From nobody Tue Feb 10 12:40:08 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+89508+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89508+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1651687493; cv=none; d=zohomail.com; s=zohoarc; b=LQCuayOcirfgb6ognbXXYamoVA0PWSWGY5kbm2XfHgrO4o3cGsRH+td12NdvnE5VotSEIAIB+YAiVtMY6A8xdonVxlgn/x8BXFYcz/nr8UfDEFX6CiEs8Z6j0swUlSqr9AD+8YNCS5DIebke9itg9AItWjdeuFykt0nMMIqwoks= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1651687493; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Wnp7hMnSCkxxEcmVv3ndJLcM4Ps/mQ2HDycn48pI7Ao=; b=ncoc7JsgI56GKCHhh51H9A6+NnhHCqEqp5zGADUU9PEYlbjsLoOcsNvdynK7r3NnTyb9g7DTfTvsk8REA93LstFk5k533kF1jiBLrzl5HgK+iLnpCTm5mF4Kjw0mX8t9MVuTwImQmBP5WNSsUH0RK2In9UAA+u1UCn1RNv70dHM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+89508+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1651687493806288.7295511745323; Wed, 4 May 2022 11:04:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id sQL5YY1788612xlddLVWYe48; Wed, 04 May 2022 11:04:53 -0700 X-Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web08.731.1651687492325690492 for ; Wed, 04 May 2022 11:04:52 -0700 X-Received: by mail-pj1-f45.google.com with SMTP id w5-20020a17090aaf8500b001d74c754128so5890219pjq.0 for ; Wed, 04 May 2022 11:04:52 -0700 (PDT) X-Gm-Message-State: 7TiOFBVGZWl93Qjk46rFdvgix1787277AA= X-Google-Smtp-Source: ABdhPJwUYca0jWaur1HdhwdA7WJz6aIodLJaI8q2d0WsHzVabEXKIKZDtK6FNFXlymdaFfRuDWoj4A== X-Received: by 2002:a17:902:7586:b0:15e:c2fe:bad0 with SMTP id j6-20020a170902758600b0015ec2febad0mr5085649pll.72.1651687491368; Wed, 04 May 2022 11:04:51 -0700 (PDT) X-Received: from localhost.localdomain ([50.47.82.110]) by smtp.gmail.com with ESMTPSA id n5-20020aa79045000000b0050dc7628143sm8496347pfo.29.2022.05.04.11.04.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 May 2022 11:04:51 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu Subject: [edk2-devel] [PATCH v1 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Date: Wed, 4 May 2022 11:04:27 -0700 Message-Id: <20220504180438.1321-2-kuqin12@gmail.com> In-Reply-To: <20220504180438.1321-1-kuqin12@gmail.com> References: <20220504180438.1321-1-kuqin12@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kuqin12@gmail.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1651687493; bh=DU9QJcshMlsPKxcbA0xPDdRRHzAkIGAwDm4nOlC6HCM=; h=Cc:Date:From:Reply-To:Subject:To; b=qz5tcFy6oesx3Qj73c0c4luZFcrdBsteR6o1hW4x0y0SiQGIgdSsvd6pBSiTBnp3sVK lJkIS0KrdfkJr9M/HZ3MUNcVcssBz+TlxipES0hayXjPhdIaSUsnb5obTqp6dzyf2Y7rP zfi0xGQyr92KR/jrBsDpGQAjZBrjrS4RJUs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1651687495749100009 Content-Type: text/plain; charset="utf-8" From: Kun Qin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910 This change added certificate and payload structures that can be consumed by SecureBootVariableLib and other Secure Boot related operations. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin --- SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/Uef= iSecureBoot.h new file mode 100644 index 000000000000..642fef38f3a1 --- /dev/null +++ b/SecurityPkg/Include/UefiSecureBoot.h @@ -0,0 +1,94 @@ +/** @file + Provides a Secure Boot related data structure definitions. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef UEFI_SECURE_BOOT_H_ +#define UEFI_SECURE_BOOT_H_ + +#pragma pack (push, 1) + +/* + Data structure to provide certificates to setup authenticated secure + boot variables ('db', 'dbx', 'dbt', 'pk', etc.). + +*/ +typedef struct { + // + // The size, in number of bytes, of supplied certificate in 'Data' field. + // + UINTN DataSize; + // + // The pointer to the certificates in DER-encoded format. + // Note: This certificate data should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *Data; +} SECURE_BOOT_CERTIFICATE_INFO; + +/* + Data structure to provide all Secure Boot related certificates. + +*/ +typedef struct { + // + // The human readable name for this set of Secure Boot key sets. + // + CONST CHAR16 *SecureBootKeyName; + // + // The size, in number of bytes, of supplied certificate in 'DbPtr' fiel= d. + // + UINTN DbSize; + // + // The pointer to the DB certificates in signature list format. + // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHEN= TICATION_2 + // for authenticated variables. + // + CONST VOID *DbPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbxPtr' fie= ld. + // + UINTN DbxSize; + // + // The pointer to the DBX certificates in signature list format. + // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *DbxPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbtPtr' fie= ld. + // + UINTN DbtSize; + // + // The pointer to the DBT certificates in signature list format. + // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *DbtPtr; + // + // The size, in number of bytes, of supplied certificate in 'KekPtr' fie= ld. + // + UINTN KekSize; + // + // The pointer to the KEK certificates in signature list format. + // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *KekPtr; + // + // The size, in number of bytes, of supplied certificate in 'PkPtr' fiel= d. + // + UINTN PkSize; + // + // The pointer to the PK certificates in signature list format. + // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHEN= TICATION_2 + // for authenticated variables. + // + CONST VOID *PkPtr; +} SECURE_BOOT_PAYLOAD_INFO; +#pragma pack (pop) + +#endif // UEFI_SECURE_BOOT_H_ --=20 2.34.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89508): https://edk2.groups.io/g/devel/message/89508 Mute This Topic: https://groups.io/mt/90893929/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-