Home | History | Annotate | Download | only in EsalVariableDxeSal 
      1 /** @file
      2   The internal header file includes the common header files, defines
      3   internal structure and functions used by AuthService module.
      4 
      5 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
      6 This program and the accompanying materials
      7 are licensed and made available under the terms and conditions of the BSD License
      8 which accompanies this distribution.  The full text of the license may be found at
      9 http://opensource.org/licenses/bsd-license.php
     10 
     11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
     12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
     13 
     14 **/
     15 
     16 #ifndef _AUTHSERVICE_H_
     17 #define _AUTHSERVICE_H_
     18 
     19 #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
     20 #define EFI_CERT_TYPE_RSA2048_SIZE        256
     21 
     22 ///
     23 /// Size of AuthInfo prior to the data payload
     24 ///
     25 #define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
     26 
     27 ///
     28 /// Item number of support signature types.
     29 ///
     30 #define SIGSUPPORT_NUM 2
     31 
     32 /**
     33   Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.
     34 
     35   @param[in]  Data                        The data pointer.
     36   @param[in]  DataSize                    The size of Data found. If size is less than the
     37                                           data, this value contains the required size.
     38   @param[in]  VirtualMode                 The current calling mode for this function.
     39   @param[in]  Global                      The context of this Extended SAL Variable Services Class call.
     40   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
     41   @param[in]  Attributes                  The attribute value of the variable.
     42   @param[out] KeyIndex                    The output index of corresponding public key in database.
     43   @param[out] MonotonicCount              The output value of corresponding Monotonic Count.
     44 
     45   @retval EFI_INVALID_PARAMETER           Invalid parameter.
     46   @retval EFI_WRITE_PROTECTED             The variable is write-protected and needs authentication with
     47                                           EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
     48   @retval EFI_SECURITY_VIOLATION          The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
     49                                           set, but the AuthInfo does NOT pass the validation
     50                                           check carried out by the firmware.
     51   @retval EFI_SUCCESS                     The variable is not write-protected, or passed validation successfully.
     52 
     53 **/
     54 EFI_STATUS
     55 VerifyVariable (
     56   IN  VOID                      *Data,
     57   IN  UINTN                     DataSize,
     58   IN  BOOLEAN                   VirtualMode,
     59   IN  ESAL_VARIABLE_GLOBAL      *Global,
     60   IN  VARIABLE_POINTER_TRACK    *Variable,
     61   IN  UINT32                    Attributes OPTIONAL,
     62   OUT UINT32                    *KeyIndex OPTIONAL,
     63   OUT UINT64                    *MonotonicCount OPTIONAL
     64   );
     65 
     66 /**
     67   Initializes for authenticated varibale service.
     68 
     69   @retval EFI_SUCCESS           The function successfully executed.
     70   @retval EFI_OUT_OF_RESOURCES  Failed to allocate enough memory resources.
     71 
     72 **/
     73 EFI_STATUS
     74 AutenticatedVariableServiceInitialize (
     75   VOID
     76   );
     77 
     78 /**
     79   Initializes for cryptlib service before use, include register algrithm and allocate scratch.
     80 
     81 **/
     82 VOID
     83 CryptLibraryInitialize (
     84   VOID
     85   );
     86 
     87 /**
     88   Process variable with platform key for verification.
     89 
     90   @param[in]  VariableName                The name of Variable to be found.
     91   @param[in]  VendorGuid                  Variable vendor GUID.
     92   @param[in]  Data                        The data pointer.
     93   @param[in]  DataSize                    The size of Data found. If size is less than the
     94                                           data, this value contains the required size.
     95   @param[in]  VirtualMode                 The current calling mode for this function.
     96   @param[in]  Global                      The context of this Extended SAL Variable Services Class call.
     97   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
     98   @param[in]  Attributes                  The attribute value of the variable.
     99   @param[in]  IsPk                        Indicates whether to process pk.
    100 
    101   @retval EFI_INVALID_PARAMETER           Invalid parameter.
    102   @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
    103                                           check carried out by the firmware.
    104   @retval EFI_SUCCESS                     The variable passed validation successfully.
    105 
    106 **/
    107 EFI_STATUS
    108 ProcessVarWithPk (
    109   IN  CHAR16                    *VariableName,
    110   IN  EFI_GUID                  *VendorGuid,
    111   IN  VOID                      *Data,
    112   IN  UINTN                     DataSize,
    113   IN  BOOLEAN                   VirtualMode,
    114   IN  ESAL_VARIABLE_GLOBAL      *Global,
    115   IN  VARIABLE_POINTER_TRACK    *Variable,
    116   IN  UINT32                    Attributes OPTIONAL,
    117   IN  BOOLEAN                   IsPk
    118   );
    119 
    120 /**
    121   Process variable with key exchange key for verification.
    122 
    123   @param[in]  VariableName                The name of Variable to be found.
    124   @param[in]  VendorGuid                  The variable vendor GUID.
    125   @param[in]  Data                        The data pointer.
    126   @param[in]  DataSize                    Size of Data found. If size is less than the
    127                                           data, this value contains the required size.
    128   @param[in]  VirtualMode                 The current calling mode for this function.
    129   @param[in]  Global                      The context of this Extended SAL Variable Services Class call.
    130   @param[in]  Variable                    The variable information which is used to keep track of variable usage.
    131   @param[in]  Attributes                  The attribute value of the variable.
    132 
    133   @retval EFI_INVALID_PARAMETER           Invalid parameter.
    134   @retval EFI_SECURITY_VIOLATION          The variable does NOT pass the validation
    135                                           check carried out by the firmware.
    136   @retval EFI_SUCCESS                     The variable passed validation successfully.
    137 
    138 **/
    139 EFI_STATUS
    140 ProcessVarWithKek (
    141   IN  CHAR16                               *VariableName,
    142   IN  EFI_GUID                             *VendorGuid,
    143   IN  VOID                                 *Data,
    144   IN  UINTN                                DataSize,
    145   IN  BOOLEAN                              VirtualMode,
    146   IN  ESAL_VARIABLE_GLOBAL                 *Global,
    147   IN  VARIABLE_POINTER_TRACK               *Variable,
    148   IN  UINT32                               Attributes OPTIONAL
    149   );
    150 
    151 #endif
    152