Implement authentication services for the authenticated variable\r
service in UEFI2.2.\r
\r
-Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
mVariableModuleGlobal->HashContext[Physical] = AllocateRuntimePool (CtxSize);\r
ASSERT (mVariableModuleGlobal->HashContext[Physical] != NULL);\r
//\r
- // Check "AuthVarKeyDatabase" variable's existence. \r
- // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. \r
+ // Check "AuthVarKeyDatabase" variable's existence.\r
+ // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
//\r
Status = FindVariable (\r
- mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB], \r
- &gEfiAuthenticatedVariableGuid, \r
- &Variable, \r
+ mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB],\r
+ &gEfiAuthenticatedVariableGuid,\r
+ &Variable,\r
&mVariableModuleGlobal->VariableGlobal[Physical],\r
mVariableModuleGlobal->FvbInstance\r
);\r
// Load database in global variable for cache.\r
//\r
Valid = IsValidVariableHeader (\r
- Variable.CurrPtr, \r
- Variable.Volatile, \r
- &mVariableModuleGlobal->VariableGlobal[Physical], \r
- mVariableModuleGlobal->FvbInstance, \r
+ Variable.CurrPtr,\r
+ Variable.Volatile,\r
+ &mVariableModuleGlobal->VariableGlobal[Physical],\r
+ mVariableModuleGlobal->FvbInstance,\r
&VariableHeader\r
);\r
ASSERT (Valid);\r
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);\r
}\r
//\r
- // Check "SetupMode" variable's existence. \r
+ // Check "SetupMode" variable's existence.\r
// If it doesn't exist, check PK database's existence to determine the value.\r
- // Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. \r
+ // Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
//\r
Status = FindVariable (\r
- mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE], \r
- &gEfiGlobalVariableGuid, \r
- &Variable, \r
+ mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE],\r
+ &gEfiGlobalVariableGuid,\r
+ &Variable,\r
&mVariableModuleGlobal->VariableGlobal[Physical],\r
mVariableModuleGlobal->FvbInstance\r
);\r
\r
if (Variable.CurrPtr == 0x0) {\r
Status = FindVariable (\r
- mVariableModuleGlobal->VariableName[Physical][VAR_PLATFORM_KEY], \r
- &gEfiGlobalVariableGuid, \r
- &Variable, \r
+ mVariableModuleGlobal->VariableName[Physical][VAR_PLATFORM_KEY],\r
+ &gEfiGlobalVariableGuid,\r
+ &Variable,\r
&mVariableModuleGlobal->VariableGlobal[Physical],\r
mVariableModuleGlobal->FvbInstance\r
);\r
);\r
}\r
//\r
- // Check "SignatureSupport" variable's existence. \r
- // If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. \r
+ // Check "SignatureSupport" variable's existence.\r
+ // If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
//\r
Status = FindVariable (\r
- EFI_SIGNATURE_SUPPORT_NAME, \r
- &gEfiGlobalVariableGuid, \r
- &Variable, \r
+ EFI_SIGNATURE_SUPPORT_NAME,\r
+ &gEfiGlobalVariableGuid,\r
+ &Variable,\r
&mVariableModuleGlobal->VariableGlobal[Physical],\r
mVariableModuleGlobal->FvbInstance\r
);\r
//\r
Rsa = RsaNew ();\r
ASSERT (Rsa != NULL);\r
- // \r
+ //\r
// Set RSA Key Components.\r
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r
//\r
// Verify the signature.\r
//\r
Status = RsaPkcs1Verify (\r
- Rsa, \r
- Digest, \r
- SHA256_DIGEST_SIZE, \r
- CertBlock->Signature, \r
+ Rsa,\r
+ Digest,\r
+ SHA256_DIGEST_SIZE,\r
+ CertBlock->Signature,\r
EFI_CERT_TYPE_RSA2048_SHA256_SIZE\r
);\r
\r
UINT32 VarAttr;\r
\r
Status = FindVariable (\r
- Global->VariableName[VirtualMode][VAR_SETUP_MODE], \r
- Global->GlobalVariableGuid[VirtualMode], \r
- &Variable, \r
+ Global->VariableName[VirtualMode][VAR_SETUP_MODE],\r
+ Global->GlobalVariableGuid[VirtualMode],\r
+ &Variable,\r
&Global->VariableGlobal[VirtualMode],\r
Global->FvbInstance\r
);\r
@param[in] IsPk Indicates whether to process pk.\r
\r
@retval EFI_INVALID_PARAMETER Invalid parameter.\r
- @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
- check carried out by the firmware. \r
+ @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r
+ check carried out by the firmware.\r
@retval EFI_SUCCESS The variable passed validation successfully.\r
\r
**/\r
\r
if (Variable->CurrPtr != 0x0) {\r
Valid = IsValidVariableHeader (\r
- Variable->CurrPtr, \r
- Variable->Volatile, \r
- &Global->VariableGlobal[VirtualMode], \r
- Global->FvbInstance, \r
+ Variable->CurrPtr,\r
+ Variable->Volatile,\r
+ &Global->VariableGlobal[VirtualMode],\r
+ Global->FvbInstance,\r
&VariableHeader\r
);\r
ASSERT (Valid);\r
// Get platform key from variable.\r
//\r
Status = FindVariable (\r
- Global->VariableName[VirtualMode][VAR_PLATFORM_KEY], \r
- Global->GlobalVariableGuid[VirtualMode], \r
- &PkVariable, \r
+ Global->VariableName[VirtualMode][VAR_PLATFORM_KEY],\r
+ Global->GlobalVariableGuid[VirtualMode],\r
+ &PkVariable,\r
&Global->VariableGlobal[VirtualMode],\r
Global->FvbInstance\r
);\r
Status = VerifyDataPayload (VirtualMode, Global, Data, DataSize, OldPkData->SignatureData);\r
if (!EFI_ERROR (Status)) {\r
Status = UpdateVariable (\r
- VariableName, \r
- VendorGuid, \r
- (UINT8*)Data + AUTHINFO_SIZE, \r
- DataSize - AUTHINFO_SIZE, \r
- Attributes, \r
- 0, \r
- CertData->MonotonicCount, \r
- VirtualMode, \r
+ VariableName,\r
+ VendorGuid,\r
+ (UINT8*)Data + AUTHINFO_SIZE,\r
+ DataSize - AUTHINFO_SIZE,\r
+ Attributes,\r
+ 0,\r
+ CertData->MonotonicCount,\r
+ VirtualMode,\r
Global,\r
Variable\r
);\r
@param[in] Attributes The attribute value of the variable.\r
\r
@retval EFI_INVALID_PARAMETER Invalid parameter.\r
- @retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation \r
- check carried out by the firmware. \r
+ @retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation\r
+ check carried out by the firmware.\r
@retval EFI_SUCCESS The variable passed validation successfully.\r
\r
**/\r
CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);\r
if (Variable->CurrPtr != 0x0) {\r
Valid = IsValidVariableHeader (\r
- Variable->CurrPtr, \r
- Variable->Volatile, \r
- &Global->VariableGlobal[VirtualMode], \r
- Global->FvbInstance, \r
+ Variable->CurrPtr,\r
+ Variable->Volatile,\r
+ &Global->VariableGlobal[VirtualMode],\r
+ Global->FvbInstance,\r
&VariableHeader\r
);\r
ASSERT (Valid);\r
// Get KEK database from variable.\r
//\r
Status = FindVariable (\r
- Global->VariableName[VirtualMode][VAR_KEY_EXCHANGE_KEY], \r
- Global->GlobalVariableGuid[VirtualMode], \r
- &KekVariable, \r
+ Global->VariableName[VirtualMode][VAR_KEY_EXCHANGE_KEY],\r
+ Global->GlobalVariableGuid[VirtualMode],\r
+ &KekVariable,\r
&Global->VariableGlobal[VirtualMode],\r
Global->FvbInstance\r
);\r
Status = VerifyDataPayload (VirtualMode, Global, Data, DataSize, CertBlock->PublicKey);\r
if (!EFI_ERROR (Status)) {\r
Status = UpdateVariable (\r
- VariableName, \r
- VendorGuid, \r
- (UINT8*)Data + AUTHINFO_SIZE, \r
- DataSize - AUTHINFO_SIZE, \r
- Attributes, \r
- 0, \r
- CertData->MonotonicCount, \r
+ VariableName,\r
+ VendorGuid,\r
+ (UINT8*)Data + AUTHINFO_SIZE,\r
+ DataSize - AUTHINFO_SIZE,\r
+ Attributes,\r
+ 0,\r
+ CertData->MonotonicCount,\r
VirtualMode,\r
Global,\r
Variable\r
// If in setup mode, no authentication needed.\r
//\r
Status = UpdateVariable (\r
- VariableName, \r
- VendorGuid, \r
- Data, \r
- DataSize, \r
- Attributes, \r
- 0, \r
- 0, \r
+ VariableName,\r
+ VendorGuid,\r
+ Data,\r
+ DataSize,\r
+ Attributes,\r
+ 0,\r
+ 0,\r
VirtualMode,\r
Global,\r
Variable\r
@retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with\r
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
- set, but the AuthInfo does NOT pass the validation \r
- check carried out by the firmware. \r
+ set, but the AuthInfo does NOT pass the validation\r
+ check carried out by the firmware.\r
@retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully.\r
\r
**/\r
ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER));\r
if (Variable->CurrPtr != 0x0) {\r
Valid = IsValidVariableHeader (\r
- Variable->CurrPtr, \r
- Variable->Volatile, \r
- &Global->VariableGlobal[VirtualMode], \r
- Global->FvbInstance, \r
+ Variable->CurrPtr,\r
+ Variable->Volatile,\r
+ &Global->VariableGlobal[VirtualMode],\r
+ Global->FvbInstance,\r
&VariableHeader\r
);\r
ASSERT (Valid);\r
*KeyIndex = VariableHeader.PubKeyIndex;\r
IsFirstTime = FALSE;\r
}\r
- } else if (Valid && (VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) { \r
+ } else if (Valid && (VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
//\r
// If the variable is already write-protected, it always needs authentication before update.\r
//\r
//\r
return EFI_SECURITY_VIOLATION;\r
}\r
- } \r
+ }\r
//\r
// Verify the certificate in Data payload.\r
//\r