SecureBootConfigImpl.h

Go to the documentation of this file.

 
#ifndef __SECUREBOOT_CONFIG_IMPL_H__
#define __SECUREBOOT_CONFIG_IMPL_H__
 
#include <Uefi.h>
 
#include <Protocol/HiiConfigAccess.h>
#include <Protocol/HiiConfigRouting.h>
#include <Protocol/SimpleFileSystem.h>
#include <Protocol/BlockIo.h>
#include <Protocol/DevicePath.h>
#include <Protocol/DebugPort.h>
#include <Protocol/LoadFile.h>
 
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiHiiServicesLib.h>
#include <Library/UefiLib.h>
#include <Library/HiiLib.h>
#include <Library/DevicePathLib.h>
#include <Library/PrintLib.h>
#include <Library/PlatformSecureLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/FileExplorerLib.h>
#include <Library/PeCoffLib.h>
 
#include <Guid/MdeModuleHii.h>
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/FileSystemVolumeLabelInfo.h>
#include <Guid/ImageAuthentication.h>
#include <Guid/FileInfo.h>
#include <Guid/WinCertificate.h>
 
#include "SecureBootConfigNvData.h"
 
//
// Tool generated IFR binary data and String package data
//
extern  UINT8  SecureBootConfigBin[];
extern  UINT8  SecureBootConfigDxeStrings[];
 
//
// Shared IFR form update data
//
extern  VOID                *mStartOpCodeHandle;
extern  VOID                *mEndOpCodeHandle;
extern  EFI_IFR_GUID_LABEL  *mStartLabel;
extern  EFI_IFR_GUID_LABEL  *mEndLabel;
 
#define MAX_CHAR         480
#define TWO_BYTE_ENCODE  0x82
#define BUFFER_MAX_SIZE  100
 
//
// SHA-256 digest size in bytes
//
#define SHA256_DIGEST_SIZE  32
//
// SHA-384 digest size in bytes
//
#define SHA384_DIGEST_SIZE  48
//
// SHA-512 digest size in bytes
//
#define SHA512_DIGEST_SIZE  64
 
//
// Set max digest size as SHA512 Output (64 bytes) by far
//
#define MAX_DIGEST_SIZE  SHA512_DIGEST_SIZE
 
#define WIN_CERT_UEFI_RSA2048_SIZE  256
#define WIN_CERT_UEFI_RSA3072_SIZE  384
#define WIN_CERT_UEFI_RSA4096_SIZE  512
 
//
// Support hash types
//
#define HASHALG_SHA224  0x00000000
#define HASHALG_SHA256  0x00000001
#define HASHALG_SHA384  0x00000002
#define HASHALG_SHA512  0x00000003
#define HASHALG_RAW     0x00000004
#define HASHALG_MAX     0x00000004
 
//
// Certificate public key minimum size (bytes)
//
#define CER_PUBKEY_MIN_SIZE  256
 
//
// Define KeyType for public key storing file
//
#define KEY_TYPE_RSASSA  0
 
//
// Types of errors may occur during certificate enrollment.
//
typedef enum {
  None_Error = 0,
  //
  // Unsupported_type indicates the certificate type is not supported.
  //
  Unsupported_Type,
  //
  // Unqualified_key indicates the key strength of certificate is not
  // strong enough.
  //
  Unqualified_Key,
  Enroll_Error_Max
} ENROLL_KEY_ERROR;
 
typedef struct {
  UINTN         Signature;
  LIST_ENTRY    Head;
  UINTN         MenuNumber;
} SECUREBOOT_MENU_OPTION;
 
typedef struct {
  EFI_FILE_HANDLE    FHandle;
  UINT16             *FileName;
  UINT8              FileType;
} SECUREBOOT_FILE_CONTEXT;
 
#define SECUREBOOT_FREE_NON_NULL(Pointer)   \
  do {                                      \
    if ((Pointer) != NULL) {                \
      FreePool((Pointer));                  \
      (Pointer) = NULL;                     \
    }                                       \
  } while (FALSE)
 
#define SECUREBOOT_FREE_NON_OPCODE(Handle)  \
  do{                                       \
    if ((Handle) != NULL) {                 \
      HiiFreeOpCodeHandle((Handle));        \
    }                                       \
  } while (FALSE)
 
#define SIGNATURE_DATA_COUNTS(List)         \
  (((List)->SignatureListSize - sizeof(EFI_SIGNATURE_LIST) - (List)->SignatureHeaderSize) / (List)->SignatureSize)
 
//
// We define another format of 5th directory entry: security directory
//
typedef struct {
  UINT32    Offset;                 // Offset of certificate
  UINT32    SizeOfCert;             // size of certificate appended
} EFI_IMAGE_SECURITY_DATA_DIRECTORY;
 
typedef enum {
  ImageType_IA32,
  ImageType_X64
} IMAGE_TYPE;
 
typedef struct {
  VENDOR_DEVICE_PATH          VendorDevicePath;
  EFI_DEVICE_PATH_PROTOCOL    End;
} HII_VENDOR_DEVICE_PATH;
 
typedef enum {
  Variable_DB,
  Variable_DBX,
  Variable_DBT,
  Variable_MAX
} CURRENT_VARIABLE_NAME;
 
typedef enum {
  Delete_Signature_List_All,
  Delete_Signature_List_One,
  Delete_Signature_Data
} SIGNATURE_DELETE_TYPE;
 
typedef struct {
  UINTN                             Signature;
 
  EFI_HII_CONFIG_ACCESS_PROTOCOL    ConfigAccess;
  EFI_HII_HANDLE                    HiiHandle;
  EFI_HANDLE                        DriverHandle;
 
  SECUREBOOT_FILE_CONTEXT           *FileContext;
 
  EFI_GUID                          *SignatureGUID;
 
  CURRENT_VARIABLE_NAME             VariableName;     // The variable name we are processing.
  UINT32                            ListCount;        // Record current variable has how many signature list.
  UINTN                             ListIndex;        // Record which signature list is processing.
  BOOLEAN                           *CheckArray;      // Record which signature data checked.
} SECUREBOOT_CONFIG_PRIVATE_DATA;
 
extern SECUREBOOT_CONFIG_PRIVATE_DATA  mSecureBootConfigPrivateDateTemplate;
extern SECUREBOOT_CONFIG_PRIVATE_DATA  *gSecureBootPrivateData;
 
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE  SIGNATURE_32 ('S', 'E', 'C', 'B')
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a)  CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
 
//
// Cryptographic Key Information
//
#pragma pack(1)
typedef struct _CPL_KEY_INFO {
  UINT32    KeyLengthInBits;        // Key Length In Bits
  UINT32    BlockSize;              // Operation Block Size in Bytes
  UINT32    CipherBlockSize;        // Output Cipher Block Size in Bytes
  UINT32    KeyType;                // Key Type
  UINT32    CipherMode;             // Cipher Mode for Symmetric Algorithm
  UINT32    Flags;                  // Additional Key Property Flags
} CPL_KEY_INFO;
#pragma pack()
 
typedef
EFI_STATUS
(EFIAPI *HASH_GET_CONTEXT_SIZE)(
  VOID
  );
 
typedef
BOOLEAN
(EFIAPI *HASH_INIT)(
  IN OUT  VOID  *HashContext
  );
 
typedef
BOOLEAN
(EFIAPI *HASH_UPDATE)(
  IN OUT  VOID        *HashContext,
  IN      CONST VOID  *Data,
  IN      UINTN       DataLength
  );
 
typedef
BOOLEAN
(EFIAPI *HASH_FINAL)(
  IN OUT  VOID   *HashContext,
  OUT     UINT8  *HashValue
  );
 
//
// Hash Algorithm Table
//
typedef struct {
  CHAR16                   *Name;           
  UINTN                    DigestLength;    
  UINT8                    *OidValue;       
  UINTN                    OidLength;       
  HASH_GET_CONTEXT_SIZE    GetContextSize;  
  HASH_INIT                HashInit;        
  HASH_UPDATE              HashUpdate;      
  HASH_FINAL               HashFinal;       
} HASH_TABLE;
 
typedef struct {
  WIN_CERTIFICATE    Hdr;
  UINT8              CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
 
EFI_STATUS
InstallSecureBootConfigForm (
  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA  *PrivateData
  );
 
VOID
UninstallSecureBootConfigForm (
  IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA  *PrivateData
  );
 
EFI_STATUS
EFIAPI
SecureBootExtractConfig (
  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL  *This,
  IN CONST EFI_STRING                      Request,
  OUT EFI_STRING                           *Progress,
  OUT EFI_STRING                           *Results
  );
 
EFI_STATUS
EFIAPI
SecureBootRouteConfig (
  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL  *This,
  IN CONST EFI_STRING                      Configuration,
  OUT EFI_STRING                           *Progress
  );
 
EFI_STATUS
EFIAPI
SecureBootCallback (
  IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL  *This,
  IN     EFI_BROWSER_ACTION                Action,
  IN     EFI_QUESTION_ID                   QuestionId,
  IN     UINT8                             Type,
  IN     EFI_IFR_TYPE_VALUE                *Value,
  OUT EFI_BROWSER_ACTION_REQUEST           *ActionRequest
  );
 
CHAR16 *
EFIAPI
DevicePathToStr (
  IN EFI_DEVICE_PATH_PROTOCOL  *DevPath
  );
 
VOID
CleanUpPage (
  IN UINT16                          LabelId,
  IN SECUREBOOT_CONFIG_PRIVATE_DATA  *PrivateData
  );
 
EFI_STATUS
ReadFileContent (
  IN      EFI_FILE_HANDLE  FileHandle,
  IN OUT  VOID             **BufferPtr,
  OUT  UINTN               *FileSize,
  IN      UINTN            AdditionAllocateSize
  );
 
VOID
CloseFile (
  IN EFI_FILE_HANDLE  FileHandle
  );
 
EFI_STATUS
EFIAPI
Int2OctStr (
  IN     CONST UINTN  *Integer,
  IN     UINTN        IntSizeInWords,
  OUT UINT8           *OctetString,
  IN     UINTN        OSSizeInBytes
  );
 
UINTN
GuidToString (
  IN  EFI_GUID  *Guid,
  IN  CHAR16    *Buffer,
  IN  UINTN     BufferSize
  );
 
BOOLEAN
EFIAPI
UpdatePKFromFile (
  IN EFI_DEVICE_PATH_PROTOCOL  *FilePath
  );
 
BOOLEAN
EFIAPI
UpdateKEKFromFile (
  IN EFI_DEVICE_PATH_PROTOCOL  *FilePath
  );
 
BOOLEAN
EFIAPI
UpdateDBFromFile (
  IN EFI_DEVICE_PATH_PROTOCOL  *FilePath
  );
 
BOOLEAN
EFIAPI
UpdateDBXFromFile (
  IN EFI_DEVICE_PATH_PROTOCOL  *FilePath
  );
 
BOOLEAN
EFIAPI
UpdateDBTFromFile (
  IN EFI_DEVICE_PATH_PROTOCOL  *FilePath
  );
 
#endif