]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
projects / mirror_edk2.git / blob
? search:


bcb1c12e23142d193d3c93be0209891c0c783541
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.h
1 /** @file
2 The header file of HII Config Access protocol implementation of SecureBoot
3 configuration module.
4
5 Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef __SECUREBOOT_CONFIG_IMPL_H__
17 #define __SECUREBOOT_CONFIG_IMPL_H__
18
19 #include <Uefi.h>
20
21 #include <Protocol/HiiConfigAccess.h>
22 #include <Protocol/HiiConfigRouting.h>
23 #include <Protocol/SimpleFileSystem.h>
24 #include <Protocol/BlockIo.h>
25 #include <Protocol/DevicePath.h>
26 #include <Protocol/DebugPort.h>
27 #include <Protocol/LoadFile.h>
28
29 #include <Library/BaseLib.h>
30 #include <Library/BaseMemoryLib.h>
31 #include <Library/DebugLib.h>
32 #include <Library/MemoryAllocationLib.h>
33 #include <Library/UefiBootServicesTableLib.h>
34 #include <Library/UefiRuntimeServicesTableLib.h>
35 #include <Library/UefiHiiServicesLib.h>
36 #include <Library/UefiLib.h>
37 #include <Library/HiiLib.h>
38 #include <Library/DevicePathLib.h>
39 #include <Library/PrintLib.h>
40 #include <Library/PlatformSecureLib.h>
41 #include <Library/BaseCryptLib.h>
42 #include <Guid/MdeModuleHii.h>
43 #include <Guid/AuthenticatedVariableFormat.h>
44 #include <Guid/FileSystemVolumeLabelInfo.h>
45 #include <Guid/ImageAuthentication.h>
46 #include <Guid/FileInfo.h>
47
48 #include "SecureBootConfigNvData.h"
49
50 //
51 // Tool generated IFR binary data and String package data
52 //
53 extern UINT8 SecureBootConfigBin[];
54 extern UINT8 SecureBootConfigDxeStrings[];
55
56 //
57 // Shared IFR form update data
58 //
59 extern VOID *mStartOpCodeHandle;
60 extern VOID *mEndOpCodeHandle;
61 extern EFI_IFR_GUID_LABEL *mStartLabel;
62 extern EFI_IFR_GUID_LABEL *mEndLabel;
63
64 #define MAX_CHAR 480
65 #define TWO_BYTE_ENCODE 0x82
66
67 //
68 // SHA-1 digest size in bytes.
69 //
70 #define SHA1_DIGEST_SIZE 20
71 //
72 // SHA-256 digest size in bytes
73 //
74 #define SHA256_DIGEST_SIZE 32
75 //
76 // SHA-384 digest size in bytes
77 //
78 #define SHA384_DIGEST_SIZE 48
79 //
80 // SHA-512 digest size in bytes
81 //
82 #define SHA512_DIGEST_SIZE 64
83
84 //
85 // Set max digest size as SHA512 Output (64 bytes) by far
86 //
87 #define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
88
89 #define WIN_CERT_UEFI_RSA2048_SIZE 256
90
91 //
92 // Support hash types
93 //
94 #define HASHALG_SHA1 0x00000000
95 #define HASHALG_SHA224 0x00000001
96 #define HASHALG_SHA256 0x00000002
97 #define HASHALG_SHA384 0x00000003
98 #define HASHALG_SHA512 0x00000004
99 #define HASHALG_RAW 0x00000005
100 #define HASHALG_MAX 0x00000005
101
102
103 #define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')
104 #define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')
105
106 typedef struct {
107 EFI_DEVICE_PATH_PROTOCOL Header;
108 EFI_GUID Guid;
109 UINT8 VendorDefinedData[1];
110 } VENDOR_DEVICE_PATH_WITH_DATA;
111
112 typedef struct {
113 EFI_DEVICE_PATH_PROTOCOL Header;
114 UINT16 NetworkProtocol;
115 UINT16 LoginOption;
116 UINT64 Lun;
117 UINT16 TargetPortalGroupTag;
118 CHAR16 TargetName[1];
119 } ISCSI_DEVICE_PATH_WITH_NAME;
120
121 typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {
122 FileExplorerDisplayFileSystem,
123 FileExplorerDisplayDirectory,
124 FileExplorerDisplayUnknown
125 } FILE_EXPLORER_DISPLAY_CONTEXT;
126
127 typedef enum _FILE_EXPLORER_STATE {
128 FileExplorerStateInActive = 0,
129 FileExplorerStateEnrollPkFile,
130 FileExplorerStateEnrollKekFile,
131 FileExplorerStateEnrollSignatureFileToDb,
132 FileExplorerStateEnrollSignatureFileToDbx,
133 FileExplorerStateEnrollSignatureFileToDbt,
134 FileExplorerStateUnknown
135 } FILE_EXPLORER_STATE;
136
137 typedef struct {
138 CHAR16 *Str;
139 UINTN Len;
140 UINTN Maxlen;
141 } POOL_PRINT;
142
143 typedef
144 VOID
145 (*DEV_PATH_FUNCTION) (
146 IN OUT POOL_PRINT *Str,
147 IN VOID *DevPath
148 );
149
150 typedef struct {
151 UINT8 Type;
152 UINT8 SubType;
153 DEV_PATH_FUNCTION Function;
154 } DEVICE_PATH_STRING_TABLE;
155
156 typedef struct {
157 UINTN Signature;
158 LIST_ENTRY Head;
159 UINTN MenuNumber;
160 } SECUREBOOT_MENU_OPTION;
161
162 extern SECUREBOOT_MENU_OPTION FsOptionMenu;
163 extern SECUREBOOT_MENU_OPTION DirectoryMenu;
164
165 typedef struct {
166 UINTN Signature;
167 LIST_ENTRY Link;
168 UINTN OptionNumber;
169 UINT16 *DisplayString;
170 UINT16 *HelpString;
171 EFI_STRING_ID DisplayStringToken;
172 EFI_STRING_ID HelpStringToken;
173 VOID *FileContext;
174 } SECUREBOOT_MENU_ENTRY;
175
176 typedef struct {
177 EFI_HANDLE Handle;
178 EFI_DEVICE_PATH_PROTOCOL *DevicePath;
179 EFI_FILE_HANDLE FHandle;
180 UINT16 *FileName;
181 EFI_FILE_SYSTEM_VOLUME_LABEL *Info;
182
183 BOOLEAN IsRoot;
184 BOOLEAN IsDir;
185 BOOLEAN IsRemovableMedia;
186 BOOLEAN IsLoadFile;
187 BOOLEAN IsBootLegacy;
188 } SECUREBOOT_FILE_CONTEXT;
189
190
191 //
192 // We define another format of 5th directory entry: security directory
193 //
194 typedef struct {
195 UINT32 Offset; // Offset of certificate
196 UINT32 SizeOfCert; // size of certificate appended
197 } EFI_IMAGE_SECURITY_DATA_DIRECTORY;
198
199 typedef enum{
200 ImageType_IA32,
201 ImageType_X64
202 } IMAGE_TYPE;
203
204 ///
205 /// HII specific Vendor Device Path definition.
206 ///
207 typedef struct {
208 VENDOR_DEVICE_PATH VendorDevicePath;
209 EFI_DEVICE_PATH_PROTOCOL End;
210 } HII_VENDOR_DEVICE_PATH;
211
212 typedef struct {
213 UINTN Signature;
214
215 EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
216 EFI_HII_HANDLE HiiHandle;
217 EFI_HANDLE DriverHandle;
218
219 FILE_EXPLORER_STATE FeCurrentState;
220 FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;
221
222 SECUREBOOT_MENU_ENTRY *MenuEntry;
223 SECUREBOOT_FILE_CONTEXT *FileContext;
224
225 EFI_GUID *SignatureGUID;
226 } SECUREBOOT_CONFIG_PRIVATE_DATA;
227
228 extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
229
230 #define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
231 #define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
232
233 //
234 // Cryptograhpic Key Information
235 //
236 #pragma pack(1)
237 typedef struct _CPL_KEY_INFO {
238 UINT32 KeyLengthInBits; // Key Length In Bits
239 UINT32 BlockSize; // Operation Block Size in Bytes
240 UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
241 UINT32 KeyType; // Key Type
242 UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
243 UINT32 Flags; // Additional Key Property Flags
244 } CPL_KEY_INFO;
245 #pragma pack()
246
247
248 /**
249 Retrieves the size, in bytes, of the context buffer required for hash operations.
250
251 @return The size, in bytes, of the context buffer required for hash operations.
252
253 **/
254 typedef
255 EFI_STATUS
256 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
257 VOID
258 );
259
260 /**
261 Initializes user-supplied memory pointed by HashContext as hash context for
262 subsequent use.
263
264 If HashContext is NULL, then ASSERT().
265
266 @param[in, out] HashContext Pointer to Context being initialized.
267
268 @retval TRUE HASH context initialization succeeded.
269 @retval FALSE HASH context initialization failed.
270
271 **/
272 typedef
273 BOOLEAN
274 (EFIAPI *HASH_INIT)(
275 IN OUT VOID *HashContext
276 );
277
278
279 /**
280 Performs digest on a data buffer of the specified length. This function can
281 be called multiple times to compute the digest of long or discontinuous data streams.
282
283 If HashContext is NULL, then ASSERT().
284
285 @param[in, out] HashContext Pointer to the MD5 context.
286 @param[in] Data Pointer to the buffer containing the data to be hashed.
287 @param[in] DataLength Length of Data buffer in bytes.
288
289 @retval TRUE HASH data digest succeeded.
290 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
291 HASH context cannot be reused.
292
293 **/
294 typedef
295 BOOLEAN
296 (EFIAPI *HASH_UPDATE)(
297 IN OUT VOID *HashContext,
298 IN CONST VOID *Data,
299 IN UINTN DataLength
300 );
301
302 /**
303 Completes hash computation and retrieves the digest value into the specified
304 memory. After this function has been called, the context cannot be used again.
305
306 If HashContext is NULL, then ASSERT().
307 If HashValue is NULL, then ASSERT().
308
309 @param[in, out] HashContext Pointer to the MD5 context
310 @param[out] HashValue Pointer to a buffer that receives the HASH digest
311 value (16 bytes).
312
313 @retval TRUE HASH digest computation succeeded.
314 @retval FALSE HASH digest computation failed.
315
316 **/
317 typedef
318 BOOLEAN
319 (EFIAPI *HASH_FINAL)(
320 IN OUT VOID *HashContext,
321 OUT UINT8 *HashValue
322 );
323
324 //
325 // Hash Algorithm Table
326 //
327 typedef struct {
328 CHAR16 *Name; ///< Name for Hash Algorithm
329 UINTN DigestLength; ///< Digest Length
330 UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
331 UINTN OidLength; ///< Length of Hash OID Value
332 HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
333 HASH_INIT HashInit; ///< Pointer to Hash Init function
334 HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function
335 HASH_FINAL HashFinal; ///< Pointer to Hash Final function
336 } HASH_TABLE;
337
338 typedef struct {
339 WIN_CERTIFICATE Hdr;
340 UINT8 CertData[1];
341 } WIN_CERTIFICATE_EFI_PKCS;
342
343
344 /**
345 This function publish the SecureBoot configuration Form.
346
347 @param[in, out] PrivateData Points to SecureBoot configuration private data.
348
349 @retval EFI_SUCCESS HII Form is installed successfully.
350 @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
351 @retval Others Other errors as indicated.
352
353 **/
354 EFI_STATUS
355 InstallSecureBootConfigForm (
356 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
357 );
358
359
360 /**
361 This function removes SecureBoot configuration Form.
362
363 @param[in, out] PrivateData Points to SecureBoot configuration private data.
364
365 **/
366 VOID
367 UninstallSecureBootConfigForm (
368 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
369 );
370
371
372 /**
373 This function allows a caller to extract the current configuration for one
374 or more named elements from the target driver.
375
376 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
377 @param[in] Request A null-terminated Unicode string in
378 <ConfigRequest> format.
379 @param[out] Progress On return, points to a character in the Request
380 string. Points to the string's null terminator if
381 request was successful. Points to the most recent
382 '&' before the first failing name/value pair (or
383 the beginning of the string if the failure is in
384 the first name/value pair) if the request was not
385 successful.
386 @param[out] Results A null-terminated Unicode string in
387 <ConfigAltResp> format which has all values filled
388 in for the names in the Request string. String to
389 be allocated by the called function.
390
391 @retval EFI_SUCCESS The Results is filled with the requested values.
392 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
393 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
394 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
395 driver.
396
397 **/
398 EFI_STATUS
399 EFIAPI
400 SecureBootExtractConfig (
401 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
402 IN CONST EFI_STRING Request,
403 OUT EFI_STRING *Progress,
404 OUT EFI_STRING *Results
405 );
406
407
408 /**
409 This function processes the results of changes in configuration.
410
411 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
412 @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
413 format.
414 @param[out] Progress A pointer to a string filled in with the offset of
415 the most recent '&' before the first failing
416 name/value pair (or the beginning of the string if
417 the failure is in the first name/value pair) or
418 the terminating NULL if all was successful.
419
420 @retval EFI_SUCCESS The Results is processed successfully.
421 @retval EFI_INVALID_PARAMETER Configuration is NULL.
422 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
423 driver.
424
425 **/
426 EFI_STATUS
427 EFIAPI
428 SecureBootRouteConfig (
429 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
430 IN CONST EFI_STRING Configuration,
431 OUT EFI_STRING *Progress
432 );
433
434
435 /**
436 This function processes the results of changes in configuration.
437
438 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
439 @param[in] Action Specifies the type of action taken by the browser.
440 @param[in] QuestionId A unique value which is sent to the original
441 exporting driver so that it can identify the type
442 of data to expect.
443 @param[in] Type The type of value for the question.
444 @param[in] Value A pointer to the data being sent to the original
445 exporting driver.
446 @param[out] ActionRequest On return, points to the action requested by the
447 callback function.
448
449 @retval EFI_SUCCESS The callback successfully handled the action.
450 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
451 variable and its data.
452 @retval EFI_DEVICE_ERROR The variable could not be saved.
453 @retval EFI_UNSUPPORTED The specified Action is not supported by the
454 callback.
455
456 **/
457 EFI_STATUS
458 EFIAPI
459 SecureBootCallback (
460 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
461 IN EFI_BROWSER_ACTION Action,
462 IN EFI_QUESTION_ID QuestionId,
463 IN UINT8 Type,
464 IN EFI_IFR_TYPE_VALUE *Value,
465 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
466 );
467
468
469 /**
470 This function converts an input device structure to a Unicode string.
471
472 @param[in] DevPath A pointer to the device path structure.
473
474 @return A new allocated Unicode string that represents the device path.
475
476 **/
477 CHAR16 *
478 EFIAPI
479 DevicePathToStr (
480 IN EFI_DEVICE_PATH_PROTOCOL *DevPath
481 );
482
483
484 /**
485 Clean up the dynamic opcode at label and form specified by both LabelId.
486
487 @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
488 @param[in] PrivateData Module private data.
489
490 **/
491 VOID
492 CleanUpPage (
493 IN UINT16 LabelId,
494 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
495 );
496
497
498 /**
499 Update the file explorer page with the refreshed file system.
500
501 @param[in] PrivateData Module private data.
502 @param[in] KeyValue Key value to identify the type of data to expect.
503
504 @retval TRUE Inform the caller to create a callback packet to exit file explorer.
505 @retval FALSE Indicate that there is no need to exit file explorer.
506
507 **/
508 BOOLEAN
509 UpdateFileExplorer (
510 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
511 IN UINT16 KeyValue
512 );
513
514
515 /**
516 Free resources allocated in Allocate Rountine.
517
518 @param[in, out] MenuOption Menu to be freed
519
520 **/
521 VOID
522 FreeMenu (
523 IN OUT SECUREBOOT_MENU_OPTION *MenuOption
524 );
525
526
527 /**
528 Read file content into BufferPtr, the size of the allocate buffer
529 is *FileSize plus AddtionAllocateSize.
530
531 @param[in] FileHandle The file to be read.
532 @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
533 @param[out] FileSize Size of input file
534 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
535 In case the buffer need to contain others besides the file content.
536
537 @retval EFI_SUCCESS The file was read into the buffer.
538 @retval EFI_INVALID_PARAMETER A parameter was invalid.
539 @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
540 @retval others Unexpected error.
541
542 **/
543 EFI_STATUS
544 ReadFileContent (
545 IN EFI_FILE_HANDLE FileHandle,
546 IN OUT VOID **BufferPtr,
547 OUT UINTN *FileSize,
548 IN UINTN AddtionAllocateSize
549 );
550
551
552 /**
553 Close an open file handle.
554
555 @param[in] FileHandle The file handle to close.
556
557 **/
558 VOID
559 CloseFile (
560 IN EFI_FILE_HANDLE FileHandle
561 );
562
563
564 /**
565 Converts a nonnegative integer to an octet string of a specified length.
566
567 @param[in] Integer Pointer to the nonnegative integer to be converted
568 @param[in] IntSizeInWords Length of integer buffer in words
569 @param[out] OctetString Converted octet string of the specified length
570 @param[in] OSSizeInBytes Intended length of resulting octet string in bytes
571
572 Returns:
573
574 @retval EFI_SUCCESS Data conversion successfully
575 @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
576
577 **/
578 EFI_STATUS
579 EFIAPI
580 Int2OctStr (
581 IN CONST UINTN *Integer,
582 IN UINTN IntSizeInWords,
583 OUT UINT8 *OctetString,
584 IN UINTN OSSizeInBytes
585 );
586
587
588 /**
589 Convert a String to Guid Value.
590
591 @param[in] Str Specifies the String to be converted.
592 @param[in] StrLen Number of Unicode Characters of String (exclusive \0)
593 @param[out] Guid Return the result Guid value.
594
595 @retval EFI_SUCCESS The operation is finished successfully.
596 @retval EFI_NOT_FOUND Invalid string.
597
598 **/
599 EFI_STATUS
600 StringToGuid (
601 IN CHAR16 *Str,
602 IN UINTN StrLen,
603 OUT EFI_GUID *Guid
604 );
605
606
607 /**
608 Worker function that prints an EFI_GUID into specified Buffer.
609
610 @param[in] Guid Pointer to GUID to print.
611 @param[in] Buffer Buffer to print Guid into.
612 @param[in] BufferSize Size of Buffer.
613
614 @retval Number of characters printed.
615
616 **/
617 UINTN
618 GuidToString (
619 IN EFI_GUID *Guid,
620 IN CHAR16 *Buffer,
621 IN UINTN BufferSize
622 );
623
624 #endif
EFI Development Kit II mirror for PVE