Functions | |
EFI_STATUS | AutenticatedVariableServiceInitialize (VOID) |
UINT32 | AddPubKeyInStore (IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN UINT8 *PubKey) |
EFI_STATUS | VerifyDataPayload (IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN UINT8 *Data, IN UINTN DataSize, IN UINT8 *PubKey) |
VOID | UpdatePlatformMode (IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN UINT32 Mode) |
EFI_STATUS | ProcessVarWithPk (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, IN BOOLEAN IsPk) |
EFI_STATUS | ProcessVarWithKek (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes) |
EFI_STATUS | VerifyVariable (IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, OUT UINT32 *KeyIndex, OUT UINT64 *MonotonicCount) |
Variables | |
UINT32 | mPubKeyNumber |
UINT32 | mPlatformMode |
EFI_GUID | mSignatureSupport [SIGSUPPORT_NUM] = {EFI_CERT_RSA2048_SHA256_GUID, EFI_CERT_RSA2048_SHA1_GUID} |
CONST UINT8 | mRsaE [] = { 0x01, 0x00, 0x01 } |
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
UINT32 AddPubKeyInStore | ( | IN BOOLEAN | VirtualMode, | |
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN UINT8 * | PubKey | |||
) |
Add public key in store and return its index.
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | PubKey | The input pointer to Public Key data. |
References BOOLEAN(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), MAX_KEY_NUM, mPubKeyNumber, TRUE, UpdateVariable(), and VAR_AUTH_KEY_DB.
EFI_STATUS AutenticatedVariableServiceInitialize | ( | VOID | ) |
Initializes for authenticated varibale service.
EFI_SUCCESS | The function successfully executed. | |
EFI_OUT_OF_RESOURCES | Failed to allocate enough memory resources. |
References ESAL_VARIABLE_GLOBAL::AuthenticatedVariableGuid, BOOLEAN(), ESAL_VARIABLE_GLOBAL::CertRsa2048Sha256Guid, VARIABLE_POINTER_TRACK::CurrPtr, DataSizeOfVariable(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), ESAL_VARIABLE_GLOBAL::FvbInstance, GetVariableDataPtr(), ESAL_VARIABLE_GLOBAL::HashContext, ESAL_VARIABLE_GLOBAL::ImageSecurityDatabaseGuid, IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, mPubKeyNumber, mSignatureSupport, mVariableModuleGlobal, Physical, ESAL_VARIABLE_GLOBAL::PubKeyStore, SIGSUPPORT_NUM, UINTN(), UpdateVariable(), VAR_AUTH_KEY_DB, VAR_PLATFORM_KEY, VAR_SETUP_MODE, ESAL_VARIABLE_GLOBAL::VariableGlobal, ESAL_VARIABLE_GLOBAL::VariableName, and VARIABLE_POINTER_TRACK::Volatile.
Referenced by VariableServiceInitialize().
EFI_STATUS ProcessVarWithKek | ( | IN CHAR16 * | VariableName, | |
IN EFI_GUID * | VendorGuid, | |||
IN VOID * | Data, | |||
IN UINTN | DataSize, | |||
IN BOOLEAN | VirtualMode, | |||
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN VARIABLE_POINTER_TRACK * | Variable, | |||
IN UINT32 | Attributes | |||
) |
Process variable with key exchange key for verification.
[in] | VariableName | The name of Variable to be found. |
[in] | VendorGuid | The variable vendor GUID. |
[in] | Data | The data pointer. |
[in] | DataSize | The size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_SECURITY_VIOLATION | The variable did NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable passed validation successfully. |
References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, TRUE, UpdateVariable(), VAR_KEY_EXCHANGE_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.
EFI_STATUS ProcessVarWithPk | ( | IN CHAR16 * | VariableName, | |
IN EFI_GUID * | VendorGuid, | |||
IN VOID * | Data, | |||
IN UINTN | DataSize, | |||
IN BOOLEAN | VirtualMode, | |||
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN VARIABLE_POINTER_TRACK * | Variable, | |||
IN UINT32 | Attributes, | |||
IN BOOLEAN | IsPk | |||
) |
Process variable with platform key for verification.
[in] | VariableName | The name of Variable to be found. |
[in] | VendorGuid | The variable vendor GUID. |
[in] | Data | The data pointer. |
[in] | DataSize | The size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
[in] | IsPk | Indicates whether to process pk. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_SECURITY_VIOLATION | The variable does NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable passed validation successfully. |
References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, UpdatePlatformMode(), UpdateVariable(), VAR_PLATFORM_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.
VOID UpdatePlatformMode | ( | IN BOOLEAN | VirtualMode, | |
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN UINT32 | Mode | |||
) |
Update platform mode.
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Mode | SETUP_MODE or USER_MODE. |
References EFI_STATUS(), FindVariable(), mPlatformMode, UpdateVariable(), and VAR_SETUP_MODE.
EFI_STATUS VerifyDataPayload | ( | IN BOOLEAN | VirtualMode, | |
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN UINT8 * | Data, | |||
IN UINTN | DataSize, | |||
IN UINT8 * | PubKey | |||
) |
Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256 type. Follow the steps in UEFI2.2.
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Data | The pointer to data with AuthInfo. |
[in] | DataSize | The size of Data. |
[in] | PubKey | The public key used for verification. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_SECURITY_VIOLATION | Authentication failed. | |
EFI_SUCCESS | Authentication successful. |
References AUTHINFO_SIZE, BOOLEAN(), EFI_CERT_TYPE_RSA2048_SHA256_SIZE, EFI_CERT_TYPE_RSA2048_SIZE, mRsaE, SHA256_DIGEST_SIZE, and UINTN().
Referenced by ProcessVarWithKek(), ProcessVarWithPk(), and VerifyVariable().
EFI_STATUS VerifyVariable | ( | IN VOID * | Data, | |
IN UINTN | DataSize, | |||
IN BOOLEAN | VirtualMode, | |||
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN VARIABLE_POINTER_TRACK * | Variable, | |||
IN UINT32 | Attributes, | |||
OUT UINT32 * | KeyIndex, | |||
OUT UINT64 * | MonotonicCount | |||
) |
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.
[in] | Data | The data pointer. |
[in] | DataSize | The size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
[out] | KeyIndex | The output index of corresponding public key in database. |
[out] | MonotonicCount | The output value of corresponding Monotonic Count. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_WRITE_PROTECTED | The variable is write-protected and needs authentication with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. | |
EFI_SECURITY_VIOLATION | The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, but the AuthInfo does NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable is not write-protected, or passed validation successfully. |
References AddPubKeyInStore(), AUTHINFO_SIZE, BOOLEAN(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), IsValidVariableHeader(), TRUE, and VerifyDataPayload().
Referenced by EsalSetVariable().
UINT32 mPlatformMode |
UINT32 mPubKeyNumber |
Global database array for scratch
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 } |
EFI_GUID mSignatureSupport[SIGSUPPORT_NUM] = {EFI_CERT_RSA2048_SHA256_GUID, EFI_CERT_RSA2048_SHA1_GUID} |