VirtualBox

source: vbox/trunk/src/VBox/Devices/EFI/Firmware/OvmfPkg/SecureBootConfigDxe/SecureBootConfigImpl.h@ 75265

Last change on this file since 75265 was 58466, checked in by vboxsync, 9 years ago

EFI/Firmware: Merged in the svn:eol-style, svn:mime-type and trailing whitespace cleanup that was done after the initial UDK2014.SP1 import: svn merge /vendor/edk2/UDK2014.SP1 /vendor/edk2/current .

  • Property svn:eol-style set to native
File size: 18.9 KB
Line 
1/** @file
2 The header file of HII Config Access protocol implementation of SecureBoot
3 configuration module.
4
5Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
6This program and the accompanying materials
7are licensed and made available under the terms and conditions of the BSD License
8which accompanies this distribution. The full text of the license may be found at
9http://opensource.org/licenses/bsd-license.php
10
11THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14**/
15
16#ifndef __SECUREBOOT_CONFIG_IMPL_H__
17#define __SECUREBOOT_CONFIG_IMPL_H__
18
19#include <Uefi.h>
20
21#include <Protocol/HiiConfigAccess.h>
22#include <Protocol/HiiConfigRouting.h>
23#include <Protocol/SimpleFileSystem.h>
24#include <Protocol/BlockIo.h>
25#include <Protocol/DevicePath.h>
26#include <Protocol/DebugPort.h>
27#include <Protocol/LoadFile.h>
28
29#include <Library/BaseLib.h>
30#include <Library/BaseMemoryLib.h>
31#include <Library/DebugLib.h>
32#include <Library/MemoryAllocationLib.h>
33#include <Library/UefiBootServicesTableLib.h>
34#include <Library/UefiRuntimeServicesTableLib.h>
35#include <Library/UefiHiiServicesLib.h>
36#include <Library/UefiLib.h>
37#include <Library/HiiLib.h>
38#include <Library/DevicePathLib.h>
39#include <Library/PrintLib.h>
40#include <Library/PlatformSecureLib.h>
41#include <Library/BaseCryptLib.h>
42#include <Guid/MdeModuleHii.h>
43#include <Guid/AuthenticatedVariableFormat.h>
44#include <Guid/FileSystemVolumeLabelInfo.h>
45#include <Guid/ImageAuthentication.h>
46#include <Guid/FileInfo.h>
47
48#include "SecureBootConfigNvData.h"
49
50//
51// Tool generated IFR binary data and String package data
52//
53extern UINT8 SecureBootConfigBin[];
54extern UINT8 SecureBootConfigDxeStrings[];
55
56//
57// Shared IFR form update data
58//
59extern VOID *mStartOpCodeHandle;
60extern VOID *mEndOpCodeHandle;
61extern EFI_IFR_GUID_LABEL *mStartLabel;
62extern EFI_IFR_GUID_LABEL *mEndLabel;
63
64#define MAX_CHAR 480
65#define TWO_BYTE_ENCODE 0x82
66
67//
68// SHA-1 digest size in bytes.
69//
70#define SHA1_DIGEST_SIZE 20
71//
72// SHA-256 digest size in bytes
73//
74#define SHA256_DIGEST_SIZE 32
75//
76// Set max digest size as SHA256 Output (32 bytes) by far
77//
78#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
79
80#define WIN_CERT_UEFI_RSA2048_SIZE 256
81
82//
83// Support hash types
84//
85#define HASHALG_SHA1 0x00000000
86#define HASHALG_SHA224 0x00000001
87#define HASHALG_SHA256 0x00000002
88#define HASHALG_SHA384 0x00000003
89#define HASHALG_SHA512 0x00000004
90#define HASHALG_MAX 0x00000005
91
92
93#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')
94#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')
95
96typedef struct {
97 EFI_DEVICE_PATH_PROTOCOL Header;
98 EFI_GUID Guid;
99 UINT8 VendorDefinedData[1];
100} VENDOR_DEVICE_PATH_WITH_DATA;
101
102typedef struct {
103 EFI_DEVICE_PATH_PROTOCOL Header;
104 UINT16 NetworkProtocol;
105 UINT16 LoginOption;
106 UINT64 Lun;
107 UINT16 TargetPortalGroupTag;
108 CHAR16 TargetName[1];
109} ISCSI_DEVICE_PATH_WITH_NAME;
110
111typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {
112 FileExplorerDisplayFileSystem,
113 FileExplorerDisplayDirectory,
114 FileExplorerDisplayUnknown
115} FILE_EXPLORER_DISPLAY_CONTEXT;
116
117typedef enum _FILE_EXPLORER_STATE {
118 FileExplorerStateInActive = 0,
119 FileExplorerStateEnrollPkFile,
120 FileExplorerStateEnrollKekFile,
121 FileExplorerStateEnrollSignatureFileToDb,
122 FileExplorerStateEnrollSignatureFileToDbx,
123 FileExplorerStateUnknown
124} FILE_EXPLORER_STATE;
125
126typedef struct {
127 CHAR16 *Str;
128 UINTN Len;
129 UINTN Maxlen;
130} POOL_PRINT;
131
132typedef
133VOID
134(*DEV_PATH_FUNCTION) (
135 IN OUT POOL_PRINT *Str,
136 IN VOID *DevPath
137 );
138
139typedef struct {
140 UINT8 Type;
141 UINT8 SubType;
142 DEV_PATH_FUNCTION Function;
143} DEVICE_PATH_STRING_TABLE;
144
145typedef struct {
146 UINTN Signature;
147 LIST_ENTRY Head;
148 UINTN MenuNumber;
149} SECUREBOOT_MENU_OPTION;
150
151extern SECUREBOOT_MENU_OPTION FsOptionMenu;
152extern SECUREBOOT_MENU_OPTION DirectoryMenu;
153
154typedef struct {
155 UINTN Signature;
156 LIST_ENTRY Link;
157 UINTN OptionNumber;
158 UINT16 *DisplayString;
159 UINT16 *HelpString;
160 EFI_STRING_ID DisplayStringToken;
161 EFI_STRING_ID HelpStringToken;
162 VOID *FileContext;
163} SECUREBOOT_MENU_ENTRY;
164
165typedef struct {
166 EFI_HANDLE Handle;
167 EFI_DEVICE_PATH_PROTOCOL *DevicePath;
168 EFI_FILE_HANDLE FHandle;
169 UINT16 *FileName;
170 EFI_FILE_SYSTEM_VOLUME_LABEL *Info;
171
172 BOOLEAN IsRoot;
173 BOOLEAN IsDir;
174 BOOLEAN IsRemovableMedia;
175 BOOLEAN IsLoadFile;
176 BOOLEAN IsBootLegacy;
177} SECUREBOOT_FILE_CONTEXT;
178
179
180//
181// We define another format of 5th directory entry: security directory
182//
183typedef struct {
184 UINT32 Offset; // Offset of certificate
185 UINT32 SizeOfCert; // size of certificate appended
186} EFI_IMAGE_SECURITY_DATA_DIRECTORY;
187
188typedef enum{
189 ImageType_IA32,
190 ImageType_X64
191} IMAGE_TYPE;
192
193///
194/// HII specific Vendor Device Path definition.
195///
196typedef struct {
197 VENDOR_DEVICE_PATH VendorDevicePath;
198 EFI_DEVICE_PATH_PROTOCOL End;
199} HII_VENDOR_DEVICE_PATH;
200
201typedef struct {
202 UINTN Signature;
203
204 EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
205 EFI_HII_HANDLE HiiHandle;
206 EFI_HANDLE DriverHandle;
207
208 FILE_EXPLORER_STATE FeCurrentState;
209 FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;
210
211 SECUREBOOT_MENU_ENTRY *MenuEntry;
212 SECUREBOOT_FILE_CONTEXT *FileContext;
213
214 EFI_GUID *SignatureGUID;
215} SECUREBOOT_CONFIG_PRIVATE_DATA;
216
217extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
218
219#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
220#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
221
222//
223// Cryptograhpic Key Information
224//
225#pragma pack(1)
226typedef struct _CPL_KEY_INFO {
227 UINT32 KeyLengthInBits; // Key Length In Bits
228 UINT32 BlockSize; // Operation Block Size in Bytes
229 UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
230 UINT32 KeyType; // Key Type
231 UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
232 UINT32 Flags; // Additional Key Property Flags
233} CPL_KEY_INFO;
234#pragma pack()
235
236
237/**
238 Retrieves the size, in bytes, of the context buffer required for hash operations.
239
240 @return The size, in bytes, of the context buffer required for hash operations.
241
242**/
243typedef
244EFI_STATUS
245(EFIAPI *HASH_GET_CONTEXT_SIZE)(
246 VOID
247 );
248
249/**
250 Initializes user-supplied memory pointed by HashContext as hash context for
251 subsequent use.
252
253 If HashContext is NULL, then ASSERT().
254
255 @param[in, out] HashContext Pointer to Context being initialized.
256
257 @retval TRUE HASH context initialization succeeded.
258 @retval FALSE HASH context initialization failed.
259
260**/
261typedef
262BOOLEAN
263(EFIAPI *HASH_INIT)(
264 IN OUT VOID *HashContext
265 );
266
267
268/**
269 Performs digest on a data buffer of the specified length. This function can
270 be called multiple times to compute the digest of long or discontinuous data streams.
271
272 If HashContext is NULL, then ASSERT().
273
274 @param[in, out] HashContext Pointer to the MD5 context.
275 @param[in] Data Pointer to the buffer containing the data to be hashed.
276 @param[in] DataLength Length of Data buffer in bytes.
277
278 @retval TRUE HASH data digest succeeded.
279 @retval FALSE Invalid HASH context. After HashFinal function has been called, the
280 HASH context cannot be reused.
281
282**/
283typedef
284BOOLEAN
285(EFIAPI *HASH_UPDATE)(
286 IN OUT VOID *HashContext,
287 IN CONST VOID *Data,
288 IN UINTN DataLength
289 );
290
291/**
292 Completes hash computation and retrieves the digest value into the specified
293 memory. After this function has been called, the context cannot be used again.
294
295 If HashContext is NULL, then ASSERT().
296 If HashValue is NULL, then ASSERT().
297
298 @param[in, out] HashContext Pointer to the MD5 context
299 @param[out] HashValue Pointer to a buffer that receives the HASH digest
300 value (16 bytes).
301
302 @retval TRUE HASH digest computation succeeded.
303 @retval FALSE HASH digest computation failed.
304
305**/
306typedef
307BOOLEAN
308(EFIAPI *HASH_FINAL)(
309 IN OUT VOID *HashContext,
310 OUT UINT8 *HashValue
311 );
312
313//
314// Hash Algorithm Table
315//
316typedef struct {
317 CHAR16 *Name; ///< Name for Hash Algorithm
318 UINTN DigestLength; ///< Digest Length
319 UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
320 UINTN OidLength; ///< Length of Hash OID Value
321 HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
322 HASH_INIT HashInit; ///< Pointer to Hash Init function
323 HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function
324 HASH_FINAL HashFinal; ///< Pointer to Hash Final function
325} HASH_TABLE;
326
327typedef struct {
328 WIN_CERTIFICATE Hdr;
329 UINT8 CertData[1];
330} WIN_CERTIFICATE_EFI_PKCS;
331
332
333/**
334 This function publish the SecureBoot configuration Form.
335
336 @param[in, out] PrivateData Points to SecureBoot configuration private data.
337
338 @retval EFI_SUCCESS HII Form is installed successfully.
339 @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
340 @retval Others Other errors as indicated.
341
342**/
343EFI_STATUS
344InstallSecureBootConfigForm (
345 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
346 );
347
348
349/**
350 This function removes SecureBoot configuration Form.
351
352 @param[in, out] PrivateData Points to SecureBoot configuration private data.
353
354**/
355VOID
356UninstallSecureBootConfigForm (
357 IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
358 );
359
360
361/**
362 This function allows a caller to extract the current configuration for one
363 or more named elements from the target driver.
364
365 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
366 @param[in] Request A null-terminated Unicode string in
367 <ConfigRequest> format.
368 @param[out] Progress On return, points to a character in the Request
369 string. Points to the string's null terminator if
370 request was successful. Points to the most recent
371 '&' before the first failing name/value pair (or
372 the beginning of the string if the failure is in
373 the first name/value pair) if the request was not
374 successful.
375 @param[out] Results A null-terminated Unicode string in
376 <ConfigAltResp> format which has all values filled
377 in for the names in the Request string. String to
378 be allocated by the called function.
379
380 @retval EFI_SUCCESS The Results is filled with the requested values.
381 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
382 @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
383 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
384 driver.
385
386**/
387EFI_STATUS
388EFIAPI
389SecureBootExtractConfig (
390 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
391 IN CONST EFI_STRING Request,
392 OUT EFI_STRING *Progress,
393 OUT EFI_STRING *Results
394 );
395
396
397/**
398 This function processes the results of changes in configuration.
399
400 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
401 @param[in] Configuration A null-terminated Unicode string in <ConfigResp>
402 format.
403 @param[out] Progress A pointer to a string filled in with the offset of
404 the most recent '&' before the first failing
405 name/value pair (or the beginning of the string if
406 the failure is in the first name/value pair) or
407 the terminating NULL if all was successful.
408
409 @retval EFI_SUCCESS The Results is processed successfully.
410 @retval EFI_INVALID_PARAMETER Configuration is NULL.
411 @retval EFI_NOT_FOUND Routing data doesn't match any storage in this
412 driver.
413
414**/
415EFI_STATUS
416EFIAPI
417SecureBootRouteConfig (
418 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
419 IN CONST EFI_STRING Configuration,
420 OUT EFI_STRING *Progress
421 );
422
423
424/**
425 This function processes the results of changes in configuration.
426
427 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
428 @param[in] Action Specifies the type of action taken by the browser.
429 @param[in] QuestionId A unique value which is sent to the original
430 exporting driver so that it can identify the type
431 of data to expect.
432 @param[in] Type The type of value for the question.
433 @param[in] Value A pointer to the data being sent to the original
434 exporting driver.
435 @param[out] ActionRequest On return, points to the action requested by the
436 callback function.
437
438 @retval EFI_SUCCESS The callback successfully handled the action.
439 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
440 variable and its data.
441 @retval EFI_DEVICE_ERROR The variable could not be saved.
442 @retval EFI_UNSUPPORTED The specified Action is not supported by the
443 callback.
444
445**/
446EFI_STATUS
447EFIAPI
448SecureBootCallback (
449 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
450 IN EFI_BROWSER_ACTION Action,
451 IN EFI_QUESTION_ID QuestionId,
452 IN UINT8 Type,
453 IN EFI_IFR_TYPE_VALUE *Value,
454 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
455 );
456
457
458/**
459 This function converts an input device structure to a Unicode string.
460
461 @param[in] DevPath A pointer to the device path structure.
462
463 @return A new allocated Unicode string that represents the device path.
464
465**/
466CHAR16 *
467EFIAPI
468DevicePathToStr (
469 IN EFI_DEVICE_PATH_PROTOCOL *DevPath
470 );
471
472
473/**
474 Clean up the dynamic opcode at label and form specified by both LabelId.
475
476 @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
477 @param[in] PrivateData Module private data.
478
479**/
480VOID
481CleanUpPage (
482 IN UINT16 LabelId,
483 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
484 );
485
486
487/**
488 Update the file explorer page with the refreshed file system.
489
490 @param[in] PrivateData Module private data.
491 @param[in] KeyValue Key value to identify the type of data to expect.
492
493 @retval TRUE Inform the caller to create a callback packet to exit file explorer.
494 @retval FALSE Indicate that there is no need to exit file explorer.
495
496**/
497BOOLEAN
498UpdateFileExplorer (
499 IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
500 IN UINT16 KeyValue
501 );
502
503
504/**
505 Free resources allocated in Allocate Rountine.
506
507 @param[in, out] MenuOption Menu to be freed
508
509**/
510VOID
511FreeMenu (
512 IN OUT SECUREBOOT_MENU_OPTION *MenuOption
513 );
514
515
516/**
517 Read file content into BufferPtr, the size of the allocate buffer
518 is *FileSize plus AddtionAllocateSize.
519
520 @param[in] FileHandle The file to be read.
521 @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
522 @param[out] FileSize Size of input file
523 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
524 In case the buffer need to contain others besides the file content.
525
526 @retval EFI_SUCCESS The file was read into the buffer.
527 @retval EFI_INVALID_PARAMETER A parameter was invalid.
528 @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
529 @retval others Unexpected error.
530
531**/
532EFI_STATUS
533ReadFileContent (
534 IN EFI_FILE_HANDLE FileHandle,
535 IN OUT VOID **BufferPtr,
536 OUT UINTN *FileSize,
537 IN UINTN AddtionAllocateSize
538 );
539
540
541/**
542 Close an open file handle.
543
544 @param[in] FileHandle The file handle to close.
545
546**/
547VOID
548CloseFile (
549 IN EFI_FILE_HANDLE FileHandle
550 );
551
552
553/**
554 Converts a nonnegative integer to an octet string of a specified length.
555
556 @param[in] Integer Pointer to the nonnegative integer to be converted
557 @param[in] IntSizeInWords Length of integer buffer in words
558 @param[out] OctetString Converted octet string of the specified length
559 @param[in] OSSizeInBytes Intended length of resulting octet string in bytes
560
561Returns:
562
563 @retval EFI_SUCCESS Data conversion successfully
564 @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
565
566**/
567EFI_STATUS
568EFIAPI
569Int2OctStr (
570 IN CONST UINTN *Integer,
571 IN UINTN IntSizeInWords,
572 OUT UINT8 *OctetString,
573 IN UINTN OSSizeInBytes
574 );
575
576
577/**
578 Convert a String to Guid Value.
579
580 @param[in] Str Specifies the String to be converted.
581 @param[in] StrLen Number of Unicode Characters of String (exclusive \0)
582 @param[out] Guid Return the result Guid value.
583
584 @retval EFI_SUCCESS The operation is finished successfully.
585 @retval EFI_NOT_FOUND Invalid string.
586
587**/
588EFI_STATUS
589StringToGuid (
590 IN CHAR16 *Str,
591 IN UINTN StrLen,
592 OUT EFI_GUID *Guid
593 );
594
595
596/**
597 Worker function that prints an EFI_GUID into specified Buffer.
598
599 @param[in] Guid Pointer to GUID to print.
600 @param[in] Buffer Buffer to print Guid into.
601 @param[in] BufferSize Size of Buffer.
602
603 @retval Number of characters printed.
604
605**/
606UINTN
607GuidToString (
608 IN EFI_GUID *Guid,
609 IN CHAR16 *Buffer,
610 IN UINTN BufferSize
611 );
612
613#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette