SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change added certificate and payload structures that can be consumed
by SecureBootVariableLib and other Secure Boot related operations.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>

diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/UefiSecureBoot.h
new file mode 100644 (file)
index 0000000..642fef3
--- /dev/null
+++ b/SecurityPkg/Include/UefiSecureBoot.h
@@ -0,0 +1,94 @@
+/** @file\r
+  Provides a Secure Boot related data structure definitions.\r
+\r
+  Copyright (c) Microsoft Corporation.\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+#ifndef UEFI_SECURE_BOOT_H_\r
+#define UEFI_SECURE_BOOT_H_\r
+\r
+#pragma pack (push, 1)\r
+\r
+/*\r
+  Data structure to provide certificates to setup authenticated secure\r
+  boot variables ('db', 'dbx', 'dbt', 'pk', etc.).\r
+\r
+*/\r
+typedef struct {\r
+  //\r
+  // The size, in number of bytes, of supplied certificate in 'Data' field.\r
+  //\r
+  UINTN         DataSize;\r
+  //\r
+  // The pointer to the certificates in DER-encoded format.\r
+  // Note: This certificate data should not contain the EFI_VARIABLE_AUTHENTICATION_2\r
+  //       for authenticated variables.\r
+  //\r
+  CONST VOID    *Data;\r
+} SECURE_BOOT_CERTIFICATE_INFO;\r
+\r
+/*\r
+  Data structure to provide all Secure Boot related certificates.\r
+\r
+*/\r
+typedef struct {\r
+  //\r
+  // The human readable name for this set of Secure Boot key sets.\r
+  //\r
+  CONST CHAR16    *SecureBootKeyName;\r
+  //\r
+  // The size, in number of bytes, of supplied certificate in 'DbPtr' field.\r
+  //\r
+  UINTN           DbSize;\r
+  //\r
+  // The pointer to the DB certificates in signature list format.\r
+  // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2\r
+  //       for authenticated variables.\r
+  //\r
+  CONST VOID      *DbPtr;\r
+  //\r
+  // The size, in number of bytes, of supplied certificate in 'DbxPtr' field.\r
+  //\r
+  UINTN           DbxSize;\r
+  //\r
+  // The pointer to the DBX certificates in signature list format.\r
+  // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2\r
+  //       for authenticated variables.\r
+  //\r
+  CONST VOID      *DbxPtr;\r
+  //\r
+  // The size, in number of bytes, of supplied certificate in 'DbtPtr' field.\r
+  //\r
+  UINTN           DbtSize;\r
+  //\r
+  // The pointer to the DBT certificates in signature list format.\r
+  // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2\r
+  //       for authenticated variables.\r
+  //\r
+  CONST VOID      *DbtPtr;\r
+  //\r
+  // The size, in number of bytes, of supplied certificate in 'KekPtr' field.\r
+  //\r
+  UINTN           KekSize;\r
+  //\r
+  // The pointer to the KEK certificates in signature list format.\r
+  // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2\r
+  //       for authenticated variables.\r
+  //\r
+  CONST VOID      *KekPtr;\r
+  //\r
+  // The size, in number of bytes, of supplied certificate in 'PkPtr' field.\r
+  //\r
+  UINTN           PkSize;\r
+  //\r
+  // The pointer to the PK certificates in signature list format.\r
+  // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2\r
+  //       for authenticated variables.\r
+  //\r
+  CONST VOID      *PkPtr;\r
+} SECURE_BOOT_PAYLOAD_INFO;\r
+#pragma pack (pop)\r
+\r
+#endif // UEFI_SECURE_BOOT_H_\r