The internal header file includes the common header files, defines\r
internal structure and functions used by AuthService module.\r
\r
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable data. It may be input in SMM mode.\r
+ This external input must be validated carefully to avoid security issue like\r
+ buffer overflow, integer overflow.\r
+ Variable attribute should also be checked to avoid authentication bypass.\r
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+ may not be modified without authorization. If platform fails to protect these resources, \r
+ the authentication service provided in this driver will be broken, and the behavior is undefined.\r
+\r
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
/// "AuthVarKeyDatabase" variable for the Public Key store.\r
///\r
#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"\r
-#define AUTHVAR_KEYDB_NAME_SIZE 38\r
\r
///\r
-/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.\r
+/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
+/// \r
///\r
-#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)\r
-#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)\r
+#define EFI_CERT_DB_NAME L"certdb"\r
\r
///\r
/// Struct to record signature requirement defined by UEFI spec.\r
typedef enum {\r
AuthVarTypePk,\r
AuthVarTypeKek,\r
- AuthVarTypePriv\r
+ AuthVarTypePriv,\r
+ AuthVarTypePayload\r
} AUTHVAR_TYPE;\r
\r
#pragma pack(1)\r
/**\r
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
\r
/**\r
Initializes for authenticated varibale service.\r
\r
+ @param[in] MaxAuthVariableSize Reflect the overhead associated with the saving\r
+ of a single EFI authenticated variable with the exception\r
+ of the overhead associated with the length\r
+ of the string name of the EFI variable.\r
+\r
@retval EFI_SUCCESS Function successfully executed.\r
- @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.\r
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resources.\r
\r
**/\r
EFI_STATUS\r
AutenticatedVariableServiceInitialize (\r
- VOID\r
+ IN UINTN MaxAuthVariableSize\r
);\r
\r
/**\r
/**\r
Process variable with platform key for verification.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
/**\r
Process variable with key exchange key for verification.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA\r
will be ignored.\r
\r
- @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.\r
- @param[in] DataSize Size of Data buffer.\r
- @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.\r
- @param[in] NewDataSize Size of NewData buffer.\r
+ @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.\r
+ @param[in] DataSize Size of Data buffer.\r
+ @param[in] FreeBufSize Size of free data buffer \r
+ @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.\r
+ @param[in] NewDataSize Size of NewData buffer.\r
+ @param[out] MergedBufSize Size of the merged buffer\r
\r
- @return Size of the merged buffer.\r
+ @return EFI_BUFFER_TOO_SMALL if input Data buffer overflowed\r
\r
**/\r
-UINTN\r
+EFI_STATUS\r
AppendSignatureList (\r
IN OUT VOID *Data,\r
IN UINTN DataSize,\r
+ IN UINTN FreeBufSize,\r
IN VOID *NewData,\r
- IN UINTN NewDataSize\r
+ IN UINTN NewDataSize,\r
+ OUT UINTN *MergedBufSize\r
);\r
\r
/**\r
IN EFI_TIME *SecondTime\r
);\r
\r
+/**\r
+ Delete matching signer's certificates when deleting common authenticated\r
+ variable by corresponding VariableName and VendorGuid from "certdb".\r
+\r
+ @param[in] VariableName Name of authenticated Variable.\r
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.\r
+\r
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r
+ @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.\r
+ @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r
+ @retval EFI_SUCCESS The operation is completed successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+DeleteCertsFromDb (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid\r
+ );\r
\r
/**\r
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
OUT BOOLEAN *VarDel\r
);\r
\r
-extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];\r
+extern UINT8 *mPubKeyStore;\r
+extern UINT8 *mCertDbStore;\r
extern UINT32 mPubKeyNumber;\r
extern VOID *mHashCtx;\r
-extern VOID *mStorageArea;\r
-extern UINT8 *mSerializationRuntimeBuffer;\r
\r
#endif\r
projects / mirror_edk2.git / blobdiff