#include <Library/UefiLib.h> // AsciiPrint()\r
#include <Library/UefiRuntimeServicesTableLib.h> // gRT\r
\r
+#include "EnrollDefaultKeys.h"\r
+\r
//\r
// We'll use the certificate below as both Platform Key and as first Key\r
// Exchange Key.\r
{ 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },\r
};\r
\r
-//\r
-// The most important thing about the variable payload is that it is a list of\r
-// lists, where the element size of any given *inner* list is constant.\r
-//\r
-// Since X509 certificates vary in size, each of our *inner* lists will contain\r
-// one element only (one X.509 certificate). This is explicitly mentioned in\r
-// the UEFI specification, in "28.4.1 Signature Database", in a Note.\r
-//\r
-// The list structure looks as follows:\r
-//\r
-// struct EFI_VARIABLE_AUTHENTICATION_2 { |\r
-// struct EFI_TIME { |\r
-// UINT16 Year; |\r
-// UINT8 Month; |\r
-// UINT8 Day; |\r
-// UINT8 Hour; |\r
-// UINT8 Minute; |\r
-// UINT8 Second; |\r
-// UINT8 Pad1; |\r
-// UINT32 Nanosecond; |\r
-// INT16 TimeZone; |\r
-// UINT8 Daylight; |\r
-// UINT8 Pad2; |\r
-// } TimeStamp; |\r
-// |\r
-// struct WIN_CERTIFICATE_UEFI_GUID { | |\r
-// struct WIN_CERTIFICATE { | |\r
-// UINT32 dwLength; ----------------------------------------+ |\r
-// UINT16 wRevision; | |\r
-// UINT16 wCertificateType; | |\r
-// } Hdr; | +- DataSize\r
-// | |\r
-// EFI_GUID CertType; | |\r
-// UINT8 CertData[1] = { <--- "struct hack" | |\r
-// struct EFI_SIGNATURE_LIST { | | |\r
-// EFI_GUID SignatureType; | | |\r
-// UINT32 SignatureListSize; -------------------------+ | |\r
-// UINT32 SignatureHeaderSize; | | |\r
-// UINT32 SignatureSize; ---------------------------+ | | |\r
-// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |\r
-// v | | |\r
-// struct EFI_SIGNATURE_DATA { | | | |\r
-// EFI_GUID SignatureOwner; | | | |\r
-// UINT8 SignatureData[1] = { <--- "struct hack" | | | |\r
-// X.509 payload | | | |\r
-// } | | | |\r
-// } Signatures[]; | | |\r
-// } SigLists[]; | |\r
-// }; | |\r
-// } AuthInfo; | |\r
-// }; |\r
-//\r
-// Given that the "struct hack" invokes undefined behavior (which is why C99\r
-// introduced the flexible array member), and because subtracting those pesky\r
-// sizes of 1 is annoying, and because the format is fully specified in the\r
-// UEFI specification, we'll introduce two matching convenience structures that\r
-// are customized for our X.509 purposes.\r
-//\r
-#pragma pack (1)\r
-typedef struct {\r
- EFI_TIME TimeStamp;\r
-\r
- //\r
- // dwLength covers data below\r
- //\r
- UINT32 dwLength;\r
- UINT16 wRevision;\r
- UINT16 wCertificateType;\r
- EFI_GUID CertType;\r
-} SINGLE_HEADER;\r
-\r
-typedef struct {\r
- //\r
- // SignatureListSize covers data below\r
- //\r
- EFI_GUID SignatureType;\r
- UINT32 SignatureListSize;\r
- UINT32 SignatureHeaderSize; // constant 0\r
- UINT32 SignatureSize;\r
-\r
- //\r
- // SignatureSize covers data below\r
- //\r
- EFI_GUID SignatureOwner;\r
-\r
- //\r
- // X.509 certificate follows\r
- //\r
-} REPEATING_HEADER;\r
-#pragma pack ()\r
-\r
/**\r
Enroll a set of certificates in a global variable, overwriting it.\r
\r
return EFI_SUCCESS;\r
}\r
\r
-typedef struct {\r
- UINT8 SetupMode;\r
- UINT8 SecureBoot;\r
- UINT8 SecureBootEnable;\r
- UINT8 CustomMode;\r
- UINT8 VendorKeys;\r
-} SETTINGS;\r
-\r
STATIC\r
EFI_STATUS\r
GetSettings (\r
projects / mirror_edk2.git / blobdiff