULL;
786 SigDBCert = NULL;
787 SigDBCertData = NULL;
788 Data = NULL;
789
790 Status = ReadFileContent (
791 Private->FileContext->FHandle,
792 &X509Data,
793 &X509DataSize,
794 0
795 );
796 if (EFI_ERROR (Status)) {
797 goto ON_EXIT;
798 }
799 ASSERT (X509Data != NULL);
800
801 SigDBSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
802
803 Data = AllocateZeroPool (SigDBSize);
804 if (Data == NULL) {
805 Status = EFI_OUT_OF_RESOURCES;
806 goto ON_EXIT;
807 }
808
809 //
810 // Fill Certificate Database parameters.
811 //
812 SigDBCert = (EFI_SIGNATURE_LIST*) Data;
813 SigDBCert->SignatureListSize = (UINT32) SigDBSize;
814 SigDBCert->SignatureHeaderSize = 0;
815 SigDBCert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
816 CopyGuid (&SigDBCert->SignatureType, &gEfiCertX509Guid);
817
818 SigDBCertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) SigDBCert + sizeof (EFI_SIGNATURE_LIST));
819 CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID);
820 CopyMem ((UINT8* ) (SigDBCertData->SignatureData), X509Data, X509DataSize);
821
822 //
823 // Check if signature database entry has been already existed.
824 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
825 // new signature data to original variable
826 //
827 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
828 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
829 Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data);
830 if (EFI_ERROR (Status)) {
831 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
832 goto ON_EXIT;
833 }
834
835 Status = gRT->GetVariable(
836 VariableName,
837 &gEfiImageSecurityDatabaseGuid,
838 NULL,
839 &DataSize,
840 NULL
841 );
842 if (Status == EFI_BUFFER_TOO_SMALL) {
843 Attr |= EFI_VARIABLE_APPEND_WRITE;
844 } else if (Status != EFI_NOT_FOUND) {
845 goto ON_EXIT;
846 }
847
848 Status = gRT->SetVariable(
849 VariableName,
850 &gEfiImageSecurityDatabaseGuid,
851 Attr,
852 SigDBSize,
853 Data
854 );
855 if (EFI_ERROR (Status)) {
856 goto ON_EXIT;
857 }
858
859 ON_EXIT:
860
861 CloseFile (Private->FileContext->FHandle);
862 Private->FileContext->FileName = NULL;
863 Private->FileContext->FHandle = NULL;
864
865 if (Private->SignatureGUID != NULL) {
866 FreePool (Private->SignatureGUID);
867 Private->SignatureGUID = NULL;
868 }
869
870 if (Data != NULL) {
871 FreePool (Data);
872 }
873
874 if (X509Data != NULL) {
875 FreePool (X509Data);
876 }
877
878 return Status;
879 }
880
881 /**
882 Load PE/COFF image information into internal buffer and check its validity.
883
884 @retval EFI_SUCCESS Successful
885 @retval EFI_UNSUPPORTED Invalid PE/COFF file
886 @retval EFI_ABORTED Serious error occurs, like file I/O error etc.
887
888 **/
889 EFI_STATUS
890 LoadPeImage (
891 VOID
892 )
893 {
894 EFI_IMAGE_DOS_HEADER *DosHdr;
895 EFI_IMAGE_NT_HEADERS32 *NtHeader32;
896 EFI_IMAGE_NT_HEADERS64 *NtHeader64;
897
898 NtHeader32 = NULL;
899 NtHeader64 = NULL;
900 //
901 // Read the Dos header
902 //
903 DosHdr = (EFI_IMAGE_DOS_HEADER*)(mImageBase);
904 if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE)
905 {
906 //
907 // DOS image header is present,
908 // So read the PE header after the DOS image header
909 //
910 mPeCoffHeaderOffset = DosHdr->e_lfanew;
911 }
912 else
913 {
914 mPeCoffHeaderOffset = 0;
915 }
916
917 //
918 // Read PE header and check the signature validity and machine compatibility
919 //
920 NtHeader32 = (EFI_IMAGE_NT_HEADERS32*) (mImageBase + mPeCoffHeaderOffset);
921 if (NtHeader32->Signature != EFI_IMAGE_NT_SIGNATURE)
922 {
923 return EFI_UNSUPPORTED;
924 }
925
926 mNtHeader.Pe32 = NtHeader32;
927
928 //
929 // Check the architecture field of PE header and get the Certificate Data Directory data
930 // Note the size of FileHeader field is constant for both IA32 and X64 arch
931 //
932 if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32)
933 || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)) {
934 //
935 // IA-32 Architecture
936 //
937 mImageType = ImageType_IA32;
938 mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
939 }
940 else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64)
941 || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64)) {
942 //
943 // 64-bits Architecture
944 //
945 mImageType = ImageType_X64;
946 NtHeader64 = (EFI_IMAGE_NT_HEADERS64 *) (mImageBase + mPeCoffHeaderOffset);
947 mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader64->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]);
948 } else {
949 return EFI_UNSUPPORTED;
950 }
951
952 return EFI_SUCCESS;
953 }
954
955 /**
956 Calculate hash of Pe/Coff image based on the authenticode image hashing in
957 PE/COFF Specification 8.0 Appendix A
958
959 @param[in] HashAlg Hash algorithm type.
960
961 @retval TRUE Successfully hash image.
962 @retval FALSE Fail in hash image.
963
964 **/
965 BOOLEAN
966 HashPeImage (
967 IN UINT32 HashAlg
968 )
969 {
970 BOOLEAN Status;
971 UINT16 Magic;
972 EFI_IMAGE_SECTION_HEADER *Section;
973 VOID *HashCtx;
974 UINTN CtxSize;
975 UINT8 *HashBase;
976 UINTN HashSize;
977 UINTN SumOfBytesHashed;
978 EFI_IMAGE_SECTION_HEADER *SectionHeader;
979 UINTN Index;
980 UINTN Pos;
981
982 HashCtx = NULL;
983 SectionHeader = NULL;
984 Status = FALSE;
985
986 if ((HashAlg != HASHALG_SHA1) && (HashAlg != HASHALG_SHA256)) {
987 return FALSE;
988 }
989
990 //
991 // Initialize context of hash.
992 //
993 ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
994
995 if (HashAlg == HASHALG_SHA1) {
996 mImageDigestSize = SHA1_DIGEST_SIZE;
997 mCertType = gEfiCertSha1Guid;
998 } else if (HashAlg == HASHALG_SHA256) {
999 mImageDigestSize = SHA256_DIGEST_SIZE;
1000 mCertType = gEfiCertSha256Guid;
1001 }
1002
1003 CtxSize = mHash[HashAlg].GetContextSize();
1004
1005 HashCtx = AllocatePool (CtxSize);
1006 ASSERT (HashCtx != NULL);
1007
1008 // 1. Load the image header into memory.
1009
1010 // 2. Initialize a SHA hash context.
1011 Status = mHash[HashAlg].HashInit(HashCtx);
1012 if (!Status) {
1013 goto Done;
1014 }
1015 //
1016 // Measuring PE/COFF Image Header;
1017 // But CheckSum field and SECURITY data directory (certificate) are excluded
1018 //
1019 Magic = mNtHeader.Pe32->OptionalHeader.Magic;
1020 //
1021 // 3. Calculate the distance from the base of the image header to the image checksum address.
1022 // 4. Hash the image header from its base to beginning of the image checksum.
1023 //
1024 HashBase = mImageBase;
1025 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1026 //
1027 // Use PE32 offset.
1028 //
1029 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - HashBase);
1030 } else {
1031 //
1032 // Use PE32+ offset.
1033 //
1034 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - HashBase);
1035 }
1036
1037 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
1038 if (!Status) {
1039 goto Done;
1040 }
1041 //
1042 // 5. Skip over the image checksum (it occupies a single ULONG).
1043 // 6. Get the address of the beginning of the Cert Directory.
1044 // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
1045 //
1046 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1047 //
1048 // Use PE32 offset.
1049 //
1050 HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
1051 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);
1052 } else {
1053 //
1054 // Use PE32+ offset.
1055 //
1056 HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
1057 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);
1058 }
1059
1060 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
1061 if (!Status) {
1062 goto Done;
1063 }
1064 //
1065 // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
1066 // 9. Hash everything from the end of the Cert Directory to the end of image header.
1067 //
1068 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1069 //
1070 // Use PE32 offset
1071 //
1072 HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
1073 HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - mImageBase);
1074 } else {
1075 //
1076 // Use PE32+ offset.
1077 //
1078 HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
1079 HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - mImageBase);
1080 }
1081
1082 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
1083 if (!Status) {
1084 goto Done;
1085 }
1086 //
1087 // 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
1088 //
1089 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1090 //
1091 // Use PE32 offset.
1092 //
1093 SumOfBytesHashed = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders;
1094 } else {
1095 //
1096 // Use PE32+ offset
1097 //
1098 SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
1099 }
1100
1101 //
1102 // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
1103 // structures in the image. The 'NumberOfSections' field of the image
1104 // header indicates how big the table should be. Do not include any
1105 // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
1106 //
1107 SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
1108 ASSERT (SectionHeader != NULL);
1109 //
1110 // 12. Using the 'PointerToRawData' in the referenced section headers as
1111 // a key, arrange the elements in the table in ascending order. In other
1112 // words, sort the section headers according to the disk-file offset of
1113 // the section.
1114 //
1115 Section = (EFI_IMAGE_SECTION_HEADER *) (
1116 mImageBase +
1117 mPeCoffHeaderOffset +
1118 sizeof (UINT32) +
1119 sizeof (EFI_IMAGE_FILE_HEADER) +
1120 mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
1121 );
1122 for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) {
1123 Pos = Index;
1124 while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
1125 CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
1126 Pos--;
1127 }
1128 CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
1129 Section += 1;
1130 }
1131
1132 //
1133 // 13. Walk through the sorted table, bring the corresponding section
1134 // into memory, and hash the entire section (using the 'SizeOfRawData'
1135 // field in the section header to determine the amount of data to hash).
1136 // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .
1137 // 15. Repeat steps 13 and 14 for all the sections in the sorted table.
1138 //
1139 for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) {
1140 Section = &SectionHeader[Index];
1141 if (Section->SizeOfRawData == 0) {
1142 continue;
1143 }
1144 HashBase = mImageBase + Section->PointerToRawData;
1145 HashSize = (UINTN) Section->SizeOfRawData;
1146
1147 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
1148 if (!Status) {
1149 goto Done;
1150 }
1151
1152 SumOfBytesHashed += HashSize;
1153 }
1154
1155 //
1156 // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra
1157 // data in the file that needs to be added to the hash. This data begins
1158 // at file offset SUM_OF_BYTES_HASHED and its length is:
1159 // FileSize - (CertDirectory->Size)
1160 //
1161 if (mImageSize > SumOfBytesHashed) {
1162 HashBase = mImageBase + SumOfBytesHashed;
1163 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1164 //
1165 // Use PE32 offset.
1166 //
1167 HashSize = (UINTN)(
1168 mImageSize -
1169 mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
1170 SumOfBytesHashed);
1171 } else {
1172 //
1173 // Use PE32+ offset.
1174 //
1175 HashSize = (UINTN)(
1176 mImageSize -
1177 mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -
1178 SumOfBytesHashed);
1179 }
1180
1181 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
1182 if (!Status) {
1183 goto Done;
1184 }
1185 }
1186
1187 Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);
1188
1189 Done:
1190 if (HashCtx != NULL) {
1191 FreePool (HashCtx);
1192 }
1193 if (SectionHeader != NULL) {
1194 FreePool (SectionHeader);
1195 }
1196 return Status;
1197 }
1198
1199 /**
1200 Recognize the Hash algorithm in PE/COFF Authenticode and caculate hash of
1201 Pe/Coff image based on the authenticated image hashing in PE/COFF Specification
1202 8.0 Appendix A
1203
1204 @retval EFI_UNSUPPORTED Hash algorithm is not supported.
1205 @retval EFI_SUCCESS Hash successfully.
1206
1207 **/
1208 EFI_STATUS
1209 HashPeImageByType (
1210 VOID
1211 )
1212 {
1213 UINT8 Index;
1214 WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
1215
1216 PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->Offset);
1217
1218 for (Index = 0; Index < HASHALG_MAX; Index++) {
1219 //
1220 // Check the Hash algorithm in PE/COFF Authenticode.
1221 // According to PKCS#7 Definition:
1222 // SignedData ::= SEQUENCE {
1223 // version Version,
1224 // digestAlgorithms DigestAlgorithmIdentifiers,
1225 // contentInfo ContentInfo,
1226 // .... }
1227 // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
1228 // This field has the fixed offset (+32) in final Authenticode ASN.1 data.
1229 // Fixed offset (+32) is calculated based on two bytes of length encoding.
1230 //
1231 if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
1232 //
1233 // Only support two bytes of Long Form of Length Encoding.
1234 //
1235 continue;
1236 }
1237
1238 //
1239 if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
1240 break;
1241 }
1242 }
1243
1244 if (Index == HASHALG_MAX) {
1245 return EFI_UNSUPPORTED;
1246 }
1247
1248 //
1249 // HASH PE Image based on Hash algorithm in PE/COFF Authenticode.
1250 //
1251 if (!HashPeImage(Index)) {
1252 return EFI_UNSUPPORTED;
1253 }
1254
1255 return EFI_SUCCESS;
1256 }
1257
1258 /**
1259 Enroll a new executable's signature into Signature Database.
1260
1261 @param[in] PrivateData The module's private data.
1262 @param[in] VariableName Variable name of signature database, must be
1263 EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1.
1264
1265 @retval EFI_SUCCESS New signature is enrolled successfully.
1266 @retval EFI_INVALID_PARAMETER The parameter is invalid.
1267 @retval EFI_UNSUPPORTED Unsupported command.
1268 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
1269
1270 **/
1271 EFI_STATUS
1272 EnrollImageSignatureToSigDB (
1273 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
1274 IN CHAR16 *VariableName
1275 )
1276 {
1277 EFI_STATUS Status;
1278 EFI_SIGNATURE_LIST *SigDBCert;
1279 EFI_SIGNATURE_DATA *SigDBCertData;
1280 VOID *Data;
1281 UINTN DataSize;
1282 UINTN SigDBSize;
1283 UINT32 Attr;
1284 WIN_CERTIFICATE_UEFI_GUID *GuidCertData;
1285
1286 Data = NULL;
1287 GuidCertData = NULL;
1288
1289 //
1290 // Form the SigDB certificate list.
1291 // Format the data item into EFI_SIGNATURE_LIST type.
1292 //
1293 // We need to parse executable's signature data from specified signed executable file.
1294 // In current implementation, we simply trust the pass-in signed executable file.
1295 // In reality, it's OS's responsibility to verify the signed executable file.
1296 //
1297
1298 //
1299 // Read the whole file content
1300 //
1301 Status = ReadFileContent(
1302 Private->FileContext->FHandle,
1303 (VOID **) &mImageBase,
1304 &mImageSize,
1305 0
1306 );
1307 if (EFI_ERROR (Status)) {
1308 goto ON_EXIT;
1309 }
1310 ASSERT (mImageBase != NULL);
1311
1312 Status = LoadPeImage ();
1313 if (EFI_ERROR (Status)) {
1314 goto ON_EXIT;
1315 }
1316
1317 if (mSecDataDir->SizeOfCert == 0) {
1318 if (!HashPeImage (HASHALG_SHA256)) {
1319 Status = EFI_SECURITY_VIOLATION;
1320 goto ON_EXIT;
1321 }
1322 } else {
1323
1324 //
1325 // Read the certificate data
1326 //
1327 mCertificate = (WIN_CERTIFICATE *)(mImageBase + mSecDataDir->Offset);
1328
1329 if (mCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
1330 GuidCertData = (WIN_CERTIFICATE_UEFI_GUID*) mCertificate;
1331 if (CompareMem (&GuidCertData->CertType, &gEfiCertTypeRsa2048Sha256Guid, sizeof(EFI_GUID)) != 0) {
1332 Status = EFI_ABORTED;
1333 goto ON_EXIT;
1334 }
1335
1336 if (!HashPeImage (HASHALG_SHA256)) {
1337 Status = EFI_ABORTED;
1338 goto ON_EXIT;;
1339 }
1340
1341 } else if (mCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
1342
1343 Status = HashPeImageByType ();
1344 if (EFI_ERROR (Status)) {
1345 goto ON_EXIT;;
1346 }
1347 } else {
1348 Status = EFI_ABORTED;
1349 goto ON_EXIT;
1350 }
1351 }
1352
1353 //
1354 // Create a new SigDB entry.
1355 //
1356 SigDBSize = sizeof(EFI_SIGNATURE_LIST)
1357 + sizeof(EFI_SIGNATURE_DATA) - 1
1358 + (UINT32) mImageDigestSize;
1359
1360 Data = (UINT8*) AllocateZeroPool (SigDBSize);
1361 if (Data == NULL) {
1362 Status = EFI_OUT_OF_RESOURCES;
1363 goto ON_EXIT;
1364 }
1365
1366 //
1367 // Adjust the Certificate Database parameters.
1368 //
1369 SigDBCert = (EFI_SIGNATURE_LIST*) Data;
1370 SigDBCert->SignatureListSize = (UINT32) SigDBSize;
1371 SigDBCert->SignatureHeaderSize = 0;
1372 SigDBCert->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + (UINT32) mImageDigestSize;
1373 CopyGuid (&SigDBCert->SignatureType, &mCertType);
1374
1375 SigDBCertData = (EFI_SIGNATURE_DATA*)((UINT8*)SigDBCert + sizeof(EFI_SIGNATURE_LIST));
1376 CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID);
1377 CopyMem (SigDBCertData->SignatureData, mImageDigest, mImageDigestSize);
1378
1379 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS
1380 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
1381 Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data);
1382 if (EFI_ERROR (Status)) {
1383 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
1384 goto ON_EXIT;
1385 }
1386
1387 //
1388 // Check if SigDB variable has been already existed.
1389 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
1390 // new signature data to original variable
1391 //
1392 DataSize = 0;
1393 Status = gRT->GetVariable(
1394 VariableName,
1395 &gEfiImageSecurityDatabaseGuid,
1396 NULL,
1397 &DataSize,
1398 NULL
1399 );
1400 if (Status == EFI_BUFFER_TOO_SMALL) {
1401 Attr |= EFI_VARIABLE_APPEND_WRITE;
1402 } else if (Status != EFI_NOT_FOUND) {
1403 goto ON_EXIT;
1404 }
1405
1406 //
1407 // Enroll the variable.
1408 //
1409 Status = gRT->SetVariable(
1410 VariableName,
1411 &gEfiImageSecurityDatabaseGuid,
1412 Attr,
1413 SigDBSize,
1414 Data
1415 );
1416 if (EFI_ERROR (Status)) {
1417 goto ON_EXIT;
1418 }
1419
1420 ON_EXIT:
1421
1422 CloseFile (Private->FileContext->FHandle);
1423 Private->FileContext->FHandle = NULL;
1424 Private->FileContext->FileName = NULL;
1425
1426 if (Private->SignatureGUID != NULL) {
1427 FreePool (Private->SignatureGUID);
1428 Private->SignatureGUID = NULL;
1429 }
1430
1431 if (Data != NULL) {
1432 FreePool (Data);
1433 }
1434
1435 if (mImageBase != NULL) {
1436 FreePool (mImageBase);
1437 mImageBase = NULL;
1438 }
1439
1440 return Status;
1441 }
1442
1443 /**
1444 Enroll signature into DB/DBX without KEK's authentication.
1445 The SignatureOwner GUID will be Private->SignatureGUID.
1446
1447 @param[in] PrivateData The module's private data.
1448 @param[in] VariableName Variable name of signature database, must be
1449 EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1.
1450
1451 @retval EFI_SUCCESS New signature enrolled successfully.
1452 @retval EFI_INVALID_PARAMETER The parameter is invalid.
1453 @retval others Fail to enroll signature data.
1454
1455 **/
1456 EFI_STATUS
1457 EnrollSignatureDatabase (
1458 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private,
1459 IN CHAR16 *VariableName
1460 )
1461 {
1462 UINT16* FilePostFix;
1463
1464 if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) {
1465 return EFI_INVALID_PARAMETER;
1466 }
1467
1468 //
1469 // Parse the file's postfix.
1470 //
1471 FilePostFix = Private->FileContext->FileName + StrLen (Private->FileContext->FileName) - 4;
1472 if ((CompareMem (FilePostFix, L".cer",4) == 0) || (CompareMem (FilePostFix, L".der",4) == 0)) {
1473 //
1474 // Supports .cer and .der file as X509 certificate.
1475 //
1476 return EnrollX509toSigDB (Private, VariableName);
1477 }
1478
1479 return EnrollImageSignatureToSigDB (Private, VariableName);
1480 }
1481
1482 /**
1483 List all signatures in specified signature database (e.g. KEK/DB/DBX)
1484 by GUID in the page for user to select and delete as needed.
1485
1486 @param[in] PrivateData Module's private data.
1487 @param[in] VariableName The variable name of the vendor's signature database.
1488 @param[in] VendorGuid A unique identifier for the vendor.
1489 @param[in] LabelNumber Label number to insert opcodes.
1490 @param[in] FormId Form ID of current page.
1491 @param[in] QuestionIdBase Base question id of the signature list.
1492
1493 @retval EFI_SUCCESS Success to update the signature list page
1494 @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.
1495
1496 **/
1497 EFI_STATUS
1498 UpdateDeletePage (
1499 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
1500 IN CHAR16 *VariableName,
1501 IN EFI_GUID *VendorGuid,
1502 IN UINT16 LabelNumber,
1503 IN EFI_FORM_ID FormId,
1504 IN EFI_QUESTION_ID QuestionIdBase
1505 )
1506 {
1507 EFI_STATUS Status;
1508 UINT32 Index;
1509 UINTN CertCount;
1510 UINTN GuidIndex;
1511 VOID *StartOpCodeHandle;
1512 VOID *EndOpCodeHandle;
1513 EFI_IFR_GUID_LABEL *StartLabel;
1514 EFI_IFR_GUID_LABEL *EndLabel;
1515 UINTN DataSize;
1516 UINT8 *Data;
1517 EFI_SIGNATURE_LIST *CertList;
1518 EFI_SIGNATURE_DATA *Cert;
1519 UINT32 ItemDataSize;
1520 CHAR16 *GuidStr;
1521 EFI_STRING_ID GuidID;
1522 EFI_STRING_ID Help;
1523
1524 Data = NULL;
1525 CertList = NULL;
1526 Cert = NULL;
1527 GuidStr = NULL;
1528 StartOpCodeHandle = NULL;
1529 EndOpCodeHandle = NULL;
1530
1531 //
1532 // Initialize the container for dynamic opcodes.
1533 //
1534 StartOpCodeHandle = HiiAllocateOpCodeHandle ();
1535 if (StartOpCodeHandle == NULL) {
1536 Status = EFI_OUT_OF_RESOURCES;
1537 goto ON_EXIT;
1538 }
1539
1540 EndOpCodeHandle = HiiAllocateOpCodeHandle ();
1541 if (EndOpCodeHandle == NULL) {
1542 Status = EFI_OUT_OF_RESOURCES;
1543 goto ON_EXIT;
1544 }
1545
1546 //
1547 // Create Hii Extend Label OpCode.
1548 //
1549 StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
1550 StartOpCodeHandle,
1551 &gEfiIfrTianoGuid,
1552 NULL,
1553 sizeof (EFI_IFR_GUID_LABEL)
1554 );
1555 StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
1556 StartLabel->Number = LabelNumber;
1557
1558 EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
1559 EndOpCodeHandle,
1560 &gEfiIfrTianoGuid,
1561 NULL,
1562 sizeof (EFI_IFR_GUID_LABEL)
1563 );
1564 EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
1565 EndLabel->Number = LABEL_END;
1566
1567 //
1568 // Read Variable.
1569 //
1570 DataSize = 0;
1571 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
1572 if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
1573 goto ON_EXIT;
1574 }
1575
1576 Data = (UINT8 *) AllocateZeroPool (DataSize);
1577 if (Data == NULL) {
1578 Status = EFI_OUT_OF_RESOURCES;
1579 goto ON_EXIT;
1580 }
1581
1582 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
1583 if (EFI_ERROR (Status)) {
1584 goto ON_EXIT;
1585 }
1586
1587 GuidStr = AllocateZeroPool (100);
1588 if (GuidStr == NULL) {
1589 Status = EFI_OUT_OF_RESOURCES;
1590 goto ON_EXIT;
1591 }
1592
1593 //
1594 // Enumerate all KEK pub data.
1595 //
1596 ItemDataSize = (UINT32) DataSize;
1597 CertList = (EFI_SIGNATURE_LIST *) Data;
1598 GuidIndex = 0;
1599
1600 while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
1601
1602 if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid)) {
1603 Help = STRING_TOKEN (STR_CERT_TYPE_RSA2048_SHA256_GUID);
1604 } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
1605 Help = STRING_TOKEN (STR_CERT_TYPE_PCKS7_GUID);
1606 } else if (CompareGuid (&CertList->SignatureType, &gEfiCertSha1Guid)) {
1607 Help = STRING_TOKEN (STR_CERT_TYPE_SHA1_GUID);
1608 } else if (CompareGuid (&CertList->SignatureType, &gEfiCertSha256Guid)) {
1609 Help = STRING_TOKEN (STR_CERT_TYPE_SHA256_GUID);
1610 } else {
1611 //
1612 // The signature type is not supported in current implementation.
1613 //
1614 continue;
1615 }
1616
1617 CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
1618 for (Index = 0; Index < CertCount; Index++) {
1619 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
1620 + sizeof (EFI_SIGNATURE_LIST)
1621 + CertList->SignatureHeaderSize
1622 + Index * CertList->SignatureSize);
1623 //
1624 // Display GUID and help
1625 //
1626 GuidToString (&Cert->SignatureOwner, GuidStr, 100);
1627 GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL);
1628 HiiCreateCheckBoxOpCode (
1629 StartOpCodeHandle,
1630 (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
1631 0,
1632 0,
1633 GuidID,
1634 Help,
1635 EFI_IFR_FLAG_CALLBACK,
1636 0,
1637 NULL
1638 );
1639 }
1640
1641 ItemDataSize -= CertList->SignatureListSize;
1642 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
1643 }
1644
1645 ON_EXIT:
1646 HiiUpdateForm (
1647 PrivateData->HiiHandle,
1648 &gSecureBootConfigFormSetGuid,
1649 FormId,
1650 StartOpCodeHandle,
1651 EndOpCodeHandle
1652 );
1653
1654 if (StartOpCodeHandle != NULL) {
1655 HiiFreeOpCodeHandle (StartOpCodeHandle);
1656 }
1657
1658 if (EndOpCodeHandle != NULL) {
1659 HiiFreeOpCodeHandle (EndOpCodeHandle);
1660 }
1661
1662 if (Data != NULL) {
1663 FreePool (Data);
1664 }
1665
1666 if (GuidStr != NULL) {
1667 FreePool (GuidStr);
1668 }
1669
1670 return EFI_SUCCESS;
1671 }
1672
1673 /**
1674 Delete a KEK entry from KEK database.
1675
1676 @param[in] PrivateData Module's private data.
1677 @param[in] QuestionId Question id of the KEK item to delete.
1678
1679 @retval EFI_SUCCESS Delete kek item successfully.
1680 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
1681
1682 **/
1683 EFI_STATUS
1684 DeleteKeyExchangeKey (
1685 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
1686 IN EFI_QUESTION_ID QuestionId
1687 )
1688 {
1689 EFI_STATUS Status;
1690 UINTN DataSize;
1691 UINT8 *Data;
1692 UINT8 *OldData;
1693 UINT32 Attr;
1694 UINT32 Index;
1695 EFI_SIGNATURE_LIST *CertList;
1696 EFI_SIGNATURE_LIST *NewCertList;
1697 EFI_SIGNATURE_DATA *Cert;
1698 UINTN CertCount;
1699 UINT32 Offset;
1700 BOOLEAN IsKEKItemFound;
1701 UINT32 KekDataSize;
1702 UINTN DeleteKekIndex;
1703 UINTN GuidIndex;
1704
1705 Data = NULL;
1706 OldData = NULL;
1707 CertList = NULL;
1708 Cert = NULL;
1709 Attr = 0;
1710 DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID;
1711
1712 //
1713 // Get original KEK variable.
1714 //
1715 DataSize = 0;
1716 Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL);
1717 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) {
1718 goto ON_EXIT;
1719 }
1720
1721 OldData = (UINT8*)AllocateZeroPool(DataSize);
1722 if (OldData == NULL) {
1723 Status = EFI_OUT_OF_RESOURCES;
1724 goto ON_EXIT;
1725 }
1726
1727 Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, &Attr, &DataSize, OldData);
1728 if (EFI_ERROR(Status)) {
1729 goto ON_EXIT;
1730 }
1731
1732 //
1733 // Allocate space for new variable.
1734 //
1735 Data = (UINT8*) AllocateZeroPool (DataSize);
1736 if (Data == NULL) {
1737 Status = EFI_OUT_OF_RESOURCES;
1738 goto ON_EXIT;
1739 }
1740
1741 //
1742 // Enumerate all KEK pub data and erasing the target item.
1743 //
1744 IsKEKItemFound = FALSE;
1745 KekDataSize = (UINT32) DataSize;
1746 CertList = (EFI_SIGNATURE_LIST *) OldData;
1747 Offset = 0;
1748 GuidIndex = 0;
1749 while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
1750 if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) ||
1751 CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
1752 CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
1753 NewCertList = (EFI_SIGNATURE_LIST *)(Data + Offset);
1754 Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
1755 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
1756 CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
1757 for (Index = 0; Index < CertCount; Index++) {
1758 if (GuidIndex == DeleteKekIndex ) {
1759 //
1760 // Find it! Skip it!
1761 //
1762 NewCertList->SignatureListSize -= CertList->SignatureSize;
1763 IsKEKItemFound = TRUE;
1764 } else {
1765 //
1766 // This item doesn't match. Copy it to the Data buffer.
1767 //
1768 CopyMem (Data + Offset, Cert, CertList->SignatureSize);
1769 Offset += CertList->SignatureSize;
1770 }
1771 GuidIndex++;
1772 Cert = (EFI_SIGNATURE_DATA *) ((UINT8*) Cert + CertList->SignatureSize);
1773 }
1774 } else {
1775 //
1776 // This List doesn't match. Copy it to the Data buffer.
1777 //
1778 CopyMem (Data + Offset, CertList, CertList->SignatureListSize);
1779 Offset += CertList->SignatureListSize;
1780 }
1781
1782 KekDataSize -= CertList->SignatureListSize;
1783 CertList = (EFI_SIGNATURE_LIST*) ((UINT8*) CertList + CertList->SignatureListSize);
1784 }
1785
1786 if (!IsKEKItemFound) {
1787 //
1788 // Doesn't find the Kek Item!
1789 //
1790 Status = EFI_NOT_FOUND;
1791 goto ON_EXIT;
1792 }
1793
1794 //
1795 // Delete the Signature header if there is no signature in the list.
1796 //
1797 KekDataSize = Offset;
1798 CertList = (EFI_SIGNATURE_LIST*) Data;
1799 Offset = 0;
1800 ZeroMem (OldData, KekDataSize);
1801 while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
1802 CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
1803 DEBUG ((DEBUG_ERROR, " CertCount = %x\n", CertCount));
1804 if (CertCount != 0) {
1805 CopyMem (OldData + Offset, CertList, CertList->SignatureListSize);
1806 Offset += CertList->SignatureListSize;
1807 }
1808 KekDataSize -= CertList->SignatureListSize;
1809 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
1810 }
1811
1812 DataSize = Offset;
1813 if ((Attr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
1814 Status = CreateTimeBasedPayload (&DataSize, &OldData);
1815 if (EFI_ERROR (Status)) {
1816 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
1817 goto ON_EXIT;
1818 }
1819 }
1820
1821 Status = gRT->SetVariable(
1822 EFI_KEY_EXCHANGE_KEY_NAME,
1823 &gEfiGlobalVariableGuid,
1824 Attr,
1825 DataSize,
1826 OldData
1827 );
1828 if (EFI_ERROR (Status)) {
1829 DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
1830 goto ON_EXIT;
1831 }
1832
1833 ON_EXIT:
1834 if (Data != NULL) {
1835 FreePool(Data);
1836 }
1837
1838 if (OldData != NULL) {
1839 FreePool(OldData);
1840 }
1841
1842 return UpdateDeletePage (
1843 PrivateData,
1844 EFI_KEY_EXCHANGE_KEY_NAME,
1845 &gEfiGlobalVariableGuid,
1846 LABEL_KEK_DELETE,
1847 FORMID_DELETE_KEK_FORM,
1848 OPTION_DEL_KEK_QUESTION_ID
1849 );
1850 }
1851
1852 /**
1853 Delete a signature entry from siganture database.
1854
1855 @param[in] PrivateData Module's private data.
1856 @param[in] VariableName The variable name of the vendor's signature database.
1857 @param[in] VendorGuid A unique identifier for the vendor.
1858 @param[in] LabelNumber Label number to insert opcodes.
1859 @param[in] FormId Form ID of current page.
1860 @param[in] QuestionIdBase Base question id of the signature list.
1861 @param[in] DeleteIndex Signature index to delete.
1862
1863 @retval EFI_SUCCESS Delete siganture successfully.
1864 @retval EFI_NOT_FOUND Can't find the signature item,
1865 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
1866 **/
1867 EFI_STATUS
1868 DeleteSignature (
1869 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
1870 IN CHAR16 *VariableName,
1871 IN EFI_GUID *VendorGuid,
1872 IN UINT16 LabelNumber,
1873 IN EFI_FORM_ID FormId,
1874 IN EFI_QUESTION_ID QuestionIdBase,
1875 IN UINTN DeleteIndex
1876 )
1877 {
1878 EFI_STATUS Status;
1879 UINTN DataSize;
1880 UINT8 *Data;
1881 UINT8 *OldData;
1882 UINT32 Attr;
1883 UINT32 Index;
1884 EFI_SIGNATURE_LIST *CertList;
1885 EFI_SIGNATURE_LIST *NewCertList;
1886 EFI_SIGNATURE_DATA *Cert;
1887 UINTN CertCount;
1888 UINT32 Offset;
1889 BOOLEAN IsItemFound;
1890 UINT32 ItemDataSize;
1891 UINTN GuidIndex;
1892
1893 Data = NULL;
1894 OldData = NULL;
1895 CertList = NULL;
1896 Cert = NULL;
1897 Attr = 0;
1898
1899 //
1900 // Get original signature list data.
1901 //
1902 DataSize = 0;
1903 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
1904 if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
1905 goto ON_EXIT;
1906 }
1907
1908 OldData = (UINT8 *) AllocateZeroPool (DataSize);
1909 if (OldData == NULL) {
1910 Status = EFI_OUT_OF_RESOURCES;
1911 goto ON_EXIT;
1912 }
1913
1914 Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);
1915 if (EFI_ERROR(Status)) {
1916 goto ON_EXIT;
1917 }
1918
1919 //
1920 // Allocate space for new variable.
1921 //
1922 Data = (UINT8*) AllocateZeroPool (DataSize);
1923 if (Data == NULL) {
1924 Status = EFI_OUT_OF_RESOURCES;
1925 goto ON_EXIT;
1926 }
1927
1928 //
1929 // Enumerate all signature data and erasing the target item.
1930 //
1931 IsItemFound = FALSE;
1932 ItemDataSize = (UINT32) DataSize;
1933 CertList = (EFI_SIGNATURE_LIST *) OldData;
1934 Offset = 0;
1935 GuidIndex = 0;
1936 while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
1937 if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) ||
1938 CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid) ||
1939 CompareGuid (&CertList->SignatureType, &gEfiCertSha1Guid) ||
1940 CompareGuid (&CertList->SignatureType, &gEfiCertSha256Guid)
1941 ) {
1942 //
1943 // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.
1944 //
1945 CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
1946 NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
1947 Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
1948 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
1949 CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
1950 for (Index = 0; Index < CertCount; Index++) {
1951 if (GuidIndex == DeleteIndex) {
1952 //
1953 // Find it! Skip it!
1954 //
1955 NewCertList->SignatureListSize -= CertList->SignatureSize;
1956 IsItemFound = TRUE;
1957 } else {
1958 //
1959 // This item doesn't match. Copy it to the Data buffer.
1960 //
1961 CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
1962 Offset += CertList->SignatureSize;
1963 }
1964 GuidIndex++;
1965 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
1966 }
1967 } else {
1968 //
1969 // This List doesn't match. Just copy it to the Data buffer.
1970 //
1971 CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
1972 Offset += CertList->SignatureListSize;
1973 }
1974
1975 ItemDataSize -= CertList->SignatureListSize;
1976 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
1977 }
1978
1979 if (!IsItemFound) {
1980 //
1981 // Doesn't find the signature Item!
1982 //
1983 Status = EFI_NOT_FOUND;
1984 goto ON_EXIT;
1985 }
1986
1987 //
1988 // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.
1989 //
1990 ItemDataSize = Offset;
1991 CertList = (EFI_SIGNATURE_LIST *) Data;
1992 Offset = 0;
1993 ZeroMem (OldData, ItemDataSize);
1994 while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
1995 CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
1996 DEBUG ((DEBUG_ERROR, " CertCount = %x\n", CertCount));
1997 if (CertCount != 0) {
1998 CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
1999 Offset += CertList->SignatureListSize;
2000 }
2001 ItemDataSize -= CertList->SignatureListSize;
2002 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
2003 }
2004
2005 DataSize = Offset;
2006 if ((Attr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
2007 Status = CreateTimeBasedPayload (&DataSize, &OldData);
2008 if (EFI_ERROR (Status)) {
2009 DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));
2010 goto ON_EXIT;
2011 }
2012 }
2013
2014 Status = gRT->SetVariable(
2015 VariableName,
2016 VendorGuid,
2017 Attr,
2018 DataSize,
2019 OldData
2020 );
2021 if (EFI_ERROR (Status)) {
2022 DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
2023 goto ON_EXIT;
2024 }
2025
2026 ON_EXIT:
2027 if (Data != NULL) {
2028 FreePool(Data);
2029 }
2030
2031 if (OldData != NULL) {
2032 FreePool(OldData);
2033 }
2034
2035 return UpdateDeletePage (
2036 PrivateData,
2037 VariableName,
2038 VendorGuid,
2039 LabelNumber,
2040 FormId,
2041 QuestionIdBase
2042 );
2043 }
2044
2045 /**
2046 This function extracts configuration from variable.
2047
2048 @param[in, out] ConfigData Point to SecureBoot configuration private data.
2049
2050 **/
2051 VOID
2052 SecureBootExtractConfigFromVariable (
2053 IN OUT SECUREBOOT_CONFIGURATION *ConfigData
2054 )
2055 {
2056 UINT8 *SecureBootEnable;
2057 UINT8 *SetupMode;
2058 UINT8 *SecureBootMode;
2059
2060 SecureBootEnable = NULL;
2061 SetupMode = NULL;
2062 SecureBootMode = NULL;
2063
2064 //
2065 // Get the SecureBootEnable Variable
2066 //
2067 SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);
2068
2069 //
2070 // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable
2071 // Checkbox.
2072 //
2073 if (SecureBootEnable == NULL) {
2074 ConfigData->HideSecureBoot = TRUE;
2075 } else {
2076 ConfigData->HideSecureBoot = FALSE;
2077 ConfigData->SecureBootState = *SecureBootEnable;
2078 }
2079 //
2080 // If it is Physical Presence User, set the PhysicalPresent to true.
2081 //
2082 if (UserPhysicalPresent()) {
2083 ConfigData->PhysicalPresent = TRUE;
2084 } else {
2085 ConfigData->PhysicalPresent = FALSE;
2086 }
2087
2088 //
2089 // If there is no PK then the Delete Pk button will be gray.
2090 //
2091 SetupMode = GetVariable (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid);
2092 if (SetupMode == NULL || (*SetupMode) == 1) {
2093 ConfigData->HasPk = FALSE;
2094 } else {
2095 ConfigData->HasPk = TRUE;
2096 }
2097
2098 //
2099 // Get the SecureBootMode from CustomMode variable.
2100 //
2101 SecureBootMode = GetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid);
2102 if (SecureBootMode == NULL) {
2103 ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE;
2104 } else {
2105 ConfigData->SecureBootMode = *(SecureBootMode);
2106 }
2107
2108 }
2109
2110 /**
2111 This function allows a caller to extract the current configuration for one
2112 or more named elements from the target driver.
2113
2114 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
2115 @param[in] Request A null-terminated Unicode string in
2116 <ConfigRequest> format.
2117 @param[out] Progress On return, points to a character in the Request
2118 string. Points to the string's null terminator if
2119 request was successful. Points to the most recent
2120 '&' before the first failing name/value pair (or
2121 the beginning of the string if the failure is in
2122 the first name/value pair) if the request was not
2123 successful.
2124 @param[out] Results A null-terminated Unicode string in
2125 <ConfigAltResp> format which has all values filled
2126 in for the names in the Request string. String to
2127 be allocated by the called function.
2128
2129 @retval EFI_SUCCESS The Results is filled with the requested values.
2130 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
2131 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
2132 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
2133 driver.
2134
2135 **/
2136 EFI_STATUS
2137 EFIAPI
2138 SecureBootExtractConfig (
2139 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
2140 IN CONST EFI_STRING Request,
2141 OUT EFI_STRING *Progress,
2142 OUT EFI_STRING *Results
2143 )
2144 {
2145 EFI_STATUS Status;
2146 UINTN BufferSize;
2147 UINTN Size;
2148 SECUREBOOT_CONFIGURATION Configuration;
2149 EFI_STRING ConfigRequest;
2150 EFI_STRING ConfigRequestHdr;
2151 SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData;
2152 BOOLEAN AllocatedRequest;
2153
2154 if (Progress == NULL || Results == NULL) {
2155 return EFI_INVALID_PARAMETER;
2156 }
2157
2158 AllocatedRequest = FALSE;
2159 ConfigRequestHdr = NULL;
2160 ConfigRequest = NULL;
2161 Size = 0;
2162
2163 ZeroMem (&Configuration, sizeof (Configuration));
2164 PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
2165 *Progress = Request;
2166
2167 if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {
2168 return EFI_NOT_FOUND;
2169 }
2170
2171 //
2172 // Get Configuration from Variable.
2173 //
2174 SecureBootExtractConfigFromVariable (&Configuration);
2175
2176 BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
2177 ConfigRequest = Request;
2178 if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
2179 //
2180 // Request is set to NULL or OFFSET is NULL, construct full request string.
2181 //
2182 // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
2183 // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
2184 //
2185 ConfigRequestHdr = HiiConstructConfigHdr (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, PrivateData->DriverHandle);
2186 Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
2187 ConfigRequest = AllocateZeroPool (Size);
2188 ASSERT (ConfigRequest != NULL);
2189 AllocatedRequest = TRUE;
2190 UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
2191 FreePool (ConfigRequestHdr);
2192 ConfigRequestHdr = NULL;
2193 }
2194
2195 Status = gHiiConfigRouting->BlockToConfig (
2196 gHiiConfigRouting,
2197 ConfigRequest,
2198 (UINT8 *) &Configuration,
2199 BufferSize,
2200 Results,
2201 Progress
2202 );
2203
2204 //
2205 // Free the allocated config request string.
2206 //
2207 if (AllocatedRequest) {
2208 FreePool (ConfigRequest);
2209 }
2210
2211 //
2212 // Set Progress string to the original request string.
2213 //
2214 if (Request == NULL) {
2215 *Progress = NULL;
2216 } else if (StrStr (Request, L"OFFSET") == NULL) {
2217 *Progress = Request + StrLen (Request);
2218 }
2219
2220 return Status;
2221 }
2222
2223 /**
2224 This function processes the results of changes in configuration.
2225
2226 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
2227 @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
2228 format.
2229 @param[out] Progress A pointer to a string filled in with the offset of
2230 the most recent '&' before the first failing
2231 name/value pair (or the beginning of the string if
2232 the failure is in the first name/value pair) or
2233 the terminating NULL if all was successful.
2234
2235 @retval EFI_SUCCESS The Results is processed successfully.
2236 @retval EFI_INVALID_PARAMETER Configuration is NULL.
2237 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
2238 driver.
2239
2240 **/
2241 EFI_STATUS
2242 EFIAPI
2243 SecureBootRouteConfig (
2244 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
2245 IN CONST EFI_STRING Configuration,
2246 OUT EFI_STRING *Progress
2247 )
2248 {
2249 if (Configuration == NULL || Progress == NULL) {
2250 return EFI_INVALID_PARAMETER;
2251 }
2252
2253 *Progress = Configuration;
2254 if (!HiiIsConfigHdrMatch (Configuration, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) {
2255 return EFI_NOT_FOUND;
2256 }
2257
2258 *Progress = Configuration + StrLen (Configuration);
2259 return EFI_SUCCESS;
2260 }
2261
2262 /**
2263 This function is called to provide results data to the driver.
2264
2265 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
2266 @param[in] Action Specifies the type of action taken by the browser.
2267 @param[in] QuestionId A unique value which is sent to the original
2268 exporting driver so that it can identify the type
2269 of data to expect.
2270 @param[in] Type The type of value for the question.
2271 @param[in] Value A pointer to the data being sent to the original
2272 exporting driver.
2273 @param[out] ActionRequest On return, points to the action requested by the
2274 callback function.
2275
2276 @retval EFI_SUCCESS The callback successfully handled the action.
2277 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
2278 variable and its data.
2279 @retval EFI_DEVICE_ERROR The variable could not be saved.
2280 @retval EFI_UNSUPPORTED The specified Action is not supported by the
2281 callback.
2282
2283 **/
2284 EFI_STATUS
2285 EFIAPI
2286 SecureBootCallback (
2287 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
2288 IN EFI_BROWSER_ACTION Action,
2289 IN EFI_QUESTION_ID QuestionId,
2290 IN UINT8 Type,
2291 IN EFI_IFR_TYPE_VALUE *Value,
2292 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
2293 )
2294 {
2295 EFI_INPUT_KEY Key;
2296 EFI_STATUS Status;
2297 SECUREBOOT_CONFIG_PRIVATE_DATA *Private;
2298 UINTN BufferSize;
2299 SECUREBOOT_CONFIGURATION *IfrNvData;
2300 UINT16 LabelId;
2301
2302 if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
2303 return EFI_INVALID_PARAMETER;
2304 }
2305
2306 if ((Action != EFI_BROWSER_ACTION_CHANGED) && (Action != EFI_BROWSER_ACTION_CHANGING)) {
2307 return EFI_UNSUPPORTED;
2308 }
2309
2310 Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This);
2311
2312 //
2313 // Retrieve uncommitted data from Browser
2314 //
2315 BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
2316 IfrNvData = AllocateZeroPool (BufferSize);
2317 if (IfrNvData == NULL) {
2318 return EFI_OUT_OF_RESOURCES;
2319 }
2320
2321 Status = EFI_SUCCESS;
2322
2323 HiiGetBrowserData (NULL, NULL, BufferSize, (UINT8 *) IfrNvData);
2324
2325 if (Action == EFI_BROWSER_ACTION_CHANGING) {
2326
2327 switch (QuestionId) {
2328 case KEY_SECURE_BOOT_ENABLE:
2329 if (NULL != GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid)) {
2330 if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) {
2331 CreatePopUp (
2332 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
2333 &Key,
2334 L"Only Physical Presence User could disable secure boot!",
2335 NULL
2336 );
2337 Status = EFI_UNSUPPORTED;
2338 }
2339 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
2340 }
2341 break;
2342
2343 case KEY_SECURE_BOOT_OPTION:
2344 FreeMenu (&DirectoryMenu);
2345 FreeMenu (&FsOptionMenu);
2346 break;
2347
2348 case KEY_SECURE_BOOT_KEK_OPTION:
2349 case KEY_SECURE_BOOT_DB_OPTION:
2350 case KEY_SECURE_BOOT_DBX_OPTION:
2351 //
2352 // Clear Signature GUID.
2353 //
2354 ZeroMem (IfrNvData->SignatureGuid, sizeof (IfrNvData->SignatureGuid));
2355 if (Private->SignatureGUID == NULL) {
2356 Private->SignatureGUID = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
2357 if (Private->SignatureGUID == NULL) {
2358 return EFI_OUT_OF_RESOURCES;
2359 }
2360 }
2361
2362 if (QuestionId == KEY_SECURE_BOOT_DB_OPTION) {
2363 LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
2364 } else if (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) {
2365 LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
2366 } else {
2367 LabelId = FORMID_ENROLL_KEK_FORM;
2368 }
2369
2370 //
2371 // Refresh selected file.
2372 //
2373 CleanUpPage (LabelId, Private);
2374 break;
2375
2376 case SECUREBOOT_ADD_PK_FILE_FORM_ID:
2377 case FORMID_ENROLL_KEK_FORM:
2378 case SECUREBOOT_ENROLL_SIGNATURE_TO_DB:
2379 case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX:
2380 if (QuestionId == SECUREBOOT_ADD_PK_FILE_FORM_ID) {
2381 Private->FeCurrentState = FileExplorerStateEnrollPkFile;
2382 } else if (QuestionId == FORMID_ENROLL_KEK_FORM) {
2383 Private->FeCurrentState = FileExplorerStateEnrollKekFile;
2384 } else if (QuestionId == SECUREBOOT_ENROLL_SIGNATURE_TO_DB) {
2385 Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDb;
2386 } else {
2387 Private->FeCurrentState = FileExplorerStateEnrollSignatureFileToDbx;
2388 }
2389
2390 Private->FeDisplayContext = FileExplorerDisplayUnknown;
2391 CleanUpPage (FORM_FILE_EXPLORER_ID, Private);
2392 UpdateFileExplorer (Private, 0);
2393 break;
2394
2395 case KEY_SECURE_BOOT_DELETE_PK:
2396 if (Value->u8) {
2397 Status = DeletePlatformKey ();
2398 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
2399 }
2400 break;
2401
2402 case KEY_DELETE_KEK:
2403 UpdateDeletePage (
2404 Private,
2405 EFI_KEY_EXCHANGE_KEY_NAME,
2406 &gEfiGlobalVariableGuid,
2407 LABEL_KEK_DELETE,
2408 FORMID_DELETE_KEK_FORM,
2409 OPTION_DEL_KEK_QUESTION_ID
2410 );
2411 break;
2412
2413 case SECUREBOOT_DELETE_SIGNATURE_FROM_DB:
2414 UpdateDeletePage (
2415 Private,
2416 EFI_IMAGE_SECURITY_DATABASE,
2417 &gEfiImageSecurityDatabaseGuid,
2418 LABEL_DB_DELETE,
2419 SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
2420 OPTION_DEL_DB_QUESTION_ID
2421 );
2422 break;
2423
2424 case SECUREBOOT_DELETE_SIGNATURE_FROM_DBX:
2425 UpdateDeletePage (
2426 Private,
2427 EFI_IMAGE_SECURITY_DATABASE1,
2428 &gEfiImageSecurityDatabaseGuid,
2429 LABEL_DBX_DELETE,
2430 SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
2431 OPTION_DEL_DBX_QUESTION_ID
2432 );
2433
2434 break;
2435
2436 case KEY_VALUE_SAVE_AND_EXIT_KEK:
2437 Status = EnrollKeyExchangeKey (Private);
2438 break;
2439
2440 case KEY_VALUE_SAVE_AND_EXIT_DB:
2441 Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE);
2442 break;
2443
2444 case KEY_VALUE_SAVE_AND_EXIT_DBX:
2445 Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1);
2446 break;
2447
2448 default:
2449 if (QuestionId >= FILE_OPTION_OFFSET) {
2450 UpdateFileExplorer (Private, QuestionId);
2451 } else if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) &&
2452 (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) {
2453 DeleteKeyExchangeKey (Private, QuestionId);
2454 } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) &&
2455 (QuestionId < (OPTION_DEL_DB_QUESTION_ID + OPTION_CONFIG_RANGE))) {
2456 DeleteSignature (
2457 Private,
2458 EFI_IMAGE_SECURITY_DATABASE,
2459 &gEfiImageSecurityDatabaseGuid,
2460 LABEL_DB_DELETE,
2461 SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
2462 OPTION_DEL_DB_QUESTION_ID,
2463 QuestionId - OPTION_DEL_DB_QUESTION_ID
2464 );
2465 } else if ((QuestionId >= OPTION_DEL_DBX_QUESTION_ID) &&
2466 (QuestionId < (OPTION_DEL_DBX_QUESTION_ID + OPTION_CONFIG_RANGE))) {
2467 DeleteSignature (
2468 Private,
2469 EFI_IMAGE_SECURITY_DATABASE1,
2470 &gEfiImageSecurityDatabaseGuid,
2471 LABEL_DBX_DELETE,
2472 SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
2473 OPTION_DEL_DBX_QUESTION_ID,
2474 QuestionId - OPTION_DEL_DBX_QUESTION_ID
2475 );
2476 }
2477 break;
2478 }
2479 } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
2480 switch (QuestionId) {
2481 case KEY_SECURE_BOOT_ENABLE:
2482 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
2483 break;
2484 case KEY_VALUE_SAVE_AND_EXIT_PK:
2485 Status = EnrollPlatformKey (Private);
2486 if (EFI_ERROR (Status)) {
2487 CreatePopUp (
2488 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
2489 &Key,
2490 L"ERROR: Unsupported file type, only *.cer is supported!",
2491 NULL
2492 );
2493 } else {
2494 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
2495 }
2496 break;
2497
2498 case KEY_VALUE_NO_SAVE_AND_EXIT_PK:
2499 case KEY_VALUE_NO_SAVE_AND_EXIT_KEK:
2500 case KEY_VALUE_NO_SAVE_AND_EXIT_DB:
2501 case KEY_VALUE_NO_SAVE_AND_EXIT_DBX:
2502 if (Private->FileContext->FHandle != NULL) {
2503 CloseFile (Private->FileContext->FHandle);
2504 Private->FileContext->FHandle = NULL;
2505 Private->FileContext->FileName = NULL;
2506 }
2507
2508 if (Private->SignatureGUID != NULL) {
2509 FreePool (Private->SignatureGUID);
2510 Private->SignatureGUID = NULL;
2511 }
2512 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT;
2513 break;
2514
2515 case KEY_SECURE_BOOT_MODE:
2516 if (NULL != GetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid)) {
2517 Status = gRT->SetVariable (
2518 EFI_CUSTOM_MODE_NAME,
2519 &gEfiCustomModeEnableGuid,
2520 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
2521 sizeof (UINT8),
2522 &Value->u8
2523 );
2524 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
2525 IfrNvData->SecureBootMode = Value->u8;
2526 }
2527 break;
2528
2529 case KEY_SECURE_BOOT_KEK_GUID:
2530 case KEY_SECURE_BOOT_SIGNATURE_GUID_DB:
2531 case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX:
2532 ASSERT (Private->SignatureGUID != NULL);
2533 Status = StringToGuid (
2534 IfrNvData->SignatureGuid,
2535 StrLen (IfrNvData->SignatureGuid),
2536 Private->SignatureGUID
2537 );
2538 if (EFI_ERROR (Status)) {
2539 break;
2540 }
2541
2542 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
2543 break;
2544
2545 case KEY_SECURE_BOOT_DELETE_PK:
2546 if (Value->u8) {
2547 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT;
2548 }
2549 break;
2550 }
2551 }
2552
2553 if (!EFI_ERROR (Status)) {
2554 BufferSize = sizeof (SECUREBOOT_CONFIGURATION);
2555 HiiSetBrowserData (NULL, NULL, BufferSize, (UINT8*) IfrNvData, NULL);
2556 }
2557 FreePool (IfrNvData);
2558
2559 return EFI_SUCCESS;
2560 }
2561
2562 /**
2563 This function publish the SecureBoot configuration Form.
2564
2565 @param[in, out] PrivateData Points to SecureBoot configuration private data.
2566
2567 @retval EFI_SUCCESS HII Form is installed successfully.
2568 @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
2569 @retval Others Other errors as indicated.
2570
2571 **/
2572 EFI_STATUS
2573 InstallSecureBootConfigForm (
2574 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
2575 )
2576 {
2577 EFI_STATUS Status;
2578 EFI_HII_HANDLE HiiHandle;
2579 EFI_HANDLE DriverHandle;
2580 EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess;
2581
2582 DriverHandle = NULL;
2583 ConfigAccess = &PrivateData->ConfigAccess;
2584 Status = gBS->InstallMultipleProtocolInterfaces (
2585 &DriverHandle,
2586 &gEfiDevicePathProtocolGuid,
2587 &mSecureBootHiiVendorDevicePath,
2588 &gEfiHiiConfigAccessProtocolGuid,
2589 ConfigAccess,
2590 NULL
2591 );
2592 if (EFI_ERROR (Status)) {
2593 return Status;
2594 }
2595
2596 PrivateData->DriverHandle = DriverHandle;
2597
2598 //
2599 // Publish the HII package list
2600 //
2601 HiiHandle = HiiAddPackages (
2602 &gSecureBootConfigFormSetGuid,
2603 DriverHandle,
2604 SecureBootConfigDxeStrings,
2605 SecureBootConfigBin,
2606 NULL
2607 );
2608 if (HiiHandle == NULL) {
2609 gBS->UninstallMultipleProtocolInterfaces (
2610 DriverHandle,
2611 &gEfiDevicePathProtocolGuid,
2612 &mSecureBootHiiVendorDevicePath,
2613 &gEfiHiiConfigAccessProtocolGuid,
2614 ConfigAccess,
2615 NULL
2616 );
2617 return EFI_OUT_OF_RESOURCES;
2618 }
2619
2620 PrivateData->HiiHandle = HiiHandle;
2621
2622 PrivateData->FileContext = AllocateZeroPool (sizeof (SECUREBOOT_FILE_CONTEXT));
2623 PrivateData->MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY));
2624
2625 if (PrivateData->FileContext == NULL || PrivateData->MenuEntry == NULL) {
2626 UninstallSecureBootConfigForm (PrivateData);
2627 return EFI_OUT_OF_RESOURCES;
2628 }
2629
2630 PrivateData->FeCurrentState = FileExplorerStateInActive;
2631 PrivateData->FeDisplayContext = FileExplorerDisplayUnknown;
2632
2633 InitializeListHead (&FsOptionMenu.Head);
2634 InitializeListHead (&DirectoryMenu.Head);
2635
2636 //
2637 // Init OpCode Handle and Allocate space for creation of Buffer
2638 //
2639 mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
2640 if (mStartOpCodeHandle == NULL) {
2641 UninstallSecureBootConfigForm (PrivateData);
2642 return EFI_OUT_OF_RESOURCES;
2643 }
2644
2645 mEndOpCodeHandle = HiiAllocateOpCodeHandle ();
2646 if (mEndOpCodeHandle == NULL) {
2647 UninstallSecureBootConfigForm (PrivateData);
2648 return EFI_OUT_OF_RESOURCES;
2649 }
2650
2651 //
2652 // Create Hii Extend Label OpCode as the start opcode
2653 //
2654 mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
2655 mStartOpCodeHandle,
2656 &gEfiIfrTianoGuid,
2657 NULL,
2658 sizeof (EFI_IFR_GUID_LABEL)
2659 );
2660 mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
2661
2662 //
2663 // Create Hii Extend Label OpCode as the end opcode
2664 //
2665 mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
2666 mEndOpCodeHandle,
2667 &gEfiIfrTianoGuid,
2668 NULL,
2669 sizeof (EFI_IFR_GUID_LABEL)
2670 );
2671 mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
2672 mEndLabel->Number = LABEL_END;
2673
2674 return EFI_SUCCESS;
2675 }
2676
2677 /**
2678 This function removes SecureBoot configuration Form.
2679
2680 @param[in, out] PrivateData Points to SecureBoot configuration private data.
2681
2682 **/
2683 VOID
2684 UninstallSecureBootConfigForm (
2685 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
2686 )
2687 {
2688 //
2689 // Uninstall HII package list
2690 //
2691 if (PrivateData->HiiHandle != NULL) {
2692 HiiRemovePackages (PrivateData->HiiHandle);
2693 PrivateData->HiiHandle = NULL;
2694 }
2695
2696 //
2697 // Uninstall HII Config Access Protocol
2698 //
2699 if (PrivateData->DriverHandle != NULL) {
2700 gBS->UninstallMultipleProtocolInterfaces (
2701 PrivateData->DriverHandle,
2702 &gEfiDevicePathProtocolGuid,
2703 &mSecureBootHiiVendorDevicePath,
2704 &gEfiHiiConfigAccessProtocolGuid,
2705 &PrivateData->ConfigAccess,
2706 NULL
2707 );
2708 PrivateData->DriverHandle = NULL;
2709 }
2710
2711 if (PrivateData->SignatureGUID != NULL) {
2712 FreePool (PrivateData->SignatureGUID);
2713 }
2714
2715 if (PrivateData->MenuEntry != NULL) {
2716 FreePool (PrivateData->MenuEntry);
2717 }
2718
2719 if (PrivateData->FileContext != NULL) {
2720 FreePool (PrivateData->FileContext);
2721 }
2722
2723 FreePool (PrivateData);
2724
2725 FreeMenu (&DirectoryMenu);
2726 FreeMenu (&FsOptionMenu);
2727
2728 if (mStartOpCodeHandle != NULL) {
2729 HiiFreeOpCodeHandle (mStartOpCodeHandle);
2730 }
2731
2732 if (mEndOpCodeHandle != NULL) {
2733 HiiFreeOpCodeHandle (mEndOpCodeHandle);
2734 }
2735 }