mirror of https://github.com/acidanthera/audk.git
OvmfPkg/EnrollDefaultKeys: extract typedefs to a header file
"EnrollDefaultKeys.c" defines three structure types: SINGLE_HEADER, REPEATING_HEADER, and SETTINGS. The definitions are scattered over the C file, and lack high-level summary comments. Extract the structures to "EnrollDefaultKeys.h", and add the missing comments. Cc: Anthony Perard <anthony.perard@citrix.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Julien Grall <julien.grall@arm.com> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Gary Lin <glin@suse.com>
This commit is contained in:
parent
a2491a6c82
commit
1c9418fcaf
|
@ -15,6 +15,8 @@
|
|||
#include <Library/UefiLib.h> // AsciiPrint()
|
||||
#include <Library/UefiRuntimeServicesTableLib.h> // gRT
|
||||
|
||||
#include "EnrollDefaultKeys.h"
|
||||
|
||||
//
|
||||
// We'll use the certificate below as both Platform Key and as first Key
|
||||
// Exchange Key.
|
||||
|
@ -543,97 +545,6 @@ STATIC CONST EFI_GUID mMicrosoftOwnerGuid = {
|
|||
{ 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
|
||||
};
|
||||
|
||||
//
|
||||
// The most important thing about the variable payload is that it is a list of
|
||||
// lists, where the element size of any given *inner* list is constant.
|
||||
//
|
||||
// Since X509 certificates vary in size, each of our *inner* lists will contain
|
||||
// one element only (one X.509 certificate). This is explicitly mentioned in
|
||||
// the UEFI specification, in "28.4.1 Signature Database", in a Note.
|
||||
//
|
||||
// The list structure looks as follows:
|
||||
//
|
||||
// struct EFI_VARIABLE_AUTHENTICATION_2 { |
|
||||
// struct EFI_TIME { |
|
||||
// UINT16 Year; |
|
||||
// UINT8 Month; |
|
||||
// UINT8 Day; |
|
||||
// UINT8 Hour; |
|
||||
// UINT8 Minute; |
|
||||
// UINT8 Second; |
|
||||
// UINT8 Pad1; |
|
||||
// UINT32 Nanosecond; |
|
||||
// INT16 TimeZone; |
|
||||
// UINT8 Daylight; |
|
||||
// UINT8 Pad2; |
|
||||
// } TimeStamp; |
|
||||
// |
|
||||
// struct WIN_CERTIFICATE_UEFI_GUID { | |
|
||||
// struct WIN_CERTIFICATE { | |
|
||||
// UINT32 dwLength; ----------------------------------------+ |
|
||||
// UINT16 wRevision; | |
|
||||
// UINT16 wCertificateType; | |
|
||||
// } Hdr; | +- DataSize
|
||||
// | |
|
||||
// EFI_GUID CertType; | |
|
||||
// UINT8 CertData[1] = { <--- "struct hack" | |
|
||||
// struct EFI_SIGNATURE_LIST { | | |
|
||||
// EFI_GUID SignatureType; | | |
|
||||
// UINT32 SignatureListSize; -------------------------+ | |
|
||||
// UINT32 SignatureHeaderSize; | | |
|
||||
// UINT32 SignatureSize; ---------------------------+ | | |
|
||||
// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
|
||||
// v | | |
|
||||
// struct EFI_SIGNATURE_DATA { | | | |
|
||||
// EFI_GUID SignatureOwner; | | | |
|
||||
// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
|
||||
// X.509 payload | | | |
|
||||
// } | | | |
|
||||
// } Signatures[]; | | |
|
||||
// } SigLists[]; | |
|
||||
// }; | |
|
||||
// } AuthInfo; | |
|
||||
// }; |
|
||||
//
|
||||
// Given that the "struct hack" invokes undefined behavior (which is why C99
|
||||
// introduced the flexible array member), and because subtracting those pesky
|
||||
// sizes of 1 is annoying, and because the format is fully specified in the
|
||||
// UEFI specification, we'll introduce two matching convenience structures that
|
||||
// are customized for our X.509 purposes.
|
||||
//
|
||||
#pragma pack (1)
|
||||
typedef struct {
|
||||
EFI_TIME TimeStamp;
|
||||
|
||||
//
|
||||
// dwLength covers data below
|
||||
//
|
||||
UINT32 dwLength;
|
||||
UINT16 wRevision;
|
||||
UINT16 wCertificateType;
|
||||
EFI_GUID CertType;
|
||||
} SINGLE_HEADER;
|
||||
|
||||
typedef struct {
|
||||
//
|
||||
// SignatureListSize covers data below
|
||||
//
|
||||
EFI_GUID SignatureType;
|
||||
UINT32 SignatureListSize;
|
||||
UINT32 SignatureHeaderSize; // constant 0
|
||||
UINT32 SignatureSize;
|
||||
|
||||
//
|
||||
// SignatureSize covers data below
|
||||
//
|
||||
EFI_GUID SignatureOwner;
|
||||
|
||||
//
|
||||
// X.509 certificate follows
|
||||
//
|
||||
} REPEATING_HEADER;
|
||||
#pragma pack ()
|
||||
|
||||
/**
|
||||
Enroll a set of certificates in a global variable, overwriting it.
|
||||
|
||||
|
@ -844,14 +755,6 @@ GetExact (
|
|||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
typedef struct {
|
||||
UINT8 SetupMode;
|
||||
UINT8 SecureBoot;
|
||||
UINT8 SecureBootEnable;
|
||||
UINT8 CustomMode;
|
||||
UINT8 VendorKeys;
|
||||
} SETTINGS;
|
||||
|
||||
STATIC
|
||||
EFI_STATUS
|
||||
GetSettings (
|
||||
|
|
|
@ -0,0 +1,121 @@
|
|||
/** @file
|
||||
Type definitions for the EnrollDefaultKeys application.
|
||||
|
||||
Copyright (C) 2014-2019, Red Hat, Inc.
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
**/
|
||||
|
||||
#ifndef ENROLL_DEFAULT_KEYS_H_
|
||||
#define ENROLL_DEFAULT_KEYS_H_
|
||||
|
||||
#include <Uefi/UefiBaseType.h>
|
||||
|
||||
//
|
||||
// Convenience structure types for constructing "signature lists" for
|
||||
// authenticated UEFI variables.
|
||||
//
|
||||
// The most important thing about the variable payload is that it is a list of
|
||||
// lists, where the element size of any given *inner* list is constant.
|
||||
//
|
||||
// Since X509 certificates vary in size, each of our *inner* lists will contain
|
||||
// one element only (one X.509 certificate). This is explicitly mentioned in
|
||||
// the UEFI specification, in "28.4.1 Signature Database", in a Note.
|
||||
//
|
||||
// The list structure looks as follows:
|
||||
//
|
||||
// struct EFI_VARIABLE_AUTHENTICATION_2 { |
|
||||
// struct EFI_TIME { |
|
||||
// UINT16 Year; |
|
||||
// UINT8 Month; |
|
||||
// UINT8 Day; |
|
||||
// UINT8 Hour; |
|
||||
// UINT8 Minute; |
|
||||
// UINT8 Second; |
|
||||
// UINT8 Pad1; |
|
||||
// UINT32 Nanosecond; |
|
||||
// INT16 TimeZone; |
|
||||
// UINT8 Daylight; |
|
||||
// UINT8 Pad2; |
|
||||
// } TimeStamp; |
|
||||
// |
|
||||
// struct WIN_CERTIFICATE_UEFI_GUID { | |
|
||||
// struct WIN_CERTIFICATE { | |
|
||||
// UINT32 dwLength; ----------------------------------------+ |
|
||||
// UINT16 wRevision; | |
|
||||
// UINT16 wCertificateType; | |
|
||||
// } Hdr; | +- DataSize
|
||||
// | |
|
||||
// EFI_GUID CertType; | |
|
||||
// UINT8 CertData[1] = { <--- "struct hack" | |
|
||||
// struct EFI_SIGNATURE_LIST { | | |
|
||||
// EFI_GUID SignatureType; | | |
|
||||
// UINT32 SignatureListSize; -------------------------+ | |
|
||||
// UINT32 SignatureHeaderSize; | | |
|
||||
// UINT32 SignatureSize; ---------------------------+ | | |
|
||||
// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
|
||||
// v | | |
|
||||
// struct EFI_SIGNATURE_DATA { | | | |
|
||||
// EFI_GUID SignatureOwner; | | | |
|
||||
// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
|
||||
// X.509 payload | | | |
|
||||
// } | | | |
|
||||
// } Signatures[]; | | |
|
||||
// } SigLists[]; | |
|
||||
// }; | |
|
||||
// } AuthInfo; | |
|
||||
// }; |
|
||||
//
|
||||
// Given that the "struct hack" invokes undefined behavior (which is why C99
|
||||
// introduced the flexible array member), and because subtracting those pesky
|
||||
// sizes of 1 is annoying, and because the format is fully specified in the
|
||||
// UEFI specification, we'll introduce two matching convenience structures that
|
||||
// are customized for our X.509 purposes.
|
||||
//
|
||||
#pragma pack (1)
|
||||
typedef struct {
|
||||
EFI_TIME TimeStamp;
|
||||
|
||||
//
|
||||
// dwLength covers data below
|
||||
//
|
||||
UINT32 dwLength;
|
||||
UINT16 wRevision;
|
||||
UINT16 wCertificateType;
|
||||
EFI_GUID CertType;
|
||||
} SINGLE_HEADER;
|
||||
|
||||
typedef struct {
|
||||
//
|
||||
// SignatureListSize covers data below
|
||||
//
|
||||
EFI_GUID SignatureType;
|
||||
UINT32 SignatureListSize;
|
||||
UINT32 SignatureHeaderSize; // constant 0
|
||||
UINT32 SignatureSize;
|
||||
|
||||
//
|
||||
// SignatureSize covers data below
|
||||
//
|
||||
EFI_GUID SignatureOwner;
|
||||
|
||||
//
|
||||
// X.509 certificate follows
|
||||
//
|
||||
} REPEATING_HEADER;
|
||||
#pragma pack ()
|
||||
|
||||
|
||||
//
|
||||
// A structure that collects the values of UEFI variables related to Secure
|
||||
// Boot.
|
||||
//
|
||||
typedef struct {
|
||||
UINT8 SetupMode;
|
||||
UINT8 SecureBoot;
|
||||
UINT8 SecureBootEnable;
|
||||
UINT8 CustomMode;
|
||||
UINT8 VendorKeys;
|
||||
} SETTINGS;
|
||||
|
||||
#endif /* ENROLL_DEFAULT_KEYS_H_ */
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
[Sources]
|
||||
EnrollDefaultKeys.c
|
||||
EnrollDefaultKeys.h
|
||||
|
||||
[Packages]
|
||||
MdeModulePkg/MdeModulePkg.dec
|
||||
|
|
Loading…
Reference in New Issue