From 1c9418fcafe3d2eea336be092d9cdd29762537fe Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 25 Apr 2019 15:27:57 +0200
Subject: [PATCH] OvmfPkg/EnrollDefaultKeys: extract typedefs to a header file
"EnrollDefaultKeys.c" defines three structure types: SINGLE_HEADER,
REPEATING_HEADER, and SETTINGS. The definitions are scattered over the C
file, and lack high-level summary comments.
Extract the structures to "EnrollDefaultKeys.h", and add the missing
comments.
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Julien Grall <julien.grall@arm.com>
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1747
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Gary Lin <glin@suse.com>
---
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 101 +--------------
OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h | 121 ++++++++++++++++++
.../EnrollDefaultKeys/EnrollDefaultKeys.inf | 1 +
3 files changed, 124 insertions(+), 99 deletions(-)
create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
index 671efef8d6..fefea66388 100644
--- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
@@ -15,6 +15,8 @@
#include <Library/UefiLib.h> // AsciiPrint()
#include <Library/UefiRuntimeServicesTableLib.h> // gRT
+#include "EnrollDefaultKeys.h"
+
//
// We'll use the certificate below as both Platform Key and as first Key
// Exchange Key.
@@ -543,97 +545,6 @@ STATIC CONST EFI_GUID mMicrosoftOwnerGuid = {
{ 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
};
-//
-// The most important thing about the variable payload is that it is a list of
-// lists, where the element size of any given *inner* list is constant.
-//
-// Since X509 certificates vary in size, each of our *inner* lists will contain
-// one element only (one X.509 certificate). This is explicitly mentioned in
-// the UEFI specification, in "28.4.1 Signature Database", in a Note.
-//
-// The list structure looks as follows:
-//
-// struct EFI_VARIABLE_AUTHENTICATION_2 { |
-// struct EFI_TIME { |
-// UINT16 Year; |
-// UINT8 Month; |
-// UINT8 Day; |
-// UINT8 Hour; |
-// UINT8 Minute; |
-// UINT8 Second; |
-// UINT8 Pad1; |
-// UINT32 Nanosecond; |
-// INT16 TimeZone; |
-// UINT8 Daylight; |
-// UINT8 Pad2; |
-// } TimeStamp; |
-// |
-// struct WIN_CERTIFICATE_UEFI_GUID { | |
-// struct WIN_CERTIFICATE { | |
-// UINT32 dwLength; ----------------------------------------+ |
-// UINT16 wRevision; | |
-// UINT16 wCertificateType; | |
-// } Hdr; | +- DataSize
-// | |
-// EFI_GUID CertType; | |
-// UINT8 CertData[1] = { <--- "struct hack" | |
-// struct EFI_SIGNATURE_LIST { | | |
-// EFI_GUID SignatureType; | | |
-// UINT32 SignatureListSize; -------------------------+ | |
-// UINT32 SignatureHeaderSize; | | |
-// UINT32 SignatureSize; ---------------------------+ | | |
-// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
-// v | | |
-// struct EFI_SIGNATURE_DATA { | | | |
-// EFI_GUID SignatureOwner; | | | |
-// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
-// X.509 payload | | | |
-// } | | | |
-// } Signatures[]; | | |
-// } SigLists[]; | |
-// }; | |
-// } AuthInfo; | |
-// }; |
-//
-// Given that the "struct hack" invokes undefined behavior (which is why C99
-// introduced the flexible array member), and because subtracting those pesky
-// sizes of 1 is annoying, and because the format is fully specified in the
-// UEFI specification, we'll introduce two matching convenience structures that
-// are customized for our X.509 purposes.
-//
-#pragma pack (1)
-typedef struct {
- EFI_TIME TimeStamp;
-
- //
- // dwLength covers data below
- //
- UINT32 dwLength;
- UINT16 wRevision;
- UINT16 wCertificateType;
- EFI_GUID CertType;
-} SINGLE_HEADER;
-
-typedef struct {
- //
- // SignatureListSize covers data below
- //
- EFI_GUID SignatureType;
- UINT32 SignatureListSize;
- UINT32 SignatureHeaderSize; // constant 0
- UINT32 SignatureSize;
-
- //
- // SignatureSize covers data below
- //
- EFI_GUID SignatureOwner;
-
- //
- // X.509 certificate follows
- //
-} REPEATING_HEADER;
-#pragma pack ()
-
/**
Enroll a set of certificates in a global variable, overwriting it.
@@ -844,14 +755,6 @@ GetExact (
return EFI_SUCCESS;
}
-typedef struct {
- UINT8 SetupMode;
- UINT8 SecureBoot;
- UINT8 SecureBootEnable;
- UINT8 CustomMode;
- UINT8 VendorKeys;
-} SETTINGS;
-
STATIC
EFI_STATUS
GetSettings (
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h
new file mode 100644
index 0000000000..9bcd87ff4f
--- /dev/null
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.h
@@ -0,0 +1,121 @@
+/** @file
+ Type definitions for the EnrollDefaultKeys application.
+
+ Copyright (C) 2014-2019, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef ENROLL_DEFAULT_KEYS_H_
+#define ENROLL_DEFAULT_KEYS_H_
+
+#include <Uefi/UefiBaseType.h>
+
+//
+// Convenience structure types for constructing "signature lists" for
+// authenticated UEFI variables.
+//
+// The most important thing about the variable payload is that it is a list of
+// lists, where the element size of any given *inner* list is constant.
+//
+// Since X509 certificates vary in size, each of our *inner* lists will contain
+// one element only (one X.509 certificate). This is explicitly mentioned in
+// the UEFI specification, in "28.4.1 Signature Database", in a Note.
+//
+// The list structure looks as follows:
+//
+// struct EFI_VARIABLE_AUTHENTICATION_2 { |
+// struct EFI_TIME { |
+// UINT16 Year; |
+// UINT8 Month; |
+// UINT8 Day; |
+// UINT8 Hour; |
+// UINT8 Minute; |
+// UINT8 Second; |
+// UINT8 Pad1; |
+// UINT32 Nanosecond; |
+// INT16 TimeZone; |
+// UINT8 Daylight; |
+// UINT8 Pad2; |
+// } TimeStamp; |
+// |
+// struct WIN_CERTIFICATE_UEFI_GUID { | |
+// struct WIN_CERTIFICATE { | |
+// UINT32 dwLength; ----------------------------------------+ |
+// UINT16 wRevision; | |
+// UINT16 wCertificateType; | |
+// } Hdr; | +- DataSize
+// | |
+// EFI_GUID CertType; | |
+// UINT8 CertData[1] = { <--- "struct hack" | |
+// struct EFI_SIGNATURE_LIST { | | |
+// EFI_GUID SignatureType; | | |
+// UINT32 SignatureListSize; -------------------------+ | |
+// UINT32 SignatureHeaderSize; | | |
+// UINT32 SignatureSize; ---------------------------+ | | |
+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | |
+// v | | |
+// struct EFI_SIGNATURE_DATA { | | | |
+// EFI_GUID SignatureOwner; | | | |
+// UINT8 SignatureData[1] = { <--- "struct hack" | | | |
+// X.509 payload | | | |
+// } | | | |
+// } Signatures[]; | | |
+// } SigLists[]; | |
+// }; | |
+// } AuthInfo; | |
+// }; |
+//
+// Given that the "struct hack" invokes undefined behavior (which is why C99
+// introduced the flexible array member), and because subtracting those pesky
+// sizes of 1 is annoying, and because the format is fully specified in the
+// UEFI specification, we'll introduce two matching convenience structures that
+// are customized for our X.509 purposes.
+//
+#pragma pack (1)
+typedef struct {
+ EFI_TIME TimeStamp;
+
+ //
+ // dwLength covers data below
+ //
+ UINT32 dwLength;
+ UINT16 wRevision;
+ UINT16 wCertificateType;
+ EFI_GUID CertType;
+} SINGLE_HEADER;
+
+typedef struct {
+ //
+ // SignatureListSize covers data below
+ //
+ EFI_GUID SignatureType;
+ UINT32 SignatureListSize;
+ UINT32 SignatureHeaderSize; // constant 0
+ UINT32 SignatureSize;
+
+ //
+ // SignatureSize covers data below
+ //
+ EFI_GUID SignatureOwner;
+
+ //
+ // X.509 certificate follows
+ //
+} REPEATING_HEADER;
+#pragma pack ()
+
+
+//
+// A structure that collects the values of UEFI variables related to Secure
+// Boot.
+//
+typedef struct {
+ UINT8 SetupMode;
+ UINT8 SecureBoot;
+ UINT8 SecureBootEnable;
+ UINT8 CustomMode;
+ UINT8 VendorKeys;
+} SETTINGS;
+
+#endif /* ENROLL_DEFAULT_KEYS_H_ */
diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
index 3a215df508..9f315a8e6d 100644
--- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
@@ -16,6 +16,7 @@
[Sources]
EnrollDefaultKeys.c
+ EnrollDefaultKeys.h
[Packages]
MdeModulePkg/MdeModulePkg.dec