summaryrefslogtreecommitdiff
path: root/SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
AgeCommit message (Collapse)AuthorFilesLines
2025-04-17SecurityPkg: SecureBootVariableLib: Prevent Invalid DBXDoug Flick1-1/+31
This commit adds the ability to skip the setting the Dbx variable if the Default being provided is less than the size of the EFI_SIGNATURE_LIST structure. This is to prevent the setting of an invalid DBX which would cause the system to fail to boot. Additionally, this can be used to signal that setting the DBX should leave DBX undefined for Platforms that want to let the OS be the sole servicer of the DBX. Breakdown of the math is as follows: 1. **`sizeof(EFI_SIGNATURE_LIST)`**: - This is the size of the `EFI_SIGNATURE_LIST` structure itself, which includes: - `EFI_GUID SignatureType` (16 bytes) - `UINT32 SignatureListSize` (4 bytes) - `UINT32 SignatureHeaderSize` (4 bytes) - `UINT32 SignatureSize` (4 bytes) - Total: `16 + 4 + 4 + 4 = 28 bytes` 2. **`SignatureHeaderSize`**: - This is the size of the optional signature header. If no header is provided, this value is `0`. 3. **`SignatureSize`**: - This is the size of each `EFI_SIGNATURE_DATA` entry. For an empty list, this value is `0`. The total size of an empty `EFI_SIGNATURE_LIST` is: ```c sizeof(EFI_SIGNATURE_LIST) + SignatureHeaderSize ``` 1. **No Signature Header**: - If `SignatureHeaderSize = 0`, the size is: ```c 28 + 0 = 28 bytes ``` 2. **With a Signature Header**: - If `SignatureHeaderSize = 16` (example size for a header), the size is: ```c 28 + 16 = 44 bytes ``` - **Minimum Size**: `28 bytes` (if `SignatureHeaderSize = 0`). - **Additional Size**: Add the value of `SignatureHeaderSize` if a header is included. Signed-off-by: Doug Flick <dougflick@microsoft.com>
2023-04-10SecurityPkg: Update code to be more C11 compliant by using __func__Rebecca Cran1-19/+19
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among others support, while __func__ was standardized in C99. Since it's more standard, replace __FUNCTION__ with __func__ throughout SecurityPkg. Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2022-07-07SecurityPkg: SecureBootVariableLib: Added newly supported interfaceskuqin1-0/+365
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911 This change updated the interfaces provided by SecureBootVariableLib. The new additions provided interfaces to enroll single authenticated variable from input, a helper function to query secure boot status, enroll all secure boot variables from UefiSecureBoot.h defined data structures, a as well as a routine that deletes all secure boot related variables. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
2022-07-07SecurityPkg: SecureBootVariableLib: Updated signature list creatorkuqin1-31/+38
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910 This change removes the interface of SecureBootFetchData, and replaced it with `SecureBootCreateDataFromInput`, which will require caller to prepare available certificates in defined structures. This improvement will eliminate the dependency of reading from FV, extending the availability of this library instance. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
2022-07-07SecurityPkg: SecureBootVariableLib: Updated time based payload creatorKun Qin1-21/+32
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3909 This change updated the interface of 'CreateTimeBasedPayload' by requiring the caller to provide a timestamp, instead of relying on time protocol to be ready during runtime. It intends to extend the library availability during boot environment. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Min Xu <min.m.xu@intel.com> Signed-off-by: Kun Qin <kun.qin@microsoft.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
2021-12-07SecurityPkg: Apply uncrustify changesMichael Kubacki1-78/+83
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the SecurityPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2021-08-03SecurityPkg: Create SecureBootVariableLib.Grzegorz Bernacki1-0/+510
This commits add library, which consist helper functions related to creation/removal Secure Boot variables. Some of the functions was moved from SecureBootConfigImpl.c file. Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com> Reviewed-by: Sunny Wang <sunny.wang@arm.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
generated by cgit v1.2.3 (git 2.39.0) at 2025-09-13 09:09:25 +0300