xinb
/
alder_lake_bios
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
alder_lake_bios/Intel/AlderLake/AlderLakeChipsetPkg/Include/Library/BootGuardPlatformLib.h

408 lines
13 KiB
C
Raw Permalink Blame History

/** @file
;******************************************************************************
;* Copyright (c) 2014 - 2021, Insyde Software Corp. All Rights Reserved.
;*
;* You may not reproduce, distribute, publish, display, perform, modify, adapt,
;* transmit, broadcast, present, recite, release, license or otherwise exploit
;* any part of this publication in any form, by any means, without the prior
;* written permission of Insyde Software Corporation.
;*
;******************************************************************************
*/
#ifndef _BOOT_GUARD_PLATFORM_LIB_H_
#define _BOOT_GUARD_PLATFORM_LIB_H_
#include <Uefi.h>
#include <Library/BootGuardLibVer1.h>
#include <Library/FitPlatformLib.h>
#include <Pi/PiBootMode.h>
#include <Pi/PiHob.h>
//[-start-190701-16990082-add]//
#define SHA1_DIGEST_SIZE ( 20 )
#ifndef SHA256_DIGEST_SIZE
#define SHA256_DIGEST_SIZE ( 32 )
#endif
#define SM3_256_DIGEST_SIZE ( 32 )
#define SHA384_DIGEST_SIZE ( 48 )
#define V_RSA_PUBLIC_KEY_VERSION ( 0x10 )
#define V_RSA_PUBLIC_KEY_KEY_SIZE ( 0x800 )
#define V_RSA_PUBLIC_KEY_EXPONENT ( 0x11 )
#define V_RSASSA_SIGNATURE_VERSION ( 0x10 )
#define RSA_KEY_SIZE_1K ( 1024 )
#define RSA_KEY_SIZE_2K ( 2048 )
#define RSA_KEY_SIZE_3K ( 3072 )
#define PKCS_1_5_RSA_SHA1_SIGNATURE_SIZE (RSA_KEY_SIZE_1K / 8)
#define PKCS_1_5_RSA_SHA256_SIGNATURE_SIZE (RSA_KEY_SIZE_2K / 8)
#define PKCS_1_5_RSA_SHA384_SIGNATURE_SIZE (RSA_KEY_SIZE_3K / 8)
#define V_KEY_ALGORITHM_RSA ( 0x01 )
#define V_KEY_ALGORITHM_RSASSA ( 0x14 )
#define V_KEY_SIGNATURE_VERSION ( 0x10 )
#define V_BOOT_POLICY_MANIFEST_HEADER_STRUCTURE_ID ( "__ACBP__" )
#define S_BOOT_POLICY_MANIFEST_HEADER_STRUCTURE_ID ( 8 )
#define V_BOOT_POLICY_MANIFEST_HEADER_STRUCT_VERSION ( 0x21 )
#define V_IBB_STRUCTURE_ID ( "__IBBS__" )
#define S_IBB_STRUCTURE_ID ( 8 )
#define V_IBB_STRUCT_VERSION ( 0x20 )
#define V_PLATFORM_MANUFACTURER_STRUCTURE_ID ( "__PMDA__" )
#define S_PLATFORM_MANUFACTURER_STRUCTURE_ID ( 8 )
#define V_PLATFORM_MANUFACTURER_STRUCT_VERSION ( 0x20 )
#define V_BOOT_POLICY_MANIFEST_SIGNATURE_STRUCTURE_ID ( "__PMSG__" )
#define S_BOOT_POLICY_MANIFEST_SIGNATURE_STRUCTURE_ID ( 8 )
#define V_BOOT_POLICY_MANIFEST_SIGNATURE_STRUCT_VERSION ( 0x10 )
#define V_KEY_MANIFEST_STRUCTURE_ID ( "__KEYM__" )
#define S_KEY_MANIFEST_STRUCTURE_ID ( 8 )
#define V_KEY_MANIFEST_STRUCTURE_VERSION ( 0x21 )
#define ECC_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT ( 256 )
#define ECC_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT ( ECC_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT/8 )
#define MFT_KEY_USAGE_INDEX_BOOT_POLICY_MANIFEST 32
#define MFT_KEY_USAGE_INDEX_OEM_BTG_KEY_MANIFEST 54
#define MFT_KEY_USAGE_INDEX_OEM_ACM_MANIFEST 56
typedef enum {
BootGuardBootStateLegacyBoot,
BootGuardBootStateVerificationPassed,
BootGuardBootStateVerificationFailed,
BootGuardBootStateMax
} BOOT_GUARD_BOOT_STATE;
typedef struct _REVOCATION_VALUE {
UINT8 ACMSVN;
UINT8 BPMSVN;
UINT8 KMSVN;
UINT8 KMID;
BOOT_GUARD_BOOT_STATE BootGuardStatus;
} REVOCATION_VALUE;
typedef struct {
EFI_HOB_GUID_TYPE EfiHobGuidType;
UINT8 ACMSVN;
UINT8 BPMSVN;
UINT8 KMSVN;
UINT8 KMID;
BOOT_GUARD_BOOT_STATE BootGuardStatus;
} REVOCATION_VALUE_HOB;
#pragma pack ( 1 )
typedef union {
UINT8 digest8[SHA1_DIGEST_SIZE];
UINT32 digest32[SHA1_DIGEST_SIZE / 4];
} BtgSha1Digest_u;
#pragma pack ()
#pragma pack ( 1 )
typedef union {
UINT8 digest8[SHA256_DIGEST_SIZE];
UINT32 digest32[SHA256_DIGEST_SIZE / 4];
UINT64 digest64[SHA256_DIGEST_SIZE / 8];
} BtgSha256Digest_u;
#pragma pack ()
#pragma pack ( 1 )
typedef union {
UINT8 digest8[SHA384_DIGEST_SIZE];
UINT32 digest32[SHA384_DIGEST_SIZE / 4];
UINT64 digest64[SHA384_DIGEST_SIZE / 8];
} BtgSha384Digest_u;
#pragma pack ()
//
// Hash structure
//
#pragma pack ( 1 )
typedef struct {
UINT16 HashAlg;
UINT16 Size;
BtgSha1Digest_u HashBuffer;
} SHA1_HASH_STRUCTURE;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT16 HashAlg;
UINT16 Size;
BtgSha256Digest_u HashBuffer;
} SHA256_HASH_STRUCTURE;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT16 HashAlg;
UINT16 Size;
BtgSha384Digest_u HashBuffer;
} SHA384_HASH_STRUCTURE;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT16 HashAlg;
UINT16 Size;
UINT8 HashBuffer[];
} SHAX_HASH_STRUCTURE;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 Version; // 0x10
UINT16 KeySizeBits; // 1024 or 2048 or 3072 bits
UINT32 Exponent; // The public exponent
UINT8 Modulus[1]; // The modulus in LSB format
} RSA_PUBLIC_KEY_STRUCT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 Version;
UINT16 KeySizeBits; // 2048 or 3072 bits
UINT16 HashAlg;
UINT8 Signature[];
} RSASSA_SIGNATURE_STRUCT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 Version; // 0x10
UINT16 KeySizeBits; // 256 - Number of bits in key. Fixed for SM2
UINT8 Qx[ECC_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT]; // X component. Fixed size for SM2
UINT8 Qy[ECC_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT]; // Y component. Fixed size for SM2
} ECC_PUBLIC_KEY_STRUCT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 Version;
UINT16 KeySizeBits; // 256 or 384 bits
UINT16 HashAlg;
// UINT8 R[]; // R component
// UINT8 S[]; // S component
} ECC_SIGNATURE_STRUCT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 Version;
UINT16 KeyAlg; // TPM_ALG_RSA=0x1 or TPM_ALG_ECC=0x23
union { // Based on KeyAlg
RSA_PUBLIC_KEY_STRUCT RsaKey;
ECC_PUBLIC_KEY_STRUCT EccKey;
} Key;
UINT16 SigScheme; // TPM_ALG_RSASSA=0x14 or TPM_ALG_RSAPSS=0x15 or TPM_ALG_SM2=0x1B
union { // Based on KeyAlg
RSASSA_SIGNATURE_STRUCT SignatureRsa;
ECC_SIGNATURE_STRUCT SignatureEcc;
} Sig;
} KEY_AND_SIGNATURE_STRUCT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct _ACM_HEADER {
UINT16 ModuleType;
UINT16 ModuleSubType;
UINT32 HeaderLen;
UINT32 HeaderVersion;
UINT16 ChipsetId;
UINT16 Flags;
UINT32 ModuleVendor;
UINT32 Date;
UINT32 Size;
UINT16 AcmSvn;
UINT16 SeAcmSvn;
UINT32 CodeControl;
UINT32 ErrorEntryPoint;
UINT32 GdtLimit;
UINT32 GdtBasePtr;
UINT32 SegSel;
UINT32 EntryPoint;
UINT8 Rsvd2[64];
UINT32 KeySize; // 64 DWORDS in the Key
UINT32 ScratchSize;
// UINT8 Rsa2048PubKey[256];
// UINT32 RsaPubExp;
// UINT8 Rsa2048Sig[256];
// UINT8 Scratch[572]; // 143 DWORDS = 572 BYTES Scratch Size
} ACM_HEADER;
#pragma pack ()
#pragma pack ( 1 )
typedef struct _BOOT_POLICY_MANIFEST_HEADER {
UINT8 StructureId[8];
UINT8 StructVersion; // 0x21
UINT8 HdrStructVersion; // 0x20
UINT16 HdrSize; // total number of bytes in Header (i.e., offset to first element)
UINT16 KeySignatureOffset; // Offset from start of Bpm to KeySignature field of Signature Element
UINT8 BpmRevision;
UINT8 BpmRevocation;
UINT8 AcmRevocation;
UINT8 Reserved;
UINT16 NemPages;
} BOOT_POLICY_MANIFEST_HEADER;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT16 Reserved;
UINT16 Flags;
UINT32 Base;
UINT32 Size;
} IBB_SEGMENT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 StructureId[8];
UINT8 StructVersion; // 0x20
UINT8 Reserved0;
UINT16 ElementSize; // Total number of bytes in the element
UINT8 Reserved1;
UINT8 SetType;
UINT8 Reserved;
UINT8 PbetValue;
UINT32 Flags;
UINT64 IbbMchBar;
UINT64 VtdBar;
UINT32 DmaProtBase0;
UINT32 DmaProtLimit0;
UINT64 DmaProtBase1;
UINT64 DmaProtLimit1;
SHAX_HASH_STRUCTURE PostIbbHash;
// UINT32 IbbEntryPoint;
// HASH_LIST DigestList;
// HASH_STRUCTURE ObbHash;
// UINT8 Reserved2[3];
// UINT8 SegmentCount;
// IBB_SEGMENT* IbbSegment; //IbbSegment[SegmentCount]
} IBB_ELEMENT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 StructureId[8];
UINT8 StructVersion; // 0x20
UINT8 Reserved0;
UINT16 ElementSize; // Total number of bytes in the element
UINT16 Reserved1;
UINT16 PmDataSize; // required to be 4 byte multiple
UINT8* PmData; //PmData[PmDataSize]
} PLATFORM_MANUFACTURER_ELEMENT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct {
UINT8 StructureId[8];
UINT8 StructVersion; // 0x20
UINT8 Reserved[3]; // KeySignature must be DWORD aligned
KEY_AND_SIGNATURE_STRUCT KeySignature; // this is now a variable Size
} BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT;
#pragma pack ()
#pragma pack ( 1 )
typedef struct _KEY_MANIFEST {
UINT8 StructureId[8];
UINT8 StructVersion; // 0x21
UINT8 reserved[3]; // 3 bytes to make KeySignatureOffset same offset as for BPM
UINT16 KeySignatureOffset; // Offset from start of KM to KeyManifestSignature
UINT8 Reserved2[3]; // Alignment
UINT8 KeyManifestRevision;
UINT8 KmSvn;
UINT8 KeyManifestId;
UINT16 KmPubKeyHashAlg;
UINT16 KeyCount;
// KMHASH_STRUCT* KeyHash; //KeyHash[KM_MAX_KEYS];
// KEY_AND_SIGNATURE_STRUCT KeyManifestSignature;
} KEY_MANIFEST;
#pragma pack ()
//[-end-190701-16990082-add]//
EFI_STATUS
BootGuardPlatformLibGetMeStatus (
OUT UINT32 *MeStatus
);
BOOT_GUARD_BOOT_STATE
BootGuardPlatformLibDetermineBootState (
VOID
);
EFI_STATUS
BootGuardPlatformLibValidateBPMStructureID (
IN BOOT_POLICY_MANIFEST_HEADER *BPMH
);
EFI_STATUS
BootGuardPlatformLibValidateKMStructureID (
IN KEY_MANIFEST *KM
);
EFI_STATUS
BootGuardPlatformLibGetKMID (
OUT UINT8 *KMID
);
EFI_STATUS
BootGuardPlatformLibGetACMEx (
IN VOID *Image,
IN UINTN ImageLength,
IN FIT_ENTRY *FIT,
OUT ACM_HEADER **ACMH
);
EFI_STATUS
BootGuardPlatformLibGetACM (
IN FIT_ENTRY *FIT,
OUT ACM_HEADER **ACMH
);
EFI_STATUS
BootGuardPlatformLibGetBPMEx (
IN VOID *Image,
IN UINTN ImageLength,
IN FIT_ENTRY *FIT,
OUT BOOT_POLICY_MANIFEST_HEADER **BPMH
);
EFI_STATUS
BootGuardPlatformLibGetBPM (
IN FIT_ENTRY *FIT,
OUT BOOT_POLICY_MANIFEST_HEADER **BPMH
);
EFI_STATUS
BootGuardPlatformLibGetKMEx (
IN VOID *Image,
IN UINTN ImageLength,
IN FIT_ENTRY *FIT,
OUT KEY_MANIFEST **KM,
IN UINT8 *CurrentKMID
);
EFI_STATUS
BootGuardPlatformLibGetKM (
IN FIT_ENTRY *FIT,
OUT KEY_MANIFEST **KM
);
EFI_STATUS
BootGuardPlatformLibGetRevocationValues (
IN VOID *Image,
IN UINTN ImageLength,
OUT REVOCATION_VALUE *Revocation,
IN UINT8 *CurrentKMID
);
#endif
Reference in New Issue View Git Blame Copy Permalink