]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg/SecureBootConfigDxe: Declare EFIAPI for the ChooseFile handlers
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.h
1 /** @file
2 The header file of HII Config Access protocol implementation of SecureBoot
3 configuration module.
4
5 Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef __SECUREBOOT_CONFIG_IMPL_H__
17 #define __SECUREBOOT_CONFIG_IMPL_H__
18
19 #include <Uefi.h>
20
21 #include <Protocol/HiiConfigAccess.h>
22 #include <Protocol/HiiConfigRouting.h>
23 #include <Protocol/SimpleFileSystem.h>
24 #include <Protocol/BlockIo.h>
25 #include <Protocol/DevicePath.h>
26 #include <Protocol/DebugPort.h>
27 #include <Protocol/LoadFile.h>
28
29 #include <Library/BaseLib.h>
30 #include <Library/BaseMemoryLib.h>
31 #include <Library/DebugLib.h>
32 #include <Library/MemoryAllocationLib.h>
33 #include <Library/UefiBootServicesTableLib.h>
34 #include <Library/UefiRuntimeServicesTableLib.h>
35 #include <Library/UefiHiiServicesLib.h>
36 #include <Library/UefiLib.h>
37 #include <Library/HiiLib.h>
38 #include <Library/DevicePathLib.h>
39 #include <Library/PrintLib.h>
40 #include <Library/PlatformSecureLib.h>
41 #include <Library/BaseCryptLib.h>
42 #include <Library/FileExplorerLib.h>
43
44 #include <Guid/MdeModuleHii.h>
45 #include <Guid/AuthenticatedVariableFormat.h>
46 #include <Guid/FileSystemVolumeLabelInfo.h>
47 #include <Guid/ImageAuthentication.h>
48 #include <Guid/FileInfo.h>
49
50 #include "SecureBootConfigNvData.h"
51
52 //
53 // Tool generated IFR binary data and String package data
54 //
55 extern UINT8 SecureBootConfigBin[];
56 extern UINT8 SecureBootConfigDxeStrings[];
57
58 //
59 // Shared IFR form update data
60 //
61 extern VOID *mStartOpCodeHandle;
62 extern VOID *mEndOpCodeHandle;
63 extern EFI_IFR_GUID_LABEL *mStartLabel;
64 extern EFI_IFR_GUID_LABEL *mEndLabel;
65
66 #define MAX_CHAR 480
67 #define TWO_BYTE_ENCODE 0x82
68
69 //
70 // SHA-1 digest size in bytes.
71 //
72 #define SHA1_DIGEST_SIZE 20
73 //
74 // SHA-256 digest size in bytes
75 //
76 #define SHA256_DIGEST_SIZE 32
77 //
78 // SHA-384 digest size in bytes
79 //
80 #define SHA384_DIGEST_SIZE 48
81 //
82 // SHA-512 digest size in bytes
83 //
84 #define SHA512_DIGEST_SIZE 64
85
86 //
87 // Set max digest size as SHA512 Output (64 bytes) by far
88 //
89 #define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
90
91 #define WIN_CERT_UEFI_RSA2048_SIZE 256
92
93 //
94 // Support hash types
95 //
96 #define HASHALG_SHA1 0x00000000
97 #define HASHALG_SHA224 0x00000001
98 #define HASHALG_SHA256 0x00000002
99 #define HASHALG_SHA384 0x00000003
100 #define HASHALG_SHA512 0x00000004
101 #define HASHALG_RAW 0x00000005
102 #define HASHALG_MAX 0x00000005
103
104
105 #define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')
106 #define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')
107
108 typedef struct {
109 EFI_DEVICE_PATH_PROTOCOL Header;
110 EFI_GUID Guid;
111 UINT8 VendorDefinedData[1];
112 } VENDOR_DEVICE_PATH_WITH_DATA;
113
114 typedef struct {
115 EFI_DEVICE_PATH_PROTOCOL Header;
116 UINT16 NetworkProtocol;
117 UINT16 LoginOption;
118 UINT64 Lun;
119 UINT16 TargetPortalGroupTag;
120 CHAR16 TargetName[1];
121 } ISCSI_DEVICE_PATH_WITH_NAME;
122
123 typedef struct {
124 CHAR16 *Str;
125 UINTN Len;
126 UINTN Maxlen;
127 } POOL_PRINT;
128
129 typedef
130 VOID
131 (*DEV_PATH_FUNCTION) (
132 IN OUT POOL_PRINT *Str,
133 IN VOID *DevPath
134 );
135
136 typedef struct {
137 UINT8 Type;
138 UINT8 SubType;
139 DEV_PATH_FUNCTION Function;
140 } DEVICE_PATH_STRING_TABLE;
141
142 typedef struct {
143 UINTN Signature;
144 LIST_ENTRY Head;
145 UINTN MenuNumber;
146 } SECUREBOOT_MENU_OPTION;
147
148 typedef struct {
149 EFI_FILE_HANDLE FHandle;
150 UINT16 *FileName;
151 } SECUREBOOT_FILE_CONTEXT;
152
153
154 //
155 // We define another format of 5th directory entry: security directory
156 //
157 typedef struct {
158 UINT32 Offset; // Offset of certificate
159 UINT32 SizeOfCert; // size of certificate appended
160 } EFI_IMAGE_SECURITY_DATA_DIRECTORY;
161
162 typedef enum{
163 ImageType_IA32,
164 ImageType_X64
165 } IMAGE_TYPE;
166
167 ///
168 /// HII specific Vendor Device Path definition.
169 ///
170 typedef struct {
171 VENDOR_DEVICE_PATH VendorDevicePath;
172 EFI_DEVICE_PATH_PROTOCOL End;
173 } HII_VENDOR_DEVICE_PATH;
174
175 typedef struct {
176 UINTN Signature;
177
178 EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
179 EFI_HII_HANDLE HiiHandle;
180 EFI_HANDLE DriverHandle;
181
182 SECUREBOOT_FILE_CONTEXT *FileContext;
183
184 EFI_GUID *SignatureGUID;
185 } SECUREBOOT_CONFIG_PRIVATE_DATA;
186
187 extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
188 extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;
189
190 #define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
191 #define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
192
193 //
194 // Cryptograhpic Key Information
195 //
196 #pragma pack(1)
197 typedef struct _CPL_KEY_INFO {
198 UINT32 KeyLengthInBits; // Key Length In Bits
199 UINT32 BlockSize; // Operation Block Size in Bytes
200 UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
201 UINT32 KeyType; // Key Type
202 UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
203 UINT32 Flags; // Additional Key Property Flags
204 } CPL_KEY_INFO;
205 #pragma pack()
206
207
208 /**
209 Retrieves the size, in bytes, of the context buffer required for hash operations.
210
211 @return The size, in bytes, of the context buffer required for hash operations.
212
213 **/
214 typedef
215 EFI_STATUS
216 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
217 VOID
218 );
219
220 /**
221 Initializes user-supplied memory pointed by HashContext as hash context for
222 subsequent use.
223
224 If HashContext is NULL, then ASSERT().
225
226 @param[in, out] HashContext Pointer to Context being initialized.
227
228 @retval TRUE HASH context initialization succeeded.
229 @retval FALSE HASH context initialization failed.
230
231 **/
232 typedef
233 BOOLEAN
234 (EFIAPI *HASH_INIT)(
235 IN OUT VOID *HashContext
236 );
237
238
239 /**
240 Performs digest on a data buffer of the specified length. This function can
241 be called multiple times to compute the digest of long or discontinuous data streams.
242
243 If HashContext is NULL, then ASSERT().
244
245 @param[in, out] HashContext Pointer to the MD5 context.
246 @param[in] Data Pointer to the buffer containing the data to be hashed.
247 @param[in] DataLength Length of Data buffer in bytes.
248
249 @retval TRUE HASH data digest succeeded.
250 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
251 HASH context cannot be reused.
252
253 **/
254 typedef
255 BOOLEAN
256 (EFIAPI *HASH_UPDATE)(
257 IN OUT VOID *HashContext,
258 IN CONST VOID *Data,
259 IN UINTN DataLength
260 );
261
262 /**
263 Completes hash computation and retrieves the digest value into the specified
264 memory. After this function has been called, the context cannot be used again.
265
266 If HashContext is NULL, then ASSERT().
267 If HashValue is NULL, then ASSERT().
268
269 @param[in, out] HashContext Pointer to the MD5 context
270 @param[out] HashValue Pointer to a buffer that receives the HASH digest
271 value (16 bytes).
272
273 @retval TRUE HASH digest computation succeeded.
274 @retval FALSE HASH digest computation failed.
275
276 **/
277 typedef
278 BOOLEAN
279 (EFIAPI *HASH_FINAL)(
280 IN OUT VOID *HashContext,
281 OUT UINT8 *HashValue
282 );
283
284 //
285 // Hash Algorithm Table
286 //
287 typedef struct {
288 CHAR16 *Name; ///< Name for Hash Algorithm
289 UINTN DigestLength; ///< Digest Length
290 UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
291 UINTN OidLength; ///< Length of Hash OID Value
292 HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
293 HASH_INIT HashInit; ///< Pointer to Hash Init function
294 HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function
295 HASH_FINAL HashFinal; ///< Pointer to Hash Final function
296 } HASH_TABLE;
297
298 typedef struct {
299 WIN_CERTIFICATE Hdr;
300 UINT8 CertData[1];
301 } WIN_CERTIFICATE_EFI_PKCS;
302
303
304 /**
305 This function publish the SecureBoot configuration Form.
306
307 @param[in, out] PrivateData Points to SecureBoot configuration private data.
308
309 @retval EFI_SUCCESS HII Form is installed successfully.
310 @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
311 @retval Others Other errors as indicated.
312
313 **/
314 EFI_STATUS
315 InstallSecureBootConfigForm (
316 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
317 );
318
319
320 /**
321 This function removes SecureBoot configuration Form.
322
323 @param[in, out] PrivateData Points to SecureBoot configuration private data.
324
325 **/
326 VOID
327 UninstallSecureBootConfigForm (
328 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
329 );
330
331
332 /**
333 This function allows a caller to extract the current configuration for one
334 or more named elements from the target driver.
335
336 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
337 @param[in] Request A null-terminated Unicode string in
338 <ConfigRequest> format.
339 @param[out] Progress On return, points to a character in the Request
340 string. Points to the string's null terminator if
341 request was successful. Points to the most recent
342 '&' before the first failing name/value pair (or
343 the beginning of the string if the failure is in
344 the first name/value pair) if the request was not
345 successful.
346 @param[out] Results A null-terminated Unicode string in
347 <ConfigAltResp> format which has all values filled
348 in for the names in the Request string. String to
349 be allocated by the called function.
350
351 @retval EFI_SUCCESS The Results is filled with the requested values.
352 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
353 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
354 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
355 driver.
356
357 **/
358 EFI_STATUS
359 EFIAPI
360 SecureBootExtractConfig (
361 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
362 IN CONST EFI_STRING Request,
363 OUT EFI_STRING *Progress,
364 OUT EFI_STRING *Results
365 );
366
367
368 /**
369 This function processes the results of changes in configuration.
370
371 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
372 @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
373 format.
374 @param[out] Progress A pointer to a string filled in with the offset of
375 the most recent '&' before the first failing
376 name/value pair (or the beginning of the string if
377 the failure is in the first name/value pair) or
378 the terminating NULL if all was successful.
379
380 @retval EFI_SUCCESS The Results is processed successfully.
381 @retval EFI_INVALID_PARAMETER Configuration is NULL.
382 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
383 driver.
384
385 **/
386 EFI_STATUS
387 EFIAPI
388 SecureBootRouteConfig (
389 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
390 IN CONST EFI_STRING Configuration,
391 OUT EFI_STRING *Progress
392 );
393
394
395 /**
396 This function processes the results of changes in configuration.
397
398 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
399 @param[in] Action Specifies the type of action taken by the browser.
400 @param[in] QuestionId A unique value which is sent to the original
401 exporting driver so that it can identify the type
402 of data to expect.
403 @param[in] Type The type of value for the question.
404 @param[in] Value A pointer to the data being sent to the original
405 exporting driver.
406 @param[out] ActionRequest On return, points to the action requested by the
407 callback function.
408
409 @retval EFI_SUCCESS The callback successfully handled the action.
410 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
411 variable and its data.
412 @retval EFI_DEVICE_ERROR The variable could not be saved.
413 @retval EFI_UNSUPPORTED The specified Action is not supported by the
414 callback.
415
416 **/
417 EFI_STATUS
418 EFIAPI
419 SecureBootCallback (
420 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
421 IN EFI_BROWSER_ACTION Action,
422 IN EFI_QUESTION_ID QuestionId,
423 IN UINT8 Type,
424 IN EFI_IFR_TYPE_VALUE *Value,
425 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
426 );
427
428
429 /**
430 This function converts an input device structure to a Unicode string.
431
432 @param[in] DevPath A pointer to the device path structure.
433
434 @return A new allocated Unicode string that represents the device path.
435
436 **/
437 CHAR16 *
438 EFIAPI
439 DevicePathToStr (
440 IN EFI_DEVICE_PATH_PROTOCOL *DevPath
441 );
442
443
444 /**
445 Clean up the dynamic opcode at label and form specified by both LabelId.
446
447 @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
448 @param[in] PrivateData Module private data.
449
450 **/
451 VOID
452 CleanUpPage (
453 IN UINT16 LabelId,
454 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
455 );
456
457
458 /**
459 Read file content into BufferPtr, the size of the allocate buffer
460 is *FileSize plus AddtionAllocateSize.
461
462 @param[in] FileHandle The file to be read.
463 @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
464 @param[out] FileSize Size of input file
465 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
466 In case the buffer need to contain others besides the file content.
467
468 @retval EFI_SUCCESS The file was read into the buffer.
469 @retval EFI_INVALID_PARAMETER A parameter was invalid.
470 @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
471 @retval others Unexpected error.
472
473 **/
474 EFI_STATUS
475 ReadFileContent (
476 IN EFI_FILE_HANDLE FileHandle,
477 IN OUT VOID **BufferPtr,
478 OUT UINTN *FileSize,
479 IN UINTN AddtionAllocateSize
480 );
481
482
483 /**
484 Close an open file handle.
485
486 @param[in] FileHandle The file handle to close.
487
488 **/
489 VOID
490 CloseFile (
491 IN EFI_FILE_HANDLE FileHandle
492 );
493
494
495 /**
496 Converts a nonnegative integer to an octet string of a specified length.
497
498 @param[in] Integer Pointer to the nonnegative integer to be converted
499 @param[in] IntSizeInWords Length of integer buffer in words
500 @param[out] OctetString Converted octet string of the specified length
501 @param[in] OSSizeInBytes Intended length of resulting octet string in bytes
502
503 Returns:
504
505 @retval EFI_SUCCESS Data conversion successfully
506 @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
507
508 **/
509 EFI_STATUS
510 EFIAPI
511 Int2OctStr (
512 IN CONST UINTN *Integer,
513 IN UINTN IntSizeInWords,
514 OUT UINT8 *OctetString,
515 IN UINTN OSSizeInBytes
516 );
517
518
519 /**
520 Convert a String to Guid Value.
521
522 @param[in] Str Specifies the String to be converted.
523 @param[in] StrLen Number of Unicode Characters of String (exclusive \0)
524 @param[out] Guid Return the result Guid value.
525
526 @retval EFI_SUCCESS The operation is finished successfully.
527 @retval EFI_NOT_FOUND Invalid string.
528
529 **/
530 EFI_STATUS
531 StringToGuid (
532 IN CHAR16 *Str,
533 IN UINTN StrLen,
534 OUT EFI_GUID *Guid
535 );
536
537
538 /**
539 Worker function that prints an EFI_GUID into specified Buffer.
540
541 @param[in] Guid Pointer to GUID to print.
542 @param[in] Buffer Buffer to print Guid into.
543 @param[in] BufferSize Size of Buffer.
544
545 @retval Number of characters printed.
546
547 **/
548 UINTN
549 GuidToString (
550 IN EFI_GUID *Guid,
551 IN CHAR16 *Buffer,
552 IN UINTN BufferSize
553 );
554
555 /**
556 Update the PK form base on the input file path info.
557
558 @param FilePath Point to the file path.
559
560 @retval TRUE Exit caller function.
561 @retval FALSE Not exit caller function.
562 **/
563 BOOLEAN
564 EFIAPI
565 UpdatePKFromFile (
566 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
567 );
568
569 /**
570 Update the KEK form base on the input file path info.
571
572 @param FilePath Point to the file path.
573
574 @retval TRUE Exit caller function.
575 @retval FALSE Not exit caller function.
576 **/
577 BOOLEAN
578 EFIAPI
579 UpdateKEKFromFile (
580 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
581 );
582
583 /**
584 Update the DB form base on the input file path info.
585
586 @param FilePath Point to the file path.
587
588 @retval TRUE Exit caller function.
589 @retval FALSE Not exit caller function.
590 **/
591 BOOLEAN
592 EFIAPI
593 UpdateDBFromFile (
594 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
595 );
596
597 /**
598 Update the DBX form base on the input file path info.
599
600 @param FilePath Point to the file path.
601
602 @retval TRUE Exit caller function.
603 @retval FALSE Not exit caller function.
604 **/
605 BOOLEAN
606 EFIAPI
607 UpdateDBXFromFile (
608 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
609 );
610
611 /**
612 Update the DBT form base on the input file path info.
613
614 @param FilePath Point to the file path.
615
616 @retval TRUE Exit caller function.
617 @retval FALSE Not exit caller function.
618 **/
619 BOOLEAN
620 EFIAPI
621 UpdateDBTFromFile (
622 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
623 );
624
625 #endif
EFI Development Kit II mirror for PVE