diff options
| author | Kun Qin <kuqin@microsoft.com> | 2022-04-11 16:45:45 -0700 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2022-07-07 01:07:00 +0000 |
| commit | 134fbd552cbd808df8d9369c03abd88daa0d0e20 (patch) | |
| tree | 9ca07b7fa67b12cf11061695ac53b6fd82ce27c0 | |
| parent | e1eef3a8b01a25e75abf63d15bdc90157a74cba9 (diff) | |
| download | edk2-134fbd552cbd808df8d9369c03abd88daa0d0e20.tar.gz edk2-134fbd552cbd808df8d9369c03abd88daa0d0e20.tar.bz2 edk2-134fbd552cbd808df8d9369c03abd88daa0d0e20.zip | |
SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
This change added certificate and payload structures that can be consumed
by SecureBootVariableLib and other Secure Boot related operations.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
| -rw-r--r-- | SecurityPkg/Include/UefiSecureBoot.h | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/UefiSecureBoot.h new file mode 100644 index 0000000000..642fef38f3 --- /dev/null +++ b/SecurityPkg/Include/UefiSecureBoot.h @@ -0,0 +1,94 @@ +/** @file
+ Provides a Secure Boot related data structure definitions.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UEFI_SECURE_BOOT_H_
+#define UEFI_SECURE_BOOT_H_
+
+#pragma pack (push, 1)
+
+/*
+ Data structure to provide certificates to setup authenticated secure
+ boot variables ('db', 'dbx', 'dbt', 'pk', etc.).
+
+*/
+typedef struct {
+ //
+ // The size, in number of bytes, of supplied certificate in 'Data' field.
+ //
+ UINTN DataSize;
+ //
+ // The pointer to the certificates in DER-encoded format.
+ // Note: This certificate data should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *Data;
+} SECURE_BOOT_CERTIFICATE_INFO;
+
+/*
+ Data structure to provide all Secure Boot related certificates.
+
+*/
+typedef struct {
+ //
+ // The human readable name for this set of Secure Boot key sets.
+ //
+ CONST CHAR16 *SecureBootKeyName;
+ //
+ // The size, in number of bytes, of supplied certificate in 'DbPtr' field.
+ //
+ UINTN DbSize;
+ //
+ // The pointer to the DB certificates in signature list format.
+ // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *DbPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'DbxPtr' field.
+ //
+ UINTN DbxSize;
+ //
+ // The pointer to the DBX certificates in signature list format.
+ // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *DbxPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'DbtPtr' field.
+ //
+ UINTN DbtSize;
+ //
+ // The pointer to the DBT certificates in signature list format.
+ // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *DbtPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'KekPtr' field.
+ //
+ UINTN KekSize;
+ //
+ // The pointer to the KEK certificates in signature list format.
+ // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *KekPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'PkPtr' field.
+ //
+ UINTN PkSize;
+ //
+ // The pointer to the PK certificates in signature list format.
+ // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *PkPtr;
+} SECURE_BOOT_PAYLOAD_INFO;
+#pragma pack (pop)
+
+#endif // UEFI_SECURE_BOOT_H_
|