mirror of
				https://git.proxmox.com/git/mirror_edk2
				synced 2025-10-26 10:33:07 +00:00 
			
		
		
		
	 e43525ee3c
			
		
	
	
		e43525ee3c
		
	
	
	
	
		
			
			Originally, the double pointer (VOID **) is not correct for convert address pointers from AuthVariableLib. Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <Jiewen.Yao@intel.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18054 6f19259b-4bc3-4df7-8a09-765794883524
		
			
				
	
	
		
			262 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			262 lines
		
	
	
		
			10 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /** @file
 | |
|   Provides services to initialize and process authenticated variables.
 | |
| 
 | |
| Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
 | |
| This program and the accompanying materials are licensed and made available under
 | |
| the terms and conditions of the BSD License that accompanies this distribution.
 | |
| The full text of the license may be found at
 | |
| http://opensource.org/licenses/bsd-license.php.
 | |
| 
 | |
| THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 | |
| WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 | |
| 
 | |
| **/
 | |
| 
 | |
| #ifndef _AUTH_VARIABLE_LIB_H_
 | |
| #define _AUTH_VARIABLE_LIB_H_
 | |
| 
 | |
| #include <Protocol/VarCheck.h>
 | |
| 
 | |
| ///
 | |
| /// Size of AuthInfo prior to the data payload.
 | |
| ///
 | |
| #define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
 | |
|                        (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
 | |
|                        sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
 | |
| 
 | |
| #define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
 | |
|                                   (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
 | |
| 
 | |
| #define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
 | |
|                                        (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
 | |
| 
 | |
| typedef struct {
 | |
|   CHAR16        *VariableName;
 | |
|   EFI_GUID      *VendorGuid;
 | |
|   UINT32        Attributes;
 | |
|   UINTN         DataSize;
 | |
|   VOID          *Data;
 | |
|   UINT32        PubKeyIndex;
 | |
|   UINT64        MonotonicCount;
 | |
|   EFI_TIME      *TimeStamp;
 | |
| } AUTH_VARIABLE_INFO;
 | |
| 
 | |
| /**
 | |
|   Finds variable in storage blocks of volatile and non-volatile storage areas.
 | |
| 
 | |
|   This code finds variable in storage blocks of volatile and non-volatile storage areas.
 | |
|   If VariableName is an empty string, then we just return the first
 | |
|   qualified variable without comparing VariableName and VendorGuid.
 | |
| 
 | |
|   @param[in]  VariableName          Name of the variable to be found.
 | |
|   @param[in]  VendorGuid            Variable vendor GUID to be found.
 | |
|   @param[out] AuthVariableInfo      Pointer to AUTH_VARIABLE_INFO structure for
 | |
|                                     output of the variable found.
 | |
| 
 | |
|   @retval EFI_INVALID_PARAMETER     If VariableName is not an empty string,
 | |
|                                     while VendorGuid is NULL.
 | |
|   @retval EFI_SUCCESS               Variable successfully found.
 | |
|   @retval EFI_NOT_FOUND             Variable not found
 | |
| 
 | |
| **/
 | |
| typedef
 | |
| EFI_STATUS
 | |
| (EFIAPI *AUTH_VAR_LIB_FIND_VARIABLE) (
 | |
|   IN  CHAR16                *VariableName,
 | |
|   IN  EFI_GUID              *VendorGuid,
 | |
|   OUT AUTH_VARIABLE_INFO    *AuthVariableInfo
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Finds next variable in storage blocks of volatile and non-volatile storage areas.
 | |
| 
 | |
|   This code finds next variable in storage blocks of volatile and non-volatile storage areas.
 | |
|   If VariableName is an empty string, then we just return the first
 | |
|   qualified variable without comparing VariableName and VendorGuid.
 | |
| 
 | |
|   @param[in]  VariableName          Name of the variable to be found.
 | |
|   @param[in]  VendorGuid            Variable vendor GUID to be found.
 | |
|   @param[out] AuthVariableInfo      Pointer to AUTH_VARIABLE_INFO structure for
 | |
|                                     output of the next variable.
 | |
| 
 | |
|   @retval EFI_INVALID_PARAMETER     If VariableName is not an empty string,
 | |
|                                     while VendorGuid is NULL.
 | |
|   @retval EFI_SUCCESS               Variable successfully found.
 | |
|   @retval EFI_NOT_FOUND             Variable not found
 | |
| 
 | |
| **/
 | |
| typedef
 | |
| EFI_STATUS
 | |
| (EFIAPI *AUTH_VAR_LIB_FIND_NEXT_VARIABLE) (
 | |
|   IN  CHAR16                *VariableName,
 | |
|   IN  EFI_GUID              *VendorGuid,
 | |
|   OUT AUTH_VARIABLE_INFO    *AuthVariableInfo
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Update the variable region with Variable information.
 | |
| 
 | |
|   @param[in] AuthVariableInfo       Pointer AUTH_VARIABLE_INFO structure for
 | |
|                                     input of the variable.
 | |
| 
 | |
|   @retval EFI_SUCCESS               The update operation is success.
 | |
|   @retval EFI_INVALID_PARAMETER     Invalid parameter.
 | |
|   @retval EFI_WRITE_PROTECTED       Variable is write-protected.
 | |
|   @retval EFI_OUT_OF_RESOURCES      There is not enough resource.
 | |
| 
 | |
| **/
 | |
| typedef
 | |
| EFI_STATUS
 | |
| (EFIAPI *AUTH_VAR_LIB_UPDATE_VARIABLE) (
 | |
|   IN AUTH_VARIABLE_INFO     *AuthVariableInfo
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Get scratch buffer.
 | |
| 
 | |
|   @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than
 | |
|                                     the maximum supported buffer size, this value contains
 | |
|                                     the maximum supported buffer size as output.
 | |
|   @param[out]     ScratchBuffer     Pointer to scratch buffer address.
 | |
| 
 | |
|   @retval EFI_SUCCESS       Get scratch buffer successfully.
 | |
|   @retval EFI_UNSUPPORTED   If input size is greater than the maximum supported buffer size.
 | |
| 
 | |
| **/
 | |
| typedef
 | |
| EFI_STATUS
 | |
| (EFIAPI *AUTH_VAR_LIB_GET_SCRATCH_BUFFER) (
 | |
|   IN OUT UINTN      *ScratchBufferSize,
 | |
|   OUT    VOID       **ScratchBuffer
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   This function is to check if the remaining variable space is enough to set
 | |
|   all Variables from argument list successfully. The purpose of the check
 | |
|   is to keep the consistency of the Variables to be in variable storage.
 | |
| 
 | |
|   Note: Variables are assumed to be in same storage.
 | |
|   The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
 | |
|   so follow the argument sequence to check the Variables.
 | |
| 
 | |
|   @param[in] Attributes         Variable attributes for Variable entries.
 | |
|   @param ...                    The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
 | |
|                                 A NULL terminates the list. The VariableSize of
 | |
|                                 VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
 | |
|                                 It will be changed to variable total size as output.
 | |
| 
 | |
|   @retval TRUE                  Have enough variable space to set the Variables successfully.
 | |
|   @retval FALSE                 No enough variable space to set the Variables successfully.
 | |
| 
 | |
| **/
 | |
| typedef
 | |
| BOOLEAN
 | |
| (EFIAPI *AUTH_VAR_LIB_CHECK_REMAINING_SPACE) (
 | |
|   IN UINT32                     Attributes,
 | |
|   ...
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Return TRUE if at OS runtime.
 | |
| 
 | |
|   @retval TRUE If at OS runtime.
 | |
|   @retval FALSE If at boot time.
 | |
| 
 | |
| **/
 | |
| typedef
 | |
| BOOLEAN
 | |
| (EFIAPI *AUTH_VAR_LIB_AT_RUNTIME) (
 | |
|   VOID
 | |
|   );
 | |
| 
 | |
| #define AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION  0x01
 | |
| 
 | |
| typedef struct {
 | |
|   UINTN                                 StructVersion;
 | |
|   UINTN                                 StructSize;
 | |
|   //
 | |
|   // Reflect the overhead associated with the saving
 | |
|   // of a single EFI authenticated variable with the exception
 | |
|   // of the overhead associated with the length
 | |
|   // of the string name of the EFI variable.
 | |
|   //
 | |
|   UINTN                                 MaxAuthVariableSize;
 | |
|   AUTH_VAR_LIB_FIND_VARIABLE            FindVariable;
 | |
|   AUTH_VAR_LIB_FIND_NEXT_VARIABLE       FindNextVariable;
 | |
|   AUTH_VAR_LIB_UPDATE_VARIABLE          UpdateVariable;
 | |
|   AUTH_VAR_LIB_GET_SCRATCH_BUFFER       GetScratchBuffer;
 | |
|   AUTH_VAR_LIB_CHECK_REMAINING_SPACE    CheckRemainingSpaceForConsistency;
 | |
|   AUTH_VAR_LIB_AT_RUNTIME               AtRuntime;
 | |
| } AUTH_VAR_LIB_CONTEXT_IN;
 | |
| 
 | |
| #define AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION 0x01
 | |
| 
 | |
| typedef struct {
 | |
|   UINTN                                 StructVersion;
 | |
|   UINTN                                 StructSize;
 | |
|   //
 | |
|   // Caller needs to set variable property for the variables.
 | |
|   //
 | |
|   VARIABLE_ENTRY_PROPERTY               *AuthVarEntry;
 | |
|   UINTN                                 AuthVarEntryCount;
 | |
|   //
 | |
|   // Caller needs to ConvertPointer() for the pointers.
 | |
|   //
 | |
|   VOID                                  ***AddressPointer;
 | |
|   UINTN                                 AddressPointerCount;
 | |
| } AUTH_VAR_LIB_CONTEXT_OUT;
 | |
| 
 | |
| /**
 | |
|   Initialization for authenticated varibale services.
 | |
|   If this initialization returns error status, other APIs will not work
 | |
|   and expect to be not called then.
 | |
| 
 | |
|   @param[in]  AuthVarLibContextIn   Pointer to input auth variable lib context.
 | |
|   @param[out] AuthVarLibContextOut  Pointer to output auth variable lib context.
 | |
| 
 | |
|   @retval EFI_SUCCESS               Function successfully executed.
 | |
|   @retval EFI_INVALID_PARAMETER     If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.
 | |
|   @retval EFI_OUT_OF_RESOURCES      Fail to allocate enough resource.
 | |
|   @retval EFI_UNSUPPORTED           Unsupported to process authenticated variable.
 | |
| 
 | |
| **/
 | |
| EFI_STATUS
 | |
| EFIAPI
 | |
| AuthVariableLibInitialize (
 | |
|   IN  AUTH_VAR_LIB_CONTEXT_IN   *AuthVarLibContextIn,
 | |
|   OUT AUTH_VAR_LIB_CONTEXT_OUT  *AuthVarLibContextOut
 | |
|   );
 | |
| 
 | |
| /**
 | |
|   Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
 | |
| 
 | |
|   @param[in] VariableName           Name of the variable.
 | |
|   @param[in] VendorGuid             Variable vendor GUID.
 | |
|   @param[in] Data                   Data pointer.
 | |
|   @param[in] DataSize               Size of Data.
 | |
|   @param[in] Attributes             Attribute value of the variable.
 | |
| 
 | |
|   @retval EFI_SUCCESS               The firmware has successfully stored the variable and its data as
 | |
|                                     defined by the Attributes.
 | |
|   @retval EFI_INVALID_PARAMETER     Invalid parameter.
 | |
|   @retval EFI_WRITE_PROTECTED       Variable is write-protected.
 | |
|   @retval EFI_OUT_OF_RESOURCES      There is not enough resource.
 | |
|   @retval EFI_SECURITY_VIOLATION    The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
 | |
|                                     or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
 | |
|                                     set, but the AuthInfo does NOT pass the validation
 | |
|                                     check carried out by the firmware.
 | |
|   @retval EFI_UNSUPPORTED           Unsupported to process authenticated variable.
 | |
| 
 | |
| **/
 | |
| EFI_STATUS
 | |
| EFIAPI
 | |
| AuthVariableLibProcessVariable (
 | |
|   IN CHAR16         *VariableName,
 | |
|   IN EFI_GUID       *VendorGuid,
 | |
|   IN VOID           *Data,
 | |
|   IN UINTN          DataSize,
 | |
|   IN UINT32         Attributes
 | |
|   );
 | |
| 
 | |
| #endif
 |