The internal header file includes the common header files, defines\r
internal structure and functions used by AuthService module.\r
\r
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
+ Caution: This module requires additional review when modified.\r
+ This driver will have external input - variable data. It may be input in SMM mode.\r
+ This external input must be validated carefully to avoid security issue like\r
+ buffer overflow, integer overflow.\r
+ Variable attribute should also be checked to avoid authentication bypass.\r
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+ may not be modified without authorization. If platform fails to protect these resources, \r
+ the authentication service provided in this driver will be broken, and the behavior is undefined.\r
+\r
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
///\r
#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"\r
\r
-///\r
-/// Max size of public key database, restricted by max individal EFI varible size, exclude variable header and name size.\r
-///\r
-#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (AUTHVAR_KEYDB_NAME))\r
-#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)\r
-\r
///\r
/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX\r
/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
/// \r
///\r
#define EFI_CERT_DB_NAME L"certdb"\r
-#define MAX_CERTDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - sizeof (EFI_CERT_DB_NAME))\r
\r
///\r
/// Struct to record signature requirement defined by UEFI spec.\r
/**\r
Initializes for authenticated varibale service.\r
\r
+ @param[in] MaxAuthVariableSize Reflect the overhead associated with the saving\r
+ of a single EFI authenticated variable with the exception\r
+ of the overhead associated with the length\r
+ of the string name of the EFI variable.\r
+\r
@retval EFI_SUCCESS Function successfully executed.\r
- @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.\r
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resources.\r
\r
**/\r
EFI_STATUS\r
AutenticatedVariableServiceInitialize (\r
- VOID\r
+ IN UINTN MaxAuthVariableSize\r
);\r
\r
/**\r
IN EFI_TIME *SecondTime\r
);\r
\r
+/**\r
+ Delete matching signer's certificates when deleting common authenticated\r
+ variable by corresponding VariableName and VendorGuid from "certdb".\r
+\r
+ @param[in] VariableName Name of authenticated Variable.\r
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.\r
+\r
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.\r
+ @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.\r
+ @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.\r
+ @retval EFI_SUCCESS The operation is completed successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+DeleteCertsFromDb (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid\r
+ );\r
\r
/**\r
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set\r
OUT BOOLEAN *VarDel\r
);\r
\r
-extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];\r
+extern UINT8 *mPubKeyStore;\r
+extern UINT8 *mCertDbStore;\r
extern UINT32 mPubKeyNumber;\r
extern VOID *mHashCtx;\r
-extern UINT8 *mSerializationRuntimeBuffer;\r
\r
#endif\r
projects / mirror_edk2.git / blobdiff