The header file of HII Config Access protocol implementation of SecureBoot\r
configuration module.\r
\r
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
\r
#include <Protocol/HiiConfigAccess.h>\r
#include <Protocol/HiiConfigRouting.h>\r
+#include <Protocol/SimpleFileSystem.h>\r
+#include <Protocol/BlockIo.h>\r
+#include <Protocol/DevicePath.h>\r
+#include <Protocol/DevicePathToText.h>\r
+#include <Protocol/DebugPort.h>\r
+#include <Protocol/LoadFile.h>\r
\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/HiiLib.h>\r
#include <Library/DevicePathLib.h>\r
#include <Library/PrintLib.h>\r
-\r
+#include <Library/PlatformSecureLib.h>\r
+#include <Library/BaseCryptLib.h>\r
#include <Guid/MdeModuleHii.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
+#include <Guid/FileSystemVolumeLabelInfo.h>\r
+#include <Guid/ImageAuthentication.h>\r
+#include <Guid/FileInfo.h>\r
\r
#include "SecureBootConfigNvData.h"\r
\r
//\r
// Tool generated IFR binary data and String package data\r
//\r
-extern UINT8 SecureBootConfigBin[];\r
-extern UINT8 SecureBootConfigDxeStrings[];\r
+extern UINT8 SecureBootConfigBin[];\r
+extern UINT8 SecureBootConfigDxeStrings[];\r
+\r
+//\r
+// Shared IFR form update data\r
+//\r
+extern VOID *mStartOpCodeHandle;\r
+extern VOID *mEndOpCodeHandle;\r
+extern EFI_IFR_GUID_LABEL *mStartLabel;\r
+extern EFI_IFR_GUID_LABEL *mEndLabel;\r
+\r
+#define MAX_CHAR 480\r
+#define TWO_BYTE_ENCODE 0x82\r
+\r
+//\r
+// SHA-1 digest size in bytes.\r
+//\r
+#define SHA1_DIGEST_SIZE 20\r
+//\r
+// SHA-256 digest size in bytes\r
+//\r
+#define SHA256_DIGEST_SIZE 32\r
+//\r
+// Set max digest size as SHA256 Output (32 bytes) by far\r
+//\r
+#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE\r
+\r
+#define WIN_CERT_UEFI_RSA2048_SIZE 256\r
+\r
+//\r
+// Support hash types\r
+//\r
+#define HASHALG_SHA1 0x00000000\r
+#define HASHALG_SHA224 0x00000001\r
+#define HASHALG_SHA256 0x00000002\r
+#define HASHALG_SHA384 0x00000003\r
+#define HASHALG_SHA512 0x00000004\r
+#define HASHALG_MAX 0x00000005\r
+\r
+\r
+#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')\r
+#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')\r
+\r
+typedef struct {\r
+ EFI_DEVICE_PATH_PROTOCOL Header;\r
+ EFI_GUID Guid;\r
+ UINT8 VendorDefinedData[1];\r
+} VENDOR_DEVICE_PATH_WITH_DATA;\r
+\r
+typedef struct {\r
+ EFI_DEVICE_PATH_PROTOCOL Header;\r
+ UINT16 NetworkProtocol;\r
+ UINT16 LoginOption;\r
+ UINT64 Lun;\r
+ UINT16 TargetPortalGroupTag;\r
+ CHAR16 TargetName[1];\r
+} ISCSI_DEVICE_PATH_WITH_NAME;\r
+\r
+typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {\r
+ FileExplorerDisplayFileSystem,\r
+ FileExplorerDisplayDirectory,\r
+ FileExplorerDisplayUnknown\r
+} FILE_EXPLORER_DISPLAY_CONTEXT;\r
+\r
+typedef enum _FILE_EXPLORER_STATE {\r
+ FileExplorerStateInActive = 0,\r
+ FileExplorerStateEnrollPkFile,\r
+ FileExplorerStateEnrollKekFile,\r
+ FileExplorerStateEnrollSignatureFileToDb,\r
+ FileExplorerStateEnrollSignatureFileToDbx,\r
+ FileExplorerStateUnknown\r
+} FILE_EXPLORER_STATE;\r
+\r
+typedef struct {\r
+ CHAR16 *Str;\r
+ UINTN Len;\r
+ UINTN Maxlen;\r
+} POOL_PRINT;\r
+\r
+typedef\r
+VOID\r
+(*DEV_PATH_FUNCTION) (\r
+ IN OUT POOL_PRINT *Str,\r
+ IN VOID *DevPath\r
+ );\r
+\r
+typedef struct {\r
+ UINT8 Type;\r
+ UINT8 SubType;\r
+ DEV_PATH_FUNCTION Function;\r
+} DEVICE_PATH_STRING_TABLE;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ LIST_ENTRY Head;\r
+ UINTN MenuNumber;\r
+} SECUREBOOT_MENU_OPTION;\r
+\r
+extern SECUREBOOT_MENU_OPTION FsOptionMenu;\r
+extern SECUREBOOT_MENU_OPTION DirectoryMenu;\r
+\r
+typedef struct {\r
+ UINTN Signature;\r
+ LIST_ENTRY Link;\r
+ UINTN OptionNumber;\r
+ UINT16 *DisplayString;\r
+ UINT16 *HelpString;\r
+ EFI_STRING_ID DisplayStringToken;\r
+ EFI_STRING_ID HelpStringToken;\r
+ VOID *FileContext;\r
+} SECUREBOOT_MENU_ENTRY;\r
+\r
+typedef struct {\r
+ EFI_HANDLE Handle;\r
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
+ EFI_FILE_HANDLE FHandle;\r
+ UINT16 *FileName;\r
+ EFI_FILE_SYSTEM_VOLUME_LABEL *Info;\r
+\r
+ BOOLEAN IsRoot;\r
+ BOOLEAN IsDir;\r
+ BOOLEAN IsRemovableMedia;\r
+ BOOLEAN IsLoadFile;\r
+ BOOLEAN IsBootLegacy;\r
+} SECUREBOOT_FILE_CONTEXT;\r
+\r
+\r
+//\r
+// We define another format of 5th directory entry: security directory\r
+//\r
+typedef struct {\r
+ UINT32 Offset; // Offset of certificate\r
+ UINT32 SizeOfCert; // size of certificate appended\r
+} EFI_IMAGE_SECURITY_DATA_DIRECTORY;\r
+\r
+typedef enum{\r
+ ImageType_IA32,\r
+ ImageType_X64\r
+} IMAGE_TYPE;\r
\r
///\r
/// HII specific Vendor Device Path definition.\r
EFI_HII_HANDLE HiiHandle;\r
EFI_HANDLE DriverHandle;\r
\r
+ FILE_EXPLORER_STATE FeCurrentState;\r
+ FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;\r
+\r
+ SECUREBOOT_MENU_ENTRY *MenuEntry;\r
+ SECUREBOOT_FILE_CONTEXT *FileContext;\r
+\r
+ EFI_GUID *SignatureGUID;\r
} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
\r
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
\r
+//\r
+// Cryptograhpic Key Information\r
+//\r
+#pragma pack (push, 1)\r
+typedef struct _CPL_KEY_INFO {\r
+ UINT32 KeyLengthInBits; // Key Length In Bits\r
+ UINT32 BlockSize; // Operation Block Size in Bytes\r
+ UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes\r
+ UINT32 KeyType; // Key Type\r
+ UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm\r
+ UINT32 Flags; // Additional Key Property Flags\r
+} CPL_KEY_INFO;\r
+#pragma pack (pop)\r
+\r
+\r
+/**\r
+ Retrieves the size, in bytes, of the context buffer required for hash operations.\r
+\r
+ @return The size, in bytes, of the context buffer required for hash operations.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *HASH_GET_CONTEXT_SIZE)(\r
+ VOID\r
+ );\r
+\r
+/**\r
+ Initializes user-supplied memory pointed by HashContext as hash context for\r
+ subsequent use.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to Context being initialized.\r
+\r
+ @retval TRUE HASH context initialization succeeded.\r
+ @retval FALSE HASH context initialization failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_INIT)(\r
+ IN OUT VOID *HashContext\r
+ );\r
+\r
+\r
+/**\r
+ Performs digest on a data buffer of the specified length. This function can\r
+ be called multiple times to compute the digest of long or discontinuous data streams.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context.\r
+ @param[in] Data Pointer to the buffer containing the data to be hashed.\r
+ @param[in] DataLength Length of Data buffer in bytes.\r
+\r
+ @retval TRUE HASH data digest succeeded.\r
+ @retval FALSE Invalid HASH context. After HashFinal function has been called, the\r
+ HASH context cannot be reused.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_UPDATE)(\r
+ IN OUT VOID *HashContext,\r
+ IN CONST VOID *Data,\r
+ IN UINTN DataLength\r
+ );\r
+\r
+/**\r
+ Completes hash computation and retrieves the digest value into the specified\r
+ memory. After this function has been called, the context cannot be used again.\r
+\r
+ If HashContext is NULL, then ASSERT().\r
+ If HashValue is NULL, then ASSERT().\r
+\r
+ @param[in, out] HashContext Pointer to the MD5 context\r
+ @param[out] HashValue Pointer to a buffer that receives the HASH digest\r
+ value (16 bytes).\r
+\r
+ @retval TRUE HASH digest computation succeeded.\r
+ @retval FALSE HASH digest computation failed.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *HASH_FINAL)(\r
+ IN OUT VOID *HashContext,\r
+ OUT UINT8 *HashValue\r
+ );\r
+\r
+//\r
+// Hash Algorithm Table\r
+//\r
+typedef struct {\r
+ CHAR16 *Name; ///< Name for Hash Algorithm\r
+ UINTN DigestLength; ///< Digest Length\r
+ UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value \r
+ UINTN OidLength; ///< Length of Hash OID Value\r
+ HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function\r
+ HASH_INIT HashInit; ///< Pointer to Hash Init function\r
+ HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function\r
+ HASH_FINAL HashFinal; ///< Pointer to Hash Final function\r
+} HASH_TABLE;\r
+\r
+typedef struct {\r
+ WIN_CERTIFICATE Hdr;\r
+ UINT8 CertData[1];\r
+} WIN_CERTIFICATE_EFI_PKCS;\r
+\r
\r
/**\r
This function publish the SecureBoot configuration Form.\r
\r
@param[in, out] PrivateData Points to SecureBoot configuration private data.\r
\r
- @retval EFI_SUCCESS HII Form is installed for this network device.\r
+ @retval EFI_SUCCESS HII Form is installed successfully.\r
@retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.\r
@retval Others Other errors as indicated.\r
\r
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
);\r
\r
+\r
/**\r
This function removes SecureBoot configuration Form.\r
\r
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
);\r
\r
+\r
/**\r
This function allows a caller to extract the current configuration for one\r
or more named elements from the target driver.\r
OUT EFI_STRING *Results\r
);\r
\r
+\r
/**\r
This function processes the results of changes in configuration.\r
\r
OUT EFI_STRING *Progress\r
);\r
\r
+\r
/**\r
This function processes the results of changes in configuration.\r
\r
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest\r
);\r
\r
+\r
+/**\r
+ This function converts an input device structure to a Unicode string.\r
+\r
+ @param[in] DevPath A pointer to the device path structure.\r
+\r
+ @return A new allocated Unicode string that represents the device path.\r
+\r
+**/\r
+CHAR16 *\r
+EFIAPI\r
+DevicePathToStr (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath\r
+ );\r
+\r
+\r
+/**\r
+ Clean up the dynamic opcode at label and form specified by both LabelId. \r
+\r
+ @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.\r
+ @param[in] PrivateData Module private data.\r
+\r
+**/\r
+VOID\r
+CleanUpPage (\r
+ IN UINT16 LabelId,\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData\r
+ );\r
+\r
+\r
+/**\r
+ Update the file explorer page with the refreshed file system.\r
+\r
+ @param[in] PrivateData Module private data.\r
+ @param[in] KeyValue Key value to identify the type of data to expect.\r
+\r
+ @retval TRUE Inform the caller to create a callback packet to exit file explorer.\r
+ @retval FALSE Indicate that there is no need to exit file explorer.\r
+\r
+**/\r
+BOOLEAN\r
+UpdateFileExplorer (\r
+ IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
+ IN UINT16 KeyValue\r
+ );\r
+\r
+\r
+/**\r
+ Free resources allocated in Allocate Rountine.\r
+\r
+ @param[in, out] MenuOption Menu to be freed\r
+ \r
+**/\r
+VOID\r
+FreeMenu (\r
+ IN OUT SECUREBOOT_MENU_OPTION *MenuOption\r
+ );\r
+\r
+\r
+/**\r
+ Read file content into BufferPtr, the size of the allocate buffer \r
+ is *FileSize plus AddtionAllocateSize.\r
+\r
+ @param[in] FileHandle The file to be read.\r
+ @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.\r
+ @param[out] FileSize Size of input file\r
+ @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. \r
+ In case the buffer need to contain others besides the file content.\r
+ \r
+ @retval EFI_SUCCESS The file was read into the buffer.\r
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.\r
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.\r
+ @retval others Unexpected error.\r
+\r
+**/\r
+EFI_STATUS\r
+ReadFileContent (\r
+ IN EFI_FILE_HANDLE FileHandle,\r
+ IN OUT VOID **BufferPtr,\r
+ OUT UINTN *FileSize,\r
+ IN UINTN AddtionAllocateSize\r
+ );\r
+\r
+\r
+/**\r
+ Close an open file handle.\r
+\r
+ @param[in] FileHandle The file handle to close.\r
+ \r
+**/\r
+VOID\r
+CloseFile (\r
+ IN EFI_FILE_HANDLE FileHandle\r
+ );\r
+\r
+\r
+/**\r
+ Converts a nonnegative integer to an octet string of a specified length.\r
+\r
+ @param[in] Integer Pointer to the nonnegative integer to be converted\r
+ @param[in] IntSizeInWords Length of integer buffer in words\r
+ @param[out] OctetString Converted octet string of the specified length \r
+ @param[in] OSSizeInBytes Intended length of resulting octet string in bytes\r
+\r
+Returns:\r
+\r
+ @retval EFI_SUCCESS Data conversion successfully\r
+ @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Int2OctStr (\r
+ IN CONST UINTN *Integer,\r
+ IN UINTN IntSizeInWords,\r
+ OUT UINT8 *OctetString,\r
+ IN UINTN OSSizeInBytes\r
+ );\r
+\r
+\r
+/**\r
+ Convert a String to Guid Value.\r
+\r
+ @param[in] Str Specifies the String to be converted.\r
+ @param[in] StrLen Number of Unicode Characters of String (exclusive \0)\r
+ @param[out] Guid Return the result Guid value.\r
+\r
+ @retval EFI_SUCCESS The operation is finished successfully.\r
+ @retval EFI_NOT_FOUND Invalid string.\r
+\r
+**/\r
+EFI_STATUS\r
+StringToGuid (\r
+ IN CHAR16 *Str, \r
+ IN UINTN StrLen, \r
+ OUT EFI_GUID *Guid\r
+ );\r
+\r
+\r
+/**\r
+ Worker function that prints an EFI_GUID into specified Buffer.\r
+\r
+ @param[in] Guid Pointer to GUID to print.\r
+ @param[in] Buffer Buffer to print Guid into.\r
+ @param[in] BufferSize Size of Buffer.\r
+ \r
+ @retval Number of characters printed.\r
+\r
+**/\r
+UINTN\r
+GuidToString (\r
+ IN EFI_GUID *Guid,\r
+ IN CHAR16 *Buffer,\r
+ IN UINTN BufferSize\r
+ );\r
+\r
#endif\r
projects / mirror_edk2.git / blobdiff