UEFI 2.4 X509 Certificate Hash and RFC3161 Timestamp Verification support for Secure Boot
Main ChangeLogs includes: 1. Introduce the new GUID and structure definitions for certificate hash and timestamp support; 2. Update Image Verification Library to support DBT signature checking; 3. Update the related SecureBoot Configuration Pages; Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Guo Dong <guo.dong@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16380 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -65,7 +65,7 @@ StrDuplicate (
|
||||
}
|
||||
|
||||
/**
|
||||
Helper function called as part of the code needed to allocate
|
||||
Helper function called as part of the code needed to allocate
|
||||
the proper sized buffer for various EFI interfaces.
|
||||
|
||||
@param[in, out] Status Current status
|
||||
@@ -122,7 +122,7 @@ GrowBuffer (
|
||||
}
|
||||
|
||||
/**
|
||||
Append file name to existing file name, and allocate a new buffer
|
||||
Append file name to existing file name, and allocate a new buffer
|
||||
to hold the appended result.
|
||||
|
||||
@param[in] Str1 The existing file name
|
||||
@@ -149,7 +149,7 @@ AppendFileName (
|
||||
Str = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
|
||||
ASSERT (Str != NULL);
|
||||
|
||||
TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
|
||||
TmpStr = AllocateZeroPool (Size1 + Size2 + sizeof (CHAR16));
|
||||
ASSERT (TmpStr != NULL);
|
||||
|
||||
StrCat (Str, Str1);
|
||||
@@ -170,7 +170,7 @@ AppendFileName (
|
||||
//
|
||||
|
||||
//
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// that overlap.
|
||||
//
|
||||
StrCpy (TmpStr, Ptr + 3);
|
||||
@@ -182,7 +182,7 @@ AppendFileName (
|
||||
//
|
||||
|
||||
//
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// Use TmpStr as a backup, as StrCpy in BaseLib does not handle copy of two strings
|
||||
// that overlap.
|
||||
//
|
||||
StrCpy (TmpStr, Ptr + 2);
|
||||
@@ -196,7 +196,7 @@ AppendFileName (
|
||||
}
|
||||
|
||||
FreePool (TmpStr);
|
||||
|
||||
|
||||
return Str;
|
||||
}
|
||||
|
||||
@@ -354,7 +354,7 @@ DestroyMenuEntry (
|
||||
Free resources allocated in Allocate Rountine.
|
||||
|
||||
@param[in, out] MenuOption Menu to be freed
|
||||
|
||||
|
||||
**/
|
||||
VOID
|
||||
FreeMenu (
|
||||
@@ -459,7 +459,7 @@ FileSystemVolumeLabelInfo (
|
||||
This function opens a file with the open mode according to the file path. The
|
||||
Attributes is valid only for EFI_FILE_MODE_CREATE.
|
||||
|
||||
@param[in, out] FilePath On input, the device path to the file.
|
||||
@param[in, out] FilePath On input, the device path to the file.
|
||||
On output, the remaining device path.
|
||||
@param[out] FileHandle Pointer to the file handle.
|
||||
@param[in] OpenMode The mode to open the file with.
|
||||
@@ -495,7 +495,7 @@ OpenFileByDevicePath(
|
||||
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
|
||||
EFI_FILE_PROTOCOL *Handle1;
|
||||
EFI_FILE_PROTOCOL *Handle2;
|
||||
EFI_HANDLE DeviceHandle;
|
||||
EFI_HANDLE DeviceHandle;
|
||||
|
||||
if ((FilePath == NULL || FileHandle == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
@@ -816,7 +816,7 @@ FindFileSystem (
|
||||
if (NoSimpleFsHandles != 0) {
|
||||
FreePool (SimpleFsHandle);
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Remember how many file system options are here
|
||||
//
|
||||
@@ -826,7 +826,7 @@ FindFileSystem (
|
||||
|
||||
|
||||
/**
|
||||
Find files under the current directory. All files and sub-directories
|
||||
Find files under the current directory. All files and sub-directories
|
||||
in current directory will be stored in DirectoryMenu for future use.
|
||||
|
||||
@param[in] MenuEntry The Menu Entry.
|
||||
@@ -892,7 +892,7 @@ FindFiles (
|
||||
if (DirInfo == NULL) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Get all files in current directory
|
||||
// Pass 1 to get Directories
|
||||
@@ -934,7 +934,7 @@ FindFiles (
|
||||
NewFileContext->FileName
|
||||
);
|
||||
NewMenuEntry->HelpString = NULL;
|
||||
|
||||
|
||||
NewFileContext->IsDir = (BOOLEAN) ((DirInfo->Attribute & EFI_FILE_DIRECTORY) == EFI_FILE_DIRECTORY);
|
||||
if (NewFileContext->IsDir) {
|
||||
BufferSize = StrLen (DirInfo->FileName) * 2 + 6;
|
||||
@@ -977,7 +977,7 @@ RefreshUpdateData (
|
||||
{
|
||||
//
|
||||
// Free current updated date
|
||||
//
|
||||
//
|
||||
if (mStartOpCodeHandle != NULL) {
|
||||
HiiFreeOpCodeHandle (mStartOpCodeHandle);
|
||||
}
|
||||
@@ -1032,6 +1032,9 @@ UpdateFileExplorePage (
|
||||
} else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
FileFormId = FORM_FILE_EXPLORER_ID_DBX;
|
||||
} else if (FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
FileFormId = FORM_FILE_EXPLORER_ID_DBT;
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
@@ -1118,7 +1121,7 @@ UpdateFileExplorer (
|
||||
//
|
||||
FreeMenu (&FsOptionMenu);
|
||||
FindFileSystem ();
|
||||
|
||||
|
||||
CreateMenuStringToken (PrivateData->HiiHandle, &FsOptionMenu);
|
||||
UpdateFileExplorePage (PrivateData->HiiHandle, &FsOptionMenu, PrivateData->FeCurrentState);
|
||||
|
||||
@@ -1156,13 +1159,15 @@ UpdateFileExplorer (
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB;
|
||||
} else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbx) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX;
|
||||
} else if (PrivateData->FeCurrentState == FileExplorerStateEnrollSignatureFileToDbt) {
|
||||
FormId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT;
|
||||
} else {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
PrivateData->MenuEntry = NewMenuEntry;
|
||||
PrivateData->FileContext->FileName = NewFileContext->FileName;
|
||||
|
||||
|
||||
TmpDevicePath = NewFileContext->DevicePath;
|
||||
OpenFileByDevicePath (
|
||||
&TmpDevicePath,
|
||||
@@ -1200,7 +1205,7 @@ OnExit:
|
||||
}
|
||||
|
||||
/**
|
||||
Clean up the dynamic opcode at label and form specified by both LabelId.
|
||||
Clean up the dynamic opcode at label and form specified by both LabelId.
|
||||
|
||||
@param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
|
||||
@param[in] PrivateData Module private data.
|
||||
@@ -1226,4 +1231,3 @@ CleanUpPage (
|
||||
mEndOpCodeHandle // LABEL_END
|
||||
);
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user