From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>, Min Xu <min.m.xu@intel.com>
Subject: [PATCH v1 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures
Date: Wed, 4 May 2022 11:04:27 -0700 [thread overview]
Message-ID: <20220504180438.1321-2-kuqin12@gmail.com> (raw)
In-Reply-To: <20220504180438.1321-1-kuqin12@gmail.com>
From: Kun Qin <kuqin@microsoft.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
This change added certificate and payload structures that can be consumed
by SecureBootVariableLib and other Secure Boot related operations.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
---
SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++
1 file changed, 94 insertions(+)
diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/UefiSecureBoot.h
new file mode 100644
index 000000000000..642fef38f3a1
--- /dev/null
+++ b/SecurityPkg/Include/UefiSecureBoot.h
@@ -0,0 +1,94 @@
+/** @file
+ Provides a Secure Boot related data structure definitions.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UEFI_SECURE_BOOT_H_
+#define UEFI_SECURE_BOOT_H_
+
+#pragma pack (push, 1)
+
+/*
+ Data structure to provide certificates to setup authenticated secure
+ boot variables ('db', 'dbx', 'dbt', 'pk', etc.).
+
+*/
+typedef struct {
+ //
+ // The size, in number of bytes, of supplied certificate in 'Data' field.
+ //
+ UINTN DataSize;
+ //
+ // The pointer to the certificates in DER-encoded format.
+ // Note: This certificate data should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *Data;
+} SECURE_BOOT_CERTIFICATE_INFO;
+
+/*
+ Data structure to provide all Secure Boot related certificates.
+
+*/
+typedef struct {
+ //
+ // The human readable name for this set of Secure Boot key sets.
+ //
+ CONST CHAR16 *SecureBootKeyName;
+ //
+ // The size, in number of bytes, of supplied certificate in 'DbPtr' field.
+ //
+ UINTN DbSize;
+ //
+ // The pointer to the DB certificates in signature list format.
+ // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *DbPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'DbxPtr' field.
+ //
+ UINTN DbxSize;
+ //
+ // The pointer to the DBX certificates in signature list format.
+ // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *DbxPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'DbtPtr' field.
+ //
+ UINTN DbtSize;
+ //
+ // The pointer to the DBT certificates in signature list format.
+ // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *DbtPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'KekPtr' field.
+ //
+ UINTN KekSize;
+ //
+ // The pointer to the KEK certificates in signature list format.
+ // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *KekPtr;
+ //
+ // The size, in number of bytes, of supplied certificate in 'PkPtr' field.
+ //
+ UINTN PkSize;
+ //
+ // The pointer to the PK certificates in signature list format.
+ // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+ // for authenticated variables.
+ //
+ CONST VOID *PkPtr;
+} SECURE_BOOT_PAYLOAD_INFO;
+#pragma pack (pop)
+
+#endif // UEFI_SECURE_BOOT_H_
--
2.34.1.windows.1
next prev parent reply other threads:[~2022-05-04 18:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-04 18:04 [PATCH v1 00/11] Enhance Secure Boot Variable Libraries Kun Qin
2022-05-04 18:04 ` Kun Qin [this message]
2022-05-04 18:04 ` [PATCH v1 02/11] SecurityPkg: PlatformPKProtectionLib: Added PK protection interface Kun Qin
2022-05-04 18:04 ` [PATCH v1 03/11] SecurityPkg: SecureBootVariableLib: Updated time based payload creator Kun Qin
2022-05-04 18:04 ` [PATCH v1 04/11] SecurityPkg: SecureBootVariableLib: Updated signature list creator Kun Qin
2022-05-04 18:04 ` [PATCH v1 05/11] SecurityPkg: SecureBootVariableLib: Added newly supported interfaces Kun Qin
2022-05-04 18:04 ` [PATCH v1 06/11] SecurityPkg: SecureBootVariableProvisionLib: Updated implementation Kun Qin
2022-05-04 18:04 ` [PATCH v1 07/11] SecurityPkg: Secure Boot Drivers: Added common header files Kun Qin
2022-05-04 18:04 ` [PATCH v1 08/11] SecurityPkg: SecureBootConfigDxe: Updated invocation pattern Kun Qin
2022-05-04 18:04 ` [PATCH v1 09/11] SecurityPkg: SecureBootVariableLib: Added unit tests Kun Qin
2022-05-04 18:04 ` [PATCH v1 10/11] OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency Kun Qin
2022-05-04 18:04 ` [PATCH v1 11/11] EmulatorPkg: " Kun Qin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220504180438.1321-2-kuqin12@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox