TianoCore EDK2 master
Loading...
Searching...
No Matches
EnrollDefaultKeys.c
Go to the documentation of this file.
1
8#include <Guid/AuthenticatedVariableFormat.h> // gEfiCustomModeEnableGuid
9#include <Guid/GlobalVariable.h> // EFI_SETUP_MODE_NAME
10#include <Guid/ImageAuthentication.h> // EFI_IMAGE_SECURITY_DATABASE
11#include <Guid/MicrosoftVendor.h> // gMicrosoftVendorGuid
12#include <Guid/OvmfPkKek1AppPrefix.h> // gOvmfPkKek1AppPrefixGuid
13#include <IndustryStandard/SmBios.h> // SMBIOS_HANDLE_PI_RESERVED
14#include <Library/BaseLib.h> // GUID_STRING_LENGTH
15#include <Library/BaseMemoryLib.h> // CopyGuid()
16#include <Library/DebugLib.h> // ASSERT()
17#include <Library/MemoryAllocationLib.h> // FreePool()
18#include <Library/PrintLib.h> // AsciiSPrint()
19#include <Library/ShellCEntryLib.h> // ShellAppMain()
20#include <Library/UefiBootServicesTableLib.h> // gBS
21#include <Library/UefiLib.h> // AsciiPrint()
22#include <Library/UefiRuntimeServicesTableLib.h> // gRT
23#include <Protocol/Smbios.h> // EFI_SMBIOS_PROTOCOL
24
25#include "EnrollDefaultKeys.h"
26
53STATIC
54EFI_STATUS
55GetPkKek1 (
56 OUT UINT8 **PkKek1,
57 OUT UINTN *SizeOfPkKek1
58 )
59{
60 CONST CHAR8 *Base64Cert;
61 CHAR8 OvmfPkKek1AppPrefix[GUID_STRING_LENGTH + 1 + 1];
62 EFI_STATUS Status;
63 EFI_SMBIOS_PROTOCOL *Smbios;
64 EFI_SMBIOS_HANDLE Handle;
65 EFI_SMBIOS_TYPE Type;
66 EFI_SMBIOS_TABLE_HEADER *Header;
67 SMBIOS_TABLE_TYPE11 *OemStringsTable;
68 UINTN Base64CertLen;
69 UINTN DecodedCertSize;
70 UINT8 *DecodedCert;
71
72 Base64Cert = NULL;
73
74 //
75 // Format the application prefix, for OEM String matching.
76 //
77 AsciiSPrint (
78 OvmfPkKek1AppPrefix,
79 sizeof OvmfPkKek1AppPrefix,
80 "%g:",
81 &gOvmfPkKek1AppPrefixGuid
82 );
83
84 //
85 // Scan all "OEM Strings" tables.
86 //
87 Status = gBS->LocateProtocol (
88 &gEfiSmbiosProtocolGuid,
89 NULL,
90 (VOID **)&Smbios
91 );
92 if (EFI_ERROR (Status)) {
93 AsciiPrint ("error: failed to locate EFI_SMBIOS_PROTOCOL: %r\n", Status);
94 return Status;
95 }
96
97 Handle = SMBIOS_HANDLE_PI_RESERVED;
98 Type = SMBIOS_TYPE_OEM_STRINGS;
99 for (Status = Smbios->GetNext (Smbios, &Handle, &Type, &Header, NULL);
100 !EFI_ERROR (Status);
101 Status = Smbios->GetNext (Smbios, &Handle, &Type, &Header, NULL))
102 {
103 CONST CHAR8 *OemString;
104 UINTN Idx;
105
106 if (Header->Length < sizeof *OemStringsTable) {
107 //
108 // Malformed table header, skip to next.
109 //
110 continue;
111 }
112
113 OemStringsTable = (SMBIOS_TABLE_TYPE11 *)Header;
114
115 //
116 // Scan all strings in the unformatted area of the current "OEM Strings"
117 // table.
118 //
119 OemString = (CONST CHAR8 *)(OemStringsTable + 1);
120 for (Idx = 0; Idx < OemStringsTable->StringCount; ++Idx) {
121 CHAR8 CandidatePrefix[sizeof OvmfPkKek1AppPrefix];
122
123 //
124 // NUL-terminate the candidate prefix for case-insensitive comparison.
125 //
126 AsciiStrnCpyS (
127 CandidatePrefix,
128 sizeof CandidatePrefix,
129 OemString,
130 GUID_STRING_LENGTH + 1
131 );
132 if (AsciiStriCmp (OvmfPkKek1AppPrefix, CandidatePrefix) == 0) {
133 //
134 // The current string matches the prefix.
135 //
136 Base64Cert = OemString + GUID_STRING_LENGTH + 1;
137 break;
138 }
139
140 OemString += AsciiStrSize (OemString);
141 }
142
143 if (Idx < OemStringsTable->StringCount) {
144 //
145 // The current table has a matching string.
146 //
147 break;
148 }
149 }
150
151 if (EFI_ERROR (Status)) {
152 //
153 // No table with a matching string has been found.
154 //
155 AsciiPrint (
156 "error: OEM String with app prefix %g not found: %r\n",
157 &gOvmfPkKek1AppPrefixGuid,
158 Status
159 );
160 return EFI_NOT_FOUND;
161 }
162
163 ASSERT (Base64Cert != NULL);
164 Base64CertLen = AsciiStrLen (Base64Cert);
165
166 //
167 // Verify the base64 encoding, and determine the decoded size.
168 //
169 DecodedCertSize = 0;
170 Status = Base64Decode (Base64Cert, Base64CertLen, NULL, &DecodedCertSize);
171 switch (Status) {
172 case EFI_BUFFER_TOO_SMALL:
173 ASSERT (DecodedCertSize > 0);
174 break;
175 case EFI_SUCCESS:
176 AsciiPrint (
177 "error: empty certificate after app prefix %g\n",
178 &gOvmfPkKek1AppPrefixGuid
179 );
180 return EFI_PROTOCOL_ERROR;
181 default:
182 AsciiPrint (
183 "error: invalid base64 string after app prefix %g\n",
184 &gOvmfPkKek1AppPrefixGuid
185 );
186 return EFI_PROTOCOL_ERROR;
187 }
188
189 //
190 // Allocate the output buffer.
191 //
192 DecodedCert = AllocatePool (DecodedCertSize);
193 if (DecodedCert == NULL) {
194 AsciiPrint ("error: failed to allocate memory\n");
195 return EFI_OUT_OF_RESOURCES;
196 }
197
198 //
199 // Decoding will succeed at this point.
200 //
201 Status = Base64Decode (
202 Base64Cert,
203 Base64CertLen,
204 DecodedCert,
205 &DecodedCertSize
206 );
207 ASSERT_EFI_ERROR (Status);
208
209 *PkKek1 = DecodedCert;
210 *SizeOfPkKek1 = DecodedCertSize;
211 return EFI_SUCCESS;
212}
213
257STATIC
258EFI_STATUS
259EFIAPI
260EnrollListOfCerts (
261 IN CHAR16 *VariableName,
262 IN EFI_GUID *VendorGuid,
263 IN EFI_GUID *CertType,
264 ...
265 )
266{
267 UINTN DataSize;
268 SINGLE_HEADER *SingleHeader;
269 REPEATING_HEADER *RepeatingHeader;
270 VA_LIST Marker;
271 CONST UINT8 *Cert;
272 EFI_STATUS Status;
273 UINT8 *Data;
274 UINT8 *Position;
275
276 Status = EFI_SUCCESS;
277
278 //
279 // compute total size first, for UINT32 range check, and allocation
280 //
281 DataSize = sizeof *SingleHeader;
282 VA_START (Marker, CertType);
283 for (Cert = VA_ARG (Marker, CONST UINT8 *);
284 Cert != NULL;
285 Cert = VA_ARG (Marker, CONST UINT8 *))
286 {
287 UINTN CertSize;
288
289 CertSize = VA_ARG (Marker, UINTN);
290 (VOID)VA_ARG (Marker, CONST EFI_GUID *);
291
292 if ((CertSize == 0) ||
293 (CertSize > MAX_UINT32 - sizeof *RepeatingHeader) ||
294 (DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize))
295 {
296 Status = EFI_INVALID_PARAMETER;
297 break;
298 }
299
300 DataSize += sizeof *RepeatingHeader + CertSize;
301 }
302
303 VA_END (Marker);
304
305 if (DataSize == sizeof *SingleHeader) {
306 Status = EFI_INVALID_PARAMETER;
307 }
308
309 if (EFI_ERROR (Status)) {
310 goto Out;
311 }
312
313 Data = AllocatePool (DataSize);
314 if (Data == NULL) {
315 Status = EFI_OUT_OF_RESOURCES;
316 goto Out;
317 }
318
319 Position = Data;
320
321 SingleHeader = (SINGLE_HEADER *)Position;
322 Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
323 if (EFI_ERROR (Status)) {
324 goto FreeData;
325 }
326
327 SingleHeader->TimeStamp.Pad1 = 0;
328 SingleHeader->TimeStamp.Nanosecond = 0;
329 SingleHeader->TimeStamp.TimeZone = 0;
330 SingleHeader->TimeStamp.Daylight = 0;
331 SingleHeader->TimeStamp.Pad2 = 0;
332 #if 0
333 SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp;
334 #else
335 //
336 // This looks like a bug in edk2. According to the UEFI specification,
337 // dwLength is "The length of the entire certificate, including the length of
338 // the header, in bytes". That shouldn't stop right after CertType -- it
339 // should include everything below it.
340 //
341 SingleHeader->dwLength = sizeof *SingleHeader
342 - sizeof SingleHeader->TimeStamp;
343 #endif
344 SingleHeader->wRevision = 0x0200;
345 SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
346 CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
347 Position += sizeof *SingleHeader;
348
349 VA_START (Marker, CertType);
350 for (Cert = VA_ARG (Marker, CONST UINT8 *);
351 Cert != NULL;
352 Cert = VA_ARG (Marker, CONST UINT8 *))
353 {
354 UINTN CertSize;
355 CONST EFI_GUID *OwnerGuid;
356
357 CertSize = VA_ARG (Marker, UINTN);
358 OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
359
360 RepeatingHeader = (REPEATING_HEADER *)Position;
361 CopyGuid (&RepeatingHeader->SignatureType, CertType);
362 RepeatingHeader->SignatureListSize =
363 (UINT32)(sizeof *RepeatingHeader + CertSize);
364 RepeatingHeader->SignatureHeaderSize = 0;
365 RepeatingHeader->SignatureSize =
366 (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize);
367 CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
368 Position += sizeof *RepeatingHeader;
369
370 CopyMem (Position, Cert, CertSize);
371 Position += CertSize;
372 }
373
374 VA_END (Marker);
375
376 ASSERT (Data + DataSize == Position);
377
378 Status = gRT->SetVariable (
379 VariableName,
380 VendorGuid,
381 (EFI_VARIABLE_NON_VOLATILE |
382 EFI_VARIABLE_BOOTSERVICE_ACCESS |
383 EFI_VARIABLE_RUNTIME_ACCESS |
384 EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
385 DataSize,
386 Data
387 );
388
389FreeData:
390 FreePool (Data);
391
392Out:
393 if (EFI_ERROR (Status)) {
394 AsciiPrint (
395 "error: %a(\"%s\", %g): %r\n",
396 __func__,
397 VariableName,
398 VendorGuid,
399 Status
400 );
401 }
402
403 return Status;
404}
405
444STATIC
445EFI_STATUS
446GetExact (
447 IN CHAR16 *VariableName,
448 IN EFI_GUID *VendorGuid,
449 OUT VOID *Data,
450 IN UINTN DataSize,
451 IN BOOLEAN AllowMissing
452 )
453{
454 UINTN Size;
455 EFI_STATUS Status;
456
457 Size = DataSize;
458 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
459 if (EFI_ERROR (Status)) {
460 if ((Status == EFI_NOT_FOUND) && AllowMissing) {
461 ZeroMem (Data, DataSize);
462 return EFI_SUCCESS;
463 }
464
465 AsciiPrint (
466 "error: GetVariable(\"%s\", %g): %r\n",
467 VariableName,
468 VendorGuid,
469 Status
470 );
471 return Status;
472 }
473
474 if (Size != DataSize) {
475 AsciiPrint (
476 "error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
477 "got 0x%Lx\n",
478 VariableName,
479 VendorGuid,
480 (UINT64)DataSize,
481 (UINT64)Size
482 );
483 return EFI_PROTOCOL_ERROR;
484 }
485
486 return EFI_SUCCESS;
487}
488
513STATIC
514EFI_STATUS
515GetSettings (
516 OUT SETTINGS *Settings
517 )
518{
519 EFI_STATUS Status;
520
521 Status = GetExact (
522 EFI_SETUP_MODE_NAME,
523 &gEfiGlobalVariableGuid,
524 &Settings->SetupMode,
525 sizeof Settings->SetupMode,
526 FALSE
527 );
528 if (EFI_ERROR (Status)) {
529 return Status;
530 }
531
532 Status = GetExact (
533 EFI_SECURE_BOOT_MODE_NAME,
534 &gEfiGlobalVariableGuid,
535 &Settings->SecureBoot,
536 sizeof Settings->SecureBoot,
537 FALSE
538 );
539 if (EFI_ERROR (Status)) {
540 return Status;
541 }
542
543 Status = GetExact (
544 EFI_SECURE_BOOT_ENABLE_NAME,
545 &gEfiSecureBootEnableDisableGuid,
546 &Settings->SecureBootEnable,
547 sizeof Settings->SecureBootEnable,
548 TRUE
549 );
550 if (EFI_ERROR (Status)) {
551 return Status;
552 }
553
554 Status = GetExact (
555 EFI_CUSTOM_MODE_NAME,
556 &gEfiCustomModeEnableGuid,
557 &Settings->CustomMode,
558 sizeof Settings->CustomMode,
559 FALSE
560 );
561 if (EFI_ERROR (Status)) {
562 return Status;
563 }
564
565 Status = GetExact (
566 EFI_VENDOR_KEYS_VARIABLE_NAME,
567 &gEfiGlobalVariableGuid,
568 &Settings->VendorKeys,
569 sizeof Settings->VendorKeys,
570 FALSE
571 );
572 return Status;
573}
574
580STATIC
581VOID
582PrintSettings (
583 IN CONST SETTINGS *Settings
584 )
585{
586 AsciiPrint (
587 "info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
588 "CustomMode=%d VendorKeys=%d\n",
589 Settings->SetupMode,
590 Settings->SecureBoot,
591 Settings->SecureBootEnable,
592 Settings->CustomMode,
593 Settings->VendorKeys
594 );
595}
596
600INTN
601EFIAPI
602ShellAppMain (
603 IN UINTN Argc,
604 IN CHAR16 **Argv
605 )
606{
607 INTN RetVal;
608 EFI_STATUS Status;
609 SETTINGS Settings;
610 UINT8 *PkKek1;
611 UINTN SizeOfPkKek1;
612 BOOLEAN NoDefault;
613
614 if ((Argc == 2) && (StrCmp (Argv[1], L"--no-default") == 0)) {
615 NoDefault = TRUE;
616 } else {
617 NoDefault = FALSE;
618 }
619
620 //
621 // Prepare for failure.
622 //
623 RetVal = 1;
624
625 //
626 // If we're not in Setup Mode, we can't do anything.
627 //
628 Status = GetSettings (&Settings);
629 if (EFI_ERROR (Status)) {
630 return RetVal;
631 }
632
633 PrintSettings (&Settings);
634
635 if (Settings.SetupMode != 1) {
636 AsciiPrint ("error: already in User Mode\n");
637 return RetVal;
638 }
639
640 //
641 // Set PkKek1 and SizeOfPkKek1 to suppress incorrect compiler/analyzer
642 // warnings.
643 //
644 PkKek1 = NULL;
645 SizeOfPkKek1 = 0;
646
647 //
648 // Fetch the X509 certificate (to be used as Platform Key and first Key
649 // Exchange Key) from SMBIOS.
650 //
651 Status = GetPkKek1 (&PkKek1, &SizeOfPkKek1);
652 if (EFI_ERROR (Status)) {
653 return RetVal;
654 }
655
656 //
657 // Enter Custom Mode so we can enroll PK, KEK, db, and dbx without signature
658 // checks on those variable writes.
659 //
660 if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
661 Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
662 Status = gRT->SetVariable (
663 EFI_CUSTOM_MODE_NAME,
664 &gEfiCustomModeEnableGuid,
665 (EFI_VARIABLE_NON_VOLATILE |
666 EFI_VARIABLE_BOOTSERVICE_ACCESS),
667 sizeof Settings.CustomMode,
668 &Settings.CustomMode
669 );
670 if (EFI_ERROR (Status)) {
671 AsciiPrint (
672 "error: SetVariable(\"%s\", %g): %r\n",
673 EFI_CUSTOM_MODE_NAME,
674 &gEfiCustomModeEnableGuid,
675 Status
676 );
677 goto FreePkKek1;
678 }
679 }
680
681 //
682 // Enroll db.
683 //
684 if (NoDefault) {
685 Status = EnrollListOfCerts (
686 EFI_IMAGE_SECURITY_DATABASE,
687 &gEfiImageSecurityDatabaseGuid,
688 &gEfiCertX509Guid,
689 PkKek1,
690 SizeOfPkKek1,
691 &gEfiCallerIdGuid,
692 NULL
693 );
694 } else {
695 Status = EnrollListOfCerts (
696 EFI_IMAGE_SECURITY_DATABASE,
697 &gEfiImageSecurityDatabaseGuid,
698 &gEfiCertX509Guid,
699 mMicrosoftPca,
700 mSizeOfMicrosoftPca,
701 &gMicrosoftVendorGuid,
702 mMicrosoftUefiCa,
703 mSizeOfMicrosoftUefiCa,
704 &gMicrosoftVendorGuid,
705 NULL
706 );
707 }
708
709 if (EFI_ERROR (Status)) {
710 goto FreePkKek1;
711 }
712
713 //
714 // Enroll dbx.
715 //
716 Status = EnrollListOfCerts (
717 EFI_IMAGE_SECURITY_DATABASE1,
718 &gEfiImageSecurityDatabaseGuid,
719 &gEfiCertSha256Guid,
720 mSha256OfDevNull,
721 mSizeOfSha256OfDevNull,
722 &gEfiCallerIdGuid,
723 NULL
724 );
725 if (EFI_ERROR (Status)) {
726 goto FreePkKek1;
727 }
728
729 //
730 // Enroll KEK.
731 //
732 if (NoDefault) {
733 Status = EnrollListOfCerts (
734 EFI_KEY_EXCHANGE_KEY_NAME,
735 &gEfiGlobalVariableGuid,
736 &gEfiCertX509Guid,
737 PkKek1,
738 SizeOfPkKek1,
739 &gEfiCallerIdGuid,
740 NULL
741 );
742 } else {
743 Status = EnrollListOfCerts (
744 EFI_KEY_EXCHANGE_KEY_NAME,
745 &gEfiGlobalVariableGuid,
746 &gEfiCertX509Guid,
747 PkKek1,
748 SizeOfPkKek1,
749 &gEfiCallerIdGuid,
750 mMicrosoftKek,
751 mSizeOfMicrosoftKek,
752 &gMicrosoftVendorGuid,
753 NULL
754 );
755 }
756
757 if (EFI_ERROR (Status)) {
758 goto FreePkKek1;
759 }
760
761 //
762 // Enroll PK, leaving Setup Mode (entering User Mode) at once.
763 //
764 Status = EnrollListOfCerts (
765 EFI_PLATFORM_KEY_NAME,
766 &gEfiGlobalVariableGuid,
767 &gEfiCertX509Guid,
768 PkKek1,
769 SizeOfPkKek1,
770 &gEfiGlobalVariableGuid,
771 NULL
772 );
773 if (EFI_ERROR (Status)) {
774 goto FreePkKek1;
775 }
776
777 //
778 // Leave Custom Mode, so that updates to PK, KEK, db, and dbx require valid
779 // signatures.
780 //
781 Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
782 Status = gRT->SetVariable (
783 EFI_CUSTOM_MODE_NAME,
784 &gEfiCustomModeEnableGuid,
785 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
786 sizeof Settings.CustomMode,
787 &Settings.CustomMode
788 );
789 if (EFI_ERROR (Status)) {
790 AsciiPrint (
791 "error: SetVariable(\"%s\", %g): %r\n",
792 EFI_CUSTOM_MODE_NAME,
793 &gEfiCustomModeEnableGuid,
794 Status
795 );
796 goto FreePkKek1;
797 }
798
799 //
800 // Final sanity check:
801 //
802 // [SetupMode]
803 // (read-only, standardized by UEFI)
804 // / \_
805 // 0 1, default
806 // / \_
807 // PK enrolled no PK enrolled yet,
808 // (this is called "User Mode") PK enrollment possible
809 // |
810 // |
811 // [SecureBootEnable]
812 // (read-write, edk2-specific, boot service only)
813 // / \_
814 // 0 1, default
815 // / \_
816 // [SecureBoot]=0 [SecureBoot]=1
817 // (read-only, standardized by UEFI) (read-only, standardized by UEFI)
818 // images are not verified images are verified, platform is
819 // operating in Secure Boot mode
820 // |
821 // |
822 // [CustomMode]
823 // (read-write, edk2-specific, boot service only)
824 // / \_
825 // 0, default 1
826 // / \_
827 // PK, KEK, db, dbx PK, KEK, db, dbx
828 // updates are verified updates are not verified
829 //
830 Status = GetSettings (&Settings);
831 if (EFI_ERROR (Status)) {
832 goto FreePkKek1;
833 }
834
835 PrintSettings (&Settings);
836
837 if ((Settings.SetupMode != 0) || (Settings.SecureBoot != 1) ||
838 (Settings.SecureBootEnable != 1) || (Settings.CustomMode != 0) ||
839 (Settings.VendorKeys != 0))
840 {
841 AsciiPrint ("error: unexpected\n");
842 goto FreePkKek1;
843 }
844
845 AsciiPrint ("info: success\n");
846 RetVal = 0;
847
848FreePkKek1:
849 FreePool (PkKek1);
850
851 return RetVal;
852}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
INTN
INT64 INTN
Definition: ProcessorBind.h:118
EFI_CUSTOM_MODE_NAME
#define EFI_CUSTOM_MODE_NAME
Definition: AuthenticatedVariableFormat.h:51
EFI_SECURE_BOOT_ENABLE_NAME
#define EFI_SECURE_BOOT_ENABLE_NAME
Definition: AuthenticatedVariableFormat.h:35
AsciiStriCmp
INTN EFIAPI AsciiStriCmp(IN CONST CHAR8 *FirstString, IN CONST CHAR8 *SecondString)
Definition: String.c:814
AsciiStrnCpyS
RETURN_STATUS EFIAPI AsciiStrnCpyS(OUT CHAR8 *Destination, IN UINTN DestMax, IN CONST CHAR8 *Source, IN UINTN Length)
Definition: SafeString.c:1875
StrCmp
INTN EFIAPI StrCmp(IN CONST CHAR16 *FirstString, IN CONST CHAR16 *SecondString)
Definition: String.c:109
AsciiStrLen
UINTN EFIAPI AsciiStrLen(IN CONST CHAR8 *String)
Definition: String.c:641
Base64Decode
RETURN_STATUS EFIAPI Base64Decode(IN CONST CHAR8 *Source OPTIONAL, IN UINTN SourceSize, OUT UINT8 *Destination OPTIONAL, IN OUT UINTN *DestinationSize)
Definition: String.c:1379
AsciiStrSize
UINTN EFIAPI AsciiStrSize(IN CONST CHAR8 *String)
Definition: String.c:681
CopyMem
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CopyMemWrapper.c:41
CopyGuid
GUID *EFIAPI CopyGuid(OUT GUID *DestinationGuid, IN CONST GUID *SourceGuid)
Definition: MemLibGuid.c:39
ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38
FreePool
VOID EFIAPI FreePool(IN VOID *Buffer)
Definition: MemoryAllocationLib.c:266
GetPkKek1
STATIC EFI_STATUS GetPkKek1(OUT UINT8 **PkKek1, OUT UINTN *SizeOfPkKek1)
Definition: EnrollDefaultKeys.c:55
PrintSettings
STATIC VOID PrintSettings(IN CONST SETTINGS *Settings)
Definition: EnrollDefaultKeys.c:582
GetSettings
STATIC EFI_STATUS GetSettings(OUT SETTINGS *Settings)
Definition: EnrollDefaultKeys.c:515
GetExact
STATIC EFI_STATUS GetExact(IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, OUT VOID *Data, IN UINTN DataSize, IN BOOLEAN AllowMissing)
Definition: EnrollDefaultKeys.c:446
ShellAppMain
INTN EFIAPI ShellAppMain(IN UINTN Argc, IN CHAR16 **Argv)
Definition: EnrollDefaultKeys.c:602
EnrollListOfCerts
STATIC EFI_STATUS EFIAPI EnrollListOfCerts(IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN EFI_GUID *CertType,...)
Definition: EnrollDefaultKeys.c:260
EFI_SETUP_MODE_NAME
#define EFI_SETUP_MODE_NAME
Definition: GlobalVariable.h:121
EFI_KEY_EXCHANGE_KEY_NAME
#define EFI_KEY_EXCHANGE_KEY_NAME
Definition: GlobalVariable.h:126
EFI_PLATFORM_KEY_NAME
#define EFI_PLATFORM_KEY_NAME
Definition: GlobalVariable.h:131
EFI_VENDOR_KEYS_VARIABLE_NAME
#define EFI_VENDOR_KEYS_VARIABLE_NAME
Definition: GlobalVariable.h:184
EFI_SECURE_BOOT_MODE_NAME
#define EFI_SECURE_BOOT_MODE_NAME
Definition: GlobalVariable.h:143
EFI_IMAGE_SECURITY_DATABASE1
#define EFI_IMAGE_SECURITY_DATABASE1
Definition: ImageAuthentication.h:31
EFI_IMAGE_SECURITY_DATABASE
#define EFI_IMAGE_SECURITY_DATABASE
Definition: ImageAuthentication.h:26
SMBIOS_HANDLE_PI_RESERVED
#define SMBIOS_HANDLE_PI_RESERVED
Definition: SmBios.h:29
AsciiSPrint
UINTN EFIAPI AsciiSPrint(OUT CHAR8 *StartOfBuffer, IN UINTN BufferSize, IN CONST CHAR8 *FormatString,...)
Definition: PrintLib.c:813
gRT
EFI_RUNTIME_SERVICES * gRT
Definition: MockUefiRuntimeServicesTableLib.c:13
NULL
#define NULL
Definition: Base.h:319
CONST
#define CONST
Definition: Base.h:259
STATIC
#define STATIC
Definition: Base.h:264
VA_ARG
#define VA_ARG(Marker, TYPE)
Definition: Base.h:679
VA_START
#define VA_START(Marker, Parameter)
Definition: Base.h:661
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
VA_LIST
CHAR8 * VA_LIST
Definition: Base.h:643
IN
#define IN
Definition: Base.h:279
OUT
#define OUT
Definition: Base.h:284
VA_END
#define VA_END(Marker)
Definition: Base.h:691
ASSERT_EFI_ERROR
#define ASSERT_EFI_ERROR(StatusParameter)
Definition: DebugLib.h:462
AllocatePool
VOID *EFIAPI AllocatePool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:195
ShellCEntryLib.h
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
gBS
EFI_BOOT_SERVICES * gBS
Definition: UefiBootServicesTableLib.c:17
AsciiPrint
UINTN EFIAPI AsciiPrint(IN CONST CHAR8 *Format,...)
Definition: UefiLibPrint.c:250
EFI_VARIABLE_NON_VOLATILE
#define EFI_VARIABLE_NON_VOLATILE
Definition: UefiMultiPhase.h:15
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
Definition: UefiMultiPhase.h:26
_EFI_SMBIOS_PROTOCOL
Definition: Smbios.h:200
GUID
Definition: Base.h:213
REPEATING_HEADER
Definition: EnrollDefaultKeys.h:89
SINGLE_HEADER
Definition: EnrollDefaultKeys.h:77
SMBIOS_STRUCTURE
Definition: SmBios.h:191
SMBIOS_TABLE_TYPE11
Definition: SmBios.h:1654