]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
projects / mirror_edk2.git / blob
? search:


f080f667a5e87ab7f7a32985e6da5c9ed63edb45
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / SecureBootConfigDxe / SecureBootConfigImpl.h
1 /** @file
2 The header file of HII Config Access protocol implementation of SecureBoot
3 configuration module.
4
5 Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #ifndef __SECUREBOOT_CONFIG_IMPL_H__
17 #define __SECUREBOOT_CONFIG_IMPL_H__
18
19 #include <Uefi.h>
20
21 #include <Protocol/HiiConfigAccess.h>
22 #include <Protocol/HiiConfigRouting.h>
23 #include <Protocol/SimpleFileSystem.h>
24 #include <Protocol/BlockIo.h>
25 #include <Protocol/DevicePath.h>
26 #include <Protocol/DebugPort.h>
27 #include <Protocol/LoadFile.h>
28
29 #include <Library/BaseLib.h>
30 #include <Library/BaseMemoryLib.h>
31 #include <Library/DebugLib.h>
32 #include <Library/MemoryAllocationLib.h>
33 #include <Library/UefiBootServicesTableLib.h>
34 #include <Library/UefiRuntimeServicesTableLib.h>
35 #include <Library/UefiHiiServicesLib.h>
36 #include <Library/UefiLib.h>
37 #include <Library/HiiLib.h>
38 #include <Library/DevicePathLib.h>
39 #include <Library/PrintLib.h>
40 #include <Library/PlatformSecureLib.h>
41 #include <Library/BaseCryptLib.h>
42 #include <Library/FileExplorerLib.h>
43 #include <Library/PeCoffLib.h>
44
45 #include <Guid/MdeModuleHii.h>
46 #include <Guid/AuthenticatedVariableFormat.h>
47 #include <Guid/FileSystemVolumeLabelInfo.h>
48 #include <Guid/ImageAuthentication.h>
49 #include <Guid/FileInfo.h>
50
51 #include "SecureBootConfigNvData.h"
52
53 //
54 // Tool generated IFR binary data and String package data
55 //
56 extern UINT8 SecureBootConfigBin[];
57 extern UINT8 SecureBootConfigDxeStrings[];
58
59 //
60 // Shared IFR form update data
61 //
62 extern VOID *mStartOpCodeHandle;
63 extern VOID *mEndOpCodeHandle;
64 extern EFI_IFR_GUID_LABEL *mStartLabel;
65 extern EFI_IFR_GUID_LABEL *mEndLabel;
66
67 #define MAX_CHAR 480
68 #define TWO_BYTE_ENCODE 0x82
69
70
71 //
72 // SHA-256 digest size in bytes
73 //
74 #define SHA256_DIGEST_SIZE 32
75 //
76 // SHA-384 digest size in bytes
77 //
78 #define SHA384_DIGEST_SIZE 48
79 //
80 // SHA-512 digest size in bytes
81 //
82 #define SHA512_DIGEST_SIZE 64
83
84 //
85 // Set max digest size as SHA512 Output (64 bytes) by far
86 //
87 #define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
88
89 #define WIN_CERT_UEFI_RSA2048_SIZE 256
90
91 //
92 // Support hash types
93 //
94 #define HASHALG_SHA224 0x00000000
95 #define HASHALG_SHA256 0x00000001
96 #define HASHALG_SHA384 0x00000002
97 #define HASHALG_SHA512 0x00000003
98 #define HASHALG_RAW 0x00000004
99 #define HASHALG_MAX 0x00000004
100
101
102 typedef struct {
103 UINTN Signature;
104 LIST_ENTRY Head;
105 UINTN MenuNumber;
106 } SECUREBOOT_MENU_OPTION;
107
108 typedef struct {
109 EFI_FILE_HANDLE FHandle;
110 UINT16 *FileName;
111 } SECUREBOOT_FILE_CONTEXT;
112
113
114 //
115 // We define another format of 5th directory entry: security directory
116 //
117 typedef struct {
118 UINT32 Offset; // Offset of certificate
119 UINT32 SizeOfCert; // size of certificate appended
120 } EFI_IMAGE_SECURITY_DATA_DIRECTORY;
121
122 typedef enum{
123 ImageType_IA32,
124 ImageType_X64
125 } IMAGE_TYPE;
126
127 ///
128 /// HII specific Vendor Device Path definition.
129 ///
130 typedef struct {
131 VENDOR_DEVICE_PATH VendorDevicePath;
132 EFI_DEVICE_PATH_PROTOCOL End;
133 } HII_VENDOR_DEVICE_PATH;
134
135 typedef struct {
136 UINTN Signature;
137
138 EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
139 EFI_HII_HANDLE HiiHandle;
140 EFI_HANDLE DriverHandle;
141
142 SECUREBOOT_FILE_CONTEXT *FileContext;
143
144 EFI_GUID *SignatureGUID;
145 } SECUREBOOT_CONFIG_PRIVATE_DATA;
146
147 extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
148 extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;
149
150 #define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
151 #define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
152
153 //
154 // Cryptograhpic Key Information
155 //
156 #pragma pack(1)
157 typedef struct _CPL_KEY_INFO {
158 UINT32 KeyLengthInBits; // Key Length In Bits
159 UINT32 BlockSize; // Operation Block Size in Bytes
160 UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
161 UINT32 KeyType; // Key Type
162 UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
163 UINT32 Flags; // Additional Key Property Flags
164 } CPL_KEY_INFO;
165 #pragma pack()
166
167
168 /**
169 Retrieves the size, in bytes, of the context buffer required for hash operations.
170
171 @return The size, in bytes, of the context buffer required for hash operations.
172
173 **/
174 typedef
175 EFI_STATUS
176 (EFIAPI *HASH_GET_CONTEXT_SIZE)(
177 VOID
178 );
179
180 /**
181 Initializes user-supplied memory pointed by HashContext as hash context for
182 subsequent use.
183
184 If HashContext is NULL, then ASSERT().
185
186 @param[in, out] HashContext Pointer to Context being initialized.
187
188 @retval TRUE HASH context initialization succeeded.
189 @retval FALSE HASH context initialization failed.
190
191 **/
192 typedef
193 BOOLEAN
194 (EFIAPI *HASH_INIT)(
195 IN OUT VOID *HashContext
196 );
197
198
199 /**
200 Performs digest on a data buffer of the specified length. This function can
201 be called multiple times to compute the digest of long or discontinuous data streams.
202
203 If HashContext is NULL, then ASSERT().
204
205 @param[in, out] HashContext Pointer to the MD5 context.
206 @param[in] Data Pointer to the buffer containing the data to be hashed.
207 @param[in] DataLength Length of Data buffer in bytes.
208
209 @retval TRUE HASH data digest succeeded.
210 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
211 HASH context cannot be reused.
212
213 **/
214 typedef
215 BOOLEAN
216 (EFIAPI *HASH_UPDATE)(
217 IN OUT VOID *HashContext,
218 IN CONST VOID *Data,
219 IN UINTN DataLength
220 );
221
222 /**
223 Completes hash computation and retrieves the digest value into the specified
224 memory. After this function has been called, the context cannot be used again.
225
226 If HashContext is NULL, then ASSERT().
227 If HashValue is NULL, then ASSERT().
228
229 @param[in, out] HashContext Pointer to the MD5 context
230 @param[out] HashValue Pointer to a buffer that receives the HASH digest
231 value (16 bytes).
232
233 @retval TRUE HASH digest computation succeeded.
234 @retval FALSE HASH digest computation failed.
235
236 **/
237 typedef
238 BOOLEAN
239 (EFIAPI *HASH_FINAL)(
240 IN OUT VOID *HashContext,
241 OUT UINT8 *HashValue
242 );
243
244 //
245 // Hash Algorithm Table
246 //
247 typedef struct {
248 CHAR16 *Name; ///< Name for Hash Algorithm
249 UINTN DigestLength; ///< Digest Length
250 UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
251 UINTN OidLength; ///< Length of Hash OID Value
252 HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
253 HASH_INIT HashInit; ///< Pointer to Hash Init function
254 HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function
255 HASH_FINAL HashFinal; ///< Pointer to Hash Final function
256 } HASH_TABLE;
257
258 typedef struct {
259 WIN_CERTIFICATE Hdr;
260 UINT8 CertData[1];
261 } WIN_CERTIFICATE_EFI_PKCS;
262
263
264 /**
265 This function publish the SecureBoot configuration Form.
266
267 @param[in, out] PrivateData Points to SecureBoot configuration private data.
268
269 @retval EFI_SUCCESS HII Form is installed successfully.
270 @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
271 @retval Others Other errors as indicated.
272
273 **/
274 EFI_STATUS
275 InstallSecureBootConfigForm (
276 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
277 );
278
279
280 /**
281 This function removes SecureBoot configuration Form.
282
283 @param[in, out] PrivateData Points to SecureBoot configuration private data.
284
285 **/
286 VOID
287 UninstallSecureBootConfigForm (
288 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
289 );
290
291
292 /**
293 This function allows a caller to extract the current configuration for one
294 or more named elements from the target driver.
295
296 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
297 @param[in] Request A null-terminated Unicode string in
298 <ConfigRequest> format.
299 @param[out] Progress On return, points to a character in the Request
300 string. Points to the string's null terminator if
301 request was successful. Points to the most recent
302 '&' before the first failing name/value pair (or
303 the beginning of the string if the failure is in
304 the first name/value pair) if the request was not
305 successful.
306 @param[out] Results A null-terminated Unicode string in
307 <ConfigAltResp> format which has all values filled
308 in for the names in the Request string. String to
309 be allocated by the called function.
310
311 @retval EFI_SUCCESS The Results is filled with the requested values.
312 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
313 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
314 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
315 driver.
316
317 **/
318 EFI_STATUS
319 EFIAPI
320 SecureBootExtractConfig (
321 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
322 IN CONST EFI_STRING Request,
323 OUT EFI_STRING *Progress,
324 OUT EFI_STRING *Results
325 );
326
327
328 /**
329 This function processes the results of changes in configuration.
330
331 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
332 @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
333 format.
334 @param[out] Progress A pointer to a string filled in with the offset of
335 the most recent '&' before the first failing
336 name/value pair (or the beginning of the string if
337 the failure is in the first name/value pair) or
338 the terminating NULL if all was successful.
339
340 @retval EFI_SUCCESS The Results is processed successfully.
341 @retval EFI_INVALID_PARAMETER Configuration is NULL.
342 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
343 driver.
344
345 **/
346 EFI_STATUS
347 EFIAPI
348 SecureBootRouteConfig (
349 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
350 IN CONST EFI_STRING Configuration,
351 OUT EFI_STRING *Progress
352 );
353
354
355 /**
356 This function processes the results of changes in configuration.
357
358 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
359 @param[in] Action Specifies the type of action taken by the browser.
360 @param[in] QuestionId A unique value which is sent to the original
361 exporting driver so that it can identify the type
362 of data to expect.
363 @param[in] Type The type of value for the question.
364 @param[in] Value A pointer to the data being sent to the original
365 exporting driver.
366 @param[out] ActionRequest On return, points to the action requested by the
367 callback function.
368
369 @retval EFI_SUCCESS The callback successfully handled the action.
370 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
371 variable and its data.
372 @retval EFI_DEVICE_ERROR The variable could not be saved.
373 @retval EFI_UNSUPPORTED The specified Action is not supported by the
374 callback.
375
376 **/
377 EFI_STATUS
378 EFIAPI
379 SecureBootCallback (
380 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
381 IN EFI_BROWSER_ACTION Action,
382 IN EFI_QUESTION_ID QuestionId,
383 IN UINT8 Type,
384 IN EFI_IFR_TYPE_VALUE *Value,
385 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
386 );
387
388
389 /**
390 This function converts an input device structure to a Unicode string.
391
392 @param[in] DevPath A pointer to the device path structure.
393
394 @return A new allocated Unicode string that represents the device path.
395
396 **/
397 CHAR16 *
398 EFIAPI
399 DevicePathToStr (
400 IN EFI_DEVICE_PATH_PROTOCOL *DevPath
401 );
402
403
404 /**
405 Clean up the dynamic opcode at label and form specified by both LabelId.
406
407 @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
408 @param[in] PrivateData Module private data.
409
410 **/
411 VOID
412 CleanUpPage (
413 IN UINT16 LabelId,
414 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
415 );
416
417
418 /**
419 Read file content into BufferPtr, the size of the allocate buffer
420 is *FileSize plus AddtionAllocateSize.
421
422 @param[in] FileHandle The file to be read.
423 @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
424 @param[out] FileSize Size of input file
425 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
426 In case the buffer need to contain others besides the file content.
427
428 @retval EFI_SUCCESS The file was read into the buffer.
429 @retval EFI_INVALID_PARAMETER A parameter was invalid.
430 @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
431 @retval others Unexpected error.
432
433 **/
434 EFI_STATUS
435 ReadFileContent (
436 IN EFI_FILE_HANDLE FileHandle,
437 IN OUT VOID **BufferPtr,
438 OUT UINTN *FileSize,
439 IN UINTN AddtionAllocateSize
440 );
441
442
443 /**
444 Close an open file handle.
445
446 @param[in] FileHandle The file handle to close.
447
448 **/
449 VOID
450 CloseFile (
451 IN EFI_FILE_HANDLE FileHandle
452 );
453
454
455 /**
456 Converts a nonnegative integer to an octet string of a specified length.
457
458 @param[in] Integer Pointer to the nonnegative integer to be converted
459 @param[in] IntSizeInWords Length of integer buffer in words
460 @param[out] OctetString Converted octet string of the specified length
461 @param[in] OSSizeInBytes Intended length of resulting octet string in bytes
462
463 Returns:
464
465 @retval EFI_SUCCESS Data conversion successfully
466 @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
467
468 **/
469 EFI_STATUS
470 EFIAPI
471 Int2OctStr (
472 IN CONST UINTN *Integer,
473 IN UINTN IntSizeInWords,
474 OUT UINT8 *OctetString,
475 IN UINTN OSSizeInBytes
476 );
477
478 /**
479 Worker function that prints an EFI_GUID into specified Buffer.
480
481 @param[in] Guid Pointer to GUID to print.
482 @param[in] Buffer Buffer to print Guid into.
483 @param[in] BufferSize Size of Buffer.
484
485 @retval Number of characters printed.
486
487 **/
488 UINTN
489 GuidToString (
490 IN EFI_GUID *Guid,
491 IN CHAR16 *Buffer,
492 IN UINTN BufferSize
493 );
494
495 /**
496 Update the PK form base on the input file path info.
497
498 @param FilePath Point to the file path.
499
500 @retval TRUE Exit caller function.
501 @retval FALSE Not exit caller function.
502 **/
503 BOOLEAN
504 EFIAPI
505 UpdatePKFromFile (
506 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
507 );
508
509 /**
510 Update the KEK form base on the input file path info.
511
512 @param FilePath Point to the file path.
513
514 @retval TRUE Exit caller function.
515 @retval FALSE Not exit caller function.
516 **/
517 BOOLEAN
518 EFIAPI
519 UpdateKEKFromFile (
520 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
521 );
522
523 /**
524 Update the DB form base on the input file path info.
525
526 @param FilePath Point to the file path.
527
528 @retval TRUE Exit caller function.
529 @retval FALSE Not exit caller function.
530 **/
531 BOOLEAN
532 EFIAPI
533 UpdateDBFromFile (
534 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
535 );
536
537 /**
538 Update the DBX form base on the input file path info.
539
540 @param FilePath Point to the file path.
541
542 @retval TRUE Exit caller function.
543 @retval FALSE Not exit caller function.
544 **/
545 BOOLEAN
546 EFIAPI
547 UpdateDBXFromFile (
548 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
549 );
550
551 /**
552 Update the DBT form base on the input file path info.
553
554 @param FilePath Point to the file path.
555
556 @retval TRUE Exit caller function.
557 @retval FALSE Not exit caller function.
558 **/
559 BOOLEAN
560 EFIAPI
561 UpdateDBTFromFile (
562 IN EFI_DEVICE_PATH_PROTOCOL *FilePath
563 );
564
565 #endif
EFI Development Kit II mirror for PVE