From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.11123.1655152798384609351 for ; Mon, 13 Jun 2022 13:39:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Smr/7M1K; spf=pass (domain: gmail.com, ip: 209.85.210.174, mailfrom: kuqin12@gmail.com) Received: by mail-pf1-f174.google.com with SMTP id e11so6758224pfj.5 for ; Mon, 13 Jun 2022 13:39:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Uk/FpJRnAkOTp1DWHUHJIw39hhNmzijhDd5+ULpywqQ=; b=Smr/7M1KgjVcmb3chcCpuVbPr2Hh3IrpzX3OBv/XWhL/9jMDgt8eQLVhx8a3oYgZx2 U6IOQrkL0Jhgz+FQ3QegR/3PSKqIVLr4rDfIeO10LSkQPMrBXxxzXl/OuKYLx1r8kMjx k0idXtcR2VXD4VC6vBm/F4LsS1f2Ljf1zUfcGj179saBt42ArSKKuq8W5JpdMmM9xGcz 6o46YAOpd62fdIhcAdcwkD/kXOd4UiAXyULAMD8cY7k5Bf1i3gJxp3iQF27S0n7CcOcf TY0u9Sk1DT4ui/cROqN2kx1zCpF69SBhEn5nGNN9NWvxFIuf4GbkPGgvmiAJelpTUKse 7Jlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Uk/FpJRnAkOTp1DWHUHJIw39hhNmzijhDd5+ULpywqQ=; b=R50kjQr0F4PF/dKfH00JFXnyujxDkIHM5ppKoq2CH4MH6aSw6gBJ3SPK+iMoTUYS/l Z7bkchcDmPUH5jzVVsAP/E/AF7Ey2GWeC7uyh5i+Zvh1OGZv+ggycs3t1SyWxKFHgofb tbJFqu3dOJatISDNOfRsciFKSOmOW9/ne3X/+rWJs4Knl9qiUytSJUZPMPlUDGC5gCz7 VEBmQ3fwlP4es61kNJi6DIk8etEXFDuzWoIkKGo+RmSp8KNzutKJ7c2W8iOppvBwfv/9 /SSiDIk1RmvKXJLTpD1M/H/BZfVvf6AhPRdqNjL1/8JmBdJJyLcl90uiz2VMlhmplnr7 777g== X-Gm-Message-State: AOAM533GH4CC3n7Cusf6mruvHu/IWQsdbEdR/DKM2hS3SE7Cd9XhX1e3 1GSvjKaxitGMommk6RU53r5gzAkaD3AI7w== X-Google-Smtp-Source: ABdhPJz2RR9mlqZwyXobDviJLlJ0l7m3eKc3ACGwqdBnJmKh7XYzIfuwh+3V2bYatLGnrJRfyVk/bA== X-Received: by 2002:a63:84c3:0:b0:3fc:8c46:2447 with SMTP id k186-20020a6384c3000000b003fc8c462447mr1203504pgd.285.1655152797841; Mon, 13 Jun 2022 13:39:57 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([50.35.66.9]) by smtp.gmail.com with ESMTPSA id g14-20020a17090a578e00b001ea90dada74sm5603239pji.12.2022.06.13.13.39.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jun 2022 13:39:56 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu Subject: [PATCH v2 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Date: Mon, 13 Jun 2022 13:39:32 -0700 Message-Id: <20220613203943.704-2-kuqin12@gmail.com> X-Mailer: git-send-email 2.35.1.windows.2 In-Reply-To: <20220613203943.704-1-kuqin12@gmail.com> References: <20220613203943.704-1-kuqin12@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Kun Qin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 This change added certificate and payload structures that can be consumed by SecureBootVariableLib and other Secure Boot related operations. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin --- SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/UefiSecureBoot.h new file mode 100644 index 000000000000..642fef38f3a1 --- /dev/null +++ b/SecurityPkg/Include/UefiSecureBoot.h @@ -0,0 +1,94 @@ +/** @file + Provides a Secure Boot related data structure definitions. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef UEFI_SECURE_BOOT_H_ +#define UEFI_SECURE_BOOT_H_ + +#pragma pack (push, 1) + +/* + Data structure to provide certificates to setup authenticated secure + boot variables ('db', 'dbx', 'dbt', 'pk', etc.). + +*/ +typedef struct { + // + // The size, in number of bytes, of supplied certificate in 'Data' field. + // + UINTN DataSize; + // + // The pointer to the certificates in DER-encoded format. + // Note: This certificate data should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *Data; +} SECURE_BOOT_CERTIFICATE_INFO; + +/* + Data structure to provide all Secure Boot related certificates. + +*/ +typedef struct { + // + // The human readable name for this set of Secure Boot key sets. + // + CONST CHAR16 *SecureBootKeyName; + // + // The size, in number of bytes, of supplied certificate in 'DbPtr' field. + // + UINTN DbSize; + // + // The pointer to the DB certificates in signature list format. + // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *DbPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbxPtr' field. + // + UINTN DbxSize; + // + // The pointer to the DBX certificates in signature list format. + // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *DbxPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbtPtr' field. + // + UINTN DbtSize; + // + // The pointer to the DBT certificates in signature list format. + // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *DbtPtr; + // + // The size, in number of bytes, of supplied certificate in 'KekPtr' field. + // + UINTN KekSize; + // + // The pointer to the KEK certificates in signature list format. + // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *KekPtr; + // + // The size, in number of bytes, of supplied certificate in 'PkPtr' field. + // + UINTN PkSize; + // + // The pointer to the PK certificates in signature list format. + // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2 + // for authenticated variables. + // + CONST VOID *PkPtr; +} SECURE_BOOT_PAYLOAD_INFO; +#pragma pack (pop) + +#endif // UEFI_SECURE_BOOT_H_ -- 2.35.1.windows.2