tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

1. Remove “Force clear PK” feature in AuthVarialbe driver. 

2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.

Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
sfu5 2012-03-27 08:17:23 +00:00
parent f95f107c8e
commit ecc722ad41
19 changed files with 6763 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
View File

@ -4,7 +4,7 @@
AuthenticatedVariableFormat.h defines variable data headers
and variable storage region headers.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -35,6 +35,20 @@ extern EFI_GUID gEfiSecureBootEnableDisableGuid;
#define SECURE_BOOT_ENABLE 1
#define SECURE_BOOT_DISABLE 0
extern EFI_GUID gEfiCustomModeEnableGuid;
///
/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
/// Standard Secure Boot mode is the default mode as UEFI Spec's description.
/// Custom Secure Boot mode allows for more flexibility as specified in the following:
/// Can enroll or delete PK without existing PK's private key.
/// Can enroll or delete KEK without existing PK's private key.
/// Can enroll or delete signature from DB/DBX without KEK's private key.
///
#define EFI_CUSTOM_MODE_NAME L"CustomMode"
#define CUSTOM_SECURE_BOOT_MODE 1
#define STANDARD_SECURE_BOOT_MODE 0
///
/// Alignment of variable name and data, according to the architecture:
/// * For IA-32 and Intel(R) 64 architectures: 1.

26
SecurityPkg/Include/Library/PlatformSecureLib.h
View File

@ -1,7 +1,7 @@
/** @file
Provides a secure platform-specific method to clear PK(Platform Key).
Provides a secure platform-specific method to detect physically present user.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -18,25 +18,25 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
This function detects whether a secure platform-specific method to clear PK(Platform Key)
is configured by platform owner. This method is provided for users force to clear PK
in case incorrect enrollment mis-haps.
UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using
a secure platform-specific method. In this case, the global variable SetupMode
must also be updated to 1.
This function provides a platform-specific method to detect whether the platform
is operating by a physically present user.
Programmatic changing of platform security policy (such as disable Secure Boot,
or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
Boot Services or after exiting EFI Boot Services. Only a physically present user
is allowed to perform these operations.
NOTE THAT: This function cannot depend on any EFI Variable Service since they are
not available when this function is called in AuthenticateVariable driver.
@retval TRUE The Platform owner wants to force clear PK.
@retval FALSE The Platform owner doesn't want to force clear PK.
@retval TRUE The platform is operated by a physically present user.
@retval FALSE The platform is NOT operated by a physically present user.
**/
BOOLEAN
EFIAPI
ForceClearPK (
UserPhysicalPresent (
VOID
);
#endif
#endif

28
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
View File

@ -1,7 +1,7 @@
/** @file
Provides a secure platform-specific method to clear PK(Platform Key).
Provides a secure platform-specific method to detect physically present user.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -14,24 +14,24 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
/**
This function detects whether a secure platform-specific method to clear PK(Platform Key)
is configured by platform owner. This method is provided for users force to clear PK
in case incorrect enrollment mis-haps.
UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using
a secure platform-specific method. In this case, the global variable SetupMode
must also be updated to 1.
This function provides a platform-specific method to detect whether the platform
is operating by a physically present user.
Programmatic changing of platform security policy (such as disable Secure Boot,
or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
Boot Services or after exiting EFI Boot Services. Only a physically present user
is allowed to perform these operations.
NOTE THAT: This function cannot depend on any EFI Variable Service since they are
not available when this function is called in AuthenticateVariable driver.
@retval TRUE The Platform owner wants to force clear PK.
@retval FALSE The Platform owner doesn't want to force clear PK.
@retval TRUE The platform is operated by a physically present user.
@retval FALSE The platform is NOT operated by a physically present user.
**/
BOOLEAN
EFIAPI
ForceClearPK (
UserPhysicalPresent (
VOID
)
{

2
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
View File

@ -1,5 +1,5 @@
## @file
# Provides a secure platform-specific method to clear PK(Platform Key).
# Provides a secure platform-specific method to detect physically present user.
#
# Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials

5
SecurityPkg/SecurityPkg.dec
View File

@ -2,7 +2,7 @@
# This package includes the security drivers, defintions(including PPIs/PROTOCOLs/GUIDs
# and library classes) and libraries instances.
#
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License which accompanies this distribution.
# The full text of the license may be found at
@ -37,6 +37,9 @@
# Include/Guid/AuthenticatedVariableFormat.h
gEfiSecureBootEnableDisableGuid = { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
# Include/Guid/AuthenticatedVariableFormat.h
gEfiCustomModeEnableGuid = { 0xc076ec0c, 0x7028, 0x4399, { 0xa0, 0x72, 0x71, 0xee, 0x5c, 0x44, 0x8b, 0x9f } }
## Include/Guid/TcgEventHob.h
gTcgEventEntryHobGuid = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}

315
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -2,7 +2,7 @@
Implement authentication services for the authenticated variable
service in UEFI2.2.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -65,6 +65,53 @@ EFI_SIGNATURE_ITEM mSupportSigItem[] = {
{EFI_CERT_SHA512_GUID, 0, 64 }
};
/**
Determine whether this operation needs a physical present user.
@param[in] VariableName Name of the Variable.
@param[in] VendorGuid GUID of the Variable.
@retval TRUE This variable is protected, only a physical present user could set this variable.
@retval FALSE This variable is not protected.
**/
BOOLEAN
NeedPhysicallyPresent(
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
|| (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
return TRUE;
}
return FALSE;
}
/**
Determine whether the platform is operating in Custom Secure Boot mode.
@retval TRUE The platform is operating in Custom mode.
@retval FALSE The platform is operating in Standard mode.
**/
BOOLEAN
InCustomMode (
VOID
)
{
VARIABLE_POINTER_TRACK Variable;
FindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr != NULL && *(GetVariableDataPtr (Variable.CurrPtr)) == CUSTOM_SECURE_BOOT_MODE) {
return TRUE;
}
return FALSE;
}
/**
Internal function to delete a Variable given its name and GUID, no authentication
required.
@ -85,7 +132,7 @@ DeleteVariable (
EFI_STATUS Status;
VARIABLE_POINTER_TRACK Variable;
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
}
@ -116,6 +163,7 @@ AutenticatedVariableServiceInitialize (
UINTN CtxSize;
UINT8 SecureBootMode;
UINT8 SecureBootEnable;
UINT8 CustomMode;
//
// Initialize hash context.
@ -151,7 +199,8 @@ AutenticatedVariableServiceInitialize (
AUTHVAR_KEYDB_NAME,
&gEfiAuthenticatedVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
if (Variable.CurrPtr == NULL) {
@ -183,7 +232,7 @@ AutenticatedVariableServiceInitialize (
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
}
FindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, &PkVariable, &mVariableModuleGlobal->VariableGlobal);
FindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, &PkVariable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (PkVariable.CurrPtr == NULL) {
DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
} else {
@ -199,7 +248,8 @@ AutenticatedVariableServiceInitialize (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
if (Variable.CurrPtr == NULL) {
@ -235,7 +285,8 @@ AutenticatedVariableServiceInitialize (
EFI_SIGNATURE_SUPPORT_NAME,
&gEfiGlobalVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
if (Variable.CurrPtr == NULL) {
@ -259,7 +310,7 @@ AutenticatedVariableServiceInitialize (
// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
//
SecureBootEnable = SECURE_BOOT_MODE_DISABLE;
FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
FindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr != NULL) {
SecureBootEnable = *(GetVariableDataPtr (Variable.CurrPtr));
} else if (mPlatformMode == USER_MODE) {
@ -288,7 +339,7 @@ AutenticatedVariableServiceInitialize (
} else {
SecureBootMode = SECURE_BOOT_MODE_DISABLE;
}
FindVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
FindVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
Status = UpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
@ -309,33 +360,33 @@ AutenticatedVariableServiceInitialize (
DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));
//
// Detect whether a secure platform-specific method to clear PK(Platform Key)
// is configured by platform owner. This method is provided for users force to clear PK
// in case incorrect enrollment mis-haps.
// Check "CustomMode" variable's existence.
//
if (ForceClearPK ()) {
DEBUG ((EFI_D_INFO, "Variable PK/KEK/DB/DBX will be cleared in clear PK mode.\n"));
FindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr != NULL) {
CustomMode = *(GetVariableDataPtr (Variable.CurrPtr));
} else {
//
// 1. Clear PK.
// "CustomMode" not exist, initialize it in STANDARD_SECURE_BOOT_MODE.
//
Status = DeleteVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid);
CustomMode = STANDARD_SECURE_BOOT_MODE;
Status = UpdateVariable (
EFI_CUSTOM_MODE_NAME,
&gEfiCustomModeEnableGuid,
&CustomMode,
sizeof (UINT8),
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
0,
0,
&Variable,
NULL
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// 2. Update "SetupMode" variable to SETUP_MODE.
//
UpdatePlatformMode (SETUP_MODE);
//
// 3. Clear KEK, DB and DBX.
//
DeleteVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid);
DeleteVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid);
DeleteVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid);
}
DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));
return Status;
}
@ -367,7 +418,8 @@ AddPubKeyInStore (
AUTHVAR_KEYDB_NAME,
&gEfiAuthenticatedVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
ASSERT_EFI_ERROR (Status);
//
@ -551,7 +603,8 @@ UpdatePlatformMode (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
if (EFI_ERROR (Status)) {
return Status;
@ -592,7 +645,8 @@ UpdatePlatformMode (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
//
// If "SecureBoot" variable exists, then check "SetupMode" variable update.
@ -634,7 +688,8 @@ UpdatePlatformMode (
EFI_SECURE_BOOT_ENABLE_NAME,
&gEfiSecureBootEnableDisableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
if (SecureBootMode == SECURE_BOOT_MODE_ENABLE) {
@ -811,7 +866,7 @@ ProcessVarWithPk (
return EFI_INVALID_PARAMETER;
}
if (mPlatformMode == USER_MODE) {
if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
//
@ -860,7 +915,8 @@ ProcessVarWithPk (
EFI_PLATFORM_KEY_NAME,
&gEfiGlobalVariableGuid,
&PkVariable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
ASSERT_EFI_ERROR (Status);
@ -901,7 +957,7 @@ ProcessVarWithPk (
}
} else {
//
// Process PK or KEK in Setup mode.
// Process PK or KEK in Setup mode or Custom Secure Boot mode.
//
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
//
@ -945,12 +1001,20 @@ ProcessVarWithPk (
Variable,
TimeStamp
);
//
// If enroll PK in setup mode, need change to user mode.
//
if ((DataSize != 0) && IsPk) {
Status = UpdatePlatformMode (USER_MODE);
}
if (IsPk) {
if (PayloadSize != 0) {
//
// If enroll PK in setup mode, need change to user mode.
//
Status = UpdatePlatformMode (USER_MODE);
} else {
//
// If delete PK in custom mode, need change to setup mode.
//
UpdatePlatformMode (SETUP_MODE);
}
}
}
return Status;
@ -996,85 +1060,116 @@ ProcessVarWithKek (
UINT8 *Payload;
UINTN PayloadSize;
UINT64 MonotonicCount;
EFI_TIME *TimeStamp;
if (mPlatformMode == USER_MODE) {
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) {
//
// DB and DBX should set EFI_VARIABLE_NON_VOLATILE attribute.
//
return EFI_INVALID_PARAMETER;
}
Status = EFI_SUCCESS;
if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) &&
((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)){
//
// In user mode, should set EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute.
// In user mode, should set EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or
// EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute.
//
return EFI_INVALID_PARAMETER;
}
CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
if ((Variable->CurrPtr != NULL) && (CertData->MonotonicCount <= Variable->CurrPtr->MonotonicCount)) {
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
// Time-based, verify against X509 Cert KEK.
//
return EFI_SECURITY_VIOLATION;
}
//
// Get KEK database from variable.
//
Status = FindVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
&KekVariable,
&mVariableModuleGlobal->VariableGlobal
);
ASSERT_EFI_ERROR (Status);
KekDataSize = KekVariable.CurrPtr->DataSize;
KekList = (EFI_SIGNATURE_LIST *) GetVariableDataPtr (KekVariable.CurrPtr);
//
// Enumerate all Kek items in this list to verify the variable certificate data.
// If anyone is authenticated successfully, it means the variable is correct!
//
IsFound = FALSE;
while ((KekDataSize > 0) && (KekDataSize >= KekList->SignatureListSize)) {
if (CompareGuid (&KekList->SignatureType, &gEfiCertRsa2048Guid)) {
KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize);
KekCount = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize;
for (Index = 0; Index < KekCount; Index++) {
if (CompareMem (KekItem->SignatureData, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
IsFound = TRUE;
break;
}
KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekItem + KekList->SignatureSize);
}
return VerifyTimeBasedPayload (VariableName, VendorGuid, Data, DataSize, Variable, Attributes, FALSE, NULL);
} else if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
//
// Counter-based, verify against RSA2048 Cert KEK.
//
CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
if ((Variable->CurrPtr != NULL) && (CertData->MonotonicCount <= Variable->CurrPtr->MonotonicCount)) {
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
KekDataSize -= KekList->SignatureListSize;
KekList = (EFI_SIGNATURE_LIST *) ((UINT8 *) KekList + KekList->SignatureListSize);
}
if (!IsFound) {
return EFI_SECURITY_VIOLATION;
}
Status = VerifyCounterBasedPayload (Data, DataSize, CertBlock->PublicKey);
if (!EFI_ERROR (Status)) {
Status = UpdateVariable (
VariableName,
VendorGuid,
(UINT8*)Data + AUTHINFO_SIZE,
DataSize - AUTHINFO_SIZE,
Attributes,
0,
CertData->MonotonicCount,
Variable,
NULL
//
// Get KEK database from variable.
//
Status = FindVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
&KekVariable,
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
ASSERT_EFI_ERROR (Status);
KekDataSize = KekVariable.CurrPtr->DataSize;
KekList = (EFI_SIGNATURE_LIST *) GetVariableDataPtr (KekVariable.CurrPtr);
//
// Enumerate all Kek items in this list to verify the variable certificate data.
// If anyone is authenticated successfully, it means the variable is correct!
//
IsFound = FALSE;
while ((KekDataSize > 0) && (KekDataSize >= KekList->SignatureListSize)) {
if (CompareGuid (&KekList->SignatureType, &gEfiCertRsa2048Guid)) {
KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize);
KekCount = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize;
for (Index = 0; Index < KekCount; Index++) {
if (CompareMem (KekItem->SignatureData, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
IsFound = TRUE;
break;
}
KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekItem + KekList->SignatureSize);
}
}
KekDataSize -= KekList->SignatureListSize;
KekList = (EFI_SIGNATURE_LIST *) ((UINT8 *) KekList + KekList->SignatureListSize);
}
if (!IsFound) {
return EFI_SECURITY_VIOLATION;
}
Status = VerifyCounterBasedPayload (Data, DataSize, CertBlock->PublicKey);
if (!EFI_ERROR (Status)) {
Status = UpdateVariable (
VariableName,
VendorGuid,
(UINT8*)Data + AUTHINFO_SIZE,
DataSize - AUTHINFO_SIZE,
Attributes,
0,
CertData->MonotonicCount,
Variable,
NULL
);
}
}
} else {
//
// If in setup mode, no authentication needed.
// If in setup mode or custom secure boot mode, no authentication needed.
//
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
//
// Time-based Authentication descriptor.
//
MonotonicCount = 0;
TimeStamp = &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp;
Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
} else if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
//
// Counter-based Authentication descriptor.
//
MonotonicCount = ((EFI_VARIABLE_AUTHENTICATION *) Data)->MonotonicCount;
TimeStamp = NULL;
Payload = (UINT8*) Data + AUTHINFO_SIZE;
PayloadSize = DataSize - AUTHINFO_SIZE;
} else {
@ -1082,6 +1177,7 @@ ProcessVarWithKek (
// No Authentication descriptor.
//
MonotonicCount = 0;
TimeStamp = NULL;
Payload = Data;
PayloadSize = DataSize;
}
@ -1095,7 +1191,7 @@ ProcessVarWithKek (
0,
MonotonicCount,
Variable,
NULL
TimeStamp
);
}
@ -1148,6 +1244,13 @@ ProcessVariable (
PubKey = NULL;
IsDeletion = FALSE;
if (NeedPhysicallyPresent(VariableName, VendorGuid) && !UserPhysicalPresent()) {
//
// This variable is protected, only physical present user could modify its value.
//
return EFI_SECURITY_VIOLATION;
}
//
// Process Time-based Authenticated variable.
//
@ -1538,7 +1641,8 @@ VerifyTimeBasedPayload (
EFI_PLATFORM_KEY_NAME,
&gEfiGlobalVariableGuid,
&PkVariable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
if (EFI_ERROR (Status)) {
return Status;
@ -1571,7 +1675,8 @@ VerifyTimeBasedPayload (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid,
&KekVariable,
&mVariableModuleGlobal->VariableGlobal
&mVariableModuleGlobal->VariableGlobal,
FALSE
);
if (EFI_ERROR (Status)) {
return Status;

65
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
View File

@ -718,17 +718,19 @@ Reclaim (
/**
Find the variable in the specified variable store.
@param VariableName Name of the variable to be found
@param VendorGuid Vendor GUID to be found.
@param PtrTrack Variable Track Pointer structure that contains Variable Information.
@param[in] VariableName Name of the variable to be found
@param[in] VendorGuid Vendor GUID to be found.
@param[in] IgnoreRtAttribute Ignore RUNTIME_ACCESS attribute when searching variable.
@param[in, out] PtrTrack Variable Track Pointer structure that contains Variable Information.
@retval EFI_SUCCESS Variable found successfully
@retval EFI_NOT_FOUND Variable not found
@retval EFI_SUCCESS Variable found successfully
@retval EFI_NOT_FOUND Variable not found
**/
EFI_STATUS
FindVariableEx (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN BOOLEAN IgnoreRtAttribute,
IN OUT VARIABLE_POINTER_TRACK *PtrTrack
)
{
@ -747,7 +749,7 @@ FindVariableEx (
if (PtrTrack->CurrPtr->State == VAR_ADDED ||
PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)
) {
if (!AtRuntime () || ((PtrTrack->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) {
if (IgnoreRtAttribute || !AtRuntime () || ((PtrTrack->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) {
if (VariableName[0] == 0) {
if (PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {
InDeletedVariable = PtrTrack->CurrPtr;
@ -783,15 +785,18 @@ FindVariableEx (
This code finds variable in storage blocks of volatile and non-volatile storage areas.
If VariableName is an empty string, then we just return the first
qualified variable without comparing VariableName and VendorGuid.
Otherwise, VariableName and VendorGuid are compared.
If IgnoreRtAttribute is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS Attribute
when searching existing variable, only VariableName and VendorGuid are compared.
Otherwise, variables with EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime.
@param VariableName Name of the variable to be found.
@param VendorGuid Vendor GUID to be found.
@param PtrTrack VARIABLE_POINTER_TRACK structure for output,
@param[in] VariableName Name of the variable to be found.
@param[in] VendorGuid Vendor GUID to be found.
@param[out] PtrTrack VARIABLE_POINTER_TRACK structure for output,
including the range searched and the target position.
@param Global Pointer to VARIABLE_GLOBAL structure, including
@param[in] Global Pointer to VARIABLE_GLOBAL structure, including
base of volatile variable storage area, base of
NV variable storage area, and a lock.
@param[in] IgnoreRtAttribute Ignore RUNTIME_ACCESS attribute when searching variable.
@retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while
VendorGuid is NULL.
@ -804,7 +809,8 @@ FindVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT VARIABLE_POINTER_TRACK *PtrTrack,
IN VARIABLE_GLOBAL *Global
IN VARIABLE_GLOBAL *Global,
IN BOOLEAN IgnoreRtAttribute
)
{
EFI_STATUS Status;
@ -836,7 +842,7 @@ FindVariable (
PtrTrack->EndPtr = GetEndPointer (VariableStoreHeader[Type]);
PtrTrack->Volatile = (BOOLEAN) (Type == VariableStoreTypeVolatile);
Status = FindVariableEx (VariableName, VendorGuid, PtrTrack);
Status = FindVariableEx (VariableName, VendorGuid, IgnoreRtAttribute, PtrTrack);
if (!EFI_ERROR (Status)) {
return Status;
}
@ -1238,7 +1244,7 @@ AutoUpdateLangVariable (
// Update Lang if PlatformLang is already set
// Update PlatformLang if Lang is already set
//
Status = FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
Status = FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (!EFI_ERROR (Status)) {
//
// Update Lang
@ -1247,7 +1253,7 @@ AutoUpdateLangVariable (
Data = GetVariableDataPtr (Variable.CurrPtr);
DataSize = Variable.CurrPtr->DataSize;
} else {
Status = FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
Status = FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (!EFI_ERROR (Status)) {
//
// Update PlatformLang
@ -1292,7 +1298,7 @@ AutoUpdateLangVariable (
//
// Successfully convert PlatformLang to Lang, and set the BestLang value into Lang variable simultaneously.
//
FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
Status = UpdateVariable (L"Lang", &gEfiGlobalVariableGuid, BestLang,
ISO_639_2_ENTRY_SIZE + 1, Attributes, 0, 0, &Variable, NULL);
@ -1326,7 +1332,7 @@ AutoUpdateLangVariable (
//
// Successfully convert Lang to PlatformLang, and set the BestPlatformLang value into PlatformLang variable simultaneously.
//
FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
Status = UpdateVariable (L"PlatformLang", &gEfiGlobalVariableGuid, BestPlatformLang,
AsciiStrSize (BestPlatformLang), Attributes, 0, 0, &Variable, NULL);
@ -1456,6 +1462,14 @@ UpdateVariable (
Status = EFI_INVALID_PARAMETER;
goto Done;
}
//
// Only variable that have RT attributes can be updated/deleted in Runtime.
//
if ((Variable->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) {
Status = EFI_INVALID_PARAMETER;
goto Done;
}
}
//
@ -1905,7 +1919,7 @@ VariableServiceGetVariable (
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
goto Done;
}
@ -1980,7 +1994,7 @@ VariableServiceGetNextVariableName (
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
goto Done;
}
@ -2057,6 +2071,7 @@ VariableServiceGetNextVariableName (
Status = FindVariableEx (
GetVariableNamePtr (Variable.CurrPtr),
&Variable.CurrPtr->VendorGuid,
FALSE,
&VariableInHob
);
if (!EFI_ERROR (Status)) {
@ -2220,8 +2235,13 @@ VariableServiceSetVariable (
//
// Check whether the input variable is already existed.
//
FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal);
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, TRUE);
if (!EFI_ERROR (Status)) {
if (((Variable.CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) && AtRuntime ()) {
return EFI_WRITE_PROTECTED;
}
}
//
// Hook the operation of setting PlatformLangCodes/PlatformLang and LangCodes/Lang.
//
@ -2233,7 +2253,8 @@ VariableServiceSetVariable (
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, TRUE);
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE);
} else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0)) {
} else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);
} else {
Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes);

20
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
View File

@ -2,7 +2,7 @@
The internal header file includes the common header files, defines
internal structure and functions used by Variable modules.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -120,20 +120,23 @@ FtwVariableSpace (
This code finds variable in storage blocks of volatile and non-volatile storage areas.
If VariableName is an empty string, then we just return the first
qualified variable without comparing VariableName and VendorGuid.
Otherwise, VariableName and VendorGuid are compared.
If IgnoreRtAttribute is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS Attribute
when searching existing variable, only VariableName and VendorGuid are compared.
Otherwise, variables with EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime.
@param VariableName Name of the variable to be found.
@param VendorGuid Vendor GUID to be found.
@param PtrTrack VARIABLE_POINTER_TRACK structure for output,
@param[in] VariableName Name of the variable to be found.
@param[in] VendorGuid Vendor GUID to be found.
@param[out] PtrTrack VARIABLE_POINTER_TRACK structure for output,
including the range searched and the target position.
@param Global Pointer to VARIABLE_GLOBAL structure, including
@param[in] Global Pointer to VARIABLE_GLOBAL structure, including
base of volatile variable storage area, base of
NV variable storage area, and a lock.
@param[in] IgnoreRtAttribute Ignore RUNTIME_ACCESS attribute when searching variable.
@retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while
VendorGuid is NULL.
@retval EFI_SUCCESS Variable successfully found.
@retval EFI_INVALID_PARAMETER Variable not found.
@retval EFI_NOT_FOUND Variable not found
**/
EFI_STATUS
@ -141,7 +144,8 @@ FindVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT VARIABLE_POINTER_TRACK *PtrTrack,
IN VARIABLE_GLOBAL *Global
IN VARIABLE_GLOBAL *Global,
IN BOOLEAN IgnoreRtAttribute
);
/**

3
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
View File

@ -1,7 +1,7 @@
## @file
# Component description file for Authenticated Variable module.
#
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -73,6 +73,7 @@
gEfiCertPkcs7Guid
gEfiCertRsa2048Guid
gEfiSecureBootEnableDisableGuid
gEfiCustomModeEnableGuid
gEfiSystemNvDataFvGuid ## CONSUMES
[Pcd]

3
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
View File

@ -9,7 +9,7 @@
# SMM Runtime DXE module would install variable arch protocol and variable
# write arch protocol based on SMM variable module.
#
# Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -78,6 +78,7 @@
gEfiCertPkcs7Guid
gEfiCertRsa2048Guid
gEfiSecureBootEnableDisableGuid
gEfiCustomModeEnableGuid
gEfiSystemNvDataFvGuid ## CONSUMES
[Pcd]

453
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
View File

@ -1,7 +1,7 @@
/** @file
VFR file used by the SecureBoot configuration component.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -24,26 +24,471 @@ formset
varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID,
name = SECUREBOOT_CONFIGURATION,
guid = SECUREBOOT_CONFIG_FORM_SET_GUID;
//
// ##1 Form "Secure Boot Configuration"
//
form formid = SECUREBOOT_CONFIGURATION_FORM_ID,
title = STRING_TOKEN(STR_SECUREBOOT_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
//
// Define of Check Box: Attempt Secure Boot
//
suppressif TRUE;
checkbox varid = SECUREBOOT_CONFIGURATION.HideSecureBoot,
prompt = STRING_TOKEN(STR_NULL),
help = STRING_TOKEN(STR_NULL),
endcheckbox;
endif;
endif;
//
// Display of Check Box: Attempt Secure Boot
//
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
checkbox varid = SECUREBOOT_CONFIGURATION.SecureBootState,
questionid = KEY_SECURE_BOOT_ENABLE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_HELP),
flags = INTERACTIVE,
endcheckbox;
endif;
//
// Display of Oneof: 'Secure Boot Mode'
//
oneof varid = SECUREBOOT_CONFIGURATION.SecureBootMode,
questionid = KEY_SECURE_BOOT_MODE,
prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT),
help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP),
flags = INTERACTIVE,
option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT;
option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0;
endoneof;
//
//
// Display of 'Current Secure Boot Mode'
//
suppressif ideqval SECUREBOOT_CONFIGURATION.SecureBootMode == SECURE_BOOT_MODE_STANDARD;
grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_OPTION;
endif;
endif;
endform;
//
// ##2 Form: 'Custom Secure Boot Options'
//
form formid = FORMID_SECURE_BOOT_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_PK_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_PK_OPTION;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_KEK_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_KEK_OPTION;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_DB_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_DB_OPTION;
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_DBX_OPTION_FORM,
prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION),
help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_DBX_OPTION;
endform;
//
// ##3 Form: 'PK Options'
//
form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION);
subtitle text = STRING_TOKEN(STR_NULL);
//
// Define of Check Box: 'Delete PK'
//
suppressif TRUE;
checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
prompt = STRING_TOKEN(STR_NULL),
help = STRING_TOKEN(STR_NULL),
endcheckbox;
endif;
grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1;
goto FORMID_ENROLL_PK_FORM,
prompt = STRING_TOKEN(STR_ENROLL_PK),
help = STRING_TOKEN(STR_ENROLL_PK_HELP),
flags = INTERACTIVE,
key = KEY_ENROLL_PK;
endif;
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display of Check Box: 'Delete Pk'
//
grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1;
checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk,
questionid = KEY_SECURE_BOOT_DELETE_PK,
prompt = STRING_TOKEN(STR_DELETE_PK),
help = STRING_TOKEN(STR_DELETE_PK_HELP),
flags = INTERACTIVE,
endcheckbox;
endif;
endform;
//
// ##4 Form: 'Enroll PK'
//
form formid = FORMID_ENROLL_PK_FORM,
title = STRING_TOKEN(STR_ENROLL_PK);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_PK,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ADD_PK_FILE_FORM_ID;
endform;
//
// ##5 Form: 'KEK Options'
//
form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION);
//
// Display of 'Enroll KEK'
//
goto FORMID_ENROLL_KEK_FORM,
prompt = STRING_TOKEN(STR_ENROLL_KEK),
help = STRING_TOKEN(STR_ENROLL_KEK_HELP),
flags = INTERACTIVE;
subtitle text = STRING_TOKEN(STR_NULL);
//
// Display of 'Delete KEK'
//
goto FORMID_DELETE_KEK_FORM,
prompt = STRING_TOKEN(STR_DELETE_KEK),
help = STRING_TOKEN(STR_DELETE_KEK_HELP),
flags = INTERACTIVE,
key = KEY_DELETE_KEK;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// ##6 Form: 'Enroll KEK'
//
form formid = FORMID_ENROLL_KEK_FORM,
title = STRING_TOKEN(STR_ENROLL_KEK_TITLE);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_KEK,
prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE),
help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP),
flags = INTERACTIVE,
key = FORMID_ENROLL_KEK_FORM;
subtitle text = STRING_TOKEN(STR_NULL);
label FORMID_ENROLL_KEK_FORM;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_KEK_GUID,
minsize = SECURE_BOOT_GUID_SIZE,
maxsize = SECURE_BOOT_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_KEK;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK;
endform;
//
// ##7 Form: 'Delete KEK'
//
form formid = FORMID_DELETE_KEK_FORM,
title = STRING_TOKEN(STR_DELETE_KEK_TITLE);
label LABEL_KEK_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// ##8 Form: 'DB Options'
//
form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
flags = 0;
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
flags = INTERACTIVE,
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB;
endform;
//
// ##9 Form: 'DBX Options'
//
form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM,
title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION);
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE),
flags = 0;
subtitle text = STRING_TOKEN(STR_NULL);
goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE),
flags = INTERACTIVE,
key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX;
endform;
//
// Form: 'Delete Signature' for DB Options.
//
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB,
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
label LABEL_DB_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// Form: 'Delete Signature' for DBX Options.
//
form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBX,
title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE);
label LABEL_DBX_DELETE;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
endform;
//
// Form: 'Enroll Signature' for DB options.
//
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_DB,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
subtitle text = STRING_TOKEN(STR_NULL);
label SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB,
minsize = SECURE_BOOT_GUID_SIZE,
maxsize = SECURE_BOOT_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_DB;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_DB;
endform;
//
// Form: 'Enroll Signature' for DBX options.
//
form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX,
title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORM_FILE_EXPLORER_ID_DBX,
prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE),
flags = INTERACTIVE,
key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
subtitle text = STRING_TOKEN(STR_NULL);
label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
string varid = SECUREBOOT_CONFIGURATION.SignatureGuid,
prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID),
help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP),
flags = INTERACTIVE,
key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX,
minsize = SECURE_BOOT_GUID_SIZE,
maxsize = SECURE_BOOT_GUID_SIZE,
endstring;
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_NULL);
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_DBX;
goto FORMID_SECURE_BOOT_OPTION_FORM,
prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX;
endform;
//
// File Explorer for PK
//
form formid = FORM_FILE_EXPLORER_ID_PK,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// File Explorer for KEK
//
form formid = FORM_FILE_EXPLORER_ID_KEK,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// File Explorer for DB
//
form formid = FORM_FILE_EXPLORER_ID_DB,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// File Explorer for DBX
//
form formid = FORM_FILE_EXPLORER_ID_DBX,
title = STRING_TOKEN(STR_FILE_EXPLORER_TITLE);
label FORM_FILE_EXPLORER_ID;
label LABEL_END;
endform;
//
// Enroll Pk from File Commit Form
//
form formid = SECUREBOOT_ADD_PK_FILE_FORM_ID,
title = STRING_TOKEN(STR_SAVE_PK_FILE);
label SECUREBOOT_ADD_PK_FILE_FORM_ID;
label LABEL_END;
subtitle text = STRING_TOKEN(STR_NULL);
text
help = STRING_TOKEN(STR_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_NULL),
flags = INTERACTIVE,
key = KEY_VALUE_SAVE_AND_EXIT_PK;
text
help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_NO_SAVE_AND_EXIT),
text = STRING_TOKEN(STR_NULL),
flags = INTERACTIVE,
key = KEY_VALUE_NO_SAVE_AND_EXIT_PK;
endform;

1537
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c Normal file
View File

File diff suppressed because it is too large Load Diff

38
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
View File

@ -1,7 +1,7 @@
## @file
# Component name for SecureBoot configuration module.
#
# Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -27,6 +27,9 @@
[Sources]
SecureBootConfigDriver.c
SecureBootConfigImpl.c
SecureBootConfigFileExplorer.c
SecureBootConfigDevicePath.c
SecureBootConfigMisc.c
SecureBootConfigImpl.h
SecureBootConfig.vfr
SecureBootConfigStrings.uni
@ -36,10 +39,12 @@
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
BaseCryptLib
MemoryAllocationLib
UefiLib
UefiBootServicesTableLib
@ -48,15 +53,46 @@
UefiHiiServicesLib
DebugLib
HiiLib
PlatformSecureLib
[Guids]
gEfiIfrTianoGuid
gEfiCustomModeEnableGuid
gEfiSecureBootEnableDisableGuid
gSecureBootConfigFormSetGuid
gEfiCertRsa2048Guid ## CONSUMES
gEfiCertX509Guid ## CONSUMES
gEfiCertSha1Guid ## CONSUMES
gEfiCertSha256Guid ## CONSUMES
gEfiCertTypeRsa2048Sha256Guid ## CONSUMES
gEfiImageSecurityDatabaseGuid ## CONSUMES
gEfiFileSystemVolumeLabelInfoIdGuid ## CONSUMES
gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid
gEfiVT100PlusGuid ## CONSUMES ## GUID (The type of terminal)
gEfiVT100Guid ## CONSUMES ## GUID (The type of terminal)
## CONSUMES ## GUID HOB (The hob holding memory type information)
gEfiVTUTF8Guid ## CONSUMES ## GUID (The type of terminal)
## SOMETIMES_CONSUMES ## Variable:L"BootXX" (Boot option variable)
## CONSUMES ## Variable:L"Timeout" (The time out value in second of showing progress bar)
## SOMETIMES_CONSUMES ## Variable:L"BootOrder" (The boot option array)
## SOMETIMES_CONSUMES ## Variable:L"DriverOrder" (The driver order list)
## SOMETIMES_CONSUMES ## Variable:L"ConIn" (The device path of console in device)
## SOMETIMES_CONSUMES ## Variable:L"ConOut" (The device path of console out device)
## SOMETIMES_CONSUMES ## Variable:L"ErrOut" (The device path of error out device)
gEfiFileInfoGuid ## CONSUMES ## GUID
gEfiPcAnsiGuid ## CONSUMES ## GUID (The type of terminal)
gEfiUartDevicePathGuid ## CONSUMES ## GUID (Identify the device path for UARD device)
gEfiSasDevicePathGuid ## CONSUMES ## GUID (Identify the device path for SAS device)
[Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
gEfiHiiConfigRoutingProtocolGuid ## CONSUMES
gEfiSimpleFileSystemProtocolGuid ## PROTOCOL CONSUMES
gEfiLoadFileProtocolGuid ## PROTOCOL CONSUMES
gEfiBlockIoProtocolGuid ## PROTOCOL CONSUMES
gEfiDevicePathProtocolGuid ## PROTOCOL CONSUMES
gEfiDevicePathToTextProtocolGuid
gEfiDebugPortProtocolGuid
[Depex]
gEfiHiiConfigRoutingProtocolGuid AND

1227
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c Normal file
View File

File diff suppressed because it is too large Load Diff

2412
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

File diff suppressed because it is too large Load Diff

434
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
View File

@ -2,7 +2,7 @@
The header file of HII Config Access protocol implementation of SecureBoot
configuration module.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -20,6 +20,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/HiiConfigRouting.h>
#include <Protocol/SimpleFileSystem.h>
#include <Protocol/BlockIo.h>
#include <Protocol/DevicePath.h>
#include <Protocol/DevicePathToText.h>
#include <Protocol/DebugPort.h>
#include <Protocol/LoadFile.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
@ -32,17 +38,158 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/HiiLib.h>
#include <Library/DevicePathLib.h>
#include <Library/PrintLib.h>
#include <Library/PlatformSecureLib.h>
#include <Library/BaseCryptLib.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/FileSystemVolumeLabelInfo.h>
#include <Guid/ImageAuthentication.h>
#include <Guid/FileInfo.h>
#include "SecureBootConfigNvData.h"
//
// Tool generated IFR binary data and String package data
//
extern UINT8 SecureBootConfigBin[];
extern UINT8 SecureBootConfigDxeStrings[];
extern UINT8 SecureBootConfigBin[];
extern UINT8 SecureBootConfigDxeStrings[];
//
// Shared IFR form update data
//
extern VOID *mStartOpCodeHandle;
extern VOID *mEndOpCodeHandle;
extern EFI_IFR_GUID_LABEL *mStartLabel;
extern EFI_IFR_GUID_LABEL *mEndLabel;
#define MAX_CHAR 480
#define TWO_BYTE_ENCODE 0x82
//
// SHA-1 digest size in bytes.
//
#define SHA1_DIGEST_SIZE 20
//
// SHA-256 digest size in bytes
//
#define SHA256_DIGEST_SIZE 32
//
// Set max digest size as SHA256 Output (32 bytes) by far
//
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#define WIN_CERT_UEFI_RSA2048_SIZE 256
//
// Support hash types
//
#define HASHALG_SHA1 0x00000000
#define HASHALG_SHA224 0x00000001
#define HASHALG_SHA256 0x00000002
#define HASHALG_SHA384 0x00000003
#define HASHALG_SHA512 0x00000004
#define HASHALG_MAX 0x00000005
#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')
#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')
typedef struct {
EFI_DEVICE_PATH_PROTOCOL Header;
EFI_GUID Guid;
UINT8 VendorDefinedData[1];
} VENDOR_DEVICE_PATH_WITH_DATA;
typedef struct {
EFI_DEVICE_PATH_PROTOCOL Header;
UINT16 NetworkProtocol;
UINT16 LoginOption;
UINT64 Lun;
UINT16 TargetPortalGroupTag;
CHAR16 TargetName[1];
} ISCSI_DEVICE_PATH_WITH_NAME;
typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {
FileExplorerDisplayFileSystem,
FileExplorerDisplayDirectory,
FileExplorerDisplayUnknown
} FILE_EXPLORER_DISPLAY_CONTEXT;
typedef enum _FILE_EXPLORER_STATE {
FileExplorerStateInActive = 0,
FileExplorerStateEnrollPkFile,
FileExplorerStateEnrollKekFile,
FileExplorerStateEnrollSignatureFileToDb,
FileExplorerStateEnrollSignatureFileToDbx,
FileExplorerStateUnknown
} FILE_EXPLORER_STATE;
typedef struct {
CHAR16 *Str;
UINTN Len;
UINTN Maxlen;
} POOL_PRINT;
typedef
VOID
(*DEV_PATH_FUNCTION) (
IN OUT POOL_PRINT *Str,
IN VOID *DevPath
);
typedef struct {
UINT8 Type;
UINT8 SubType;
DEV_PATH_FUNCTION Function;
} DEVICE_PATH_STRING_TABLE;
typedef struct {
UINTN Signature;
LIST_ENTRY Head;
UINTN MenuNumber;
} SECUREBOOT_MENU_OPTION;
extern SECUREBOOT_MENU_OPTION FsOptionMenu;
extern SECUREBOOT_MENU_OPTION DirectoryMenu;
typedef struct {
UINTN Signature;
LIST_ENTRY Link;
UINTN OptionNumber;
UINT16 *DisplayString;
UINT16 *HelpString;
EFI_STRING_ID DisplayStringToken;
EFI_STRING_ID HelpStringToken;
VOID *FileContext;
} SECUREBOOT_MENU_ENTRY;
typedef struct {
EFI_HANDLE Handle;
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
EFI_FILE_HANDLE FHandle;
UINT16 *FileName;
EFI_FILE_SYSTEM_VOLUME_LABEL *Info;
BOOLEAN IsRoot;
BOOLEAN IsDir;
BOOLEAN IsRemovableMedia;
BOOLEAN IsLoadFile;
BOOLEAN IsBootLegacy;
} SECUREBOOT_FILE_CONTEXT;
//
// We define another format of 5th directory entry: security directory
//
typedef struct {
UINT32 Offset; // Offset of certificate
UINT32 SizeOfCert; // size of certificate appended
} EFI_IMAGE_SECURITY_DATA_DIRECTORY;
typedef enum{
ImageType_IA32,
ImageType_X64
} IMAGE_TYPE;
///
/// HII specific Vendor Device Path definition.
@ -59,6 +206,13 @@ typedef struct {
EFI_HII_HANDLE HiiHandle;
EFI_HANDLE DriverHandle;
FILE_EXPLORER_STATE FeCurrentState;
FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;
SECUREBOOT_MENU_ENTRY *MenuEntry;
SECUREBOOT_FILE_CONTEXT *FileContext;
EFI_GUID *SignatureGUID;
} SECUREBOOT_CONFIG_PRIVATE_DATA;
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
@ -66,13 +220,123 @@ extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
//
// Cryptograhpic Key Information
//
#pragma pack (push, 1)
typedef struct _CPL_KEY_INFO {
UINT32 KeyLengthInBits; // Key Length In Bits
UINT32 BlockSize; // Operation Block Size in Bytes
UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
UINT32 KeyType; // Key Type
UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
UINT32 Flags; // Additional Key Property Flags
} CPL_KEY_INFO;
#pragma pack (pop)
/**
Retrieves the size, in bytes, of the context buffer required for hash operations.
@return The size, in bytes, of the context buffer required for hash operations.
**/
typedef
EFI_STATUS
(EFIAPI *HASH_GET_CONTEXT_SIZE)(
VOID
);
/**
Initializes user-supplied memory pointed by HashContext as hash context for
subsequent use.
If HashContext is NULL, then ASSERT().
@param[in, out] HashContext Pointer to Context being initialized.
@retval TRUE HASH context initialization succeeded.
@retval FALSE HASH context initialization failed.
**/
typedef
BOOLEAN
(EFIAPI *HASH_INIT)(
IN OUT VOID *HashContext
);
/**
Performs digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams.
If HashContext is NULL, then ASSERT().
@param[in, out] HashContext Pointer to the MD5 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataLength Length of Data buffer in bytes.
@retval TRUE HASH data digest succeeded.
@retval FALSE Invalid HASH context. After HashFinal function has been called, the
HASH context cannot be reused.
**/
typedef
BOOLEAN
(EFIAPI *HASH_UPDATE)(
IN OUT VOID *HashContext,
IN CONST VOID *Data,
IN UINTN DataLength
);
/**
Completes hash computation and retrieves the digest value into the specified
memory. After this function has been called, the context cannot be used again.
If HashContext is NULL, then ASSERT().
If HashValue is NULL, then ASSERT().
@param[in, out] HashContext Pointer to the MD5 context
@param[out] HashValue Pointer to a buffer that receives the HASH digest
value (16 bytes).
@retval TRUE HASH digest computation succeeded.
@retval FALSE HASH digest computation failed.
**/
typedef
BOOLEAN
(EFIAPI *HASH_FINAL)(
IN OUT VOID *HashContext,
OUT UINT8 *HashValue
);
//
// Hash Algorithm Table
//
typedef struct {
CHAR16 *Name; ///< Name for Hash Algorithm
UINTN DigestLength; ///< Digest Length
UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
UINTN OidLength; ///< Length of Hash OID Value
HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
HASH_INIT HashInit; ///< Pointer to Hash Init function
HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function
HASH_FINAL HashFinal; ///< Pointer to Hash Final function
} HASH_TABLE;
typedef struct {
WIN_CERTIFICATE Hdr;
UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
/**
This function publish the SecureBoot configuration Form.
@param[in, out] PrivateData Points to SecureBoot configuration private data.
@retval EFI_SUCCESS HII Form is installed for this network device.
@retval EFI_SUCCESS HII Form is installed successfully.
@retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
@retval Others Other errors as indicated.
@ -82,6 +346,7 @@ InstallSecureBootConfigForm (
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
);
/**
This function removes SecureBoot configuration Form.
@ -93,6 +358,7 @@ UninstallSecureBootConfigForm (
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
);
/**
This function allows a caller to extract the current configuration for one
or more named elements from the target driver.
@ -128,6 +394,7 @@ SecureBootExtractConfig (
OUT EFI_STRING *Results
);
/**
This function processes the results of changes in configuration.
@ -154,6 +421,7 @@ SecureBootRouteConfig (
OUT EFI_STRING *Progress
);
/**
This function processes the results of changes in configuration.
@ -187,4 +455,160 @@ SecureBootCallback (
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
/**
This function converts an input device structure to a Unicode string.
@param[in] DevPath A pointer to the device path structure.
@return A new allocated Unicode string that represents the device path.
**/
CHAR16 *
EFIAPI
DevicePathToStr (
IN EFI_DEVICE_PATH_PROTOCOL *DevPath
);
/**
Clean up the dynamic opcode at label and form specified by both LabelId.
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
@param[in] PrivateData Module private data.
**/
VOID
CleanUpPage (
IN UINT16 LabelId,
IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
);
/**
Update the file explorer page with the refreshed file system.
@param[in] PrivateData Module private data.
@param[in] KeyValue Key value to identify the type of data to expect.
@retval TRUE Inform the caller to create a callback packet to exit file explorer.
@retval FALSE Indicate that there is no need to exit file explorer.
**/
BOOLEAN
UpdateFileExplorer (
IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
IN UINT16 KeyValue
);
/**
Free resources allocated in Allocate Rountine.
@param[in, out] MenuOption Menu to be freed
**/
VOID
FreeMenu (
IN OUT SECUREBOOT_MENU_OPTION *MenuOption
);
/**
Read file content into BufferPtr, the size of the allocate buffer
is *FileSize plus AddtionAllocateSize.
@param[in] FileHandle The file to be read.
@param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
@param[out] FileSize Size of input file
@param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
In case the buffer need to contain others besides the file content.
@retval EFI_SUCCESS The file was read into the buffer.
@retval EFI_INVALID_PARAMETER A parameter was invalid.
@retval EFI_OUT_OF_RESOURCES A memory allocation failed.
@retval others Unexpected error.
**/
EFI_STATUS
ReadFileContent (
IN EFI_FILE_HANDLE FileHandle,
IN OUT VOID **BufferPtr,
OUT UINTN *FileSize,
IN UINTN AddtionAllocateSize
);
/**
Close an open file handle.
@param[in] FileHandle The file handle to close.
**/
VOID
CloseFile (
IN EFI_FILE_HANDLE FileHandle
);
/**
Converts a nonnegative integer to an octet string of a specified length.
@param[in] Integer Pointer to the nonnegative integer to be converted
@param[in] IntSizeInWords Length of integer buffer in words
@param[out] OctetString Converted octet string of the specified length
@param[in] OSSizeInBytes Intended length of resulting octet string in bytes
Returns:
@retval EFI_SUCCESS Data conversion successfully
@retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
**/
EFI_STATUS
EFIAPI
Int2OctStr (
IN CONST UINTN *Integer,
IN UINTN IntSizeInWords,
OUT UINT8 *OctetString,
IN UINTN OSSizeInBytes
);
/**
Convert a String to Guid Value.
@param[in] Str Specifies the String to be converted.
@param[in] StrLen Number of Unicode Characters of String (exclusive \0)
@param[out] Guid Return the result Guid value.
@retval EFI_SUCCESS The operation is finished successfully.
@retval EFI_NOT_FOUND Invalid string.
**/
EFI_STATUS
StringToGuid (
IN CHAR16 *Str,
IN UINTN StrLen,
OUT EFI_GUID *Guid
);
/**
Worker function that prints an EFI_GUID into specified Buffer.
@param[in] Guid Pointer to GUID to print.
@param[in] Buffer Buffer to print Guid into.
@param[in] BufferSize Size of Buffer.
@retval Number of characters printed.
**/
UINTN
GuidToString (
IN EFI_GUID *Guid,
IN CHAR16 *Buffer,
IN UINTN BufferSize
);
#endif

334
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c Normal file
View File

@ -0,0 +1,334 @@
/** @file
Helper functions for SecureBoot configuration module.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "SecureBootConfigImpl.h"
/**
Read file content into BufferPtr, the size of the allocate buffer
is *FileSize plus AddtionAllocateSize.
@param[in] FileHandle The file to be read.
@param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
@param[out] FileSize Size of input file
@param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
In case the buffer need to contain others besides the file content.
@retval EFI_SUCCESS The file was read into the buffer.
@retval EFI_INVALID_PARAMETER A parameter was invalid.
@retval EFI_OUT_OF_RESOURCES A memory allocation failed.
@retval others Unexpected error.
**/
EFI_STATUS
ReadFileContent (
IN EFI_FILE_HANDLE FileHandle,
IN OUT VOID **BufferPtr,
OUT UINTN *FileSize,
IN UINTN AddtionAllocateSize
)
{
UINTN BufferSize;
UINT64 SourceFileSize;
VOID *Buffer;
EFI_STATUS Status;
if ((FileHandle == NULL) || (FileSize == NULL)) {
return EFI_INVALID_PARAMETER;
}
Buffer = NULL;
//
// Get the file size
//
Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
Status = FileHandle->SetPosition (FileHandle, 0);
if (EFI_ERROR (Status)) {
goto ON_EXIT;
}
BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;
Buffer = AllocateZeroPool(BufferSize);
if (Buffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
BufferSize = (UINTN) SourceFileSize;
*FileSize = BufferSize;
Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
if (EFI_ERROR (Status) || BufferSize != *FileSize) {
FreePool (Buffer);
Buffer = NULL;
Status = EFI_BAD_BUFFER_SIZE;
goto ON_EXIT;
}
ON_EXIT:
*BufferPtr = Buffer;
return Status;
}
/**
Close an open file handle.
@param[in] FileHandle The file handle to close.
**/
VOID
CloseFile (
IN EFI_FILE_HANDLE FileHandle
)
{
if (FileHandle != NULL) {
FileHandle->Close (FileHandle);
}
}
/**
Convert a nonnegative integer to an octet string of a specified length.
@param[in] Integer Pointer to the nonnegative integer to be converted
@param[in] IntSizeInWords Length of integer buffer in words
@param[out] OctetString Converted octet string of the specified length
@param[in] OSSizeInBytes Intended length of resulting octet string in bytes
Returns:
@retval EFI_SUCCESS Data conversion successfully
@retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
**/
EFI_STATUS
EFIAPI
Int2OctStr (
IN CONST UINTN *Integer,
IN UINTN IntSizeInWords,
OUT UINT8 *OctetString,
IN UINTN OSSizeInBytes
)
{
CONST UINT8 *Ptr1;
UINT8 *Ptr2;
for (Ptr1 = (CONST UINT8 *)Integer, Ptr2 = OctetString + OSSizeInBytes - 1;
Ptr1 < (UINT8 *)(Integer + IntSizeInWords) && Ptr2 >= OctetString;
Ptr1++, Ptr2--) {
*Ptr2 = *Ptr1;
}
for (; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++);
if (Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords)) {
return EFI_BUFFER_TOO_SMALL;
}
if (Ptr2 >= OctetString) {
ZeroMem (OctetString, Ptr2 - OctetString + 1);
}
return EFI_SUCCESS;
}
/**
Convert a String to Guid Value.
@param[in] Str Specifies the String to be converted.
@param[in] StrLen Number of Unicode Characters of String (exclusive \0)
@param[out] Guid Return the result Guid value.
@retval EFI_SUCCESS The operation is finished successfully.
@retval EFI_NOT_FOUND Invalid string.
**/
EFI_STATUS
StringToGuid (
IN CHAR16 *Str,
IN UINTN StrLen,
OUT EFI_GUID *Guid
)
{
CHAR16 *PtrBuffer;
CHAR16 *PtrPosition;
UINT16 *Buffer;
UINTN Data;
UINTN Index;
UINT16 Digits[3];
Buffer = (CHAR16 *) AllocateZeroPool (sizeof (CHAR16) * (StrLen + 1));
if (Buffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
StrCpy (Buffer, Str);
//
// Data1
//
PtrBuffer = Buffer;
PtrPosition = PtrBuffer;
while (*PtrBuffer != L'\0') {
if (*PtrBuffer == L'-') {
break;
}
PtrBuffer++;
}
if (*PtrBuffer == L'\0') {
FreePool (Buffer);
return EFI_NOT_FOUND;
}
*PtrBuffer = L'\0';
Data = StrHexToUintn (PtrPosition);
Guid->Data1 = (UINT32)Data;
//
// Data2
//
PtrBuffer++;
PtrPosition = PtrBuffer;
while (*PtrBuffer != L'\0') {
if (*PtrBuffer == L'-') {
break;
}
PtrBuffer++;
}
if (*PtrBuffer == L'\0') {
FreePool (Buffer);
return EFI_NOT_FOUND;
}
*PtrBuffer = L'\0';
Data = StrHexToUintn (PtrPosition);
Guid->Data2 = (UINT16)Data;
//
// Data3
//
PtrBuffer++;
PtrPosition = PtrBuffer;
while (*PtrBuffer != L'\0') {
if (*PtrBuffer == L'-') {
break;
}
PtrBuffer++;
}
if (*PtrBuffer == L'\0') {
FreePool (Buffer);
return EFI_NOT_FOUND;
}
*PtrBuffer = L'\0';
Data = StrHexToUintn (PtrPosition);
Guid->Data3 = (UINT16)Data;
//
// Data4[0..1]
//
for ( Index = 0 ; Index < 2 ; Index++) {
PtrBuffer++;
if ((*PtrBuffer == L'\0') || ( *(PtrBuffer + 1) == L'\0')) {
FreePool (Buffer);
return EFI_NOT_FOUND;
}
Digits[0] = *PtrBuffer;
PtrBuffer++;
Digits[1] = *PtrBuffer;
Digits[2] = L'\0';
Data = StrHexToUintn (Digits);
Guid->Data4[Index] = (UINT8)Data;
}
//
// skip the '-'
//
PtrBuffer++;
if ((*PtrBuffer != L'-' ) || ( *PtrBuffer == L'\0')) {
return EFI_NOT_FOUND;
}
//
// Data4[2..7]
//
for ( ; Index < 8; Index++) {
PtrBuffer++;
if ((*PtrBuffer == L'\0') || ( *(PtrBuffer + 1) == L'\0')) {
FreePool (Buffer);
return EFI_NOT_FOUND;
}
Digits[0] = *PtrBuffer;
PtrBuffer++;
Digits[1] = *PtrBuffer;
Digits[2] = L'\0';
Data = StrHexToUintn (Digits);
Guid->Data4[Index] = (UINT8)Data;
}
FreePool (Buffer);
return EFI_SUCCESS;
}
/**
Worker function that prints an EFI_GUID into specified Buffer.
@param[in] Guid Pointer to GUID to print.
@param[in] Buffer Buffer to print Guid into.
@param[in] BufferSize Size of Buffer.
@retval Number of characters printed.
**/
UINTN
GuidToString (
IN EFI_GUID *Guid,
IN CHAR16 *Buffer,
IN UINTN BufferSize
)
{
UINTN Size;
Size = UnicodeSPrint (
Buffer,
BufferSize,
L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
(UINTN)Guid->Data1,
(UINTN)Guid->Data2,
(UINTN)Guid->Data3,
(UINTN)Guid->Data4[0],
(UINTN)Guid->Data4[1],
(UINTN)Guid->Data4[2],
(UINTN)Guid->Data4[3],
(UINTN)Guid->Data4[4],
(UINTN)Guid->Data4[5],
(UINTN)Guid->Data4[6],
(UINTN)Guid->Data4[7]
);
//
// SPrint will null terminate the string. The -1 skips the null
//
return Size - 1;
}

96
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
View File

@ -1,7 +1,7 @@
/** @file
Header file for NV data structure definition.
Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -18,17 +18,101 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Guid/HiiPlatformSetupFormset.h>
#include <Guid/SecureBootConfigHii.h>
//
// Used by VFR for form or button identification
//
#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001
#define SECUREBOOT_CONFIGURATION_FORM_ID 0x0001
#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01
#define FORMID_SECURE_BOOT_OPTION_FORM 0x02
#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03
#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04
#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05
#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06
#define FORMID_ENROLL_PK_FORM 0x07
#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08
#define FORMID_ENROLL_KEK_FORM 0x09
#define FORMID_DELETE_KEK_FORM 0x0a
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c
#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d
#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBX 0x0e
#define FORM_FILE_EXPLORER_ID 0x0f
#define FORM_FILE_EXPLORER_ID_PK 0x10
#define FORM_FILE_EXPLORER_ID_KEK 0x11
#define FORM_FILE_EXPLORER_ID_DB 0x12
#define FORM_FILE_EXPLORER_ID_DBX 0x13
#define SECURE_BOOT_MODE_CUSTOM 0x01
#define SECURE_BOOT_MODE_STANDARD 0x00
#define KEY_SECURE_BOOT_ENABLE 0x1000
#define KEY_SECURE_BOOT_MODE 0x1001
#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002
#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003
#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004
#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005
#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008
#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009
#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a
#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b
#define KEY_SECURE_BOOT_OPTION 0x1100
#define KEY_SECURE_BOOT_PK_OPTION 0x1101
#define KEY_SECURE_BOOT_KEK_OPTION 0x1102
#define KEY_SECURE_BOOT_DB_OPTION 0x1103
#define KEY_SECURE_BOOT_DBX_OPTION 0x1104
#define KEY_SECURE_BOOT_DELETE_PK 0x1105
#define KEY_ENROLL_PK 0x1106
#define KEY_ENROLL_KEK 0x1107
#define KEY_DELETE_KEK 0x1108
#define KEY_SECURE_BOOT_KEK_GUID 0x110a
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b
#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c
#define LABEL_KEK_DELETE 0x1200
#define LABEL_DB_DELETE 0x1201
#define LABEL_DBX_DELETE 0x1202
#define LABEL_END 0xffff
#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255
#define CONFIG_OPTION_OFFSET 0x2000
#define OPTION_CONFIG_QUESTION_ID 0x2000
#define OPTION_CONFIG_RANGE 0x1000
//
// Question ID 0x2000 ~ 0x2FFF is for KEK
//
#define OPTION_DEL_KEK_QUESTION_ID 0x2000
//
// Question ID 0x3000 ~ 0x3FFF is for DB
//
#define OPTION_DEL_DB_QUESTION_ID 0x3000
//
// Question ID 0x4000 ~ 0x4FFF is for DBX
//
#define OPTION_DEL_DBX_QUESTION_ID 0x4000
#define FILE_OPTION_OFFSET 0x8000
#define FILE_OPTION_MASK 0x7FFF
#define SECURE_BOOT_GUID_SIZE 36
#define SECURE_BOOT_GUID_STORAGE_SIZE 37
#define KEY_SECURE_BOOT_ENABLE 0x5000
//
// Nv Data structure referenced by IFR
//
typedef struct {
BOOLEAN SecureBootState;
BOOLEAN HideSecureBoot;
BOOLEAN SecureBootState; //Secure Boot Disable/Enable;
BOOLEAN HideSecureBoot; //Hiden Attempt Secure Boot
CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE];
BOOLEAN PhysicalPresent; //If a Physical Present User;
UINT8 SecureBootMode; //Secure Boot Mode: Standard Or Custom
BOOLEAN DeletePk;
BOOLEAN HasPk; //If Pk is existed it is true;
} SECUREBOOT_CONFIGURATION;
#endif

BIN
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni
View File

Binary file not shown.