[PATCH v3 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures

["Kun Qin" <kuqin12@gmail.com>]

From: Kun Qin <kuqin@microsoft.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910

This change added certificate and payload structures that can be consumed
by SecureBootVariableLib and other Secure Boot related operations.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
---

Notes:
    v3:
    - Added reviewed-by tag [Jiewen]
    - Added reviewed-by tag [Michael Kubacki]

 SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++
 1 file changed, 94 insertions(+)

diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/UefiSecureBoot.h
new file mode 100644
index 000000000000..642fef38f3a1
--- /dev/null
+++ b/SecurityPkg/Include/UefiSecureBoot.h
@@ -0,0 +1,94 @@
+/** @file
+  Provides a Secure Boot related data structure definitions.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef UEFI_SECURE_BOOT_H_
+#define UEFI_SECURE_BOOT_H_
+
+#pragma pack (push, 1)
+
+/*
+  Data structure to provide certificates to setup authenticated secure
+  boot variables ('db', 'dbx', 'dbt', 'pk', etc.).
+
+*/
+typedef struct {
+  //
+  // The size, in number of bytes, of supplied certificate in 'Data' field.
+  //
+  UINTN         DataSize;
+  //
+  // The pointer to the certificates in DER-encoded format.
+  // Note: This certificate data should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID    *Data;
+} SECURE_BOOT_CERTIFICATE_INFO;
+
+/*
+  Data structure to provide all Secure Boot related certificates.
+
+*/
+typedef struct {
+  //
+  // The human readable name for this set of Secure Boot key sets.
+  //
+  CONST CHAR16    *SecureBootKeyName;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbPtr' field.
+  //
+  UINTN           DbSize;
+  //
+  // The pointer to the DB certificates in signature list format.
+  // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *DbPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbxPtr' field.
+  //
+  UINTN           DbxSize;
+  //
+  // The pointer to the DBX certificates in signature list format.
+  // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *DbxPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'DbtPtr' field.
+  //
+  UINTN           DbtSize;
+  //
+  // The pointer to the DBT certificates in signature list format.
+  // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *DbtPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'KekPtr' field.
+  //
+  UINTN           KekSize;
+  //
+  // The pointer to the KEK certificates in signature list format.
+  // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *KekPtr;
+  //
+  // The size, in number of bytes, of supplied certificate in 'PkPtr' field.
+  //
+  UINTN           PkSize;
+  //
+  // The pointer to the PK certificates in signature list format.
+  // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHENTICATION_2
+  //       for authenticated variables.
+  //
+  CONST VOID      *PkPtr;
+} SECURE_BOOT_PAYLOAD_INFO;
+#pragma pack (pop)
+
+#endif // UEFI_SECURE_BOOT_H_
-- 
2.36.0.windows.1