mirror of https://github.com/acidanthera/audk.git
262 lines
10 KiB
C
262 lines
10 KiB
C
/** @file
|
|
Provides services to initialize and process authenticated variables.
|
|
|
|
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
|
This program and the accompanying materials are licensed and made available under
|
|
the terms and conditions of the BSD License that accompanies this distribution.
|
|
The full text of the license may be found at
|
|
http://opensource.org/licenses/bsd-license.php.
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
**/
|
|
|
|
#ifndef _AUTH_VARIABLE_LIB_H_
|
|
#define _AUTH_VARIABLE_LIB_H_
|
|
|
|
#include <Protocol/VarCheck.h>
|
|
|
|
///
|
|
/// Size of AuthInfo prior to the data payload.
|
|
///
|
|
#define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
|
|
(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
|
|
sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
|
|
|
|
#define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
|
|
(UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
|
|
|
|
#define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
|
|
(OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
|
|
|
|
typedef struct {
|
|
CHAR16 *VariableName;
|
|
EFI_GUID *VendorGuid;
|
|
UINT32 Attributes;
|
|
UINTN DataSize;
|
|
VOID *Data;
|
|
UINT32 PubKeyIndex;
|
|
UINT64 MonotonicCount;
|
|
EFI_TIME *TimeStamp;
|
|
} AUTH_VARIABLE_INFO;
|
|
|
|
/**
|
|
Finds variable in storage blocks of volatile and non-volatile storage areas.
|
|
|
|
This code finds variable in storage blocks of volatile and non-volatile storage areas.
|
|
If VariableName is an empty string, then we just return the first
|
|
qualified variable without comparing VariableName and VendorGuid.
|
|
|
|
@param[in] VariableName Name of the variable to be found.
|
|
@param[in] VendorGuid Variable vendor GUID to be found.
|
|
@param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
|
|
output of the variable found.
|
|
|
|
@retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
|
|
while VendorGuid is NULL.
|
|
@retval EFI_SUCCESS Variable successfully found.
|
|
@retval EFI_NOT_FOUND Variable not found
|
|
|
|
**/
|
|
typedef
|
|
EFI_STATUS
|
|
(EFIAPI *AUTH_VAR_LIB_FIND_VARIABLE) (
|
|
IN CHAR16 *VariableName,
|
|
IN EFI_GUID *VendorGuid,
|
|
OUT AUTH_VARIABLE_INFO *AuthVariableInfo
|
|
);
|
|
|
|
/**
|
|
Finds next variable in storage blocks of volatile and non-volatile storage areas.
|
|
|
|
This code finds next variable in storage blocks of volatile and non-volatile storage areas.
|
|
If VariableName is an empty string, then we just return the first
|
|
qualified variable without comparing VariableName and VendorGuid.
|
|
|
|
@param[in] VariableName Name of the variable to be found.
|
|
@param[in] VendorGuid Variable vendor GUID to be found.
|
|
@param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
|
|
output of the next variable.
|
|
|
|
@retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
|
|
while VendorGuid is NULL.
|
|
@retval EFI_SUCCESS Variable successfully found.
|
|
@retval EFI_NOT_FOUND Variable not found
|
|
|
|
**/
|
|
typedef
|
|
EFI_STATUS
|
|
(EFIAPI *AUTH_VAR_LIB_FIND_NEXT_VARIABLE) (
|
|
IN CHAR16 *VariableName,
|
|
IN EFI_GUID *VendorGuid,
|
|
OUT AUTH_VARIABLE_INFO *AuthVariableInfo
|
|
);
|
|
|
|
/**
|
|
Update the variable region with Variable information.
|
|
|
|
@param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for
|
|
input of the variable.
|
|
|
|
@retval EFI_SUCCESS The update operation is success.
|
|
@retval EFI_INVALID_PARAMETER Invalid parameter.
|
|
@retval EFI_WRITE_PROTECTED Variable is write-protected.
|
|
@retval EFI_OUT_OF_RESOURCES There is not enough resource.
|
|
|
|
**/
|
|
typedef
|
|
EFI_STATUS
|
|
(EFIAPI *AUTH_VAR_LIB_UPDATE_VARIABLE) (
|
|
IN AUTH_VARIABLE_INFO *AuthVariableInfo
|
|
);
|
|
|
|
/**
|
|
Get scratch buffer.
|
|
|
|
@param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than
|
|
the maximum supported buffer size, this value contains
|
|
the maximum supported buffer size as output.
|
|
@param[out] ScratchBuffer Pointer to scratch buffer address.
|
|
|
|
@retval EFI_SUCCESS Get scratch buffer successfully.
|
|
@retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.
|
|
|
|
**/
|
|
typedef
|
|
EFI_STATUS
|
|
(EFIAPI *AUTH_VAR_LIB_GET_SCRATCH_BUFFER) (
|
|
IN OUT UINTN *ScratchBufferSize,
|
|
OUT VOID **ScratchBuffer
|
|
);
|
|
|
|
/**
|
|
This function is to check if the remaining variable space is enough to set
|
|
all Variables from argument list successfully. The purpose of the check
|
|
is to keep the consistency of the Variables to be in variable storage.
|
|
|
|
Note: Variables are assumed to be in same storage.
|
|
The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
|
|
so follow the argument sequence to check the Variables.
|
|
|
|
@param[in] Attributes Variable attributes for Variable entries.
|
|
@param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
|
|
A NULL terminates the list. The VariableSize of
|
|
VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
|
|
It will be changed to variable total size as output.
|
|
|
|
@retval TRUE Have enough variable space to set the Variables successfully.
|
|
@retval FALSE No enough variable space to set the Variables successfully.
|
|
|
|
**/
|
|
typedef
|
|
BOOLEAN
|
|
(EFIAPI *AUTH_VAR_LIB_CHECK_REMAINING_SPACE) (
|
|
IN UINT32 Attributes,
|
|
...
|
|
);
|
|
|
|
/**
|
|
Return TRUE if at OS runtime.
|
|
|
|
@retval TRUE If at OS runtime.
|
|
@retval FALSE If at boot time.
|
|
|
|
**/
|
|
typedef
|
|
BOOLEAN
|
|
(EFIAPI *AUTH_VAR_LIB_AT_RUNTIME) (
|
|
VOID
|
|
);
|
|
|
|
#define AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION 0x01
|
|
|
|
typedef struct {
|
|
UINTN StructVersion;
|
|
UINTN StructSize;
|
|
//
|
|
// Reflect the overhead associated with the saving
|
|
// of a single EFI authenticated variable with the exception
|
|
// of the overhead associated with the length
|
|
// of the string name of the EFI variable.
|
|
//
|
|
UINTN MaxAuthVariableSize;
|
|
AUTH_VAR_LIB_FIND_VARIABLE FindVariable;
|
|
AUTH_VAR_LIB_FIND_NEXT_VARIABLE FindNextVariable;
|
|
AUTH_VAR_LIB_UPDATE_VARIABLE UpdateVariable;
|
|
AUTH_VAR_LIB_GET_SCRATCH_BUFFER GetScratchBuffer;
|
|
AUTH_VAR_LIB_CHECK_REMAINING_SPACE CheckRemainingSpaceForConsistency;
|
|
AUTH_VAR_LIB_AT_RUNTIME AtRuntime;
|
|
} AUTH_VAR_LIB_CONTEXT_IN;
|
|
|
|
#define AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION 0x01
|
|
|
|
typedef struct {
|
|
UINTN StructVersion;
|
|
UINTN StructSize;
|
|
//
|
|
// Caller needs to set variable property for the variables.
|
|
//
|
|
VARIABLE_ENTRY_PROPERTY *AuthVarEntry;
|
|
UINTN AuthVarEntryCount;
|
|
//
|
|
// Caller needs to ConvertPointer() for the pointers.
|
|
//
|
|
VOID **AddressPointer;
|
|
UINTN AddressPointerCount;
|
|
} AUTH_VAR_LIB_CONTEXT_OUT;
|
|
|
|
/**
|
|
Initialization for authenticated varibale services.
|
|
If this initialization returns error status, other APIs will not work
|
|
and expect to be not called then.
|
|
|
|
@param[in] AuthVarLibContextIn Pointer to input auth variable lib context.
|
|
@param[out] AuthVarLibContextOut Pointer to output auth variable lib context.
|
|
|
|
@retval EFI_SUCCESS Function successfully executed.
|
|
@retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.
|
|
@retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.
|
|
@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
AuthVariableLibInitialize (
|
|
IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,
|
|
OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
|
|
);
|
|
|
|
/**
|
|
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
|
|
|
|
@param[in] VariableName Name of the variable.
|
|
@param[in] VendorGuid Variable vendor GUID.
|
|
@param[in] Data Data pointer.
|
|
@param[in] DataSize Size of Data.
|
|
@param[in] Attributes Attribute value of the variable.
|
|
|
|
@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
|
|
defined by the Attributes.
|
|
@retval EFI_INVALID_PARAMETER Invalid parameter.
|
|
@retval EFI_WRITE_PROTECTED Variable is write-protected.
|
|
@retval EFI_OUT_OF_RESOURCES There is not enough resource.
|
|
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
|
or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
|
|
set, but the AuthInfo does NOT pass the validation
|
|
check carried out by the firmware.
|
|
@retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
AuthVariableLibProcessVariable (
|
|
IN CHAR16 *VariableName,
|
|
IN EFI_GUID *VendorGuid,
|
|
IN VOID *Data,
|
|
IN UINTN DataSize,
|
|
IN UINT32 Attributes
|
|
);
|
|
|
|
#endif
|