xinb
/
alder_lake_bios
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
alder_lake_bios/Insyde/InsydeModulePkg/Universal/Variable/VariableRuntimeDxe/SecureBoot.h

583 lines
19 KiB
C
Raw Blame History

/** @file
;******************************************************************************
;* Copyright (c) 2012 - 2021, Insyde Software Corp. All Rights Reserved.
;*o
;* You may not reproduce, distribute, publish, display, perform, modify, adapt,
;* transmit, broadcast, present, recite, release, license or otherwise exploit
;* any part of this publication in any form, by any means, without the prior
;* written permission of Insyde Software Corporation.
;*
;******************************************************************************
*/
#ifndef _SECURE_BOOT_H_
#define _SECURE_BOOT_H_
#include "Variable.h"
typedef
EFI_STATUS
(*SMI_SUB_FUNCTION) (
VOID
);
typedef struct {
UINT32 FunNum;
SMI_SUB_FUNCTION SmiSubFunction;
BOOLEAN SupportedAfterReadyToBoot;
} SMI_SUB_FUNCTION_MAP;
//
// Define callback function prototype for non-SMI platform
//
typedef
EFI_STATUS
(*SECURE_BOOT_SUB_FUNCTION) (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
typedef struct {
CHAR16 *VariableName;
SECURE_BOOT_SUB_FUNCTION SecureBootSubFunction;
} SECURE_BOOT_SUB_FUNCTION_MAP;
/**
Add selected file hash image to allowed database (db)
@retval EFI_SUCCESS Add image hash to allowed database (db) successful.
@return Other Any error occurred while updating hash to allowed database (db)
**/
EFI_STATUS
SmmAddFileHashImage (
VOID
);
/**
Update "SecureBootEnforce" EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS variable
@retval EFI_SUCCESS Update "SecureBootEnforce" variable successful.
@return Other Any error occurred while updating "SecureBootEnforce" variable
**/
EFI_STATUS
SmmUpdateSecureBootEnforce (
VOID
);
/**
This function uses to clear PK, KEK, db and dbx variable
@retval EFI_SUCCESS Clear secure settins successful.
@return Other Any error occurred while clearing secure settins
**/
EFI_STATUS
SmmClearAllSecureSettings (
VOID
);
/**
Update "RestoreFactoryDefault" EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS variable
@retval EFI_SUCCESS Update "RestoreFactoryDefault" variable successful.
@return Other Any error occurred while updating "RestoreFactoryDefault" variable
**/
EFI_STATUS
SmmRestoreFactoryDefault (
VOID
);
/**
This function uses to update PK variable.
@retval EFI_SUCCESS Update PK variable successfully.
@retval Other Any error occurred while updating PK variable.
**/
EFI_STATUS
SmmUpdatePkVariable (
VOID
);
/**
This function uses to update KEK variable.
@retval EFI_SUCCESS Update KEK variable successfully.
@retval Other Any error occurred while updating KEK variable.
**/
EFI_STATUS
SmmUpdateKekVariable (
VOID
);
/**
This function uses to update db variable.
@retval EFI_SUCCESS Update db variable successfully.
@retval Other Any error occurred while updating db variable
**/
EFI_STATUS
SmmUpdateDbVariable (
VOID
);
/**
This function uses to update dbx variable.
@retval EFI_SUCCESS Update dbx variable successfully.
@retval Other Any error occurred while updating dbx variable
**/
EFI_STATUS
SmmUpdateDbxVariable (
VOID
);
/**
This function uses to update dbt variable.
@retval EFI_SUCCESS Update dbt variable successfully.
@retval Other Any error occurred while updating dbt variable
**/
EFI_STATUS
SmmUpdateDbtVariable (
VOID
);
/**
This function uses to update dbr variable.
@retval EFI_SUCCESS Update dbr variable successfully.
@retval Other Any error occurred while updating dbr variable
**/
EFI_STATUS
SmmUpdateDbrVariable (
VOID
);
/**
This function uses to clear DeployedMode variable.
@retval EFI_SUCCESS Update PK variable successfully.
@retval Other Any error occurred while updating PK variable.
**/
EFI_STATUS
SmmClearDeployedMode (
VOID
);
/**
This function uses to change secure boot mode.
@retval EFI_SUCCESS Change secure boot mode successfully.
@retval Other Any error occurred while changing secure boot mode.
**/
EFI_STATUS
SmmSelectSecureBootMode (
VOID
);
/**
This function uses to disable all of secure boot SMI functions
@retval EFI_SUCCESS Disable all secure boot SMI functions successful.
@return Other Any error occurred while disabling all secure boot SMI functions successful.
**/
EFI_STATUS
SmmDisableSecureBootSmi (
VOID
);
/**
Append new hash image to EFI_IMAGE_SECURITY_DATABASE (db)
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@param Data Data pointer.
@param DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param Attributes Attribute value of the variable.
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
**/
EFI_STATUS
RuntimeDxeAddFileHashImage (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
Update EFI_SECURE_BOOT_ENFORCE_NAME variable.
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@param Data Data pointer.
@param DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param Attributes Attribute value of the variable.
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
**/
EFI_STATUS
RuntimeDxeUpdateSecureBootEnforce (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
clear all secure boot settings.
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@param Data Data pointer.
@param DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param Attributes Attribute value of the variable.
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
**/
EFI_STATUS
RuntimeDxeClearAllSecureSettings (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
Update EFI_RESTORE_FACTORY_DEFAULT_NAME variable and then system will restore secure boot
database to factory default during next POST.
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@param Data Data pointer.
@param DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param Attributes Attribute value of the variable.
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
**/
EFI_STATUS
RuntimeDxeRestoreFactoryDefault (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
This function uses to update PK variable.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data Data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] Attributes Attribute value of the variable.
@retval EFI_SUCCESS Update PK variable successfully.
@retval Other Any error occurred while updating PK variable.
**/
EFI_STATUS
RuntimeDxeUpdatePkVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
This function uses to update KEK variable.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data Data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] Attributes Attribute value of the variable.
@retval EFI_SUCCESS Update KEK variable successfully.
@retval Other Any error occurred while updating KEK variable.
**/
EFI_STATUS
RuntimeDxeUpdateKekVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
This function uses to update db variable.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data Data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] Attributes Attribute value of the variable.
@retval EFI_SUCCESS Update db variable successfully.
@retval Other Any error occurred while updating db variable.
**/
EFI_STATUS
RuntimeDxeUpdateDbVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
This function uses to update dbx variable.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data Data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] Attributes Attribute value of the variable.
@retval EFI_SUCCESS Update dbx variable successfully.
@retval Other Any error occurred while updating dbx variable.
**/
EFI_STATUS
RuntimeDxeUpdateDbxVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
This function uses to update dbt variable.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data Data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] Attributes Attribute value of the variable.
@retval EFI_SUCCESS Update dbt variable successfully.
@retval Other Any error occurred while updating dbt variable.
**/
EFI_STATUS
RuntimeDxeUpdateDbtVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
This function uses to update dbr variable.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data Data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] Attributes Attribute value of the variable.
@retval EFI_SUCCESS Update dbr variable successfully.
@retval Other Any error occurred while updating dbr variable.
**/
EFI_STATUS
RuntimeDxeUpdateDbrVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
This function uses to clear DeployedMode variable value to 0..
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Data Data pointer.
@param[in] DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param[in] Attributes Attribute value of the variable.
@retval EFI_SUCCESS Update DeployedMode value to 0 successfully.
@retval Other Any error occurred while updating DeployedMode value to 0.
**/
EFI_STATUS
RuntimeDxeClearDeployedMode (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
Use variable name and variable GUID to check this variable is administer secure boot relative variable
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@retval TRUE This variable is a administer secure boot relative variable.
@retval FALSE This variable isn't a administer secure boot relative variable
**/
BOOLEAN
IsAdministerSecureVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
);
/**
Update administer secure boot relative variable
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@param Data Data pointer.
@param DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param Attributes Attribute value of the variable.
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
@return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
set, but the AuthInfo does NOT pass the validation
check carried out by the firmware.
@return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
**/
EFI_STATUS
UpdateAdministerSecureVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes
);
/**
Initialize all of administer secure boot relative authenticated variables.
@retval EFI_SUCCESS Update all of secure boot relative authenticated variables successful
@retval Other The driver failded to start the device
**/
EFI_STATUS
InitializeAdministerSecureBootVariables (
VOID
);
/**
According input data to update L"SecureBootEnforce" variable
@param Data Input data to update "SecureBootEnforce" variable
@retval EFI_SUCCESS update "SecureBootEnforce" successful.
@retval Other The driver failded to start the device
**/
EFI_STATUS
UpdateSecureBootEnforceVariable (
UINT8 Data
);
/**
According input data to update L"RestoreFactoryDefault" variable
@param Data Input data to update "RestoreFactoryDefault" variable
@retval EFI_SUCCESS update "RestoreFactoryDefault" successful.
@retval Other The driver failded to start the device
**/
EFI_STATUS
UpdateRestoreFactoryDefaultVariable (
UINT8 Data
);
/**
According to input data to update custom security status.
In this function, it will update "CustomSecurity" variable and "vendorKeys" variable.
If input Data is 0, it will update "CustomSecurity" to 0 and "vendorKeys" to 1.
If input Data is 1, it will update "CustomSecurity" to 1 and "vendorKeys" to 0.
@param[in] Data Input data to update custom security status.
@retval EFI_SUCCESS Update custom security status successful.
@retval EFI_INVALID_PARAMETER The value of Data isn't 0 or 1.
@retval Other Any error occurred while updating variable.
**/
EFI_STATUS
UpdateCustomSecurityStatus (
IN UINT8 Data
);
/**
Register call back function (on ReadytoBoot event and an platform specific event) to disable
all of secure boot functions.
@return EFI_SUCCESS Register callback function successful.
--*/
EFI_STATUS
RegisterEventToDisableSecureBoot (
VOID
);
extern SMI_SUB_FUNCTION_MAP mSecureBootFunctionsTable[];
#endif
Reference in New Issue View Git Blame Copy Permalink