- Generated on Fri Nov 15 2024 18:01:41 for TianoCore EDK2 by
1.9.6
|
TianoCore EDK2 master
|
#include "AuthServiceInternal.h"Go to the source code of this file.
Functions | |
| EFI_STATUS EFIAPI | AuthVariableLibInitialize (IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn, OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut) |
| EFI_STATUS EFIAPI | AuthVariableLibProcessVariable (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN UINT32 Attributes) |
Variables | |
| UINT8 * | mCertDbStore |
| UINT32 | mMaxCertDbSize |
| UINT32 | mPlatformMode |
| UINT8 | mVendorKeyState |
| EFI_GUID | mSignatureSupport [] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_SHA384_GUID, EFI_CERT_SHA512_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID } |
| VOID * | mHashSha256Ctx = NULL |
| VOID * | mHashSha384Ctx = NULL |
| VOID * | mHashSha512Ctx = NULL |
| VARIABLE_ENTRY_PROPERTY | mAuthVarEntry [] |
| VOID ** | mAuthVarAddressPointer [11] |
| AUTH_VAR_LIB_CONTEXT_IN * | mAuthVarLibContextIn = NULL |
Implement authentication services for the authenticated variables.
Caution: This module requires additional review when modified. This driver will have external input - variable data. It may be input in SMM mode. This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow. Variable attribute should also be checked to avoid authentication bypass. The whole SMM authentication variable design relies on the integrity of flash part and SMM. which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory may not be modified without authorization. If platform fails to protect these resources, the authentication service provided in this driver will be broken, and the behavior is undefined.
Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file AuthVariableLib.c.
| EFI_STATUS EFIAPI AuthVariableLibInitialize | ( | IN AUTH_VAR_LIB_CONTEXT_IN * | AuthVarLibContextIn, |
| OUT AUTH_VAR_LIB_CONTEXT_OUT * | AuthVarLibContextOut | ||
| ) |
Initialization for authenticated variable services. If this initialization returns error status, other APIs will not work and expect to be not called then.
| [in] | AuthVarLibContextIn | Pointer to input auth variable lib context. |
| [out] | AuthVarLibContextOut | Pointer to output auth variable lib context. |
| EFI_SUCCESS | Function successfully executed. |
| EFI_INVALID_PARAMETER | If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL. |
| EFI_OUT_OF_RESOURCES | Fail to allocate enough resource. |
| EFI_UNSUPPORTED | Unsupported to process authenticated variable. |
Definition at line 116 of file AuthVariableLib.c.
| EFI_STATUS EFIAPI AuthVariableLibProcessVariable | ( | IN CHAR16 * | VariableName, |
| IN EFI_GUID * | VendorGuid, | ||
| IN VOID * | Data, | ||
| IN UINTN | DataSize, | ||
| IN UINT32 | Attributes | ||
| ) |
Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
| [in] | VariableName | Name of the variable. |
| [in] | VendorGuid | Variable vendor GUID. |
| [in] | Data | Data pointer. |
| [in] | DataSize | Size of Data. |
| [in] | Attributes | Attribute value of the variable. |
| EFI_SUCCESS | The firmware has successfully stored the variable and its data as defined by the Attributes. |
| EFI_INVALID_PARAMETER | Invalid parameter. |
| EFI_WRITE_PROTECTED | Variable is write-protected. |
| EFI_OUT_OF_RESOURCES | There is not enough resource. |
| EFI_SECURITY_VIOLATION | The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set, but the AuthInfo does NOT pass the validation check carried out by the firmware. |
| EFI_UNSUPPORTED | Unsupported to process authenticated variable. |
Definition at line 407 of file AuthVariableLib.c.
| VOID** mAuthVarAddressPointer[11] |
Definition at line 96 of file AuthVariableLib.c.
| VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] |
Definition at line 38 of file AuthVariableLib.c.
| AUTH_VAR_LIB_CONTEXT_IN* mAuthVarLibContextIn = NULL |
Definition at line 98 of file AuthVariableLib.c.
| UINT8* mCertDbStore |
Global database array for scratch
Definition at line 24 of file AuthVariableLib.c.
| VOID* mHashSha256Ctx = NULL |
Definition at line 34 of file AuthVariableLib.c.
| VOID* mHashSha384Ctx = NULL |
Definition at line 35 of file AuthVariableLib.c.
| VOID* mHashSha512Ctx = NULL |
Definition at line 36 of file AuthVariableLib.c.
| UINT32 mMaxCertDbSize |
Definition at line 25 of file AuthVariableLib.c.
| UINT32 mPlatformMode |
Definition at line 26 of file AuthVariableLib.c.
| EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_SHA384_GUID, EFI_CERT_SHA512_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID } |
Definition at line 29 of file AuthVariableLib.c.
| UINT8 mVendorKeyState |
Definition at line 27 of file AuthVariableLib.c.
1.9.6