From nobody Mon Feb 9 12:24:33 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90492+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90492+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1655152799; cv=none; d=zohomail.com; s=zohoarc; b=Q7V5R+FUtYin2zurambayrMnooBHHkcM8MBE8zJ9qFDwd92NczoD12LUti9BoVSgjq4ebaKtv+ZKakhEI+lF+B6bmgNyXowZYyMOA4rNBSyseHhYIk07y32iW+BpIzrE44Z1NlzZRNLxxrFUy2dgrTyMMTy9FfIOq9INKbciqRI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1655152799; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=j+Ch4U7MY4NOwdrV8ZuBiOEe9oQiQaW9ziKRTaGzT0U=; b=av7Qn+UsOM7J0iyBYgSO36wxPkaeShKWzRpxig++dGK7D85RGQkifs0gB/Di0gn9cSXDWLdw0tU6ihz7rINgAdp3A5o608HqqCJOwT5O7miYiSY/dy2LwW2tyTKGvqBhgK+cjPb8jimiVEmyc3RaiM5K+VAOpKnvQ08X4ZhHYuI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90492+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1655152799369918.3691978426785; Mon, 13 Jun 2022 13:39:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id euTzYY1788612xABqEisX01w; Mon, 13 Jun 2022 13:39:59 -0700 X-Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.11123.1655152798384609351 for ; Mon, 13 Jun 2022 13:39:58 -0700 X-Received: by mail-pf1-f174.google.com with SMTP id e11so6758224pfj.5 for ; Mon, 13 Jun 2022 13:39:58 -0700 (PDT) X-Gm-Message-State: ReZW9ZUVZc6U488Jx8cfNQOZx1787277AA= X-Google-Smtp-Source: ABdhPJz2RR9mlqZwyXobDviJLlJ0l7m3eKc3ACGwqdBnJmKh7XYzIfuwh+3V2bYatLGnrJRfyVk/bA== X-Received: by 2002:a63:84c3:0:b0:3fc:8c46:2447 with SMTP id k186-20020a6384c3000000b003fc8c462447mr1203504pgd.285.1655152797841; Mon, 13 Jun 2022 13:39:57 -0700 (PDT) X-Received: from localhost.localdomain ([50.35.66.9]) by smtp.gmail.com with ESMTPSA id g14-20020a17090a578e00b001ea90dada74sm5603239pji.12.2022.06.13.13.39.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Jun 2022 13:39:56 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu Subject: [edk2-devel] [PATCH v2 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Date: Mon, 13 Jun 2022 13:39:32 -0700 Message-Id: <20220613203943.704-2-kuqin12@gmail.com> In-Reply-To: <20220613203943.704-1-kuqin12@gmail.com> References: <20220613203943.704-1-kuqin12@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kuqin12@gmail.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1655152799; bh=FjntRvlRANaYvnprDQEdZ8FjvCI55P6bs4P6s+GUhbU=; h=Cc:Date:From:Reply-To:Subject:To; b=OvBWdqRct2aa81LZ1orQfZcCPfWEonKh8T3btZhyy9r9jQChB8qtcLBEQa+j2KRTzdK 5r/6mBnbXl1Aw1uwQyMypP4v5vOazK1eUv71xzQPTkYrnHO2tfdnxZGWAOpp3aQHNtrAt I36oyJ0vj+rI/AkH0rMgcSQjXY9P4FrWPkI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1655152800592100007 Content-Type: text/plain; charset="utf-8" From: Kun Qin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910 This change added certificate and payload structures that can be consumed by SecureBootVariableLib and other Secure Boot related operations. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin --- SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/Uef= iSecureBoot.h new file mode 100644 index 000000000000..642fef38f3a1 --- /dev/null +++ b/SecurityPkg/Include/UefiSecureBoot.h @@ -0,0 +1,94 @@ +/** @file + Provides a Secure Boot related data structure definitions. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef UEFI_SECURE_BOOT_H_ +#define UEFI_SECURE_BOOT_H_ + +#pragma pack (push, 1) + +/* + Data structure to provide certificates to setup authenticated secure + boot variables ('db', 'dbx', 'dbt', 'pk', etc.). + +*/ +typedef struct { + // + // The size, in number of bytes, of supplied certificate in 'Data' field. + // + UINTN DataSize; + // + // The pointer to the certificates in DER-encoded format. + // Note: This certificate data should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *Data; +} SECURE_BOOT_CERTIFICATE_INFO; + +/* + Data structure to provide all Secure Boot related certificates. + +*/ +typedef struct { + // + // The human readable name for this set of Secure Boot key sets. + // + CONST CHAR16 *SecureBootKeyName; + // + // The size, in number of bytes, of supplied certificate in 'DbPtr' fiel= d. + // + UINTN DbSize; + // + // The pointer to the DB certificates in signature list format. + // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHEN= TICATION_2 + // for authenticated variables. + // + CONST VOID *DbPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbxPtr' fie= ld. + // + UINTN DbxSize; + // + // The pointer to the DBX certificates in signature list format. + // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *DbxPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbtPtr' fie= ld. + // + UINTN DbtSize; + // + // The pointer to the DBT certificates in signature list format. + // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *DbtPtr; + // + // The size, in number of bytes, of supplied certificate in 'KekPtr' fie= ld. + // + UINTN KekSize; + // + // The pointer to the KEK certificates in signature list format. + // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *KekPtr; + // + // The size, in number of bytes, of supplied certificate in 'PkPtr' fiel= d. + // + UINTN PkSize; + // + // The pointer to the PK certificates in signature list format. + // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHEN= TICATION_2 + // for authenticated variables. + // + CONST VOID *PkPtr; +} SECURE_BOOT_PAYLOAD_INFO; +#pragma pack (pop) + +#endif // UEFI_SECURE_BOOT_H_ --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90492): https://edk2.groups.io/g/devel/message/90492 Mute This Topic: https://groups.io/mt/91735869/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-