diff options
Diffstat (limited to 'SecurityPkg/Include')
-rw-r--r-- | SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h | 201 | ||||
-rw-r--r-- | SecurityPkg/Include/Library/TpmMeasurementLib.h | 44 |
2 files changed, 23 insertions, 222 deletions
diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h index c7cd34a943..1f007cfc73 100644 --- a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h +++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h @@ -1,16 +1,17 @@ /** @file
- The variable data structures are related to EDKII-specific
+ The variable data structures are related to EDKII-specific
implementation of UEFI authenticated variables.
- AuthenticatedVariableFormat.h defines variable data headers
- and variable storage region headers.
-
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
+ AuthenticatedVariableFormat.h defines variable data headers
+ and variable storage region headers that has been moved to
+ VariableFormat.h.
+
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
@@ -18,14 +19,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__
#define __AUTHENTICATED_VARIABLE_FORMAT_H__
-#define EFI_AUTHENTICATED_VARIABLE_GUID \
- { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+#include <Guid/VariableFormat.h>
#define EFI_SECURE_BOOT_ENABLE_DISABLE \
{ 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
-
-extern EFI_GUID gEfiAuthenticatedVariableGuid;
extern EFI_GUID gEfiSecureBootEnableDisableGuid;
extern EFI_GUID gEfiCertDbGuid;
extern EFI_GUID gEfiCustomModeEnableGuid;
@@ -36,6 +34,10 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// This variable is used for allowing a physically present user to disable
/// Secure Boot via firmware setup without the possession of PKpriv.
///
+/// GUID: gEfiSecureBootEnableDisableGuid
+///
+/// Format: UINT8
+///
#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable"
#define SECURE_BOOT_ENABLE 1
#define SECURE_BOOT_DISABLE 0
@@ -48,6 +50,10 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// Can enroll or delete KEK without existing PK's private key.
/// Can enroll or delete signature from DB/DBX without KEK's private key.
///
+/// GUID: gEfiCustomModeEnableGuid
+///
+/// Format: UINT8
+///
#define EFI_CUSTOM_MODE_NAME L"CustomMode"
#define CUSTOM_SECURE_BOOT_MODE 1
#define STANDARD_SECURE_BOOT_MODE 0
@@ -58,173 +64,12 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// the platform vendor has used a mechanism not defined by the UEFI Specification to
/// transition the system to setup mode or to update secure boot keys.
///
+/// GUID: gEfiVendorKeysNvGuid
+///
+/// Format: UINT8
+///
#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv"
#define VENDOR_KEYS_VALID 1
#define VENDOR_KEYS_MODIFIED 0
-///
-/// Alignment of variable name and data, according to the architecture:
-/// * For IA-32 and Intel(R) 64 architectures: 1.
-/// * For IA-64 architecture: 8.
-///
-#if defined (MDE_CPU_IPF)
-#define ALIGNMENT 8
-#else
-#define ALIGNMENT 1
-#endif
-
-//
-// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.
-//
-#if (ALIGNMENT == 1)
-#define GET_PAD_SIZE(a) (0)
-#else
-#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))
-#endif
-
-///
-/// Alignment of Variable Data Header in Variable Store region.
-///
-#define HEADER_ALIGNMENT 4
-#define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))
-
-///
-/// Status of Variable Store Region.
-///
-typedef enum {
- EfiRaw,
- EfiValid,
- EfiInvalid,
- EfiUnknown
-} VARIABLE_STORE_STATUS;
-
-#pragma pack(1)
-
-#define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID
-
-///
-/// Variable Store Header Format and State.
-///
-#define VARIABLE_STORE_FORMATTED 0x5a
-#define VARIABLE_STORE_HEALTHY 0xfe
-
-///
-/// Variable Store region header.
-///
-typedef struct {
- ///
- /// Variable store region signature.
- ///
- EFI_GUID Signature;
- ///
- /// Size of entire variable store,
- /// including size of variable store header but not including the size of FvHeader.
- ///
- UINT32 Size;
- ///
- /// Variable region format state.
- ///
- UINT8 Format;
- ///
- /// Variable region healthy state.
- ///
- UINT8 State;
- UINT16 Reserved;
- UINT32 Reserved1;
-} VARIABLE_STORE_HEADER;
-
-///
-/// Variable data start flag.
-///
-#define VARIABLE_DATA 0x55AA
-
-///
-/// Variable State flags.
-///
-#define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition.
-#define VAR_DELETED 0xfd ///< Variable is obsolete.
-#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid.
-#define VAR_ADDED 0x3f ///< Variable has been completely added.
-
-///
-/// Variable Attribute combinations.
-///
-#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
-#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
-#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
-#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
-#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)
-#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
-#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
-#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW)
-
-/// Single Variable Data Header Structure.
-///
-typedef struct {
- ///
- /// Variable Data Start Flag.
- ///
- UINT16 StartId;
- ///
- /// Variable State defined above.
- ///
- UINT8 State;
- UINT8 Reserved;
- ///
- /// Attributes of variable defined in UEFI specification.
- ///
- UINT32 Attributes;
- ///
- /// Associated monotonic count value against replay attack.
- ///
- UINT64 MonotonicCount;
- ///
- /// Associated TimeStamp value against replay attack.
- ///
- EFI_TIME TimeStamp;
- ///
- /// Index of associated public key in database.
- ///
- UINT32 PubKeyIndex;
- ///
- /// Size of variable null-terminated Unicode string name.
- ///
- UINT32 NameSize;
- ///
- /// Size of the variable data without this header.
- ///
- UINT32 DataSize;
- ///
- /// A unique identifier for the vendor that produces and consumes this varaible.
- ///
- EFI_GUID VendorGuid;
-} VARIABLE_HEADER;
-
-typedef struct {
- EFI_GUID *Guid;
- CHAR16 *Name;
- UINTN VariableSize;
-} VARIABLE_ENTRY_CONSISTENCY;
-
-#pragma pack()
-
-typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;
-
-///
-/// This structure contains the variable list that is put in EFI system table.
-/// The variable driver collects all variables that were used at boot service time and produces this list.
-/// This is an optional feature to dump all used variables in shell environment.
-///
-struct _VARIABLE_INFO_ENTRY {
- VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry.
- EFI_GUID VendorGuid; ///< Guid of Variable.
- CHAR16 *Name; ///< Name of Variable.
- UINT32 Attributes; ///< Attributes of variable defined in UEFI spec.
- UINT32 ReadCount; ///< Number of times to read this variable.
- UINT32 WriteCount; ///< Number of times to write this variable.
- UINT32 DeleteCount; ///< Number of times to delete this variable.
- UINT32 CacheCount; ///< Number of times that cache hits this variable.
- BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile.
-};
-
#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__
diff --git a/SecurityPkg/Include/Library/TpmMeasurementLib.h b/SecurityPkg/Include/Library/TpmMeasurementLib.h deleted file mode 100644 index 45542f45ae..0000000000 --- a/SecurityPkg/Include/Library/TpmMeasurementLib.h +++ /dev/null @@ -1,44 +0,0 @@ -/** @file
- This library is used by other modules to measure data to TPM.
-
-Copyright (c) 2012, Intel Corporation. All rights reserved. <BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef _TPM_MEASUREMENT_LIB_H_
-#define _TPM_MEASUREMENT_LIB_H_
-
-/**
- Tpm measure and log data, and extend the measurement result into a specific PCR.
-
- @param[in] PcrIndex PCR Index.
- @param[in] EventType Event type.
- @param[in] EventLog Measurement event log.
- @param[in] LogLen Event log length in bytes.
- @param[in] HashData The start of the data buffer to be hashed, extended.
- @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_UNSUPPORTED TPM device not available.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-TpmMeasureAndLogData (
- IN UINT32 PcrIndex,
- IN UINT32 EventType,
- IN VOID *EventLog,
- IN UINT32 LogLen,
- IN VOID *HashData,
- IN UINT64 HashDataLen
- );
-
-#endif
|