sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Removing ipf which is no longer supported from edk2.

Browse Source 
Removing rules for Ipf sources file:
* Remove the source file which path with "ipf" and also listed in
  [Sources.IPF] section of INF file.
* Remove the source file which listed in [Components.IPF] section
  of DSC file and not listed in any other [Components] section.
* Remove the embedded Ipf code for MDE_CPU_IPF.

Removing rules for Inf file:
* Remove IPF from VALID_ARCHITECTURES comments.
* Remove DXE_SAL_DRIVER from LIBRARY_CLASS in [Defines] section.
* Remove the INF which only listed in [Components.IPF] section in DSC.
* Remove statements from [BuildOptions] that provide IPF specific flags.
* Remove any IPF sepcific sections.

Removing rules for Dec file:
* Remove [Includes.IPF] section from Dec.

Removing rules for Dsc file:
* Remove IPF from SUPPORTED_ARCHITECTURES in [Defines] section of DSC.
* Remove any IPF specific sections.
* Remove statements from [BuildOptions] that provide IPF specific flags.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Chen A Chen <chen.a.chen@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
This commit is contained in:
chenc2
2018-06-29 11:33:44 +08:00
committed by Zhang, Chao B
parent dbf9cc87cb
commit 4cecd19a44
54 changed files with 69 additions and 5533 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
View File

@ -27,7 +27,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources.common] [Sources.common]

4
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
View File

@ -20,13 +20,13 @@
FILE_GUID = EB92D1DE-7C36-4680-BB88-A67E96049F72 FILE_GUID = EB92D1DE-7C36-4680-BB88-A67E96049F72
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeImageAuthenticationStatusLibConstructor CONSTRUCTOR = DxeImageAuthenticationStatusLibConstructor
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

6
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
View File

@ -8,7 +8,7 @@
# This external input must be validated carefully to avoid security issues such as # This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow. # buffer overflow or integer overflow.
# #
# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -25,13 +25,13 @@
FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6 FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeImageVerificationLibConstructor CONSTRUCTOR = DxeImageVerificationLibConstructor
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf
View File

@ -22,14 +22,14 @@
FILE_GUID = 0AD6C423-4732-4cf3-9CE3-0A5416D634A5 FILE_GUID = 0AD6C423-4732-4cf3-9CE3-0A5416D634A5
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = NULL|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeRsa2048Sha256GuidedSectionExtractLibConstructor CONSTRUCTOR = DxeRsa2048Sha256GuidedSectionExtractLibConstructor
MODULE_UNI_FILE = DxeRsa2048Sha256GuidedSectionExtractLib.uni MODULE_UNI_FILE = DxeRsa2048Sha256GuidedSectionExtractLib.uni
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf
View File

@ -25,12 +25,12 @@
FILE_GUID = 7E507A86-DE8B-4AD3-BC4C-0498389098D3 FILE_GUID = 7E507A86-DE8B-4AD3-BC4C-0498389098D3
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
View File

@ -26,13 +26,13 @@
FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = TcgPhysicalPresenceLibConstructor CONSTRUCTOR = TcgPhysicalPresenceLibConstructor
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
View File

@ -29,13 +29,13 @@
FILE_GUID = 778CE4F4-36BD-4ae7-B8F0-10B420B0D174 FILE_GUID = 778CE4F4-36BD-4ae7-B8F0-10B420B0D174
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeTpm2MeasureBootLibConstructor CONSTRUCTOR = DxeTpm2MeasureBootLibConstructor
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
View File

@ -26,13 +26,13 @@
FILE_GUID = 6C60C7D0-922A-4b7c-87D7-E503EDD73BBF FILE_GUID = 6C60C7D0-922A-4b7c-87D7-E503EDD73BBF
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeTpmMeasureBootLibConstructor CONSTRUCTOR = DxeTpmMeasureBootLibConstructor
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
View File

@ -20,13 +20,13 @@
FILE_GUID = 30930D10-AF5B-4abf-80E6-EB4FFC0AE9D1 FILE_GUID = 30930D10-AF5B-4abf-80E6-EB4FFC0AE9D1
MODULE_TYPE = UEFI_DRIVER MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
MODULE_UNI_FILE = DxeTpmMeasurementLib.uni MODULE_UNI_FILE = DxeTpmMeasurementLib.uni
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
View File

@ -3,7 +3,7 @@
# #
# Instance of FmpAuthentication Library for DXE/PEI post memory phase. # Instance of FmpAuthentication Library for DXE/PEI post memory phase.
# #
# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -26,7 +26,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
View File

@ -26,7 +26,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf
View File

@ -3,7 +3,7 @@
# #
# This library can be registered to BaseCrypto router, to serve as hash engine. # This library can be registered to BaseCrypto router, to serve as hash engine.
# #
# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -26,7 +26,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
View File

@ -3,7 +3,7 @@
# #
# This library can be registered to BaseCrypto router, to serve as hash engine. # This library can be registered to BaseCrypto router, to serve as hash engine.
# #
# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -26,7 +26,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
View File

@ -22,13 +22,13 @@
FILE_GUID = 158DC712-F15A-44dc-93BB-1675045BE066 FILE_GUID = 158DC712-F15A-44dc-93BB-1675045BE066
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = HashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = HashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = HashLibBaseCryptoRouterDxeConstructor CONSTRUCTOR = HashLibBaseCryptoRouterDxeConstructor
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
View File

@ -28,7 +28,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf
View File

@ -26,7 +26,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf
View File

@ -29,7 +29,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
View File

@ -25,7 +25,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
View File

@ -29,7 +29,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
View File

@ -30,7 +30,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
View File

@ -23,7 +23,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
View File

@ -23,7 +23,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf
View File

@ -3,7 +3,7 @@
# #
# This library is used by other modules to send TPM 1.2 command. # This library is used by other modules to send TPM 1.2 command.
# #
# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -25,7 +25,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
View File

@ -27,7 +27,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
View File

@ -21,12 +21,12 @@
FILE_GUID = 4D8B77D9-E923-48f8-B070-4053D78B7E56 FILE_GUID = 4D8B77D9-E923-48f8-B070-4053D78B7E56
MODULE_TYPE = BASE MODULE_TYPE = BASE
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = Tpm12DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = Tpm12DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
View File

@ -3,7 +3,7 @@
# #
# This library is used by other modules to send TPM 2.0 command. # This library is used by other modules to send TPM 2.0 command.
# #
# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -25,7 +25,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
View File

@ -32,7 +32,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf
View File

@ -28,7 +28,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf
View File

@ -22,12 +22,12 @@
FILE_GUID = C3D69D87-5200-4aab-A6DB-2569BA1A92FC FILE_GUID = C3D69D87-5200-4aab-A6DB-2569BA1A92FC
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf
View File

@ -27,7 +27,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
View File

@ -21,12 +21,12 @@
FILE_GUID = A1B0B230-67DC-431E-A94A-A96AF1EBE637 FILE_GUID = A1B0B230-67DC-431E-A94A-A96AF1EBE637
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Library/TpmCommLib/TpmCommLib.inf
View File

@ -26,7 +26,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

16
SecurityPkg/SecurityPkg.dsc
View File

@ -19,7 +19,7 @@
PLATFORM_VERSION = 0.98 PLATFORM_VERSION = 0.98
DSC_SPECIFICATION = 0x00010005 DSC_SPECIFICATION = 0x00010005
OUTPUT_DIRECTORY = Build/SecurityPkg OUTPUT_DIRECTORY = Build/SecurityPkg
SUPPORTED_ARCHITECTURES = IA32|IPF|X64|EBC|ARM|AARCH64 SUPPORTED_ARCHITECTURES = IA32|X64|EBC|ARM|AARCH64
BUILD_TARGETS = DEBUG|RELEASE|NOOPT BUILD_TARGETS = DEBUG|RELEASE|NOOPT
SKUID_IDENTIFIER = DEFAULT SKUID_IDENTIFIER = DEFAULT
@ -116,13 +116,6 @@
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
[LibraryClasses.IPF.DXE_SAL_DRIVER]
ExtendedSalLib|MdePkg/Library/DxeRuntimeExtendedSalLib/DxeRuntimeExtendedSalLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLibRuntimeCryptProtocol/BaseCryptLibRuntimeCryptProtocol.inf
HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
[LibraryClasses.common.DXE_SMM_DRIVER] [LibraryClasses.common.DXE_SMM_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
@ -203,10 +196,10 @@
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
[Components.IA32, Components.X64, Components.IPF, Components.ARM, Components.AARCH64] [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
[Components.IA32, Components.X64, Components.IPF] [Components.IA32, Components.X64]
# SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf # SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
# SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf # SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@ -281,9 +274,6 @@
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf
[Components.IPF]
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf
[BuildOptions] [BuildOptions]
MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256 MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256
INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256 INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256

4
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
View File

@ -5,7 +5,7 @@
# TPer Reset for those encrypted drives through EFI_STORAGE_SECURITY_COMMAND_PROTOCOL # TPer Reset for those encrypted drives through EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
# at EndOfDxe. # at EndOfDxe.
# #
# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -28,7 +28,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

4
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
View File

@ -6,7 +6,7 @@
# NOTE: This module only handles secure MOR V1 and is deprecated. # NOTE: This module only handles secure MOR V1 and is deprecated.
# The secure MOR V2 is handled inside of variable driver. # The secure MOR V2 is handled inside of variable driver.
# #
# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -29,7 +29,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
View File

@ -25,7 +25,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
View File

@ -29,7 +29,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
View File

@ -25,7 +25,7 @@
UNLOAD_IMAGE = Tcg2ConfigDriverUnload UNLOAD_IMAGE = Tcg2ConfigDriverUnload
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf
View File

@ -24,7 +24,7 @@
ENTRY_POINT = Tcg2ConfigPeimEntryPoint ENTRY_POINT = Tcg2ConfigPeimEntryPoint
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
# [BootMode] # [BootMode]
# S3_RESUME ## SOMETIMES_CONSUMES # S3_RESUME ## SOMETIMES_CONSUMES

2
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
View File

@ -36,7 +36,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

4
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
View File

@ -8,7 +8,7 @@
# #
# This module will initialize TPM device, measure reported FVs and BIOS version. # This module will initialize TPM device, measure reported FVs and BIOS version.
# #
# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR> # Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
@ -31,7 +31,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
# [BootMode] # [BootMode]
# S3_RESUME ## SOMETIMES_CONSUMES # S3_RESUME ## SOMETIMES_CONSUMES

2
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
View File

@ -23,7 +23,7 @@
UNLOAD_IMAGE = TcgConfigDriverUnload UNLOAD_IMAGE = TcgConfigDriverUnload
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]

2
SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
View File

@ -24,7 +24,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF # VALID_ARCHITECTURES = IA32 X64
# #
[Sources] [Sources]

2
SecurityPkg/Tcg/TcgPei/TcgPei.inf
View File

@ -26,7 +26,7 @@
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
# [BootMode] # [BootMode]
# S3_RESUME ## SOMETIMES_CONSUMES # S3_RESUME ## SOMETIMES_CONSUMES

886
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c
View File

@ -1,886 +0,0 @@
/** @file
Implement authentication services for the authenticated variable
service in UEFI2.2.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Variable.h"
#include "AuthService.h"
///
/// Global database array for scratch
///
UINT32 mPubKeyNumber;
UINT32 mPlatformMode;
EFI_GUID mSignatureSupport[SIGSUPPORT_NUM] = {EFI_CERT_RSA2048_SHA256_GUID, EFI_CERT_RSA2048_SHA1_GUID};
//
// Public Exponent of RSA Key.
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
/**
Initializes for authenticated varibale service.
@retval EFI_SUCCESS The function successfully executed.
@retval EFI_OUT_OF_RESOURCES Failed to allocate enough memory resources.
**/
EFI_STATUS
AutenticatedVariableServiceInitialize (
VOID
)
{
EFI_STATUS Status;
VARIABLE_POINTER_TRACK Variable;
UINT8 VarValue;
UINT32 VarAttr;
UINTN DataSize;
UINTN CtxSize;
AUTHENTICATED_VARIABLE_HEADER VariableHeader;
BOOLEAN Valid;
ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER));
mVariableModuleGlobal->AuthenticatedVariableGuid[Physical] = &gEfiAuthenticatedVariableGuid;
mVariableModuleGlobal->CertRsa2048Sha256Guid[Physical] = &gEfiCertRsa2048Sha256Guid;
mVariableModuleGlobal->ImageSecurityDatabaseGuid[Physical] = &gEfiImageSecurityDatabaseGuid;
//
// Initialize hash context.
//
CtxSize = Sha256GetContextSize ();
mVariableModuleGlobal->HashContext[Physical] = AllocateRuntimePool (CtxSize);
ASSERT (mVariableModuleGlobal->HashContext[Physical] != NULL);
//
// Check "AuthVarKeyDatabase" variable's existence.
// If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
Status = FindVariable (
mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB],
&gEfiAuthenticatedVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal[Physical],
mVariableModuleGlobal->FvbInstance
);
if (Variable.CurrPtr == 0x0) {
VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
VarValue = 0;
mPubKeyNumber = 0;
Status = UpdateVariable (
mVariableModuleGlobal->VariableName[Physical][VAR_AUTH_KEY_DB],
&gEfiAuthenticatedVariableGuid,
&VarValue,
sizeof(UINT8),
VarAttr,
0,
0,
FALSE,
mVariableModuleGlobal,
&Variable
);
if (EFI_ERROR (Status)) {
return Status;
}
} else {
//
// Load database in global variable for cache.
//
Valid = IsValidVariableHeader (
Variable.CurrPtr,
Variable.Volatile,
&mVariableModuleGlobal->VariableGlobal[Physical],
mVariableModuleGlobal->FvbInstance,
&VariableHeader
);
ASSERT (Valid);
DataSize = DataSizeOfVariable (&VariableHeader);
ASSERT (DataSize <= MAX_KEYDB_SIZE);
GetVariableDataPtr (
Variable.CurrPtr,
Variable.Volatile,
&mVariableModuleGlobal->VariableGlobal[Physical],
mVariableModuleGlobal->FvbInstance,
(CHAR16 *) mVariableModuleGlobal->PubKeyStore
);
mPubKeyNumber = (UINT32) (DataSize / EFI_CERT_TYPE_RSA2048_SIZE);
}
//
// Check "SetupMode" variable's existence.
// If it doesn't exist, check PK database's existence to determine the value.
// Then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
Status = FindVariable (
mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE],
&gEfiGlobalVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal[Physical],
mVariableModuleGlobal->FvbInstance
);
if (Variable.CurrPtr == 0x0) {
Status = FindVariable (
mVariableModuleGlobal->VariableName[Physical][VAR_PLATFORM_KEY],
&gEfiGlobalVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal[Physical],
mVariableModuleGlobal->FvbInstance
);
if (Variable.CurrPtr == 0x0) {
mPlatformMode = SETUP_MODE;
} else {
mPlatformMode = USER_MODE;
}
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
mVariableModuleGlobal->VariableName[Physical][VAR_SETUP_MODE],
&gEfiGlobalVariableGuid,
&mPlatformMode,
sizeof(UINT8),
VarAttr,
0,
0,
FALSE,
mVariableModuleGlobal,
&Variable
);
if (EFI_ERROR (Status)) {
return Status;
}
} else {
GetVariableDataPtr (
Variable.CurrPtr,
Variable.Volatile,
&mVariableModuleGlobal->VariableGlobal[Physical],
mVariableModuleGlobal->FvbInstance,
(CHAR16 *) &mPlatformMode
);
}
//
// Check "SignatureSupport" variable's existence.
// If it doesn't exist, then create a new one with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
Status = FindVariable (
EFI_SIGNATURE_SUPPORT_NAME,
&gEfiGlobalVariableGuid,
&Variable,
&mVariableModuleGlobal->VariableGlobal[Physical],
mVariableModuleGlobal->FvbInstance
);
if (Variable.CurrPtr == 0x0) {
VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
EFI_SIGNATURE_SUPPORT_NAME,
&gEfiGlobalVariableGuid,
mSignatureSupport,
SIGSUPPORT_NUM * sizeof(EFI_GUID),
VarAttr,
0,
0,
FALSE,
mVariableModuleGlobal,
&Variable
);
}
return Status;
}
/**
Add public key in store and return its index.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] PubKey The input pointer to Public Key data.
@return The index of new added item.
**/
UINT32
AddPubKeyInStore (
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN UINT8 *PubKey
)
{
EFI_STATUS Status;
BOOLEAN IsFound;
UINT32 Index;
VARIABLE_POINTER_TRACK Variable;
UINT8 *Ptr;
if (PubKey == NULL) {
return 0;
}
Status = FindVariable (
Global->VariableName[VirtualMode][VAR_AUTH_KEY_DB],
Global->AuthenticatedVariableGuid[VirtualMode],
&Variable,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance
);
ASSERT_EFI_ERROR (Status);
//
// Check whether the public key entry does exist.
//
IsFound = FALSE;
for (Ptr = Global->PubKeyStore, Index = 1; Index <= mPubKeyNumber; Index++) {
if (CompareMem (Ptr, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
IsFound = TRUE;
break;
}
Ptr += EFI_CERT_TYPE_RSA2048_SIZE;
}
if (!IsFound) {
//
// Add public key in database.
//
if (mPubKeyNumber == MAX_KEY_NUM) {
//
// Notes: Database is full, need enhancement here, currently just return 0.
//
return 0;
}
CopyMem (Global->PubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
Index = ++mPubKeyNumber;
//
// Update public key database variable.
//
Status = UpdateVariable (
Global->VariableName[VirtualMode][VAR_AUTH_KEY_DB],
Global->AuthenticatedVariableGuid[VirtualMode],
Global->PubKeyStore,
mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,
0,
0,
VirtualMode,
Global,
&Variable
);
ASSERT_EFI_ERROR (Status);
}
return Index;
}
/**
Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256 type.
Follow the steps in UEFI2.2.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Data The pointer to data with AuthInfo.
@param[in] DataSize The size of Data.
@param[in] PubKey The public key used for verification.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION Authentication failed.
@retval EFI_SUCCESS Authentication successful.
**/
EFI_STATUS
VerifyDataPayload (
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN UINT8 *Data,
IN UINTN DataSize,
IN UINT8 *PubKey
)
{
BOOLEAN Status;
EFI_VARIABLE_AUTHENTICATION *CertData;
EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;
UINT8 Digest[SHA256_DIGEST_SIZE];
VOID *Rsa;
VOID *HashContext;
Rsa = NULL;
CertData = NULL;
CertBlock = NULL;
if (Data == NULL || PubKey == NULL) {
return EFI_INVALID_PARAMETER;
}
CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
//
// wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
// Cert type should be EFI_CERT_TYPE_RSA2048_SHA256.
//
if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
!CompareGuid (&CertData->AuthInfo.CertType, Global->CertRsa2048Sha256Guid[VirtualMode])
) {
//
// Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
//
// Hash data payload with SHA256.
//
ZeroMem (Digest, SHA256_DIGEST_SIZE);
HashContext = Global->HashContext[VirtualMode];
Status = Sha256Init (HashContext);
if (!Status) {
goto Done;
}
Status = Sha256Update (HashContext, Data + AUTHINFO_SIZE, (UINTN) (DataSize - AUTHINFO_SIZE));
if (!Status) {
goto Done;
}
//
// Hash Monotonic Count.
//
Status = Sha256Update (HashContext, &CertData->MonotonicCount, sizeof (UINT64));
if (!Status) {
goto Done;
}
Status = Sha256Final (HashContext, Digest);
if (!Status) {
goto Done;
}
//
// Generate & Initialize RSA Context.
//
Rsa = RsaNew ();
ASSERT (Rsa != NULL);
//
// Set RSA Key Components.
// NOTE: Only N and E are needed to be set as RSA public key for signature verification.
//
Status = RsaSetKey (Rsa, RsaKeyN, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
if (!Status) {
goto Done;
}
Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
if (!Status) {
goto Done;
}
//
// Verify the signature.
//
Status = RsaPkcs1Verify (
Rsa,
Digest,
SHA256_DIGEST_SIZE,
CertBlock->Signature,
EFI_CERT_TYPE_RSA2048_SHA256_SIZE
);
Done:
if (Rsa != NULL) {
RsaFree (Rsa);
}
if (Status) {
return EFI_SUCCESS;
} else {
return EFI_SECURITY_VIOLATION;
}
}
/**
Update platform mode.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Mode SETUP_MODE or USER_MODE.
**/
VOID
UpdatePlatformMode (
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN UINT32 Mode
)
{
EFI_STATUS Status;
VARIABLE_POINTER_TRACK Variable;
UINT32 VarAttr;
Status = FindVariable (
Global->VariableName[VirtualMode][VAR_SETUP_MODE],
Global->GlobalVariableGuid[VirtualMode],
&Variable,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance
);
ASSERT_EFI_ERROR (Status);
mPlatformMode = Mode;
VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
Status = UpdateVariable (
Global->VariableName[VirtualMode][VAR_SETUP_MODE],
Global->GlobalVariableGuid[VirtualMode],
&mPlatformMode,
sizeof(UINT8),
VarAttr,
0,
0,
VirtualMode,
Global,
&Variable
);
ASSERT_EFI_ERROR (Status);
}
/**
Process variable with platform key for verification.
@param[in] VariableName The name of Variable to be found.
@param[in] VendorGuid The variable vendor GUID.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@param[in] IsPk Indicates whether to process pk.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable passed validation successfully.
**/
EFI_STATUS
ProcessVarWithPk (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN VARIABLE_POINTER_TRACK *Variable,
IN UINT32 Attributes OPTIONAL,
IN BOOLEAN IsPk
)
{
EFI_STATUS Status;
VARIABLE_POINTER_TRACK PkVariable;
EFI_SIGNATURE_LIST *OldPkList;
EFI_SIGNATURE_DATA *OldPkData;
EFI_VARIABLE_AUTHENTICATION *CertData;
AUTHENTICATED_VARIABLE_HEADER VariableHeader;
BOOLEAN Valid;
OldPkList = NULL;
ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER));
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) {
//
// PK and KEK should set EFI_VARIABLE_NON_VOLATILE attribute.
//
return EFI_INVALID_PARAMETER;
}
if (mPlatformMode == USER_MODE) {
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
//
// In user mode, PK and KEK should set EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute.
//
return EFI_INVALID_PARAMETER;
}
CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
if (Variable->CurrPtr != 0x0) {
Valid = IsValidVariableHeader (
Variable->CurrPtr,
Variable->Volatile,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance,
&VariableHeader
);
ASSERT (Valid);
if (CertData->MonotonicCount <= VariableHeader.MonotonicCount) {
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
}
//
// Get platform key from variable.
//
Status = FindVariable (
Global->VariableName[VirtualMode][VAR_PLATFORM_KEY],
Global->GlobalVariableGuid[VirtualMode],
&PkVariable,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance
);
ASSERT_EFI_ERROR (Status);
ZeroMem (Global->KeyList, MAX_KEYDB_SIZE);
GetVariableDataPtr (
PkVariable.CurrPtr,
PkVariable.Volatile,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance,
(CHAR16 *) Global->KeyList
);
OldPkList = (EFI_SIGNATURE_LIST *) Global->KeyList;
OldPkData = (EFI_SIGNATURE_DATA *) ((UINT8 *) OldPkList + sizeof (EFI_SIGNATURE_LIST) + OldPkList->SignatureHeaderSize);
Status = VerifyDataPayload (VirtualMode, Global, Data, DataSize, OldPkData->SignatureData);
if (!EFI_ERROR (Status)) {
Status = UpdateVariable (
VariableName,
VendorGuid,
(UINT8*)Data + AUTHINFO_SIZE,
DataSize - AUTHINFO_SIZE,
Attributes,
0,
CertData->MonotonicCount,
VirtualMode,
Global,
Variable
);
if (!EFI_ERROR (Status)) {
//
// If delete PK in user mode, need change to setup mode.
//
if ((DataSize == AUTHINFO_SIZE) && IsPk) {
UpdatePlatformMode (VirtualMode, Global, SETUP_MODE);
}
}
}
} else {
Status = UpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes, 0, 0, VirtualMode, Global, Variable);
//
// If enroll PK in setup mode, need change to user mode.
//
if ((DataSize != 0) && IsPk) {
UpdatePlatformMode (VirtualMode, Global, USER_MODE);
}
}
return Status;
}
/**
Process variable with key exchange key for verification.
@param[in] VariableName The name of Variable to be found.
@param[in] VendorGuid The variable vendor GUID.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION The variable did NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable passed validation successfully.
**/
EFI_STATUS
ProcessVarWithKek (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN VARIABLE_POINTER_TRACK *Variable,
IN UINT32 Attributes OPTIONAL
)
{
EFI_STATUS Status;
VARIABLE_POINTER_TRACK KekVariable;
EFI_SIGNATURE_LIST *KekList;
EFI_SIGNATURE_DATA *KekItem;
UINT32 KekCount;
EFI_VARIABLE_AUTHENTICATION *CertData;
EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;
BOOLEAN IsFound;
UINT32 Index;
AUTHENTICATED_VARIABLE_HEADER VariableHeader;
BOOLEAN Valid;
KekList = NULL;
ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER));
if (mPlatformMode == USER_MODE) {
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
//
// In user mode, should set EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute.
//
return EFI_INVALID_PARAMETER;
}
CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
if (Variable->CurrPtr != 0x0) {
Valid = IsValidVariableHeader (
Variable->CurrPtr,
Variable->Volatile,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance,
&VariableHeader
);
ASSERT (Valid);
if (CertData->MonotonicCount <= VariableHeader.MonotonicCount) {
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
}
//
// Get KEK database from variable.
//
Status = FindVariable (
Global->VariableName[VirtualMode][VAR_KEY_EXCHANGE_KEY],
Global->GlobalVariableGuid[VirtualMode],
&KekVariable,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance
);
ASSERT_EFI_ERROR (Status);
ZeroMem (Global->KeyList, MAX_KEYDB_SIZE);
GetVariableDataPtr (
KekVariable.CurrPtr,
KekVariable.Volatile,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance,
(CHAR16 *) Global->KeyList
);
//
// Enumerate all Kek items in this list to verify the variable certificate data.
// If anyone is authenticated successfully, it means the variable is correct!
//
KekList = (EFI_SIGNATURE_LIST *) Global->KeyList;
IsFound = FALSE;
KekCount = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize;
KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize);
for (Index = 0; Index < KekCount; Index++) {
if (CompareMem (KekItem->SignatureData, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
IsFound = TRUE;
break;
}
KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekItem + KekList->SignatureSize);
}
if (!IsFound) {
return EFI_SECURITY_VIOLATION;
}
Status = VerifyDataPayload (VirtualMode, Global, Data, DataSize, CertBlock->PublicKey);
if (!EFI_ERROR (Status)) {
Status = UpdateVariable (
VariableName,
VendorGuid,
(UINT8*)Data + AUTHINFO_SIZE,
DataSize - AUTHINFO_SIZE,
Attributes,
0,
CertData->MonotonicCount,
VirtualMode,
Global,
Variable
);
}
} else {
//
// If in setup mode, no authentication needed.
//
Status = UpdateVariable (
VariableName,
VendorGuid,
Data,
DataSize,
Attributes,
0,
0,
VirtualMode,
Global,
Variable
);
}
return Status;
}
/**
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@param[out] KeyIndex The output index of corresponding public key in database.
@param[out] MonotonicCount The output value of corresponding Monotonic Count.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully.
**/
EFI_STATUS
VerifyVariable (
IN VOID *Data,
IN UINTN DataSize,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN VARIABLE_POINTER_TRACK *Variable,
IN UINT32 Attributes OPTIONAL,
OUT UINT32 *KeyIndex OPTIONAL,
OUT UINT64 *MonotonicCount OPTIONAL
)
{
EFI_STATUS Status;
BOOLEAN IsDeletion;
BOOLEAN IsFirstTime;
UINT8 *PubKey;
EFI_VARIABLE_AUTHENTICATION *CertData;
EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;
AUTHENTICATED_VARIABLE_HEADER VariableHeader;
BOOLEAN Valid;
CertData = NULL;
CertBlock = NULL;
PubKey = NULL;
IsDeletion = FALSE;
Valid = FALSE;
if (KeyIndex != NULL) {
*KeyIndex = 0;
}
//
// Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS.
//
ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER));
if (Variable->CurrPtr != 0x0) {
Valid = IsValidVariableHeader (
Variable->CurrPtr,
Variable->Volatile,
&Global->VariableGlobal[VirtualMode],
Global->FvbInstance,
&VariableHeader
);
ASSERT (Valid);
}
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
if (KeyIndex == NULL) {
return EFI_INVALID_PARAMETER;
}
//
// Determine current operation type.
//
if (DataSize == AUTHINFO_SIZE) {
IsDeletion = TRUE;
}
//
// Determine whether this is the first time with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
//
if (Variable->CurrPtr == 0x0) {
IsFirstTime = TRUE;
} else if (Valid &&(VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
IsFirstTime = TRUE;
} else {
*KeyIndex = VariableHeader.PubKeyIndex;
IsFirstTime = FALSE;
}
} else if (Valid && (VariableHeader.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
//
// If the variable is already write-protected, it always needs authentication before update.
//
return EFI_WRITE_PROTECTED;
} else {
//
// If without EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, set and attributes collision.
// That means it is not authenticated variable, just return EFI_SUCCESS.
//
return EFI_SUCCESS;
}
//
// Get PubKey and check Monotonic Count value corresponding to the variable.
//
CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
PubKey = CertBlock->PublicKey;
if (MonotonicCount != NULL) {
//
// Update Monotonic Count value.
//
*MonotonicCount = CertData->MonotonicCount;
}
if (!IsFirstTime) {
//
// Check input PubKey.
//
if (CompareMem (PubKey, Global->PubKeyStore + (*KeyIndex - 1) * EFI_CERT_TYPE_RSA2048_SIZE, EFI_CERT_TYPE_RSA2048_SIZE) != 0) {
return EFI_SECURITY_VIOLATION;
}
//
// Compare the current monotonic count and ensure that it is greater than the last SetVariable
// operation with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.
//
if (CertData->MonotonicCount <= VariableHeader.MonotonicCount) {
//
// Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
//
return EFI_SECURITY_VIOLATION;
}
}
//
// Verify the certificate in Data payload.
//
Status = VerifyDataPayload (VirtualMode, Global, Data, DataSize, PubKey);
if (!EFI_ERROR (Status)) {
//
// Now, the signature has been verified!
//
if (IsFirstTime && !IsDeletion) {
//
// Update public key database variable if need and return the index.
//
*KeyIndex = AddPubKeyInStore (VirtualMode, Global, PubKey);
}
}
return Status;
}

151
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.h
View File

@ -1,151 +0,0 @@
/** @file
The internal header file includes the common header files, defines
internal structure and functions used by AuthService module.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _AUTHSERVICE_H_
#define _AUTHSERVICE_H_
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
#define EFI_CERT_TYPE_RSA2048_SIZE 256
///
/// Size of AuthInfo prior to the data payload
///
#define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
///
/// Item number of support signature types.
///
#define SIGSUPPORT_NUM 2
/**
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@param[out] KeyIndex The output index of corresponding public key in database.
@param[out] MonotonicCount The output value of corresponding Monotonic Count.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully.
**/
EFI_STATUS
VerifyVariable (
IN VOID *Data,
IN UINTN DataSize,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN VARIABLE_POINTER_TRACK *Variable,
IN UINT32 Attributes OPTIONAL,
OUT UINT32 *KeyIndex OPTIONAL,
OUT UINT64 *MonotonicCount OPTIONAL
);
/**
Initializes for authenticated varibale service.
@retval EFI_SUCCESS The function successfully executed.
@retval EFI_OUT_OF_RESOURCES Failed to allocate enough memory resources.
**/
EFI_STATUS
AutenticatedVariableServiceInitialize (
VOID
);
/**
Initializes for cryptlib service before use, include register algrithm and allocate scratch.
**/
VOID
CryptLibraryInitialize (
VOID
);
/**
Process variable with platform key for verification.
@param[in] VariableName The name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data The data pointer.
@param[in] DataSize The size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@param[in] IsPk Indicates whether to process pk.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable passed validation successfully.
**/
EFI_STATUS
ProcessVarWithPk (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN VARIABLE_POINTER_TRACK *Variable,
IN UINT32 Attributes OPTIONAL,
IN BOOLEAN IsPk
);
/**
Process variable with key exchange key for verification.
@param[in] VariableName The name of Variable to be found.
@param[in] VendorGuid The variable vendor GUID.
@param[in] Data The data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@param[in] Attributes The attribute value of the variable.
@retval EFI_INVALID_PARAMETER Invalid parameter.
@retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
check carried out by the firmware.
@retval EFI_SUCCESS The variable passed validation successfully.
**/
EFI_STATUS
ProcessVarWithKek (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN VARIABLE_POINTER_TRACK *Variable,
IN UINT32 Attributes OPTIONAL
);
#endif

105
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf
View File

@ -1,105 +0,0 @@
## @file
# Provides authenticated variable service for IPF platform
#
# This module installs variable arch protocol and variable write arch protocol to provide
# four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = EsalVariableDxeSal
MODULE_UNI_FILE = EsalVariableDxeSal.uni
FILE_GUID = 14610837-4E97-4427-96E0-21D9B2956996
MODULE_TYPE = DXE_SAL_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = VariableServiceInitialize
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IPF
#
# VIRTUAL_ADDRESS_MAP_CALLBACK = VariableClassAddressChangeEvent
#
[Sources.common]
InitVariable.c
Reclaim.c
Variable.c
Variable.h
AuthService.c
AuthService.h
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
MemoryAllocationLib
BaseLib
SynchronizationLib
UefiLib
UefiBootServicesTableLib
BaseMemoryLib
DebugLib
UefiRuntimeLib
DxeServicesTableLib
UefiDriverEntryPoint
PcdLib
ExtendedSalLib
BaseCryptLib
HobLib
[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES
gEfiFaultTolerantWriteProtocolGuid ## SOMETIMES_CONSUMES
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"PK"
## CONSUMES ## Variable:L"SetupMode"
## PRODUCES ## Variable:L"SetupMode"
## CONSUMES ## Variable:L"SignatureSupport"
## PRODUCES ## Variable:L"SignatureSupport"
gEfiGlobalVariableGuid
## PRODUCES ## GUID # Variable store header
## CONSUMES ## GUID # Variable store header
## SOMETIMES_CONSUMES ## HOB
## SOMETIMES_PRODUCES ## SystemTable
gEfiAuthenticatedVariableGuid
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
gEfiCertRsa2048Sha256Guid ## CONSUMES ## GUID # Unique ID for the format of the CertType.
## SOMETIMES_CONSUMES ## Variable:L"DB"
## SOMETIMES_CONSUMES ## Variable:L"DBX"
gEfiImageSecurityDatabaseGuid
[Pcd.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES
[FeaturePcd.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable.
[Depex]
gEfiExtendedSalFvBlockServicesProtocolGuid AND gEfiFaultTolerantWriteProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
EsalVariableDxeSalExtra.uni

22
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.uni
View File

@ -1,22 +0,0 @@
// /** @file
// Provides authenticated variable service for IPF platform
//
// This module installs variable arch protocol and variable write arch protocol to provide
// four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo.
//
// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides authenticated variable service for IPF platform"
#string STR_MODULE_DESCRIPTION #language en-US "This module installs variable arch protocol and variable write arch protocol to provide four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo."

19
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSalExtra.uni
View File

@ -1,19 +0,0 @@
// /** @file
// EsalVariableDxeSal Localized Strings and Content
//
// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
//
// This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
//
// **/
#string STR_PROPERTIES_MODULE_NAME
#language en-US
"Esal Authenticated Variable DXE"

247
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/InitVariable.c
View File

@ -1,247 +0,0 @@
/** @file
Entrypoint of Extended SAL variable service module.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Variable.h"
#include "AuthService.h"
//
// Don't use module globals after the SetVirtualAddress map is signaled
//
EFI_EVENT mEfiVirtualNotifyEvent;
/**
Common entry for Extended SAL Variable Services Class.
This is the common entry of all functions of Extended SAL Variable Services Class.
@param[in] FunctionId The Function ID of member function in Extended SAL Variable Services Class.
@param[in] Arg2 The 2nd parameter for SAL procedure call.
@param[in] Arg3 The 3rd parameter for SAL procedure call.
@param[in] Arg4 The 4th parameter for SAL procedure call.
@param[in] Arg5 The 5th parameter for SAL procedure call.
@param[in] Arg6 The 6th parameter for SAL procedure call.
@param[in] Arg7 The 7th parameter for SAL procedure call.
@param[in] Arg8 The 8th parameter for SAL procedure call.
@param[in] VirtualMode The current calling mode for this function.
@param[in] Global The context of this Extended SAL Variable Services Class call.
@return The register of SAL.
**/
SAL_RETURN_REGS
EFIAPI
EsalVariableCommonEntry (
IN UINT64 FunctionId,
IN UINT64 Arg2,
IN UINT64 Arg3,
IN UINT64 Arg4,
IN UINT64 Arg5,
IN UINT64 Arg6,
IN UINT64 Arg7,
IN UINT64 Arg8,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global
)
{
SAL_RETURN_REGS ReturnVal;
ReturnVal.r9 = 0;
ReturnVal.r10 = 0;
ReturnVal.r11 = 0;
switch (FunctionId) {
case EsalGetVariableFunctionId:
ReturnVal.Status = EsalGetVariable (
(CHAR16 *) Arg2,
(EFI_GUID *) Arg3,
(UINT32 *) Arg4,
(UINTN *) Arg5,
(VOID *) Arg6,
VirtualMode,
Global
);
return ReturnVal;
case EsalGetNextVariableNameFunctionId:
ReturnVal.Status = EsalGetNextVariableName (
(UINTN *) Arg2,
(CHAR16 *) Arg3,
(EFI_GUID *) Arg4,
VirtualMode,
Global
);
return ReturnVal;
case EsalSetVariableFunctionId:
ReturnVal.Status = EsalSetVariable (
(CHAR16 *) Arg2,
(EFI_GUID *) Arg3,
(UINT32) Arg4,
(UINTN) Arg5,
(VOID *) Arg6,
VirtualMode,
Global
);
return ReturnVal;
case EsalQueryVariableInfoFunctionId:
ReturnVal.Status = EsalQueryVariableInfo (
(UINT32) Arg2,
(UINT64 *) Arg3,
(UINT64 *) Arg4,
(UINT64 *) Arg5,
VirtualMode,
Global
);
return ReturnVal;
default:
ReturnVal.Status = EFI_SAL_INVALID_ARGUMENT;
return ReturnVal;
}
}
/**
Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
It convers pointer to new virtual address.
@param[in] Event The event whose notification function is being invoked.
@param[in] Context The pointer to the notification function's context.
**/
VOID
EFIAPI
VariableClassAddressChangeEvent (
IN EFI_EVENT Event,
IN VOID *Context
)
{
UINTN Index;
CopyMem (
&mVariableModuleGlobal->VariableGlobal[Virtual],
&mVariableModuleGlobal->VariableGlobal[Physical],
sizeof (VARIABLE_GLOBAL)
);
EfiConvertPointer (
0x0,
(VOID **) &mVariableModuleGlobal->VariableGlobal[Virtual].NonVolatileVariableBase
);
EfiConvertPointer (
0x0,
(VOID **) &mVariableModuleGlobal->VariableGlobal[Virtual].VolatileVariableBase
);
mVariableModuleGlobal->PlatformLangCodes[Virtual] = mVariableModuleGlobal->PlatformLangCodes[Physical];
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->PlatformLangCodes[Virtual]);
mVariableModuleGlobal->LangCodes[Virtual] = mVariableModuleGlobal->LangCodes[Physical];
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->LangCodes[Virtual]);
mVariableModuleGlobal->PlatformLang[Virtual] = mVariableModuleGlobal->PlatformLang[Physical];
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->PlatformLang[Virtual]);
CopyMem (
mVariableModuleGlobal->VariableName[Virtual],
mVariableModuleGlobal->VariableName[Physical],
sizeof (mVariableModuleGlobal->VariableName[Physical])
);
for (Index = 0; Index < NUM_VAR_NAME; Index++) {
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableName[Virtual][Index]);
}
mVariableModuleGlobal->GlobalVariableGuid[Virtual] = &gEfiGlobalVariableGuid;
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->GlobalVariableGuid[Virtual]);
mVariableModuleGlobal->AuthenticatedVariableGuid[Virtual] = &gEfiAuthenticatedVariableGuid;
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->AuthenticatedVariableGuid[Virtual]);
mVariableModuleGlobal->CertRsa2048Sha256Guid[Virtual] = &gEfiCertRsa2048Sha256Guid;
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->CertRsa2048Sha256Guid[Virtual]);
mVariableModuleGlobal->ImageSecurityDatabaseGuid[Virtual] = &gEfiImageSecurityDatabaseGuid;
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->ImageSecurityDatabaseGuid[Virtual]);
mVariableModuleGlobal->HashContext[Virtual] = mVariableModuleGlobal->HashContext[Physical];
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->HashContext[Virtual]);
}
/**
Entry point of Extended SAL Variable service module.
This function is the entry point of Extended SAL Variable service module.
It registers all functions of Extended SAL Variable class, initializes
variable store for non-volatile and volatile variables, and registers
notification function for EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
@param[in] ImageHandle The Image handle of this driver.
@param[in] SystemTable The pointer of EFI_SYSTEM_TABLE.
@retval EFI_SUCCESS Extended SAL Variable Services Class successfully registered.
**/
EFI_STATUS
EFIAPI
VariableServiceInitialize (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
Status = gBS->CreateEventEx (
EVT_NOTIFY_SIGNAL,
TPL_NOTIFY,
VariableClassAddressChangeEvent,
NULL,
&gEfiEventVirtualAddressChangeGuid,
&mEfiVirtualNotifyEvent
);
ASSERT_EFI_ERROR (Status);
Status = VariableCommonInitialize (ImageHandle, SystemTable);
ASSERT_EFI_ERROR (Status);
//
// Authenticated variable initialize
//
Status = AutenticatedVariableServiceInitialize ();
ASSERT_EFI_ERROR (Status);
FlushHob2Nv ();
//
// Register All the Functions with Extended SAL Variable Services Class
//
RegisterEsalClass (
EFI_EXTENDED_SAL_VARIABLE_SERVICES_PROTOCOL_GUID_LO,
EFI_EXTENDED_SAL_VARIABLE_SERVICES_PROTOCOL_GUID_HI,
mVariableModuleGlobal,
EsalVariableCommonEntry,
EsalGetVariableFunctionId,
EsalVariableCommonEntry,
EsalGetNextVariableNameFunctionId,
EsalVariableCommonEntry,
EsalSetVariableFunctionId,
EsalVariableCommonEntry,
EsalQueryVariableInfoFunctionId,
NULL
);
return EFI_SUCCESS;
}

262
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Reclaim.c
View File

@ -1,262 +0,0 @@
/** @file
Handles non-volatile variable store garbage collection, using FTW
(Fault Tolerant Write) protocol.
Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "Variable.h"
/**
Gets firmware volume block handle by given address.
This function gets firmware volume block handle whose
address range contains the parameter Address.
@param[in] Address Address which should be contained
by returned FVB handle.
@param[out] FvbHandle Pointer to FVB handle for output.
@retval EFI_SUCCESS FVB handle successfully returned.
@retval EFI_NOT_FOUND Failed to find FVB handle by address.
**/
EFI_STATUS
GetFvbHandleByAddress (
IN EFI_PHYSICAL_ADDRESS Address,
OUT EFI_HANDLE *FvbHandle
)
{
EFI_STATUS Status;
EFI_HANDLE *HandleBuffer;
UINTN HandleCount;
UINTN Index;
EFI_PHYSICAL_ADDRESS FvbBaseAddress;
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb;
EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader;
*FvbHandle = NULL;
//
// Locate all handles with Firmware Volume Block protocol
//
Status = gBS->LocateHandleBuffer (
ByProtocol,
&gEfiFirmwareVolumeBlockProtocolGuid,
NULL,
&HandleCount,
&HandleBuffer
);
if (EFI_ERROR (Status)) {
return EFI_NOT_FOUND;
}
//
// Traverse all the handles, searching for the one containing parameter Address
//
for (Index = 0; Index < HandleCount; Index += 1) {
Status = gBS->HandleProtocol (
HandleBuffer[Index],
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID **) &Fvb
);
if (EFI_ERROR (Status)) {
Status = EFI_NOT_FOUND;
break;
}
//
// Checks if the address range of this handle contains parameter Address
//
Status = Fvb->GetPhysicalAddress (Fvb, &FvbBaseAddress);
if (EFI_ERROR (Status)) {
continue;
}
FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *) ((UINTN) FvbBaseAddress);
if ((Address >= FvbBaseAddress) && (Address <= (FvbBaseAddress + FwVolHeader->FvLength))) {
*FvbHandle = HandleBuffer[Index];
Status = EFI_SUCCESS;
break;
}
}
FreePool (HandleBuffer);
return Status;
}
/**
Gets LBA of block and offset by given address.
This function gets the Logical Block Address (LBA) of firmware
volume block containing the given address, and the offset of
address on the block.
@param[in] Address Address which should be contained
by returned FVB handle.
@param[out] Lba The pointer to LBA for output.
@param[out] Offset The pointer to offset for output.
@retval EFI_SUCCESS LBA and offset successfully returned.
@retval EFI_NOT_FOUND Failed to find FVB handle by address.
@retval EFI_ABORTED Failed to find valid LBA and offset.
**/
EFI_STATUS
GetLbaAndOffsetByAddress (
IN EFI_PHYSICAL_ADDRESS Address,
OUT EFI_LBA *Lba,
OUT UINTN *Offset
)
{
EFI_STATUS Status;
EFI_HANDLE FvbHandle;
EFI_PHYSICAL_ADDRESS FvbBaseAddress;
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb;
EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader;
EFI_FV_BLOCK_MAP_ENTRY *FvbMapEntry;
UINT32 LbaIndex;
*Lba = (EFI_LBA) (-1);
*Offset = 0;
//
// Gets firmware volume block handle by given address.
//
Status = GetFvbHandleByAddress (Address, &FvbHandle);
if (EFI_ERROR (Status)) {
return Status;
}
Status = gBS->HandleProtocol (
FvbHandle,
&gEfiFirmwareVolumeBlockProtocolGuid,
(VOID **) &Fvb
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Get the Base Address of FV
//
Status = Fvb->GetPhysicalAddress (Fvb, &FvbBaseAddress);
if (EFI_ERROR (Status)) {
return Status;
}
FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *) ((UINTN) FvbBaseAddress);
//
// Get the (LBA, Offset) of Address
//
if ((Address >= FvbBaseAddress) && (Address <= (FvbBaseAddress + FwVolHeader->FvLength))) {
if ((FwVolHeader->FvLength) > (FwVolHeader->HeaderLength)) {
//
// BUGBUG: Assume one FV has one type of BlockLength
//
FvbMapEntry = &FwVolHeader->BlockMap[0];
for (LbaIndex = 1; LbaIndex <= FvbMapEntry->NumBlocks; LbaIndex += 1) {
if (Address < (FvbBaseAddress + FvbMapEntry->Length * LbaIndex)) {
//
// Found the (Lba, Offset)
//
*Lba = LbaIndex - 1;
*Offset = (UINTN) (Address - (FvbBaseAddress + FvbMapEntry->Length * (LbaIndex - 1)));
return EFI_SUCCESS;
}
}
}
}
return EFI_ABORTED;
}
/**
Writes a buffer to variable storage space.
This function writes a buffer to variable storage space into firmware
volume block device. The destination is specified by parameter
VariableBase. Fault Tolerant Write protocol is used for writing.
@param[in] VariableBase The base address of the variable to write.
@param[in] Buffer Points to the data buffer.
@param[in] BufferSize The number of bytes of the data Buffer.
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NOT_FOUND Fail to locate Fault Tolerant Write protocol.
@retval Other The function could not complete successfully.
**/
EFI_STATUS
FtwVariableSpace (
IN EFI_PHYSICAL_ADDRESS VariableBase,
IN UINT8 *Buffer,
IN UINTN BufferSize
)
{
EFI_STATUS Status;
EFI_HANDLE FvbHandle;
EFI_LBA VarLba;
UINTN VarOffset;
UINT8 *FtwBuffer;
UINTN FtwBufferSize;
EFI_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;
//
// Locate Fault Tolerant Write protocol
//
Status = gBS->LocateProtocol (
&gEfiFaultTolerantWriteProtocolGuid,
NULL,
(VOID **) &FtwProtocol
);
if (EFI_ERROR (Status)) {
return EFI_NOT_FOUND;
}
//
// Gets firmware volume block handle by VariableBase.
//
Status = GetFvbHandleByAddress (VariableBase, &FvbHandle);
if (EFI_ERROR (Status)) {
return Status;
}
//
// Gets LBA of block and offset by VariableBase.
//
Status = GetLbaAndOffsetByAddress (VariableBase, &VarLba, &VarOffset);
if (EFI_ERROR (Status)) {
return EFI_ABORTED;
}
//
// Prepare for the variable data
//
FtwBufferSize = ((VARIABLE_STORE_HEADER *) ((UINTN) VariableBase))->Size;
FtwBuffer = AllocatePool (FtwBufferSize);
if (FtwBuffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
SetMem (FtwBuffer, FtwBufferSize, (UINT8) 0xff);
CopyMem (FtwBuffer, Buffer, BufferSize);
//
// FTW write record
//
Status = FtwProtocol->Write (
FtwProtocol,
VarLba, // LBA
VarOffset, // Offset
FtwBufferSize, // NumBytes,
NULL,
FvbHandle,
FtwBuffer
);
FreePool (FtwBuffer);
return Status;
}

3257
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c
View File

File diff suppressed because it is too large Load Diff

505
SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h
View File

@ -1,505 +0,0 @@
/** @file
Internal header file for Extended SAL variable service module.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _VARIABLE_H_
#define _VARIABLE_H_
#include <PiDxe.h>
#include <Protocol/VariableWrite.h>
#include <Protocol/FaultTolerantWrite.h>
#include <Protocol/FirmwareVolumeBlock.h>
#include <Protocol/Variable.h>
#include <Protocol/ExtendedSalBootService.h>
#include <Protocol/ExtendedSalServiceClasses.h>
#include <Guid/GlobalVariable.h>
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/ImageAuthentication.h>
#include <Guid/EventGroup.h>
#include <Library/PcdLib.h>
#include <Library/HobLib.h>
#include <Library/UefiDriverEntryPoint.h>
#include <Library/DxeServicesTableLib.h>
#include <Library/UefiRuntimeLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiLib.h>
#include <Library/BaseLib.h>
#include <Library/SynchronizationLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/ExtendedSalLib.h>
#include <Library/BaseCryptLib.h>
#define MAX_NAME_SIZE 0x100
#define NUM_VAR_NAME 9 // Number of pre-defined variable name to be referenced
#define VAR_PLATFORM_LANG_CODES 0 // Index of "PlatformLangCodes" variable
#define VAR_LANG_CODES 1 // Index of "LangCodes" variable
#define VAR_PLATFORM_LANG 2 // Index of "PlatformLang" variable
#define VAR_LANG 3 // Index of "Lang" variable
#define VAR_HW_ERR_REC 4 // Index of "HwErrRecXXXX" variable
#define VAR_AUTH_KEY_DB 5 // Index of "AuthVarKeyDatabase" variable
#define VAR_SETUP_MODE 6 // Index of "SetupMode" variable
#define VAR_PLATFORM_KEY 7 // Index of "PK" variable
#define VAR_KEY_EXCHANGE_KEY 8 // Index of "KEK" variable
///
/// "AuthVarKeyDatabase" variable for the Public Key store.
///
#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
#define AUTHVAR_KEYDB_NAME_SIZE 38
///
/// The maximum size of the public key database, restricted by maximum individal EFI
/// varible size, and excluding the variable header and name size.
///
#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE)
#define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE)
///
/// The size of a 3 character ISO639 language code.
///
#define ISO_639_2_ENTRY_SIZE 3
typedef enum {
Physical,
Virtual
} VARIABLE_POINTER_TYPE;
typedef struct {
EFI_PHYSICAL_ADDRESS CurrPtr;
EFI_PHYSICAL_ADDRESS EndPtr;
EFI_PHYSICAL_ADDRESS StartPtr;
BOOLEAN Volatile;
} VARIABLE_POINTER_TRACK;
typedef struct {
EFI_PHYSICAL_ADDRESS VolatileVariableBase;
EFI_PHYSICAL_ADDRESS NonVolatileVariableBase;
EFI_LOCK VariableServicesLock;
} VARIABLE_GLOBAL;
typedef struct {
VARIABLE_GLOBAL VariableGlobal[2];
CHAR16 *VariableName[2][NUM_VAR_NAME];
EFI_GUID *GlobalVariableGuid[2];
UINTN VolatileLastVariableOffset;
UINTN NonVolatileLastVariableOffset;
UINTN CommonVariableTotalSize;
UINTN HwErrVariableTotalSize;
CHAR8 *PlatformLangCodes[2];
CHAR8 *LangCodes[2];
CHAR8 *PlatformLang[2];
CHAR8 Lang[ISO_639_2_ENTRY_SIZE + 1];
UINT32 FvbInstance;
UINT32 ReentrantState;
EFI_GUID *AuthenticatedVariableGuid[2];
EFI_GUID *CertRsa2048Sha256Guid[2];
EFI_GUID *ImageSecurityDatabaseGuid[2];
VOID *HashContext[2]; // Hash context pointer
UINT8 KeyList[MAX_KEYDB_SIZE]; // Cached Platform Key list
UINT8 PubKeyStore[MAX_KEYDB_SIZE]; // Cached Public Key list
} ESAL_VARIABLE_GLOBAL;
typedef struct {
EFI_GUID *Guid;
CHAR16 *Name;
UINT32 Attributes;
UINTN DataSize;
VOID *Data;
} VARIABLE_CACHE_ENTRY;
extern ESAL_VARIABLE_GLOBAL *mVariableModuleGlobal;
//
// Functions
//
/**
Initializes variable store area for non-volatile and volatile variable.
This function allocates and initializes memory space for global context of ESAL
variable service and variable store area for non-volatile and volatile variable.
@param[in] ImageHandle The Image handle of this driver.
@param[in] SystemTable The pointer of EFI_SYSTEM_TABLE.
@retval EFI_SUCCESS Function successfully executed.
@retval EFI_OUT_OF_RESOURCES Failed to allocate enough memory resource.
**/
EFI_STATUS
VariableCommonInitialize (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
);
/**
Entry point of Extended SAL Variable service module.
This function is the entry point of Extended SAL Variable service module.
It registers all functions of Extended SAL Variable class, initializes
variable store for non-volatile and volatile variables, and registers
notification function for EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
@param[in] ImageHandle The Image handle of this driver.
@param[in] SystemTable The pointer of EFI_SYSTEM_TABLE.
@retval EFI_SUCCESS Extended SAL Variable Services Class successfully registered.
**/
EFI_STATUS
EFIAPI
VariableServiceInitialize (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
);
/**
Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
It convers pointer to new virtual address.
@param[in] Event The event whose notification function is being invoked.
@param[in] Context The pointer to the notification function's context.
**/
VOID
EFIAPI
VariableClassAddressChangeEvent (
IN EFI_EVENT Event,
IN VOID *Context
);
/**
Implements EsalGetVariable function of Extended SAL Variable Services Class.
This function implements EsalGetVariable function of Extended SAL Variable Services Class.
It is equivalent in functionality to the EFI Runtime Service GetVariable().
@param[in] VariableName A Null-terminated Unicode string that is the name of
the vendor's variable.
@param[in] VendorGuid A unique identifier for the vendor.
@param[out] Attributes If not NULL, a pointer to the memory location to return the
attributes bitmask for the variable.
@param[in, out] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[out] Data On input, the size in bytes of the return Data buffer.
On output, the size of data returned in Data.
@param[in] VirtualMode Current calling mode for this function.
@param[in] Global Context of this Extended SAL Variable Services Class call.
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NOT_FOUND The variable was not found.
@retval EFI_BUFFER_TOO_SMALL DataSize is too small for the result. DataSize has
been updated with the size needed to complete the request.
@retval EFI_INVALID_PARAMETER VariableName is NULL.
@retval EFI_INVALID_PARAMETER VendorGuid is NULL.
@retval EFI_INVALID_PARAMETER DataSize is NULL.
@retval EFI_INVALID_PARAMETER DataSize is not too small and Data is NULL.
@retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
@retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
**/
EFI_STATUS
EFIAPI
EsalGetVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT UINT32 *Attributes OPTIONAL,
IN OUT UINTN *DataSize,
OUT VOID *Data,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global
);
/**
Implements EsalGetNextVariableName function of Extended SAL Variable Services Class.
This function implements EsalGetNextVariableName function of Extended SAL Variable Services Class.
It is equivalent in functionality to the EFI Runtime Service GetNextVariableName().
@param[in, out] VariableNameSize Size of the variable
@param[in, out] VariableName On input, supplies the last VariableName that was returned by GetNextVariableName().
On output, returns the Null-terminated Unicode string of the current variable.
@param[in, out] VendorGuid On input, supplies the last VendorGuid that was returned by GetNextVariableName().
On output, returns the VendorGuid of the current variable.
@param[in] VirtualMode Current calling mode for this function.
@param[in] Global Context of this Extended SAL Variable Services Class call.
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NOT_FOUND The next variable was not found.
@retval EFI_BUFFER_TOO_SMALL VariableNameSize is too small for the result.
VariableNameSize has been updated with the size needed to complete the request.
@retval EFI_INVALID_PARAMETER VariableNameSize is NULL.
@retval EFI_INVALID_PARAMETER VariableName is NULL.
@retval EFI_INVALID_PARAMETER VendorGuid is NULL.
@retval EFI_DEVICE_ERROR The variable name could not be retrieved due to a hardware error.
**/
EFI_STATUS
EFIAPI
EsalGetNextVariableName (
IN OUT UINTN *VariableNameSize,
IN OUT CHAR16 *VariableName,
IN OUT EFI_GUID *VendorGuid,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global
);
/**
Implements EsalSetVariable function of Extended SAL Variable Services Class.
This function implements EsalSetVariable function of Extended SAL Variable Services Class.
It is equivalent in functionality to the EFI Runtime Service SetVariable().
@param[in] VariableName A Null-terminated Unicode string that is the name of the vendor's
variable. Each VariableName is unique for each
VendorGuid. VariableName must contain 1 or more
Unicode characters. If VariableName is an empty Unicode
string, then EFI_INVALID_PARAMETER is returned.
@param[in] VendorGuid A unique identifier for the vendor.
@param[in] Attributes Attributes bitmask to set for the variable.
@param[in] DataSize The size in bytes of the Data buffer. A size of zero causes the
variable to be deleted.
@param[in] Data The contents for the variable.
@param[in] VirtualMode Current calling mode for this function.
@param[in] Global Context of this Extended SAL Variable Services Class call.
@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
defined by the Attributes.
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
DataSize exceeds the maximum allowed.
@retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
@retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
**/
EFI_STATUS
EFIAPI
EsalSetVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global
);
/**
Implements EsalQueryVariableInfo function of Extended SAL Variable Services Class.
This function implements EsalQueryVariableInfo function of Extended SAL Variable Services Class.
It is equivalent in functionality to the EFI Runtime Service QueryVariableInfo().
@param[in] Attributes Attributes bitmask to specify the type of variables
on which to return information.
@param[out] MaximumVariableStorageSize On output the maximum size of the storage space available for
the EFI variables associated with the attributes specified.
@param[out] RemainingVariableStorageSize Returns the remaining size of the storage space available for EFI
variables associated with the attributes specified.
@param[out] MaximumVariableSize Returns the maximum size of an individual EFI variable
associated with the attributes specified.
@param[in] VirtualMode Current calling mode for this function
@param[in] Global Context of this Extended SAL Variable Services Class call
@retval EFI_SUCCESS Valid answer returned.
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied.
@retval EFI_UNSUPPORTED The attribute is not supported on this platform, and the
MaximumVariableStorageSize, RemainingVariableStorageSize,
MaximumVariableSize are undefined.
**/
EFI_STATUS
EFIAPI
EsalQueryVariableInfo (
IN UINT32 Attributes,
OUT UINT64 *MaximumVariableStorageSize,
OUT UINT64 *RemainingVariableStorageSize,
OUT UINT64 *MaximumVariableSize,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global
);
/**
Writes a buffer to variable storage space.
This function writes a buffer to variable storage space into firmware
volume block device. The destination is specified by parameter
VariableBase. Fault Tolerant Write protocol is used for writing.
@param[in] VariableBase The base address of the variable to write.
@param[in] Buffer Points to the data buffer.
@param[in] BufferSize The number of bytes of the data Buffer.
@retval EFI_SUCCESS The function completed successfully.
@retval EFI_NOT_FOUND Fail to locate Fault Tolerant Write protocol.
@retval Other The function could not complete successfully.
**/
EFI_STATUS
FtwVariableSpace (
IN EFI_PHYSICAL_ADDRESS VariableBase,
IN UINT8 *Buffer,
IN UINTN BufferSize
);
/**
Finds variable in volatile and non-volatile storage areas.
This code finds variable in volatile and non-volatile storage areas.
If VariableName is an empty string, then we just return the first
qualified variable without comparing VariableName and VendorGuid.
Otherwise, VariableName and VendorGuid are compared.
@param[in] VariableName Name of the variable to be found.
@param[in] VendorGuid Vendor GUID to be found.
@param[out] PtrTrack VARIABLE_POINTER_TRACK structure for output,
including the range searched and the target position.
@param[in] Global Pointer to VARIABLE_GLOBAL structure, including
base of volatile variable storage area, base of
NV variable storage area, and a lock.
@param[in] Instance Instance of FV Block services.
@retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while
VendorGuid is NULL.
@retval EFI_SUCCESS Variable successfully found.
@retval EFI_INVALID_PARAMETER Variable not found.
**/
EFI_STATUS
FindVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT VARIABLE_POINTER_TRACK *PtrTrack,
IN VARIABLE_GLOBAL *Global,
IN UINTN Instance
);
/**
Gets the pointer to variable data area.
This function gets the pointer to variable data area.
The variable is specified by its variable header.
@param[in] VariableAddress Start address of variable header.
@param[in] Volatile TRUE - Variable is volatile.
FALSE - Variable is non-volatile.
@param[in] Global Pointer to VARAIBLE_GLOBAL structure.
@param[in] Instance Instance of FV Block services.
@param[out] VariableData Buffer to hold variable data for output.
**/
VOID
GetVariableDataPtr (
IN EFI_PHYSICAL_ADDRESS VariableAddress,
IN BOOLEAN Volatile,
IN VARIABLE_GLOBAL *Global,
IN UINTN Instance,
OUT CHAR16 *VariableData
);
/**
Gets the size of variable data area.
This function gets the size of variable data area.
The variable is specified by its variable header.
If variable header contains raw data, just return 0.
@param[in] Variable Pointer to the variable header.
@return Size of variable data area in bytes.
**/
UINTN
DataSizeOfVariable (
IN AUTHENTICATED_VARIABLE_HEADER *Variable
);
/**
Update the variable region with Variable information. These are the same
arguments as the EFI Variable services.
@param[in] VariableName Name of variable.
@param[in] VendorGuid Guid of variable.
@param[in] Data Variable data.
@param[in] DataSize Size of data. 0 means delete.
@param[in] Attributes Attributes of the variable.
@param[in] KeyIndex Index of associated public key.
@param[in] MonotonicCount Value of associated monotonic count.
@param[in] VirtualMode Current calling mode for this function.
@param[in] Global Context of this Extended SAL Variable Services Class call.
@param[in] Variable The variable information which is used to keep track of variable usage.
@retval EFI_SUCCESS The update operation is success.
@retval EFI_OUT_OF_RESOURCES Variable region is full, can not write other data into this region.
**/
EFI_STATUS
EFIAPI
UpdateVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes OPTIONAL,
IN UINT32 KeyIndex OPTIONAL,
IN UINT64 MonotonicCount OPTIONAL,
IN BOOLEAN VirtualMode,
IN ESAL_VARIABLE_GLOBAL *Global,
IN VARIABLE_POINTER_TRACK *Variable
);
/**
Checks variable header.
This function checks if variable header is valid or not.
@param[in] VariableAddress Start address of variable header.
@param[in] Volatile TRUE - Variable is volatile.
FALSE - Variable is non-volatile.
@param[in] Global Pointer to VARAIBLE_GLOBAL structure.
@param[in] Instance Instance of FV Block services.
@param[out] VariableHeader Pointer to AUTHENTICATED_VARIABLE_HEADER for output.
@retval TRUE Variable header is valid.
@retval FALSE Variable header is not valid.
**/
BOOLEAN
IsValidVariableHeader (
IN EFI_PHYSICAL_ADDRESS VariableAddress,
IN BOOLEAN Volatile,
IN VARIABLE_GLOBAL *Global,
IN UINTN Instance,
OUT AUTHENTICATED_VARIABLE_HEADER *VariableHeader OPTIONAL
);
/**
Flush the HOB variable to NV variable storage.
**/
VOID
FlushHob2Nv (
VOID
);
#endif

4
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
View File

@ -2,7 +2,7 @@
# Provides the capbility to configure secure boot in a setup browser # Provides the capbility to configure secure boot in a setup browser
# By this module, user may change the content of DB, DBX, PK and KEK. # By this module, user may change the content of DB, DBX, PK and KEK.
# #
# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -23,7 +23,7 @@
UNLOAD_IMAGE = SecureBootConfigDriverUnload UNLOAD_IMAGE = SecureBootConfigDriverUnload
# #
# VALID_ARCHITECTURES = IA32 X64 IPF EBC # VALID_ARCHITECTURES = IA32 X64 EBC
# #
[Sources] [Sources]