The header file of HII Config Access protocol implementation of SecureBoot\r
configuration module.\r
\r
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <Protocol/HiiConfigAccess.h>\r
#include <Protocol/HiiConfigRouting.h>\r
+#include <Protocol/SimpleFileSystem.h>\r
+#include <Protocol/BlockIo.h>\r
+#include <Protocol/DevicePath.h>\r
+#include <Protocol/DebugPort.h>\r
+#include <Protocol/LoadFile.h>\r
\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/UefiLib.h>\r
#include <Library/HiiLib.h>\r
#include <Library/DevicePathLib.h>\r
-\r
+#include <Library/PrintLib.h>\r
+#include <Library/PlatformSecureLib.h>\r
+#include <Library/BaseCryptLib.h>\r
#include <Guid/MdeModuleHii.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
+#include <Guid/FileSystemVolumeLabelInfo.h>\r
+#include <Guid/ImageAuthentication.h>\r
+#include <Guid/FileInfo.h>\r
\r
#include "SecureBootConfigNvData.h"\r
\r
//\r
// Tool generated IFR binary data and String package data\r
//\r
-extern UINT8 SecureBootConfigBin[];\r
-extern UINT8 SecureBootConfigDxeStrings[];\r
+extern UINT8 SecureBootConfigBin[];\r
+extern UINT8 SecureBootConfigDxeStrings[];\r
+\r
+//\r
+// Shared IFR form update data\r
+//\r
+extern VOID *mStartOpCodeHandle;\r
+extern VOID *mEndOpCodeHandle;\r
+extern EFI_IFR_GUID_LABEL *mStartLabel;\r
+extern EFI_IFR_GUID_LABEL *mEndLabel;\r
+\r
+#define MAX_CHAR 480\r
+#define TWO_BYTE_ENCODE 0x82\r
+\r
+//\r
+// SHA-1 digest size in bytes.\r
+//\r
+#define SHA1_DIGEST_SIZE 20\r
+//\r
+// SHA-256 digest size in bytes\r
+//\r
+#define SHA256_DIGEST_SIZE 32\r
+//\r
+// SHA-384 digest size in bytes\r
+//\r
+#define SHA384_DIGEST_SIZE 48\r
+//\r
+// SHA-512 digest size in bytes\r
+//\r
+#define SHA512_DIGEST_SIZE 64\r
+\r
+//\r
+// Set max digest size as SHA512 Output (64 bytes) by far\r
+//\r
+#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE\r
+\r
+#define WIN_CERT_UEFI_RSA2048_SIZE 256\r
+\r
+//\r
+// Support hash types\r
+//\r
+#define HASHALG_SHA1 0x00000000\r
+#define HASHALG_SHA224 0x00000001\r
+#define HASHALG_SHA256 0x00000002\r
+#define HASHALG_SHA384 0x00000003\r
+#define HASHALG_SHA512 0x00000004\r
+#define HASHALG_RAW 0x00000005\r
+#define HASHALG_MAX 0x00000005\r
+\r
+\r
+#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')\r
+#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')\r
+\r
+typedef struct {\r
+ EFI_DEVICE_PATH_PROTOCOL Header;\r
+ EFI_GUID Guid;\r
+ UINT8 VendorDefinedData[1];\r
+} VENDOR_DEVICE_PATH_WITH_DATA;\r
+\r
+typedef struct {\r
+ EFI_DEVICE_PATH_PROTOCOL Header;\r
+ UINT16 NetworkProtocol;\r
+ UINT16 LoginOption;\r
+ UINT64 Lun;\r
+ UINT16 TargetPortalGroupTag;\r
+ CHAR16 TargetName[1];\r
+} ISCSI_DEVICE_PATH_WITH_NAME;\r
+\r
+typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {\r
+ FileExplorerDisplayFileSystem,\r
+ FileExplorerDisplayDirectory,\r
+ FileExplorerDisplayUnknown\r
+} FILE_EXPLORER_DISPLAY_CONTEXT;\r
+\r
+typedef enum _FILE_EXPLORER_STATE {\r
+ FileExplorerStateInActive = 0,\r
+ FileExplorerStateEnrollPkFile,\r
+ FileExplorerStateEnrollKekFile,\r
+ FileExplorerStateEnrollSignatureFileToDb,\r
+ FileExplorerStateEnrollSignatureFileToDbx,\r
+ FileExplorerStateEnrollSignatureFileToDbt,\r
+ FileExplorerStateUnknown\r
+} FILE_EXPLORER_STATE;\r
+\r
+typedef struct {\r
+ CHAR16 *Str;\r
+ UINTN Len;\r
+ UINTN Maxlen;\r
+} POOL_PRINT;\r
+\r
+typedef\r
+VOID\r
+(*DEV_PATH_FUNCTION) (\r
+ IN OUT POOL_PRINT *Str,\r
+ IN VOID *DevPath\r
+ );\r
+\r
+typedef struct {\r
+ UINT8 Type;\r
+ UINT8 SubType;\r
+ DEV_PATH_FUNCTION Function;\r
+} DEVICE_PATH_STRING_TABLE;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ LIST_ENTRY Head;\r
+ UINTN MenuNumber;\r
+} SECUREBOOT_MENU_OPTION;\r
+\r
+extern SECUREBOOT_MENU_OPTION FsOptionMenu;\r
+extern SECUREBOOT_MENU_OPTION DirectoryMenu;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ LIST_ENTRY Link;\r
+ UINTN OptionNumber;\r
+ UINT16 *DisplayString;\r
+ UINT16 *HelpString;\r
+ EFI_STRING_ID DisplayStringToken;\r
+ EFI_STRING_ID HelpStringToken;\r
+ VOID *FileContext;\r
+} SECUREBOOT_MENU_ENTRY;\r
+\r
+typedef struct {\r
+ EFI_HANDLE Handle;\r
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
+ EFI_FILE_HANDLE FHandle;\r
+ UINT16 *FileName;\r
+ EFI_FILE_SYSTEM_VOLUME_LABEL *Info;\r
+\r
+ BOOLEAN IsRoot;\r
+ BOOLEAN IsDir;\r
+ BOOLEAN IsRemovableMedia;\r
+ BOOLEAN IsLoadFile;\r
+ BOOLEAN IsBootLegacy;\r
+} SECUREBOOT_FILE_CONTEXT;\r
+\r
+\r
+//\r
+// We define another format of 5th directory entry: security directory\r
+//\r
+typedef struct {\r
+ UINT32 Offset; // Offset of certificate\r
+ UINT32 SizeOfCert; // size of certificate appended\r
+} EFI_IMAGE_SECURITY_DATA_DIRECTORY;\r
+\r
+typedef enum{\r
+ ImageType_IA32,\r
+ ImageType_X64\r
+} IMAGE_TYPE;\r
\r
///\r
/// HII specific Vendor Device Path definition.\r
EFI_HII_HANDLE HiiHandle;\r
EFI_HANDLE DriverHandle;\r
\r
+ FILE_EXPLORER_STATE FeCurrentState;\r
+ FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;\r
+\r
+ SECUREBOOT_MENU_ENTRY *MenuEntry;\r
+ SECUREBOOT_FILE_CONTEXT *FileContext;\r
+\r
+ EFI_GUID *SignatureGUID;\r
} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
\r
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
\r
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
+#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
+\r
+//\r
+// Cryptograhpic Key Information\r
+//\r
+#pragma pack(1)\r
+typedef struct _CPL_KEY_INFO {\r
+ UINT32 KeyLengthInBits; // Key Length In Bits\r
+ UINT32 BlockSize; // Operation Block Size in Bytes\r
+ UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes\r
+ UINT32 KeyType; // Key Type\r
+ UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm\r
+ UINT32 Flags; // Additional Key Property Flags\r
+} CPL_KEY_INFO;\r
+#pragma pack()\r
+\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for hash operations.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by HashContext as hash context for\r
+ subsequent use.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to Context being initialized.\r
+\r
+ @retval TRUE HASH context initialization succeeded.\r
+ @retval FALSE HASH context initialization failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_INIT)(\r
+ IN OUT VOID *HashContext\r
+ );\r
+\r
+\r
+/**\r
+ Performs digest on a data buffer of the specified length. This function can\r
+ be called multiple times to compute the digest of long or discontinuous data streams.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataLength Length of Data buffer in bytes.\r
+\r
+ @retval TRUE HASH data digest succeeded.\r
+ @retval FALSE Invalid HASH context. After HashFinal function has been called, the\r
+ HASH context cannot be reused.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_UPDATE)(\r
+ IN OUT VOID *HashContext,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataLength\r
+ );\r
+\r
+/**\r
+ Completes hash computation and retrieves the digest value into the specified\r
+ memory. After this function has been called, the context cannot be used again.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+ If HashValue is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context\r
+ @param[out] HashValue Pointer to a buffer that receives the HASH digest\r
+ value (16 bytes).\r
+\r
+ @retval TRUE HASH digest computation succeeded.\r
+ @retval FALSE HASH digest computation failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_FINAL)(\r
+ IN OUT VOID *HashContext,\r
+ OUT UINT8 *HashValue\r
+ );\r
+\r
+//\r
+// Hash Algorithm Table\r
+//\r
+typedef struct {\r
+ CHAR16 *Name; ///< Name for Hash Algorithm\r
+ UINTN DigestLength; ///< Digest Length\r
+ UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value\r
+ UINTN OidLength; ///< Length of Hash OID Value\r
+ HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function\r
+ HASH_INIT HashInit; ///< Pointer to Hash Init function\r
+ HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function\r
+ HASH_FINAL HashFinal; ///< Pointer to Hash Final function\r
+} HASH_TABLE;\r
+\r
+typedef struct {\r
+ WIN_CERTIFICATE Hdr;\r
+ UINT8 CertData[1];\r
+} WIN_CERTIFICATE_EFI_PKCS;\r
+\r
\r
/**\r
This function publish the SecureBoot configuration Form.\r
\r
@param[in, out] PrivateData Points to SecureBoot configuration private data.\r
\r
- @retval EFI_SUCCESS HII Form is installed for this network device.\r
+ @retval EFI_SUCCESS HII Form is installed successfully.\r
@retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
@retval Others Other errors as indicated.\r
\r
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
);\r
\r
+\r
/**\r
This function removes SecureBoot configuration Form.\r
\r
@param[in, out] PrivateData Points to SecureBoot configuration private data.\r
\r
**/\r
-\r
VOID\r
UninstallSecureBootConfigForm (\r
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
);\r
\r
+\r
/**\r
This function allows a caller to extract the current configuration for one\r
or more named elements from the target driver.\r
OUT EFI_STRING *Results\r
);\r
\r
+\r
/**\r
This function processes the results of changes in configuration.\r
\r
OUT EFI_STRING *Progress\r
);\r
\r
+\r
/**\r
This function processes the results of changes in configuration.\r
\r
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
);\r
\r
-#endif\r
+\r
+/**\r
+ This function converts an input device structure to a Unicode string.\r
+\r
+ @param[in] DevPath A pointer to the device path structure.\r
+\r
+ @return A new allocated Unicode string that represents the device path.\r
+\r
+**/\r
+CHAR16 *\r
+EFIAPI\r
+DevicePathToStr (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath\r
+ );\r
+\r
+\r
+/**\r
+ Clean up the dynamic opcode at label and form specified by both LabelId.\r
+\r
+ @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.\r
+ @param[in] PrivateData Module private data.\r
+\r
+**/\r
+VOID\r
+CleanUpPage (\r
+ IN UINT16 LabelId,\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+\r
+/**\r
+ Update the file explorer page with the refreshed file system.\r
+\r
+ @param[in] PrivateData Module private data.\r
+ @param[in] KeyValue Key value to identify the type of data to expect.\r
+\r
+ @retval TRUE Inform the caller to create a callback packet to exit file explorer.\r
+ @retval FALSE Indicate that there is no need to exit file explorer.\r
+\r
+**/\r
+BOOLEAN\r
+UpdateFileExplorer (\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
+ IN UINT16 KeyValue\r
+ );\r
+\r
+\r
+/**\r
+ Free resources allocated in Allocate Rountine.\r
+\r
+ @param[in, out] MenuOption Menu to be freed\r
+\r
+**/\r
+VOID\r
+FreeMenu (\r
+ IN OUT SECUREBOOT_MENU_OPTION *MenuOption\r
+ );\r
+\r
+\r
+/**\r
+ Read file content into BufferPtr, the size of the allocate buffer\r
+ is *FileSize plus AddtionAllocateSize.\r
+\r
+ @param[in] FileHandle The file to be read.\r
+ @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.\r
+ @param[out] FileSize Size of input file\r
+ @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.\r
+ In case the buffer need to contain others besides the file content.\r
+\r
+ @retval EFI_SUCCESS The file was read into the buffer.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
+ @retval others Unexpected error.\r
+\r
+**/\r
+EFI_STATUS\r
+ReadFileContent (\r
+ IN EFI_FILE_HANDLE FileHandle,\r
+ IN OUT VOID **BufferPtr,\r
+ OUT UINTN *FileSize,\r
+ IN UINTN AddtionAllocateSize\r
+ );\r
+\r
+\r
+/**\r
+ Close an open file handle.\r
+\r
+ @param[in] FileHandle The file handle to close.\r
+\r
+**/\r
+VOID\r
+CloseFile (\r
+ IN EFI_FILE_HANDLE FileHandle\r
+ );\r
+\r
+\r
+/**\r
+ Converts a nonnegative integer to an octet string of a specified length.\r
+\r
+ @param[in] Integer Pointer to the nonnegative integer to be converted\r
+ @param[in] IntSizeInWords Length of integer buffer in words\r
+ @param[out] OctetString Converted octet string of the specified length\r
+ @param[in] OSSizeInBytes Intended length of resulting octet string in bytes\r
+\r
+Returns:\r
+\r
+ @retval EFI_SUCCESS Data conversion successfully\r
+ @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Int2OctStr (\r
+ IN CONST UINTN *Integer,\r
+ IN UINTN IntSizeInWords,\r
+ OUT UINT8 *OctetString,\r
+ IN UINTN OSSizeInBytes\r
+ );\r
+\r
+\r
+/**\r
+ Convert a String to Guid Value.\r
+\r
+ @param[in] Str Specifies the String to be converted.\r
+ @param[in] StrLen Number of Unicode Characters of String (exclusive \0)\r
+ @param[out] Guid Return the result Guid value.\r
+\r
+ @retval EFI_SUCCESS The operation is finished successfully.\r
+ @retval EFI_NOT_FOUND Invalid string.\r
+\r
+**/\r
+EFI_STATUS\r
+StringToGuid (\r
+ IN CHAR16 *Str,\r
+ IN UINTN StrLen,\r
+ OUT EFI_GUID *Guid\r
+ );\r
+\r
+\r
+/**\r
+ Worker function that prints an EFI_GUID into specified Buffer.\r
+\r
+ @param[in] Guid Pointer to GUID to print.\r
+ @param[in] Buffer Buffer to print Guid into.\r
+ @param[in] BufferSize Size of Buffer.\r
+\r
+ @retval Number of characters printed.\r
+\r
+**/\r
+UINTN\r
+GuidToString (\r
+ IN EFI_GUID *Guid,\r
+ IN CHAR16 *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
+#endif
\ No newline at end of file
projects / mirror_edk2.git / blobdiff