2
The header file of HII Config Access protocol implementation of SecureBoot
5
Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
6
This program and the accompanying materials
7
are licensed and made available under the terms and conditions of the BSD License
8
which accompanies this distribution. The full text of the license may be found at
9
http://opensource.org/licenses/bsd-license.php
11
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16
#ifndef __SECUREBOOT_CONFIG_IMPL_H__
17
#define __SECUREBOOT_CONFIG_IMPL_H__
21
#include <Protocol/HiiConfigAccess.h>
22
#include <Protocol/HiiConfigRouting.h>
23
#include <Protocol/SimpleFileSystem.h>
24
#include <Protocol/BlockIo.h>
25
#include <Protocol/DevicePath.h>
26
#include <Protocol/DevicePathToText.h>
27
#include <Protocol/DebugPort.h>
28
#include <Protocol/LoadFile.h>
30
#include <Library/BaseLib.h>
31
#include <Library/BaseMemoryLib.h>
32
#include <Library/DebugLib.h>
33
#include <Library/MemoryAllocationLib.h>
34
#include <Library/UefiBootServicesTableLib.h>
35
#include <Library/UefiRuntimeServicesTableLib.h>
36
#include <Library/UefiHiiServicesLib.h>
37
#include <Library/UefiLib.h>
38
#include <Library/HiiLib.h>
39
#include <Library/DevicePathLib.h>
40
#include <Library/PrintLib.h>
41
#include <Library/PlatformSecureLib.h>
42
#include <Library/BaseCryptLib.h>
43
#include <Guid/MdeModuleHii.h>
44
#include <Guid/AuthenticatedVariableFormat.h>
45
#include <Guid/FileSystemVolumeLabelInfo.h>
46
#include <Guid/ImageAuthentication.h>
47
#include <Guid/FileInfo.h>
49
#include "SecureBootConfigNvData.h"
52
// Tool generated IFR binary data and String package data
54
extern UINT8 SecureBootConfigBin[];
55
extern UINT8 SecureBootConfigDxeStrings[];
58
// Shared IFR form update data
60
extern VOID *mStartOpCodeHandle;
61
extern VOID *mEndOpCodeHandle;
62
extern EFI_IFR_GUID_LABEL *mStartLabel;
63
extern EFI_IFR_GUID_LABEL *mEndLabel;
66
#define TWO_BYTE_ENCODE 0x82
69
// SHA-1 digest size in bytes.
71
#define SHA1_DIGEST_SIZE 20
73
// SHA-256 digest size in bytes
75
#define SHA256_DIGEST_SIZE 32
77
// Set max digest size as SHA256 Output (32 bytes) by far
79
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
81
#define WIN_CERT_UEFI_RSA2048_SIZE 256
86
#define HASHALG_SHA1 0x00000000
87
#define HASHALG_SHA224 0x00000001
88
#define HASHALG_SHA256 0x00000002
89
#define HASHALG_SHA384 0x00000003
90
#define HASHALG_SHA512 0x00000004
91
#define HASHALG_MAX 0x00000005
94
#define SECUREBOOT_MENU_OPTION_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'u')
95
#define SECUREBOOT_MENU_ENTRY_SIGNATURE SIGNATURE_32 ('S', 'b', 'M', 'r')
98
EFI_DEVICE_PATH_PROTOCOL Header;
100
UINT8 VendorDefinedData[1];
101
} VENDOR_DEVICE_PATH_WITH_DATA;
104
EFI_DEVICE_PATH_PROTOCOL Header;
105
UINT16 NetworkProtocol;
108
UINT16 TargetPortalGroupTag;
109
CHAR16 TargetName[1];
110
} ISCSI_DEVICE_PATH_WITH_NAME;
112
typedef enum _FILE_EXPLORER_DISPLAY_CONTEXT {
113
FileExplorerDisplayFileSystem,
114
FileExplorerDisplayDirectory,
115
FileExplorerDisplayUnknown
116
} FILE_EXPLORER_DISPLAY_CONTEXT;
118
typedef enum _FILE_EXPLORER_STATE {
119
FileExplorerStateInActive = 0,
120
FileExplorerStateEnrollPkFile,
121
FileExplorerStateEnrollKekFile,
122
FileExplorerStateEnrollSignatureFileToDb,
123
FileExplorerStateEnrollSignatureFileToDbx,
124
FileExplorerStateUnknown
125
} FILE_EXPLORER_STATE;
135
(*DEV_PATH_FUNCTION) (
136
IN OUT POOL_PRINT *Str,
143
DEV_PATH_FUNCTION Function;
144
} DEVICE_PATH_STRING_TABLE;
150
} SECUREBOOT_MENU_OPTION;
152
extern SECUREBOOT_MENU_OPTION FsOptionMenu;
153
extern SECUREBOOT_MENU_OPTION DirectoryMenu;
159
UINT16 *DisplayString;
161
EFI_STRING_ID DisplayStringToken;
162
EFI_STRING_ID HelpStringToken;
164
} SECUREBOOT_MENU_ENTRY;
168
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
169
EFI_FILE_HANDLE FHandle;
171
EFI_FILE_SYSTEM_VOLUME_LABEL *Info;
175
BOOLEAN IsRemovableMedia;
177
BOOLEAN IsBootLegacy;
178
} SECUREBOOT_FILE_CONTEXT;
182
// We define another format of 5th directory entry: security directory
185
UINT32 Offset; // Offset of certificate
186
UINT32 SizeOfCert; // size of certificate appended
187
} EFI_IMAGE_SECURITY_DATA_DIRECTORY;
195
/// HII specific Vendor Device Path definition.
198
VENDOR_DEVICE_PATH VendorDevicePath;
199
EFI_DEVICE_PATH_PROTOCOL End;
200
} HII_VENDOR_DEVICE_PATH;
205
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
206
EFI_HII_HANDLE HiiHandle;
207
EFI_HANDLE DriverHandle;
209
FILE_EXPLORER_STATE FeCurrentState;
210
FILE_EXPLORER_DISPLAY_CONTEXT FeDisplayContext;
212
SECUREBOOT_MENU_ENTRY *MenuEntry;
213
SECUREBOOT_FILE_CONTEXT *FileContext;
215
EFI_GUID *SignatureGUID;
216
} SECUREBOOT_CONFIG_PRIVATE_DATA;
218
extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate;
220
#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B')
221
#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE)
224
// Cryptograhpic Key Information
227
typedef struct _CPL_KEY_INFO {
228
UINT32 KeyLengthInBits; // Key Length In Bits
229
UINT32 BlockSize; // Operation Block Size in Bytes
230
UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes
231
UINT32 KeyType; // Key Type
232
UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm
233
UINT32 Flags; // Additional Key Property Flags
239
Retrieves the size, in bytes, of the context buffer required for hash operations.
241
@return The size, in bytes, of the context buffer required for hash operations.
246
(EFIAPI *HASH_GET_CONTEXT_SIZE)(
251
Initializes user-supplied memory pointed by HashContext as hash context for
254
If HashContext is NULL, then ASSERT().
256
@param[in, out] HashContext Pointer to Context being initialized.
258
@retval TRUE HASH context initialization succeeded.
259
@retval FALSE HASH context initialization failed.
265
IN OUT VOID *HashContext
270
Performs digest on a data buffer of the specified length. This function can
271
be called multiple times to compute the digest of long or discontinuous data streams.
273
If HashContext is NULL, then ASSERT().
275
@param[in, out] HashContext Pointer to the MD5 context.
276
@param[in] Data Pointer to the buffer containing the data to be hashed.
277
@param[in] DataLength Length of Data buffer in bytes.
279
@retval TRUE HASH data digest succeeded.
280
@retval FALSE Invalid HASH context. After HashFinal function has been called, the
281
HASH context cannot be reused.
286
(EFIAPI *HASH_UPDATE)(
287
IN OUT VOID *HashContext,
293
Completes hash computation and retrieves the digest value into the specified
294
memory. After this function has been called, the context cannot be used again.
296
If HashContext is NULL, then ASSERT().
297
If HashValue is NULL, then ASSERT().
299
@param[in, out] HashContext Pointer to the MD5 context
300
@param[out] HashValue Pointer to a buffer that receives the HASH digest
303
@retval TRUE HASH digest computation succeeded.
304
@retval FALSE HASH digest computation failed.
309
(EFIAPI *HASH_FINAL)(
310
IN OUT VOID *HashContext,
315
// Hash Algorithm Table
318
CHAR16 *Name; ///< Name for Hash Algorithm
319
UINTN DigestLength; ///< Digest Length
320
UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
321
UINTN OidLength; ///< Length of Hash OID Value
322
HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
323
HASH_INIT HashInit; ///< Pointer to Hash Init function
324
HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function
325
HASH_FINAL HashFinal; ///< Pointer to Hash Final function
331
} WIN_CERTIFICATE_EFI_PKCS;
335
This function publish the SecureBoot configuration Form.
337
@param[in, out] PrivateData Points to SecureBoot configuration private data.
339
@retval EFI_SUCCESS HII Form is installed successfully.
340
@retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation.
341
@retval Others Other errors as indicated.
345
InstallSecureBootConfigForm (
346
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
351
This function removes SecureBoot configuration Form.
353
@param[in, out] PrivateData Points to SecureBoot configuration private data.
357
UninstallSecureBootConfigForm (
358
IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
363
This function allows a caller to extract the current configuration for one
364
or more named elements from the target driver.
366
@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
367
@param[in] Request A null-terminated Unicode string in
368
<ConfigRequest> format.
369
@param[out] Progress On return, points to a character in the Request
370
string. Points to the string's null terminator if
371
request was successful. Points to the most recent
372
'&' before the first failing name/value pair (or
373
the beginning of the string if the failure is in
374
the first name/value pair) if the request was not
376
@param[out] Results A null-terminated Unicode string in
377
<ConfigAltResp> format which has all values filled
378
in for the names in the Request string. String to
379
be allocated by the called function.
381
@retval EFI_SUCCESS The Results is filled with the requested values.
382
@retval EFI_OUT_OF_RESOURCES Not enough memory to store the results.
383
@retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name.
384
@retval EFI_NOT_FOUND Routing data doesn't match any storage in this
390
SecureBootExtractConfig (
391
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
392
IN CONST EFI_STRING Request,
393
OUT EFI_STRING *Progress,
394
OUT EFI_STRING *Results
399
This function processes the results of changes in configuration.
401
@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
402
@param[in] Configuration A null-terminated Unicode string in <ConfigResp>
404
@param[out] Progress A pointer to a string filled in with the offset of
405
the most recent '&' before the first failing
406
name/value pair (or the beginning of the string if
407
the failure is in the first name/value pair) or
408
the terminating NULL if all was successful.
410
@retval EFI_SUCCESS The Results is processed successfully.
411
@retval EFI_INVALID_PARAMETER Configuration is NULL.
412
@retval EFI_NOT_FOUND Routing data doesn't match any storage in this
418
SecureBootRouteConfig (
419
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
420
IN CONST EFI_STRING Configuration,
421
OUT EFI_STRING *Progress
426
This function processes the results of changes in configuration.
428
@param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
429
@param[in] Action Specifies the type of action taken by the browser.
430
@param[in] QuestionId A unique value which is sent to the original
431
exporting driver so that it can identify the type
433
@param[in] Type The type of value for the question.
434
@param[in] Value A pointer to the data being sent to the original
436
@param[out] ActionRequest On return, points to the action requested by the
439
@retval EFI_SUCCESS The callback successfully handled the action.
440
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
441
variable and its data.
442
@retval EFI_DEVICE_ERROR The variable could not be saved.
443
@retval EFI_UNSUPPORTED The specified Action is not supported by the
450
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
451
IN EFI_BROWSER_ACTION Action,
452
IN EFI_QUESTION_ID QuestionId,
454
IN EFI_IFR_TYPE_VALUE *Value,
455
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
460
This function converts an input device structure to a Unicode string.
462
@param[in] DevPath A pointer to the device path structure.
464
@return A new allocated Unicode string that represents the device path.
470
IN EFI_DEVICE_PATH_PROTOCOL *DevPath
475
Clean up the dynamic opcode at label and form specified by both LabelId.
477
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
478
@param[in] PrivateData Module private data.
484
IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData
489
Update the file explorer page with the refreshed file system.
491
@param[in] PrivateData Module private data.
492
@param[in] KeyValue Key value to identify the type of data to expect.
494
@retval TRUE Inform the caller to create a callback packet to exit file explorer.
495
@retval FALSE Indicate that there is no need to exit file explorer.
500
IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData,
506
Free resources allocated in Allocate Rountine.
508
@param[in, out] MenuOption Menu to be freed
513
IN OUT SECUREBOOT_MENU_OPTION *MenuOption
518
Read file content into BufferPtr, the size of the allocate buffer
519
is *FileSize plus AddtionAllocateSize.
521
@param[in] FileHandle The file to be read.
522
@param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
523
@param[out] FileSize Size of input file
524
@param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
525
In case the buffer need to contain others besides the file content.
527
@retval EFI_SUCCESS The file was read into the buffer.
528
@retval EFI_INVALID_PARAMETER A parameter was invalid.
529
@retval EFI_OUT_OF_RESOURCES A memory allocation failed.
530
@retval others Unexpected error.
535
IN EFI_FILE_HANDLE FileHandle,
536
IN OUT VOID **BufferPtr,
538
IN UINTN AddtionAllocateSize
543
Close an open file handle.
545
@param[in] FileHandle The file handle to close.
550
IN EFI_FILE_HANDLE FileHandle
555
Converts a nonnegative integer to an octet string of a specified length.
557
@param[in] Integer Pointer to the nonnegative integer to be converted
558
@param[in] IntSizeInWords Length of integer buffer in words
559
@param[out] OctetString Converted octet string of the specified length
560
@param[in] OSSizeInBytes Intended length of resulting octet string in bytes
564
@retval EFI_SUCCESS Data conversion successfully
565
@retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string
571
IN CONST UINTN *Integer,
572
IN UINTN IntSizeInWords,
573
OUT UINT8 *OctetString,
574
IN UINTN OSSizeInBytes
579
Convert a String to Guid Value.
581
@param[in] Str Specifies the String to be converted.
582
@param[in] StrLen Number of Unicode Characters of String (exclusive \0)
583
@param[out] Guid Return the result Guid value.
585
@retval EFI_SUCCESS The operation is finished successfully.
586
@retval EFI_NOT_FOUND Invalid string.
598
Worker function that prints an EFI_GUID into specified Buffer.
600
@param[in] Guid Pointer to GUID to print.
601
@param[in] Buffer Buffer to print Guid into.
602
@param[in] BufferSize Size of Buffer.
604
@retval Number of characters printed.