What to do: 1. Move authenticated variable definition from AuthenticatedVariableFormat.h to VariableFormat.h with gEfiAuthenticatedVariableGuid and AUTHENTICATED_VARIABLE_HEADER. 2. Replace VARIABLE_HEADER with AUTHENTICATED_VARIABLE_HEADER in EsalVariableDxeSal. 3. Also update PACKAGE_VERSION after the deletion of VariableInfo, VariablePei, Auth Variable driver and authenticated variable definition from SecurityPkg
Why to do: 1. Share code. We are moving forward to separate auth variable service from Auth Variable driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit and be used by different implementation of Auth Variable drivers. 2. Remove code duplication and reduce maintenance effort. After auth variable service separated from Auth Variable driver in SecurityPkg to AuthVariableLib. The remaining code logic of Auth Variable driver in SecurityPkg will be almost same with Variable driver in MdeModulePkg. We are going to merge them. 3. gEfiAuthenticatedVariableGuid will be used by both merged Variable driver and AuthVariableLib, AUTHENTICATED_VARIABLE_HEADER will be used by merged Variable driver. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.z...@intel.com> Reviewed-by: Jiewen Yao <jiewen....@intel.com> Reviewed-by: Liming Gao <liming....@intel.com> --- .../Include/Guid/AuthenticatedVariableFormat.h | 201 +++---------------- SecurityPkg/SecurityPkg.dec | 6 +- .../EsalVariableDxeSal/AuthService.c | 42 ++-- .../EsalVariableDxeSal/Variable.c | 220 ++++++++++----------- .../EsalVariableDxeSal/Variable.h | 18 +- 5 files changed, 164 insertions(+), 323 deletions(-) diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h index c7cd34a..1f007cf 100644 --- a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h +++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h @@ -1,16 +1,17 @@ /** @file - The variable data structures are related to EDKII-specific + The variable data structures are related to EDKII-specific implementation of UEFI authenticated variables. - AuthenticatedVariableFormat.h defines variable data headers - and variable storage region headers. - -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR> -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at + AuthenticatedVariableFormat.h defines variable data headers + and variable storage region headers that has been moved to + VariableFormat.h. + +Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ @@ -18,14 +19,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__ #define __AUTHENTICATED_VARIABLE_FORMAT_H__ -#define EFI_AUTHENTICATED_VARIABLE_GUID \ - { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } +#include <Guid/VariableFormat.h> #define EFI_SECURE_BOOT_ENABLE_DISABLE \ { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } } - -extern EFI_GUID gEfiAuthenticatedVariableGuid; extern EFI_GUID gEfiSecureBootEnableDisableGuid; extern EFI_GUID gEfiCertDbGuid; extern EFI_GUID gEfiCustomModeEnableGuid; @@ -36,6 +34,10 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// This variable is used for allowing a physically present user to disable /// Secure Boot via firmware setup without the possession of PKpriv. /// +/// GUID: gEfiSecureBootEnableDisableGuid +/// +/// Format: UINT8 +/// #define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable" #define SECURE_BOOT_ENABLE 1 #define SECURE_BOOT_DISABLE 0 @@ -48,6 +50,10 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// Can enroll or delete KEK without existing PK's private key. /// Can enroll or delete signature from DB/DBX without KEK's private key. /// +/// GUID: gEfiCustomModeEnableGuid +/// +/// Format: UINT8 +/// #define EFI_CUSTOM_MODE_NAME L"CustomMode" #define CUSTOM_SECURE_BOOT_MODE 1 #define STANDARD_SECURE_BOOT_MODE 0 @@ -58,173 +64,12 @@ extern EFI_GUID gEfiVendorKeysNvGuid; /// the platform vendor has used a mechanism not defined by the UEFI Specification to /// transition the system to setup mode or to update secure boot keys. /// +/// GUID: gEfiVendorKeysNvGuid +/// +/// Format: UINT8 +/// #define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv" #define VENDOR_KEYS_VALID 1 #define VENDOR_KEYS_MODIFIED 0 -/// -/// Alignment of variable name and data, according to the architecture: -/// * For IA-32 and Intel(R) 64 architectures: 1. -/// * For IA-64 architecture: 8. -/// -#if defined (MDE_CPU_IPF) -#define ALIGNMENT 8 -#else -#define ALIGNMENT 1 -#endif - -// -// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement. -// -#if (ALIGNMENT == 1) -#define GET_PAD_SIZE(a) (0) -#else -#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1)) -#endif - -/// -/// Alignment of Variable Data Header in Variable Store region. -/// -#define HEADER_ALIGNMENT 4 -#define HEADER_ALIGN(Header) (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1))) - -/// -/// Status of Variable Store Region. -/// -typedef enum { - EfiRaw, - EfiValid, - EfiInvalid, - EfiUnknown -} VARIABLE_STORE_STATUS; - -#pragma pack(1) - -#define VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID - -/// -/// Variable Store Header Format and State. -/// -#define VARIABLE_STORE_FORMATTED 0x5a -#define VARIABLE_STORE_HEALTHY 0xfe - -/// -/// Variable Store region header. -/// -typedef struct { - /// - /// Variable store region signature. - /// - EFI_GUID Signature; - /// - /// Size of entire variable store, - /// including size of variable store header but not including the size of FvHeader. - /// - UINT32 Size; - /// - /// Variable region format state. - /// - UINT8 Format; - /// - /// Variable region healthy state. - /// - UINT8 State; - UINT16 Reserved; - UINT32 Reserved1; -} VARIABLE_STORE_HEADER; - -/// -/// Variable data start flag. -/// -#define VARIABLE_DATA 0x55AA - -/// -/// Variable State flags. -/// -#define VAR_IN_DELETED_TRANSITION 0xfe ///< Variable is in obsolete transition. -#define VAR_DELETED 0xfd ///< Variable is obsolete. -#define VAR_HEADER_VALID_ONLY 0x7f ///< Variable header has been valid. -#define VAR_ADDED 0x3f ///< Variable has been completely added. - -/// -/// Variable Attribute combinations. -/// -#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) -#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS) -#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) -#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE) -#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD) -#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) -#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) -#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW) - -/// Single Variable Data Header Structure. -/// -typedef struct { - /// - /// Variable Data Start Flag. - /// - UINT16 StartId; - /// - /// Variable State defined above. - /// - UINT8 State; - UINT8 Reserved; - /// - /// Attributes of variable defined in UEFI specification. - /// - UINT32 Attributes; - /// - /// Associated monotonic count value against replay attack. - /// - UINT64 MonotonicCount; - /// - /// Associated TimeStamp value against replay attack. - /// - EFI_TIME TimeStamp; - /// - /// Index of associated public key in database. - /// - UINT32 PubKeyIndex; - /// - /// Size of variable null-terminated Unicode string name. - /// - UINT32 NameSize; - /// - /// Size of the variable data without this header. - /// - UINT32 DataSize; - /// - /// A unique identifier for the vendor that produces and consumes this varaible. - /// - EFI_GUID VendorGuid; -} VARIABLE_HEADER; - -typedef struct { - EFI_GUID *Guid; - CHAR16 *Name; - UINTN VariableSize; -} VARIABLE_ENTRY_CONSISTENCY; - -#pragma pack() - -typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY; - -/// -/// This structure contains the variable list that is put in EFI system table. -/// The variable driver collects all variables that were used at boot service time and produces this list. -/// This is an optional feature to dump all used variables in shell environment. -/// -struct _VARIABLE_INFO_ENTRY { - VARIABLE_INFO_ENTRY *Next; ///< Pointer to next entry. - EFI_GUID VendorGuid; ///< Guid of Variable. - CHAR16 *Name; ///< Name of Variable. - UINT32 Attributes; ///< Attributes of variable defined in UEFI spec. - UINT32 ReadCount; ///< Number of times to read this variable. - UINT32 WriteCount; ///< Number of times to write this variable. - UINT32 DeleteCount; ///< Number of times to delete this variable. - UINT32 CacheCount; ///< Number of times that cache hits this variable. - BOOLEAN Volatile; ///< TRUE if volatile, FALSE if non-volatile. -}; - #endif // __AUTHENTICATED_VARIABLE_FORMAT_H__ diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0559ba3..f2cc5a4 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -21,7 +21,7 @@ PACKAGE_NAME = SecurityPkg PACKAGE_UNI_FILE = SecurityPkg.uni PACKAGE_GUID = 24369CAC-6AA6-4fb8-88DB-90BF061668AD - PACKAGE_VERSION = 0.94 + PACKAGE_VERSION = 0.95 [Includes] Include @@ -76,10 +76,6 @@ # Include/Guid/SecurityPkgTokenSpace.h gEfiSecurityPkgTokenSpaceGuid = { 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }} - ## Guid acted as the authenticated variable store header's signature, and to specify the variable list entries put in the EFI system table. - # Include/Guid/AuthenticatedVariableFormat.h - gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } } - ## GUID used to "SecureBootEnable" variable for the Secure Boot feature enable/disable. # This variable is used for allowing a physically present user to disable Secure Boot via firmware setup without the possession of PKpriv. # Include/Guid/AuthenticatedVariableFormat.h diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c index 45d5cfe..490a8b3 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/AuthService.c @@ -39,16 +39,16 @@ AutenticatedVariableServiceInitialize ( VOID ) { - EFI_STATUS Status; - VARIABLE_POINTER_TRACK Variable; - UINT8 VarValue; - UINT32 VarAttr; - UINTN DataSize; - UINTN CtxSize; - VARIABLE_HEADER VariableHeader; - BOOLEAN Valid; + EFI_STATUS Status; + VARIABLE_POINTER_TRACK Variable; + UINT8 VarValue; + UINT32 VarAttr; + UINTN DataSize; + UINTN CtxSize; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + BOOLEAN Valid; - ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER)); + ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER)); mVariableModuleGlobal->AuthenticatedVariableGuid[Physical] = &gEfiAuthenticatedVariableGuid; mVariableModuleGlobal->CertRsa2048Sha256Guid[Physical] = &gEfiCertRsa2048Sha256Guid; @@ -477,16 +477,16 @@ ProcessVarWithPk ( IN BOOLEAN IsPk ) { - EFI_STATUS Status; - VARIABLE_POINTER_TRACK PkVariable; - EFI_SIGNATURE_LIST *OldPkList; - EFI_SIGNATURE_DATA *OldPkData; - EFI_VARIABLE_AUTHENTICATION *CertData; - VARIABLE_HEADER VariableHeader; - BOOLEAN Valid; + EFI_STATUS Status; + VARIABLE_POINTER_TRACK PkVariable; + EFI_SIGNATURE_LIST *OldPkList; + EFI_SIGNATURE_DATA *OldPkData; + EFI_VARIABLE_AUTHENTICATION *CertData; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + BOOLEAN Valid; OldPkList = NULL; - ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER)); + ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER)); if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) { // @@ -622,11 +622,11 @@ ProcessVarWithKek ( EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock; BOOLEAN IsFound; UINT32 Index; - VARIABLE_HEADER VariableHeader; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; BOOLEAN Valid; KekList = NULL; - ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER)); + ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER)); if (mPlatformMode == USER_MODE) { if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) { @@ -771,7 +771,7 @@ VerifyVariable ( UINT8 *PubKey; EFI_VARIABLE_AUTHENTICATION *CertData; EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock; - VARIABLE_HEADER VariableHeader; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; BOOLEAN Valid; CertData = NULL; @@ -786,7 +786,7 @@ VerifyVariable ( // // Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS. // - ZeroMem (&VariableHeader, sizeof (VARIABLE_HEADER)); + ZeroMem (&VariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER)); if (Variable->CurrPtr != 0x0) { Valid = IsValidVariableHeader ( Variable->CurrPtr, diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c index 0b2775d..f08adf0 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.c @@ -347,7 +347,7 @@ GetVarStoreHeader ( FALSE - Variable is non-volatile. @param[in] Global Pointer to VARAIBLE_GLOBAL structure. @param[in] Instance Instance of FV Block services. - @param[out] VariableHeader Pointer to VARIABLE_HEADER for output. + @param[out] VariableHeader Pointer to AUTHENTICATED_VARIABLE_HEADER for output. @retval TRUE Variable header is valid. @retval FALSE Variable header is not valid. @@ -355,15 +355,15 @@ GetVarStoreHeader ( **/ BOOLEAN IsValidVariableHeader ( - IN EFI_PHYSICAL_ADDRESS VariableAddress, - IN BOOLEAN Volatile, - IN VARIABLE_GLOBAL *Global, - IN UINTN Instance, - OUT VARIABLE_HEADER *VariableHeader OPTIONAL + IN EFI_PHYSICAL_ADDRESS VariableAddress, + IN BOOLEAN Volatile, + IN VARIABLE_GLOBAL *Global, + IN UINTN Instance, + OUT AUTHENTICATED_VARIABLE_HEADER *VariableHeader OPTIONAL ) { - EFI_STATUS Status; - VARIABLE_HEADER LocalVariableHeader; + EFI_STATUS Status; + AUTHENTICATED_VARIABLE_HEADER LocalVariableHeader; Status = AccessVariableStore ( FALSE, @@ -371,7 +371,7 @@ IsValidVariableHeader ( Volatile, Instance, VariableAddress, - sizeof (VARIABLE_HEADER), + sizeof (AUTHENTICATED_VARIABLE_HEADER), &LocalVariableHeader ); @@ -380,7 +380,7 @@ IsValidVariableHeader ( } if (VariableHeader != NULL) { - CopyMem (VariableHeader, &LocalVariableHeader, sizeof (VARIABLE_HEADER)); + CopyMem (VariableHeader, &LocalVariableHeader, sizeof (AUTHENTICATED_VARIABLE_HEADER)); } return TRUE; @@ -439,7 +439,7 @@ GetVariableStoreStatus ( **/ UINTN NameSizeOfVariable ( - IN VARIABLE_HEADER *Variable + IN AUTHENTICATED_VARIABLE_HEADER *Variable ) { if (Variable->State == (UINT8) (-1) || @@ -465,7 +465,7 @@ NameSizeOfVariable ( **/ UINTN DataSizeOfVariable ( - IN VARIABLE_HEADER *Variable + IN AUTHENTICATED_VARIABLE_HEADER *Variable ) { if (Variable->State == (UINT8) -1 || @@ -500,10 +500,10 @@ GetVariableNamePtr ( OUT CHAR16 *VariableName ) { - EFI_STATUS Status; - EFI_PHYSICAL_ADDRESS Address; - VARIABLE_HEADER VariableHeader; - BOOLEAN IsValid; + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS Address; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + BOOLEAN IsValid; IsValid = IsValidVariableHeader (VariableAddress, Volatile, Global, Instance, &VariableHeader); ASSERT (IsValid); @@ -511,7 +511,7 @@ GetVariableNamePtr ( // // Name area follows variable header. // - Address = VariableAddress + sizeof (VARIABLE_HEADER); + Address = VariableAddress + sizeof (AUTHENTICATED_VARIABLE_HEADER); Status = AccessVariableStore ( FALSE, @@ -548,10 +548,10 @@ GetVariableDataPtr ( OUT CHAR16 *VariableData ) { - EFI_STATUS Status; - EFI_PHYSICAL_ADDRESS Address; - VARIABLE_HEADER VariableHeader; - BOOLEAN IsValid; + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS Address; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + BOOLEAN IsValid; IsValid = IsValidVariableHeader (VariableAddress, Volatile, Global, Instance, &VariableHeader); ASSERT (IsValid); @@ -560,7 +560,7 @@ GetVariableDataPtr ( // Data area follows variable name. // Be careful about pad size for alignment // - Address = VariableAddress + sizeof (VARIABLE_HEADER); + Address = VariableAddress + sizeof (AUTHENTICATED_VARIABLE_HEADER); Address += NameSizeOfVariable (&VariableHeader); Address += GET_PAD_SIZE (NameSizeOfVariable (&VariableHeader)); @@ -601,8 +601,8 @@ GetNextVariablePtr ( IN UINTN Instance ) { - EFI_PHYSICAL_ADDRESS Address; - VARIABLE_HEADER VariableHeader; + EFI_PHYSICAL_ADDRESS Address; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; if (!IsValidVariableHeader (VariableAddress, Volatile, Global, Instance, &VariableHeader)) { return 0x0; @@ -611,7 +611,7 @@ GetNextVariablePtr ( // // Header of next variable follows data area of this variable // - Address = VariableAddress + sizeof (VARIABLE_HEADER); + Address = VariableAddress + sizeof (AUTHENTICATED_VARIABLE_HEADER); Address += NameSizeOfVariable (&VariableHeader); Address += GET_PAD_SIZE (NameSizeOfVariable (&VariableHeader)); Address += DataSizeOfVariable (&VariableHeader); @@ -964,14 +964,14 @@ FindVariable ( IN UINTN Instance ) { - EFI_PHYSICAL_ADDRESS Variable[2]; - EFI_PHYSICAL_ADDRESS InDeletedVariable; - EFI_PHYSICAL_ADDRESS VariableStoreHeader[2]; - UINTN InDeletedStorageIndex; - UINTN Index; - CHAR16 LocalVariableName[MAX_NAME_SIZE]; - BOOLEAN Volatile; - VARIABLE_HEADER VariableHeader; + EFI_PHYSICAL_ADDRESS Variable[2]; + EFI_PHYSICAL_ADDRESS InDeletedVariable; + EFI_PHYSICAL_ADDRESS VariableStoreHeader[2]; + UINTN InDeletedStorageIndex; + UINTN Index; + CHAR16 LocalVariableName[MAX_NAME_SIZE]; + BOOLEAN Volatile; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; // // 0: Volatile, 1: Non-Volatile @@ -1120,24 +1120,24 @@ Reclaim ( IN EFI_PHYSICAL_ADDRESS UpdatingVariable ) { - EFI_PHYSICAL_ADDRESS Variable; - EFI_PHYSICAL_ADDRESS AddedVariable; - EFI_PHYSICAL_ADDRESS NextVariable; - EFI_PHYSICAL_ADDRESS NextAddedVariable; - VARIABLE_STORE_HEADER VariableStoreHeader; - VARIABLE_HEADER VariableHeader; - VARIABLE_HEADER AddedVariableHeader; - CHAR16 VariableName[MAX_NAME_SIZE]; - CHAR16 AddedVariableName[MAX_NAME_SIZE]; - UINT8 *ValidBuffer; - UINTN MaximumBufferSize; - UINTN VariableSize; - UINTN NameSize; - UINT8 *CurrPtr; - BOOLEAN FoundAdded; - EFI_STATUS Status; - VARIABLE_GLOBAL *VariableGlobal; - UINT32 Instance; + EFI_PHYSICAL_ADDRESS Variable; + EFI_PHYSICAL_ADDRESS AddedVariable; + EFI_PHYSICAL_ADDRESS NextVariable; + EFI_PHYSICAL_ADDRESS NextAddedVariable; + VARIABLE_STORE_HEADER VariableStoreHeader; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + AUTHENTICATED_VARIABLE_HEADER AddedVariableHeader; + CHAR16 VariableName[MAX_NAME_SIZE]; + CHAR16 AddedVariableName[MAX_NAME_SIZE]; + UINT8 *ValidBuffer; + UINTN MaximumBufferSize; + UINTN VariableSize; + UINTN NameSize; + UINT8 *CurrPtr; + BOOLEAN FoundAdded; + EFI_STATUS Status; + VARIABLE_GLOBAL *VariableGlobal; + UINT32 Instance; VariableGlobal = &Global->VariableGlobal[VirtualMode]; Instance = Global->FvbInstance; @@ -1200,9 +1200,9 @@ Reclaim ( VariableSize = NextVariable - Variable; CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize); CurrPtr += VariableSize; - if ((!IsVolatile) && ((((VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { + if ((!IsVolatile) && ((((AUTHENTICATED_VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { Global->HwErrVariableTotalSize += VariableSize; - } else if ((!IsVolatile) && ((((VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { + } else if ((!IsVolatile) && ((((AUTHENTICATED_VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { Global->CommonVariableTotalSize += VariableSize; } } @@ -1254,12 +1254,12 @@ Reclaim ( // 1. No valid instance of this variable exists. // 2. It is not the variable that is going to be updated. // - ((VARIABLE_HEADER *) CurrPtr)->State = VAR_ADDED; + ((AUTHENTICATED_VARIABLE_HEADER *) CurrPtr)->State = VAR_ADDED; } CurrPtr += VariableSize; - if ((!IsVolatile) && ((((VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { + if ((!IsVolatile) && ((((AUTHENTICATED_VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { Global->HwErrVariableTotalSize += VariableSize; - } else if ((!IsVolatile) && ((((VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { + } else if ((!IsVolatile) && ((((AUTHENTICATED_VARIABLE_HEADER*)Variable)->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { Global->CommonVariableTotalSize += VariableSize; } } @@ -1729,7 +1729,7 @@ AutoUpdateLangVariable( VariableGlobal, Variable.Volatile, Instance, - (UINTN) &(((VARIABLE_HEADER *)Variable.CurrPtr)->DataSize), + (UINTN) &(((AUTHENTICATED_VARIABLE_HEADER *)Variable.CurrPtr)->DataSize), sizeof (DataSize), &DataSize ); @@ -1865,15 +1865,15 @@ UpdateVariable ( ) { EFI_STATUS Status; - VARIABLE_HEADER *NextVariable; + AUTHENTICATED_VARIABLE_HEADER *NextVariable; UINTN VarNameOffset; UINTN VarDataOffset; UINTN VarNameSize; UINTN VarSize; BOOLEAN Volatile; UINT8 State; - VARIABLE_HEADER VariableHeader; - VARIABLE_HEADER *NextVariableHeader; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + AUTHENTICATED_VARIABLE_HEADER *NextVariableHeader; BOOLEAN Valid; BOOLEAN Reclaimed; VARIABLE_STORE_HEADER VariableStoreHeader; @@ -1930,7 +1930,7 @@ UpdateVariable ( VariableGlobal, Variable->Volatile, Instance, - (UINTN) &(((VARIABLE_HEADER *)Variable->CurrPtr)->State), + (UINTN) &(((AUTHENTICATED_VARIABLE_HEADER *)Variable->CurrPtr)->State), sizeof (UINT8), &State ); @@ -1946,7 +1946,7 @@ UpdateVariable ( // then return to the caller immediately. // if (DataSizeOfVariable (&VariableHeader) == DataSize) { - NextVariable = (VARIABLE_HEADER *)GetEndPointer (VariableGlobal->VolatileVariableBase, TRUE, VariableGlobal, Instance); + NextVariable = (AUTHENTICATED_VARIABLE_HEADER *)GetEndPointer (VariableGlobal->VolatileVariableBase, TRUE, VariableGlobal, Instance); GetVariableDataPtr (Variable->CurrPtr, Variable->Volatile, VariableGlobal, Instance, (CHAR16 *) NextVariable); if (CompareMem (Data, (VOID *) NextVariable, DataSize) == 0) { UpdateVariableInfo (VariableName, VendorGuid, Volatile, FALSE, TRUE, FALSE, FALSE); @@ -1968,7 +1968,7 @@ UpdateVariable ( VariableGlobal, Variable->Volatile, Instance, - (UINTN) &(((VARIABLE_HEADER *)Variable->CurrPtr)->State), + (UINTN) &(((AUTHENTICATED_VARIABLE_HEADER *)Variable->CurrPtr)->State), sizeof (UINT8), &State ); @@ -2007,9 +2007,9 @@ UpdateVariable ( // Tricky part: Use scratch data area at the end of volatile variable store // as a temporary storage. // - NextVariable = (VARIABLE_HEADER *)GetEndPointer (VariableGlobal->VolatileVariableBase, TRUE, VariableGlobal, Instance); + NextVariable = (AUTHENTICATED_VARIABLE_HEADER *)GetEndPointer (VariableGlobal->VolatileVariableBase, TRUE, VariableGlobal, Instance); ScratchSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)); - NextVariableHeader = (VARIABLE_HEADER *) NextVariable; + NextVariableHeader = (AUTHENTICATED_VARIABLE_HEADER *) NextVariable; SetMem (NextVariableHeader, ScratchSize, 0xff); @@ -2018,7 +2018,7 @@ UpdateVariable ( NextVariableHeader->PubKeyIndex = KeyIndex; NextVariableHeader->MonotonicCount = MonotonicCount; NextVariableHeader->Reserved = 0; - VarNameOffset = sizeof (VARIABLE_HEADER); + VarNameOffset = sizeof (AUTHENTICATED_VARIABLE_HEADER); VarNameSize = StrSize (VariableName); CopyMem ( (UINT8 *) ((UINTN)NextVariable + VarNameOffset), @@ -2096,7 +2096,7 @@ UpdateVariable ( FALSE, Instance, VariableGlobal->NonVolatileVariableBase + Global->NonVolatileLastVariableOffset, - sizeof (VARIABLE_HEADER), + sizeof (AUTHENTICATED_VARIABLE_HEADER), (UINT8 *) NextVariable ); @@ -2114,7 +2114,7 @@ UpdateVariable ( FALSE, Instance, VariableGlobal->NonVolatileVariableBase + Global->NonVolatileLastVariableOffset, - sizeof (VARIABLE_HEADER), + sizeof (AUTHENTICATED_VARIABLE_HEADER), (UINT8 *) NextVariable ); @@ -2129,9 +2129,9 @@ UpdateVariable ( VariableGlobal, FALSE, Instance, - VariableGlobal->NonVolatileVariableBase + Global->NonVolatileLastVariableOffset + sizeof (VARIABLE_HEADER), - (UINT32) VarSize - sizeof (VARIABLE_HEADER), - (UINT8 *) NextVariable + sizeof (VARIABLE_HEADER) + VariableGlobal->NonVolatileVariableBase + Global->NonVolatileLastVariableOffset + sizeof (AUTHENTICATED_VARIABLE_HEADER), + (UINT32) VarSize - sizeof (AUTHENTICATED_VARIABLE_HEADER), + (UINT8 *) NextVariable + sizeof (AUTHENTICATED_VARIABLE_HEADER) ); if (EFI_ERROR (Status)) { @@ -2147,7 +2147,7 @@ UpdateVariable ( FALSE, Instance, VariableGlobal->NonVolatileVariableBase + Global->NonVolatileLastVariableOffset, - sizeof (VARIABLE_HEADER), + sizeof (AUTHENTICATED_VARIABLE_HEADER), (UINT8 *) NextVariable ); @@ -2212,7 +2212,7 @@ UpdateVariable ( // has already been eliminated, so no need to delete it. // if (!Reclaimed && !EFI_ERROR (Status) && Variable->CurrPtr != 0) { - State = ((VARIABLE_HEADER *)Variable->CurrPtr)->State; + State = ((AUTHENTICATED_VARIABLE_HEADER *)Variable->CurrPtr)->State; State &= VAR_DELETED; Status = AccessVariableStore ( @@ -2220,7 +2220,7 @@ UpdateVariable ( VariableGlobal, Variable->Volatile, Instance, - (UINTN) &(((VARIABLE_HEADER *)Variable->CurrPtr)->State), + (UINTN) &(((AUTHENTICATED_VARIABLE_HEADER *)Variable->CurrPtr)->State), sizeof (UINT8), &State ); @@ -2277,13 +2277,13 @@ EsalGetVariable ( IN ESAL_VARIABLE_GLOBAL *Global ) { - VARIABLE_POINTER_TRACK Variable; - UINTN VarDataSize; - EFI_STATUS Status; - VARIABLE_HEADER VariableHeader; - BOOLEAN Valid; - VARIABLE_GLOBAL *VariableGlobal; - UINT32 Instance; + VARIABLE_POINTER_TRACK Variable; + UINTN VarDataSize; + EFI_STATUS Status; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + BOOLEAN Valid; + VARIABLE_GLOBAL *VariableGlobal; + UINT32 Instance; if (VariableName == NULL || VendorGuid == NULL || DataSize == NULL) { return EFI_INVALID_PARAMETER; @@ -2400,12 +2400,12 @@ EsalGetNextVariableName ( IN ESAL_VARIABLE_GLOBAL *Global ) { - VARIABLE_POINTER_TRACK Variable; - UINTN VarNameSize; - EFI_STATUS Status; - VARIABLE_HEADER VariableHeader; - VARIABLE_GLOBAL *VariableGlobal; - UINT32 Instance; + VARIABLE_POINTER_TRACK Variable; + UINTN VarNameSize; + EFI_STATUS Status; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + VARIABLE_GLOBAL *VariableGlobal; + UINT32 Instance; if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) { return EFI_INVALID_PARAMETER; @@ -2607,7 +2607,7 @@ EsalSetVariable ( // For variable for hardware error record, the size of the VariableName, including the Unicode Null // in bytes plus the DataSize is limited to maximum size of PcdGet32(PcdMaxHardwareErrorVariableSize) bytes. // - if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER)) { + if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxHardwareErrorVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER)) { return EFI_INVALID_PARAMETER; } // @@ -2623,7 +2623,7 @@ EsalSetVariable ( // For variable not for hardware error record, the size of the VariableName, including the // Unicode Null in bytes plus the DataSize is limited to maximum size of PcdGet32(PcdMaxVariableSize) bytes. // - if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxVariableSize) - sizeof (VARIABLE_HEADER)) { + if (StrSize (VariableName) + PayloadSize > PcdGet32(PcdMaxVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER)) { return EFI_INVALID_PARAMETER; } } @@ -2746,17 +2746,17 @@ EsalQueryVariableInfo ( IN ESAL_VARIABLE_GLOBAL *Global ) { - EFI_PHYSICAL_ADDRESS Variable; - EFI_PHYSICAL_ADDRESS NextVariable; - UINT64 VariableSize; - EFI_PHYSICAL_ADDRESS VariableStoreHeaderAddress; - BOOLEAN Volatile; - VARIABLE_STORE_HEADER VarStoreHeader; - VARIABLE_HEADER VariableHeader; - UINT64 CommonVariableTotalSize; - UINT64 HwErrVariableTotalSize; - VARIABLE_GLOBAL *VariableGlobal; - UINT32 Instance; + EFI_PHYSICAL_ADDRESS Variable; + EFI_PHYSICAL_ADDRESS NextVariable; + UINT64 VariableSize; + EFI_PHYSICAL_ADDRESS VariableStoreHeaderAddress; + BOOLEAN Volatile; + VARIABLE_STORE_HEADER VarStoreHeader; + AUTHENTICATED_VARIABLE_HEADER VariableHeader; + UINT64 CommonVariableTotalSize; + UINT64 HwErrVariableTotalSize; + VARIABLE_GLOBAL *VariableGlobal; + UINT32 Instance; CommonVariableTotalSize = 0; HwErrVariableTotalSize = 0; @@ -2818,7 +2818,7 @@ EsalQueryVariableInfo ( // if ((Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { *MaximumVariableStorageSize = PcdGet32(PcdHwErrStorageSize); - *MaximumVariableSize = PcdGet32(PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER); + *MaximumVariableSize = PcdGet32(PcdMaxHardwareErrorVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER); } else { if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { ASSERT (PcdGet32(PcdHwErrStorageSize) < VarStoreHeader.Size); @@ -2828,7 +2828,7 @@ EsalQueryVariableInfo ( // // Let *MaximumVariableSize be PcdGet32(PcdMaxVariableSize) with the exception of the variable header size. // - *MaximumVariableSize = PcdGet32(PcdMaxVariableSize) - sizeof (VARIABLE_HEADER); + *MaximumVariableSize = PcdGet32(PcdMaxVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER); } // @@ -2882,10 +2882,10 @@ EsalQueryVariableInfo ( *RemainingVariableStorageSize = *MaximumVariableStorageSize - CommonVariableTotalSize; } - if (*RemainingVariableStorageSize < sizeof (VARIABLE_HEADER)) { + if (*RemainingVariableStorageSize < sizeof (AUTHENTICATED_VARIABLE_HEADER)) { *MaximumVariableSize = 0; - } else if ((*RemainingVariableStorageSize - sizeof (VARIABLE_HEADER)) < *MaximumVariableSize) { - *MaximumVariableSize = *RemainingVariableStorageSize - sizeof (VARIABLE_HEADER); + } else if ((*RemainingVariableStorageSize - sizeof (AUTHENTICATED_VARIABLE_HEADER)) < *MaximumVariableSize) { + *MaximumVariableSize = *RemainingVariableStorageSize - sizeof (AUTHENTICATED_VARIABLE_HEADER); } ReleaseLockOnlyAtBootTime (&VariableGlobal->VariableServicesLock); @@ -2955,7 +2955,7 @@ FlushHob2Nv ( EFI_STATUS Status; VOID *GuidHob; VARIABLE_STORE_HEADER *VariableStoreHeader; - VARIABLE_HEADER *VariableHeader; + AUTHENTICATED_VARIABLE_HEADER *VariableHeader; // // Get HOB variable store. // @@ -2970,11 +2970,11 @@ FlushHob2Nv ( // // Flush the HOB variable to NV Variable storage. // - for ( VariableHeader = (VARIABLE_HEADER *) HEADER_ALIGN (VariableStoreHeader + 1) - ; (VariableHeader < (VARIABLE_HEADER *) HEADER_ALIGN ((UINTN) VariableStoreHeader + VariableStoreHeader->Size) + for ( VariableHeader = (AUTHENTICATED_VARIABLE_HEADER *) HEADER_ALIGN (VariableStoreHeader + 1) + ; (VariableHeader < (AUTHENTICATED_VARIABLE_HEADER *) HEADER_ALIGN ((UINTN) VariableStoreHeader + VariableStoreHeader->Size) && (VariableHeader->StartId == VARIABLE_DATA)) - ; VariableHeader = (VARIABLE_HEADER *) HEADER_ALIGN ((UINTN) (VariableHeader + 1) + ; VariableHeader = (AUTHENTICATED_VARIABLE_HEADER *) HEADER_ALIGN ((UINTN) (VariableHeader + 1) + VariableHeader->NameSize + GET_PAD_SIZE (VariableHeader->NameSize) + VariableHeader->DataSize + GET_PAD_SIZE (VariableHeader->DataSize) ) @@ -3198,7 +3198,7 @@ VariableCommonInitialize ( Instance ); VariableSize = NextVariable - Variable; - if ((((VARIABLE_HEADER *)Variable)->Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { + if ((((AUTHENTICATED_VARIABLE_HEADER *)Variable)->Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { mVariableModuleGlobal->HwErrVariableTotalSize += VariableSize; } else { mVariableModuleGlobal->CommonVariableTotalSize += VariableSize; diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h index 5e6690e..b32ef74 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/Variable.h @@ -1,7 +1,7 @@ /** @file Internal header file for Extended SAL variable service module. -Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -66,7 +66,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. /// The maximum size of the public key database, restricted by maximum individal EFI /// varible size, and excluding the variable header and name size. /// -#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE) +#define MAX_KEYDB_SIZE (FixedPcdGet32 (PcdMaxVariableSize) - sizeof (AUTHENTICATED_VARIABLE_HEADER) - AUTHVAR_KEYDB_NAME_SIZE) #define MAX_KEY_NUM (MAX_KEYDB_SIZE / EFI_CERT_TYPE_RSA2048_SIZE) /// @@ -432,7 +432,7 @@ GetVariableDataPtr ( **/ UINTN DataSizeOfVariable ( - IN VARIABLE_HEADER *Variable + IN AUTHENTICATED_VARIABLE_HEADER *Variable ); /** @@ -479,7 +479,7 @@ UpdateVariable ( FALSE - Variable is non-volatile. @param[in] Global Pointer to VARAIBLE_GLOBAL structure. @param[in] Instance Instance of FV Block services. - @param[out] VariableHeader Pointer to VARIABLE_HEADER for output. + @param[out] VariableHeader Pointer to AUTHENTICATED_VARIABLE_HEADER for output. @retval TRUE Variable header is valid. @retval FALSE Variable header is not valid. @@ -487,11 +487,11 @@ UpdateVariable ( **/ BOOLEAN IsValidVariableHeader ( - IN EFI_PHYSICAL_ADDRESS VariableAddress, - IN BOOLEAN Volatile, - IN VARIABLE_GLOBAL *Global, - IN UINTN Instance, - OUT VARIABLE_HEADER *VariableHeader OPTIONAL + IN EFI_PHYSICAL_ADDRESS VariableAddress, + IN BOOLEAN Volatile, + IN VARIABLE_GLOBAL *Global, + IN UINTN Instance, + OUT AUTHENTICATED_VARIABLE_HEADER *VariableHeader OPTIONAL ); /** -- 1.9.5.msysgit.0 ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
