The header file of HII Config Access protocol implementation of SecureBoot\r
configuration module.\r
\r
-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/PrintLib.h>\r
#include <Library/PlatformSecureLib.h>\r
#include <Library/BaseCryptLib.h>\r
+#include <Library/FileExplorerLib.h>\r
+#include <Library/PeCoffLib.h>\r
+\r
#include <Guid/MdeModuleHii.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
#include <Guid/FileSystemVolumeLabelInfo.h>\r
#include <Guid/ImageAuthentication.h>\r
#include <Guid/FileInfo.h>\r
+#include <Guid/WinCertificate.h>\r
\r
#include "SecureBootConfigNvData.h"\r
\r
\r
#define MAX_CHAR 480\r
#define TWO_BYTE_ENCODE 0x82\r
+#define BUFFER_MAX_SIZE 100\r
\r
-//\r
-// SHA-1 digest size in bytes.\r
-//\r
-#define SHA1_DIGEST_SIZE 20\r
//\r
// SHA-256 digest size in bytes\r
//\r
//\r
// Support hash types\r
//\r
-#define HASHALG_SHA1 0x00000000\r
-#define HASHALG_SHA224 0x00000001\r
-#define HASHALG_SHA256 0x00000002\r
-#define HASHALG_SHA384 0x00000003\r
-#define HASHALG_SHA512 0x00000004\r
-#define HASHALG_RAW 0x00000005\r
-#define HASHALG_MAX 0x00000005\r
-\r
-\r
-#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')\r
-#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')\r
-\r
-typedef struct {\r
- EFI_DEVICE_PATH_PROTOCOL Header;\r
- EFI_GUID Guid;\r
- UINT8 VendorDefinedData[1];\r
-} VENDOR_DEVICE_PATH_WITH_DATA;\r
-\r
-typedef struct {\r
- EFI_DEVICE_PATH_PROTOCOL Header;\r
- UINT16 NetworkProtocol;\r
- UINT16 LoginOption;\r
- UINT64 Lun;\r
- UINT16 TargetPortalGroupTag;\r
- CHAR16 TargetName[1];\r
-} ISCSI_DEVICE_PATH_WITH_NAME;\r
-\r
-typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {\r
- FileExplorerDisplayFileSystem,\r
- FileExplorerDisplayDirectory,\r
- FileExplorerDisplayUnknown\r
-} FILE_EXPLORER_DISPLAY_CONTEXT;\r
-\r
-typedef enum _FILE_EXPLORER_STATE {\r
- FileExplorerStateInActive = 0,\r
- FileExplorerStateEnrollPkFile,\r
- FileExplorerStateEnrollKekFile,\r
- FileExplorerStateEnrollSignatureFileToDb,\r
- FileExplorerStateEnrollSignatureFileToDbx,\r
- FileExplorerStateEnrollSignatureFileToDbt,\r
- FileExplorerStateUnknown\r
-} FILE_EXPLORER_STATE;\r
-\r
-typedef struct {\r
- CHAR16 *Str;\r
- UINTN Len;\r
- UINTN Maxlen;\r
-} POOL_PRINT;\r
+#define HASHALG_SHA224 0x00000000\r
+#define HASHALG_SHA256 0x00000001\r
+#define HASHALG_SHA384 0x00000002\r
+#define HASHALG_SHA512 0x00000003\r
+#define HASHALG_RAW 0x00000004\r
+#define HASHALG_MAX 0x00000004\r
\r
-typedef\r
-VOID\r
-(*DEV_PATH_FUNCTION) (\r
- IN OUT POOL_PRINT *Str,\r
- IN VOID *DevPath\r
- );\r
-\r
-typedef struct {\r
- UINT8 Type;\r
- UINT8 SubType;\r
- DEV_PATH_FUNCTION Function;\r
-} DEVICE_PATH_STRING_TABLE;\r
\r
typedef struct {\r
UINTN Signature;\r
UINTN MenuNumber;\r
} SECUREBOOT_MENU_OPTION;\r
\r
-extern SECUREBOOT_MENU_OPTION FsOptionMenu;\r
-extern SECUREBOOT_MENU_OPTION DirectoryMenu;\r
-\r
typedef struct {\r
- UINTN Signature;\r
- LIST_ENTRY Link;\r
- UINTN OptionNumber;\r
- UINT16 *DisplayString;\r
- UINT16 *HelpString;\r
- EFI_STRING_ID DisplayStringToken;\r
- EFI_STRING_ID HelpStringToken;\r
- VOID *FileContext;\r
-} SECUREBOOT_MENU_ENTRY;\r
-\r
-typedef struct {\r
- EFI_HANDLE Handle;\r
- EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
EFI_FILE_HANDLE FHandle;\r
UINT16 *FileName;\r
- EFI_FILE_SYSTEM_VOLUME_LABEL *Info;\r
-\r
- BOOLEAN IsRoot;\r
- BOOLEAN IsDir;\r
- BOOLEAN IsRemovableMedia;\r
- BOOLEAN IsLoadFile;\r
- BOOLEAN IsBootLegacy;\r
+ UINT8 FileType;\r
} SECUREBOOT_FILE_CONTEXT;\r
\r
+#define SECUREBOOT_FREE_NON_NULL(Pointer) \\r
+ do { \\r
+ if ((Pointer) != NULL) { \\r
+ FreePool((Pointer)); \\r
+ (Pointer) = NULL; \\r
+ } \\r
+ } while (FALSE)\r
+\r
+#define SECUREBOOT_FREE_NON_OPCODE(Handle) \\r
+ do{ \\r
+ if ((Handle) != NULL) { \\r
+ HiiFreeOpCodeHandle((Handle)); \\r
+ } \\r
+ } while (FALSE)\r
+\r
+#define SIGNATURE_DATA_COUNTS(List) \\r
+ (((List)->SignatureListSize - sizeof(EFI_SIGNATURE_LIST) - (List)->SignatureHeaderSize) / (List)->SignatureSize)\r
\r
//\r
// We define another format of 5th directory entry: security directory\r
EFI_DEVICE_PATH_PROTOCOL End;\r
} HII_VENDOR_DEVICE_PATH;\r
\r
+typedef enum {\r
+ Variable_DB,\r
+ Variable_DBX,\r
+ Variable_DBT,\r
+ Variable_MAX\r
+} CURRENT_VARIABLE_NAME;\r
+\r
+typedef enum {\r
+ Delete_Signature_List_All,\r
+ Delete_Signature_List_One,\r
+ Delete_Signature_Data\r
+}SIGNATURE_DELETE_TYPE;\r
+\r
typedef struct {\r
UINTN Signature;\r
\r
EFI_HII_HANDLE HiiHandle;\r
EFI_HANDLE DriverHandle;\r
\r
- FILE_EXPLORER_STATE FeCurrentState;\r
- FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;\r
-\r
- SECUREBOOT_MENU_ENTRY *MenuEntry;\r
SECUREBOOT_FILE_CONTEXT *FileContext;\r
\r
EFI_GUID *SignatureGUID;\r
+\r
+ CURRENT_VARIABLE_NAME VariableName; // The variable name we are processing.\r
+ UINT32 ListCount; // Record current variable has how many signature list.\r
+ UINTN ListIndex; // Record which signature list is processing.\r
+ BOOLEAN *CheckArray; // Record whcih siganture data checked.\r
} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
\r
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
+extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;\r
\r
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
);\r
\r
\r
-/**\r
- Update the file explorer page with the refreshed file system.\r
-\r
- @param[in] PrivateData Module private data.\r
- @param[in] KeyValue Key value to identify the type of data to expect.\r
-\r
- @retval TRUE Inform the caller to create a callback packet to exit file explorer.\r
- @retval FALSE Indicate that there is no need to exit file explorer.\r
-\r
-**/\r
-BOOLEAN\r
-UpdateFileExplorer (\r
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
- IN UINT16 KeyValue\r
- );\r
-\r
-\r
-/**\r
- Free resources allocated in Allocate Rountine.\r
-\r
- @param[in, out] MenuOption Menu to be freed\r
-\r
-**/\r
-VOID\r
-FreeMenu (\r
- IN OUT SECUREBOOT_MENU_OPTION *MenuOption\r
- );\r
-\r
-\r
/**\r
Read file content into BufferPtr, the size of the allocate buffer\r
is *FileSize plus AddtionAllocateSize.\r
IN UINTN OSSizeInBytes\r
);\r
\r
-\r
-/**\r
- Convert a String to Guid Value.\r
-\r
- @param[in] Str Specifies the String to be converted.\r
- @param[in] StrLen Number of Unicode Characters of String (exclusive \0)\r
- @param[out] Guid Return the result Guid value.\r
-\r
- @retval EFI_SUCCESS The operation is finished successfully.\r
- @retval EFI_NOT_FOUND Invalid string.\r
-\r
-**/\r
-EFI_STATUS\r
-StringToGuid (\r
- IN CHAR16 *Str,\r
- IN UINTN StrLen,\r
- OUT EFI_GUID *Guid\r
- );\r
-\r
-\r
/**\r
Worker function that prints an EFI_GUID into specified Buffer.\r
\r
IN UINTN BufferSize\r
);\r
\r
+/**\r
+ Update the PK form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdatePKFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the KEK form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateKEKFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DB form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DBX form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBXFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DBT form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBTFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
#endif\r