);\r
\r
/**\r
- Create a EFI Signature List with data fetched from section specified as a argument.\r
- Found keys are verified using RsaGetPublicKeyFromX509().\r
+ Create a EFI Signature List with data supplied from input argument.\r
+ The input certificates from KeyInfo parameter should be DER-encoded\r
+ format.\r
\r
- @param[in] KeyFileGuid A pointer to to the FFS filename GUID\r
@param[out] SigListsSize A pointer to size of signature list\r
- @param[out] SigListsOut a pointer to a callee-allocated buffer with signature lists\r
+ @param[out] SigListOut A pointer to a callee-allocated buffer with signature lists\r
+ @param[in] KeyInfoCount The number of certificate pointer and size pairs inside KeyInfo.\r
+ @param[in] KeyInfo A pointer to all certificates, in the format of DER-encoded,\r
+ to be concatenated into signature lists.\r
\r
- @retval EFI_SUCCESS Create time based payload successfully.\r
+ @retval EFI_SUCCESS Created signature list from payload successfully.\r
@retval EFI_NOT_FOUND Section with key has not been found.\r
- @retval EFI_INVALID_PARAMETER Embedded key has a wrong format.\r
+ @retval EFI_INVALID_PARAMETER Embedded key has a wrong format or input pointers are NULL.\r
@retval Others Unexpected error happens.\r
\r
--*/\r
EFI_STATUS\r
-SecureBootFetchData (\r
- IN EFI_GUID *KeyFileGuid,\r
- OUT UINTN *SigListsSize,\r
- OUT EFI_SIGNATURE_LIST **SigListOut\r
+EFIAPI\r
+SecureBootCreateDataFromInput (\r
+ OUT UINTN *SigListsSize,\r
+ OUT EFI_SIGNATURE_LIST **SigListOut,\r
+ IN UINTN KeyInfoCount,\r
+ IN CONST SECURE_BOOT_CERTIFICATE_INFO *KeyInfo\r
);\r
\r
/**\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
**/\r
#include <Uefi.h>\r
+#include <UefiSecureBoot.h>\r
#include <Guid/GlobalVariable.h>\r
#include <Guid/AuthenticatedVariableFormat.h>\r
#include <Guid/ImageAuthentication.h>\r
-#include <Library/BaseCryptLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/UefiRuntimeServicesTableLib.h>\r
#include <Library/SecureBootVariableLib.h>\r
-#include "Library/DxeServicesLib.h"\r
\r
// This time can be used when deleting variables, as it should be greater than any variable time.\r
EFI_TIME mMaxTimestamp = {\r
}\r
\r
/**\r
- Create a EFI Signature List with data fetched from section specified as a argument.\r
- Found keys are verified using RsaGetPublicKeyFromX509().\r
+ Create a EFI Signature List with data supplied from input argument.\r
+ The input certificates from KeyInfo parameter should be DER-encoded\r
+ format.\r
\r
- @param[in] KeyFileGuid A pointer to to the FFS filename GUID\r
@param[out] SigListsSize A pointer to size of signature list\r
- @param[out] SigListsOut a pointer to a callee-allocated buffer with signature lists\r
+ @param[out] SigListOut A pointer to a callee-allocated buffer with signature lists\r
+ @param[in] KeyInfoCount The number of certificate pointer and size pairs inside KeyInfo.\r
+ @param[in] KeyInfo A pointer to all certificates, in the format of DER-encoded,\r
+ to be concatenated into signature lists.\r
\r
- @retval EFI_SUCCESS Create time based payload successfully.\r
+ @retval EFI_SUCCESS Created signature list from payload successfully.\r
@retval EFI_NOT_FOUND Section with key has not been found.\r
- @retval EFI_INVALID_PARAMETER Embedded key has a wrong format.\r
+ @retval EFI_INVALID_PARAMETER Embedded key has a wrong format or input pointers are NULL.\r
@retval Others Unexpected error happens.\r
\r
**/\r
EFI_STATUS\r
-SecureBootFetchData (\r
- IN EFI_GUID *KeyFileGuid,\r
- OUT UINTN *SigListsSize,\r
- OUT EFI_SIGNATURE_LIST **SigListOut\r
+EFIAPI\r
+SecureBootCreateDataFromInput (\r
+ OUT UINTN *SigListsSize,\r
+ OUT EFI_SIGNATURE_LIST **SigListOut,\r
+ IN UINTN KeyInfoCount,\r
+ IN CONST SECURE_BOOT_CERTIFICATE_INFO *KeyInfo\r
)\r
{\r
EFI_SIGNATURE_LIST *EfiSig;\r
EFI_SIGNATURE_LIST *TmpEfiSig2;\r
EFI_STATUS Status;\r
VOID *Buffer;\r
- VOID *RsaPubKey;\r
UINTN Size;\r
+ UINTN InputIndex;\r
UINTN KeyIndex;\r
\r
+ if ((SigListOut == NULL) || (SigListsSize == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ if ((KeyInfoCount == 0) || (KeyInfo == NULL)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ InputIndex = 0;\r
KeyIndex = 0;\r
EfiSig = NULL;\r
*SigListsSize = 0;\r
- while (1) {\r
- Status = GetSectionFromAnyFv (\r
- KeyFileGuid,\r
- EFI_SECTION_RAW,\r
- KeyIndex,\r
- &Buffer,\r
- &Size\r
- );\r
-\r
- if (Status == EFI_SUCCESS) {\r
- RsaPubKey = NULL;\r
- if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) {\r
- DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, KeyIndex));\r
+ while (InputIndex < KeyInfoCount) {\r
+ if (KeyInfo[InputIndex].Data != NULL) {\r
+ Size = KeyInfo[InputIndex].DataSize;\r
+ Buffer = AllocateCopyPool (Size, KeyInfo[InputIndex].Data);\r
+ if (Buffer == NULL) {\r
if (EfiSig != NULL) {\r
FreePool (EfiSig);\r
}\r
\r
- FreePool (Buffer);\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_OUT_OF_RESOURCES;\r
}\r
\r
Status = CreateSigList (Buffer, Size, &TmpEfiSig);\r
\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (Buffer);\r
+ break;\r
+ }\r
+\r
//\r
// Concatenate lists if more than one section found\r
//\r
FreePool (Buffer);\r
}\r
\r
- if (Status == EFI_NOT_FOUND) {\r
- break;\r
- }\r
+ InputIndex++;\r
}\r
\r
if (KeyIndex == 0) {\r