SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 This change added certificate and payload structures that can be consumed by SecureBootVariableLib and other Secure Boot related operations. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
2025-04-08 17:05:09 +02:00 · 2022-04-11 16:45:45 -07:00 · 2022-04-11 16:45:45 -07:00 · 134fbd552c
commit 134fbd552c
parent e1eef3a8b0
1 changed files with 94 additions and 0 deletions
--- a/SecurityPkg/Include/UefiSecureBoot.h
+++ b/SecurityPkg/Include/UefiSecureBoot.h
@ -0,0 +1,94 @@
+/** @file
+  Provides a Secure Boot related data structure definitions.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UEFI_SECURE_BOOT_H_
+#define UEFI_SECURE_BOOT_H_
+
+#pragma pack (push, 1)
+
+/*
+  Data structure to provide certificates to setup authenticated secure
+  boot variables ('db', 'dbx', 'dbt', 'pk', etc.).
+
+*/
+typedef struct {
+  //
+  // The size, in number of bytes, of supplied certificate in 'Data' field.
+  //
+  UINTN         DataSize;
+  //
+  // The pointer to the certificates in DER-encoded format.
+  // Note: This certificate data should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID    *Data;
+} SECURE_BOOT_CERTIFICATE_INFO;
+
+/*
+  Data structure to provide all Secure Boot related certificates.
+
+*/
+typedef struct {
+  //
+  // The human readable name for this set of Secure Boot key sets.
+  //
+  CONST CHAR16    *SecureBootKeyName;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbPtr' field.
+  //
+  UINTN           DbSize;
+  //
+  // The pointer to the DB certificates in signature list format.
+  // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *DbPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbxPtr' field.
+  //
+  UINTN           DbxSize;
+  //
+  // The pointer to the DBX certificates in signature list format.
+  // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *DbxPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbtPtr' field.
+  //
+  UINTN           DbtSize;
+  //
+  // The pointer to the DBT certificates in signature list format.
+  // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *DbtPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'KekPtr' field.
+  //
+  UINTN           KekSize;
+  //
+  // The pointer to the KEK certificates in signature list format.
+  // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *KekPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'PkPtr' field.
+  //
+  UINTN           PkSize;
+  //
+  // The pointer to the PK certificates in signature list format.
+  // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *PkPtr;
+} SECURE_BOOT_PAYLOAD_INFO;
+#pragma pack (pop)
+
+#endif // UEFI_SECURE_BOOT_H_