- Generated on Fri Nov 15 2024 18:01:41 for TianoCore EDK2 by
1.9.6
|
TianoCore EDK2 master
|
#include <Uefi.h>#include <Guid/SystemResourceTable.h>#include <Guid/FirmwareContentsSigned.h>#include <Guid/WinCertificate.h>#include <Library/BaseLib.h>#include <Library/BaseMemoryLib.h>#include <Library/DebugLib.h>#include <Library/MemoryAllocationLib.h>#include <Library/BaseCryptLib.h>#include <Library/FmpAuthenticationLib.h>#include <Library/PcdLib.h>#include <Protocol/FirmwareManagement.h>Go to the source code of this file.
Functions | |
| RETURN_STATUS | FmpAuthenticatedHandlerRsa2048Sha256 (IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, IN UINTN ImageSize, IN CONST UINT8 *PublicKeyData, IN UINTN PublicKeyDataLength) |
| RETURN_STATUS EFIAPI | AuthenticateFmpImage (IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, IN UINTN ImageSize, IN CONST UINT8 *PublicKeyData, IN UINTN PublicKeyDataLength) |
Variables | |
| STATIC CONST UINT8 | mRsaE [] = { 0x01, 0x00, 0x01 } |
FMP Authentication RSA2048SHA256 handler. Provide generic FMP authentication functions for DXE/PEI post memory phase.
Caution: This module requires additional review when modified. This module will have external input - capsule image. This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow.
FmpAuthenticatedHandlerRsa2048Sha256(), AuthenticateFmpImage() will receive untrusted input and do basic validation.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file FmpAuthenticationLibRsa2048Sha256.c.
| RETURN_STATUS EFIAPI AuthenticateFmpImage | ( | IN EFI_FIRMWARE_IMAGE_AUTHENTICATION * | Image, |
| IN UINTN | ImageSize, | ||
| IN CONST UINT8 * | PublicKeyData, | ||
| IN UINTN | PublicKeyDataLength | ||
| ) |
The function is used to do the authentication for FMP capsule based upon EFI_FIRMWARE_IMAGE_AUTHENTICATION.
The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION, followed by the payload.
If the return status is RETURN_SUCCESS, the caller may continue the rest FMP update process. If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP update process and convert the return status to LastAttemptStatus to indicate that FMP update fails. The LastAttemptStatus can be got from ESRT table or via EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo().
Caution: This function may receive untrusted input.
| [in] | Image | Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION. |
| [in] | ImageSize | Size of the authentication image in bytes. |
| [in] | PublicKeyData | The public key data used to validate the signature. |
| [in] | PublicKeyDataLength | The length of the public key data. |
| RETURN_SUCCESS | Authentication pass. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS. |
| RETURN_SECURITY_VIOLATION | Authentication fail. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR. |
| RETURN_INVALID_PARAMETER | The image is in an invalid format. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. |
| RETURN_UNSUPPORTED | No Authentication handler associated with CertType. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. |
| RETURN_UNSUPPORTED | Image or ImageSize is invalid. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. |
| RETURN_OUT_OF_RESOURCES | No Authentication handler associated with CertType. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES. |
Definition at line 298 of file FmpAuthenticationLibRsa2048Sha256.c.
| RETURN_STATUS FmpAuthenticatedHandlerRsa2048Sha256 | ( | IN EFI_FIRMWARE_IMAGE_AUTHENTICATION * | Image, |
| IN UINTN | ImageSize, | ||
| IN CONST UINT8 * | PublicKeyData, | ||
| IN UINTN | PublicKeyDataLength | ||
| ) |
The handler is used to do the authentication for FMP capsule based upon EFI_FIRMWARE_IMAGE_AUTHENTICATION.
Caution: This function may receive untrusted input.
This function assumes the caller AuthenticateFmpImage() already did basic validation for EFI_FIRMWARE_IMAGE_AUTHENTICATION.
| [in] | Image | Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION. |
| [in] | ImageSize | Size of the authentication image in bytes. |
| [in] | PublicKeyData | The public key data used to validate the signature. |
| [in] | PublicKeyDataLength | The length of the public key data. |
| RETURN_SUCCESS | Authentication pass. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS. |
| RETURN_SECURITY_VIOLATION | Authentication fail. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR. |
| RETURN_INVALID_PARAMETER | The image is in an invalid format. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. |
| RETURN_OUT_OF_RESOURCES | No Authentication handler associated with CertType. The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES. |
Definition at line 63 of file FmpAuthenticationLibRsa2048Sha256.c.
Public Exponent of RSA Key.
Definition at line 37 of file FmpAuthenticationLibRsa2048Sha256.c.
1.9.6