summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
diff options
context:
space:
mode:
Diffstat (limited to 'SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c')
-rw-r--r--SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c161
1 files changed, 82 insertions, 79 deletions
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
index 7f31458edb..dc61ae840c 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -21,19 +21,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
///
/// Global database array for scratch
///
-UINT8 *mCertDbStore;
-UINT32 mMaxCertDbSize;
-UINT32 mPlatformMode;
-UINT8 mVendorKeyState;
+UINT8 *mCertDbStore;
+UINT32 mMaxCertDbSize;
+UINT32 mPlatformMode;
+UINT8 mVendorKeyState;
-EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
+EFI_GUID mSignatureSupport[] = { EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID };
//
// Hash context pointer
//
VOID *mHashCtx = NULL;
-VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
+VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
{
&gEfiSecureBootEnableDisableGuid,
EFI_SECURE_BOOT_ENABLE_NAME,
@@ -91,9 +91,9 @@ VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
},
};
-VOID **mAuthVarAddressPointer[9];
+VOID **mAuthVarAddressPointer[9];
-AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
+AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
/**
Initialization for authenticated variable services.
@@ -116,15 +116,15 @@ AuthVariableLibInitialize (
OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
)
{
- EFI_STATUS Status;
- UINT32 VarAttr;
- UINT8 *Data;
- UINTN DataSize;
- UINTN CtxSize;
- UINT8 SecureBootMode;
- UINT8 SecureBootEnable;
- UINT8 CustomMode;
- UINT32 ListSize;
+ EFI_STATUS Status;
+ UINT32 VarAttr;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINTN CtxSize;
+ UINT8 SecureBootMode;
+ UINT8 SecureBootEnable;
+ UINT8 CustomMode;
+ UINT32 ListSize;
if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -135,8 +135,8 @@ AuthVariableLibInitialize (
//
// Initialize hash context.
//
- CtxSize = Sha256GetContextSize ();
- mHashCtx = AllocateRuntimePool (CtxSize);
+ CtxSize = Sha256GetContextSize ();
+ mHashCtx = AllocateRuntimePool (CtxSize);
if (mHashCtx == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -145,13 +145,13 @@ AuthVariableLibInitialize (
// Reserve runtime buffer for certificate database. The size excludes variable header and name size.
// Use EFI_CERT_DB_VOLATILE_NAME size since it is longer.
//
- mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
+ mMaxCertDbSize = (UINT32)(mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME));
mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
if (mCertDbStore == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
} else {
@@ -166,11 +166,12 @@ AuthVariableLibInitialize (
} else {
mPlatformMode = USER_MODE;
}
+
Status = AuthServiceInternalUpdateVariable (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
&mPlatformMode,
- sizeof(UINT8),
+ sizeof (UINT8),
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
);
if (EFI_ERROR (Status)) {
@@ -180,13 +181,13 @@ AuthVariableLibInitialize (
//
// Create "SignatureSupport" variable with BS+RT attribute set.
//
- Status = AuthServiceInternalUpdateVariable (
- EFI_SIGNATURE_SUPPORT_NAME,
- &gEfiGlobalVariableGuid,
- mSignatureSupport,
- sizeof(mSignatureSupport),
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SIGNATURE_SUPPORT_NAME,
+ &gEfiGlobalVariableGuid,
+ mSignatureSupport,
+ sizeof (mSignatureSupport),
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -197,23 +198,23 @@ AuthVariableLibInitialize (
// If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
//
SecureBootEnable = SECURE_BOOT_DISABLE;
- Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);
+ Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
- if (mPlatformMode == USER_MODE){
- SecureBootEnable = *(UINT8 *) Data;
+ if (mPlatformMode == USER_MODE) {
+ SecureBootEnable = *(UINT8 *)Data;
}
} else if (mPlatformMode == USER_MODE) {
//
// "SecureBootEnable" not exist, initialize it in USER_MODE.
//
SecureBootEnable = SECURE_BOOT_ENABLE;
- Status = AuthServiceInternalUpdateVariable (
- EFI_SECURE_BOOT_ENABLE_NAME,
- &gEfiSecureBootEnableDisableGuid,
- &SecureBootEnable,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ &SecureBootEnable,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -222,11 +223,12 @@ AuthVariableLibInitialize (
//
// Create "SecureBoot" variable with BS+RT attribute set.
//
- if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
+ if ((SecureBootEnable == SECURE_BOOT_ENABLE) && (mPlatformMode == USER_MODE)) {
SecureBootMode = SECURE_BOOT_MODE_ENABLE;
} else {
SecureBootMode = SECURE_BOOT_MODE_DISABLE;
}
+
Status = AuthServiceInternalUpdateVariable (
EFI_SECURE_BOOT_MODE_NAME,
&gEfiGlobalVariableGuid,
@@ -246,13 +248,13 @@ AuthVariableLibInitialize (
// Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.
//
CustomMode = STANDARD_SECURE_BOOT_MODE;
- Status = AuthServiceInternalUpdateVariable (
- EFI_CUSTOM_MODE_NAME,
- &gEfiCustomModeEnableGuid,
- &CustomMode,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_CUSTOM_MODE_NAME,
+ &gEfiCustomModeEnableGuid,
+ &CustomMode,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -267,7 +269,7 @@ AuthVariableLibInitialize (
Status = AuthServiceInternalFindVariable (
EFI_CERT_DB_NAME,
&gEfiCertDbGuid,
- (VOID **) &Data,
+ (VOID **)&Data,
&DataSize
);
if (EFI_ERROR (Status)) {
@@ -287,7 +289,7 @@ AuthVariableLibInitialize (
//
// Clean up Certs to make certDB & Time based auth variable consistent
//
- Status = CleanCertsFromDb();
+ Status = CleanCertsFromDb ();
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Clean up CertDB fail! Status %x\n", Status));
return Status;
@@ -313,7 +315,7 @@ AuthVariableLibInitialize (
//
// Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
//
- Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);
+ Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **)&Data, &DataSize);
if (!EFI_ERROR (Status)) {
mVendorKeyState = *(UINT8 *)Data;
} else {
@@ -321,13 +323,13 @@ AuthVariableLibInitialize (
// "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.
//
mVendorKeyState = VENDOR_KEYS_VALID;
- Status = AuthServiceInternalUpdateVariable (
- EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
- &gEfiVendorKeysNvGuid,
- &mVendorKeyState,
- sizeof (UINT8),
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- );
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
+ &gEfiVendorKeysNvGuid,
+ &mVendorKeyState,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
+ );
if (EFI_ERROR (Status)) {
return Status;
}
@@ -349,20 +351,20 @@ AuthVariableLibInitialize (
DEBUG ((DEBUG_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));
- AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
- AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
- AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
- AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
- mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore;
- mAuthVarAddressPointer[1] = (VOID **) &mHashCtx;
- mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn;
- mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable),
- mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable),
- mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable),
- mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer),
- mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
- mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime),
- AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
+ AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
+ AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
+ AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
+ AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry);
+ mAuthVarAddressPointer[0] = (VOID **)&mCertDbStore;
+ mAuthVarAddressPointer[1] = (VOID **)&mHashCtx;
+ mAuthVarAddressPointer[2] = (VOID **)&mAuthVarLibContextIn;
+ mAuthVarAddressPointer[3] = (VOID **)&(mAuthVarLibContextIn->FindVariable),
+ mAuthVarAddressPointer[4] = (VOID **)&(mAuthVarLibContextIn->FindNextVariable),
+ mAuthVarAddressPointer[5] = (VOID **)&(mAuthVarLibContextIn->UpdateVariable),
+ mAuthVarAddressPointer[6] = (VOID **)&(mAuthVarLibContextIn->GetScratchBuffer),
+ mAuthVarAddressPointer[7] = (VOID **)&(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency),
+ mAuthVarAddressPointer[8] = (VOID **)&(mAuthVarLibContextIn->AtRuntime),
+ AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer;
AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer);
return Status;
@@ -391,16 +393,16 @@ AuthVariableLibInitialize (
EFI_STATUS
EFIAPI
AuthVariableLibProcessVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN VOID *Data,
- IN UINTN DataSize,
- IN UINT32 Attributes
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);
} else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
@@ -408,7 +410,8 @@ AuthVariableLibProcessVariable (
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
(StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
- )) {
+ ))
+ {
Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
if (EFI_ERROR (Status)) {
Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-24 17:42:24 +0000