may not be modified without authorization. If platform fails to protect these resources,\r
the authentication service provided in this driver will be broken, and the behavior is undefined.\r
\r
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Guid/AuthenticatedVariableFormat.h>\r
#include <Guid/ImageAuthentication.h>\r
\r
+#define TWO_BYTE_ENCODE 0x82\r
+\r
///\r
/// Struct to record signature requirement defined by UEFI spec.\r
/// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.\r
} AUTHVAR_TYPE;\r
\r
///\r
-/// "AuthVarKeyDatabase" variable for the Public Key store\r
-/// of variables with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
-///\r
-/// GUID: gEfiAuthenticatedVariableGuid\r
-///\r
-/// We need maintain atomicity.\r
-///\r
-/// Format:\r
-/// +----------------------------+\r
-/// | AUTHVAR_KEY_DB_DATA | <-- First AuthVarKey\r
-/// +----------------------------+\r
-/// | ...... |\r
-/// +----------------------------+\r
-/// | AUTHVAR_KEY_DB_DATA | <-- Last AuthKey\r
-/// +----------------------------+\r
-///\r
-#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"\r
-\r
-#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256\r
-#define EFI_CERT_TYPE_RSA2048_SIZE 256\r
-\r
-#pragma pack(1)\r
-typedef struct {\r
- UINT32 KeyIndex;\r
- UINT8 KeyData[EFI_CERT_TYPE_RSA2048_SIZE];\r
-} AUTHVAR_KEY_DB_DATA;\r
-#pragma pack()\r
-\r
-///\r
-/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
-/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
+/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS|EFI_VARIABLE_NON_VOLATILE set.\r
+/// "certdbv" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
///\r
/// GUID: gEfiCertDbGuid\r
///\r
/// | AUTH_CERT_DB_DATA | <-- Last CERT\r
/// +----------------------------+\r
///\r
-#define EFI_CERT_DB_NAME L"certdb"\r
+#define EFI_CERT_DB_NAME L"certdb"\r
+#define EFI_CERT_DB_VOLATILE_NAME L"certdbv"\r
\r
#pragma pack(1)\r
typedef struct {\r
} AUTH_CERT_DB_DATA;\r
#pragma pack()\r
\r
-///\r
-/// "SecureBootMode" variable stores current secure boot mode.\r
-/// The value type is SECURE_BOOT_MODE_TYPE.\r
-///\r
-#define EDKII_SECURE_BOOT_MODE_NAME L"SecureBootMode"\r
-\r
-typedef enum { \r
- SecureBootModeTypeUserMode,\r
- SecureBootModeTypeSetupMode,\r
- SecureBootModeTypeAuditMode,\r
- SecureBootModeTypeDeployedMode,\r
- SecureBootModeTypeMax\r
-} SECURE_BOOT_MODE_TYPE;\r
-\r
-//\r
-// Record status info of Customized Secure Boot Mode.\r
-//\r
-typedef struct {\r
- ///\r
- /// AuditMode variable value\r
- ///\r
- UINT8 AuditMode;\r
- ///\r
- /// AuditMode variable RW\r
- ///\r
- BOOLEAN IsAuditModeRO;\r
- ///\r
- /// DeployedMode variable value\r
- ///\r
- UINT8 DeployedMode;\r
- ///\r
- /// AuditMode variable RW\r
- ///\r
- BOOLEAN IsDeployedModeRO;\r
- ///\r
- /// SetupMode variable value\r
- ///\r
- UINT8 SetupMode;\r
- /// \r
- /// SetupMode is always RO. Skip IsSetupModeRO; \r
- ///\r
-\r
- ///\r
- /// SecureBoot variable value\r
- ///\r
- UINT8 SecureBoot;\r
-} SECURE_BOOT_MODE;\r
-\r
-extern UINT8 *mPubKeyStore;\r
-extern UINT32 mPubKeyNumber;\r
-extern UINT32 mMaxKeyNumber;\r
-extern UINT32 mMaxKeyDbSize;\r
extern UINT8 *mCertDbStore;\r
extern UINT32 mMaxCertDbSize;\r
extern UINT32 mPlatformMode;\r
\r
extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;\r
\r
-/**\r
- Initialize Secure Boot variables.\r
-\r
- @retval EFI_SUCCESS The initialization operation is successful.\r
- @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
-\r
-**/\r
-EFI_STATUS \r
-InitSecureBootVariables (\r
- VOID\r
- );\r
\r
/**\r
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
/**\r
Delete matching signer's certificates when deleting common authenticated\r
- variable by corresponding VariableName and VendorGuid from "certdb".\r
+ variable by corresponding VariableName and VendorGuid from "certdb" or\r
+ "certdbv" according to authenticated variable attributes.\r
\r
@param[in] VariableName Name of authenticated Variable.\r
@param[in] VendorGuid Vendor GUID of authenticated Variable.\r
+ @param[in] Attributes Attributes of authenticated variable.\r
\r
@retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r
- @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.\r
+ @retval EFI_NOT_FOUND Fail to find "certdb"/"certdbv" or matching certs.\r
@retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r
@retval EFI_SUCCESS The operation is completed successfully.\r
\r
EFI_STATUS\r
DeleteCertsFromDb (\r
IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
+ IN EFI_GUID *VendorGuid,\r
+ IN UINT32 Attributes\r
);\r
\r
/**\r
Clean up signer's certificates for common authenticated variable\r
by corresponding VariableName and VendorGuid from "certdb".\r
- Sytem may break down during Timebased Variable update & certdb update,\r
- make them inconsistent, this function is called in AuthVariable Init to ensure \r
+ System may break down during Timebased Variable update & certdb update,\r
+ make them inconsistent, this function is called in AuthVariable Init to ensure\r
consistency\r
- \r
+\r
@retval EFI_NOT_FOUND Fail to find matching certs.\r
@retval EFI_SUCCESS Find matching certs and output parameters.\r
\r
IN OUT UINTN *NewDataSize\r
);\r
\r
-/**\r
- Process Secure Boot Mode variable.\r
-\r
- Caution: This function may receive untrusted input.\r
- This function may be invoked in SMM mode, and datasize and data are external input.\r
- This function will do basic validation, before parse the data.\r
- This function will parse the authentication carefully to avoid security issues, like\r
- buffer overflow, integer overflow.\r
- This function will check attribute carefully to avoid authentication bypass.\r
-\r
- @param[in] VariableName Name of Variable to be found.\r
- @param[in] VendorGuid Variable vendor GUID.\r
- @param[in] Data Data pointer.\r
- @param[in] DataSize Size of Data found. If size is less than the\r
- data, this value contains the required size.\r
- @param[in] Attributes Attribute value of the variable\r
-\r
- @return EFI_INVALID_PARAMETER Invalid parameter\r
- @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r
- check carried out by the firmware.\r
- @return EFI_WRITE_PROTECTED Variable is Read-Only.\r
- @return EFI_SUCCESS Variable passed validation successfully.\r
-\r
-**/\r
-EFI_STATUS\r
-ProcessSecureBootModeVar (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes OPTIONAL\r
- );\r
-\r
/**\r
Process variable with platform key for verification.\r
\r
);\r
\r
/**\r
- Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
Caution: This function may receive untrusted input.\r
This function may be invoked in SMM mode, and datasize and data are external input.\r
\r
@return EFI_INVALID_PARAMETER Invalid parameter.\r
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with\r
- EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
@return EFI_OUT_OF_RESOURCES The Database to save the public key is full.\r
- @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
+ @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
set, but the AuthInfo does NOT pass the validation\r
check carried out by the firmware.\r
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.\r
IN EFI_GUID *VendorGuid,\r
IN VOID *Data,\r
IN UINTN DataSize,\r
- IN UINT32 Attributes OPTIONAL\r
+ IN UINT32 Attributes\r
);\r
\r
/**\r
IN UINT32 Attributes\r
);\r
\r
-/**\r
- Update the variable region with Variable information.\r
-\r
- @param[in] VariableName Name of variable.\r
- @param[in] VendorGuid Guid of variable.\r
- @param[in] Data Data pointer.\r
- @param[in] DataSize Size of Data.\r
- @param[in] Attributes Attribute value of the variable.\r
- @param[in] KeyIndex Index of associated public key.\r
- @param[in] MonotonicCount Value of associated monotonic count.\r
-\r
- @retval EFI_SUCCESS The update operation is success.\r
- @retval EFI_INVALID_PARAMETER Invalid parameter.\r
- @retval EFI_WRITE_PROTECTED Variable is write-protected.\r
- @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
-\r
-**/\r
-EFI_STATUS\r
-AuthServiceInternalUpdateVariableWithMonotonicCount (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *Data,\r
- IN UINTN DataSize,\r
- IN UINT32 Attributes,\r
- IN UINT32 KeyIndex,\r
- IN UINT64 MonotonicCount\r
- );\r
-\r
/**\r
Update the variable region with Variable information.\r
\r