From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web08.731.1651687492325690492 for ; Wed, 04 May 2022 11:04:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=UCCDaR7w; spf=pass (domain: gmail.com, ip: 209.85.216.45, mailfrom: kuqin12@gmail.com) Received: by mail-pj1-f45.google.com with SMTP id w5-20020a17090aaf8500b001d74c754128so5890219pjq.0 for ; Wed, 04 May 2022 11:04:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fD32K+QBWVsmYRsbokiBF0EoWS3UaFV2wiePGoKEUys=; b=UCCDaR7wHcwMrNxZj/ayV1qIyeBBx83/rXQbR43idEubnnRKZf2JSVh8vrrHa4AGrO X3/rq6jWKNzUKqV56m3j2Qn/AHqCbh8qjWspFUmdHQOQfh6vyd21pPWxHoxI6czbTu82 zLx4iET5eDBll05TVC1NETJv4LDx7sFfZKL/ovZTT/8euCCx7JbMTcJ7s1UOsYvZQDZI QrAhchW0VM/83mP+FaH5A06hjJ5mXE/GRpRKML9yVNFXQjPVFlCvu0ma3BrnmbGi+jeL a48fl0Vc8WE1QSR+uVHgNYNI3Zu7dC6vn2ey3Wq+vxp/1fbTKPugGtcISmsSmnpZpcjB IOnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fD32K+QBWVsmYRsbokiBF0EoWS3UaFV2wiePGoKEUys=; b=ayymQBqkSijyep/lDa64q5fPzl00EdJ4MxRRZKoM8yj1Fd/39isPV+d/Q3j4prBPAf 32sFC1FrQskAIAiuaz9B6smv/fq9eKFpSmahc+iWNxGZDWLPUd3CYDo+6YB21fB0JYYn gSEUxivrC2VqJvfmenG7tU8c0APt8vmkm4lFJFh1S0a7Z3V8q0Juk8ZGYE+bkeIPFjPO ITL5kkI8lIzTDj6fi9S24WMK3L26e3M0TMtnkVgXk0DwSjLhNID8+ibiTHrNaqBDbaPa ALE7seg/SmkR+gRelwNcQCJJTclWxMfyvK5ofRLyiv1lk1ITvMWsqUXElC/JtJAGXhUA Ir4Q== X-Gm-Message-State: AOAM532nFxABHn6LnSXpeVPqvyWvJq4cpStXKafOSPbYFC543nZMYkG9 ddL3L67e6mcghqY9uSJHfgeF4lhdtfsfEg== X-Google-Smtp-Source: ABdhPJwUYca0jWaur1HdhwdA7WJz6aIodLJaI8q2d0WsHzVabEXKIKZDtK6FNFXlymdaFfRuDWoj4A== X-Received: by 2002:a17:902:7586:b0:15e:c2fe:bad0 with SMTP id j6-20020a170902758600b0015ec2febad0mr5085649pll.72.1651687491368; Wed, 04 May 2022 11:04:51 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([50.47.82.110]) by smtp.gmail.com with ESMTPSA id n5-20020aa79045000000b0050dc7628143sm8496347pfo.29.2022.05.04.11.04.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 May 2022 11:04:51 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu Subject: [PATCH v1 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Date: Wed, 4 May 2022 11:04:27 -0700 Message-Id: <20220504180438.1321-2-kuqin12@gmail.com> X-Mailer: git-send-email 2.35.1.windows.2 In-Reply-To: <20220504180438.1321-1-kuqin12@gmail.com> References: <20220504180438.1321-1-kuqin12@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Kun Qin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 This change added certificate and payload structures that can be consumed by SecureBootVariableLib and other Secure Boot related operations. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin --- SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/UefiSecureBoot.h new file mode 100644 index 000000000000..642fef38f3a1 --- /dev/null +++ b/SecurityPkg/Include/UefiSecureBoot.h @@ -0,0 +1,94 @@ +/** @file + Provides a Secure Boot related data structure definitions. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef UEFI_SECURE_BOOT_H_ +#define UEFI_SECURE_BOOT_H_ + +#pragma pack (push, 1) + +/* + Data structure to provide certificates to setup authenticated secure + boot variables ('db', 'dbx', 'dbt', 'pk', etc.). + +*/ +typedef struct { + // + // The size, in number of bytes, of supplied certificate in 'Data' field. + // + UINTN DataSize; + // + // The pointer to the certificates in DER-encoded format. + // Note: This certificate data should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *Data; +} SECURE_BOOT_CERTIFICATE_INFO; + +/* + Data structure to provide all Secure Boot related certificates. + +*/ +typedef struct { + // + // The human readable name for this set of Secure Boot key sets. + // + CONST CHAR16 *SecureBootKeyName; + // + // The size, in number of bytes, of supplied certificate in 'DbPtr' field. + // + UINTN DbSize; + // + // The pointer to the DB certificates in signature list format. + // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *DbPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbxPtr' field. + // + UINTN DbxSize; + // + // The pointer to the DBX certificates in signature list format. + // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *DbxPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbtPtr' field. + // + UINTN DbtSize; + // + // The pointer to the DBT certificates in signature list format. + // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *DbtPtr; + // + // The size, in number of bytes, of supplied certificate in 'KekPtr' field. + // + UINTN KekSize; + // + // The pointer to the KEK certificates in signature list format. + // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *KekPtr; + // + // The size, in number of bytes, of supplied certificate in 'PkPtr' field. + // + UINTN PkSize; + // + // The pointer to the PK certificates in signature list format. + // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *PkPtr; +} SECURE_BOOT_PAYLOAD_INFO; +#pragma pack (pop) + +#endif // UEFI_SECURE_BOOT_H_ -- 2.34.1.windows.1