Changeset 91490 in vbox

Timestamp:

Sep 30, 2021 8:30:25 AM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

147174

Message:

Main: Implement enrolling the default VBox platform key, bugref:9580

Location:

trunk

Files:

• include/iprt/formats/efi-signature.h (modified) (1 diff)
• src/VBox/Main/include/TrustAnchorsAndCerts.h (modified) (1 diff)
• src/VBox/Main/src-server/UefiVariableStoreImpl.cpp (modified) (1 diff)

trunk/include/iprt/formats/efi-signature.h

@@ -64 +64 @@
     { 0x77fa9abd, 0x0359, 0x4d32, { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }}
 
+/** VirtualBox's GUID for signatures. */
+#define EFI_SIGNATURE_OWNER_GUID_VBOX \
+    { 0x9400896a, 0x146c, 0x4f4c, { 0x96, 0x47, 0x2c, 0x73, 0x62, 0x0c, 0xa8, 0x94 }}
+
 
 /**

trunk/src/VBox/Main/include/TrustAnchorsAndCerts.h

@@ -35 +35 @@
 extern const unsigned g_cbUefiMicrosoftProPca;
 
+extern const unsigned char g_abUefiOracleDefPk[];
+extern const unsigned g_cbUefiOracleDefPk;
+
 RT_C_DECLS_END
 

trunk/src/VBox/Main/src-server/UefiVariableStoreImpl.cpp

@@ -326 +326 @@
 HRESULT UefiVariableStore::enrollOraclePlatformKey(void)
 {
-    return E_NOTIMPL;
+    /* the machine needs to be mutable */
+    AutoMutableStateDependency adep(m->pMachine);
+    if (FAILED(adep.rc())) return adep.rc();
+
+    AutoWriteLock wlock(this COMMA_LOCKVAL_SRC_POS);
+
+    EFI_GUID GuidGlobalVar = EFI_GLOBAL_VARIABLE_GUID;
+
+    /** @todo This conversion from EFI GUID -> IPRT UUID -> Com GUID is nuts... */
+    EFI_GUID GuidOwnerVBox = EFI_SIGNATURE_OWNER_GUID_VBOX;
+    RTUUID   UuidVBox;
+    RTEfiGuidToUuid(&UuidVBox, &GuidOwnerVBox);
+
+    const com::Guid GuidVBox(UuidVBox);
+
+    return i_uefiVarStoreAddSignatureToDb(&GuidGlobalVar, "PK", g_abUefiOracleDefPk, g_cbUefiOracleDefPk,
+                                          GuidVBox, SignatureType_X509);
 }