SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c File Reference


Functions

EFI_STATUS AutenticatedVariableServiceInitialize (VOID)
UINT32 AddPubKeyInStore (IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN UINT8 *PubKey)
EFI_STATUS VerifyDataPayload (IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN UINT8 *Data, IN UINTN DataSize, IN UINT8 *PubKey)
VOID UpdatePlatformMode (IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN UINT32 Mode)
EFI_STATUS ProcessVarWithPk (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, IN BOOLEAN IsPk)
EFI_STATUS ProcessVarWithKek (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes)
EFI_STATUS VerifyVariable (IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, OUT UINT32 *KeyIndex, OUT UINT64 *MonotonicCount)

Variables

UINT32 mPubKeyNumber
UINT32 mPlatformMode
EFI_GUID mSignatureSupport [SIGSUPPORT_NUM] = {EFI_CERT_RSA2048_SHA256_GUID, EFI_CERT_RSA2048_SHA1_GUID}
CONST UINT8 mRsaE [] = { 0x01, 0x00, 0x01 }

Detailed Description

Implement authentication services for the authenticated variable service in UEFI2.2.

Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

UINT32 AddPubKeyInStore ( IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN UINT8 *  PubKey 
)

Add public key in store and return its index.

Parameters:
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] PubKey The input pointer to Public Key data.
Returns:
The index of new added item.

References BOOLEAN(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), MAX_KEY_NUM, mPubKeyNumber, TRUE, UpdateVariable(), and VAR_AUTH_KEY_DB.

EFI_STATUS AutenticatedVariableServiceInitialize ( VOID   ) 

EFI_STATUS ProcessVarWithKek ( IN CHAR16 *  VariableName,
IN EFI_GUID *  VendorGuid,
IN VOID *  Data,
IN UINTN  DataSize,
IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN VARIABLE_POINTER_TRACK Variable,
IN UINT32  Attributes 
)

Process variable with key exchange key for verification.

Parameters:
[in] VariableName The name of Variable to be found.
[in] VendorGuid The variable vendor GUID.
[in] Data The data pointer.
[in] DataSize The size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_SECURITY_VIOLATION The variable did NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable passed validation successfully.

References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, TRUE, UpdateVariable(), VAR_KEY_EXCHANGE_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.

EFI_STATUS ProcessVarWithPk ( IN CHAR16 *  VariableName,
IN EFI_GUID *  VendorGuid,
IN VOID *  Data,
IN UINTN  DataSize,
IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN VARIABLE_POINTER_TRACK Variable,
IN UINT32  Attributes,
IN BOOLEAN  IsPk 
)

Process variable with platform key for verification.

Parameters:
[in] VariableName The name of Variable to be found.
[in] VendorGuid The variable vendor GUID.
[in] Data The data pointer.
[in] DataSize The size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
[in] IsPk Indicates whether to process pk.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_SECURITY_VIOLATION The variable does NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable passed validation successfully.

References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, UpdatePlatformMode(), UpdateVariable(), VAR_PLATFORM_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.

VOID UpdatePlatformMode ( IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN UINT32  Mode 
)

Update platform mode.

Parameters:
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Mode SETUP_MODE or USER_MODE.

References EFI_STATUS(), FindVariable(), mPlatformMode, UpdateVariable(), and VAR_SETUP_MODE.

EFI_STATUS VerifyDataPayload ( IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN UINT8 *  Data,
IN UINTN  DataSize,
IN UINT8 *  PubKey 
)

Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256 type. Follow the steps in UEFI2.2.

Parameters:
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Data The pointer to data with AuthInfo.
[in] DataSize The size of Data.
[in] PubKey The public key used for verification.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_SECURITY_VIOLATION Authentication failed.
EFI_SUCCESS Authentication successful.

References AUTHINFO_SIZE, BOOLEAN(), EFI_CERT_TYPE_RSA2048_SHA256_SIZE, EFI_CERT_TYPE_RSA2048_SIZE, mRsaE, SHA256_DIGEST_SIZE, and UINTN().

Referenced by ProcessVarWithKek(), ProcessVarWithPk(), and VerifyVariable().

EFI_STATUS VerifyVariable ( IN VOID *  Data,
IN UINTN  DataSize,
IN BOOLEAN  VirtualMode,
IN ESAL_VARIABLE_GLOBAL Global,
IN VARIABLE_POINTER_TRACK Variable,
IN UINT32  Attributes,
OUT UINT32 *  KeyIndex,
OUT UINT64 *  MonotonicCount 
)

Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.

Parameters:
[in] Data The data pointer.
[in] DataSize The size of Data found. If size is less than the data, this value contains the required size.
[in] VirtualMode The current calling mode for this function.
[in] Global The context of this Extended SAL Variable Services Class call.
[in] Variable The variable information which is used to keep track of variable usage.
[in] Attributes The attribute value of the variable.
[out] KeyIndex The output index of corresponding public key in database.
[out] MonotonicCount The output value of corresponding Monotonic Count.
Return values:
EFI_INVALID_PARAMETER Invalid parameter.
EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, but the AuthInfo does NOT pass the validation check carried out by the firmware.
EFI_SUCCESS The variable is not write-protected, or passed validation successfully.

References AddPubKeyInStore(), AUTHINFO_SIZE, BOOLEAN(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), IsValidVariableHeader(), TRUE, and VerifyDataPayload().

Referenced by EsalSetVariable().


Variable Documentation

UINT32 mPlatformMode

UINT32 mPubKeyNumber

Global database array for scratch

CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }

EFI_GUID mSignatureSupport[SIGSUPPORT_NUM] = {EFI_CERT_RSA2048_SHA256_GUID, EFI_CERT_RSA2048_SHA1_GUID}


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1