SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.

This commit removes functions which were added
to SecureBootVariableLib. It also adds dependecy
on that library.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
index 573efa6379a0b07582ed93e357f0ae5fbae2ac81..14c7311b08b56c29ea002abf9ad6bf6a7868f723 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -54,6 +54,8 @@
   DevicePathLib\r
   FileExplorerLib\r
   PeCoffLib\r
+  SecureBootVariableLib\r
+  SecureBootVariableProvisionLib\r
 \r
 [Guids]\r
   ## SOMETIMES_CONSUMES      ## Variable:L"CustomMode"\r

diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
index e82bfe77570de0960daa8fb2e0a226ac44cbf55a..f527aa32e647e86ffca8e16529a28a011ddc2930 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
@@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 \r
 #include "SecureBootConfigImpl.h"\r
 #include <Library/BaseCryptLib.h>\r
+#include <Library/SecureBootVariableLib.h>\r
+#include <Library/SecureBootVariableProvisionLib.h>\r
 \r
 CHAR16              mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION";\r
 \r
@@ -237,168 +239,6 @@ SaveSecureBootVariable (
   return Status;\r
 }\r
 \r
-/**\r
-  Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2\r
-  descriptor with the input data. NO authentication is required in this function.\r
-\r
-  @param[in, out]   DataSize       On input, the size of Data buffer in bytes.\r
-                                   On output, the size of data returned in Data\r
-                                   buffer in bytes.\r
-  @param[in, out]   Data           On input, Pointer to data buffer to be wrapped or\r
-                                   pointer to NULL to wrap an empty payload.\r
-                                   On output, Pointer to the new payload date buffer allocated from pool,\r
-                                   it's caller's responsibility to free the memory when finish using it.\r
-\r
-  @retval EFI_SUCCESS              Create time based payload successfully.\r
-  @retval EFI_OUT_OF_RESOURCES     There are not enough memory resources to create time based payload.\r
-  @retval EFI_INVALID_PARAMETER    The parameter is invalid.\r
-  @retval Others                   Unexpected error happens.\r
-\r
-**/\r
-EFI_STATUS\r
-CreateTimeBasedPayload (\r
-  IN OUT UINTN            *DataSize,\r
-  IN OUT UINT8            **Data\r
-  )\r
-{\r
-  EFI_STATUS                       Status;\r
-  UINT8                            *NewData;\r
-  UINT8                            *Payload;\r
-  UINTN                            PayloadSize;\r
-  EFI_VARIABLE_AUTHENTICATION_2    *DescriptorData;\r
-  UINTN                            DescriptorSize;\r
-  EFI_TIME                         Time;\r
-\r
-  if (Data == NULL || DataSize == NULL) {\r
-    return EFI_INVALID_PARAMETER;\r
-  }\r
-\r
-  //\r
-  // In Setup mode or Custom mode, the variable does not need to be signed but the\r
-  // parameters to the SetVariable() call still need to be prepared as authenticated\r
-  // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor without certificate\r
-  // data in it.\r
-  //\r
-  Payload     = *Data;\r
-  PayloadSize = *DataSize;\r
-\r
-  DescriptorSize    = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);\r
-  NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize);\r
-  if (NewData == NULL) {\r
-    return EFI_OUT_OF_RESOURCES;\r
-  }\r
-\r
-  if ((Payload != NULL) && (PayloadSize != 0)) {\r
-    CopyMem (NewData + DescriptorSize, Payload, PayloadSize);\r
-  }\r
-\r
-  DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);\r
-\r
-  ZeroMem (&Time, sizeof (EFI_TIME));\r
-  Status = gRT->GetTime (&Time, NULL);\r
-  if (EFI_ERROR (Status)) {\r
-    FreePool(NewData);\r
-    return Status;\r
-  }\r
-  Time.Pad1       = 0;\r
-  Time.Nanosecond = 0;\r
-  Time.TimeZone   = 0;\r
-  Time.Daylight   = 0;\r
-  Time.Pad2       = 0;\r
-  CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME));\r
-\r
-  DescriptorData->AuthInfo.Hdr.dwLength         = OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);\r
-  DescriptorData->AuthInfo.Hdr.wRevision        = 0x0200;\r
-  DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID;\r
-  CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);\r
-\r
-  if (Payload != NULL) {\r
-    FreePool(Payload);\r
-  }\r
-\r
-  *DataSize = DescriptorSize + PayloadSize;\r
-  *Data     = NewData;\r
-  return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
-  Internal helper function to delete a Variable given its name and GUID, NO authentication\r
-  required.\r
-\r
-  @param[in]      VariableName            Name of the Variable.\r
-  @param[in]      VendorGuid              GUID of the Variable.\r
-\r
-  @retval EFI_SUCCESS              Variable deleted successfully.\r
-  @retval Others                   The driver failed to start the device.\r
-\r
-**/\r
-EFI_STATUS\r
-DeleteVariable (\r
-  IN  CHAR16                    *VariableName,\r
-  IN  EFI_GUID                  *VendorGuid\r
-  )\r
-{\r
-  EFI_STATUS              Status;\r
-  VOID*                   Variable;\r
-  UINT8                   *Data;\r
-  UINTN                   DataSize;\r
-  UINT32                  Attr;\r
-\r
-  GetVariable2 (VariableName, VendorGuid, &Variable, NULL);\r
-  if (Variable == NULL) {\r
-    return EFI_SUCCESS;\r
-  }\r
-  FreePool (Variable);\r
-\r
-  Data     = NULL;\r
-  DataSize = 0;\r
-  Attr     = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS\r
-             | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;\r
-\r
-  Status = CreateTimeBasedPayload (&DataSize, &Data);\r
-  if (EFI_ERROR (Status)) {\r
-    DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status));\r
-    return Status;\r
-  }\r
-\r
-  Status = gRT->SetVariable (\r
-                  VariableName,\r
-                  VendorGuid,\r
-                  Attr,\r
-                  DataSize,\r
-                  Data\r
-                  );\r
-  if (Data != NULL) {\r
-    FreePool (Data);\r
-  }\r
-  return Status;\r
-}\r
-\r
-/**\r
-\r
-  Set the platform secure boot mode into "Custom" or "Standard" mode.\r
-\r
-  @param[in]   SecureBootMode        New secure boot mode: STANDARD_SECURE_BOOT_MODE or\r
-                                     CUSTOM_SECURE_BOOT_MODE.\r
-\r
-  @return EFI_SUCCESS                The platform has switched to the special mode successfully.\r
-  @return other                      Fail to operate the secure boot mode.\r
-\r
-**/\r
-EFI_STATUS\r
-SetSecureBootMode (\r
-  IN     UINT8         SecureBootMode\r
-  )\r
-{\r
-  return gRT->SetVariable (\r
-                EFI_CUSTOM_MODE_NAME,\r
-                &gEfiCustomModeEnableGuid,\r
-                EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,\r
-                sizeof (UINT8),\r
-                &SecureBootMode\r
-                );\r
-}\r
-\r
 /**\r
   This code checks if the encode type and key strength of X.509\r
   certificate is qualified.\r
@@ -646,32 +486,6 @@ ON_EXIT:
   return Status;\r
 }\r
 \r
-/**\r
-  Remove the PK variable.\r
-\r
-  @retval EFI_SUCCESS    Delete PK successfully.\r
-  @retval Others         Could not allow to delete PK.\r
-\r
-**/\r
-EFI_STATUS\r
-DeletePlatformKey (\r
-  VOID\r
-)\r
-{\r
-  EFI_STATUS Status;\r
-\r
-  Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);\r
-  if (EFI_ERROR (Status)) {\r
-    return Status;\r
-  }\r
-\r
-  Status = DeleteVariable (\r
-             EFI_PLATFORM_KEY_NAME,\r
-             &gEfiGlobalVariableGuid\r
-             );\r
-  return Status;\r
-}\r
-\r
 /**\r
   Enroll a new KEK item from public key storing file (*.pbk).\r
 \r