sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Create library for enrolling Secure Boot variables.

Browse Source 
This commits add library, which consist functions to
enrolll Secure Boot keys and initialize Secure Boot
default variables. Some of the functions was moved
 from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
Grzegorz Bernacki
2021-08-02 12:46:24 +02:00
committed by mergify[bot]
parent bb806a6e88
commit 9732659698
6 changed files with 715 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h Normal file
View File

@@ -0,0 +1,134 @@
/** @file
Provides a functions to enroll keys based on default values.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
Copyright (c) 2021, Semihalf All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef SECURE_BOOT_VARIABLE_PROVISION_LIB_H_
#define SECURE_BOOT_VARIABLE_PROVISION_LIB_H_
/**
Sets the content of the 'db' variable based on 'dbDefault' variable content.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
EnrollDbFromDefault (
VOID
);
/**
Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
EnrollDbxFromDefault (
VOID
);
/**
Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
EnrollDbtFromDefault (
VOID
);
/**
Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
EnrollKEKFromDefault (
VOID
);
/**
Sets the content of the 'PK' variable based on 'PKDefault' variable content.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
EnrollPKFromDefault (
VOID
);
/**
Initializes PKDefault variable with data from FFS section.
@retval EFI_SUCCESS Variable was initialized successfully.
@retval EFI_UNSUPPORTED Variable already exists.
--*/
EFI_STATUS
SecureBootInitPKDefault (
IN VOID
);
/**
Initializes KEKDefault variable with data from FFS section.
@retval EFI_SUCCESS Variable was initialized successfully.
@retval EFI_UNSUPPORTED Variable already exists.
--*/
EFI_STATUS
SecureBootInitKEKDefault (
IN VOID
);
/**
Initializes dbDefault variable with data from FFS section.
@retval EFI_SUCCESS Variable was initialized successfully.
@retval EFI_UNSUPPORTED Variable already exists.
--*/
EFI_STATUS
SecureBootInitDbDefault (
IN VOID
);
/**
Initializes dbtDefault variable with data from FFS section.
@retval EFI_SUCCESS Variable was initialized successfully.
@retval EFI_UNSUPPORTED Variable already exists.
--*/
EFI_STATUS
SecureBootInitDbtDefault (
IN VOID
);
/**
Initializes dbxDefault variable with data from FFS section.
@retval EFI_SUCCESS Variable was initialized successfully.
@retval EFI_UNSUPPORTED Variable already exists.
--*/
EFI_STATUS
SecureBootInitDbxDefault (
IN VOID
);
#endif