The internal header file includes the common header files, defines\r
internal structure and functions used by AuthService module.\r
\r
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable data. It may be input in SMM mode.\r
+ This external input must be validated carefully to avoid security issue like\r
+ buffer overflow, integer overflow.\r
+ Variable attribute should also be checked to avoid authentication bypass.\r
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+ may not be modified without authorization. If platform fails to protect these resources, \r
+ the authentication service provided in this driver will be broken, and the behavior is undefined.\r
+\r
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
#define EFI_CERT_TYPE_RSA2048_SIZE 256\r
\r
///\r
-/// Size of AuthInfo prior to the data payload\r
+/// Size of AuthInfo prior to the data payload.\r
///\r
-#define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r
+#define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \\r
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \\r
+ sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r
+\r
+#define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r
+ (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)\r
+\r
+#define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))\r
\r
///\r
/// "AuthVarKeyDatabase" variable for the Public Key store.\r
///\r
#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"\r
-#define AUTHVAR_KEYDB_NAME_SIZE 38\r
\r
///\r
-/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.\r
+/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
+/// \r
///\r
-#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)\r
-#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)\r
+#define EFI_CERT_DB_NAME L"certdb"\r
\r
///\r
-/// Item number of support signature types.\r
+/// Struct to record signature requirement defined by UEFI spec.\r
+/// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.\r
///\r
-#define SIGSUPPORT_NUM 2\r
-\r
+typedef struct {\r
+ EFI_GUID SigType;\r
+ // Expected SignatureHeader size in Bytes.\r
+ UINT32 SigHeaderSize;\r
+ // Expected SignatureData size in Bytes.\r
+ UINT32 SigDataSize;\r
+} EFI_SIGNATURE_ITEM;\r
+\r
+typedef enum {\r
+ AuthVarTypePk,\r
+ AuthVarTypeKek,\r
+ AuthVarTypePriv,\r
+ AuthVarTypePayload\r
+} AUTHVAR_TYPE;\r
+\r
+#pragma pack(1)\r
+typedef struct {\r
+ EFI_GUID VendorGuid;\r
+ UINT32 CertNodeSize;\r
+ UINT32 NameSize;\r
+ UINT32 CertDataSize;\r
+ /// CHAR16 VariableName[NameSize];\r
+ /// UINT8 CertData[CertDataSize];\r
+} AUTH_CERT_DB_DATA;\r
+#pragma pack()\r
\r
/**\r
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
\r
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with\r
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.\r
@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
- set, but the AuthInfo does NOT pass the validation \r
- check carried out by the firmware. \r
+ set, but the AuthInfo does NOT pass the validation\r
+ check carried out by the firmware.\r
@return EFI_SUCCESS Variable is not write-protected, or passed validation successfully.\r
\r
**/\r
IN UINT32 Attributes\r
);\r
\r
+/**\r
+ Update platform mode.\r
+\r
+ @param[in] Mode SETUP_MODE or USER_MODE.\r
+\r
+ @return EFI_INVALID_PARAMETER Invalid parameter.\r
+ @return EFI_SUCCESS Update platform mode successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+UpdatePlatformMode (\r
+ IN UINT32 Mode\r
+ );\r
+\r
/**\r
Initializes for authenticated varibale service.\r
\r
+ @param[in] MaxAuthVariableSize Reflect the overhead associated with the saving\r
+ of a single EFI authenticated variable with the exception\r
+ of the overhead associated with the length\r
+ of the string name of the EFI variable.\r
+\r
@retval EFI_SUCCESS Function successfully executed.\r
- @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.\r
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resources.\r
\r
**/\r
EFI_STATUS\r
AutenticatedVariableServiceInitialize (\r
- VOID\r
+ IN UINTN MaxAuthVariableSize\r
);\r
\r
/**\r
VOID\r
);\r
\r
+/**\r
+ Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK variable.\r
+\r
+ @param[in] VariableName Name of Variable to be check.\r
+ @param[in] VendorGuid Variable vendor GUID.\r
+ @param[in] Data Point to the variable data to be checked.\r
+ @param[in] DataSize Size of Data.\r
+\r
+ @return EFI_INVALID_PARAMETER Invalid signature list format.\r
+ @return EFI_SUCCESS Passed signature list format check successfully.\r
+ \r
+**/\r
+EFI_STATUS\r
+CheckSignatureListFormat(\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize\r
+ );\r
+\r
/**\r
Process variable with platform key for verification.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
@param[in] IsPk Indicate whether it is to process pk.\r
\r
@return EFI_INVALID_PARAMETER Invalid parameter\r
- @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
- check carried out by the firmware. \r
+ @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r
+ check carried out by the firmware.\r
@return EFI_SUCCESS Variable passed validation successfully.\r
\r
**/\r
/**\r
Process variable with key exchange key for verification.\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+ This function will check attribute carefully to avoid authentication bypass.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
@param[in] Attributes Attribute value of the variable.\r
\r
@return EFI_INVALID_PARAMETER Invalid parameter.\r
- @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
- check carried out by the firmware. \r
+ @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r
+ check carried out by the firmware.\r
@return EFI_SUCCESS Variable passed validation successfully.\r
\r
**/\r
IN UINT32 Attributes OPTIONAL\r
);\r
\r
+/**\r
+ Merge two buffers which formatted as EFI_SIGNATURE_LIST. Only the new EFI_SIGNATURE_DATA\r
+ will be appended to the original EFI_SIGNATURE_LIST, duplicate EFI_SIGNATURE_DATA\r
+ will be ignored.\r
+\r
+ @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST.\r
+ @param[in] DataSize Size of Data buffer.\r
+ @param[in] FreeBufSize Size of free data buffer \r
+ @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended.\r
+ @param[in] NewDataSize Size of NewData buffer.\r
+ @param[out] MergedBufSize Size of the merged buffer\r
+\r
+ @return EFI_BUFFER_TOO_SMALL if input Data buffer overflowed\r
+\r
+**/\r
+EFI_STATUS\r
+AppendSignatureList (\r
+ IN OUT VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINTN FreeBufSize,\r
+ IN VOID *NewData,\r
+ IN UINTN NewDataSize,\r
+ OUT UINTN *MergedBufSize\r
+ );\r
+\r
/**\r
Compare two EFI_TIME data.\r
\r
IN EFI_TIME *SecondTime\r
);\r
\r
+/**\r
+ Delete matching signer's certificates when deleting common authenticated\r
+ variable by corresponding VariableName and VendorGuid from "certdb".\r
+\r
+ @param[in] VariableName Name of authenticated Variable.\r
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.\r
+\r
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r
+ @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.\r
+ @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r
+ @retval EFI_SUCCESS The operation is completed successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+DeleteCertsFromDb (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid\r
+ );\r
\r
/**\r
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
\r
+ Caution: This function may receive untrusted input.\r
+ This function may be invoked in SMM mode, and datasize and data are external input.\r
+ This function will do basic validation, before parse the data.\r
+ This function will parse the authentication carefully to avoid security issues, like\r
+ buffer overflow, integer overflow.\r
+\r
@param[in] VariableName Name of Variable to be found.\r
@param[in] VendorGuid Variable vendor GUID.\r
@param[in] Data Data pointer.\r
data, this value contains the required size.\r
@param[in] Variable The variable information which is used to keep track of variable usage.\r
@param[in] Attributes Attribute value of the variable.\r
- @param[in] Pk Verify against PK or KEK database.\r
+ @param[in] AuthVarType Verify against PK or KEK database or private database.\r
@param[out] VarDel Delete the variable or not.\r
\r
@retval EFI_INVALID_PARAMETER Invalid parameter.\r
- @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation \r
- check carried out by the firmware. \r
+ @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation\r
+ check carried out by the firmware.\r
@retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack\r
of resources.\r
@retval EFI_SUCCESS Variable pass validation successfully.\r
IN UINTN DataSize,\r
IN VARIABLE_POINTER_TRACK *Variable,\r
IN UINT32 Attributes,\r
- IN BOOLEAN Pk,\r
+ IN AUTHVAR_TYPE AuthVarType,\r
OUT BOOLEAN *VarDel\r
);\r
\r
-extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];\r
+extern UINT8 *mPubKeyStore;\r
+extern UINT8 *mCertDbStore;\r
extern UINT32 mPubKeyNumber;\r
extern VOID *mHashCtx;\r
-extern VOID *mStorageArea;\r
- \r
+\r
#endif\r