The header file of HII Config Access protocol implementation of SecureBoot\r
configuration module.\r
\r
-Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
#include <Library/PrintLib.h>\r
#include <Library/PlatformSecureLib.h>\r
#include <Library/BaseCryptLib.h>\r
+#include <Library/FileExplorerLib.h>\r
+#include <Library/PeCoffLib.h>\r
+\r
#include <Guid/MdeModuleHii.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
#include <Guid/FileSystemVolumeLabelInfo.h>\r
#include <Guid/ImageAuthentication.h>\r
#include <Guid/FileInfo.h>\r
+#include <Guid/WinCertificate.h>\r
\r
#include "SecureBootConfigNvData.h"\r
\r
\r
#define MAX_CHAR 480\r
#define TWO_BYTE_ENCODE 0x82\r
+#define BUFFER_MAX_SIZE 100\r
\r
-//\r
-// SHA-1 digest size in bytes.\r
-//\r
-#define SHA1_DIGEST_SIZE 20\r
//\r
// SHA-256 digest size in bytes\r
//\r
//\r
// Support hash types\r
//\r
-#define HASHALG_SHA1 0x00000000\r
-#define HASHALG_SHA224 0x00000001\r
-#define HASHALG_SHA256 0x00000002\r
-#define HASHALG_SHA384 0x00000003\r
-#define HASHALG_SHA512 0x00000004\r
-#define HASHALG_RAW 0x00000005\r
-#define HASHALG_MAX 0x00000005\r
-\r
-\r
-#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')\r
-#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')\r
-\r
-typedef struct {\r
- EFI_DEVICE_PATH_PROTOCOL Header;\r
- EFI_GUID Guid;\r
- UINT8 VendorDefinedData[1];\r
-} VENDOR_DEVICE_PATH_WITH_DATA;\r
-\r
-typedef struct {\r
- EFI_DEVICE_PATH_PROTOCOL Header;\r
- UINT16 NetworkProtocol;\r
- UINT16 LoginOption;\r
- UINT64 Lun;\r
- UINT16 TargetPortalGroupTag;\r
- CHAR16 TargetName[1];\r
-} ISCSI_DEVICE_PATH_WITH_NAME;\r
-\r
-typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {\r
- FileExplorerDisplayFileSystem,\r
- FileExplorerDisplayDirectory,\r
- FileExplorerDisplayUnknown\r
-} FILE_EXPLORER_DISPLAY_CONTEXT;\r
-\r
-typedef enum _FILE_EXPLORER_STATE {\r
- FileExplorerStateInActive = 0,\r
- FileExplorerStateEnrollPkFile,\r
- FileExplorerStateEnrollKekFile,\r
- FileExplorerStateEnrollSignatureFileToDb,\r
- FileExplorerStateEnrollSignatureFileToDbx,\r
- FileExplorerStateEnrollSignatureFileToDbt,\r
- FileExplorerStateUnknown\r
-} FILE_EXPLORER_STATE;\r
-\r
-typedef struct {\r
- CHAR16 *Str;\r
- UINTN Len;\r
- UINTN Maxlen;\r
-} POOL_PRINT;\r
-\r
-typedef\r
-VOID\r
-(*DEV_PATH_FUNCTION) (\r
- IN OUT POOL_PRINT *Str,\r
- IN VOID *DevPath\r
- );\r
+#define HASHALG_SHA224 0x00000000\r
+#define HASHALG_SHA256 0x00000001\r
+#define HASHALG_SHA384 0x00000002\r
+#define HASHALG_SHA512 0x00000003\r
+#define HASHALG_RAW 0x00000004\r
+#define HASHALG_MAX 0x00000004\r
\r
-typedef struct {\r
- UINT8 Type;\r
- UINT8 SubType;\r
- DEV_PATH_FUNCTION Function;\r
-} DEVICE_PATH_STRING_TABLE;\r
\r
typedef struct {\r
UINTN Signature;\r
UINTN MenuNumber;\r
} SECUREBOOT_MENU_OPTION;\r
\r
-extern SECUREBOOT_MENU_OPTION FsOptionMenu;\r
-extern SECUREBOOT_MENU_OPTION DirectoryMenu;\r
-\r
-typedef struct {\r
- UINTN Signature;\r
- LIST_ENTRY Link;\r
- UINTN OptionNumber;\r
- UINT16 *DisplayString;\r
- UINT16 *HelpString;\r
- EFI_STRING_ID DisplayStringToken;\r
- EFI_STRING_ID HelpStringToken;\r
- VOID *FileContext;\r
-} SECUREBOOT_MENU_ENTRY;\r
-\r
typedef struct {\r
- EFI_HANDLE Handle;\r
- EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r
EFI_FILE_HANDLE FHandle;\r
UINT16 *FileName;\r
- EFI_FILE_SYSTEM_VOLUME_LABEL *Info;\r
-\r
- BOOLEAN IsRoot;\r
- BOOLEAN IsDir;\r
- BOOLEAN IsRemovableMedia;\r
- BOOLEAN IsLoadFile;\r
- BOOLEAN IsBootLegacy;\r
+ UINT8 FileType;\r
} SECUREBOOT_FILE_CONTEXT;\r
\r
+#define SECUREBOOT_FREE_NON_NULL(Pointer) \\r
+ do { \\r
+ if ((Pointer) != NULL) { \\r
+ FreePool((Pointer)); \\r
+ (Pointer) = NULL; \\r
+ } \\r
+ } while (FALSE)\r
+\r
+#define SECUREBOOT_FREE_NON_OPCODE(Handle) \\r
+ do{ \\r
+ if ((Handle) != NULL) { \\r
+ HiiFreeOpCodeHandle((Handle)); \\r
+ } \\r
+ } while (FALSE)\r
+\r
+#define SIGNATURE_DATA_COUNTS(List) \\r
+ (((List)->SignatureListSize - sizeof(EFI_SIGNATURE_LIST) - (List)->SignatureHeaderSize) / (List)->SignatureSize)\r
\r
//\r
// We define another format of 5th directory entry: security directory\r
EFI_DEVICE_PATH_PROTOCOL End;\r
} HII_VENDOR_DEVICE_PATH;\r
\r
+typedef enum {\r
+ Variable_DB,\r
+ Variable_DBX,\r
+ Variable_DBT,\r
+ Variable_MAX\r
+} CURRENT_VARIABLE_NAME;\r
+\r
+typedef enum {\r
+ Delete_Signature_List_All,\r
+ Delete_Signature_List_One,\r
+ Delete_Signature_Data\r
+}SIGNATURE_DELETE_TYPE;\r
+\r
typedef struct {\r
UINTN Signature;\r
\r
EFI_HII_HANDLE HiiHandle;\r
EFI_HANDLE DriverHandle;\r
\r
- FILE_EXPLORER_STATE FeCurrentState;\r
- FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;\r
-\r
- SECUREBOOT_MENU_ENTRY *MenuEntry;\r
SECUREBOOT_FILE_CONTEXT *FileContext;\r
\r
EFI_GUID *SignatureGUID;\r
+\r
+ CURRENT_VARIABLE_NAME VariableName; // The variable name we are processing.\r
+ UINT32 ListCount; // Record current variable has how many signature list.\r
+ UINTN ListIndex; // Record which signature list is processing.\r
+ BOOLEAN *CheckArray; // Record whcih siganture data checked.\r
} SECUREBOOT_CONFIG_PRIVATE_DATA;\r
\r
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;\r
+extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData;\r
\r
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')\r
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)\r
);\r
\r
\r
-/**\r
- Update the file explorer page with the refreshed file system.\r
-\r
- @param[in] PrivateData Module private data.\r
- @param[in] KeyValue Key value to identify the type of data to expect.\r
-\r
- @retval TRUE Inform the caller to create a callback packet to exit file explorer.\r
- @retval FALSE Indicate that there is no need to exit file explorer.\r
-\r
-**/\r
-BOOLEAN\r
-UpdateFileExplorer (\r
- IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,\r
- IN UINT16 KeyValue\r
- );\r
-\r
-\r
-/**\r
- Free resources allocated in Allocate Rountine.\r
-\r
- @param[in, out] MenuOption Menu to be freed\r
-\r
-**/\r
-VOID\r
-FreeMenu (\r
- IN OUT SECUREBOOT_MENU_OPTION *MenuOption\r
- );\r
-\r
-\r
/**\r
Read file content into BufferPtr, the size of the allocate buffer\r
is *FileSize plus AddtionAllocateSize.\r
IN UINTN OSSizeInBytes\r
);\r
\r
-\r
-/**\r
- Convert a String to Guid Value.\r
-\r
- @param[in] Str Specifies the String to be converted.\r
- @param[in] StrLen Number of Unicode Characters of String (exclusive \0)\r
- @param[out] Guid Return the result Guid value.\r
-\r
- @retval EFI_SUCCESS The operation is finished successfully.\r
- @retval EFI_NOT_FOUND Invalid string.\r
-\r
-**/\r
-EFI_STATUS\r
-StringToGuid (\r
- IN CHAR16 *Str,\r
- IN UINTN StrLen,\r
- OUT EFI_GUID *Guid\r
- );\r
-\r
-\r
/**\r
Worker function that prints an EFI_GUID into specified Buffer.\r
\r
IN UINTN BufferSize\r
);\r
\r
-#endif
\ No newline at end of file
+/**\r
+ Update the PK form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdatePKFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the KEK form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateKEKFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DB form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DBX form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBXFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+/**\r
+ Update the DBT form base on the input file path info.\r
+\r
+ @param FilePath Point to the file path.\r
+\r
+ @retval TRUE Exit caller function.\r
+ @retval FALSE Not exit caller function.\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UpdateDBTFromFile (\r
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
+ );\r
+\r
+#endif\r