From nobody Tue Feb 10 12:57:59 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+90949+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90949+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1656633238; cv=none; d=zohomail.com; s=zohoarc; b=TK0wZ3PVGO1xraIzQTMgP6XAUjbMk9lt1/nFUgSzvqDrEEuk2QdKPxPl9zQ0pGa8meISyOLQQI7wo1tPU+iFnusAz9pthhsFI3Tm/TgdXSixqk8ZRwR8F7xO/PokGetTY+dQmZ3uOzfvG2IYtG0dLuafgEg7ifnORUiaGrV3cGU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1656633238; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=74I9vdU+w7SdG/OuUg40U+6L/kJ/IRLJASFBh12VnF0=; b=l03MUef+mEhopZ6gGzeAvgLXdPv5BgHaWiSXDCQ1wFB/SE6SvAP9fctw6lxxmAeIR4lBBfmdh2/MdTJqYAoi+XqRahHpBTbhxdeTOvbLs1VACc8+o/pHIA2LT05KexyrZZHHBuyv3Nrxs4mtR9K6FpvzJlP/138HBYkfMbzfDZQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+90949+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1656633238835231.30161151365223; Thu, 30 Jun 2022 16:53:58 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id nT37YY1788612xcsBteEdT6x; Thu, 30 Jun 2022 16:53:58 -0700 X-Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web10.32233.1656633237943064739 for ; Thu, 30 Jun 2022 16:53:58 -0700 X-Received: by mail-pl1-f175.google.com with SMTP id n10so832829plp.0 for ; Thu, 30 Jun 2022 16:53:57 -0700 (PDT) X-Gm-Message-State: jivHerPeEif7GNT528iWYBe8x1787277AA= X-Google-Smtp-Source: AGRyM1uYYwYOWhUZuIHQWwvTzjG7MWFSkkL9MnvnFdjQf8ejXHMERLZcu+UT5quGUWQSyw6ORqsrhg== X-Received: by 2002:a17:90a:d18a:b0:1ed:4f08:e6a1 with SMTP id fu10-20020a17090ad18a00b001ed4f08e6a1mr13312722pjb.28.1656633237222; Thu, 30 Jun 2022 16:53:57 -0700 (PDT) X-Received: from MININT-0U7P5GU.redmond.corp.microsoft.com ([2001:4898:80e8:7:19ac:d515:5a95:7969]) by smtp.gmail.com with ESMTPSA id x199-20020a627cd0000000b00525243d0dc6sm14679202pfc.15.2022.06.30.16.53.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Jun 2022 16:53:57 -0700 (PDT) From: "Kun Qin" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Min Xu , Jiewen Yao , Michael Kubacki Subject: [edk2-devel] [PATCH v3 01/11] SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures Date: Thu, 30 Jun 2022 16:53:31 -0700 Message-Id: <20220630235341.1746-2-kuqin12@gmail.com> In-Reply-To: <20220630235341.1746-1-kuqin12@gmail.com> References: <20220630235341.1746-1-kuqin12@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kuqin12@gmail.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1656633238; bh=5U+nMoOuar6TYTwUE12Zfqy73HVqFRPaDspjlCsZl9I=; h=Cc:Date:From:Reply-To:Subject:To; b=qXCGH6Cj3dSuv12H/D9QgPouQw7XBtGTxQjZxhELKBNlc2c2s439pYN89SSyHaQs8T5 FQT0SphNklLgcxeUBLaA9c5sc++XApwK1aX3smmPeVK7pNsg7o89Tnr27Xt3Jlgthjx1h oaL86mxsIi2+XZhnqDhZeAXzPBpMNSs6iew= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1656633239478100001 Content-Type: text/plain; charset="utf-8" From: Kun Qin REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3910 This change added certificate and payload structures that can be consumed by SecureBootVariableLib and other Secure Boot related operations. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Signed-off-by: Kun Qin Reviewed-by: Jiewen Yao Acked-by: Michael Kubacki --- Notes: v3: - Added reviewed-by tag [Jiewen] - Added reviewed-by tag [Michael Kubacki] SecurityPkg/Include/UefiSecureBoot.h | 94 ++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/SecurityPkg/Include/UefiSecureBoot.h b/SecurityPkg/Include/Uef= iSecureBoot.h new file mode 100644 index 000000000000..642fef38f3a1 --- /dev/null +++ b/SecurityPkg/Include/UefiSecureBoot.h @@ -0,0 +1,94 @@ +/** @file + Provides a Secure Boot related data structure definitions. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef UEFI_SECURE_BOOT_H_ +#define UEFI_SECURE_BOOT_H_ + +#pragma pack (push, 1) + +/* + Data structure to provide certificates to setup authenticated secure + boot variables ('db', 'dbx', 'dbt', 'pk', etc.). + +*/ +typedef struct { + // + // The size, in number of bytes, of supplied certificate in 'Data' field. + // + UINTN DataSize; + // + // The pointer to the certificates in DER-encoded format. + // Note: This certificate data should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *Data; +} SECURE_BOOT_CERTIFICATE_INFO; + +/* + Data structure to provide all Secure Boot related certificates. + +*/ +typedef struct { + // + // The human readable name for this set of Secure Boot key sets. + // + CONST CHAR16 *SecureBootKeyName; + // + // The size, in number of bytes, of supplied certificate in 'DbPtr' fiel= d. + // + UINTN DbSize; + // + // The pointer to the DB certificates in signature list format. + // Note: This DB certificates should not contain the EFI_VARIABLE_AUTHEN= TICATION_2 + // for authenticated variables. + // + CONST VOID *DbPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbxPtr' fie= ld. + // + UINTN DbxSize; + // + // The pointer to the DBX certificates in signature list format. + // Note: This DBX certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *DbxPtr; + // + // The size, in number of bytes, of supplied certificate in 'DbtPtr' fie= ld. + // + UINTN DbtSize; + // + // The pointer to the DBT certificates in signature list format. + // Note: This DBT certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *DbtPtr; + // + // The size, in number of bytes, of supplied certificate in 'KekPtr' fie= ld. + // + UINTN KekSize; + // + // The pointer to the KEK certificates in signature list format. + // Note: This KEK certificates should not contain the EFI_VARIABLE_AUTHE= NTICATION_2 + // for authenticated variables. + // + CONST VOID *KekPtr; + // + // The size, in number of bytes, of supplied certificate in 'PkPtr' fiel= d. + // + UINTN PkSize; + // + // The pointer to the PK certificates in signature list format. + // Note: This PK certificates should not contain the EFI_VARIABLE_AUTHEN= TICATION_2 + // for authenticated variables. + // + CONST VOID *PkPtr; +} SECURE_BOOT_PAYLOAD_INFO; +#pragma pack (pop) + +#endif // UEFI_SECURE_BOOT_H_ --=20 2.36.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90949): https://edk2.groups.io/g/devel/message/90949 Mute This Topic: https://groups.io/mt/92098738/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-