#include <Uefi.h>
#include <UefiSecureBoot.h>
#include <Guid/GlobalVariable.h>
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/ImageAuthentication.h>
#include <Library/BaseLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/SecureBootVariableLib.h>
#include <Library/SecureBootVariableProvisionLib.h>
#include <Library/DxeServicesLib.h>

Functions
STATIC EFI_STATUS	SecureBootFetchData (IN EFI_GUID KeyFileGuid, OUT UINTN SigListsSize, OUT EFI_SIGNATURE_LIST **SigListOut)

STATIC EFI_STATUS	EnrollFromDefault (IN CHAR16 VariableName, IN CHAR16 DefaultName, IN EFI_GUID *VendorGuid)

EFI_STATUS	SecureBootInitPKDefault (IN VOID)

EFI_STATUS	SecureBootInitKEKDefault (IN VOID)

EFI_STATUS	SecureBootInitDbDefault (IN VOID)

EFI_STATUS	SecureBootInitDbxDefault (IN VOID)

EFI_STATUS	SecureBootInitDbtDefault (IN VOID)

EFI_STATUS EFIAPI	EnrollDbFromDefault (VOID)

EFI_STATUS EFIAPI	EnrollDbxFromDefault (VOID)

EFI_STATUS EFIAPI	EnrollDbtFromDefault (VOID)

EFI_STATUS EFIAPI	EnrollKEKFromDefault (VOID)

EFI_STATUS EFIAPI	EnrollPKFromDefault (VOID)

Detailed Description

This library provides functions to set/clear Secure Boot keys and databases.

Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2018 Hewlett Packard Enterprise Development LP
Copyright (c) 2021, ARM Ltd. All rights reserved.
Copyright (c) 2021, Semihalf All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file SecureBootVariableProvisionLib.c.

Function Documentation

◆ EnrollDbFromDefault()

EFI_STATUS EFIAPI EnrollDbFromDefault ( VOID )

Sets the content of the 'db' variable based on 'dbDefault' variable content.

Return values

EFI_OUT_OF_RESOURCES	If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails while VendorGuid is NULL.
other	Errors from GetVariable2 (), GetTime () and SetVariable ()

Definition at line 464 of file SecureBootVariableProvisionLib.c.

◆ EnrollDbtFromDefault()

EFI_STATUS EFIAPI EnrollDbtFromDefault ( VOID )

Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.

Return values

EFI_OUT_OF_RESOURCES	If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails while VendorGuid is NULL.
other	Errors from GetVariable2 (), GetTime () and SetVariable ()

Definition at line 512 of file SecureBootVariableProvisionLib.c.

◆ EnrollDbxFromDefault()

EFI_STATUS EFIAPI EnrollDbxFromDefault ( VOID )

Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.

Return values

EFI_OUT_OF_RESOURCES	If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails while VendorGuid is NULL.
other	Errors from GetVariable2 (), GetTime () and SetVariable ()

Definition at line 488 of file SecureBootVariableProvisionLib.c.

◆ EnrollFromDefault()

STATIC EFI_STATUS EnrollFromDefault	(	IN CHAR16 *	VariableName,
		IN CHAR16 *	DefaultName,
		IN EFI_GUID *	VendorGuid
	)

Enroll a key/certificate based on a default variable.

Parameters

[in]	VariableName	The name of the key/database.
[in]	DefaultName	The name of the default variable.
[in]	VendorGuid	The namespace (ie. vendor GUID) of the variable

Return values

EFI_OUT_OF_RESOURCES	Out of memory while allocating AuthHeader.
EFI_SUCCESS	Successful enrollment.

Returns: Error codes from GetTime () and SetVariable ().

Definition at line 150 of file SecureBootVariableProvisionLib.c.

◆ EnrollKEKFromDefault()

EFI_STATUS EFIAPI EnrollKEKFromDefault ( VOID )

Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.

Return values

EFI_OUT_OF_RESOURCES	If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails while VendorGuid is NULL.
other	Errors from GetVariable2 (), GetTime () and SetVariable ()

Definition at line 536 of file SecureBootVariableProvisionLib.c.

◆ EnrollPKFromDefault()

EFI_STATUS EFIAPI EnrollPKFromDefault ( VOID )

Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.

Return values

EFI_OUT_OF_RESOURCES	If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails while VendorGuid is NULL.
other	Errors from GetVariable2 (), GetTime () and SetVariable ()

Definition at line 560 of file SecureBootVariableProvisionLib.c.

◆ SecureBootFetchData()

STATIC EFI_STATUS SecureBootFetchData	(	IN EFI_GUID *	KeyFileGuid,
		OUT UINTN *	SigListsSize,
		OUT EFI_SIGNATURE_LIST **	SigListOut
	)

Create a EFI Signature List with data fetched from section specified as a argument. Found keys are verified using RsaGetPublicKeyFromX509().

Parameters

[in]	KeyFileGuid	A pointer to to the FFS filename GUID
[out]	SigListsSize	A pointer to size of signature list
[out]	SigListOut	a pointer to a callee-allocated buffer with signature lists

Return values

EFI_SUCCESS	Create time based payload successfully.
EFI_NOT_FOUND	Section with key has not been found.
EFI_INVALID_PARAMETER	Embedded key has a wrong format.
Others	Unexpected error happens.

Definition at line 43 of file SecureBootVariableProvisionLib.c.

◆ SecureBootInitDbDefault()

EFI_STATUS SecureBootInitDbDefault ( IN VOID )

Initializes dbDefault variable with data from FFS section.

Return values

EFI_SUCCESS	Variable was initialized successfully.
EFI_UNSUPPORTED	Variable already exists.

Definition at line 298 of file SecureBootVariableProvisionLib.c.

◆ SecureBootInitDbtDefault()

EFI_STATUS SecureBootInitDbtDefault ( IN VOID )

Initializes dbtDefault variable with data from FFS section.

Return values

EFI_SUCCESS	Variable was initialized successfully.
EFI_UNSUPPORTED	Variable already exists.

Definition at line 405 of file SecureBootVariableProvisionLib.c.

◆ SecureBootInitDbxDefault()

EFI_STATUS SecureBootInitDbxDefault ( IN VOID )

Initializes dbxDefault variable with data from FFS section.

Return values

EFI_SUCCESS	Variable was initialized successfully.
EFI_UNSUPPORTED	Variable already exists.

Definition at line 348 of file SecureBootVariableProvisionLib.c.

◆ SecureBootInitKEKDefault()

EFI_STATUS SecureBootInitKEKDefault ( IN VOID )

Initializes KEKDefault variable with data from FFS section.

Return values

EFI_SUCCESS	Variable was initialized successfully.
EFI_UNSUPPORTED	Variable already exists.

Definition at line 241 of file SecureBootVariableProvisionLib.c.

◆ SecureBootInitPKDefault()

EFI_STATUS SecureBootInitPKDefault ( IN VOID )

Initializes PKDefault variable with data from FFS section.

Return values

EFI_SUCCESS	Variable was initialized successfully.
EFI_UNSUPPORTED	Variable already exists.

Definition at line 184 of file SecureBootVariableProvisionLib.c.

Functions

Detailed Description

Function Documentation

◆ EnrollDbFromDefault()

◆ EnrollDbtFromDefault()

◆ EnrollDbxFromDefault()

◆ EnrollFromDefault()

◆ EnrollKEKFromDefault()

◆ EnrollPKFromDefault()

◆ SecureBootFetchData()

◆ SecureBootInitDbDefault()

◆ SecureBootInitDbtDefault()

◆ SecureBootInitDbxDefault()

◆ SecureBootInitKEKDefault()

◆ SecureBootInitPKDefault()