From nobody Tue Feb 10 01:31:06 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+78506+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+78506+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1627901231; cv=none; d=zohomail.com; s=zohoarc; b=CjboKHhCSfikA4jCrb/d19mN1ny9gPYnKVwQ/vJLIj9sun+QOORpYNm5LKG9fBGZ4wRl70c3Hdc8j5CuRoqM3Ujg4EJ56GE14czgmyp0/HlSt7NTjxihcoJV2pmO+bYmWwc69KiQg3Q1B4X4sfxs0QJWVB2YcaO5+pYmyMrIxJk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1627901231; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ro4DuBuwJ0JmRg1gkE/e7XtLSfJCD4tFVkKLf7GO3l4=; b=ikN1c6TEQfJx0ZfcSxTsj7x0pLgN3NZgWnvxPA8b7vb5JIJ3405RiLE2Zw9bfW9phKPSHRPOVhhiv3LdtmO6gdYYYdoQ/ibJFLZexazGFfsZ6TAIKvuiMyFsYbO7AyazXFbPb6dhHKPIAjsshYIivRz8VQw+80Fnqr1y9m6ScDc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+78506+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1627901231909665.2553587875872; Mon, 2 Aug 2021 03:47:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4KtRYY1788612x6hpYWhrn2A; Mon, 02 Aug 2021 03:47:11 -0700 X-Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46]) by mx.groups.io with SMTP id smtpd.web10.18275.1627901230255932210 for ; Mon, 02 Aug 2021 03:47:10 -0700 X-Received: by mail-lf1-f46.google.com with SMTP id m13so32862904lfg.13 for ; Mon, 02 Aug 2021 03:47:10 -0700 (PDT) X-Gm-Message-State: 0WBIx0V7SO1CTa4maZ220NfGx1787277AA= X-Google-Smtp-Source: ABdhPJxTP/SwZiqDCqBd4XFF6qrwS4kG9cnIFbzlyXVAdQAfPFwwZXI/gNIH3HML4tdsmq2CwoTI6w== X-Received: by 2002:a19:5e4c:: with SMTP id z12mr12383247lfi.275.1627901228361; Mon, 02 Aug 2021 03:47:08 -0700 (PDT) X-Received: from gilgamesh.lab.semihalf.net ([83.142.187.85]) by smtp.gmail.com with ESMTPSA id t27sm570174lfl.302.2021.08.02.03.47.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Aug 2021 03:47:08 -0700 (PDT) From: "Grzegorz Bernacki" To: devel@edk2.groups.io Cc: leif@nuviainc.com, ardb+tianocore@kernel.org, Samer.El-Haj-Mahmoud@arm.com, sunny.Wang@arm.com, mw@semihalf.com, upstream@semihalf.com, jiewen.yao@intel.com, jian.j.wang@intel.com, min.m.xu@intel.com, lersek@redhat.com, sami.mujawar@arm.com, afish@apple.com, ray.ni@intel.com, jordan.l.justen@intel.com, rebecca@bsdio.com, grehan@freebsd.org, thomas.abraham@arm.com, chasel.chiu@intel.com, nathaniel.l.desimone@intel.com, gaoliming@byosoft.com.cn, eric.dong@intel.com, michael.d.kinney@intel.com, zailiang.sun@intel.com, yi.qian@intel.com, graeme@nuviainc.com, rad@semihalf.com, pete@akeo.ie, Grzegorz Bernacki , Jiewen Yao , Sunny Wang Subject: [edk2-devel] [PATCH v8 06/11] SecurityPkg: Remove duplicated functions from SecureBootConfigDxe. Date: Mon, 2 Aug 2021 12:46:28 +0200 Message-Id: <20210802104633.2833333-7-gjb@semihalf.com> In-Reply-To: <20210802104633.2833333-1-gjb@semihalf.com> References: <20210802104633.2833333-1-gjb@semihalf.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gjb@semihalf.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1627901231; bh=HCaMuCN4OgHAj1jjjvXVpaac4heYB+SZbdPCeaLzvrQ=; h=Cc:Date:From:Reply-To:Subject:To; b=ijsBY7yENDkoyMoa/GAx82AQkCPRDoCKs7UXkYlE7JZXWaq/n9MZAoMOBL7zV5v+vE9 8rY/35vIeUbE2IzuIiAPAeuvMeOdBs1iF9vV9VJeFeEpgta5ud7oq4ml4CNqc1mH7onU4 4+rNG9USaxUoKX6hwbABKzXTcvctrguTKus= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1627901232965100003 Content-Type: text/plain; charset="utf-8" This commit removes functions which were added to SecureBootVariableLib. It also adds dependecy on that library. Signed-off-by: Grzegorz Bernacki Reviewed-by: Jiewen Yao eviewed-by: Sunny Wang --- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.= inf | 2 + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl= .c | 190 +------------------- 2 files changed, 4 insertions(+), 188 deletions(-) diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Sec= ureBootConfigDxe.inf index 573efa6379..14c7311b08 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gDxe.inf +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gDxe.inf @@ -54,6 +54,8 @@ DevicePathLib FileExplorerLib PeCoffLib + SecureBootVariableLib + SecureBootVariableProvisionLib =20 [Guids] ## SOMETIMES_CONSUMES ## Variable:L"CustomMode" diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo= otConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/Secu= reBootConfigImpl.c index e82bfe7757..f527aa32e6 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gImpl.c @@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include "SecureBootConfigImpl.h" #include +#include +#include =20 CHAR16 mSecureBootStorageName[] =3D L"SECUREBOOT_CONFIGURATIO= N"; =20 @@ -237,168 +239,6 @@ SaveSecureBootVariable ( return Status; } =20 -/** - Create a time based data payload by concatenating the EFI_VARIABLE_AUTHE= NTICATION_2 - descriptor with the input data. NO authentication is required in this fu= nction. - - @param[in, out] DataSize On input, the size of Data buffer in by= tes. - On output, the size of data returned in= Data - buffer in bytes. - @param[in, out] Data On input, Pointer to data buffer to be = wrapped or - pointer to NULL to wrap an empty payloa= d. - On output, Pointer to the new payload d= ate buffer allocated from pool, - it's caller's responsibility to free th= e memory when finish using it. - - @retval EFI_SUCCESS Create time based payload successfully. - @retval EFI_OUT_OF_RESOURCES There are not enough memory resources t= o create time based payload. - @retval EFI_INVALID_PARAMETER The parameter is invalid. - @retval Others Unexpected error happens. - -**/ -EFI_STATUS -CreateTimeBasedPayload ( - IN OUT UINTN *DataSize, - IN OUT UINT8 **Data - ) -{ - EFI_STATUS Status; - UINT8 *NewData; - UINT8 *Payload; - UINTN PayloadSize; - EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; - UINTN DescriptorSize; - EFI_TIME Time; - - if (Data =3D=3D NULL || DataSize =3D=3D NULL) { - return EFI_INVALID_PARAMETER; - } - - // - // In Setup mode or Custom mode, the variable does not need to be signed= but the - // parameters to the SetVariable() call still need to be prepared as aut= henticated - // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor withou= t certificate - // data in it. - // - Payload =3D *Data; - PayloadSize =3D *DataSize; - - DescriptorSize =3D OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo= ) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); - NewData =3D (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize); - if (NewData =3D=3D NULL) { - return EFI_OUT_OF_RESOURCES; - } - - if ((Payload !=3D NULL) && (PayloadSize !=3D 0)) { - CopyMem (NewData + DescriptorSize, Payload, PayloadSize); - } - - DescriptorData =3D (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData); - - ZeroMem (&Time, sizeof (EFI_TIME)); - Status =3D gRT->GetTime (&Time, NULL); - if (EFI_ERROR (Status)) { - FreePool(NewData); - return Status; - } - Time.Pad1 =3D 0; - Time.Nanosecond =3D 0; - Time.TimeZone =3D 0; - Time.Daylight =3D 0; - Time.Pad2 =3D 0; - CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME)); - - DescriptorData->AuthInfo.Hdr.dwLength =3D OFFSET_OF (WIN_CERTIFI= CATE_UEFI_GUID, CertData); - DescriptorData->AuthInfo.Hdr.wRevision =3D 0x0200; - DescriptorData->AuthInfo.Hdr.wCertificateType =3D WIN_CERT_TYPE_EFI_GUID; - CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid); - - if (Payload !=3D NULL) { - FreePool(Payload); - } - - *DataSize =3D DescriptorSize + PayloadSize; - *Data =3D NewData; - return EFI_SUCCESS; -} - -/** - Internal helper function to delete a Variable given its name and GUID, N= O authentication - required. - - @param[in] VariableName Name of the Variable. - @param[in] VendorGuid GUID of the Variable. - - @retval EFI_SUCCESS Variable deleted successfully. - @retval Others The driver failed to start the device. - -**/ -EFI_STATUS -DeleteVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid - ) -{ - EFI_STATUS Status; - VOID* Variable; - UINT8 *Data; - UINTN DataSize; - UINT32 Attr; - - GetVariable2 (VariableName, VendorGuid, &Variable, NULL); - if (Variable =3D=3D NULL) { - return EFI_SUCCESS; - } - FreePool (Variable); - - Data =3D NULL; - DataSize =3D 0; - Attr =3D EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | E= FI_VARIABLE_BOOTSERVICE_ACCESS - | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; - - Status =3D CreateTimeBasedPayload (&DataSize, &Data); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Sta= tus)); - return Status; - } - - Status =3D gRT->SetVariable ( - VariableName, - VendorGuid, - Attr, - DataSize, - Data - ); - if (Data !=3D NULL) { - FreePool (Data); - } - return Status; -} - -/** - - Set the platform secure boot mode into "Custom" or "Standard" mode. - - @param[in] SecureBootMode New secure boot mode: STANDARD_SECURE= _BOOT_MODE or - CUSTOM_SECURE_BOOT_MODE. - - @return EFI_SUCCESS The platform has switched to the spec= ial mode successfully. - @return other Fail to operate the secure boot mode. - -**/ -EFI_STATUS -SetSecureBootMode ( - IN UINT8 SecureBootMode - ) -{ - return gRT->SetVariable ( - EFI_CUSTOM_MODE_NAME, - &gEfiCustomModeEnableGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCES= S, - sizeof (UINT8), - &SecureBootMode - ); -} - /** This code checks if the encode type and key strength of X.509 certificate is qualified. @@ -646,32 +486,6 @@ ON_EXIT: return Status; } =20 -/** - Remove the PK variable. - - @retval EFI_SUCCESS Delete PK successfully. - @retval Others Could not allow to delete PK. - -**/ -EFI_STATUS -DeletePlatformKey ( - VOID -) -{ - EFI_STATUS Status; - - Status =3D SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); - if (EFI_ERROR (Status)) { - return Status; - } - - Status =3D DeleteVariable ( - EFI_PLATFORM_KEY_NAME, - &gEfiGlobalVariableGuid - ); - return Status; -} - /** Enroll a new KEK item from public key storing file (*.pbk). =20 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#78506): https://edk2.groups.io/g/devel/message/78506 Mute This Topic: https://groups.io/mt/84608360/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-