- Generated on Fri Nov 15 2024 18:01:39 for TianoCore EDK2 by
1.9.6
|
TianoCore EDK2 master
|
#include <Guid/AuthenticatedVariableFormat.h>#include <Guid/GlobalVariable.h>#include <Guid/ImageAuthentication.h>#include <Guid/MicrosoftVendor.h>#include <Guid/OvmfPkKek1AppPrefix.h>#include <IndustryStandard/SmBios.h>#include <Library/BaseLib.h>#include <Library/BaseMemoryLib.h>#include <Library/DebugLib.h>#include <Library/MemoryAllocationLib.h>#include <Library/PrintLib.h>#include <Library/ShellCEntryLib.h>#include <Library/UefiBootServicesTableLib.h>#include <Library/UefiLib.h>#include <Library/UefiRuntimeServicesTableLib.h>#include <Protocol/Smbios.h>#include "EnrollDefaultKeys.h"Go to the source code of this file.
Functions | |
| STATIC EFI_STATUS | GetPkKek1 (OUT UINT8 **PkKek1, OUT UINTN *SizeOfPkKek1) |
| STATIC EFI_STATUS EFIAPI | EnrollListOfCerts (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN EFI_GUID *CertType,...) |
| STATIC EFI_STATUS | GetExact (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, OUT VOID *Data, IN UINTN DataSize, IN BOOLEAN AllowMissing) |
| STATIC EFI_STATUS | GetSettings (OUT SETTINGS *Settings) |
| STATIC VOID | PrintSettings (IN CONST SETTINGS *Settings) |
| INTN EFIAPI | ShellAppMain (IN UINTN Argc, IN CHAR16 **Argv) |
Enroll default PK, KEK, db, dbx.
Copyright (C) 2014-2019, Red Hat, Inc.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file EnrollDefaultKeys.c.
| STATIC EFI_STATUS EFIAPI EnrollListOfCerts | ( | IN CHAR16 * | VariableName, |
| IN EFI_GUID * | VendorGuid, | ||
| IN EFI_GUID * | CertType, | ||
| ... | |||
| ) |
Enroll a set of certificates in a global variable, overwriting it.
The variable will be rewritten with NV+BS+RT+AT attributes.
| [in] | VariableName | The name of the variable to overwrite. |
| [in] | VendorGuid | The namespace (ie. vendor GUID) of the variable to overwrite. |
| [in] | CertType | The GUID determining the type of all the certificates in the set that is passed in. For example, gEfiCertX509Guid stands for DER-encoded X.509 certificates, while gEfiCertSha256Guid stands for SHA256 image hashes. |
| [in] | ... | A list of IN CONST UINT8 *Cert,
IN UINTN CertSize,
IN CONST EFI_GUID *OwnerGuid
triplets. If the first component of a triplet is
NULL, then the other two components are not
accessed, and processing is terminated. The list of
certificates is enrolled in the variable specified,
overwriting it. The OwnerGuid component identifies
the agent installing the certificate.
|
| EFI_INVALID_PARAMETER | The triplet list is empty (ie. the first Cert value is NULL), or one of the CertSize values is 0, or one of the CertSize values would overflow the accumulated UINT32 data size. |
| EFI_OUT_OF_RESOURCES | Out of memory while formatting variable payload. |
| EFI_SUCCESS | Enrollment successful; the variable has been overwritten (or created). |
Definition at line 260 of file EnrollDefaultKeys.c.
| STATIC EFI_STATUS GetExact | ( | IN CHAR16 * | VariableName, |
| IN EFI_GUID * | VendorGuid, | ||
| OUT VOID * | Data, | ||
| IN UINTN | DataSize, | ||
| IN BOOLEAN | AllowMissing | ||
| ) |
Read a UEFI variable into a caller-allocated buffer, enforcing an exact size.
| [in] | VariableName | The name of the variable to read; passed to gRT->GetVariable(). |
| [in] | VendorGuid | The vendor (namespace) GUID of the variable to read; passed to gRT->GetVariable(). |
| [out] | Data | The caller-allocated buffer that is supposed to receive the variable's contents. On error, the contents of Data are indeterminate. |
| [in] | DataSize | The size in bytes that the caller requires the UEFI variable to have. The caller is responsible for providing room for DataSize bytes in Data. |
| [in] | AllowMissing | If FALSE, the variable is required to exist. If TRUE, the variable is permitted to be missing. |
| EFI_SUCCESS | The UEFI variable exists, has the required size (DataSize), and has been read into Data. |
| EFI_SUCCESS | The UEFI variable doesn't exist, and AllowMissing is TRUE. DataSize bytes in Data have been zeroed out. |
| EFI_NOT_FOUND | The UEFI variable doesn't exist, and AllowMissing is FALSE. |
| EFI_BUFFER_TOO_SMALL | The UEFI variable exists, but its size is greater than DataSize. |
| EFI_PROTOCOL_ERROR | The UEFI variable exists, but its size is smaller than DataSize. |
Definition at line 446 of file EnrollDefaultKeys.c.
| STATIC EFI_STATUS GetPkKek1 | ( | OUT UINT8 ** | PkKek1, |
| OUT UINTN * | SizeOfPkKek1 | ||
| ) |
Fetch the X509 certificate (to be used as Platform Key and first Key Exchange Key) from SMBIOS.
| [out] | PkKek1 | The X509 certificate in DER encoding from the hypervisor, to be enrolled as PK and first KEK entry. On success, the caller is responsible for releasing PkKek1 with FreePool(). |
| [out] | SizeOfPkKek1 | The size of PkKek1 in bytes. |
| EFI_SUCCESS | PkKek1 and SizeOfPkKek1 have been set successfully. |
| EFI_NOT_FOUND | An OEM String matching OVMF_PK_KEK1_APP_PREFIX_GUID has not been found. |
| EFI_PROTOCOL_ERROR | In the OEM String matching OVMF_PK_KEK1_APP_PREFIX_GUID, the certificate is empty, or it has invalid base64 encoding. |
| EFI_OUT_OF_RESOURCES | Memory allocation failed. |
Definition at line 55 of file EnrollDefaultKeys.c.
| STATIC EFI_STATUS GetSettings | ( | OUT SETTINGS * | Settings | ) |
Populate a SETTINGS structure from the underlying UEFI variables.
The following UEFI variables are standard variables:
The following UEFI variables are edk2 extensions:
The L"SecureBootEnable" UEFI variable is permitted to be missing, in which case the corresponding field in the SETTINGS object will be zeroed out. The rest of the covered UEFI variables are required to exist; otherwise, the function will fail.
| [out] | Settings | The SETTINGS object to fill. |
| EFI_SUCCESS | Settings has been populated. |
Definition at line 515 of file EnrollDefaultKeys.c.
Print the contents of a SETTINGS structure to the UEFI console.
| [in] | Settings | The SETTINGS object to print the contents of. |
Definition at line 582 of file EnrollDefaultKeys.c.
1.9.6