From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web10.32233.1656633237943064739
 for <devel@edk2.groups.io>;
 Thu, 30 Jun 2022 16:53:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=BmMEH1sj;
 spf=pass (domain: gmail.com, ip: 209.85.214.175, mailfrom: kuqin12@gmail.com)
Received: by mail-pl1-f175.google.com with SMTP id n10so832829plp.0
        for <devel@edk2.groups.io>; Thu, 30 Jun 2022 16:53:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=F2fnpqFy90us8Ywh9xecT3XxpBKruSq2/WlxqyXRXrQ=;
        b=BmMEH1sjjm87dyRUTFDhAR9sZ0DRZTisTD8ziAOYazAiA+GcMqllPG0695EhPdKTZF
         k5wvlwU/alCmGfbHcA6cFIgF+JP23AJLa0w77PPLdGMxoOXLJZVTmkfhybndIW2zl/CI
         wO0rQ0iAAjw/0LcwMZLGTrCg1obXyIA7ZoDXY8D8FS8q1CEDAniHTZDeXiAcoLU4aknV
         Jrf1nKuvjwbDDJNa54b5XfBLvpXcXNE53gi744nJ+P0bvuhhKHNPMq7YizbHkH6o7pZV
         NWys6Au6FIu3/aQdrunhmJ4/yIg0+i5vdNLd0UbABeNxeMpfGPm8JRkko+L7+BWpOlBX
         Aw3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=F2fnpqFy90us8Ywh9xecT3XxpBKruSq2/WlxqyXRXrQ=;
        b=FNT5qLYUSeYJhVt5iobTN6fA3PW0+4QR79uB6r2n9wHyEWuLcjUqJwlnIKW7fMilvI
         KJFZr4DCwJYtpDcZH2IK/sIuV5/HH39z28gQV3H/cxPqR9LB/v/QxcGlXML2PfyOkUYJ
         1qbcVPJvgxVmln4Er6PI9VG4Zw7Blzx7AlHYpaBte355fvC8bz2rcX30Dlsf6eYLIv3u
         wqeC58sK9x85TBVa5VvIYxx3JrRzoAIgfKgjD9SRN/fl16lWWMtsp0RO8jIRWOenQDw8
         TD4pL2+wC3wmAJpsOJKXhy4wntMA+MG67vJ+EYLI/QztLeGWxx8zhEVRVTdDov9GqYT2
         5sLA==
X-Gm-Message-State: AJIora9jDzM4HfgnKl4mZTd0tv4lU7TjD5StvWmtif5O+eKi38TKMHe4
	KAGif7QYsnXUPltteT/Q7OASrklJqS8=
X-Google-Smtp-Source: AGRyM1uYYwYOWhUZuIHQWwvTzjG7MWFSkkL9MnvnFdjQf8ejXHMERLZcu+UT5quGUWQSyw6ORqsrhg==
X-Received: by 2002:a17:90a:d18a:b0:1ed:4f08:e6a1 with SMTP id fu10-20020a17090ad18a00b001ed4f08e6a1mr13312722pjb.28.1656633237222;
        Thu, 30 Jun 2022 16:53:57 -0700 (PDT)
Return-Path: <kuqin12@gmail.com>
Received: from MININT-0U7P5GU.redmond.corp.microsoft.com ([2001:4898:80e8:7:19ac:d515:5a95:7969])
        by smtp.gmail.com with ESMTPSA id x199-20020a627cd0000000b00525243d0dc6sm14679202pfc.15.2022.06.30.16.53.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 Jun 2022 16:53:57 -0700 (PDT)
From: "Kun Qin" <kuqin12@gmail.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <Jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>
Subject: [PATCH v3 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures
Date: Thu, 30 Jun 2022 16:53:31 -0700
Message-Id: <20220630235341.1746-2-kuqin12@gmail.com>
X-Mailer: git-send-email 2.36.0.windows.1
In-Reply-To: <20220630235341.1746-1-kuqin12@gmail.com>
References: <20220630235341.1746-1-kuqin12@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Kun Qin <kuqin@microsoft.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910

This change added certificate and payload structures that can be consumed
by SecureBootVariableLib and other Secure Boot related operations.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
---

Notes:
    v3:
    - Added reviewed-by tag [Jiewen]
    - Added reviewed-by tag [Michael Kubacki]

 SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++
 1 file changed, 94 insertions(+)

diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/Uef=
iSecureBoot.h
new file mode 100644
index 000000000000..642fef38f3a1
--- /dev/null
+++ b/SecurityPkg/Include/UefiSecureBoot.h
@@ -0,0 +1,94 @@
+/** @file=0D
+  Provides a Secure Boot related data structure definitions.=0D
+=0D
+  Copyright (c) Microsoft Corporation.=0D
+  SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+=0D
+**/=0D
+=0D
+#ifndef UEFI_SECURE_BOOT_H_=0D
+#define UEFI_SECURE_BOOT_H_=0D
+=0D
+#pragma pack (push, 1)=0D
+=0D
+/*=0D
+  Data structure to provide certificates to setup authenticated secure=0D
+  boot variables ('db', 'dbx', 'dbt', 'pk', etc.).=0D
+=0D
+*/=0D
+typedef struct {=0D
+  //=0D
+  // The size, in number of bytes, of supplied certificate in 'Data' field=
.=0D
+  //=0D
+  UINTN         DataSize;=0D
+  //=0D
+  // The pointer to the certificates in DER-encoded format.=0D
+  // Note: This certificate data should not contain the EFI_VARIABLE_AUTHE=
NTICATION_2=0D
+  //       for authenticated variables.=0D
+  //=0D
+  CONST VOID    *Data;=0D
+} SECURE_BOOT_CERTIFICATE_INFO;=0D
+=0D
+/*=0D
+  Data structure to provide all Secure Boot related certificates.=0D
+=0D
+*/=0D
+typedef struct {=0D
+  //=0D
+  // The human readable name for this set of Secure Boot key sets.=0D
+  //=0D
+  CONST CHAR16    *SecureBootKeyName;=0D
+  //=0D
+  // The size, in number of bytes, of supplied certificate in 'DbPtr' fiel=
d.=0D
+  //=0D
+  UINTN           DbSize;=0D
+  //=0D
+  // The pointer to the DB certificates in signature list format.=0D
+  // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHEN=
TICATION_2=0D
+  //       for authenticated variables.=0D
+  //=0D
+  CONST VOID      *DbPtr;=0D
+  //=0D
+  // The size, in number of bytes, of supplied certificate in 'DbxPtr' fie=
ld.=0D
+  //=0D
+  UINTN           DbxSize;=0D
+  //=0D
+  // The pointer to the DBX certificates in signature list format.=0D
+  // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHE=
NTICATION_2=0D
+  //       for authenticated variables.=0D
+  //=0D
+  CONST VOID      *DbxPtr;=0D
+  //=0D
+  // The size, in number of bytes, of supplied certificate in 'DbtPtr' fie=
ld.=0D
+  //=0D
+  UINTN           DbtSize;=0D
+  //=0D
+  // The pointer to the DBT certificates in signature list format.=0D
+  // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHE=
NTICATION_2=0D
+  //       for authenticated variables.=0D
+  //=0D
+  CONST VOID      *DbtPtr;=0D
+  //=0D
+  // The size, in number of bytes, of supplied certificate in 'KekPtr' fie=
ld.=0D
+  //=0D
+  UINTN           KekSize;=0D
+  //=0D
+  // The pointer to the KEK certificates in signature list format.=0D
+  // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHE=
NTICATION_2=0D
+  //       for authenticated variables.=0D
+  //=0D
+  CONST VOID      *KekPtr;=0D
+  //=0D
+  // The size, in number of bytes, of supplied certificate in 'PkPtr' fiel=
d.=0D
+  //=0D
+  UINTN           PkSize;=0D
+  //=0D
+  // The pointer to the PK certificates in signature list format.=0D
+  // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHEN=
TICATION_2=0D
+  //       for authenticated variables.=0D
+  //=0D
+  CONST VOID      *PkPtr;=0D
+} SECURE_BOOT_PAYLOAD_INFO;=0D
+#pragma pack (pop)=0D
+=0D
+#endif // UEFI_SECURE_BOOT_H_=0D
--=20
2.36.0.windows.1