Defines | |
#define | EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 |
#define | EFI_CERT_TYPE_RSA2048_SIZE 256 |
#define | AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) |
#define | SIGSUPPORT_NUM 2 |
Functions | |
EFI_STATUS | VerifyVariable (IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, OUT UINT32 *KeyIndex, OUT UINT64 *MonotonicCount) |
EFI_STATUS | AutenticatedVariableServiceInitialize (VOID) |
VOID | CryptLibraryInitialize (VOID) |
EFI_STATUS | ProcessVarWithPk (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes, IN BOOLEAN IsPk) |
EFI_STATUS | ProcessVarWithKek (IN CHAR16 *VariableName, IN EFI_GUID *VendorGuid, IN VOID *Data, IN UINTN DataSize, IN BOOLEAN VirtualMode, IN ESAL_VARIABLE_GLOBAL *Global, IN VARIABLE_POINTER_TRACK *Variable, IN UINT32 Attributes) |
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) |
Size of AuthInfo prior to the data payload
Referenced by EsalSetVariable(), IsDeleteAuthVariable(), ProcessVariable(), ProcessVarWithKek(), ProcessVarWithPk(), VerifyCounterBasedPayload(), VerifyDataPayload(), and VerifyVariable().
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 |
#define EFI_CERT_TYPE_RSA2048_SIZE 256 |
#define SIGSUPPORT_NUM 2 |
Item number of support signature types.
Referenced by AutenticatedVariableServiceInitialize().
EFI_STATUS AutenticatedVariableServiceInitialize | ( | VOID | ) |
Initializes for authenticated varibale service.
EFI_SUCCESS | The function successfully executed. | |
EFI_OUT_OF_RESOURCES | Failed to allocate enough memory resources. |
References ESAL_VARIABLE_GLOBAL::AuthenticatedVariableGuid, BOOLEAN(), ESAL_VARIABLE_GLOBAL::CertRsa2048Sha256Guid, VARIABLE_POINTER_TRACK::CurrPtr, DataSizeOfVariable(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), ESAL_VARIABLE_GLOBAL::FvbInstance, GetVariableDataPtr(), ESAL_VARIABLE_GLOBAL::HashContext, ESAL_VARIABLE_GLOBAL::ImageSecurityDatabaseGuid, IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, mPubKeyNumber, mSignatureSupport, mVariableModuleGlobal, Physical, ESAL_VARIABLE_GLOBAL::PubKeyStore, SIGSUPPORT_NUM, UINTN(), UpdateVariable(), VAR_AUTH_KEY_DB, VAR_PLATFORM_KEY, VAR_SETUP_MODE, ESAL_VARIABLE_GLOBAL::VariableGlobal, ESAL_VARIABLE_GLOBAL::VariableName, and VARIABLE_POINTER_TRACK::Volatile.
Referenced by VariableServiceInitialize().
VOID CryptLibraryInitialize | ( | VOID | ) |
Initializes for cryptlib service before use, include register algrithm and allocate scratch.
EFI_STATUS ProcessVarWithKek | ( | IN CHAR16 * | VariableName, | |
IN EFI_GUID * | VendorGuid, | |||
IN VOID * | Data, | |||
IN UINTN | DataSize, | |||
IN BOOLEAN | VirtualMode, | |||
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN VARIABLE_POINTER_TRACK * | Variable, | |||
IN UINT32 | Attributes | |||
) |
Process variable with key exchange key for verification.
[in] | VariableName | The name of Variable to be found. |
[in] | VendorGuid | The variable vendor GUID. |
[in] | Data | The data pointer. |
[in] | DataSize | Size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_SECURITY_VIOLATION | The variable does NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable passed validation successfully. |
[in] | VariableName | The name of Variable to be found. |
[in] | VendorGuid | The variable vendor GUID. |
[in] | Data | The data pointer. |
[in] | DataSize | The size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_SECURITY_VIOLATION | The variable did NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable passed validation successfully. |
References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, TRUE, UpdateVariable(), VAR_KEY_EXCHANGE_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.
EFI_STATUS ProcessVarWithPk | ( | IN CHAR16 * | VariableName, | |
IN EFI_GUID * | VendorGuid, | |||
IN VOID * | Data, | |||
IN UINTN | DataSize, | |||
IN BOOLEAN | VirtualMode, | |||
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN VARIABLE_POINTER_TRACK * | Variable, | |||
IN UINT32 | Attributes, | |||
IN BOOLEAN | IsPk | |||
) |
Process variable with platform key for verification.
[in] | VariableName | The name of Variable to be found. |
[in] | VendorGuid | Variable vendor GUID. |
[in] | Data | The data pointer. |
[in] | DataSize | The size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
[in] | IsPk | Indicates whether to process pk. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_SECURITY_VIOLATION | The variable does NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable passed validation successfully. |
[in] | VariableName | The name of Variable to be found. |
[in] | VendorGuid | The variable vendor GUID. |
[in] | Data | The data pointer. |
[in] | DataSize | The size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
[in] | IsPk | Indicates whether to process pk. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_SECURITY_VIOLATION | The variable does NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable passed validation successfully. |
References AUTHINFO_SIZE, BOOLEAN(), VARIABLE_POINTER_TRACK::CurrPtr, EFI_STATUS(), FindVariable(), GetVariableDataPtr(), IsValidVariableHeader(), MAX_KEYDB_SIZE, mPlatformMode, UpdatePlatformMode(), UpdateVariable(), VAR_PLATFORM_KEY, VerifyDataPayload(), and VARIABLE_POINTER_TRACK::Volatile.
EFI_STATUS VerifyVariable | ( | IN VOID * | Data, | |
IN UINTN | DataSize, | |||
IN BOOLEAN | VirtualMode, | |||
IN ESAL_VARIABLE_GLOBAL * | Global, | |||
IN VARIABLE_POINTER_TRACK * | Variable, | |||
IN UINT32 | Attributes, | |||
OUT UINT32 * | KeyIndex, | |||
OUT UINT64 * | MonotonicCount | |||
) |
Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key.
[in] | Data | The data pointer. |
[in] | DataSize | The size of Data found. If size is less than the data, this value contains the required size. |
[in] | VirtualMode | The current calling mode for this function. |
[in] | Global | The context of this Extended SAL Variable Services Class call. |
[in] | Variable | The variable information which is used to keep track of variable usage. |
[in] | Attributes | The attribute value of the variable. |
[out] | KeyIndex | The output index of corresponding public key in database. |
[out] | MonotonicCount | The output value of corresponding Monotonic Count. |
EFI_INVALID_PARAMETER | Invalid parameter. | |
EFI_WRITE_PROTECTED | The variable is write-protected and needs authentication with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. | |
EFI_SECURITY_VIOLATION | The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, but the AuthInfo does NOT pass the validation check carried out by the firmware. | |
EFI_SUCCESS | The variable is not write-protected, or passed validation successfully. |
References AddPubKeyInStore(), AUTHINFO_SIZE, BOOLEAN(), EFI_CERT_TYPE_RSA2048_SIZE, EFI_STATUS(), IsValidVariableHeader(), TRUE, and VerifyDataPayload().
Referenced by EsalSetVariable().