diff options
Diffstat (limited to 'Core/MdeModulePkg/Include/Library/AuthVariableLib.h')
| -rw-r--r-- | Core/MdeModulePkg/Include/Library/AuthVariableLib.h | 261 |
1 files changed, 261 insertions, 0 deletions
diff --git a/Core/MdeModulePkg/Include/Library/AuthVariableLib.h b/Core/MdeModulePkg/Include/Library/AuthVariableLib.h new file mode 100644 index 0000000000..0731b8d748 --- /dev/null +++ b/Core/MdeModulePkg/Include/Library/AuthVariableLib.h @@ -0,0 +1,261 @@ +/** @file
+ Provides services to initialize and process authenticated variables.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _AUTH_VARIABLE_LIB_H_
+#define _AUTH_VARIABLE_LIB_H_
+
+#include <Protocol/VarCheck.h>
+
+///
+/// Size of AuthInfo prior to the data payload.
+///
+#define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
+ sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
+
+#define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
+ (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
+
+#define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
+
+typedef struct {
+ CHAR16 *VariableName;
+ EFI_GUID *VendorGuid;
+ UINT32 Attributes;
+ UINTN DataSize;
+ VOID *Data;
+ UINT32 PubKeyIndex;
+ UINT64 MonotonicCount;
+ EFI_TIME *TimeStamp;
+} AUTH_VARIABLE_INFO;
+
+/**
+ Finds variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the variable found.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_FIND_VARIABLE) (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Finds next variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds next variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the next variable.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_FIND_NEXT_VARIABLE) (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for
+ input of the variable.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_UPDATE_VARIABLE) (
+ IN AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Get scratch buffer.
+
+ @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than
+ the maximum supported buffer size, this value contains
+ the maximum supported buffer size as output.
+ @param[out] ScratchBuffer Pointer to scratch buffer address.
+
+ @retval EFI_SUCCESS Get scratch buffer successfully.
+ @retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_GET_SCRATCH_BUFFER) (
+ IN OUT UINTN *ScratchBufferSize,
+ OUT VOID **ScratchBuffer
+ );
+
+/**
+ This function is to check if the remaining variable space is enough to set
+ all Variables from argument list successfully. The purpose of the check
+ is to keep the consistency of the Variables to be in variable storage.
+
+ Note: Variables are assumed to be in same storage.
+ The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
+ so follow the argument sequence to check the Variables.
+
+ @param[in] Attributes Variable attributes for Variable entries.
+ @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
+ A NULL terminates the list. The VariableSize of
+ VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
+ It will be changed to variable total size as output.
+
+ @retval TRUE Have enough variable space to set the Variables successfully.
+ @retval FALSE No enough variable space to set the Variables successfully.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *AUTH_VAR_LIB_CHECK_REMAINING_SPACE) (
+ IN UINT32 Attributes,
+ ...
+ );
+
+/**
+ Return TRUE if at OS runtime.
+
+ @retval TRUE If at OS runtime.
+ @retval FALSE If at boot time.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *AUTH_VAR_LIB_AT_RUNTIME) (
+ VOID
+ );
+
+#define AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION 0x01
+
+typedef struct {
+ UINTN StructVersion;
+ UINTN StructSize;
+ //
+ // Reflect the overhead associated with the saving
+ // of a single EFI authenticated variable with the exception
+ // of the overhead associated with the length
+ // of the string name of the EFI variable.
+ //
+ UINTN MaxAuthVariableSize;
+ AUTH_VAR_LIB_FIND_VARIABLE FindVariable;
+ AUTH_VAR_LIB_FIND_NEXT_VARIABLE FindNextVariable;
+ AUTH_VAR_LIB_UPDATE_VARIABLE UpdateVariable;
+ AUTH_VAR_LIB_GET_SCRATCH_BUFFER GetScratchBuffer;
+ AUTH_VAR_LIB_CHECK_REMAINING_SPACE CheckRemainingSpaceForConsistency;
+ AUTH_VAR_LIB_AT_RUNTIME AtRuntime;
+} AUTH_VAR_LIB_CONTEXT_IN;
+
+#define AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION 0x01
+
+typedef struct {
+ UINTN StructVersion;
+ UINTN StructSize;
+ //
+ // Caller needs to set variable property for the variables.
+ //
+ VARIABLE_ENTRY_PROPERTY *AuthVarEntry;
+ UINTN AuthVarEntryCount;
+ //
+ // Caller needs to ConvertPointer() for the pointers.
+ //
+ VOID ***AddressPointer;
+ UINTN AddressPointerCount;
+} AUTH_VAR_LIB_CONTEXT_OUT;
+
+/**
+ Initialization for authenticated varibale services.
+ If this initialization returns error status, other APIs will not work
+ and expect to be not called then.
+
+ @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.
+ @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.
+
+ @retval EFI_SUCCESS Function successfully executed.
+ @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibInitialize (
+ IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,
+ OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
+ );
+
+/**
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+
+ @param[in] VariableName Name of the variable.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
+ defined by the Attributes.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
+ set, but the AuthInfo does NOT pass the validation
+ check carried out by the firmware.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibProcessVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
+ );
+
+#endif
|