Changeset 58466 in vbox for trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated
- Timestamp:
- Oct 29, 2015 4:30:44 AM (9 years ago)
- Location:
- trunk/src/VBox/Devices/EFI/Firmware
- Files:
-
- 30 edited
-
. (modified) (1 prop)
-
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c (modified) (22 diffs)
-
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h (modified) (4 diffs)
-
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf (modified) (4 diffs)
-
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/InitVariable.c (modified) (2 diffs)
-
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Reclaim.c (modified) (1 diff)
-
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c (modified) (68 diffs)
-
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h (modified) (11 diffs)
-
SecurityPkg/VariableAuthenticated/Pei/Variable.c (modified) (14 diffs)
-
SecurityPkg/VariableAuthenticated/Pei/Variable.h (modified) (6 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c (modified) (41 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h (modified) (4 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/Measurement.c (modified) (4 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/Reclaim.c (modified) (1 diff)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c (modified) (23 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h (modified) (16 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf (modified) (3 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c (modified) (31 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf (modified) (7 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c (modified) (26 diffs)
-
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf (modified) (5 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr (modified) (32 diffs, 1 prop)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c (modified) (8 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf (modified) (3 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c (modified) (17 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c (modified) (131 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h (modified) (9 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c (modified) (13 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h (modified) (3 diffs)
-
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni (modified) (1 prop) ( previous)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Devices/EFI/Firmware
- Property svn:mergeinfo changed
/vendor/edk2/current merged: 103769-103776
- Property svn:mergeinfo changed
-
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
r58459 r58466 4 4 5 5 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 9 http://opensource.org/licenses/bsd-license.php 10 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 13 … … 62 62 ASSERT (mVariableModuleGlobal->HashContext[Physical] != NULL); 63 63 // 64 // Check "AuthVarKeyDatabase" variable's existence. 65 // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 64 // Check "AuthVarKeyDatabase" variable's existence. 65 // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 66 66 // 67 67 Status = FindVariable ( 68 mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB], 69 &gEfiAuthenticatedVariableGuid, 70 &Variable, 68 mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB], 69 &gEfiAuthenticatedVariableGuid, 70 &Variable, 71 71 &mVariableModuleGlobal->VariableGlobal[Physical], 72 72 mVariableModuleGlobal->FvbInstance … … 97 97 // 98 98 Valid = IsValidVariableHeader ( 99 Variable.CurrPtr, 100 Variable.Volatile, 101 &mVariableModuleGlobal->VariableGlobal[Physical], 102 mVariableModuleGlobal->FvbInstance, 99 Variable.CurrPtr, 100 Variable.Volatile, 101 &mVariableModuleGlobal->VariableGlobal[Physical], 102 mVariableModuleGlobal->FvbInstance, 103 103 &VariableHeader 104 104 ); … … 118 118 } 119 119 // 120 // Check "SetupMode" variable's existence. 120 // Check "SetupMode" variable's existence. 121 121 // If it doesn't exist, check PK database's existence to determine the value. 122 // Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 122 // Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 123 123 // 124 124 Status = FindVariable ( 125 mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE], 126 &gEfiGlobalVariableGuid, 127 &Variable, 125 mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE], 126 &gEfiGlobalVariableGuid, 127 &Variable, 128 128 &mVariableModuleGlobal->VariableGlobal[Physical], 129 129 mVariableModuleGlobal->FvbInstance … … 132 132 if (Variable.CurrPtr == 0x0) { 133 133 Status = FindVariable ( 134 mVariableModuleGlobal->VariableName[Physical][VAR_PLATFORM_KEY], 135 &gEfiGlobalVariableGuid, 136 &Variable, 134 mVariableModuleGlobal->VariableName[Physical][VAR_PLATFORM_KEY], 135 &gEfiGlobalVariableGuid, 136 &Variable, 137 137 &mVariableModuleGlobal->VariableGlobal[Physical], 138 138 mVariableModuleGlobal->FvbInstance … … 170 170 } 171 171 // 172 // Check "SignatureSupport" variable's existence. 173 // If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 172 // Check "SignatureSupport" variable's existence. 173 // If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 174 174 // 175 175 Status = FindVariable ( 176 EFI_SIGNATURE_SUPPORT_NAME, 177 &gEfiGlobalVariableGuid, 178 &Variable, 176 EFI_SIGNATURE_SUPPORT_NAME, 177 &gEfiGlobalVariableGuid, 178 &Variable, 179 179 &mVariableModuleGlobal->VariableGlobal[Physical], 180 180 mVariableModuleGlobal->FvbInstance … … 365 365 Rsa = RsaNew (); 366 366 ASSERT (Rsa != NULL); 367 // 367 // 368 368 // Set RSA Key Components. 369 369 // NOTE: Only N and E are needed to be set as RSA public key for signature verification. … … 381 381 // 382 382 Status = RsaPkcs1Verify ( 383 Rsa, 384 Digest, 385 SHA256_DIGEST_SIZE, 386 CertBlock->Signature, 383 Rsa, 384 Digest, 385 SHA256_DIGEST_SIZE, 386 CertBlock->Signature, 387 387 EFI_CERT_TYPE_RSA2048_SHA256_SIZE 388 388 ); … … 420 420 421 421 Status = FindVariable ( 422 Global->VariableName[VirtualMode][VAR_SETUP_MODE], 423 Global->GlobalVariableGuid[VirtualMode], 424 &Variable, 422 Global->VariableName[VirtualMode][VAR_SETUP_MODE], 423 Global->GlobalVariableGuid[VirtualMode], 424 &Variable, 425 425 &Global->VariableGlobal[VirtualMode], 426 426 Global->FvbInstance … … 460 460 461 461 @retval EFI_INVALID_PARAMETER Invalid parameter. 462 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 463 check carried out by the firmware. 462 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 463 check carried out by the firmware. 464 464 @retval EFI_SUCCESS The variable passed validation successfully. 465 465 … … 508 508 if (Variable->CurrPtr != 0x0) { 509 509 Valid = IsValidVariableHeader ( 510 Variable->CurrPtr, 511 Variable->Volatile, 512 &Global->VariableGlobal[VirtualMode], 513 Global->FvbInstance, 510 Variable->CurrPtr, 511 Variable->Volatile, 512 &Global->VariableGlobal[VirtualMode], 513 Global->FvbInstance, 514 514 &VariableHeader 515 515 ); … … 527 527 // 528 528 Status = FindVariable ( 529 Global->VariableName[VirtualMode][VAR_PLATFORM_KEY], 530 Global->GlobalVariableGuid[VirtualMode], 531 &PkVariable, 529 Global->VariableName[VirtualMode][VAR_PLATFORM_KEY], 530 Global->GlobalVariableGuid[VirtualMode], 531 &PkVariable, 532 532 &Global->VariableGlobal[VirtualMode], 533 533 Global->FvbInstance … … 549 549 if (!EFI_ERROR (Status)) { 550 550 Status = UpdateVariable ( 551 VariableName, 552 VendorGuid, 553 (UINT8*)Data + AUTHINFO_SIZE, 554 DataSize - AUTHINFO_SIZE, 555 Attributes, 556 0, 557 CertData->MonotonicCount, 558 VirtualMode, 551 VariableName, 552 VendorGuid, 553 (UINT8*)Data + AUTHINFO_SIZE, 554 DataSize - AUTHINFO_SIZE, 555 Attributes, 556 0, 557 CertData->MonotonicCount, 558 VirtualMode, 559 559 Global, 560 560 Variable … … 597 597 598 598 @retval EFI_INVALID_PARAMETER Invalid parameter. 599 @retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation 600 check carried out by the firmware. 599 @retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation 600 check carried out by the firmware. 601 601 @retval EFI_SUCCESS The variable passed validation successfully. 602 602 … … 641 641 if (Variable->CurrPtr != 0x0) { 642 642 Valid = IsValidVariableHeader ( 643 Variable->CurrPtr, 644 Variable->Volatile, 645 &Global->VariableGlobal[VirtualMode], 646 Global->FvbInstance, 643 Variable->CurrPtr, 644 Variable->Volatile, 645 &Global->VariableGlobal[VirtualMode], 646 Global->FvbInstance, 647 647 &VariableHeader 648 648 ); … … 660 660 // 661 661 Status = FindVariable ( 662 Global->VariableName[VirtualMode][VAR_KEY_EXCHANGE_KEY], 663 Global->GlobalVariableGuid[VirtualMode], 664 &KekVariable, 662 Global->VariableName[VirtualMode][VAR_KEY_EXCHANGE_KEY], 663 Global->GlobalVariableGuid[VirtualMode], 664 &KekVariable, 665 665 &Global->VariableGlobal[VirtualMode], 666 666 Global->FvbInstance … … 699 699 if (!EFI_ERROR (Status)) { 700 700 Status = UpdateVariable ( 701 VariableName, 702 VendorGuid, 703 (UINT8*)Data + AUTHINFO_SIZE, 704 DataSize - AUTHINFO_SIZE, 705 Attributes, 706 0, 707 CertData->MonotonicCount, 701 VariableName, 702 VendorGuid, 703 (UINT8*)Data + AUTHINFO_SIZE, 704 DataSize - AUTHINFO_SIZE, 705 Attributes, 706 0, 707 CertData->MonotonicCount, 708 708 VirtualMode, 709 709 Global, … … 716 716 // 717 717 Status = UpdateVariable ( 718 VariableName, 719 VendorGuid, 720 Data, 721 DataSize, 722 Attributes, 723 0, 724 0, 718 VariableName, 719 VendorGuid, 720 Data, 721 DataSize, 722 Attributes, 723 0, 724 0, 725 725 VirtualMode, 726 726 Global, … … 749 749 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 750 750 @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 751 set, but the AuthInfo does NOT pass the validation 752 check carried out by the firmware. 751 set, but the AuthInfo does NOT pass the validation 752 check carried out by the firmware. 753 753 @retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully. 754 754 … … 790 790 if (Variable->CurrPtr != 0x0) { 791 791 Valid = IsValidVariableHeader ( 792 Variable->CurrPtr, 793 Variable->Volatile, 794 &Global->VariableGlobal[VirtualMode], 795 Global->FvbInstance, 792 Variable->CurrPtr, 793 Variable->Volatile, 794 &Global->VariableGlobal[VirtualMode], 795 Global->FvbInstance, 796 796 &VariableHeader 797 797 ); … … 821 821 IsFirstTime = FALSE; 822 822 } 823 } else if (Valid && (VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) { 823 } else if (Valid && (VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) { 824 824 // 825 825 // If the variable is already write-protected, it always needs authentication before update. … … 865 865 return EFI_SECURITY_VIOLATION; 866 866 } 867 } 867 } 868 868 // 869 869 // Verify the certificate in Data payload. -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h
r48674 r58466 4 4 5 5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 9 http://opensource.org/licenses/bsd-license.php 10 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 13 … … 47 47 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. 48 48 @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 49 set, but the AuthInfo does NOT pass the validation 50 check carried out by the firmware. 49 set, but the AuthInfo does NOT pass the validation 50 check carried out by the firmware. 51 51 @retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully. 52 52 … … 100 100 101 101 @retval EFI_INVALID_PARAMETER Invalid parameter. 102 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 103 check carried out by the firmware. 102 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 103 check carried out by the firmware. 104 104 @retval EFI_SUCCESS The variable passed validation successfully. 105 105 … … 132 132 133 133 @retval EFI_INVALID_PARAMETER Invalid parameter. 134 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 135 check carried out by the firmware. 134 @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation 135 check carried out by the firmware. 136 136 @retval EFI_SUCCESS The variable passed validation successfully. 137 137 -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf
r58459 r58466 30 30 # VALID_ARCHITECTURES = IPF 31 31 # 32 # VIRTUAL_ADDRESS_MAP_CALLBACK = VariableClassAddressChangeEvent 32 # VIRTUAL_ADDRESS_MAP_CALLBACK = VariableClassAddressChangeEvent 33 33 # 34 34 … … 74 74 ## PRODUCES ## Variable:L"SignatureSupport" 75 75 gEfiGlobalVariableGuid 76 76 77 77 ## PRODUCES ## GUID # Variable store header 78 78 ## CONSUMES ## GUID # Variable store header … … 80 80 ## SOMETIMES_PRODUCES ## SystemTable 81 81 gEfiAuthenticatedVariableGuid 82 82 83 83 gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event 84 84 gEfiCertRsa2048Sha256Guid ## CONSUMES ## GUID # Unique ID for the format of the CertType. … … 95 95 gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES 96 96 gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES 97 97 98 98 [FeaturePcd.common] 99 99 gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. 100 100 101 101 [Depex] 102 gEfiExtendedSalFvBlockServicesProtocolGuid AND gEfiFaultTolerantWriteProtocolGuid 102 gEfiExtendedSalFvBlockServicesProtocolGuid AND gEfiFaultTolerantWriteProtocolGuid 103 103 104 104 [UserExtensions.TianoCore."ExtraFiles"] -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/InitVariable.c
r48674 r58466 3 3 4 4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 8 http://opensource.org/licenses/bsd-license.php 9 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 12 … … 56 56 { 57 57 SAL_RETURN_REGS ReturnVal; 58 58 59 59 ReturnVal.r9 = 0; 60 60 ReturnVal.r10 = 0; -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Reclaim.c
r48674 r58466 4 4 5 5 Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 9 http://opensource.org/licenses/bsd-license.php 10 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 13 -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c
r58459 r58466 3 3 4 4 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 8 http://opensource.org/licenses/bsd-license.php 9 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 12 … … 163 163 return EFI_INVALID_PARAMETER; 164 164 } 165 165 166 166 // 167 167 // For volatile variable, a simple memory copy is enough. … … 182 182 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, 183 183 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, 184 GetPhysicalAddressFunctionId, 185 Instance, 186 (UINT64) &FvVolHdr, 187 0, 188 0, 189 0, 190 0, 184 GetPhysicalAddressFunctionId, 185 Instance, 186 (UINT64) &FvVolHdr, 187 0, 188 0, 189 0, 190 0, 191 191 0 192 192 ).Status; … … 200 200 return EFI_INVALID_PARAMETER; 201 201 } 202 202 203 203 LinearOffset = (UINTN) FwVolHeader; 204 204 CurrWritePtr = StartAddress; … … 228 228 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, 229 229 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, 230 WriteFunctionId, 231 Instance, 232 LbaNumber, 233 (CurrWritePtr - LinearOffset), 234 (UINT64) &CurrWriteSize, 235 (UINT64) CurrBuffer, 236 0, 230 WriteFunctionId, 231 Instance, 232 LbaNumber, 233 (CurrWritePtr - LinearOffset), 234 (UINT64) &CurrWriteSize, 235 (UINT64) CurrBuffer, 236 0, 237 237 0 238 238 ).Status; … … 241 241 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, 242 242 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, 243 ReadFunctionId, 244 Instance, 245 LbaNumber, 246 (CurrWritePtr - LinearOffset), 247 (UINT64) &CurrWriteSize, 248 (UINT64) CurrBuffer, 249 0, 243 ReadFunctionId, 244 Instance, 245 LbaNumber, 246 (CurrWritePtr - LinearOffset), 247 (UINT64) &CurrWriteSize, 248 (UINT64) CurrBuffer, 249 0, 250 250 0 251 251 ).Status; … … 261 261 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, 262 262 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, 263 WriteFunctionId, 264 Instance, 265 LbaNumber, 266 (CurrWritePtr - LinearOffset), 267 (UINT64) &Size, 268 (UINT64) CurrBuffer, 269 0, 263 WriteFunctionId, 264 Instance, 265 LbaNumber, 266 (CurrWritePtr - LinearOffset), 267 (UINT64) &Size, 268 (UINT64) CurrBuffer, 269 0, 270 270 0 271 271 ).Status; … … 274 274 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, 275 275 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, 276 ReadFunctionId, 277 Instance, 278 LbaNumber, 279 (CurrWritePtr - LinearOffset), 280 (UINT64) &Size, 281 (UINT64) CurrBuffer, 282 0, 276 ReadFunctionId, 277 Instance, 278 LbaNumber, 279 (CurrWritePtr - LinearOffset), 280 (UINT64) &Size, 281 (UINT64) CurrBuffer, 282 0, 283 283 0 284 284 ).Status; … … 333 333 VarStoreAddress, 334 334 sizeof (VARIABLE_STORE_HEADER), 335 VarStoreHeader 335 VarStoreHeader 336 336 ); 337 337 ASSERT_EFI_ERROR (Status); … … 373 373 VariableAddress, 374 374 sizeof (VARIABLE_HEADER), 375 &LocalVariableHeader 375 &LocalVariableHeader 376 376 ); 377 377 … … 521 521 Address, 522 522 VariableHeader.NameSize, 523 VariableName 523 VariableName 524 524 ); 525 525 ASSERT_EFI_ERROR (Status); … … 572 572 Address, 573 573 VariableHeader.DataSize, 574 VariableData 574 VariableData 575 575 ); 576 576 ASSERT_EFI_ERROR (Status); … … 627 627 Gets the pointer to the first variable header in given variable store area. 628 628 629 This function gets the pointer to the first variable header in given variable 629 This function gets the pointer to the first variable header in given variable 630 630 store area. The variable store area is given by its start address. 631 631 … … 676 676 VarStoreHeaderAddress, 677 677 sizeof (VARIABLE_STORE_HEADER), 678 &VariableStoreHeader 678 &VariableStoreHeader 679 679 ); 680 680 … … 686 686 Updates variable info entry in EFI system table for statistical information. 687 687 688 Routine used to track statistical information about variable usage. 688 Routine used to track statistical information about variable usage. 689 689 The data is stored in the EFI system table so it can be accessed later. 690 VariableInfo.efi can dump out the table. Only Boot Services variable 690 VariableInfo.efi can dump out the table. Only Boot Services variable 691 691 accesses are tracked by this code. The PcdVariableCollectStatistics 692 build flag controls if this feature is enabled. 693 A read that hits in the cache will have Read and Cache true for 692 build flag controls if this feature is enabled. 693 A read that hits in the cache will have Read and Cache true for 694 694 the transaction. Data is allocated by this routine, but never 695 695 freed. … … 743 743 } 744 744 745 745 746 746 for (Entry = gVariableInfo; Entry != NULL; Entry = Entry->Next) { 747 747 if (CompareGuid (VendorGuid, &Entry->VendorGuid)) { … … 827 827 for (Index = 0, Entry = mVariableCache; Index < sizeof (mVariableCache)/sizeof (VARIABLE_CACHE_ENTRY); Index++, Entry++) { 828 828 if (CompareGuid (VendorGuid, Entry->Guid)) { 829 if (StrCmp (VariableName, Entry->Name) == 0) { 829 if (StrCmp (VariableName, Entry->Name) == 0) { 830 830 Entry->Attributes = Attributes; 831 831 if (DataSize == 0) { … … 929 929 } 930 930 } 931 931 932 932 return EFI_NOT_FOUND; 933 933 } … … 1004 1004 } 1005 1005 while (IsValidVariableHeader (Variable[Index], Volatile, Global, Instance, &VariableHeader)) { 1006 if (VariableHeader.State == VAR_ADDED || 1006 if (VariableHeader.State == VAR_ADDED || 1007 1007 VariableHeader.State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED) 1008 1008 ) { … … 1163 1163 // Collect VAR_ADDED variables, and variables in delete transition status. 1164 1164 // 1165 if (VariableHeader.State == VAR_ADDED || 1165 if (VariableHeader.State == VAR_ADDED || 1166 1166 VariableHeader.State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED) 1167 1167 ) { … … 1174 1174 1175 1175 // 1176 // Reserve the 1 Bytes with Oxff to identify the 1177 // end of the variable buffer. 1178 // 1176 // Reserve the 1 Bytes with Oxff to identify the 1177 // end of the variable buffer. 1178 // 1179 1179 MaximumBufferSize += 1; 1180 1180 ValidBuffer = AllocatePool (MaximumBufferSize); … … 1193 1193 // 1194 1194 // Reinstall all ADDED variables 1195 // 1195 // 1196 1196 Variable = GetStartPointer (VariableBase); 1197 1197 while (IsValidVariableHeader (Variable, IsVolatile, VariableGlobal, Instance, &VariableHeader)) { … … 1211 1211 // 1212 1212 // Reinstall in delete transition variables 1213 // 1213 // 1214 1214 Variable = GetStartPointer (VariableBase); 1215 1215 while (IsValidVariableHeader (Variable, IsVolatile, VariableGlobal, Instance, &VariableHeader)) { … … 1218 1218 1219 1219 // 1220 // Buffer has cached all ADDED variable. 1220 // Buffer has cached all ADDED variable. 1221 1221 // Per IN_DELETED variable, we have to guarantee that 1222 // no ADDED one in previous buffer. 1223 // 1222 // no ADDED one in previous buffer. 1223 // 1224 1224 FoundAdded = FALSE; 1225 1225 AddedVariable = GetStartPointer ((EFI_PHYSICAL_ADDRESS) ValidBuffer); … … 1328 1328 IN CHAR8 *Lang, 1329 1329 IN BOOLEAN Iso639Language 1330 ) 1330 ) 1331 1331 { 1332 1332 UINTN Index; … … 1363 1363 // 1364 1364 for (CompareLength = 0; SupportedLang[CompareLength] != '\0' && SupportedLang[CompareLength] != ';'; CompareLength++); 1365 1366 if ((CompareLength == LanguageLength) && 1365 1366 if ((CompareLength == LanguageLength) && 1367 1367 (AsciiStrnCmp (Lang, SupportedLang, CompareLength) == 0)) { 1368 1368 // … … 1466 1466 1467 1467 /** 1468 Returns a pointer to an allocated buffer that contains the best matching language 1469 from a set of supported languages. 1470 1471 This function supports both ISO 639-2 and RFC 4646 language codes, but language 1468 Returns a pointer to an allocated buffer that contains the best matching language 1469 from a set of supported languages. 1470 1471 This function supports both ISO 639-2 and RFC 4646 language codes, but language 1472 1472 code types may not be mixed in a single call to this function. This function 1473 1473 supports a variable argument list that allows the caller to pass in a prioritized … … 1477 1477 1478 1478 @param[in] SupportedLanguages A pointer to a Null-terminated ASCII string that 1479 contains a set of language codes in the format 1479 contains a set of language codes in the format 1480 1480 specified by Iso639Language. 1481 1481 @param[in] Iso639Language If TRUE, then all language codes are assumed to be … … 1483 1483 codes are assumed to be in RFC 4646 language format. 1484 1484 @param[in] VirtualMode Current calling mode for this function. 1485 @param[in] ... A variable argument list that contains pointers to 1485 @param[in] ... A variable argument list that contains pointers to 1486 1486 Null-terminated ASCII strings that contain one or more 1487 1487 language codes in the format specified by Iso639Language. 1488 1488 The first language code from each of these language 1489 1489 code lists is used to determine if it is an exact or 1490 close match to any of the language codes in 1490 close match to any of the language codes in 1491 1491 SupportedLanguages. Close matches only apply to RFC 4646 1492 1492 language codes, and the matching algorithm from RFC 4647 1493 is used to determine if a close match is present. If 1493 is used to determine if a close match is present. If 1494 1494 an exact or close match is found, then the matching 1495 1495 language code from SupportedLanguages is returned. If 1496 1496 no matches are found, then the next variable argument 1497 parameter is evaluated. The variable argument list 1497 parameter is evaluated. The variable argument list 1498 1498 is terminated by a NULL. 1499 1499 1500 1500 @retval NULL The best matching language could not be found in SupportedLanguages. 1501 @retval NULL There are not enough resources available to return the best matching 1501 @retval NULL There are not enough resources available to return the best matching 1502 1502 language. 1503 @retval Other A pointer to a Null-terminated ASCII string that is the best matching 1503 @retval Other A pointer to a Null-terminated ASCII string that is the best matching 1504 1504 language in SupportedLanguages. 1505 1505 … … 1507 1507 CHAR8 * 1508 1508 VariableGetBestLanguage ( 1509 IN CONST CHAR8 *SupportedLanguages, 1509 IN CONST CHAR8 *SupportedLanguages, 1510 1510 IN BOOLEAN Iso639Language, 1511 1511 IN BOOLEAN VirtualMode, … … 1583 1583 } else { 1584 1584 // 1585 // If RFC 4646 mode, then trim Language from the right to the next '-' character 1585 // If RFC 4646 mode, then trim Language from the right to the next '-' character 1586 1586 // 1587 1587 for (LanguageLength--; LanguageLength > 0 && Language[LanguageLength] != '-'; LanguageLength--); … … 1592 1592 1593 1593 // 1594 // No matches were found 1594 // No matches were found 1595 1595 // 1596 1596 return NULL; … … 1665 1665 1666 1666 // 1667 // PlatformLang holds a single language from PlatformLangCodes, 1667 // PlatformLang holds a single language from PlatformLangCodes, 1668 1668 // so the size of PlatformLangCodes is enough for the PlatformLang. 1669 1669 // … … 1695 1695 } 1696 1696 1697 if (SetLanguageCodes 1697 if (SetLanguageCodes 1698 1698 && (Global->PlatformLangCodes[VirtualMode] != NULL) 1699 1699 && (Global->LangCodes[VirtualMode] != NULL)) { … … 1733 1733 sizeof (DataSize), 1734 1734 &DataSize 1735 ); 1735 ); 1736 1736 ASSERT_EFI_ERROR (Status); 1737 1737 } … … 1812 1812 1813 1813 Status = UpdateVariable ( 1814 PredefinedVariableName[VAR_PLATFORM_LANG], 1815 Global->GlobalVariableGuid[VirtualMode], 1816 BestPlatformLang, 1817 AsciiStrSize (BestPlatformLang), 1818 Attributes, 1814 PredefinedVariableName[VAR_PLATFORM_LANG], 1815 Global->GlobalVariableGuid[VirtualMode], 1816 BestPlatformLang, 1817 AsciiStrSize (BestPlatformLang), 1818 Attributes, 1819 1819 0, 1820 1820 0, 1821 VirtualMode, 1822 Global, 1821 VirtualMode, 1822 Global, 1823 1823 &Variable 1824 1824 ); … … 1832 1832 1833 1833 /** 1834 Update the variable region with Variable information. These are the same 1834 Update the variable region with Variable information. These are the same 1835 1835 arguments as the EFI Variable services. 1836 1836 … … 1841 1841 @param[in] Attributes Attributes of the variable. 1842 1842 @param[in] KeyIndex Index of associated public key. 1843 @param[in] MonotonicCount Value of associated monotonic count. 1843 @param[in] MonotonicCount Value of associated monotonic count. 1844 1844 @param[in] VirtualMode Current calling mode for this function. 1845 1845 @param[in] Global Context of this Extended SAL Variable Services Class call. … … 1857 1857 IN VOID *Data, 1858 1858 IN UINTN DataSize, 1859 IN UINT32 Attributes OPTIONAL, 1859 IN UINT32 Attributes OPTIONAL, 1860 1860 IN UINT32 KeyIndex OPTIONAL, 1861 1861 IN UINT64 MonotonicCount OPTIONAL, … … 1899 1899 // 1900 1900 Volatile = Variable->Volatile; 1901 1902 if (EfiAtRuntime ()) { 1903 // 1904 // If EfiAtRuntime and the variable is Volatile and Runtime Access, 1905 // the volatile is ReadOnly, and SetVariable should be aborted and 1901 1902 if (EfiAtRuntime ()) { 1903 // 1904 // If EfiAtRuntime and the variable is Volatile and Runtime Access, 1905 // the volatile is ReadOnly, and SetVariable should be aborted and 1906 1906 // return EFI_WRITE_PROTECTED. 1907 1907 // … … 1915 1915 if ((VariableHeader.Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) { 1916 1916 Status = EFI_INVALID_PARAMETER; 1917 goto Done; 1917 goto Done; 1918 1918 } 1919 1919 } … … 1922 1922 // specified causes it to be deleted. 1923 1923 // 1924 if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) { 1924 if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) { 1925 1925 State = VariableHeader.State; 1926 1926 State &= VAR_DELETED; … … 1934 1934 sizeof (UINT8), 1935 1935 &State 1936 ); 1936 ); 1937 1937 if (!EFI_ERROR (Status)) { 1938 1938 UpdateVariableInfo (VariableName, VendorGuid, Volatile, FALSE, FALSE, TRUE, FALSE); 1939 1939 UpdateVariableCache (VariableName, VendorGuid, Attributes, DataSize, Data); 1940 1940 } 1941 goto Done; 1941 goto Done; 1942 1942 } 1943 1943 // … … 1972 1972 sizeof (UINT8), 1973 1973 &State 1974 ); 1974 ); 1975 1975 if (EFI_ERROR (Status)) { 1976 goto Done; 1977 } 1978 } 1976 goto Done; 1977 } 1978 } 1979 1979 } else { 1980 1980 // 1981 1981 // Create a new variable 1982 // 1983 1982 // 1983 1984 1984 // 1985 1985 // Make sure we are trying to create a new variable. 1986 // Setting a data variable with no access, or zero DataSize attributes means to delete it. 1986 // Setting a data variable with no access, or zero DataSize attributes means to delete it. 1987 1987 // 1988 1988 if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) { … … 1990 1990 goto Done; 1991 1991 } 1992 1992 1993 1993 // 1994 1994 // Only variable have NV|RT attribute can be created in Runtime … … 1998 1998 Status = EFI_INVALID_PARAMETER; 1999 1999 goto Done; 2000 } 2000 } 2001 2001 } 2002 2002 … … 2051 2051 // 2052 2052 Volatile = FALSE; 2053 2053 2054 2054 GetVarStoreHeader (VariableGlobal->NonVolatileVariableBase, FALSE, VariableGlobal, Instance, &VariableStoreHeader); 2055 if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) 2055 if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) 2056 2056 && ((HEADER_ALIGN (VarSize) + Global->HwErrVariableTotalSize) > PcdGet32(PcdHwErrStorageSize))) 2057 || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) 2057 || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) 2058 2058 && ((HEADER_ALIGN (VarSize) + Global->CommonVariableTotalSize) > VariableStoreHeader.Size - sizeof (VARIABLE_STORE_HEADER) - PcdGet32(PcdHwErrStorageSize)))) { 2059 2059 if (EfiAtRuntime ()) { … … 2073 2073 // If still no enough space, return out of resources 2074 2074 // 2075 if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) 2075 if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) 2076 2076 && ((HEADER_ALIGN (VarSize) + Global->HwErrVariableTotalSize) > PcdGet32(PcdHwErrStorageSize))) 2077 || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) 2077 || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) 2078 2078 && ((HEADER_ALIGN (VarSize) + Global->CommonVariableTotalSize) > VariableStoreHeader.Size - sizeof (VARIABLE_STORE_HEADER) - PcdGet32(PcdHwErrStorageSize)))) { 2079 2079 Status = EFI_OUT_OF_RESOURCES; … … 2084 2084 // Four steps 2085 2085 // 1. Write variable header 2086 // 2. Set variable state to header valid 2086 // 2. Set variable state to header valid 2087 2087 // 3. Write variable data 2088 2088 // 4. Set variable state to valid … … 2166 2166 // 2167 2167 // Create a volatile variable 2168 // 2168 // 2169 2169 Volatile = TRUE; 2170 2170 … … 2241 2241 This function implements EsalGetVariable function of Extended SAL Variable Services Class. 2242 2242 It is equivalent in functionality to the EFI Runtime Service GetVariable(). 2243 2243 2244 2244 @param[in] VariableName A Null-terminated Unicode string that is the name of 2245 2245 the vendor's variable. 2246 2246 @param[in] VendorGuid A unique identifier for the vendor. 2247 @param[out] Attributes If not NULL, a pointer to the memory location to return the 2247 @param[out] Attributes If not NULL, a pointer to the memory location to return the 2248 2248 attributes bitmask for the variable. 2249 2249 @param[in, out] DataSize Size of Data found. If size is less than the 2250 2250 data, this value contains the required size. 2251 @param[out] Data On input, the size in bytes of the return Data buffer. 2251 @param[out] Data On input, the size in bytes of the return Data buffer. 2252 2252 On output, the size of data returned in Data. 2253 2253 @param[in] VirtualMode Current calling mode for this function. 2254 2254 @param[in] Global Context of this Extended SAL Variable Services Class call. 2255 2255 2256 @retval EFI_SUCCESS The function completed successfully. 2256 @retval EFI_SUCCESS The function completed successfully. 2257 2257 @retval EFI_NOT_FOUND The variable was not found. 2258 @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has 2258 @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has 2259 2259 been updated with the size needed to complete the request. 2260 2260 @retval EFI_INVALID_PARAMETER VariableName is NULL. … … 2350 2350 UpdateVariableInfo (VariableName, VendorGuid, Variable.Volatile, TRUE, FALSE, FALSE, FALSE); 2351 2351 UpdateVariableCache (VariableName, VendorGuid, VariableHeader.Attributes, VarDataSize, Data); 2352 2352 2353 2353 Status = EFI_SUCCESS; 2354 2354 goto Done; … … 2372 2372 This function implements EsalGetNextVariableName function of Extended SAL Variable Services Class. 2373 2373 It is equivalent in functionality to the EFI Runtime Service GetNextVariableName(). 2374 2374 2375 2375 @param[in, out] VariableNameSize Size of the variable 2376 2376 @param[in, out] VariableName On input, supplies the last VariableName that was returned by GetNextVariableName(). 2377 2377 On output, returns the Null-terminated Unicode string of the current variable. 2378 2378 @param[in, out] VendorGuid On input, supplies the last VendorGuid that was returned by GetNextVariableName(). 2379 On output, returns the VendorGuid of the current variable. 2379 On output, returns the VendorGuid of the current variable. 2380 2380 @param[in] VirtualMode Current calling mode for this function. 2381 2381 @param[in] Global Context of this Extended SAL Variable Services Class call. 2382 2382 2383 @retval EFI_SUCCESS The function completed successfully. 2383 @retval EFI_SUCCESS The function completed successfully. 2384 2384 @retval EFI_NOT_FOUND The next variable was not found. 2385 @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. 2385 @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. 2386 2386 VariableNameSize has been updated with the size needed to complete the request. 2387 2387 @retval EFI_INVALID_PARAMETER VariableNameSize is NULL. … … 2513 2513 This function implements EsalSetVariable function of Extended SAL Variable Services Class. 2514 2514 It is equivalent in functionality to the EFI Runtime Service SetVariable(). 2515 2515 2516 2516 @param[in] VariableName A Null-terminated Unicode string that is the name of the vendor's 2517 variable. Each VariableName is unique for each 2518 VendorGuid. VariableName must contain 1 or more 2519 Unicode characters. If VariableName is an empty Unicode 2517 variable. Each VariableName is unique for each 2518 VendorGuid. VariableName must contain 1 or more 2519 Unicode characters. If VariableName is an empty Unicode 2520 2520 string, then EFI_INVALID_PARAMETER is returned. 2521 2521 @param[in] VendorGuid A unique identifier for the vendor. … … 2527 2527 @param[in] Global Context of this Extended SAL Variable Services Class call. 2528 2528 2529 @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as 2529 @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as 2530 2530 defined by the Attributes. 2531 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the 2531 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the 2532 2532 DataSize exceeds the maximum allowed. 2533 2533 @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. … … 2567 2567 if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) { 2568 2568 return EFI_INVALID_PARAMETER; 2569 } 2569 } 2570 2570 2571 2571 if (DataSize != 0 && Data == NULL) { … … 2586 2586 // 2587 2587 return EFI_SECURITY_VIOLATION; 2588 } 2589 PayloadSize = DataSize - AUTHINFO_SIZE; 2588 } 2589 PayloadSize = DataSize - AUTHINFO_SIZE; 2590 2590 } else { 2591 PayloadSize = DataSize; 2592 } 2593 2594 2591 PayloadSize = DataSize; 2592 } 2593 2594 2595 2595 if ((UINTN)(~0) - PayloadSize < StrSize(VariableName)){ 2596 2596 // 2597 // Prevent whole variable size overflow 2598 // 2597 // Prevent whole variable size overflow 2598 // 2599 2599 return EFI_INVALID_PARAMETER; 2600 2600 } … … 2626 2626 if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxVariableSize) - sizeof (VARIABLE_HEADER)) { 2627 2627 return EFI_INVALID_PARAMETER; 2628 } 2629 } 2628 } 2629 } 2630 2630 2631 2631 AcquireLockOnlyAtBootTime(&VariableGlobal->VariableServicesLock); … … 2677 2677 // 2678 2678 Status = UpdateVariable ( 2679 VariableName, 2680 VendorGuid, 2681 (UINT8*)Data + AUTHINFO_SIZE, 2682 DataSize - AUTHINFO_SIZE, 2683 Attributes, 2684 KeyIndex, 2685 MonotonicCount, 2686 VirtualMode, 2687 Global, 2679 VariableName, 2680 VendorGuid, 2681 (UINT8*)Data + AUTHINFO_SIZE, 2682 DataSize - AUTHINFO_SIZE, 2683 Attributes, 2684 KeyIndex, 2685 MonotonicCount, 2686 VirtualMode, 2687 Global, 2688 2688 &Variable 2689 2689 ); 2690 2690 } else { 2691 2691 // 2692 // Update variable as usual 2692 // Update variable as usual 2693 2693 // 2694 2694 Status = UpdateVariable ( 2695 VariableName, 2696 VendorGuid, 2697 Data, 2698 DataSize, 2699 Attributes, 2700 0, 2701 0, 2702 VirtualMode, 2703 Global, 2695 VariableName, 2696 VendorGuid, 2697 Data, 2698 DataSize, 2699 Attributes, 2700 0, 2701 0, 2702 VirtualMode, 2703 Global, 2704 2704 &Variable 2705 2705 ); … … 2721 2721 @param[in] Attributes Attributes bitmask to specify the type of variables 2722 2722 on which to return information. 2723 @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for 2724 the EFI variables associated with the attributes specified. 2725 @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI 2723 @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for 2724 the EFI variables associated with the attributes specified. 2725 @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI 2726 2726 variables associated with the attributes specified. 2727 @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable 2727 @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable 2728 2728 associated with the attributes specified. 2729 2729 @param[in] VirtualMode Current calling mode for this function … … 2732 2732 @retval EFI_SUCCESS Valid answer returned. 2733 2733 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied. 2734 @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the 2735 MaximumVariableStorageSize, RemainingVariableStorageSize, 2734 @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the 2735 MaximumVariableStorageSize, RemainingVariableStorageSize, 2736 2736 MaximumVariableSize are undefined. 2737 2737 **/ … … 2765 2765 return EFI_INVALID_PARAMETER; 2766 2766 } 2767 2767 2768 2768 if((Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == 0) { 2769 2769 // 2770 2770 // Make sure the Attributes combination is supported by the platform. 2771 2771 // 2772 return EFI_UNSUPPORTED; 2772 return EFI_UNSUPPORTED; 2773 2773 } else if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) { 2774 2774 // … … 2918 2918 2919 2919 VarSize = ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal[Physical].NonVolatileVariableBase))->Size; 2920 Status = EFI_SUCCESS; 2920 Status = EFI_SUCCESS; 2921 2921 // 2922 2922 //Allowable max size of common variable storage space … … 2925 2925 2926 2926 RemainingCommonVariableSpace = CommonVariableSpace - mVariableModuleGlobal->CommonVariableTotalSize; 2927 2927 2928 2928 RemainingHwErrVariableSpace = PcdGet32 (PcdHwErrStorageSize) - mVariableModuleGlobal->HwErrVariableTotalSize; 2929 2929 // … … 2931 2931 // 2932 2932 if ((RemainingCommonVariableSpace < PcdGet32 (PcdMaxVariableSize)) 2933 || ((PcdGet32 (PcdHwErrStorageSize) != 0) && 2933 || ((PcdGet32 (PcdHwErrStorageSize) != 0) && 2934 2934 (RemainingHwErrVariableSpace < PcdGet32 (PcdMaxHardwareErrorVariableSize)))){ 2935 2935 Status = Reclaim ( … … 3057 3057 // Note that in EdkII variable driver implementation, Hardware Error Record type variable 3058 3058 // is stored with common variable in the same NV region. So the platform integrator should 3059 // ensure that the value of PcdHwErrStorageSize is less than or equal to the value of 3059 // ensure that the value of PcdHwErrStorageSize is less than or equal to the value of 3060 3060 // PcdFlashNvStorageVariableSize. 3061 3061 // … … 3134 3134 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_LO, 3135 3135 EFI_EXTENDED_SAL_FV_BLOCK_SERVICES_PROTOCOL_GUID_HI, 3136 GetPhysicalAddressFunctionId, 3137 Instance, 3138 (UINT64) &FvVolHdr, 3139 0, 3140 0, 3141 0, 3142 0, 3136 GetPhysicalAddressFunctionId, 3137 Instance, 3138 (UINT64) &FvVolHdr, 3139 0, 3140 0, 3141 0, 3142 0, 3143 3143 0 3144 3144 ).Status; … … 3238 3238 // 3239 3239 Status = EfiCreateEventReadyToBootEx ( 3240 TPL_NOTIFY, 3241 ReclaimForOS, 3242 NULL, 3240 TPL_NOTIFY, 3241 ReclaimForOS, 3242 NULL, 3243 3243 &ReadyToBootEvent 3244 3244 ); -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h
r48674 r58466 3 3 4 4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 8 http://opensource.org/licenses/bsd-license.php 9 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 12 … … 64 64 65 65 /// 66 /// The maximum size of the public key database, restricted by maximum individal EFI 66 /// The maximum size of the public key database, restricted by maximum individal EFI 67 67 /// varible size, and excluding the variable header and name size. 68 68 /// … … 192 192 This function implements EsalGetVariable function of Extended SAL Variable Services Class. 193 193 It is equivalent in functionality to the EFI Runtime Service GetVariable(). 194 194 195 195 @param[in] VariableName A Null-terminated Unicode string that is the name of 196 196 the vendor's variable. 197 197 @param[in] VendorGuid A unique identifier for the vendor. 198 @param[out] Attributes If not NULL, a pointer to the memory location to return the 198 @param[out] Attributes If not NULL, a pointer to the memory location to return the 199 199 attributes bitmask for the variable. 200 200 @param[in, out] DataSize Size of Data found. If size is less than the 201 201 data, this value contains the required size. 202 @param[out] Data On input, the size in bytes of the return Data buffer. 202 @param[out] Data On input, the size in bytes of the return Data buffer. 203 203 On output, the size of data returned in Data. 204 204 @param[in] VirtualMode Current calling mode for this function. 205 205 @param[in] Global Context of this Extended SAL Variable Services Class call. 206 206 207 @retval EFI_SUCCESS The function completed successfully. 207 @retval EFI_SUCCESS The function completed successfully. 208 208 @retval EFI_NOT_FOUND The variable was not found. 209 @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has 209 @retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has 210 210 been updated with the size needed to complete the request. 211 211 @retval EFI_INVALID_PARAMETER VariableName is NULL. … … 234 234 This function implements EsalGetNextVariableName function of Extended SAL Variable Services Class. 235 235 It is equivalent in functionality to the EFI Runtime Service GetNextVariableName(). 236 236 237 237 @param[in, out] VariableNameSize Size of the variable 238 238 @param[in, out] VariableName On input, supplies the last VariableName that was returned by GetNextVariableName(). 239 239 On output, returns the Null-terminated Unicode string of the current variable. 240 240 @param[in, out] VendorGuid On input, supplies the last VendorGuid that was returned by GetNextVariableName(). 241 On output, returns the VendorGuid of the current variable. 241 On output, returns the VendorGuid of the current variable. 242 242 @param[in] VirtualMode Current calling mode for this function. 243 243 @param[in] Global Context of this Extended SAL Variable Services Class call. 244 244 245 @retval EFI_SUCCESS The function completed successfully. 245 @retval EFI_SUCCESS The function completed successfully. 246 246 @retval EFI_NOT_FOUND The next variable was not found. 247 @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. 247 @retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result. 248 248 VariableNameSize has been updated with the size needed to complete the request. 249 249 @retval EFI_INVALID_PARAMETER VariableNameSize is NULL. … … 268 268 This function implements EsalSetVariable function of Extended SAL Variable Services Class. 269 269 It is equivalent in functionality to the EFI Runtime Service SetVariable(). 270 270 271 271 @param[in] VariableName A Null-terminated Unicode string that is the name of the vendor's 272 variable. Each VariableName is unique for each 273 VendorGuid. VariableName must contain 1 or more 274 Unicode characters. If VariableName is an empty Unicode 272 variable. Each VariableName is unique for each 273 VendorGuid. VariableName must contain 1 or more 274 Unicode characters. If VariableName is an empty Unicode 275 275 string, then EFI_INVALID_PARAMETER is returned. 276 276 @param[in] VendorGuid A unique identifier for the vendor. … … 282 282 @param[in] Global Context of this Extended SAL Variable Services Class call. 283 283 284 @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as 284 @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as 285 285 defined by the Attributes. 286 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the 286 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the 287 287 DataSize exceeds the maximum allowed. 288 288 @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. … … 315 315 @param[in] Attributes Attributes bitmask to specify the type of variables 316 316 on which to return information. 317 @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for 318 the EFI variables associated with the attributes specified. 319 @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI 317 @param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for 318 the EFI variables associated with the attributes specified. 319 @param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI 320 320 variables associated with the attributes specified. 321 @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable 321 @param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable 322 322 associated with the attributes specified. 323 323 @param[in] VirtualMode Current calling mode for this function … … 326 326 @retval EFI_SUCCESS Valid answer returned. 327 327 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied. 328 @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the 329 MaximumVariableStorageSize, RemainingVariableStorageSize, 328 @retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the 329 MaximumVariableStorageSize, RemainingVariableStorageSize, 330 330 MaximumVariableSize are undefined. 331 331 **/ … … 437 437 438 438 /** 439 Update the variable region with Variable information. These are the same 439 Update the variable region with Variable information. These are the same 440 440 arguments as the EFI Variable services. 441 441 … … 446 446 @param[in] Attributes Attributes of the variable. 447 447 @param[in] KeyIndex Index of associated public key. 448 @param[in] MonotonicCount Value of associated monotonic count. 448 @param[in] MonotonicCount Value of associated monotonic count. 449 449 @param[in] VirtualMode Current calling mode for this function. 450 450 @param[in] Global Context of this Extended SAL Variable Services Class call. … … 462 462 IN VOID *Data, 463 463 IN UINTN DataSize, 464 IN UINT32 Attributes OPTIONAL, 464 IN UINT32 Attributes OPTIONAL, 465 465 IN UINT32 KeyIndex OPTIONAL, 466 466 IN UINT64 MonotonicCount OPTIONAL, -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/Pei/Variable.c
r58459 r58466 1 1 /** @file 2 2 Implement ReadOnly Variable Services required by PEIM and install PEI 3 ReadOnly Varaiable2 PPI. These services operates the non-volatile 3 ReadOnly Varaiable2 PPI. These services operates the non-volatile 4 4 storage space. 5 5 6 6 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 7 This program and the accompanying materials 8 are licensed and made available under the terms and conditions of the BSD License 9 which accompanies this distribution. The full text of the license may be found at 7 This program and the accompanying materials 8 are licensed and made available under the terms and conditions of the BSD License 9 which accompanies this distribution. The full text of the license may be found at 10 10 http://opensource.org/licenses/bsd-license.php 11 11 12 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 13 13 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 14 14 … … 34 34 /** 35 35 Provide the functionality of the variable services. 36 37 @param FileHandle Handle of the file being invoked. 36 37 @param FileHandle Handle of the file being invoked. 38 38 Type EFI_PEI_FILE_HANDLE is defined in FfsFindNextFile(). 39 39 @param PeiServices General purpose services available to every PEIM. … … 193 193 { 194 194 UINTN Value; 195 195 196 196 // 197 197 // Be careful about pad size for alignment … … 451 451 452 452 NvStorageSize = PcdGet32 (PcdFlashNvStorageVariableSize); 453 NvStorageBase = (EFI_PHYSICAL_ADDRESS) (PcdGet64 (PcdFlashNvStorageVariableBase64) != 0 ? 454 PcdGet64 (PcdFlashNvStorageVariableBase64) : 453 NvStorageBase = (EFI_PHYSICAL_ADDRESS) (PcdGet64 (PcdFlashNvStorageVariableBase64) != 0 ? 454 PcdGet64 (PcdFlashNvStorageVariableBase64) : 455 455 PcdGet32 (PcdFlashNvStorageVariableBase) 456 456 ); … … 493 493 break; 494 494 } 495 495 496 496 VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINT8 *) FvHeader + FvHeader->HeaderLength); 497 497 … … 503 503 // If it's the first time to access variable region in flash, create a guid hob to record 504 504 // VAR_ADDED type variable info. 505 // Note that as the resource of PEI phase is limited, only store the limited number of 505 // Note that as the resource of PEI phase is limited, only store the limited number of 506 506 // VAR_ADDED type variables to reduce access time. 507 507 // … … 619 619 EFI_PHYSICAL_ADDRESS SpareAddress; 620 620 UINTN PartialSize; 621 621 622 622 if (StoreInfo->FtwLastWriteData != NULL) { 623 623 TargetAddress = StoreInfo->FtwLastWriteData->TargetAddress; … … 826 826 StoreInfo, 827 827 VariableName, 828 VendorGuid, 828 VendorGuid, 829 829 PtrTrack 830 830 ); … … 840 840 This service retrieves a variable's value using its name and GUID. 841 841 842 Read the specified variable from the UEFI variable store. If the Data 842 Read the specified variable from the UEFI variable store. If the Data 843 843 buffer is too small to hold the contents of the variable, the error 844 844 EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buffer … … 856 856 @retval EFI_SUCCESS The variable was read successfully. 857 857 @retval EFI_NOT_FOUND The variable could not be found. 858 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resulting data. 859 DataSize is updated with the size required for 858 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resulting data. 859 DataSize is updated with the size required for 860 860 the specified variable. 861 861 @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Data is NULL. … … 921 921 Return the next variable name and GUID. 922 922 923 This function is called multiple times to retrieve the VariableName 924 and VariableGuid of all variables currently available in the system. 925 On each call, the previous results are passed into the interface, 926 and, on return, the interface returns the data for the next 927 interface. When the entire variable list has been returned, 923 This function is called multiple times to retrieve the VariableName 924 and VariableGuid of all variables currently available in the system. 925 On each call, the previous results are passed into the interface, 926 and, on return, the interface returns the data for the next 927 interface. When the entire variable list has been returned, 928 928 EFI_NOT_FOUND is returned. 929 929 … … 934 934 @param VariableName On entry, a pointer to a null-terminated string that is the variable's name. 935 935 On return, points to the next variable's null-terminated name string. 936 @param VariableGuid On entry, a pointer to an EFI_GUID that is the variable's GUID. 936 @param VariableGuid On entry, a pointer to an EFI_GUID that is the variable's GUID. 937 937 On return, a pointer to the next variable's GUID. 938 938 … … 1013 1013 } 1014 1014 // 1015 // Capture the case that 1015 // Capture the case that 1016 1016 // 1. current storage is the last one, or 1017 1017 // 2. no further storage … … 1054 1054 &StoreInfoForHob, 1055 1055 GetVariableNamePtr (Variable.CurrPtr), 1056 &VariableHeader->VendorGuid, 1056 &VariableHeader->VendorGuid, 1057 1057 &VariableInHob 1058 1058 ); -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/Pei/Variable.h
r58459 r58466 4 4 5 5 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 9 http://opensource.org/licenses/bsd-license.php 10 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 13 … … 55 55 /** 56 56 Provide the functionality of the variable services. 57 58 @param FileHandle Handle of the file being invoked. 57 58 @param FileHandle Handle of the file being invoked. 59 59 Type EFI_PEI_FILE_HANDLE is defined in FfsFindNextFile(). 60 60 @param PeiServices General purpose services available to every PEIM. … … 74 74 This service retrieves a variable's value using its name and GUID. 75 75 76 Read the specified variable from the UEFI variable store. If the Data 76 Read the specified variable from the UEFI variable store. If the Data 77 77 buffer is too small to hold the contents of the variable, the error 78 78 EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buffer … … 90 90 @retval EFI_SUCCESS The variable was read successfully. 91 91 @retval EFI_NOT_FOUND The variable could not be found. 92 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resulting data. 93 DataSize is updated with the size required for 92 @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resulting data. 93 DataSize is updated with the size required for 94 94 the specified variable. 95 95 @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Data is NULL. … … 111 111 Return the next variable name and GUID. 112 112 113 This function is called multiple times to retrieve the VariableName 114 and VariableGuid of all variables currently available in the system. 115 On each call, the previous results are passed into the interface, 116 and, on return, the interface returns the data for the next 117 interface. When the entire variable list has been returned, 113 This function is called multiple times to retrieve the VariableName 114 and VariableGuid of all variables currently available in the system. 115 On each call, the previous results are passed into the interface, 116 and, on return, the interface returns the data for the next 117 interface. When the entire variable list has been returned, 118 118 EFI_NOT_FOUND is returned. 119 119 … … 124 124 On return, points to the next variable's null-terminated name string. 125 125 126 @param VariableGuid On entry, a pointer to an UEFI _GUID that is the variable's GUID. 126 @param VariableGuid On entry, a pointer to an UEFI _GUID that is the variable's GUID. 127 127 On return, a pointer to the next variable's GUID. 128 128 -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
r58459 r58466 10 10 The whole SMM authentication variable design relies on the integrity of flash part and SMM. 11 11 which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory 12 may not be modified without authorization. If platform fails to protect these resources, 12 may not be modified without authorization. If platform fails to protect these resources, 13 13 the authentication service provided in this driver will be broken, and the behavior is undefined. 14 14 … … 89 89 @retval TRUE This variable is protected, only a physical present user could set this variable. 90 90 @retval FALSE This variable is not protected. 91 91 92 92 **/ 93 93 BOOLEAN … … 101 101 return TRUE; 102 102 } 103 103 104 104 return FALSE; 105 105 } … … 123 123 return TRUE; 124 124 } 125 125 126 126 return FALSE; 127 127 } … … 257 257 ASSERT ((DataSize != 0) && (Data != NULL)); 258 258 // 259 // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) 259 // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) 260 260 // Therefore, there is no memory overflow in underlying CopyMem. 261 261 // … … 270 270 DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME)); 271 271 } 272 272 273 273 // 274 274 // Create "SetupMode" variable with BS+RT attribute set. … … 294 294 return Status; 295 295 } 296 296 297 297 // 298 298 // Create "SignatureSupport" variable with BS+RT attribute set. … … 391 391 return Status; 392 392 } 393 393 394 394 DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode)); 395 395 396 396 // 397 397 // Check "certdb" variable's existence. 398 // If it doesn't exist, then create a new one with 398 // If it doesn't exist, then create a new one with 399 399 // EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. 400 400 // … … 424 424 return Status; 425 425 } 426 } 426 } 427 427 428 428 // … … 481 481 482 482 @param[in] PubKey Input pointer to Public Key data 483 @param[in] VariableDataEntry The variable data entry 483 @param[in] VariableDataEntry The variable data entry 484 484 485 485 @return Index of new added item … … 544 544 return 0; 545 545 } 546 546 547 547 Status = Reclaim ( 548 548 mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase, … … 574 574 ASSERT ((DataSize != 0) && (Data != NULL)); 575 575 // 576 // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) 576 // "AuthVarKeyDatabase" is an internal used variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before) 577 577 // Therefore, there is no memory overflow in underlying CopyMem. 578 578 // … … 582 582 if (mPubKeyNumber == mMaxKeyNumber) { 583 583 return 0; 584 } 584 } 585 585 } 586 586 … … 657 657 VOID *Rsa; 658 658 UINTN PayloadSize; 659 659 660 660 PayloadSize = DataSize - AUTHINFO_SIZE; 661 661 Rsa = NULL; … … 895 895 @return EFI_INVALID_PARAMETER Invalid signature list format. 896 896 @return EFI_SUCCESS Passed signature list format check successfully. 897 897 898 898 **/ 899 899 EFI_STATUS … … 923 923 IsPk = TRUE; 924 924 } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0) || 925 (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && 925 (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && 926 926 (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0 || StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))){ 927 927 IsPk = FALSE; … … 943 943 if (CompareGuid (&SigList->SignatureType, &mSupportSigItem[Index].SigType)) { 944 944 // 945 // The value of SignatureSize should always be 16 (size of SignatureOwner 945 // The value of SignatureSize should always be 16 (size of SignatureOwner 946 946 // component) add the data length according to signature type. 947 947 // 948 if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) && 948 if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) && 949 949 (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) { 950 950 return EFI_INVALID_PARAMETER; … … 987 987 } 988 988 SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize; 989 989 990 990 SigDataSize -= SigList->SignatureListSize; 991 991 SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize); … … 1008 1008 @return EFI_SUCCESS Variable is updated successfully. 1009 1009 @return Others Failed to update variable. 1010 1010 1011 1011 **/ 1012 1012 EFI_STATUS … … 1022 1022 } 1023 1023 mVendorKeyState = VENDOR_KEYS_MODIFIED; 1024 1024 1025 1025 FindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); 1026 1026 Status = UpdateVariable ( … … 1094 1094 UINTN PayloadSize; 1095 1095 1096 if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || 1096 if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || 1097 1097 (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { 1098 1098 // … … 1254 1254 return Status; 1255 1255 } 1256 1256 1257 1257 Status = UpdateVariable ( 1258 1258 VariableName, … … 1339 1339 return EFI_SECURITY_VIOLATION; 1340 1340 } 1341 1341 1342 1342 // 1343 1343 // A time-based authenticated variable and a count-based authenticated variable 1344 1344 // can't be updated by each other. 1345 // 1346 if (Variable->CurrPtr != NULL) { 1345 // 1346 if (Variable->CurrPtr != NULL) { 1347 1347 if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) && 1348 1348 ((Variable->CurrPtr->Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) { 1349 return EFI_SECURITY_VIOLATION; 1350 } 1351 1352 if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) && 1349 return EFI_SECURITY_VIOLATION; 1350 } 1351 1352 if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) && 1353 1353 ((Variable->CurrPtr->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) { 1354 return EFI_SECURITY_VIOLATION; 1355 } 1356 } 1357 1354 return EFI_SECURITY_VIOLATION; 1355 } 1356 } 1357 1358 1358 // 1359 1359 // Process Time-based Authenticated variable. … … 1393 1393 IsFirstTime = FALSE; 1394 1394 } 1395 } else if ((Variable->CurrPtr != NULL) && 1395 } else if ((Variable->CurrPtr != NULL) && 1396 1396 ((Variable->CurrPtr->Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0) 1397 1397 ) { … … 1424 1424 // 1425 1425 // 2 cases need to check here 1426 // 1. Internal PubKey variable. PubKeyIndex is always 0 1426 // 1. Internal PubKey variable. PubKeyIndex is always 0 1427 1427 // 2. Other counter-based AuthVariable. Check input PubKey. 1428 1428 // … … 1479 1479 @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST. 1480 1480 @param[in] DataSize Size of Data buffer. 1481 @param[in] FreeBufSize Size of free data buffer 1481 @param[in] FreeBufSize Size of free data buffer 1482 1482 @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended. 1483 1483 @param[in] NewDataSize Size of NewData buffer. … … 1715 1715 // Check whether VariableName matches. 1716 1716 // 1717 if ((NameSize == StrLen (VariableName)) && 1717 if ((NameSize == StrLen (VariableName)) && 1718 1718 (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) { 1719 1719 Offset = Offset + NameSize * sizeof (CHAR16); … … 1724 1724 1725 1725 if (CertDataSize != NULL) { 1726 *CertDataSize = CertSize; 1726 *CertDataSize = CertSize; 1727 1727 } 1728 1728 … … 1745 1745 } 1746 1746 1747 return EFI_NOT_FOUND; 1747 return EFI_NOT_FOUND; 1748 1748 } 1749 1749 … … 1779 1779 return EFI_INVALID_PARAMETER; 1780 1780 } 1781 1781 1782 1782 // 1783 1783 // Get variable "certdb". … … 1789 1789 &mVariableModuleGlobal->VariableGlobal, 1790 1790 FALSE 1791 ); 1791 ); 1792 1792 if (EFI_ERROR (Status)) { 1793 1793 return Status; … … 1852 1852 return EFI_INVALID_PARAMETER; 1853 1853 } 1854 1854 1855 1855 // 1856 1856 // Get variable "certdb". … … 1862 1862 &mVariableModuleGlobal->VariableGlobal, 1863 1863 FALSE 1864 ); 1864 ); 1865 1865 if (EFI_ERROR (Status)) { 1866 1866 return Status; … … 1930 1930 // 1931 1931 // Set "certdb". 1932 // 1933 VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 1932 // 1933 VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 1934 1934 Status = UpdateVariable ( 1935 1935 EFI_CERT_DB_NAME, … … 1985 1985 return EFI_INVALID_PARAMETER; 1986 1986 } 1987 1987 1988 1988 // 1989 1989 // Get variable "certdb". … … 1995 1995 &mVariableModuleGlobal->VariableGlobal, 1996 1996 FALSE 1997 ); 1997 ); 1998 1998 if (EFI_ERROR (Status)) { 1999 1999 return Status; … … 2031 2031 // 2032 2032 NameSize = (UINT32) StrLen (VariableName); 2033 CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); 2033 CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); 2034 2034 NewCertDbSize = (UINT32) DataSize + CertNodeSize; 2035 2035 if (NewCertDbSize > mMaxCertDbSize) { … … 2054 2054 CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32)); 2055 2055 CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32)); 2056 2056 2057 2057 CopyMem ( 2058 2058 (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), … … 2066 2066 CertDataSize 2067 2067 ); 2068 2068 2069 2069 // 2070 2070 // Set "certdb". 2071 // 2072 VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 2071 // 2072 VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 2073 2073 Status = UpdateVariable ( 2074 2074 EFI_CERT_DB_NAME, … … 2377 2377 goto Exit; 2378 2378 } 2379 2379 2380 2380 if ((CertStackSize != CertsSizeinDb) || 2381 2381 (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) { … … 2420 2420 RootCert = Cert->SignatureData; 2421 2421 RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1); 2422 2422 2423 2423 // Verify Pkcs7 SignedData via Pkcs7Verify library. 2424 2424 // -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
r58459 r58466 10 10 The whole SMM authentication variable design relies on the integrity of flash part and SMM. 11 11 which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory 12 may not be modified without authorization. If platform fails to protect these resources, 12 may not be modified without authorization. If platform fails to protect these resources, 13 13 the authentication service provided in this driver will be broken, and the behavior is undefined. 14 14 … … 51 51 /// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX 52 52 /// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. 53 /// 53 /// 54 54 /// 55 55 #define EFI_CERT_DB_NAME L"certdb" … … 168 168 @return EFI_INVALID_PARAMETER Invalid signature list format. 169 169 @return EFI_SUCCESS Passed signature list format check successfully. 170 170 171 171 **/ 172 172 EFI_STATUS … … 255 255 @param[in, out] Data Pointer to original EFI_SIGNATURE_LIST. 256 256 @param[in] DataSize Size of Data buffer. 257 @param[in] FreeBufSize Size of free data buffer 257 @param[in] FreeBufSize Size of free data buffer 258 258 @param[in] NewData Pointer to new EFI_SIGNATURE_LIST to be appended. 259 259 @param[in] NewDataSize Size of NewData buffer. -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/Measurement.c
r58464 r58466 57 57 58 58 for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { 59 if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && 59 if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && 60 60 (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) { 61 61 return TRUE; … … 70 70 @param[in] VarName A Null-terminated string that is the name of the vendor's variable. 71 71 @param[in] VendorGuid A unique identifier for the vendor. 72 @param[in] VarData The content of the variable data. 73 @param[in] VarSize The size of the variable data. 74 72 @param[in] VarData The content of the variable data. 73 @param[in] VarSize The size of the variable data. 74 75 75 @retval EFI_SUCCESS Operation completed successfully. 76 76 @retval EFI_OUT_OF_RESOURCES Out of memory. … … 135 135 136 136 /** 137 Returns the status whether get the variable success. The function retrieves 138 variable through the UEFI Runtime Service GetVariable(). The 137 Returns the status whether get the variable success. The function retrieves 138 variable through the UEFI Runtime Service GetVariable(). The 139 139 returned buffer is allocated using AllocatePool(). The caller is responsible 140 140 for freeing this buffer with FreePool(). … … 171 171 *Size = 0; 172 172 } 173 173 174 174 Status = gRT->GetVariable ((CHAR16 *) Name, (EFI_GUID *) Guid, NULL, &BufferSize, *Value); 175 175 if (Status != EFI_BUFFER_TOO_SMALL) { -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/Reclaim.c
r58459 r58466 4 4 5 5 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 9 http://opensource.org/licenses/bsd-license.php 10 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 13 -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
r58459 r58466 593 593 Check the PubKeyIndex is a valid key or not. 594 594 595 This function will iterate the NV storage to see if this PubKeyIndex is still referenced 595 This function will iterate the NV storage to see if this PubKeyIndex is still referenced 596 596 by any valid count-based auth variabe. 597 597 598 598 @param[in] PubKeyIndex Index of the public key in public key store. 599 599 600 600 @retval TRUE The PubKeyIndex is still in use. 601 601 @retval FALSE The PubKeyIndex is not referenced by any count-based auth variabe. 602 602 603 603 **/ 604 604 BOOLEAN … … 618 618 619 619 while (IsValidVariableHeader (Variable, VariableStoreEnd)) { 620 if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) && 620 if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) && 621 621 Variable->PubKeyIndex == PubKeyIndex) { 622 622 return TRUE; … … 624 624 Variable = GetNextVariablePtr (Variable); 625 625 } 626 626 627 627 return FALSE; 628 628 } … … 631 631 632 632 Get the number of valid public key in PubKeyStore. 633 633 634 634 @param[in] PubKeyNumber Number of the public key in public key store. 635 635 … … 646 646 647 647 Counter = 0; 648 648 649 649 for (PubKeyIndex = 1; PubKeyIndex <= PubKeyNumber; PubKeyIndex++) { 650 650 if (IsValidPubKeyIndex (PubKeyIndex)) { … … 652 652 } 653 653 } 654 654 655 655 return Counter; 656 656 } … … 660 660 Filter the useless key in public key store. 661 661 662 This function will find out all valid public keys in public key database, save them in new allocated 662 This function will find out all valid public keys in public key database, save them in new allocated 663 663 buffer NewPubKeyStore, and give the new PubKeyIndex. The caller is responsible for freeing buffer 664 664 NewPubKeyIndex and NewPubKeyStore with FreePool(). … … 669 669 @param[out] NewPubKeyStore Saved all valid public keys in PubKeyStore. 670 670 @param[out] NewPubKeySize Buffer size of the NewPubKeyStore. 671 671 672 672 @retval EFI_SUCCESS Trim operation is complete successfully. 673 673 @retval EFI_OUT_OF_RESOURCES No enough memory resources, or no useless key in PubKeyStore. 674 674 675 675 **/ 676 676 EFI_STATUS … … 686 686 UINT32 CopiedKey; 687 687 UINT32 NewPubKeyNumber; 688 688 689 689 NewPubKeyNumber = GetValidPubKeyNumber (PubKeyNumber); 690 690 if (NewPubKeyNumber == PubKeyNumber) { … … 740 740 @param[in] NewVariableSize New variable size. 741 741 @param[in] ReclaimPubKeyStore Reclaim for public key database or not. 742 742 743 743 @return EFI_SUCCESS Reclaim operation has finished successfully. 744 744 @return EFI_OUT_OF_RESOURCES No enough memory resources or variable space. … … 874 874 NextVariable = GetNextVariablePtr (Variable); 875 875 if (Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { 876 if ((StrCmp (GetVariableNamePtr (Variable), AUTHVAR_KEYDB_NAME) == 0) && 876 if ((StrCmp (GetVariableNamePtr (Variable), AUTHVAR_KEYDB_NAME) == 0) && 877 877 (CompareGuid (&Variable->VendorGuid, &gEfiAuthenticatedVariableGuid))) { 878 878 // … … 883 883 continue; 884 884 } 885 885 886 886 VariableSize = (UINTN) NextVariable - (UINTN) Variable; 887 887 CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize); … … 910 910 StrCpy (GetVariableNamePtr (Variable), GetVariableNamePtr (PubKeyHeader)); 911 911 CopyMem (GetVariableDataPtr (Variable), NewPubKeyStore, NewPubKeySize); 912 CurrPtr = (UINT8*) GetNextVariablePtr (Variable); 912 CurrPtr = (UINT8*) GetNextVariablePtr (Variable); 913 913 CommonVariableTotalSize += (UINTN) CurrPtr - (UINTN) Variable; 914 914 } else { … … 1525 1525 @param[in] Attributes Variable attributes for Variable entries. 1526 1526 @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *. 1527 A NULL terminates the list. The VariableSize of 1527 A NULL terminates the list. The VariableSize of 1528 1528 VARIABLE_ENTRY_CONSISTENCY is the variable data size as input. 1529 1529 It will be changed to variable total size as output. … … 1804 1804 VariableEntry[0].Guid = &gEfiGlobalVariableGuid; 1805 1805 VariableEntry[0].Name = EFI_LANG_VARIABLE_NAME; 1806 1806 1807 1807 VariableEntry[1].VariableSize = AsciiStrSize (BestPlatformLang); 1808 1808 VariableEntry[1].Guid = &gEfiGlobalVariableGuid; … … 2010 2010 goto Done; 2011 2011 } 2012 2012 2013 2013 // 2014 2014 // Only variable that have RT attributes can be updated/deleted in Runtime. … … 2104 2104 2105 2105 // 2106 // Set Max Common Variable Data Size as default MaxDataSize 2106 // Set Max Common Variable Data Size as default MaxDataSize 2107 2107 // 2108 2108 MaxDataSize = PcdGet32 (PcdMaxVariableSize) - DataOffset; … … 2117 2117 Status = AppendSignatureList ( 2118 2118 BufferForMerge, 2119 Variable->CurrPtr->DataSize, 2119 Variable->CurrPtr->DataSize, 2120 2120 MaxDataSize - Variable->CurrPtr->DataSize, 2121 2121 Data, … … 2531 2531 Check if a Unicode character is a hexadecimal character. 2532 2532 2533 This function checks if a Unicode character is a 2534 hexadecimal character. The valid hexadecimal character is 2533 This function checks if a Unicode character is a 2534 hexadecimal character. The valid hexadecimal character is 2535 2535 L'0' to L'9', L'a' to L'f', or L'A' to L'F'. 2536 2536 … … 2702 2702 @retval TRUE This variable is read-only variable. 2703 2703 @retval FALSE This variable is NOT read-only variable. 2704 2704 2705 2705 **/ 2706 2706 BOOLEAN … … 2723 2723 } 2724 2724 } 2725 2725 2726 2726 return FALSE; 2727 2727 } … … 3078 3078 if ((UINTN)(~0) - PayloadSize < StrSize(VariableName)){ 3079 3079 // 3080 // Prevent whole variable size overflow 3081 // 3080 // Prevent whole variable size overflow 3081 // 3082 3082 return EFI_INVALID_PARAMETER; 3083 3083 } … … 3185 3185 } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) { 3186 3186 Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE); 3187 } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && 3187 } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && 3188 3188 ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) { 3189 3189 Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, &Variable, Attributes, FALSE); -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
r58459 r58466 4 4 5 5 Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 9 http://opensource.org/licenses/bsd-license.php 10 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 13 … … 229 229 @param[in] Attributes Variable attributes for Variable entries. 230 230 @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *. 231 A NULL terminates the list. The VariableSize of 231 A NULL terminates the list. The VariableSize of 232 232 VARIABLE_ENTRY_CONSISTENCY is the variable data size as input. 233 233 It will be changed to variable total size as output. … … 243 243 ... 244 244 ); 245 245 246 246 /** 247 247 Update the variable region with Variable information. If EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is set, … … 273 273 IN UINT64 MonotonicCount OPTIONAL, 274 274 IN OUT VARIABLE_POINTER_TRACK *Variable, 275 IN EFI_TIME *TimeStamp OPTIONAL 275 IN EFI_TIME *TimeStamp OPTIONAL 276 276 ); 277 277 … … 279 279 /** 280 280 Return TRUE if ExitBootServices () has been called. 281 281 282 282 @retval TRUE If ExitBootServices () has been called. 283 283 **/ … … 290 290 Initializes a basic mutual exclusion lock. 291 291 292 This function initializes a basic mutual exclusion lock to the released state 293 and returns the lock. Each lock provides mutual exclusion access at its task 292 This function initializes a basic mutual exclusion lock to the released state 293 and returns the lock. Each lock provides mutual exclusion access at its task 294 294 priority level. Since there is no preemption or multiprocessor support in EFI, 295 295 acquiring the lock only consists of raising to the locks TPL. … … 309 309 ); 310 310 311 311 312 312 /** 313 313 Acquires lock only at boot time. Simply returns at runtime. … … 343 343 ReleaseLockOnlyAtBootTime ( 344 344 IN EFI_LOCK *Lock 345 ); 345 ); 346 346 347 347 /** … … 355 355 @retval EFI_UNSUPPORTED The device does not support the FVB protocol. 356 356 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL. 357 357 358 358 **/ 359 359 EFI_STATUS … … 381 381 /** 382 382 Function returns an array of handles that support the FVB protocol 383 in a buffer allocated from pool. 383 in a buffer allocated from pool. 384 384 385 385 @param[out] NumberHandles The number of handles returned in Buffer. … … 392 392 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results. 393 393 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL. 394 394 395 395 **/ 396 396 EFI_STATUS … … 428 428 @param[in] NewVariableSize New variable size. 429 429 @param[in] ReclaimPubKeyStore Reclaim for public key database or not. 430 430 431 431 @return EFI_SUCCESS Reclaim operation has finished successfully. 432 432 @return EFI_OUT_OF_RESOURCES No enough memory resources or variable space. … … 448 448 /** 449 449 This function reclaims variable storage if free size is below the threshold. 450 450 451 451 **/ 452 452 VOID 453 453 ReclaimForOS( 454 454 VOID 455 ); 455 ); 456 456 457 457 … … 467 467 VOID 468 468 ); 469 469 470 470 /** 471 471 Retrive the SMM Fault Tolerent Write protocol interface. … … 512 512 data, this value contains the required size. 513 513 @param Data Data pointer. 514 514 515 515 @return EFI_INVALID_PARAMETER Invalid parameter. 516 516 @return EFI_SUCCESS Find the specified variable. … … 645 645 OUT UINT64 *RemainingVariableStorageSize, 646 646 OUT UINT64 *MaximumVariableSize 647 ); 647 ); 648 648 649 649 /** -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
r58459 r58466 2 2 # Provides authenticated variable service 3 3 # 4 # This module installs variable arch protocol and variable write arch protocol to provide 4 # This module installs variable arch protocol and variable write arch protocol to provide 5 5 # variable services: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo. 6 6 # 7 7 # Caution: This module requires additional review when modified. 8 8 # This driver will have external input - variable data. 9 # This external input must be validated carefully to avoid security issues such as 9 # This external input must be validated carefully to avoid security issues such as 10 10 # buffer overflow or integer overflow. 11 11 # … … 85 85 ## SOMETIMES_PRODUCES ## SystemTable 86 86 gEfiAuthenticatedVariableGuid 87 87 88 88 ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" 89 89 ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" … … 98 98 ## PRODUCES ## Variable:L"SecureBoot" 99 99 ## CONSUMES ## Variable:L"SignatureSupport" 100 ## PRODUCES ## Variable:L"SignatureSupport" 100 ## PRODUCES ## Variable:L"SignatureSupport" 101 101 ## PRODUCES ## Variable:L"VendorKeys" 102 102 gEfiGlobalVariableGuid 103 103 104 104 ## SOMETIMES_CONSUMES ## Variable:L"DB" 105 105 ## SOMETIMES_CONSUMES ## Variable:L"DBX" 106 106 gEfiImageSecurityDatabaseGuid 107 107 108 108 ## CONSUMES ## Variable:L"SecureBootEnable" 109 109 ## PRODUCES ## Variable:L"SecureBootEnable" 110 110 gEfiSecureBootEnableDisableGuid 111 111 112 112 ## CONSUMES ## Variable:L"CustomMode" 113 113 ## PRODUCES ## Variable:L"CustomMode" 114 114 gEfiCustomModeEnableGuid 115 115 116 116 ## CONSUMES ## Variable:L"certdb" 117 117 ## PRODUCES ## Variable:L"certdb" 118 118 gEfiCertDbGuid 119 119 120 120 ## CONSUMES ## Variable:L"VendorKeysNv" 121 121 ## PRODUCES ## Variable:L"VendorKeysNv" -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.c
r58459 r58466 1 1 /** @file 2 The sample implementation for SMM variable protocol. And this driver 3 implements an SMI handler to communicate with the DXE runtime driver 2 The sample implementation for SMM variable protocol. And this driver 3 implements an SMI handler to communicate with the DXE runtime driver 4 4 to provide variable services. 5 5 … … 11 11 SmmVariableHandler() will receive untrusted input and do basic validation. 12 12 13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), 14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), 13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), 14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), 15 15 SmmVariableGetStatistics() should also do validation based on its own knowledge. 16 16 17 17 Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR> 18 This program and the accompanying materials 19 are licensed and made available under the terms and conditions of the BSD License 20 which accompanies this distribution. The full text of the license may be found at 18 This program and the accompanying materials 19 are licensed and made available under the terms and conditions of the BSD License 20 which accompanies this distribution. The full text of the license may be found at 21 21 http://opensource.org/licenses/bsd-license.php 22 22 23 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 23 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 24 24 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 25 25 … … 119 119 /** 120 120 Return TRUE if ExitBootServices () has been called. 121 121 122 122 @retval TRUE If ExitBootServices () has been called. 123 123 **/ … … 133 133 Initializes a basic mutual exclusion lock. 134 134 135 This function initializes a basic mutual exclusion lock to the released state 136 and returns the lock. Each lock provides mutual exclusion access at its task 135 This function initializes a basic mutual exclusion lock to the released state 136 and returns the lock. Each lock provides mutual exclusion access at its task 137 137 priority level. Since there is no preemption or multiprocessor support in EFI, 138 138 acquiring the lock only consists of raising to the locks TPL. … … 217 217 // 218 218 Status = gSmst->SmmLocateProtocol ( 219 &gEfiSmmFaultTolerantWriteProtocolGuid, 220 NULL, 219 &gEfiSmmFaultTolerantWriteProtocolGuid, 220 NULL, 221 221 FtwProtocol 222 222 ); … … 256 256 /** 257 257 Function returns an array of handles that support the SMM FVB protocol 258 in a buffer allocated from pool. 258 in a buffer allocated from pool. 259 259 260 260 @param[out] NumberHandles The number of handles returned in Buffer. … … 327 327 328 328 @param[in, out] InfoEntry A pointer to the buffer of variable information entry. 329 On input, point to the variable information returned last time. if 329 On input, point to the variable information returned last time. if 330 330 InfoEntry->VendorGuid is zero, return the first information. 331 331 On output, point to the next variable information. … … 334 334 335 335 @retval EFI_SUCCESS The variable information is found and returned successfully. 336 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The 336 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The 337 337 PcdVariableCollectStatistics should be set TRUE to support it. 338 338 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information. … … 351 351 CHAR16 *InfoName; 352 352 EFI_GUID VendorGuid; 353 353 354 354 if (InfoEntry == NULL) { 355 355 return EFI_INVALID_PARAMETER; 356 356 } 357 358 VariableInfo = gVariableInfo; 357 358 VariableInfo = gVariableInfo; 359 359 if (VariableInfo == NULL) { 360 360 return EFI_UNSUPPORTED; … … 398 398 VariableInfo = VariableInfo->Next; 399 399 }; 400 400 401 401 if (VariableInfo == NULL) { 402 402 *InfoSize = 0; … … 416 416 CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name)); 417 417 *InfoSize = StatisticsInfoSize; 418 418 419 419 return EFI_SUCCESS; 420 420 } … … 428 428 Caution: This function may receive untrusted input. 429 429 This variable data and communicate buffer are external input, so this function will do basic validation. 430 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), 431 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), 430 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(), 431 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), 432 432 SmmVariableGetStatistics() should also do validation based on its own knowledge. 433 433 … … 439 439 @param[in, out] CommBufferSize The size of the CommBuffer. 440 440 441 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers 441 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers 442 442 should still be called. 443 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should 443 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should 444 444 still be called. 445 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still 445 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still 446 446 be called. 447 447 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced. … … 492 492 return EFI_SUCCESS; 493 493 } 494 494 495 495 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer; 496 496 497 497 switch (SmmVariableFunctionHeader->Function) { 498 498 case SMM_VARIABLE_FUNCTION_GET_VARIABLE: … … 514 514 goto EXIT; 515 515 } 516 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) 516 InfoSize = OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) 517 517 + SmmVariableHeader->DataSize + SmmVariableHeader->NameSize; 518 518 … … 543 543 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize); 544 544 break; 545 545 546 546 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME: 547 547 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) { … … 588 588 CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize); 589 589 break; 590 590 591 591 case SMM_VARIABLE_FUNCTION_SET_VARIABLE: 592 592 if (CommBufferPayloadSize < OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) { … … 636 636 ); 637 637 break; 638 638 639 639 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO: 640 640 if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) { … … 643 643 } 644 644 QueryVariableInfo = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *) SmmVariableFunctionHeader->Data; 645 645 646 646 Status = VariableServiceQueryVariableInfo ( 647 647 QueryVariableInfo->Attributes, … … 661 661 Status = EFI_SUCCESS; 662 662 break; 663 663 664 664 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE: 665 665 mAtRuntime = TRUE; … … 672 672 673 673 // 674 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here. 675 // It is covered by previous CommBuffer check 676 // 677 674 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here. 675 // It is covered by previous CommBuffer check 676 // 677 678 678 if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS)(UINTN)CommBufferSize, sizeof(UINTN))) { 679 679 DEBUG ((EFI_D_ERROR, "GetStatistics: SMM communication buffer in SMRAM!\n")); 680 680 Status = EFI_ACCESS_DENIED; 681 681 goto EXIT; 682 } 682 } 683 683 684 684 Status = SmmVariableGetStatistics (VariableInfo, &InfoSize); … … 738 738 SMM Fault Tolerant Write protocol notification event handler. 739 739 740 Non-Volatile variable write may needs FTW protocol to reclaim when 740 Non-Volatile variable write may needs FTW protocol to reclaim when 741 741 writting variable. 742 742 743 743 @param Protocol Points to the protocol's unique identifier 744 744 @param Interface Points to the interface instance … … 747 747 @retval EFI_SUCCESS SmmEventCallback runs successfully 748 748 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found. 749 749 750 750 **/ 751 751 EFI_STATUS … … 762 762 EFI_PHYSICAL_ADDRESS NvStorageVariableBase; 763 763 UINTN FtwMaxBlockSize; 764 764 765 765 if (mVariableModuleGlobal->FvbInstance != NULL) { 766 766 return EFI_SUCCESS; … … 793 793 794 794 mVariableModuleGlobal->FvbInstance = FvbProtocol; 795 795 796 796 Status = VariableWriteServiceInitialize (); 797 797 if (EFI_ERROR (Status)) { 798 798 DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status)); 799 799 } 800 800 801 801 // 802 802 // Notify the variable wrapper driver the variable write service is ready … … 809 809 ); 810 810 ASSERT_EFI_ERROR (Status); 811 811 812 812 return EFI_SUCCESS; 813 813 } … … 816 816 /** 817 817 Variable Driver main entry point. The Variable driver places the 4 EFI 818 runtime services in the EFI System Table and installs arch protocols 818 runtime services in the EFI System Table and installs arch protocols 819 819 for variable read and write services being available. It also registers 820 820 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. 821 821 822 @param[in] ImageHandle The firmware allocated handle for the EFI image. 822 @param[in] ImageHandle The firmware allocated handle for the EFI image. 823 823 @param[in] SystemTable A pointer to the EFI System Table. 824 824 825 825 @retval EFI_SUCCESS Variable service successfully initialized. 826 826 … … 872 872 Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle); 873 873 ASSERT_EFI_ERROR (Status); 874 874 875 875 // 876 876 // Notify the variable wrapper driver the variable service is ready … … 883 883 ); 884 884 ASSERT_EFI_ERROR (Status); 885 885 886 886 // 887 887 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function. … … 896 896 // 897 897 // Register FtwNotificationEvent () notify function. 898 // 898 // 899 899 Status = gSmst->SmmRegisterProtocolNotify ( 900 900 &gEfiSmmFaultTolerantWriteProtocolGuid, … … 905 905 906 906 SmmFtwNotificationEvent (NULL, NULL, NULL); 907 907 908 908 return EFI_SUCCESS; 909 909 } -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
r58459 r58466 12 12 # Caution: This module requires additional review when modified. 13 13 # This driver will have external input - variable data and communicate buffer in SMM mode. 14 # This external input must be validated carefully to avoid security issues such as 14 # This external input must be validated carefully to avoid security issues such as 15 15 # buffer overflow or integer overflow. 16 16 # The whole SMM authentication variable design relies on the integrity of flash part and SMM. 17 17 # which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory 18 # may not be modified without authorization. If platform fails to protect these resources, 18 # may not be modified without authorization. If platform fails to protect these resources, 19 19 # the authentication service provided in this driver will be broken, and the behavior is undefined. 20 20 # … … 77 77 [Protocols] 78 78 gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES 79 79 80 80 ## PRODUCES 81 81 ## UNDEFINED # SmiHandlerRegister 82 82 gEfiSmmVariableProtocolGuid 83 83 84 84 ## CONSUMES 85 ## NOTIFY 85 ## NOTIFY 86 86 gEfiSmmFaultTolerantWriteProtocolGuid 87 87 gEfiSmmEndOfDxeProtocolGuid ## NOTIFY … … 92 92 ## SOMETIMES_CONSUMES ## HOB 93 93 gEfiAuthenticatedVariableGuid 94 94 95 95 ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" 96 96 ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" … … 108 108 ## PRODUCES ## Variable:L"VendorKeys" 109 109 gEfiGlobalVariableGuid 110 110 111 111 ## SOMETIMES_CONSUMES ## Variable:L"DB" 112 112 ## SOMETIMES_CONSUMES ## Variable:L"DBX" 113 113 gEfiImageSecurityDatabaseGuid 114 114 115 115 ## CONSUMES ## Variable:L"SecureBootEnable" 116 116 ## PRODUCES ## Variable:L"SecureBootEnable" 117 117 gEfiSecureBootEnableDisableGuid 118 118 119 119 ## CONSUMES ## Variable:L"CustomMode" 120 120 ## PRODUCES ## Variable:L"CustomMode" 121 121 gEfiCustomModeEnableGuid 122 122 123 123 ## CONSUMES ## Variable:L"certdb" 124 124 ## PRODUCES ## Variable:L"certdb" … … 128 128 ## PRODUCES ## Variable:L"VendorKeysNv" 129 129 gEfiVendorKeysNvGuid 130 130 131 131 gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol 132 132 gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the format of the CertData. … … 136 136 gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####" 137 137 gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB 138 138 139 139 [Pcd] 140 140 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES … … 153 153 [Depex] 154 154 TRUE 155 155 156 156 [UserExtensions.TianoCore."ExtraFiles"] 157 157 VariableSmmExtra.uni -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.c
r58459 r58466 15 15 16 16 Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR> 17 This program and the accompanying materials 18 are licensed and made available under the terms and conditions of the BSD License 19 which accompanies this distribution. The full text of the license may be found at 17 This program and the accompanying materials 18 are licensed and made available under the terms and conditions of the BSD License 19 which accompanies this distribution. The full text of the license may be found at 20 20 http://opensource.org/licenses/bsd-license.php 21 21 22 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 22 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 23 23 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 24 24 … … 47 47 #include <Guid/SmmVariableCommon.h> 48 48 49 EFI_HANDLE mHandle = NULL; 49 EFI_HANDLE mHandle = NULL; 50 50 EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable = NULL; 51 51 EFI_EVENT mVirtualAddressChangeEvent = NULL; … … 128 128 @param[in] DataSize The data size to send to SMM. 129 129 @param[in] Function The function number to initialize the communicate header. 130 130 131 131 @retval EFI_INVALID_PARAMETER The data size is too big. 132 132 @retval EFI_SUCCESS Find the specified variable. … … 140 140 ) 141 141 { 142 EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; 143 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; 144 145 142 EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; 143 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; 144 145 146 146 if (DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE > mVariableBufferSize) { 147 147 return EFI_INVALID_PARAMETER; … … 151 151 CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGuid); 152 152 SmmCommunicateHeader->MessageLength = DataSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; 153 153 154 154 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data; 155 155 SmmVariableFunctionHeader->Function = Function; … … 168 168 169 169 @retval EFI_SUCCESS Success is returned from the functin in SMM. 170 @retval Others Failure is returned from the function in SMM. 171 170 @retval Others Failure is returned from the function in SMM. 171 172 172 **/ 173 173 EFI_STATUS … … 178 178 EFI_STATUS Status; 179 179 UINTN CommSize; 180 EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; 180 EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; 181 181 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; 182 182 183 183 CommSize = DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; 184 184 Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, &CommSize); … … 271 271 data, this value contains the required size. 272 272 @param[out] Data Data pointer. 273 273 274 274 @retval EFI_INVALID_PARAMETER Invalid parameter. 275 275 @retval EFI_SUCCESS Find the specified variable. … … 471 471 goto Done; 472 472 } 473 473 474 474 CopyGuid (VendorGuid, &SmmGetNextVariableName->Guid); 475 CopyMem (VariableName, SmmGetNextVariableName->Name, SmmGetNextVariableName->NameSize); 475 CopyMem (VariableName, SmmGetNextVariableName->Name, SmmGetNextVariableName->NameSize); 476 476 477 477 Done: … … 511 511 { 512 512 EFI_STATUS Status; 513 UINTN PayloadSize; 513 UINTN PayloadSize; 514 514 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader; 515 515 UINTN VariableNameSize; 516 516 517 517 // 518 518 // Check input parameters. … … 520 520 if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) { 521 521 return EFI_INVALID_PARAMETER; 522 } 522 } 523 523 524 524 if (DataSize != 0 && Data == NULL) { … … 641 641 *MaximumVariableSize = SmmQueryVariableInfo->MaximumVariableSize; 642 642 *MaximumVariableStorageSize = SmmQueryVariableInfo->MaximumVariableStorageSize; 643 *RemainingVariableStorageSize = SmmQueryVariableInfo->RemainingVariableStorageSize; 643 *RemainingVariableStorageSize = SmmQueryVariableInfo->RemainingVariableStorageSize; 644 644 645 645 Done: … … 669 669 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE. 670 670 // 671 InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE); 671 InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE); 672 672 673 673 // … … 699 699 // 700 700 InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_READY_TO_BOOT); 701 701 702 702 // 703 703 // Send data to SMM. … … 734 734 @param[in] Event Event whose notification function is being invoked. 735 735 @param[in] Context Pointer to the notification function's context. 736 736 737 737 **/ 738 738 VOID … … 749 749 return; 750 750 } 751 751 752 752 Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &mSmmCommunication); 753 753 ASSERT_EFI_ERROR (Status); 754 754 755 755 // 756 756 // Allocate memory for variable communicate buffer. … … 771 771 gRT->SetVariable = RuntimeServiceSetVariable; 772 772 gRT->QueryVariableInfo = RuntimeServiceQueryVariableInfo; 773 773 774 774 // 775 775 // Install the Variable Architectural Protocol on a new handle. … … 777 777 Status = gBS->InstallProtocolInterface ( 778 778 &mHandle, 779 &gEfiVariableArchProtocolGuid, 779 &gEfiVariableArchProtocolGuid, 780 780 EFI_NATIVE_INTERFACE, 781 781 NULL … … 790 790 @param[in] Event Event whose notification function is being invoked. 791 791 @param[in] Context Pointer to the notification function's context. 792 792 793 793 **/ 794 794 VOID … … 809 809 return; 810 810 } 811 811 812 812 Status = gBS->InstallProtocolInterface ( 813 813 &mHandle, 814 &gEfiVariableWriteArchProtocolGuid, 814 &gEfiVariableWriteArchProtocolGuid, 815 815 EFI_NATIVE_INTERFACE, 816 816 NULL 817 817 ); 818 ASSERT_EFI_ERROR (Status); 818 ASSERT_EFI_ERROR (Status); 819 819 } 820 820 … … 822 822 /** 823 823 Variable Driver main entry point. The Variable driver places the 4 EFI 824 runtime services in the EFI System Table and installs arch protocols 824 runtime services in the EFI System Table and installs arch protocols 825 825 for variable read and write services being available. It also registers 826 826 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. 827 827 828 @param[in] ImageHandle The firmware allocated handle for the EFI image. 828 @param[in] ImageHandle The firmware allocated handle for the EFI image. 829 829 @param[in] SystemTable A pointer to the EFI System Table. 830 830 831 831 @retval EFI_SUCCESS Variable service successfully initialized. 832 832 … … 860 860 // 861 861 EfiCreateProtocolNotifyEvent ( 862 &gEfiSmmVariableProtocolGuid, 863 TPL_CALLBACK, 864 SmmVariableReady, 865 NULL, 862 &gEfiSmmVariableProtocolGuid, 863 TPL_CALLBACK, 864 SmmVariableReady, 865 NULL, 866 866 &SmmVariableRegistration 867 867 ); … … 871 871 // 872 872 EfiCreateProtocolNotifyEvent ( 873 &gSmmVariableWriteGuid, 874 TPL_CALLBACK, 875 SmmVariableWriteReady, 876 NULL, 873 &gSmmVariableWriteGuid, 874 TPL_CALLBACK, 875 SmmVariableWriteReady, 876 NULL, 877 877 &SmmVariableWriteRegistration 878 878 ); … … 882 882 // 883 883 EfiCreateEventReadyToBootEx ( 884 TPL_NOTIFY, 885 OnReadyToBoot, 886 NULL, 884 TPL_NOTIFY, 885 OnReadyToBoot, 886 NULL, 887 887 &OnReadyToBootEvent 888 ); 888 ); 889 889 890 890 // … … 898 898 &gEfiEventExitBootServicesGuid, 899 899 &ExitBootServiceEvent 900 ); 900 ); 901 901 902 902 // … … 911 911 &mVirtualAddressChangeEvent 912 912 ); 913 913 914 914 return EFI_SUCCESS; 915 915 } -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
r58459 r58466 2 2 # Runtime DXE part corresponding to SMM authenticated variable module 3 3 # 4 # This module installs variable arch protocol and variable write arch protocol to provide 5 # variable service. This module need work together with SMM authenticated variable module. 4 # This module installs variable arch protocol and variable write arch protocol to provide 5 # variable service. This module need work together with SMM authenticated variable module. 6 6 # 7 7 # Caution: This module requires additional review when modified. 8 8 # This driver will have external input - variable data. 9 # This external input must be validated carefully to avoid security issues such as 9 # This external input must be validated carefully to avoid security issues such as 10 10 # buffer overflow or integer overflow. 11 11 # The whole SMM authentication variable design relies on the integrity of flash part and SMM. 12 12 # which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory 13 # may not be modified without authorization. If platform fails to protect these resources, 13 # may not be modified without authorization. If platform fails to protect these resources, 14 14 # the authentication service provided in this driver will be broken, and the behavior is undefined. 15 15 # … … 52 52 [LibraryClasses] 53 53 MemoryAllocationLib 54 BaseLib 54 BaseLib 55 55 UefiBootServicesTableLib 56 56 DebugLib … … 58 58 DxeServicesTableLib 59 59 UefiDriverEntryPoint 60 PcdLib 60 PcdLib 61 61 TpmMeasurementLib 62 62 … … 75 75 gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event 76 76 gEfiEventExitBootServicesGuid ## CONSUMES ## Event 77 77 78 78 ## CONSUMES ## UNDEFINED # Locate protocol 79 79 ## CONSUMES ## UNDEFINED # Protocol notify 80 80 gSmmVariableWriteGuid 81 81 82 82 83 83 ## SOMETIMES_CONSUMES ## Variable:L"PK" … … 85 85 ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" 86 86 gEfiGlobalVariableGuid 87 87 88 88 ## SOMETIMES_CONSUMES ## Variable:L"DB" 89 89 ## SOMETIMES_CONSUMES ## Variable:L"DBX" -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr
-
Property svn:eol-style
set to
native
r58459 r58466 3 3 4 4 Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 8 http://opensource.org/licenses/bsd-license.php 9 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 12 … … 25 25 name = SECUREBOOT_CONFIGURATION, 26 26 guid = SECUREBOOT_CONFIG_FORM_SET_GUID; 27 27 28 28 // 29 29 // ##1 Form "Secure Boot Configuration" … … 38 38 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT), 39 39 text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT); 40 40 41 41 // 42 42 // Define of Check Box: Attempt Secure Boot … … 49 49 flags = INTERACTIVE, 50 50 endcheckbox; 51 endif; 52 51 endif; 52 53 53 // 54 54 // Display of Check Box: Attempt Secure Boot … … 62 62 endcheckbox; 63 63 endif; 64 64 65 65 // 66 66 // Display of Oneof: 'Secure Boot Mode' … … 76 76 endif; 77 77 oneof name = SecureBootMode, 78 questionid = KEY_SECURE_BOOT_MODE, 78 questionid = KEY_SECURE_BOOT_MODE, 79 79 prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), 80 80 help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), … … 83 83 option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; 84 84 endoneof; 85 85 86 86 // 87 87 // … … 98 98 endif; 99 99 endform; 100 100 101 101 // 102 102 // ##2 Form: 'Custom Secure Boot Options' … … 104 104 form formid = FORMID_SECURE_BOOT_OPTION_FORM, 105 105 title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE); 106 107 subtitle text = STRING_TOKEN(STR_NULL); 108 106 107 subtitle text = STRING_TOKEN(STR_NULL); 108 109 109 goto FORMID_SECURE_BOOT_PK_OPTION_FORM, 110 110 prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION), … … 112 112 flags = INTERACTIVE, 113 113 key = KEY_SECURE_BOOT_PK_OPTION; 114 115 subtitle text = STRING_TOKEN(STR_NULL); 116 114 115 subtitle text = STRING_TOKEN(STR_NULL); 116 117 117 goto FORMID_SECURE_BOOT_KEK_OPTION_FORM, 118 118 prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION), … … 120 120 flags = INTERACTIVE, 121 121 key = KEY_SECURE_BOOT_KEK_OPTION; 122 123 subtitle text = STRING_TOKEN(STR_NULL); 124 122 123 subtitle text = STRING_TOKEN(STR_NULL); 124 125 125 goto FORMID_SECURE_BOOT_DB_OPTION_FORM, 126 126 prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION), … … 128 128 flags = INTERACTIVE, 129 129 key = KEY_SECURE_BOOT_DB_OPTION; 130 131 subtitle text = STRING_TOKEN(STR_NULL); 132 130 131 subtitle text = STRING_TOKEN(STR_NULL); 132 133 133 goto FORMID_SECURE_BOOT_DBX_OPTION_FORM, 134 134 prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION), … … 138 138 139 139 endform; 140 140 141 141 // 142 142 // ##3 Form: 'PK Options' … … 144 144 form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM, 145 145 title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION); 146 147 subtitle text = STRING_TOKEN(STR_NULL); 148 146 147 subtitle text = STRING_TOKEN(STR_NULL); 148 149 149 // 150 150 // Define of Check Box: 'Delete PK' … … 156 156 endcheckbox; 157 157 endif; 158 158 159 159 grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1; 160 160 goto FORMID_ENROLL_PK_FORM, … … 164 164 key = KEY_ENROLL_PK; 165 165 endif; 166 167 subtitle text = STRING_TOKEN(STR_NULL); 168 169 // 170 // Display of Check Box: 'Delete Pk' 166 167 subtitle text = STRING_TOKEN(STR_NULL); 168 169 // 170 // Display of Check Box: 'Delete Pk' 171 171 // 172 172 grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1; 173 173 checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk, 174 174 questionid = KEY_SECURE_BOOT_DELETE_PK, 175 prompt = STRING_TOKEN(STR_DELETE_PK), 175 prompt = STRING_TOKEN(STR_DELETE_PK), 176 176 help = STRING_TOKEN(STR_DELETE_PK_HELP), 177 177 flags = INTERACTIVE | RESET_REQUIRED, … … 179 179 endif; 180 180 endform; 181 181 182 182 // 183 183 // ##4 Form: 'Enroll PK' … … 185 185 form formid = FORMID_ENROLL_PK_FORM, 186 186 title = STRING_TOKEN(STR_ENROLL_PK); 187 187 188 188 subtitle text = STRING_TOKEN(STR_NULL); 189 189 … … 194 194 key = SECUREBOOT_ADD_PK_FILE_FORM_ID; 195 195 endform; 196 196 197 197 // 198 198 // ##5 Form: 'KEK Options' … … 202 202 203 203 // 204 // Display of 'Enroll KEK' 204 // Display of 'Enroll KEK' 205 205 // 206 206 goto FORMID_ENROLL_KEK_FORM, … … 208 208 help = STRING_TOKEN(STR_ENROLL_KEK_HELP), 209 209 flags = INTERACTIVE; 210 211 subtitle text = STRING_TOKEN(STR_NULL); 212 213 // 214 // Display of 'Delete KEK' 210 211 subtitle text = STRING_TOKEN(STR_NULL); 212 213 // 214 // Display of 'Delete KEK' 215 215 // 216 216 goto FORMID_DELETE_KEK_FORM, … … 219 219 flags = INTERACTIVE, 220 220 key = KEY_DELETE_KEK; 221 222 subtitle text = STRING_TOKEN(STR_NULL); 223 endform; 224 225 // 226 // ##6 Form: 'Enroll KEK' 221 222 subtitle text = STRING_TOKEN(STR_NULL); 223 endform; 224 225 // 226 // ##6 Form: 'Enroll KEK' 227 227 // 228 228 form formid = FORMID_ENROLL_KEK_FORM, … … 259 259 flags = INTERACTIVE, 260 260 key = KEY_VALUE_SAVE_AND_EXIT_KEK; 261 261 262 262 goto FORMID_SECURE_BOOT_OPTION_FORM, 263 263 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), … … 270 270 // 271 271 // ##7 Form: 'Delete KEK' 272 // 272 // 273 273 form formid = FORMID_DELETE_KEK_FORM, 274 274 title = STRING_TOKEN(STR_DELETE_KEK_TITLE); … … 276 276 label LABEL_KEK_DELETE; 277 277 label LABEL_END; 278 279 subtitle text = STRING_TOKEN(STR_NULL); 280 278 279 subtitle text = STRING_TOKEN(STR_NULL); 280 281 281 endform; 282 282 … … 301 301 flags = INTERACTIVE, 302 302 key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB; 303 303 304 304 endform; 305 305 … … 336 336 label LABEL_END; 337 337 subtitle text = STRING_TOKEN(STR_NULL); 338 338 339 339 endform; 340 340 … … 348 348 label LABEL_END; 349 349 subtitle text = STRING_TOKEN(STR_NULL); 350 350 351 351 endform; 352 352 … … 387 387 flags = INTERACTIVE, 388 388 key = KEY_VALUE_SAVE_AND_EXIT_DB; 389 389 390 390 goto FORMID_SECURE_BOOT_OPTION_FORM, 391 391 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), … … 432 432 flags = INTERACTIVE, 433 433 key = KEY_VALUE_SAVE_AND_EXIT_DBX; 434 434 435 435 goto FORMID_SECURE_BOOT_OPTION_FORM, 436 436 prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), … … 450 450 label LABEL_END; 451 451 endform; 452 452 453 453 // 454 454 // File Explorer for KEK … … 490 490 label SECUREBOOT_ADD_PK_FILE_FORM_ID; 491 491 label LABEL_END; 492 492 493 493 subtitle text = STRING_TOKEN(STR_NULL); 494 494 -
Property svn:eol-style
set to
-
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c
r48674 r58466 3 3 4 4 Copyright (c) 2011, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 8 http://opensource.org/licenses/bsd-license.php 9 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 12 … … 36 36 EFI_STATUS Status; 37 37 SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; 38 38 39 39 // 40 40 // If already started, return. … … 51 51 return EFI_ALREADY_STARTED; 52 52 } 53 53 54 54 // 55 55 // Create a private data structure. … … 59 59 return EFI_OUT_OF_RESOURCES; 60 60 } 61 61 62 62 // 63 63 // Install SecureBoot configuration form … … 70 70 // 71 71 // Install private GUID. 72 // 72 // 73 73 Status = gBS->InstallMultipleProtocolInterfaces ( 74 74 &ImageHandle, … … 87 87 if (PrivateData != NULL) { 88 88 UninstallSecureBootConfigForm (PrivateData); 89 } 90 89 } 90 91 91 return Status; 92 92 } … … 114 114 &gEfiCallerIdGuid, 115 115 (VOID **) &PrivateData 116 ); 116 ); 117 117 if (EFI_ERROR (Status)) { 118 return Status; 118 return Status; 119 119 } 120 120 121 121 ASSERT (PrivateData->Signature == SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE); 122 122 … … 127 127 NULL 128 128 ); 129 129 130 130 UninstallSecureBootConfigForm (PrivateData); 131 131 -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
r58459 r58466 63 63 ## SOMETIMES_PRODUCES ## Variable:L"CustomMode" 64 64 gEfiCustomModeEnableGuid 65 65 66 66 ## SOMETIMES_CONSUMES ## Variable:L"SecureBootEnable" 67 67 ## SOMETIMES_PRODUCES ## Variable:L"SecureBootEnable" 68 68 gEfiSecureBootEnableDisableGuid 69 69 70 70 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 71 71 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 72 72 gEfiCertRsa2048Guid 73 73 74 74 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 75 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 75 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 76 76 gEfiCertX509Guid 77 77 78 78 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 79 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 79 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 80 80 gEfiCertSha1Guid 81 81 82 82 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 83 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 83 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 84 84 gEfiCertSha256Guid 85 85 86 86 ## SOMETIMES_CONSUMES ## Variable:L"db" 87 87 ## SOMETIMES_PRODUCES ## Variable:L"db" … … 89 89 ## SOMETIMES_PRODUCES ## Variable:L"dbx" 90 90 gEfiImageSecurityDatabaseGuid 91 91 92 92 ## SOMETIMES_CONSUMES ## Variable:L"SetupMode" 93 93 ## SOMETIMES_PRODUCES ## Variable:L"PK" … … 96 96 ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" 97 97 gEfiGlobalVariableGuid 98 98 99 99 gEfiIfrTianoGuid ## PRODUCES ## GUID # HII opcode 100 100 ## PRODUCES ## HII -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c
r58459 r58466 66 66 67 67 /** 68 Helper function called as part of the code needed to allocate 68 Helper function called as part of the code needed to allocate 69 69 the proper sized buffer for various EFI interfaces. 70 70 … … 123 123 124 124 /** 125 Append file name to existing file name, and allocate a new buffer 125 Append file name to existing file name, and allocate a new buffer 126 126 to hold the appended result. 127 127 … … 150 150 ASSERT (Str != NULL); 151 151 152 TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16)); 152 TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16)); 153 153 ASSERT (TmpStr != NULL); 154 154 … … 171 171 172 172 // 173 // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings 173 // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings 174 174 // that overlap. 175 175 // … … 183 183 184 184 // 185 // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings 185 // Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings 186 186 // that overlap. 187 187 // … … 197 197 198 198 FreePool (TmpStr); 199 199 200 200 return Str; 201 201 } … … 355 355 356 356 @param[in, out] MenuOption Menu to be freed 357 357 358 358 **/ 359 359 VOID … … 460 460 Attributes is valid only for EFI_FILE_MODE_CREATE. 461 461 462 @param[in, out] FilePath On input, the device path to the file. 462 @param[in, out] FilePath On input, the device path to the file. 463 463 On output, the remaining device path. 464 464 @param[out] FileHandle Pointer to the file handle. … … 496 496 EFI_FILE_PROTOCOL *Handle1; 497 497 EFI_FILE_PROTOCOL *Handle2; 498 EFI_HANDLE DeviceHandle; 498 EFI_HANDLE DeviceHandle; 499 499 500 500 if ((FilePath == NULL || FileHandle == NULL)) { … … 817 817 FreePool (SimpleFsHandle); 818 818 } 819 819 820 820 // 821 821 // Remember how many file system options are here … … 827 827 828 828 /** 829 Find files under the current directory. All files and sub-directories 829 Find files under the current directory. All files and sub-directories 830 830 in current directory will be stored in DirectoryMenu for future use. 831 831 … … 893 893 return EFI_OUT_OF_RESOURCES; 894 894 } 895 895 896 896 // 897 897 // Get all files in current directory … … 935 935 ); 936 936 NewMenuEntry->HelpString = NULL; 937 937 938 938 NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY); 939 939 if (NewFileContext->IsDir) { … … 978 978 // 979 979 // Free current updated date 980 // 980 // 981 981 if (mStartOpCodeHandle != NULL) { 982 982 HiiFreeOpCodeHandle (mStartOpCodeHandle); … … 1119 1119 FreeMenu (&FsOptionMenu); 1120 1120 FindFileSystem (); 1121 1121 1122 1122 CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu); 1123 1123 UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu, PrivateData->FeCurrentState); … … 1163 1163 PrivateData->MenuEntry = NewMenuEntry; 1164 1164 PrivateData->FileContext->FileName = NewFileContext->FileName; 1165 1165 1166 1166 TmpDevicePath = NewFileContext->DevicePath; 1167 1167 OpenFileByDevicePath ( … … 1201 1201 1202 1202 /** 1203 Clean up the dynamic opcode at label and form specified by both LabelId. 1203 Clean up the dynamic opcode at label and form specified by both LabelId. 1204 1204 1205 1205 @param[in] LabelId It is both the Form ID and Label ID for opcode deletion. -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
r58459 r58466 18 18 19 19 SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = { 20 SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE, 20 SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE, 21 21 { 22 22 SecureBootExtractConfig, … … 72 72 73 73 // 74 // Variable Definitions 75 // 74 // Variable Definitions 75 // 76 76 UINT32 mPeCoffHeaderOffset = 0; 77 77 WIN_CERTIFICATE *mCertificate = NULL; … … 110 110 ) 111 111 { 112 UINTN Index; 112 UINTN Index; 113 113 for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) { 114 114 if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) { … … 148 148 Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2 149 149 descriptor with the input data. NO authentication is required in this function. 150 150 151 151 @param[in, out] DataSize On input, the size of Data buffer in bytes. 152 152 On output, the size of data returned in Data 153 153 buffer in bytes. 154 @param[in, out] Data On input, Pointer to data buffer to be wrapped or 154 @param[in, out] Data On input, Pointer to data buffer to be wrapped or 155 155 pointer to NULL to wrap an empty payload. 156 156 On output, Pointer to the new payload date buffer allocated from pool, 157 it's caller's responsibility to free the memory when finish using it. 157 it's caller's responsibility to free the memory when finish using it. 158 158 159 159 @retval EFI_SUCCESS Create time based payload successfully. … … 176 176 UINTN DescriptorSize; 177 177 EFI_TIME Time; 178 178 179 179 if (Data == NULL || DataSize == NULL) { 180 180 return EFI_INVALID_PARAMETER; 181 181 } 182 183 // 184 // In Setup mode or Custom mode, the variable does not need to be signed but the 182 183 // 184 // In Setup mode or Custom mode, the variable does not need to be signed but the 185 185 // parameters to the SetVariable() call still need to be prepared as authenticated 186 186 // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor without certificate … … 189 189 Payload = *Data; 190 190 PayloadSize = *DataSize; 191 191 192 192 DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); 193 193 NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize); … … 214 214 Time.Pad2 = 0; 215 215 CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME)); 216 216 217 217 DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); 218 218 DescriptorData->AuthInfo.Hdr.wRevision = 0x0200; 219 219 DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID; 220 220 CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid); 221 221 222 222 if (Payload != NULL) { 223 223 FreePool(Payload); 224 224 } 225 225 226 226 *DataSize = DescriptorSize + PayloadSize; 227 227 *Data = NewData; … … 288 288 @param[in] SecureBootMode New secure boot mode: STANDARD_SECURE_BOOT_MODE or 289 289 CUSTOM_SECURE_BOOT_MODE. 290 290 291 291 @return EFI_SUCCESS The platform has switched to the special mode successfully. 292 292 @return other Fail to operate the secure boot mode. 293 293 294 294 **/ 295 295 EFI_STATUS … … 298 298 ) 299 299 { 300 return gRT->SetVariable ( 300 return gRT->SetVariable ( 301 301 EFI_CUSTOM_MODE_NAME, 302 302 &gEfiCustomModeEnableGuid, … … 312 312 @param[in] X509File FileHandle of X509 Certificate storing file. 313 313 @param[out] PkCert Point to the data buffer to store the signature list. 314 314 315 315 @return EFI_UNSUPPORTED Unsupported Key Length. 316 316 @return EFI_OUT_OF_RESOURCES There are not enough memory resourses to form the signature list. 317 317 318 318 **/ 319 319 EFI_STATUS 320 320 CreatePkX509SignatureList ( 321 IN EFI_FILE_HANDLE X509File, 322 OUT EFI_SIGNATURE_LIST **PkCert 321 IN EFI_FILE_HANDLE X509File, 322 OUT EFI_SIGNATURE_LIST **PkCert 323 323 ) 324 324 { 325 EFI_STATUS Status; 325 EFI_STATUS Status; 326 326 UINT8 *X509Data; 327 327 UINTN X509DataSize; … … 330 330 X509Data = NULL; 331 331 PkCertData = NULL; 332 X509DataSize = 0; 333 332 X509DataSize = 0; 333 334 334 Status = ReadFileContent (X509File, (VOID**) &X509Data, &X509DataSize, 0); 335 335 if (EFI_ERROR (Status)) { … … 351 351 } 352 352 353 (*PkCert)->SignatureListSize = (UINT32) (sizeof(EFI_SIGNATURE_LIST) 353 (*PkCert)->SignatureListSize = (UINT32) (sizeof(EFI_SIGNATURE_LIST) 354 354 + sizeof(EFI_SIGNATURE_DATA) - 1 355 355 + X509DataSize); … … 357 357 (*PkCert)->SignatureHeaderSize = 0; 358 358 CopyGuid (&(*PkCert)->SignatureType, &gEfiCertX509Guid); 359 PkCertData = (EFI_SIGNATURE_DATA*) ((UINTN)(*PkCert) 359 PkCertData = (EFI_SIGNATURE_DATA*) ((UINTN)(*PkCert) 360 360 + sizeof(EFI_SIGNATURE_LIST) 361 361 + (*PkCert)->SignatureHeaderSize); 362 CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid); 362 CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid); 363 363 // 364 364 // Fill the PK database with PKpub data from X509 certificate file. 365 // 365 // 366 366 CopyMem (&(PkCertData->SignatureData[0]), X509Data, X509DataSize); 367 367 368 368 ON_EXIT: 369 369 370 370 if (X509Data != NULL) { 371 371 FreePool (X509Data); 372 372 } 373 373 374 374 if (EFI_ERROR(Status) && *PkCert != NULL) { 375 375 FreePool (*PkCert); 376 376 *PkCert = NULL; 377 377 } 378 378 379 379 return Status; 380 380 } … … 390 390 @retval EFI_INVALID_PARAMETER The parameter is invalid. 391 391 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. 392 392 393 393 **/ 394 394 EFI_STATUS 395 395 EnrollPlatformKey ( 396 396 IN SECUREBOOT_CONFIG_PRIVATE_DATA* Private 397 ) 397 ) 398 398 { 399 399 EFI_STATUS Status; … … 403 403 UINT16* FilePostFix; 404 404 UINTN NameLength; 405 405 406 406 if (Private->FileContext->FileName == NULL) { 407 407 return EFI_INVALID_PARAMETER; … … 434 434 // 435 435 Status = CreatePkX509SignatureList ( 436 Private->FileContext->FHandle, 437 &PkCert 436 Private->FileContext->FHandle, 437 &PkCert 438 438 ); 439 439 if (EFI_ERROR (Status)) { … … 441 441 } 442 442 ASSERT (PkCert != NULL); 443 443 444 444 // 445 445 // Set Platform Key variable. 446 // 447 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 446 // 447 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 448 448 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 449 449 DataSize = PkCert->SignatureListSize; … … 453 453 goto ON_EXIT; 454 454 } 455 455 456 456 Status = gRT->SetVariable( 457 EFI_PLATFORM_KEY_NAME, 458 &gEfiGlobalVariableGuid, 459 Attr, 460 DataSize, 457 EFI_PLATFORM_KEY_NAME, 458 &gEfiGlobalVariableGuid, 459 Attr, 460 DataSize, 461 461 PkCert 462 462 ); … … 467 467 goto ON_EXIT; 468 468 } 469 469 470 470 ON_EXIT: 471 471 … … 473 473 FreePool(PkCert); 474 474 } 475 475 476 476 if (Private->FileContext->FHandle != NULL) { 477 477 CloseFile (Private->FileContext->FHandle); … … 487 487 @retval EFI_SUCCESS Delete PK successfully. 488 488 @retval Others Could not allow to delete PK. 489 489 490 490 **/ 491 491 EFI_STATUS … … 533 533 EFI_SIGNATURE_DATA *KEKSigData; 534 534 UINTN KekSigListSize; 535 UINT8 *KeyBuffer; 535 UINT8 *KeyBuffer; 536 536 UINTN KeyLenInBytes; 537 537 … … 545 545 KekSigList = NULL; 546 546 KekSigListSize = 0; 547 547 548 548 // 549 549 // Form the KeKpub certificate list into EFI_SIGNATURE_LIST type. 550 550 // First, We have to parse out public key data from the pbk key file. 551 // 551 // 552 552 Status = ReadFileContent ( 553 553 Private->FileContext->FHandle, … … 566 566 goto ON_EXIT; 567 567 } 568 568 569 569 // 570 570 // Convert the Public key to fix octet string format represented in RSA PKCS#1. 571 // 571 // 572 572 KeyLenInBytes = KeyInfo->KeyLengthInBits / 8; 573 573 KeyBuffer = AllocateZeroPool (KeyLenInBytes); … … 577 577 } 578 578 Int2OctStr ( 579 (UINTN*) (KeyBlob + sizeof (CPL_KEY_INFO)), 580 KeyLenInBytes / sizeof (UINTN), 581 KeyBuffer, 579 (UINTN*) (KeyBlob + sizeof (CPL_KEY_INFO)), 580 KeyLenInBytes / sizeof (UINTN), 581 KeyBuffer, 582 582 KeyLenInBytes 583 583 ); 584 584 CopyMem(KeyBlob + sizeof(CPL_KEY_INFO), KeyBuffer, KeyLenInBytes); 585 585 586 586 // 587 587 // Form an new EFI_SIGNATURE_LIST. … … 603 603 KekSigList->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE; 604 604 CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid); 605 605 606 606 KEKSigData = (EFI_SIGNATURE_DATA*)((UINT8*)KekSigList + sizeof(EFI_SIGNATURE_LIST)); 607 607 CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID); … … 611 611 WIN_CERT_UEFI_RSA2048_SIZE 612 612 ); 613 614 // 615 // Check if KEK entry has been already existed. 616 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 613 614 // 615 // Check if KEK entry has been already existed. 616 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 617 617 // new KEK to original variable. 618 // 619 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 618 // 619 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 620 620 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 621 621 Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList); … … 626 626 627 627 Status = gRT->GetVariable( 628 EFI_KEY_EXCHANGE_KEY_NAME, 629 &gEfiGlobalVariableGuid, 630 NULL, 631 &DataSize, 628 EFI_KEY_EXCHANGE_KEY_NAME, 629 &gEfiGlobalVariableGuid, 630 NULL, 631 &DataSize, 632 632 NULL 633 633 ); … … 637 637 goto ON_EXIT; 638 638 } 639 639 640 640 // 641 641 // Done. Now we have formed the correct KEKpub database item, just set it into variable storage, 642 // 642 // 643 643 Status = gRT->SetVariable( 644 EFI_KEY_EXCHANGE_KEY_NAME, 645 &gEfiGlobalVariableGuid, 646 Attr, 647 KekSigListSize, 644 EFI_KEY_EXCHANGE_KEY_NAME, 645 &gEfiGlobalVariableGuid, 646 Attr, 647 KekSigListSize, 648 648 KekSigList 649 649 ); … … 651 651 goto ON_EXIT; 652 652 } 653 653 654 654 ON_EXIT: 655 655 … … 672 672 FreePool (KekSigList); 673 673 } 674 674 675 675 return Status; 676 676 } … … 690 690 EnrollX509ToKek ( 691 691 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private 692 ) 692 ) 693 693 { 694 694 EFI_STATUS Status; … … 728 728 // 729 729 // Fill Certificate Database parameters. 730 // 730 // 731 731 KekSigList->SignatureListSize = (UINT32) KekSigListSize; 732 732 KekSigList->SignatureHeaderSize = 0; … … 739 739 740 740 // 741 // Check if KEK been already existed. 742 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 741 // Check if KEK been already existed. 742 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 743 743 // new kek to original variable 744 // 745 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 744 // 745 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 746 746 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 747 747 Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList); … … 750 750 goto ON_EXIT; 751 751 } 752 752 753 753 Status = gRT->GetVariable( 754 EFI_KEY_EXCHANGE_KEY_NAME, 755 &gEfiGlobalVariableGuid, 756 NULL, 757 &DataSize, 754 EFI_KEY_EXCHANGE_KEY_NAME, 755 &gEfiGlobalVariableGuid, 756 NULL, 757 &DataSize, 758 758 NULL 759 759 ); … … 762 762 } else if (Status != EFI_NOT_FOUND) { 763 763 goto ON_EXIT; 764 } 764 } 765 765 766 766 Status = gRT->SetVariable( 767 EFI_KEY_EXCHANGE_KEY_NAME, 768 &gEfiGlobalVariableGuid, 769 Attr, 767 EFI_KEY_EXCHANGE_KEY_NAME, 768 &gEfiGlobalVariableGuid, 769 Attr, 770 770 KekSigListSize, 771 771 KekSigList … … 796 796 Enroll new KEK into the System without PK's authentication. 797 797 The SignatureOwner GUID will be Private->SignatureGUID. 798 798 799 799 @param[in] PrivateData The module's private data. 800 800 801 801 @retval EFI_SUCCESS New KEK enrolled successful. 802 802 @retval EFI_INVALID_PARAMETER The parameter is invalid. 803 803 @retval others Fail to enroll KEK data. 804 804 805 805 **/ 806 806 EFI_STATUS 807 807 EnrollKeyExchangeKey ( 808 808 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private 809 ) 809 ) 810 810 { 811 811 UINT16* FilePostFix; 812 812 EFI_STATUS Status; 813 813 UINTN NameLength; 814 814 815 815 if ((Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) { 816 816 return EFI_INVALID_PARAMETER; … … 823 823 824 824 // 825 // Parse the file's postfix. Supports DER-encoded X509 certificate, 825 // Parse the file's postfix. Supports DER-encoded X509 certificate, 826 826 // and .pbk as RSA public key file. 827 827 // … … 845 845 846 846 @param[in] PrivateData The module's private data. 847 @param[in] VariableName Variable name of signature database, must be 847 @param[in] VariableName Variable name of signature database, must be 848 848 EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1. 849 849 850 850 @retval EFI_SUCCESS New X509 is enrolled successfully. 851 851 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. … … 856 856 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, 857 857 IN CHAR16 *VariableName 858 ) 858 ) 859 859 { 860 860 EFI_STATUS Status; … … 897 897 // 898 898 // Fill Certificate Database parameters. 899 // 899 // 900 900 SigDBCert = (EFI_SIGNATURE_LIST*) Data; 901 901 SigDBCert->SignatureListSize = (UINT32) SigDBSize; … … 909 909 910 910 // 911 // Check if signature database entry has been already existed. 912 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 911 // Check if signature database entry has been already existed. 912 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 913 913 // new signature data to original variable 914 // 915 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 914 // 915 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 916 916 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 917 917 Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data); … … 922 922 923 923 Status = gRT->GetVariable( 924 VariableName, 925 &gEfiImageSecurityDatabaseGuid, 926 NULL, 927 &DataSize, 924 VariableName, 925 &gEfiImageSecurityDatabaseGuid, 926 NULL, 927 &DataSize, 928 928 NULL 929 929 ); … … 932 932 } else if (Status != EFI_NOT_FOUND) { 933 933 goto ON_EXIT; 934 } 934 } 935 935 936 936 Status = gRT->SetVariable( 937 VariableName, 938 &gEfiImageSecurityDatabaseGuid, 939 Attr, 937 VariableName, 938 &gEfiImageSecurityDatabaseGuid, 939 Attr, 940 940 SigDBSize, 941 941 Data … … 977 977 EFI_STATUS 978 978 LoadPeImage ( 979 VOID 980 ) 979 VOID 980 ) 981 981 { 982 982 EFI_IMAGE_DOS_HEADER *DosHdr; … … 993 993 { 994 994 // 995 // DOS image header is present, 995 // DOS image header is present, 996 996 // So read the PE header after the DOS image header 997 997 // … … 1018 1018 // Note the size of FileHeader field is constant for both IA32 and X64 arch 1019 1019 // 1020 if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) 1020 if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) 1021 1021 || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)) { 1022 1022 // … … 1046 1046 1047 1047 @param[in] HashAlg Hash algorithm type. 1048 1048 1049 1049 @retval TRUE Successfully hash image. 1050 1050 @retval FALSE Fail in hash image. 1051 1051 1052 1052 **/ 1053 BOOLEAN 1053 BOOLEAN 1054 1054 HashPeImage ( 1055 1055 IN UINT32 HashAlg … … 1075 1075 return FALSE; 1076 1076 } 1077 1077 1078 1078 // 1079 1079 // Initialize context of hash. … … 1083 1083 if (HashAlg == HASHALG_SHA1) { 1084 1084 mImageDigestSize = SHA1_DIGEST_SIZE; 1085 mCertType = gEfiCertSha1Guid; 1085 mCertType = gEfiCertSha1Guid; 1086 1086 } else if (HashAlg == HASHALG_SHA256) { 1087 1087 mImageDigestSize = SHA256_DIGEST_SIZE; … … 1090 1090 1091 1091 CtxSize = mHash[HashAlg].GetContextSize(); 1092 1092 1093 1093 HashCtx = AllocatePool (CtxSize); 1094 1094 ASSERT (HashCtx != NULL); … … 1107 1107 if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { 1108 1108 // 1109 // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value 1110 // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the 1109 // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value 1110 // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the 1111 1111 // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC 1112 1112 // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC … … 1119 1119 Magic = mNtHeader.Pe32->OptionalHeader.Magic; 1120 1120 } 1121 1121 1122 1122 // 1123 1123 // 3. Calculate the distance from the base of the image header to the image checksum address. … … 1155 1155 // 1156 1156 // Use PE32+ offset. 1157 // 1157 // 1158 1158 HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); 1159 1159 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase); … … 1278 1278 mImageSize - 1279 1279 mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - 1280 SumOfBytesHashed); 1280 SumOfBytesHashed); 1281 1281 } 1282 1282 … … 1300 1300 1301 1301 /** 1302 Recognize the Hash algorithm in PE/COFF Authenticode and caculate hash of 1303 Pe/Coff image based on the authenticated image hashing in PE/COFF Specification 1302 Recognize the Hash algorithm in PE/COFF Authenticode and caculate hash of 1303 Pe/Coff image based on the authenticated image hashing in PE/COFF Specification 1304 1304 8.0 Appendix A 1305 1305 … … 1308 1308 1309 1309 **/ 1310 EFI_STATUS 1310 EFI_STATUS 1311 1311 HashPeImageByType ( 1312 1312 VOID … … 1318 1318 PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->Offset); 1319 1319 1320 for (Index = 0; Index < HASHALG_MAX; Index++) { 1320 for (Index = 0; Index < HASHALG_MAX; Index++) { 1321 1321 // 1322 1322 // Check the Hash algorithm in PE/COFF Authenticode. 1323 // According to PKCS#7 Definition: 1323 // According to PKCS#7 Definition: 1324 1324 // SignedData ::= SEQUENCE { 1325 1325 // version Version, … … 1338 1338 } 1339 1339 1340 // 1340 // 1341 1341 if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) { 1342 1342 break; … … 1359 1359 1360 1360 /** 1361 Enroll a new executable's signature into Signature Database. 1361 Enroll a new executable's signature into Signature Database. 1362 1362 1363 1363 @param[in] PrivateData The module's private data. 1364 @param[in] VariableName Variable name of signature database, must be 1364 @param[in] VariableName Variable name of signature database, must be 1365 1365 EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1. 1366 1366 … … 1403 1403 Status = ReadFileContent( 1404 1404 Private->FileContext->FHandle, 1405 (VOID **) &mImageBase, 1406 &mImageSize, 1405 (VOID **) &mImageBase, 1406 &mImageSize, 1407 1407 0 1408 1408 ); 1409 1409 if (EFI_ERROR (Status)) { 1410 1410 goto ON_EXIT; 1411 } 1411 } 1412 1412 ASSERT (mImageBase != NULL); 1413 1413 … … 1423 1423 } 1424 1424 } else { 1425 1425 1426 1426 // 1427 1427 // Read the certificate data … … 1440 1440 goto ON_EXIT;; 1441 1441 } 1442 1442 1443 1443 } else if (mCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { 1444 1444 … … 1456 1456 // Create a new SigDB entry. 1457 1457 // 1458 SigDBSize = sizeof(EFI_SIGNATURE_LIST) 1458 SigDBSize = sizeof(EFI_SIGNATURE_LIST) 1459 1459 + sizeof(EFI_SIGNATURE_DATA) - 1 1460 1460 + (UINT32) mImageDigestSize; … … 1465 1465 goto ON_EXIT; 1466 1466 } 1467 1467 1468 1468 // 1469 1469 // Adjust the Certificate Database parameters. 1470 // 1470 // 1471 1471 SigDBCert = (EFI_SIGNATURE_LIST*) Data; 1472 1472 SigDBCert->SignatureListSize = (UINT32) SigDBSize; … … 1479 1479 CopyMem (SigDBCertData->SignatureData, mImageDigest, mImageDigestSize); 1480 1480 1481 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 1481 Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS 1482 1482 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; 1483 1483 Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data); … … 1486 1486 goto ON_EXIT; 1487 1487 } 1488 1489 // 1490 // Check if SigDB variable has been already existed. 1491 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 1488 1489 // 1490 // Check if SigDB variable has been already existed. 1491 // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the 1492 1492 // new signature data to original variable 1493 // 1493 // 1494 1494 DataSize = 0; 1495 1495 Status = gRT->GetVariable( 1496 VariableName, 1497 &gEfiImageSecurityDatabaseGuid, 1498 NULL, 1499 &DataSize, 1496 VariableName, 1497 &gEfiImageSecurityDatabaseGuid, 1498 NULL, 1499 &DataSize, 1500 1500 NULL 1501 1501 ); … … 1504 1504 } else if (Status != EFI_NOT_FOUND) { 1505 1505 goto ON_EXIT; 1506 } 1506 } 1507 1507 1508 1508 // … … 1510 1510 // 1511 1511 Status = gRT->SetVariable( 1512 VariableName, 1513 &gEfiImageSecurityDatabaseGuid, 1514 Attr, 1515 SigDBSize, 1512 VariableName, 1513 &gEfiImageSecurityDatabaseGuid, 1514 Attr, 1515 SigDBSize, 1516 1516 Data 1517 1517 ); … … 1546 1546 Enroll signature into DB/DBX without KEK's authentication. 1547 1547 The SignatureOwner GUID will be Private->SignatureGUID. 1548 1548 1549 1549 @param[in] PrivateData The module's private data. 1550 @param[in] VariableName Variable name of signature database, must be 1550 @param[in] VariableName Variable name of signature database, must be 1551 1551 EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1. 1552 1552 1553 1553 @retval EFI_SUCCESS New signature enrolled successfully. 1554 1554 @retval EFI_INVALID_PARAMETER The parameter is invalid. 1555 1555 @retval others Fail to enroll signature data. 1556 1556 1557 1557 **/ 1558 1558 EFI_STATUS … … 1560 1560 IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, 1561 1561 IN CHAR16 *VariableName 1562 ) 1562 ) 1563 1563 { 1564 1564 UINT16* FilePostFix; … … 1574 1574 return Status; 1575 1575 } 1576 1577 // 1578 // Parse the file's postfix. 1576 1577 // 1578 // Parse the file's postfix. 1579 1579 // 1580 1580 NameLength = StrLen (Private->FileContext->FileName); … … 1606 1606 @retval EFI_SUCCESS Success to update the signature list page 1607 1607 @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources. 1608 1608 1609 1609 **/ 1610 1610 EFI_STATUS … … 1625 1625 VOID *EndOpCodeHandle; 1626 1626 EFI_IFR_GUID_LABEL *StartLabel; 1627 EFI_IFR_GUID_LABEL *EndLabel; 1627 EFI_IFR_GUID_LABEL *EndLabel; 1628 1628 UINTN DataSize; 1629 1629 UINT8 *Data; … … 1641 1641 StartOpCodeHandle = NULL; 1642 1642 EndOpCodeHandle = NULL; 1643 1643 1644 1644 // 1645 1645 // Initialize the container for dynamic opcodes. … … 1648 1648 if (StartOpCodeHandle == NULL) { 1649 1649 Status = EFI_OUT_OF_RESOURCES; 1650 goto ON_EXIT; 1650 goto ON_EXIT; 1651 1651 } 1652 1652 … … 1654 1654 if (EndOpCodeHandle == NULL) { 1655 1655 Status = EFI_OUT_OF_RESOURCES; 1656 goto ON_EXIT; 1656 goto ON_EXIT; 1657 1657 } 1658 1658 … … 1682 1682 // 1683 1683 DataSize = 0; 1684 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data); 1684 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data); 1685 1685 if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { 1686 1686 goto ON_EXIT; … … 1732 1732 CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; 1733 1733 for (Index = 0; Index < CertCount; Index++) { 1734 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList 1735 + sizeof (EFI_SIGNATURE_LIST) 1736 + CertList->SignatureHeaderSize 1734 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList 1735 + sizeof (EFI_SIGNATURE_LIST) 1736 + CertList->SignatureHeaderSize 1737 1737 + Index * CertList->SignatureSize); 1738 1738 // 1739 // Display GUID and help 1739 // Display GUID and help 1740 1740 // 1741 1741 GuidToString (&Cert->SignatureOwner, GuidStr, 100); … … 1744 1744 StartOpCodeHandle, 1745 1745 (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++), 1746 0, 1747 0, 1748 GuidID, 1746 0, 1747 0, 1748 GuidID, 1749 1749 Help, 1750 1750 EFI_IFR_FLAG_CALLBACK, 1751 1751 0, 1752 1752 NULL 1753 ); 1753 ); 1754 1754 } 1755 1755 … … 1774 1774 HiiFreeOpCodeHandle (EndOpCodeHandle); 1775 1775 } 1776 1776 1777 1777 if (Data != NULL) { 1778 1778 FreePool (Data); … … 1787 1787 1788 1788 /** 1789 Delete a KEK entry from KEK database. 1789 Delete a KEK entry from KEK database. 1790 1790 1791 1791 @param[in] PrivateData Module's private data. … … 1794 1794 @retval EFI_SUCCESS Delete kek item successfully. 1795 1795 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. 1796 1796 1797 1797 **/ 1798 1798 EFI_STATUS … … 1822 1822 CertList = NULL; 1823 1823 Cert = NULL; 1824 Attr = 0; 1824 Attr = 0; 1825 1825 DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID; 1826 1826 … … 1829 1829 return Status; 1830 1830 } 1831 1831 1832 1832 // 1833 1833 // Get original KEK variable. 1834 // 1835 DataSize = 0; 1834 // 1835 DataSize = 0; 1836 1836 Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL); 1837 1837 if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { … … 1841 1841 OldData = (UINT8*)AllocateZeroPool(DataSize); 1842 1842 if (OldData == NULL) { 1843 Status = EFI_OUT_OF_RESOURCES; 1843 Status = EFI_OUT_OF_RESOURCES; 1844 1844 goto ON_EXIT; 1845 1845 } … … 1851 1851 1852 1852 // 1853 // Allocate space for new variable. 1853 // Allocate space for new variable. 1854 1854 // 1855 1855 Data = (UINT8*) AllocateZeroPool (DataSize); … … 1881 1881 // 1882 1882 NewCertList->SignatureListSize -= CertList->SignatureSize; 1883 IsKEKItemFound = TRUE; 1883 IsKEKItemFound = TRUE; 1884 1884 } else { 1885 1885 // … … 1899 1899 Offset += CertList->SignatureListSize; 1900 1900 } 1901 1901 1902 1902 KekDataSize -= CertList->SignatureListSize; 1903 1903 CertList = (EFI_SIGNATURE_LIST*) ((UINT8*) CertList + CertList->SignatureListSize); … … 1925 1925 CopyMem (OldData + Offset, CertList, CertList->SignatureListSize); 1926 1926 Offset += CertList->SignatureListSize; 1927 } 1927 } 1928 1928 KekDataSize -= CertList->SignatureListSize; 1929 1929 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); … … 1940 1940 1941 1941 Status = gRT->SetVariable( 1942 EFI_KEY_EXCHANGE_KEY_NAME, 1943 &gEfiGlobalVariableGuid, 1944 Attr, 1945 DataSize, 1942 EFI_KEY_EXCHANGE_KEY_NAME, 1943 &gEfiGlobalVariableGuid, 1944 Attr, 1945 DataSize, 1946 1946 OldData 1947 1947 ); … … 1950 1950 goto ON_EXIT; 1951 1951 } 1952 1952 1953 1953 ON_EXIT: 1954 1954 if (Data != NULL) { … … 1961 1961 1962 1962 return UpdateDeletePage ( 1963 PrivateData, 1963 PrivateData, 1964 1964 EFI_KEY_EXCHANGE_KEY_NAME, 1965 1965 &gEfiGlobalVariableGuid, … … 1980 1980 @param[in] QuestionIdBase Base question id of the signature list. 1981 1981 @param[in] DeleteIndex Signature index to delete. 1982 1982 1983 1983 @retval EFI_SUCCESS Delete siganture successfully. 1984 1984 @retval EFI_NOT_FOUND Can't find the signature item, … … 2015 2015 CertList = NULL; 2016 2016 Cert = NULL; 2017 Attr = 0; 2017 Attr = 0; 2018 2018 2019 2019 Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); … … 2024 2024 // 2025 2025 // Get original signature list data. 2026 // 2026 // 2027 2027 DataSize = 0; 2028 2028 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL); … … 2033 2033 OldData = (UINT8 *) AllocateZeroPool (DataSize); 2034 2034 if (OldData == NULL) { 2035 Status = EFI_OUT_OF_RESOURCES; 2035 Status = EFI_OUT_OF_RESOURCES; 2036 2036 goto ON_EXIT; 2037 2037 } … … 2040 2040 if (EFI_ERROR(Status)) { 2041 2041 goto ON_EXIT; 2042 } 2043 2044 // 2045 // Allocate space for new variable. 2042 } 2043 2044 // 2045 // Allocate space for new variable. 2046 2046 // 2047 2047 Data = (UINT8*) AllocateZeroPool (DataSize); … … 2079 2079 // 2080 2080 NewCertList->SignatureListSize -= CertList->SignatureSize; 2081 IsItemFound = TRUE; 2081 IsItemFound = TRUE; 2082 2082 } else { 2083 2083 // … … 2097 2097 Offset += CertList->SignatureListSize; 2098 2098 } 2099 2099 2100 2100 ItemDataSize -= CertList->SignatureListSize; 2101 2101 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); … … 2123 2123 CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize); 2124 2124 Offset += CertList->SignatureListSize; 2125 } 2125 } 2126 2126 ItemDataSize -= CertList->SignatureListSize; 2127 2127 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); … … 2138 2138 2139 2139 Status = gRT->SetVariable( 2140 VariableName, 2141 VendorGuid, 2142 Attr, 2143 DataSize, 2140 VariableName, 2141 VendorGuid, 2142 Attr, 2143 DataSize, 2144 2144 OldData 2145 2145 ); … … 2148 2148 goto ON_EXIT; 2149 2149 } 2150 2150 2151 2151 ON_EXIT: 2152 2152 if (Data != NULL) { … … 2159 2159 2160 2160 return UpdateDeletePage ( 2161 PrivateData, 2161 PrivateData, 2162 2162 VariableName, 2163 2163 VendorGuid, … … 2170 2170 /** 2171 2171 This function extracts configuration from variable. 2172 2172 2173 2173 @param[in, out] ConfigData Point to SecureBoot configuration private data. 2174 2174 … … 2177 2177 SecureBootExtractConfigFromVariable ( 2178 2178 IN OUT SECUREBOOT_CONFIGURATION *ConfigData 2179 ) 2179 ) 2180 2180 { 2181 2181 UINT8 *SecureBootEnable; … … 2186 2186 SetupMode = NULL; 2187 2187 SecureBootMode = NULL; 2188 2188 2189 2189 // 2190 2190 // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable … … 2201 2201 } 2202 2202 } 2203 2203 2204 2204 // 2205 2205 // If it is Physical Presence User, set the PhysicalPresent to true. … … 2210 2210 ConfigData->PhysicalPresent = FALSE; 2211 2211 } 2212 2212 2213 2213 // 2214 2214 // If there is no PK then the Delete Pk button will be gray. … … 2290 2290 return EFI_INVALID_PARAMETER; 2291 2291 } 2292 2292 2293 2293 AllocatedRequest = FALSE; 2294 2294 ConfigRequestHdr = NULL; … … 2296 2296 Size = 0; 2297 2297 SecureBoot = NULL; 2298 2298 2299 2299 ZeroMem (&Configuration, sizeof (Configuration)); 2300 2300 PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); 2301 2301 *Progress = Request; 2302 2302 2303 2303 if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) { 2304 2304 return EFI_NOT_FOUND; … … 2322 2322 FreePool (SecureBoot); 2323 2323 } 2324 2324 2325 2325 BufferSize = sizeof (SECUREBOOT_CONFIGURATION); 2326 2326 ConfigRequest = Request; … … 2400 2400 UINTN BufferSize; 2401 2401 EFI_STATUS Status; 2402 2402 2403 2403 if (Configuration == NULL || Progress == NULL) { 2404 2404 return EFI_INVALID_PARAMETER; … … 2481 2481 { 2482 2482 EFI_INPUT_KEY Key; 2483 EFI_STATUS Status; 2483 EFI_STATUS Status; 2484 2484 SECUREBOOT_CONFIG_PRIVATE_DATA *Private; 2485 2485 UINTN BufferSize; … … 2506 2506 return EFI_SUCCESS; 2507 2507 } 2508 2508 2509 2509 if (Action == EFI_BROWSER_ACTION_RETRIEVE) { 2510 2510 Status = EFI_UNSUPPORTED; … … 2517 2517 return Status; 2518 2518 } 2519 2519 2520 2520 if ((Action != EFI_BROWSER_ACTION_CHANGED) && 2521 2521 (Action != EFI_BROWSER_ACTION_CHANGING) && … … 2524 2524 return EFI_UNSUPPORTED; 2525 2525 } 2526 2526 2527 2527 Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); 2528 2528 … … 2539 2539 2540 2540 HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData); 2541 2541 2542 2542 if (Action == EFI_BROWSER_ACTION_CHANGING) { 2543 2543 … … 2596 2596 // Refresh selected file. 2597 2597 // 2598 CleanUpPage (LabelId, Private); 2598 CleanUpPage (LabelId, Private); 2599 2599 break; 2600 2600 2601 2601 case SECUREBOOT_ADD_PK_FILE_FORM_ID: 2602 2602 case FORMID_ENROLL_KEK_FORM: … … 2618 2618 break; 2619 2619 2620 case KEY_SECURE_BOOT_DELETE_PK: 2620 case KEY_SECURE_BOOT_DELETE_PK: 2621 2621 if (Value->u8) { 2622 2622 CreatePopUp ( … … 2643 2643 case KEY_DELETE_KEK: 2644 2644 UpdateDeletePage ( 2645 Private, 2645 Private, 2646 2646 EFI_KEY_EXCHANGE_KEY_NAME, 2647 2647 &gEfiGlobalVariableGuid, 2648 2648 LABEL_KEK_DELETE, 2649 2649 FORMID_DELETE_KEK_FORM, 2650 OPTION_DEL_KEK_QUESTION_ID 2650 OPTION_DEL_KEK_QUESTION_ID 2651 2651 ); 2652 2652 break; 2653 2653 2654 case SECUREBOOT_DELETE_SIGNATURE_FROM_DB: 2654 case SECUREBOOT_DELETE_SIGNATURE_FROM_DB: 2655 2655 UpdateDeletePage ( 2656 2656 Private, … … 2726 2726 EFI_IMAGE_SECURITY_DATABASE, 2727 2727 &gEfiImageSecurityDatabaseGuid, 2728 LABEL_DB_DELETE, 2728 LABEL_DB_DELETE, 2729 2729 SECUREBOOT_DELETE_SIGNATURE_FROM_DB, 2730 2730 OPTION_DEL_DB_QUESTION_ID, … … 2737 2737 EFI_IMAGE_SECURITY_DATABASE1, 2738 2738 &gEfiImageSecurityDatabaseGuid, 2739 LABEL_DBX_DELETE, 2739 LABEL_DBX_DELETE, 2740 2740 SECUREBOOT_DELETE_SIGNATURE_FROM_DBX, 2741 2741 OPTION_DEL_DBX_QUESTION_ID, … … 2749 2749 case KEY_SECURE_BOOT_ENABLE: 2750 2750 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; 2751 break; 2751 break; 2752 2752 case KEY_VALUE_SAVE_AND_EXIT_PK: 2753 2753 Status = EnrollPlatformKey (Private); … … 2767 2767 ); 2768 2768 } else { 2769 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET; 2770 } 2769 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_RESET; 2770 } 2771 2771 break; 2772 2772 … … 2780 2780 Private->FileContext->FileName = NULL; 2781 2781 } 2782 2782 2783 2783 if (Private->SignatureGUID != NULL) { 2784 2784 FreePool (Private->SignatureGUID); … … 2787 2787 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_EXIT; 2788 2788 break; 2789 2789 2790 2790 case KEY_SECURE_BOOT_MODE: 2791 2791 mIsEnterSecureBootForm = FALSE; … … 2855 2855 } 2856 2856 } 2857 2857 2858 2858 if (!EFI_ERROR (Status)) { 2859 2859 BufferSize = sizeof (SECUREBOOT_CONFIGURATION); … … 2861 2861 } 2862 2862 FreePool (IfrNvData); 2863 2863 2864 2864 return EFI_SUCCESS; 2865 2865 } … … 2927 2927 PrivateData->FileContext = AllocateZeroPool (sizeof (SECUREBOOT_FILE_CONTEXT)); 2928 2928 PrivateData->MenuEntry = AllocateZeroPool (sizeof (SECUREBOOT_MENU_ENTRY)); 2929 2929 2930 2930 if (PrivateData->FileContext == NULL || PrivateData->MenuEntry == NULL) { 2931 2931 UninstallSecureBootConfigForm (PrivateData); 2932 2932 return EFI_OUT_OF_RESOURCES; 2933 2933 } 2934 2934 2935 2935 PrivateData->FeCurrentState = FileExplorerStateInActive; 2936 2936 PrivateData->FeDisplayContext = FileExplorerDisplayUnknown; 2937 2937 2938 2938 InitializeListHead (&FsOptionMenu.Head); 2939 2939 InitializeListHead (&DirectoryMenu.Head); … … 2976 2976 mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; 2977 2977 mEndLabel->Number = LABEL_END; 2978 2978 2979 2979 return EFI_SUCCESS; 2980 2980 } -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
r58459 r58466 317 317 CHAR16 *Name; ///< Name for Hash Algorithm 318 318 UINTN DigestLength; ///< Digest Length 319 UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value 319 UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value 320 320 UINTN OidLength; ///< Length of Hash OID Value 321 321 HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function … … 472 472 473 473 /** 474 Clean up the dynamic opcode at label and form specified by both LabelId. 474 Clean up the dynamic opcode at label and form specified by both LabelId. 475 475 476 476 @param[in] LabelId It is both the Form ID and Label ID for opcode deletion. … … 506 506 507 507 @param[in, out] MenuOption Menu to be freed 508 508 509 509 **/ 510 510 VOID … … 515 515 516 516 /** 517 Read file content into BufferPtr, the size of the allocate buffer 517 Read file content into BufferPtr, the size of the allocate buffer 518 518 is *FileSize plus AddtionAllocateSize. 519 519 … … 521 521 @param[in, out] BufferPtr Pointers to the pointer of allocated buffer. 522 522 @param[out] FileSize Size of input file 523 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. 523 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. 524 524 In case the buffer need to contain others besides the file content. 525 525 526 526 @retval EFI_SUCCESS The file was read into the buffer. 527 527 @retval EFI_INVALID_PARAMETER A parameter was invalid. … … 543 543 544 544 @param[in] FileHandle The file handle to close. 545 545 546 546 **/ 547 547 VOID … … 556 556 @param[in] Integer Pointer to the nonnegative integer to be converted 557 557 @param[in] IntSizeInWords Length of integer buffer in words 558 @param[out] OctetString Converted octet string of the specified length 558 @param[out] OctetString Converted octet string of the specified length 559 559 @param[in] OSSizeInBytes Intended length of resulting octet string in bytes 560 560 … … 588 588 EFI_STATUS 589 589 StringToGuid ( 590 IN CHAR16 *Str, 591 IN UINTN StrLen, 590 IN CHAR16 *Str, 591 IN UINTN StrLen, 592 592 OUT EFI_GUID *Guid 593 593 ); … … 600 600 @param[in] Buffer Buffer to print Guid into. 601 601 @param[in] BufferSize Size of Buffer. 602 602 603 603 @retval Number of characters printed. 604 604 -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c
r48674 r58466 16 16 17 17 /** 18 Read file content into BufferPtr, the size of the allocate buffer 18 Read file content into BufferPtr, the size of the allocate buffer 19 19 is *FileSize plus AddtionAllocateSize. 20 20 … … 22 22 @param[in, out] BufferPtr Pointers to the pointer of allocated buffer. 23 23 @param[out] FileSize Size of input file 24 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. 24 @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated. 25 25 In case the buffer need to contain others besides the file content. 26 26 27 27 @retval EFI_SUCCESS The file was read into the buffer. 28 28 @retval EFI_INVALID_PARAMETER A parameter was invalid. … … 63 63 goto ON_EXIT; 64 64 } 65 65 66 66 Status = FileHandle->SetPosition (FileHandle, 0); 67 67 if (EFI_ERROR (Status)) { … … 87 87 88 88 ON_EXIT: 89 89 90 90 *BufferPtr = Buffer; 91 91 return Status; … … 96 96 97 97 @param[in] FileHandle The file handle to close. 98 98 99 99 **/ 100 100 VOID … … 104 104 { 105 105 if (FileHandle != NULL) { 106 FileHandle->Close (FileHandle); 106 FileHandle->Close (FileHandle); 107 107 } 108 108 } … … 113 113 @param[in] Integer Pointer to the nonnegative integer to be converted 114 114 @param[in] IntSizeInWords Length of integer buffer in words 115 @param[out] OctetString Converted octet string of the specified length 115 @param[out] OctetString Converted octet string of the specified length 116 116 @param[in] OSSizeInBytes Intended length of resulting octet string in bytes 117 117 … … 139 139 *Ptr2 = *Ptr1; 140 140 } 141 141 142 142 for (; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++); 143 143 144 144 if (Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords)) { 145 145 return EFI_BUFFER_TOO_SMALL; 146 146 } 147 147 148 148 if (Ptr2 >= OctetString) { 149 149 ZeroMem (OctetString, Ptr2 - OctetString + 1); 150 150 } 151 151 152 152 return EFI_SUCCESS; 153 153 } … … 168 168 EFI_STATUS 169 169 StringToGuid ( 170 IN CHAR16 *Str, 171 IN UINTN StrLen, 170 IN CHAR16 *Str, 171 IN UINTN StrLen, 172 172 OUT EFI_GUID *Guid 173 173 ) … … 191 191 // 192 192 PtrBuffer = Buffer; 193 PtrPosition = PtrBuffer; 193 PtrPosition = PtrBuffer; 194 194 while (*PtrBuffer != L'\0') { 195 195 if (*PtrBuffer == L'-') { … … 288 288 289 289 FreePool (Buffer); 290 290 291 291 return EFI_SUCCESS; 292 292 } … … 298 298 @param[in] Buffer Buffer to print Guid into. 299 299 @param[in] BufferSize Size of Buffer. 300 300 301 301 @retval Number of characters printed. 302 302 … … 313 313 Size = UnicodeSPrint ( 314 314 Buffer, 315 BufferSize, 315 BufferSize, 316 316 L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", 317 (UINTN)Guid->Data1, 317 (UINTN)Guid->Data1, 318 318 (UINTN)Guid->Data2, 319 319 (UINTN)Guid->Data3, -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h
r58459 r58466 3 3 4 4 Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR> 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 5 This program and the accompanying materials 6 are licensed and made available under the terms and conditions of the BSD License 7 which accompanies this distribution. The full text of the license may be found at 8 8 http://opensource.org/licenses/bsd-license.php 9 9 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11 11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 12 … … 94 94 // Question ID 0x4000 ~ 0x4FFF is for DBX 95 95 // 96 #define OPTION_DEL_DBX_QUESTION_ID 0x4000 96 #define OPTION_DEL_DBX_QUESTION_ID 0x4000 97 97 98 98 #define FILE_OPTION_GOTO_OFFSET 0xC000 … … 113 113 BOOLEAN PhysicalPresent; //If a Physical Present User; 114 114 UINT8 SecureBootMode; //Secure Boot Mode: Standard Or Custom 115 BOOLEAN DeletePk; 115 BOOLEAN DeletePk; 116 116 BOOLEAN HasPk; //If Pk is existed it is true; 117 117 } SECUREBOOT_CONFIGURATION; -
trunk/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni
-
Property svn:mime-type
changed from
application/octet-streamtotext/plain;encoding=UTF-16LE
-
Property svn:mime-type
changed from
Note:
See TracChangeset
for help on using the changeset viewer.
