forked from tianocore/edk2
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
UefiPayloadPkg: Enroll Keys for SecureBoot
Signed-off-by: Sean Rhodes <[email protected]>
- Loading branch information
1 parent
b8a9bd1
commit eb3fb0e
Showing
16 changed files
with
945 additions
and
1 deletion.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| /** @file | ||
| Type definitions and object declarations for the EnrollDefaultKeys | ||
| application. | ||
| Copyright (C) 2014-2019, Red Hat, Inc. | ||
| SPDX-License-Identifier: BSD-2-Clause-Patent | ||
| **/ | ||
|
|
||
| #ifndef ENROLL_DEFAULT_KEYS_H_ | ||
| #define ENROLL_DEFAULT_KEYS_H_ | ||
|
|
||
| #include <Uefi/UefiBaseType.h> | ||
|
|
||
| // | ||
| // Convenience structure types for constructing "signature lists" for | ||
| // authenticated UEFI variables. | ||
| // | ||
| // The most important thing about the variable payload is that it is a list of | ||
| // lists, where the element size of any given *inner* list is constant. | ||
| // | ||
| // Since X509 certificates vary in size, each of our *inner* lists will contain | ||
| // one element only (one X.509 certificate). This is explicitly mentioned in | ||
| // the UEFI specification, in "28.4.1 Signature Database", in a Note. | ||
| // | ||
| // The list structure looks as follows: | ||
| // | ||
| // struct EFI_VARIABLE_AUTHENTICATION_2 { | | ||
| // struct EFI_TIME { | | ||
| // UINT16 Year; | | ||
| // UINT8 Month; | | ||
| // UINT8 Day; | | ||
| // UINT8 Hour; | | ||
| // UINT8 Minute; | | ||
| // UINT8 Second; | | ||
| // UINT8 Pad1; | | ||
| // UINT32 Nanosecond; | | ||
| // INT16 TimeZone; | | ||
| // UINT8 Daylight; | | ||
| // UINT8 Pad2; | | ||
| // } TimeStamp; | | ||
| // | | ||
| // struct WIN_CERTIFICATE_UEFI_GUID { | | | ||
| // struct WIN_CERTIFICATE { | | | ||
| // UINT32 dwLength; ----------------------------------------+ | | ||
| // UINT16 wRevision; | | | ||
| // UINT16 wCertificateType; | | | ||
| // } Hdr; | +- DataSize | ||
| // | | | ||
| // EFI_GUID CertType; | | | ||
| // UINT8 CertData[1] = { <--- "struct hack" | | | ||
| // struct EFI_SIGNATURE_LIST { | | | | ||
| // EFI_GUID SignatureType; | | | | ||
| // UINT32 SignatureListSize; -------------------------+ | | | ||
| // UINT32 SignatureHeaderSize; | | | | ||
| // UINT32 SignatureSize; ---------------------------+ | | | | ||
| // UINT8 SignatureHeader[SignatureHeaderSize]; | | | | | ||
| // v | | | | ||
| // struct EFI_SIGNATURE_DATA { | | | | | ||
| // EFI_GUID SignatureOwner; | | | | | ||
| // UINT8 SignatureData[1] = { <--- "struct hack" | | | | | ||
| // X.509 payload | | | | | ||
| // } | | | | | ||
| // } Signatures[]; | | | | ||
| // } SigLists[]; | | | ||
| // }; | | | ||
| // } AuthInfo; | | | ||
| // }; | | ||
| // | ||
| // Given that the "struct hack" invokes undefined behavior (which is why C99 | ||
| // introduced the flexible array member), and because subtracting those pesky | ||
| // sizes of 1 is annoying, and because the format is fully specified in the | ||
| // UEFI specification, we'll introduce two matching convenience structures that | ||
| // are customized for our X.509 purposes. | ||
| // | ||
| #pragma pack (1) | ||
| typedef struct { | ||
| EFI_TIME TimeStamp; | ||
|
|
||
| // | ||
| // dwLength covers data below | ||
| // | ||
| UINT32 dwLength; | ||
| UINT16 wRevision; | ||
| UINT16 wCertificateType; | ||
| EFI_GUID CertType; | ||
| } SINGLE_HEADER; | ||
|
|
||
| typedef struct { | ||
| // | ||
| // SignatureListSize covers data below | ||
| // | ||
| EFI_GUID SignatureType; | ||
| UINT32 SignatureListSize; | ||
| UINT32 SignatureHeaderSize; // constant 0 | ||
| UINT32 SignatureSize; | ||
|
|
||
| // | ||
| // SignatureSize covers data below | ||
| // | ||
| EFI_GUID SignatureOwner; | ||
|
|
||
| // | ||
| // X.509 certificate follows | ||
| // | ||
| } REPEATING_HEADER; | ||
| #pragma pack () | ||
|
|
||
| // | ||
| // A structure that collects the values of UEFI variables related to Secure | ||
| // Boot. | ||
| // | ||
| typedef struct { | ||
| UINT8 SetupMode; | ||
| UINT8 SecureBoot; | ||
| UINT8 SecureBootEnable; | ||
| UINT8 CustomMode; | ||
| UINT8 VendorKeys; | ||
| } SETTINGS; | ||
|
|
||
| #endif /* ENROLL_DEFAULT_KEYS_H_ */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| ## @file | ||
| # This file handels SecureBoot setup. | ||
| # | ||
| # Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR> | ||
| # | ||
| # SPDX-License-Identifier: BSD-2-Clause-Patent | ||
| # | ||
| # | ||
| ## | ||
|
|
||
| [Defines] | ||
| INF_VERSION = 0x00010005 | ||
| BASE_NAME = EnrollDefaultKeys | ||
| FILE_GUID = 14693BD4-D114-4177-979E-37F279BAD620 | ||
| MODULE_TYPE = DXE_DRIVER | ||
| VERSION_STRING = 0.1 | ||
| ENTRY_POINT = DriverEntry | ||
|
|
||
| # | ||
| # VALID_ARCHITECTURES = IA32 X64 | ||
| # | ||
|
|
||
| [Sources] | ||
| EnrollDefaultKeys.c | ||
|
|
||
| [Packages] | ||
| MdePkg/MdePkg.dec | ||
| MdeModulePkg/MdeModulePkg.dec | ||
| SecurityPkg/SecurityPkg.dec | ||
| UefiPayloadPkg/UefiPayloadPkg.dec | ||
|
|
||
| [Guids] | ||
| gEfiCertPkcs7Guid | ||
| gEfiCertX509Guid | ||
| gEfiCustomModeEnableGuid | ||
| gEfiGlobalVariableGuid | ||
| gEfiImageSecurityDatabaseGuid | ||
| gEfiSecureBootEnableDisableGuid | ||
| gMicrosoftVendorGuid | ||
| gMicrosoftDbxUpdateGuid | ||
| gMicrosoftDbUefi2011Guid | ||
| gMicrosoftDbWin2011Guid | ||
| gMicrosoftDbUefi2023Guid | ||
| gMicrosoftDbWinUefi2023Guid | ||
| gMicrosoftKek2011Guid | ||
| gMicrosoftKek2023Guid | ||
| gMicrosoftKekUefi2023Guid | ||
| gMicrosoftPkOem2023Guid | ||
|
|
||
| [LibraryClasses] | ||
| BaseMemoryLib | ||
| DebugLib | ||
| DxeServicesLib | ||
| MemoryAllocationLib | ||
| UefiBootServicesTableLib | ||
| UefiDriverEntryPoint | ||
| UefiRuntimeServicesTableLib | ||
|
|
||
| [Protocols] | ||
| gEfiVariableWriteArchProtocolGuid ## CONSUMES | ||
|
|
||
| [Depex] | ||
| TRUE |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters