SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h File Reference


Defines

#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE   256
#define EFI_CERT_TYPE_RSA2048_SIZE   256
#define AUTHINFO_SIZE   (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
#define SIGSUPPORT_NUM   2

Functions

EFI_STATUS VerifyVariable (IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, OUT UINT32 *KeyIndex, OUT UINT64 *MonotonicCount)
EFI_STATUS AutenticatedVariableServiceInitialize (VOID)
VOID CryptLibraryInitialize (VOID)
EFI_STATUS ProcessVarWithPk (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, IN BOOLEAN IsPk)
EFI_STATUS ProcessVarWithKek (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes)

Detailed Description

The internal header file includes the common header files, defines internal structure and functions used by AuthService module.

Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define AUTHINFO_SIZE   (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))

#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE   256

#define EFI_CERT_TYPE_RSA2048_SIZE   256

#define SIGSUPPORT_NUM   2

Item number of support signature types.

Referenced by AutenticatedVariableServiceInitialize().


Function Documentation

EFI_STATUS AutenticatedVariableServiceInitialize ( VOID   ) 

VOID CryptLibraryInitialize ( VOID   ) 

Initializes for cryptlib service before use, include register algrithm and allocate scratch.

EFI_STATUS ProcessVarWithKek ( IN CHAR16 *  VariableName,
IN EFI_GUID *  VendorGuid,
IN VOID *  Data,
IN UINTN  DataSize,
IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN VARIABLE_POINTER_TRACK Variable,
IN UINT32  Attributes 
)

Process variable with key exchange key for verification.

Parameters:
[in] VariableName The name of Variable to be found.
[in] VendorGuid The variable vendor GUID.
[in] Data The data pointer.
[in] DataSize Size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_SECURITY_VIOLATION The variable does NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable passed validation successfully.
Process variable with key exchange key for verification.

Parameters:
[in] VariableName The name of Variable to be found.
[in] VendorGuid The variable vendor GUID.
[in] Data The data pointer.
[in] DataSize The size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_SECURITY_VIOLATION The variable did NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable passed validation successfully.

References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, TRUE, UpdateVariable(), VAR_KEY_EXCHANGE_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.

EFI_STATUS ProcessVarWithPk ( IN CHAR16 *  VariableName,
IN EFI_GUID *  VendorGuid,
IN VOID *  Data,
IN UINTN  DataSize,
IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN VARIABLE_POINTER_TRACK Variable,
IN UINT32  Attributes,
IN BOOLEAN  IsPk 
)

Process variable with platform key for verification.

Parameters:
[in] VariableName The name of Variable to be found.
[in] VendorGuid Variable vendor GUID.
[in] Data The data pointer.
[in] DataSize The size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
[in] IsPk Indicates whether to process pk.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_SECURITY_VIOLATION The variable does NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable passed validation successfully.
Process variable with platform key for verification.

Parameters:
[in] VariableName The name of Variable to be found.
[in] VendorGuid The variable vendor GUID.
[in] Data The data pointer.
[in] DataSize The size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
[in] IsPk Indicates whether to process pk.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_SECURITY_VIOLATION The variable does NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable passed validation successfully.

References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, UpdatePlatformMode(), UpdateVariable(), VAR_PLATFORM_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.

EFI_STATUS VerifyVariable ( IN VOID *  Data,
IN UINTN  DataSize,
IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN VARIABLE_POINTER_TRACK Variable,
IN UINT32  Attributes,
OUT UINT32 *  KeyIndex,
OUT UINT64 *  MonotonicCount 
)

Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.

Parameters:
[in] Data The data pointer.
[in] DataSize The size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
[out] KeyIndex The output index of corresponding public key in database.
[out] MonotonicCount The output value of corresponding Monotonic Count.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, but the AuthInfo does NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable is not write-protected, or passed validation successfully.

References AddPubKeyInStore(), AUTHINFO_SIZE, BOOLEAN(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), IsValidVariableHeader(), TRUE, and VerifyDataPayload().

Referenced by EsalSetVariable().


Generated on Thu Sep 24 23:44:25 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1