| /** @file | |
| The internal header file includes the common header files, defines | |
| internal structure and functions used by AuthService module. | |
| Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> | |
| This program and the accompanying materials | |
| are licensed and made available under the terms and conditions of the BSD License | |
| which accompanies this distribution. The full text of the license may be found at | |
| http://opensource.org/licenses/bsd-license.php | |
| THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | |
| WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | |
| **/ | |
| #ifndef _AUTHSERVICE_H_ | |
| #define _AUTHSERVICE_H_ | |
| #define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 | |
| #define EFI_CERT_TYPE_RSA2048_SIZE 256 | |
| /// | |
| /// Size of AuthInfo prior to the data payload | |
| /// | |
| #define AUTHINFO_SIZE (((UINTN)(((EFI_VARIABLE_AUTHENTICATION *) 0)->AuthInfo.CertData)) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) | |
| /// | |
| /// Item number of support signature types. | |
| /// | |
| #define SIGSUPPORT_NUM 2 | |
| /** | |
| Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set, and return the index of associated public key. | |
| @param[in] Data The data pointer. | |
| @param[in] DataSize The size of Data found. If size is less than the | |
| data, this value contains the required size. | |
| @param[in] VirtualMode The current calling mode for this function. | |
| @param[in] Global The context of this Extended SAL Variable Services Class call. | |
| @param[in] Variable The variable information which is used to keep track of variable usage. | |
| @param[in] Attributes The attribute value of the variable. | |
| @param[out] KeyIndex The output index of corresponding public key in database. | |
| @param[out] MonotonicCount The output value of corresponding Monotonic Count. | |
| @retval EFI_INVALID_PARAMETER Invalid parameter. | |
| @retval EFI_WRITE_PROTECTED The variable is write-protected and needs authentication with | |
| EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. | |
| @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | |
| set, but the AuthInfo does NOT pass the validation | |
| check carried out by the firmware. | |
| @retval EFI_SUCCESS The variable is not write-protected, or passed validation successfully. | |
| **/ | |
| EFI_STATUS | |
| VerifyVariable ( | |
| IN VOID *Data, | |
| IN UINTN DataSize, | |
| IN BOOLEAN VirtualMode, | |
| IN ESAL_VARIABLE_GLOBAL *Global, | |
| IN VARIABLE_POINTER_TRACK *Variable, | |
| IN UINT32 Attributes OPTIONAL, | |
| OUT UINT32 *KeyIndex OPTIONAL, | |
| OUT UINT64 *MonotonicCount OPTIONAL | |
| ); | |
| /** | |
| Initializes for authenticated varibale service. | |
| @retval EFI_SUCCESS The function successfully executed. | |
| @retval EFI_OUT_OF_RESOURCES Failed to allocate enough memory resources. | |
| **/ | |
| EFI_STATUS | |
| AutenticatedVariableServiceInitialize ( | |
| VOID | |
| ); | |
| /** | |
| Initializes for cryptlib service before use, include register algrithm and allocate scratch. | |
| **/ | |
| VOID | |
| CryptLibraryInitialize ( | |
| VOID | |
| ); | |
| /** | |
| Process variable with platform key for verification. | |
| @param[in] VariableName The name of Variable to be found. | |
| @param[in] VendorGuid Variable vendor GUID. | |
| @param[in] Data The data pointer. | |
| @param[in] DataSize The size of Data found. If size is less than the | |
| data, this value contains the required size. | |
| @param[in] VirtualMode The current calling mode for this function. | |
| @param[in] Global The context of this Extended SAL Variable Services Class call. | |
| @param[in] Variable The variable information which is used to keep track of variable usage. | |
| @param[in] Attributes The attribute value of the variable. | |
| @param[in] IsPk Indicates whether to process pk. | |
| @retval EFI_INVALID_PARAMETER Invalid parameter. | |
| @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation | |
| check carried out by the firmware. | |
| @retval EFI_SUCCESS The variable passed validation successfully. | |
| **/ | |
| EFI_STATUS | |
| ProcessVarWithPk ( | |
| IN CHAR16 *VariableName, | |
| IN EFI_GUID *VendorGuid, | |
| IN VOID *Data, | |
| IN UINTN DataSize, | |
| IN BOOLEAN VirtualMode, | |
| IN ESAL_VARIABLE_GLOBAL *Global, | |
| IN VARIABLE_POINTER_TRACK *Variable, | |
| IN UINT32 Attributes OPTIONAL, | |
| IN BOOLEAN IsPk | |
| ); | |
| /** | |
| Process variable with key exchange key for verification. | |
| @param[in] VariableName The name of Variable to be found. | |
| @param[in] VendorGuid The variable vendor GUID. | |
| @param[in] Data The data pointer. | |
| @param[in] DataSize Size of Data found. If size is less than the | |
| data, this value contains the required size. | |
| @param[in] VirtualMode The current calling mode for this function. | |
| @param[in] Global The context of this Extended SAL Variable Services Class call. | |
| @param[in] Variable The variable information which is used to keep track of variable usage. | |
| @param[in] Attributes The attribute value of the variable. | |
| @retval EFI_INVALID_PARAMETER Invalid parameter. | |
| @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation | |
| check carried out by the firmware. | |
| @retval EFI_SUCCESS The variable passed validation successfully. | |
| **/ | |
| EFI_STATUS | |
| ProcessVarWithKek ( | |
| IN CHAR16 *VariableName, | |
| IN EFI_GUID *VendorGuid, | |
| IN VOID *Data, | |
| IN UINTN DataSize, | |
| IN BOOLEAN VirtualMode, | |
| IN ESAL_VARIABLE_GLOBAL *Global, | |
| IN VARIABLE_POINTER_TRACK *Variable, | |
| IN UINT32 Attributes OPTIONAL | |
| ); | |
| #endif |