summaryrefslogtreecommitdiff
path: root/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
diff options
context:
space:
mode:
authorQin Long <qin.long@intel.com>2014-11-14 08:41:12 +0000
committerqlong <qlong@Edk2>2014-11-14 08:41:12 +0000
commit20333c6d566748d7c78c1b546ba8f37c6d253dea (patch)
treecdd1196a23f4b41bf0c732ea82b49a86b51ad6de /SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
parent2e70cf8ade0dd1e023274f7358c7c72cfd17460c (diff)
downloadedk2-platforms-20333c6d566748d7c78c1b546ba8f37c6d253dea.tar.xz
UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot
Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h')
-rw-r--r--SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h41
1 files changed, 26 insertions, 15 deletions
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
index f87afbe709..228f44bde8 100644
--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
+++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
@@ -2,7 +2,7 @@
The header file of HII Config Access protocol implementation of SecureBoot
configuration module.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -73,9 +73,18 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
//
#define SHA256_DIGEST_SIZE 32
//
-// Set max digest size as SHA256 Output (32 bytes) by far
+// SHA-384 digest size in bytes
//
-#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
+#define SHA384_DIGEST_SIZE 48
+//
+// SHA-512 digest size in bytes
+//
+#define SHA512_DIGEST_SIZE 64
+
+//
+// Set max digest size as SHA512 Output (64 bytes) by far
+//
+#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
#define WIN_CERT_UEFI_RSA2048_SIZE 256
@@ -87,6 +96,7 @@ extern EFI_IFR_GUID_LABEL *mEndLabel;
#define HASHALG_SHA256 0x00000002
#define HASHALG_SHA384 0x00000003
#define HASHALG_SHA512 0x00000004
+#define HASHALG_RAW 0x00000005
#define HASHALG_MAX 0x00000005
@@ -120,6 +130,7 @@ typedef enum _FILE_EXPLORER_STATE {
FileExplorerStateEnrollKekFile,
FileExplorerStateEnrollSignatureFileToDb,
FileExplorerStateEnrollSignatureFileToDbx,
+ FileExplorerStateEnrollSignatureFileToDbt,
FileExplorerStateUnknown
} FILE_EXPLORER_STATE;
@@ -316,7 +327,7 @@ BOOLEAN
typedef struct {
CHAR16 *Name; ///< Name for Hash Algorithm
UINTN DigestLength; ///< Digest Length
- UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
+ UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value
UINTN OidLength; ///< Length of Hash OID Value
HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function
HASH_INIT HashInit; ///< Pointer to Hash Init function
@@ -471,7 +482,7 @@ DevicePathToStr (
/**
- Clean up the dynamic opcode at label and form specified by both LabelId.
+ Clean up the dynamic opcode at label and form specified by both LabelId.
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
@param[in] PrivateData Module private data.
@@ -505,7 +516,7 @@ UpdateFileExplorer (
Free resources allocated in Allocate Rountine.
@param[in, out] MenuOption Menu to be freed
-
+
**/
VOID
FreeMenu (
@@ -514,15 +525,15 @@ FreeMenu (
/**
- Read file content into BufferPtr, the size of the allocate buffer
+ Read file content into BufferPtr, the size of the allocate buffer
is *FileSize plus AddtionAllocateSize.
@param[in] FileHandle The file to be read.
@param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
@param[out] FileSize Size of input file
- @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
+ @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
In case the buffer need to contain others besides the file content.
-
+
@retval EFI_SUCCESS The file was read into the buffer.
@retval EFI_INVALID_PARAMETER A parameter was invalid.
@retval EFI_OUT_OF_RESOURCES A memory allocation failed.
@@ -542,7 +553,7 @@ ReadFileContent (
Close an open file handle.
@param[in] FileHandle The file handle to close.
-
+
**/
VOID
CloseFile (
@@ -555,7 +566,7 @@ CloseFile (
@param[in] Integer Pointer to the nonnegative integer to be converted
@param[in] IntSizeInWords Length of integer buffer in words
- @param[out] OctetString Converted octet string of the specified length
+ @param[out] OctetString Converted octet string of the specified length
@param[in] OSSizeInBytes Intended length of resulting octet string in bytes
Returns:
@@ -587,8 +598,8 @@ Int2OctStr (
**/
EFI_STATUS
StringToGuid (
- IN CHAR16 *Str,
- IN UINTN StrLen,
+ IN CHAR16 *Str,
+ IN UINTN StrLen,
OUT EFI_GUID *Guid
);
@@ -599,7 +610,7 @@ StringToGuid (
@param[in] Guid Pointer to GUID to print.
@param[in] Buffer Buffer to print Guid into.
@param[in] BufferSize Size of Buffer.
-
+
@retval Number of characters printed.
**/
@@ -610,4 +621,4 @@ GuidToString (
IN UINTN BufferSize
);
-#endif
+#endif \ No newline at end of file