VariableFormat.h defines variable data headers and variable storage region headers.\r
\r
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials are licensed and made available under \r
-the terms and conditions of the BSD License that accompanies this distribution. \r
+This program and the accompanying materials are licensed and made available under\r
+the terms and conditions of the BSD License that accompanies this distribution.\r
The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php. \r
+http://opensource.org/licenses/bsd-license.php.\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
///\r
EFI_GUID Signature;\r
///\r
- /// Size of entire variable store, \r
+ /// Size of entire variable store,\r
/// including size of variable store header but not including the size of FvHeader.\r
///\r
UINT32 Size;\r
#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid.\r
#define VAR_ADDED 0x3f ///< Variable has been completely added.\r
\r
+///\r
+/// Variable Attribute combinations.\r
+///\r
+#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)\r
+#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)\r
+#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
+#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)\r
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)\r
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)\r
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW)\r
+\r
///\r
/// Single Variable Data Header Structure.\r
///\r
EFI_GUID VendorGuid;\r
} AUTHENTICATED_VARIABLE_HEADER;\r
\r
+typedef struct {\r
+ EFI_GUID *Guid;\r
+ CHAR16 *Name;\r
+ UINTN VariableSize;\r
+} VARIABLE_ENTRY_CONSISTENCY;\r
+\r
#pragma pack()\r
\r
typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;\r
///\r
/// This structure contains the variable list that is put in EFI system table.\r
/// The variable driver collects all variables that were used at boot service time and produces this list.\r
-/// This is an optional feature to dump all used variables in shell environment. \r
+/// This is an optional feature to dump all used variables in shell environment.\r
///\r
struct _VARIABLE_INFO_ENTRY {\r
VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry.\r
EFI_GUID VendorGuid; ///< Guid of Variable.\r
- CHAR16 *Name; ///< Name of Variable. \r
+ CHAR16 *Name; ///< Name of Variable.\r
UINT32 Attributes; ///< Attributes of variable defined in UEFI specification.\r
UINT32 ReadCount; ///< Number of times to read this variable.\r
UINT32 WriteCount; ///< Number of times to write this variable.\r
--- /dev/null
+/** @file\r
+ Provides services to initialize and process authenticated variables.\r
+\r
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials are licensed and made available under\r
+the terms and conditions of the BSD License that accompanies this distribution.\r
+The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php.\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _AUTH_VARIABLE_LIB_H_\r
+#define _AUTH_VARIABLE_LIB_H_\r
+\r
+#include <Protocol/VarCheck.h>\r
+\r
+///\r
+/// Size of AuthInfo prior to the data payload.\r
+///\r
+#define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \\r
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \\r
+ sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))\r
+\r
+#define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r
+ (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)\r
+\r
+#define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \\r
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))\r
+\r
+typedef struct {\r
+ CHAR16 *VariableName;\r
+ EFI_GUID *VendorGuid;\r
+ UINT32 Attributes;\r
+ UINTN DataSize;\r
+ VOID *Data;\r
+ UINT32 PubKeyIndex;\r
+ UINT64 MonotonicCount;\r
+ EFI_TIME *TimeStamp;\r
+} AUTH_VARIABLE_INFO;\r
+\r
+/**\r
+ Finds variable in storage blocks of volatile and non-volatile storage areas.\r
+\r
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.\r
+ If VariableName is an empty string, then we just return the first\r
+ qualified variable without comparing VariableName and VendorGuid.\r
+\r
+ @param[in] VariableName Name of the variable to be found.\r
+ @param[in] VendorGuid Variable vendor GUID to be found.\r
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for\r
+ output of the variable found.\r
+\r
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,\r
+ while VendorGuid is NULL.\r
+ @retval EFI_SUCCESS Variable successfully found.\r
+ @retval EFI_NOT_FOUND Variable not found\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *AUTH_VAR_LIB_FIND_VARIABLE) (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo\r
+ );\r
+\r
+/**\r
+ Finds next variable in storage blocks of volatile and non-volatile storage areas.\r
+\r
+ This code finds next variable in storage blocks of volatile and non-volatile storage areas.\r
+ If VariableName is an empty string, then we just return the first\r
+ qualified variable without comparing VariableName and VendorGuid.\r
+\r
+ @param[in] VariableName Name of the variable to be found.\r
+ @param[in] VendorGuid Variable vendor GUID to be found.\r
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for\r
+ output of the next variable.\r
+\r
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,\r
+ while VendorGuid is NULL.\r
+ @retval EFI_SUCCESS Variable successfully found.\r
+ @retval EFI_NOT_FOUND Variable not found\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *AUTH_VAR_LIB_FIND_NEXT_VARIABLE) (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo\r
+ );\r
+\r
+/**\r
+ Update the variable region with Variable information.\r
+\r
+ @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for\r
+ input of the variable.\r
+\r
+ @retval EFI_SUCCESS The update operation is success.\r
+ @retval EFI_INVALID_PARAMETER Invalid parameter.\r
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.\r
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *AUTH_VAR_LIB_UPDATE_VARIABLE) (\r
+ IN AUTH_VARIABLE_INFO *AuthVariableInfo\r
+ );\r
+\r
+/**\r
+ Get scratch buffer.\r
+\r
+ @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than\r
+ the maximum supported buffer size, this value contains\r
+ the maximum supported buffer size as output.\r
+ @param[out] ScratchBuffer Pointer to scratch buffer address.\r
+\r
+ @retval EFI_SUCCESS Get scratch buffer successfully.\r
+ @retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *AUTH_VAR_LIB_GET_SCRATCH_BUFFER) (\r
+ IN OUT UINTN *ScratchBufferSize,\r
+ OUT VOID **ScratchBuffer\r
+ );\r
+\r
+/**\r
+ This function is to check if the remaining variable space is enough to set\r
+ all Variables from argument list successfully. The purpose of the check\r
+ is to keep the consistency of the Variables to be in variable storage.\r
+\r
+ Note: Variables are assumed to be in same storage.\r
+ The set sequence of Variables will be same with the sequence of VariableEntry from argument list,\r
+ so follow the argument sequence to check the Variables.\r
+\r
+ @param[in] Attributes Variable attributes for Variable entries.\r
+ @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.\r
+ A NULL terminates the list. The VariableSize of\r
+ VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.\r
+ It will be changed to variable total size as output.\r
+\r
+ @retval TRUE Have enough variable space to set the Variables successfully.\r
+ @retval FALSE No enough variable space to set the Variables successfully.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *AUTH_VAR_LIB_CHECK_REMAINING_SPACE) (\r
+ IN UINT32 Attributes,\r
+ ...\r
+ );\r
+\r
+/**\r
+ Return TRUE if at OS runtime.\r
+\r
+ @retval TRUE If at OS runtime.\r
+ @retval FALSE If at boot time.\r
+\r
+**/\r
+typedef\r
+BOOLEAN\r
+(EFIAPI *AUTH_VAR_LIB_AT_RUNTIME) (\r
+ VOID\r
+ );\r
+\r
+#define AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION 0x01\r
+\r
+typedef struct {\r
+ UINTN StructVersion;\r
+ UINTN StructSize;\r
+ //\r
+ // Reflect the overhead associated with the saving\r
+ // of a single EFI authenticated variable with the exception\r
+ // of the overhead associated with the length\r
+ // of the string name of the EFI variable.\r
+ //\r
+ UINTN MaxAuthVariableSize;\r
+ AUTH_VAR_LIB_FIND_VARIABLE FindVariable;\r
+ AUTH_VAR_LIB_FIND_NEXT_VARIABLE FindNextVariable;\r
+ AUTH_VAR_LIB_UPDATE_VARIABLE UpdateVariable;\r
+ AUTH_VAR_LIB_GET_SCRATCH_BUFFER GetScratchBuffer;\r
+ AUTH_VAR_LIB_CHECK_REMAINING_SPACE CheckRemainingSpaceForConsistency;\r
+ AUTH_VAR_LIB_AT_RUNTIME AtRuntime;\r
+} AUTH_VAR_LIB_CONTEXT_IN;\r
+\r
+#define AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION 0x01\r
+\r
+typedef struct {\r
+ UINTN StructVersion;\r
+ UINTN StructSize;\r
+ //\r
+ // Caller needs to set variable property for the variables.\r
+ //\r
+ VARIABLE_ENTRY_PROPERTY *AuthVarEntry;\r
+ UINTN AuthVarEntryCount;\r
+ //\r
+ // Caller needs to ConvertPointer() for the pointers.\r
+ //\r
+ VOID **AddressPointer;\r
+ UINTN AddressPointerCount;\r
+} AUTH_VAR_LIB_CONTEXT_OUT;\r
+\r
+/**\r
+ Initialization for authenticated varibale services.\r
+ If this initialization returns error status, other APIs will not work\r
+ and expect to be not called then.\r
+\r
+ @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.\r
+ @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.\r
+\r
+ @retval EFI_SUCCESS Function successfully executed.\r
+ @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.\r
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+AuthVariableLibInitialize (\r
+ IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,\r
+ OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut\r
+ );\r
+\r
+/**\r
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
+\r
+ @param[in] VariableName Name of the variable.\r
+ @param[in] VendorGuid Variable vendor GUID.\r
+ @param[in] Data Data pointer.\r
+ @param[in] DataSize Size of Data.\r
+ @param[in] Attributes Attribute value of the variable.\r
+\r
+ @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r
+ defined by the Attributes.\r
+ @retval EFI_INVALID_PARAMETER Invalid parameter.\r
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.\r
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
+ or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS\r
+ set, but the AuthInfo does NOT pass the validation\r
+ check carried out by the firmware.\r
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+AuthVariableLibProcessVariable (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes\r
+ );\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+ Implements NULL authenticated variable services.\r
+\r
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <Library/AuthVariableLib.h>\r
+#include <Library/DebugLib.h>\r
+\r
+/**\r
+ Initialization for authenticated varibale services.\r
+ If this initialization returns error status, other APIs will not work\r
+ and expect to be not called then.\r
+\r
+ @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.\r
+ @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.\r
+\r
+ @retval EFI_SUCCESS Function successfully executed.\r
+ @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.\r
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.\r
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+AuthVariableLibInitialize (\r
+ IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,\r
+ OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut\r
+ )\r
+{\r
+ //\r
+ // Do nothing, just return EFI_UNSUPPORTED.\r
+ //\r
+ return EFI_UNSUPPORTED;\r
+}\r
+\r
+/**\r
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.\r
+\r
+ @param[in] VariableName Name of the variable.\r
+ @param[in] VendorGuid Variable vendor GUID.\r
+ @param[in] Data Data pointer.\r
+ @param[in] DataSize Size of Data.\r
+ @param[in] Attributes Attribute value of the variable.\r
+\r
+ @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r
+ defined by the Attributes.\r
+ @retval EFI_INVALID_PARAMETER Invalid parameter.\r
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.\r
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.\r
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\r
+ or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS\r
+ set, but the AuthInfo does NOT pass the validation\r
+ check carried out by the firmware.\r
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+AuthVariableLibProcessVariable (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid,\r
+ IN VOID *Data,\r
+ IN UINTN DataSize,\r
+ IN UINT32 Attributes\r
+ )\r
+{\r
+ ASSERT (FALSE);\r
+ return EFI_UNSUPPORTED;\r
+}\r