diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/Http.h | 16 | ||||
| -rw-r--r-- | include/Ip4Config2.h | 11 | ||||
| -rw-r--r-- | include/Ip6Config.h | 11 | ||||
| -rw-r--r-- | include/PasswordCrypt.h | 27 | ||||
| -rw-r--r-- | include/PeImage.h | 6 | ||||
| -rw-r--r-- | include/configtable.h | 4 | ||||
| -rw-r--r-- | include/console.h | 56 | ||||
| -rw-r--r-- | include/crypt_blowfish.h | 23 | ||||
| -rw-r--r-- | include/efiauthenticated.h | 343 | ||||
| -rw-r--r-- | include/errors.h | 4 | ||||
| -rw-r--r-- | include/execute.h | 5 | ||||
| -rw-r--r-- | include/guid.h | 28 | ||||
| -rw-r--r-- | include/hexdump.h | 104 | ||||
| -rw-r--r-- | include/httpboot.h | 41 | ||||
| -rw-r--r-- | include/netboot.h | 10 | ||||
| -rw-r--r-- | include/replacements.h | 52 | ||||
| -rw-r--r-- | include/security_policy.h | 6 | ||||
| -rw-r--r-- | include/shell.h | 5 | ||||
| -rw-r--r-- | include/simple_file.h | 7 | ||||
| -rw-r--r-- | include/tpm.h | 191 | ||||
| -rw-r--r-- | include/ucs2.h | 139 | ||||
| -rw-r--r-- | include/variables.h | 6 | ||||
| -rw-r--r-- | include/version.h | 8 | ||||
| -rw-r--r-- | include/wincert.h | 6 |
24 files changed, 846 insertions, 263 deletions
diff --git a/include/Http.h b/include/Http.h index cd77703c..4b3746a7 100644 --- a/include/Http.h +++ b/include/Http.h @@ -19,18 +19,8 @@ **/ -#ifndef __EFI_HTTP_PROTOCOL_H__ -#define __EFI_HTTP_PROTOCOL_H__ - -#define EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID \ - { \ - 0xbdc8e6af, 0xd9bc, 0x4379, {0xa7, 0x2a, 0xe0, 0xc4, 0xe7, 0x5d, 0xae, 0x1c } \ - } - -#define EFI_HTTP_PROTOCOL_GUID \ - { \ - 0x7a59b29b, 0x910b, 0x4171, {0x82, 0x42, 0xa8, 0x5a, 0x0d, 0xf2, 0x5b, 0x5b } \ - } +#ifndef SHIM_HTTP_H +#define SHIM_HTTP_H typedef struct _EFI_HTTP_PROTOCOL EFI_HTTP_PROTOCOL; @@ -514,4 +504,4 @@ struct _EFI_HTTP_PROTOCOL { EFI_HTTP_POLL Poll; }; -#endif +#endif /* SHIM_HTTP_H */ diff --git a/include/Ip4Config2.h b/include/Ip4Config2.h index b4f1d844..efacaf83 100644 --- a/include/Ip4Config2.h +++ b/include/Ip4Config2.h @@ -15,16 +15,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. This Protocol is introduced in UEFI Specification 2.5 **/ -#ifndef __EFI_IP4CONFIG2_PROTOCOL_H__ -#define __EFI_IP4CONFIG2_PROTOCOL_H__ +#ifndef SHIM_IP4CONFIG2_H +#define SHIM_IP4CONFIG2_H #include <efiip.h> -#define EFI_IP4_CONFIG2_PROTOCOL_GUID \ - { \ - 0x5b446ed1, 0xe30b, 0x4faa, {0x87, 0x1a, 0x36, 0x54, 0xec, 0xa3, 0x60, 0x80 } \ - } - typedef struct _EFI_IP4_CONFIG2_PROTOCOL EFI_IP4_CONFIG2_PROTOCOL; @@ -312,4 +307,4 @@ struct _EFI_IP4_CONFIG2_PROTOCOL { EFI_IP4_CONFIG2_UNREGISTER_NOTIFY UnregisterDataNotify; }; -#endif +#endif /* SHIM_IP4CONFIG2_H */ diff --git a/include/Ip6Config.h b/include/Ip6Config.h index 003e50e3..f99ce013 100644 --- a/include/Ip6Config.h +++ b/include/Ip6Config.h @@ -12,16 +12,11 @@ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ -#ifndef __EFI_IP6CONFIG_PROTOCOL_H__ -#define __EFI_IP6CONFIG_PROTOCOL_H__ +#ifndef SHIM_IP6CONFIG_H +#define SHIM_IP6CONFIG_H #include <efiip.h> -#define EFI_IP6_CONFIG_PROTOCOL_GUID \ - { \ - 0x937fe521, 0x95ae, 0x4d1a, {0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ - } - typedef struct _EFI_IP6_CONFIG_PROTOCOL EFI_IP6_CONFIG_PROTOCOL; /// @@ -363,4 +358,4 @@ struct _EFI_IP6_CONFIG_PROTOCOL { EFI_IP6_CONFIG_UNREGISTER_NOTIFY UnregisterDataNotify; }; -#endif +#endif /* SHIM_IP6CONFIG_H */ diff --git a/include/PasswordCrypt.h b/include/PasswordCrypt.h new file mode 100644 index 00000000..cadad727 --- /dev/null +++ b/include/PasswordCrypt.h @@ -0,0 +1,27 @@ +#ifndef SHIM_PASSWORDCRYPT_H +#define SHIM_PASSWORDCRYPT_H + +enum HashMethod { + TRADITIONAL_DES = 0, + EXTEND_BSDI_DES, + MD5_BASED, + SHA256_BASED, + SHA512_BASED, + BLOWFISH_BASED +}; + +typedef struct { + UINT16 method; + UINT64 iter_count; + UINT16 salt_size; + UINT8 salt[32]; + UINT8 hash[128]; +} __attribute__ ((packed)) PASSWORD_CRYPT; + +#define PASSWORD_CRYPT_SIZE sizeof(PASSWORD_CRYPT) + +EFI_STATUS password_crypt (const char *password, UINT32 pw_length, + const PASSWORD_CRYPT *pw_hash, UINT8 *hash); +UINT16 get_hash_size (const UINT16 method); + +#endif /* SHIM_PASSWORDCRYPT_H */ diff --git a/include/PeImage.h b/include/PeImage.h index 17f186c7..a606e8b2 100644 --- a/include/PeImage.h +++ b/include/PeImage.h @@ -19,8 +19,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
-#ifndef __PE_IMAGE_H__
-#define __PE_IMAGE_H__
+#ifndef SHIM_PEIMAGE_H
+#define SHIM_PEIMAGE_H
#include <wincert.h>
@@ -786,4 +786,4 @@ typedef struct { EFI_IMAGE_OPTIONAL_HEADER_UNION *PEHdr;
} PE_COFF_LOADER_IMAGE_CONTEXT;
-#endif
+#endif /* SHIM_PEIMAGE_H */
diff --git a/include/configtable.h b/include/configtable.h index fa2b5058..0c9dfdca 100644 --- a/include/configtable.h +++ b/include/configtable.h @@ -1,3 +1,6 @@ +#ifndef SHIM_CONFIGTABLE_H +#define SHIM_CONFIGTABLE_H + /* definitions straight from TianoCore */ typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; @@ -66,3 +69,4 @@ configtable_find_image(const EFI_DEVICE_PATH *DevicePath); int configtable_image_is_forbidden(const EFI_DEVICE_PATH *DevicePath); +#endif /* SHIM_CONFIGTABLE_H */ diff --git a/include/console.h b/include/console.h index d59e3b4f..deb4fa3d 100644 --- a/include/console.h +++ b/include/console.h @@ -1,8 +1,18 @@ -#ifndef _SHIM_LIB_CONSOLE_H -#define _SHIM_LIB_CONSOLE_H 1 +#ifndef SHIM_CONSOLE_H +#define SHIM_CONSOLE_H + +#define Print(fmt, ...) \ + ({"Do not directly call Print() use console_print() instead" = 1;}); + +#define PrintAt(fmt, ...) \ + ({"Do not directly call PrintAt() use console_print_at() instead" = 1;}); EFI_STATUS console_get_keystroke(EFI_INPUT_KEY *key); +UINTN +console_print(const CHAR16 *fmt, ...); +UINTN +console_print_at(UINTN col, UINTN row, const CHAR16 *fmt, ...); void console_print_box_at(CHAR16 *str_arr[], int highlight, int start_col, int start_row, @@ -26,9 +36,6 @@ void console_reset(void); #define NOSEL 0x7fffffff -#define EFI_CONSOLE_CONTROL_PROTOCOL_GUID \ - { 0xf42f7782, 0x12e, 0x4c12, {0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21} } - typedef struct _EFI_CONSOLE_CONTROL_PROTOCOL EFI_CONSOLE_CONTROL_PROTOCOL; typedef enum { @@ -42,7 +49,7 @@ EFI_STATUS (EFIAPI *EFI_CONSOLE_CONTROL_PROTOCOL_GET_MODE) ( IN EFI_CONSOLE_CONTROL_PROTOCOL *This, OUT EFI_CONSOLE_CONTROL_SCREEN_MODE *Mode, - OUT BOOLEAN *GopUgaExists, OPTIONAL + OUT BOOLEAN *GopUgaExists, OPTIONAL OUT BOOLEAN *StdInLocked OPTIONAL ); @@ -66,26 +73,23 @@ struct _EFI_CONSOLE_CONTROL_PROTOCOL { EFI_CONSOLE_CONTROL_PROTOCOL_LOCK_STD_IN LockStdIn; }; -extern VOID setup_console (int text); +extern VOID console_fini(VOID); extern VOID setup_verbosity(VOID); -extern UINT8 verbose; -#define dprint(fmt, ...) ({ \ - UINTN __dprint_ret = 0; \ - if (verbose) \ - __dprint_ret = Print((fmt), ##__VA_ARGS__); \ - __dprint_ret; \ - }) -#define dprinta(fmt, ...) ({ \ - UINTN __dprinta_ret = 0; \ - if (verbose) { \ - UINTN __dprinta_i; \ - CHAR16 *__dprinta_str = AllocateZeroPool((strlena(fmt) + 1) * 2); \ - for (__dprinta_i = 0; fmt[__dprinta_i] != '\0'; __dprinta_i++) \ - __dprinta_str[__dprinta_i] = fmt[__dprinta_i]; \ - __dprinta_ret = Print((__dprinta_str), ##__VA_ARGS__); \ - FreePool(__dprinta_str); \ - } \ - __dprinta_ret; \ +extern UINT32 verbose; +#define dprint(fmt, ...) ({ \ + UINTN __dprint_ret = 0; \ + if (verbose) \ + __dprint_ret = console_print((fmt), ##__VA_ARGS__); \ + __dprint_ret; \ }) -#endif /* _SHIM_LIB_CONSOLE_H */ +extern EFI_STATUS print_crypto_errors(EFI_STATUS rc, char *file, const char *func, int line); +#define crypterr(rc) print_crypto_errors((rc), __FILE__, __func__, __LINE__) + +extern VOID msleep(unsigned long msecs); + +/* This is used in various things to determine if we should print to the + * console */ +extern UINT8 in_protocol; + +#endif /* SHIM_CONSOLE_H */ diff --git a/include/crypt_blowfish.h b/include/crypt_blowfish.h new file mode 100644 index 00000000..8d4dd4da --- /dev/null +++ b/include/crypt_blowfish.h @@ -0,0 +1,23 @@ +/* + * Written by Solar Designer <solar at openwall.com> in 2000-2011. + * No copyright is claimed, and the software is hereby placed in the public + * domain. In case this attempt to disclaim copyright and place the software + * in the public domain is deemed null and void, then the software is + * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the + * general public under the following terms: + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted. + * + * There's ABSOLUTELY NO WARRANTY, express or implied. + * + * See crypt_blowfish.c for more information. + */ + +#ifndef SHIM_CRYPT_BLOWFISH_H +#define SHIM_CRYPT_BLOWFISH_H + +char *crypt_blowfish_rn(const char *key, const char *setting, + char *output, int size); + +#endif /* SHIM_CRYPT_BLOWFISH_H */ diff --git a/include/efiauthenticated.h b/include/efiauthenticated.h index f7d6bcb1..7157ffd2 100644 --- a/include/efiauthenticated.h +++ b/include/efiauthenticated.h @@ -1,222 +1,193 @@ -#ifndef _INC_EFIAUTHENTICATED_H -#define _INC_EFIAUTHENTICATED_H +#ifndef SHIM_EFIAUTHENTICATED_H +#define SHIM_EFIAUTHENTICATED_H + #include <wincert.h> -//*********************************************************************** -// Signature Database -//*********************************************************************** -/// -/// The format of a signature database. -/// + +/*********************************************************************** + * Signature Database + ***********************************************************************/ +/* + * The format of a signature database. + */ #pragma pack(1) typedef struct { - /// - /// An identifier which identifies the agent which added the signature to the list. - /// - EFI_GUID SignatureOwner; - /// - /// The format of the signature is defined by the SignatureType. - /// - UINT8 SignatureData[1]; + /* + * An identifier which identifies the agent which added the signature to + * the list. + */ + EFI_GUID SignatureOwner; + /* + * The format of the signature is defined by the SignatureType. + */ + UINT8 SignatureData[1]; } EFI_SIGNATURE_DATA; typedef struct { - /// - /// Type of the signature. GUID signature types are defined in below. - /// - EFI_GUID SignatureType; - /// - /// Total size of the signature list, including this header. - /// - UINT32 SignatureListSize; - /// - /// Size of the signature header which precedes the array of signatures. - /// - UINT32 SignatureHeaderSize; - /// - /// Size of each signature. - /// - UINT32 SignatureSize; - /// - /// Header before the array of signatures. The format of this header is specified - /// by the SignatureType. - /// UINT8 SignatureHeader[SignatureHeaderSize]; - /// - /// An array of signatures. Each signature is SignatureSize bytes in length. - /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; - /// + /* + * Type of the signature. GUID signature types are defined below. + */ + EFI_GUID SignatureType; + /* + * Total size of the signature list, including this header. + */ + UINT32 SignatureListSize; + /* + * Size of the signature header which precedes the array of signatures. + */ + UINT32 SignatureHeaderSize; + /* + * Size of each signature. + */ + UINT32 SignatureSize; + /* + * Header before the array of signatures. The format of this header is + * specified by the SignatureType. + */ + //UINT8 SignatureHeader[SignatureHeaderSize]; + /* + * An array of signatures. Each signature is SignatureSize bytes in length. + */ + //EFI_SIGNATURE_DATA Signatures[][SignatureSize]; } EFI_SIGNATURE_LIST; #pragma pack() -// -// _WIN_CERTIFICATE.wCertificateType -// +/* + * WIN_CERTIFICATE.wCertificateType + */ #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 #define WIN_CERT_TYPE_EFI_PKCS115 0x0EF0 #define WIN_CERT_TYPE_EFI_GUID 0x0EF1 -#define EFI_CERT_X509_GUID \ - (EFI_GUID){ \ - 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ - } - -#define EFI_CERT_RSA2048_GUID \ - (EFI_GUID){ \ - 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ - } - - -#define EFI_CERT_TYPE_PKCS7_GUID \ - (EFI_GUID){ \ - 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ - } - -/// -/// WIN_CERTIFICATE_UEFI_GUID.CertType -/// -#define EFI_CERT_TYPE_RSA2048_SHA256_GUID \ - {0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf } } - -/// -/// WIN_CERTIFICATE_UEFI_GUID.CertData -/// +/* + * WIN_CERTIFICATE_UEFI_GUID.CertData + */ typedef struct { - EFI_GUID HashType; - UINT8 PublicKey[256]; - UINT8 Signature[256]; + EFI_GUID HashType; + UINT8 PublicKey[256]; + UINT8 Signature[256]; } EFI_CERT_BLOCK_RSA_2048_SHA256; - -/// -/// Certificate which encapsulates a GUID-specific digital signature -/// +/* + * Certificate which encapsulates a GUID-specific digital signature + */ typedef struct { - /// - /// This is the standard WIN_CERTIFICATE header, where - /// wCertificateType is set to WIN_CERT_TYPE_UEFI_GUID. - /// - WIN_CERTIFICATE Hdr; - /// - /// This is the unique id which determines the - /// format of the CertData. . - /// - EFI_GUID CertType; - /// - /// The following is the certificate data. The format of - /// the data is determined by the CertType. - /// If CertType is EFI_CERT_TYPE_RSA2048_SHA256_GUID, - /// the CertData will be EFI_CERT_BLOCK_RSA_2048_SHA256 structure. - /// - UINT8 CertData[1]; + /* + * This is the standard WIN_CERTIFICATE header, where wCertificateType is + * set to WIN_CERT_TYPE_UEFI_GUID. + */ + WIN_CERTIFICATE Hdr; + /* + * This is the unique id which determines the format of the CertData. + */ + EFI_GUID CertType; + /* + * The following is the certificate data. The format of the data is + * determined by the CertType. If CertType is + * EFI_CERT_TYPE_RSA2048_SHA256_GUID, the CertData will be + * EFI_CERT_BLOCK_RSA_2048_SHA256 structure. + */ + UINT8 CertData[1]; } WIN_CERTIFICATE_UEFI_GUID; - -/// -/// Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. -/// -/// The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from -/// WIN_CERTIFICATE and encapsulate the information needed to -/// implement the RSASSA-PKCS1-v1_5 digital signature algorithm as -/// specified in RFC2437. -/// -typedef struct { - /// - /// This is the standard WIN_CERTIFICATE header, where - /// wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. - /// - WIN_CERTIFICATE Hdr; - /// - /// This is the hashing algorithm which was performed on the - /// UEFI executable when creating the digital signature. - /// - EFI_GUID HashAlgorithm; - /// - /// The following is the actual digital signature. The - /// size of the signature is the same size as the key - /// (1024-bit key is 128 bytes) and can be determined by - /// subtracting the length of the other parts of this header - /// from the total length of the certificate as found in - /// Hdr.dwLength. - /// - /// UINT8 Signature[]; - /// +/* + * Certificate which encapsulates the RSASSA_PKCS1-v1_5 digital signature. + * + * The WIN_CERTIFICATE_UEFI_PKCS1_15 structure is derived from + * WIN_CERTIFICATE and encapsulate the information needed to implement the + * RSASSA-PKCS1-v1_5 digital signature algorithm as specified in RFC2437. + */ +typedef struct { + /* + * This is the standard WIN_CERTIFICATE header, where + * wCertificateType is set to WIN_CERT_TYPE_UEFI_PKCS1_15. + */ + WIN_CERTIFICATE Hdr; + /* + * This is the hashing algorithm which was performed on the UEFI + * executable when creating the digital signature. + */ + EFI_GUID HashAlgorithm; + /* + * The following is the actual digital signature. The size of the + * signature is the same size as the key (1024-bit key is 128 bytes) + * and can be determined by subtracting the length of the other parts + * of this header from the total length of the certificate as found + * in Hdr.dwLength. + */ + //UINT8 Signature[]; } WIN_CERTIFICATE_EFI_PKCS1_15; -#define OFFSET_OF(TYPE, Field) ((UINTN) &(((TYPE *)0)->Field)) - -/// -/// Attributes of Authenticated Variable -/// +/* + * Attributes of Authenticated Variable + */ #define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 #define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 #define EFI_VARIABLE_APPEND_WRITE 0x00000040 -/// -/// AuthInfo is a WIN_CERTIFICATE using the wCertificateType -/// WIN_CERTIFICATE_UEFI_GUID and the CertType -/// EFI_CERT_TYPE_RSA2048_SHA256_GUID. If the attribute specifies -/// authenticated access, then the Data buffer should begin with an -/// authentication descriptor prior to the data payload and DataSize -/// should reflect the the data.and descriptor size. The caller -/// shall digest the Monotonic Count value and the associated data -/// for the variable update using the SHA-256 1-way hash algorithm. -/// The ensuing the 32-byte digest will be signed using the private -/// key associated w/ the public/private 2048-bit RSA key-pair. The -/// WIN_CERTIFICATE shall be used to describe the signature of the -/// Variable data *Data. In addition, the signature will also -/// include the MonotonicCount value to guard against replay attacks. -/// +/* + * AuthInfo is a WIN_CERTIFICATE using the wCertificateType + * WIN_CERTIFICATE_UEFI_GUID and the CertType + * EFI_CERT_TYPE_RSA2048_SHA256_GUID. If the attribute specifies + * authenticated access, then the Data buffer should begin with an + * authentication descriptor prior to the data payload and DataSize should + * reflect the the data.and descriptor size. The caller shall digest the + * Monotonic Count value and the associated data for the variable update + * using the SHA-256 1-way hash algorithm. The ensuing the 32-byte digest + * will be signed using the private key associated w/ the public/private + * 2048-bit RSA key-pair. The WIN_CERTIFICATE shall be used to describe the + * signature of the Variable data *Data. In addition, the signature will also + * include the MonotonicCount value to guard against replay attacks. + */ typedef struct { - /// - /// Included in the signature of - /// AuthInfo.Used to ensure freshness/no - /// replay. Incremented during each - /// "Write" access. - /// - UINT64 MonotonicCount; - /// - /// Provides the authorization for the variable - /// access. It is a signature across the - /// variable data and the Monotonic Count - /// value. Caller uses Private key that is - /// associated with a public key that has been - /// provisioned via the key exchange. - /// - WIN_CERTIFICATE_UEFI_GUID AuthInfo; + /* + * Included in the signature of AuthInfo.Used to ensure freshness/no + * replay. Incremented during each "Write" access. + */ + UINT64 MonotonicCount; + /* + * Provides the authorization for the variable access. It is a + * signature across the variable data and the Monotonic Count value. + * Caller uses Private key that is associated with a public key that + * has been provisioned via the key exchange. + */ + WIN_CERTIFICATE_UEFI_GUID AuthInfo; } EFI_VARIABLE_AUTHENTICATION; -/// -/// When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is -/// set, then the Data buffer shall begin with an instance of a complete (and serialized) -/// EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be followed by the new -/// variable value and DataSize shall reflect the combined size of the descriptor and the new -/// variable value. The authentication descriptor is not part of the variable data and is not -/// returned by subsequent calls to GetVariable(). -/// +/* + * When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is + * set, then the Data buffer shall begin with an instance of a complete (and + * serialized) EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall + * be followed by the new variable value and DataSize shall reflect the + * combined size of the descriptor and the new variable value. The + * authentication descriptor is not part of the variable data and is not + * returned by subsequent calls to GetVariable(). + */ typedef struct { - /// - /// For the TimeStamp value, components Pad1, Nanosecond, TimeZone, Daylight and - /// Pad2 shall be set to 0. This means that the time shall always be expressed in GMT. - /// - EFI_TIME TimeStamp; - /// - /// Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted. - /// - WIN_CERTIFICATE_UEFI_GUID AuthInfo; - } EFI_VARIABLE_AUTHENTICATION_2; - -/// -/// Size of AuthInfo prior to the data payload. -/// -#define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \ - (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \ + /* + * For the TimeStamp value, components Pad1, Nanosecond, TimeZone, + * Daylight and Pad2 shall be set to 0. This means that the time + * shall always be expressed in GMT. + */ + EFI_TIME TimeStamp; + /* + * Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted. + */ + WIN_CERTIFICATE_UEFI_GUID AuthInfo; +} EFI_VARIABLE_AUTHENTICATION_2; + +/* + * Size of AuthInfo prior to the data payload. + */ +#define AUTHINFO_SIZE ((offsetof(EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \ + (offsetof(WIN_CERTIFICATE_UEFI_GUID, CertData)) + \ sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256)) -#define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \ +#define AUTHINFO2_SIZE(VarAuth2) ((offsetof(EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \ (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength) -#define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \ - (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData))) +#define OFFSET_OF_AUTHINFO2_CERT_DATA ((offsetof(EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \ + (offsetof(WIN_CERTIFICATE_UEFI_GUID, CertData))) -#endif +#endif /* SHIM_EFIAUTHENTICATED_H */ diff --git a/include/errors.h b/include/errors.h index 0da4bb59..21978bd8 100644 --- a/include/errors.h +++ b/include/errors.h @@ -1,3 +1,6 @@ +#ifndef SHIM_ERRORS_H +#define SHIM_ERRORS_H + #include <efierr.h> #ifndef EFI_INCOMPATIBLE_VERSION @@ -7,3 +10,4 @@ #define EFI_SECURITY_VIOLATION EFIERR(26) #endif +#endif /* SHIM_ERRORS_H */ diff --git a/include/execute.h b/include/execute.h index 9aecbff8..18d2fa29 100644 --- a/include/execute.h +++ b/include/execute.h @@ -1,5 +1,10 @@ +#ifndef SHIM_LIB_EXECUTE_H +#define SHIM_LIB_EXECUTE_H + EFI_STATUS generate_path(CHAR16* name, EFI_LOADED_IMAGE *li, EFI_DEVICE_PATH **path, CHAR16 **PathName); EFI_STATUS execute(EFI_HANDLE image, CHAR16 *name); + +#endif /* SHIM_LIB_EXECUTE_H */ diff --git a/include/guid.h b/include/guid.h index 86b709b8..81689d6c 100644 --- a/include/guid.h +++ b/include/guid.h @@ -1,14 +1,38 @@ +#ifndef SHIM_GUID_H +#define SHIM_GUID_H + #include <efi.h> +extern EFI_GUID BDS_GUID; extern EFI_GUID GV_GUID; extern EFI_GUID SIG_DB; extern EFI_GUID X509_GUID; extern EFI_GUID RSA2048_GUID; extern EFI_GUID PKCS7_GUID; extern EFI_GUID IMAGE_PROTOCOL; -extern EFI_GUID SIMPLE_FS_PROTOCOL; +extern EFI_GUID EFI_FILE_INFO_GUID; +extern EFI_GUID EFI_FILE_SYSTEM_INFO_GUID; +extern EFI_GUID EFI_CERT_RSA2048_GUID; extern EFI_GUID EFI_CERT_SHA1_GUID; extern EFI_GUID EFI_CERT_SHA256_GUID; -extern EFI_GUID MOK_OWNER; +extern EFI_GUID EFI_CERT_SHA224_GUID; +extern EFI_GUID EFI_CERT_SHA384_GUID; +extern EFI_GUID EFI_CERT_SHA512_GUID; +extern EFI_GUID EFI_CERT_TYPE_PKCS7_GUID; +extern EFI_GUID EFI_CERT_TYPE_RSA2048_SHA256_GUID; +extern EFI_GUID EFI_CERT_TYPE_X509_GUID; +extern EFI_GUID EFI_CONSOLE_CONTROL_GUID; +extern EFI_GUID EFI_HTTP_BINDING_GUID; +extern EFI_GUID EFI_HTTP_PROTOCOL_GUID; +extern EFI_GUID EFI_IP4_CONFIG2_GUID; +extern EFI_GUID EFI_IP6_CONFIG_GUID; +extern EFI_GUID EFI_LOADED_IMAGE_GUID; +extern EFI_GUID EFI_TPM_GUID; +extern EFI_GUID EFI_TPM2_GUID; +extern EFI_GUID EFI_SECURE_BOOT_DB_GUID; +extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID; extern EFI_GUID SECURITY_PROTOCOL_GUID; extern EFI_GUID SECURITY2_PROTOCOL_GUID; +extern EFI_GUID SHIM_LOCK_GUID; + +#endif /* SHIM_GUID_H */ diff --git a/include/hexdump.h b/include/hexdump.h new file mode 100644 index 00000000..d337b571 --- /dev/null +++ b/include/hexdump.h @@ -0,0 +1,104 @@ +#ifndef STATIC_HEXDUMP_H +#define STATIC_HEXDUMP_H + +static int +__attribute__((__unused__)) +isprint(char c) +{ + if (c < 0x20) + return 0; + if (c > 0x7e) + return 0; + return 1; +} + +static UINTN +__attribute__((__unused__)) +format_hex(UINT8 *data, UINTN size, CHAR16 *buf) +{ + UINTN sz = (UINTN)data % 16; + CHAR16 hexchars[] = L"0123456789abcdef"; + int offset = 0; + UINTN i; + UINTN j; + + for (i = 0; i < sz; i++) { + buf[offset++] = L' '; + buf[offset++] = L' '; + buf[offset++] = L' '; + if (i == 7) + buf[offset++] = L' '; + } + for (j = sz; j < 16 && j < size; j++) { + UINT8 d = data[j-sz]; + buf[offset++] = hexchars[(d & 0xf0) >> 4]; + buf[offset++] = hexchars[(d & 0x0f)]; + if (j != 15) + buf[offset++] = L' '; + if (j == 7) + buf[offset++] = L' '; + } + for (i = j; i < 16; i++) { + buf[offset++] = L' '; + buf[offset++] = L' '; + if (i != 15) + buf[offset++] = L' '; + if (i == 7) + buf[offset++] = L' '; + } + buf[offset] = L'\0'; + return j - sz; +} + +static void +__attribute__((__unused__)) +format_text(UINT8 *data, UINTN size, CHAR16 *buf) +{ + UINTN sz = (UINTN)data % 16; + int offset = 0; + UINTN i; + UINTN j; + + for (i = 0; i < sz; i++) + buf[offset++] = L' '; + buf[offset++] = L'|'; + for (j = sz; j < 16 && j < size; j++) { + if (isprint(data[j-sz])) + buf[offset++] = data[j-sz]; + else + buf[offset++] = L'.'; + } + buf[offset++] = L'|'; + for (i = j; i < 16; i++) + buf[offset++] = L' '; + buf[offset] = L'\0'; +} + +static void +__attribute__((__unused__)) +hexdump(UINT8 *data, UINTN size) +{ + UINTN display_offset = (UINTN)data & 0xffffffff; + UINTN offset = 0; + //console_print(L"hexdump: data=0x%016x size=0x%x\n", data, size); + + while (offset < size) { + CHAR16 hexbuf[49]; + CHAR16 txtbuf[19]; + UINTN sz; + + sz = format_hex(data+offset, size-offset, hexbuf); + if (sz == 0) + return; + msleep(200000); + + format_text(data+offset, size-offset, txtbuf); + console_print(L"%08x %s %s\n", display_offset, hexbuf, txtbuf); + msleep(200000); + + display_offset += sz; + offset += sz; + } +} + +#endif /* STATIC_HEXDUMP_H */ diff --git a/include/httpboot.h b/include/httpboot.h new file mode 100644 index 00000000..b47f6a9d --- /dev/null +++ b/include/httpboot.h @@ -0,0 +1,41 @@ +/* + * Copyright 2015 SUSE LINUX GmbH <glin@suse.com> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Significant portions of this code are derived from Tianocore + * (http://tianocore.sf.net) and are Copyright 2009-2012 Intel + * Corporation. + */ + +#ifndef SHIM_HTTPBOOT_H +#define SHIM_HTTPBOOT_H + +extern BOOLEAN find_httpboot(EFI_HANDLE device); +extern EFI_STATUS httpboot_fetch_buffer(EFI_HANDLE image, VOID **buffer, + UINT64 *buf_size); + +#endif /* SHIM_HTTPBOOT_H */ diff --git a/include/netboot.h b/include/netboot.h new file mode 100644 index 00000000..d1ad1257 --- /dev/null +++ b/include/netboot.h @@ -0,0 +1,10 @@ +#ifndef SHIM_NETBOOT_H +#define SHIM_NETBOOT_H + +extern BOOLEAN findNetboot(EFI_HANDLE image_handle); + +extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle); + +extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz); + +#endif /* SHIM_NETBOOT_H */ diff --git a/include/replacements.h b/include/replacements.h new file mode 100644 index 00000000..ab2a5a58 --- /dev/null +++ b/include/replacements.h @@ -0,0 +1,52 @@ +/* + * Copyright 2013 Red Hat, Inc <pjones@redhat.com> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef SHIM_REPLACEMENTS_H +#define SHIM_REPLACEMENTS_H + +extern EFI_SYSTEM_TABLE *get_active_systab(void); + +typedef enum { + VERIFIED_BY_NOTHING, + VERIFIED_BY_CERT, + VERIFIED_BY_HASH +} verification_method_t; + +extern verification_method_t verification_method; +extern int loader_is_participating; + +extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); +extern void unhook_system_services(void); + +extern void hook_exit(EFI_SYSTEM_TABLE *local_systab); +extern void unhook_exit(void); + +extern EFI_STATUS install_shim_protocols(void); +extern void uninstall_shim_protocols(void); + +#endif /* SHIM_REPLACEMENTS_H */ diff --git a/include/security_policy.h b/include/security_policy.h index 7854db11..7cfbfd03 100644 --- a/include/security_policy.h +++ b/include/security_policy.h @@ -1,5 +1,5 @@ -#ifndef _SHIM_LIB_SECURITY_POLICY_H -#define _SHIM_LIB_SECURITY_POLICY_H 1 +#ifndef SHIM_SECURITY_POLICY_H +#define SHIM_SECURITY_POLICY_H #if defined(OVERRIDE_SECURITY_POLICY) typedef EFI_STATUS (*SecurityHook) (void *data, UINT32 len); @@ -12,4 +12,4 @@ void security_protocol_set_hashes(unsigned char *esl, int len); #endif /* OVERRIDE_SECURITY_POLICY */ -#endif /* SHIM_LIB_SECURITY_POLICY_H */ +#endif /* SHIM_SECURITY_POLICY_H */ diff --git a/include/shell.h b/include/shell.h index 9cb5d479..fec50137 100644 --- a/include/shell.h +++ b/include/shell.h @@ -1,2 +1,7 @@ +#ifndef SHIM_SHELL_H +#define SHIM_SHELL_H + EFI_STATUS argsplit(EFI_HANDLE image, int *argc, CHAR16*** ARGV); + +#endif /* SHIM_SHELL_H */ diff --git a/include/simple_file.h b/include/simple_file.h index fe4fd97d..7b019654 100644 --- a/include/simple_file.h +++ b/include/simple_file.h @@ -1,3 +1,6 @@ +#ifndef SHIM_SIMPLE_FILE_H +#define SHIM_SIMPLE_FILE_H + EFI_STATUS simple_file_open (EFI_HANDLE image, CHAR16 *name, EFI_FILE **file, UINT64 mode); EFI_STATUS @@ -6,8 +9,6 @@ EFI_STATUS simple_file_read_all(EFI_FILE *file, UINTN *size, void **buffer); EFI_STATUS simple_file_write_all(EFI_FILE *file, UINTN size, void *buffer); -void -simple_file_close(EFI_FILE *file); EFI_STATUS simple_dir_read_all(EFI_HANDLE image, CHAR16 *name, EFI_FILE_INFO **Entries, int *count); @@ -19,3 +20,5 @@ simple_file_selector(EFI_HANDLE *im, CHAR16 **title, CHAR16 *name, CHAR16 *filter, CHAR16 **result); EFI_STATUS simple_volume_selector(CHAR16 **title, CHAR16 **selected, EFI_HANDLE *h); + +#endif /* SHIM_SIMPLE_FILE_H */ diff --git a/include/tpm.h b/include/tpm.h new file mode 100644 index 00000000..746e871f --- /dev/null +++ b/include/tpm.h @@ -0,0 +1,191 @@ +#ifndef SHIM_TPM_H +#define SHIM_TPM_H + +#include <efilib.h> + +#define TPM_ALG_SHA 0x00000004 +#define EV_IPL 0x0000000d + +EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, + const CHAR8 *description); +EFI_STATUS fallback_should_prefer_reset(void); + +EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, + UINT8 pcr); + +EFI_STATUS tpm_measure_variable(CHAR16 *dbname, EFI_GUID guid, UINTN size, void *data); + +typedef struct { + uint8_t Major; + uint8_t Minor; + uint8_t RevMajor; + uint8_t RevMinor; +} TCG_VERSION; + +typedef struct _TCG_EFI_BOOT_SERVICE_CAPABILITY { + uint8_t Size; /// Size of this structure. + TCG_VERSION StructureVersion; + TCG_VERSION ProtocolSpecVersion; + uint8_t HashAlgorithmBitmap; /// Hash algorithms . + char TPMPresentFlag; /// 00h = TPM not present. + char TPMDeactivatedFlag; /// 01h = TPM currently deactivated. +} TCG_EFI_BOOT_SERVICE_CAPABILITY; + +typedef struct _TCG_PCR_EVENT { + uint32_t PCRIndex; + uint32_t EventType; + uint8_t digest[20]; + uint32_t EventSize; + uint8_t Event[1]; +} TCG_PCR_EVENT; + +typedef struct _EFI_IMAGE_LOAD_EVENT { + EFI_PHYSICAL_ADDRESS ImageLocationInMemory; + UINTN ImageLengthInMemory; + UINTN ImageLinkTimeAddress; + UINTN LengthOfDevicePath; + EFI_DEVICE_PATH DevicePath[1]; +} EFI_IMAGE_LOAD_EVENT; + +struct efi_tpm_protocol +{ + EFI_STATUS (EFIAPI *status_check) (struct efi_tpm_protocol *this, + TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability, + uint32_t *TCGFeatureFlags, + EFI_PHYSICAL_ADDRESS *EventLogLocation, + EFI_PHYSICAL_ADDRESS *EventLogLastEntry); + EFI_STATUS (EFIAPI *hash_all) (struct efi_tpm_protocol *this, + uint8_t *HashData, + uint64_t HashLen, + uint32_t AlgorithmId, + uint64_t *HashedDataLen, + uint8_t **HashedDataResult); + EFI_STATUS (EFIAPI *log_event) (struct efi_tpm_protocol *this, + TCG_PCR_EVENT *TCGLogData, + uint32_t *EventNumber, + uint32_t Flags); + EFI_STATUS (EFIAPI *pass_through_to_tpm) (struct efi_tpm_protocol *this, + uint32_t TpmInputParameterBlockSize, + uint8_t *TpmInputParameterBlock, + uint32_t TpmOutputParameterBlockSize, + uint8_t *TpmOutputParameterBlock); + EFI_STATUS (EFIAPI *log_extend_event) (struct efi_tpm_protocol *this, + EFI_PHYSICAL_ADDRESS HashData, + uint64_t HashDataLen, + uint32_t AlgorithmId, + TCG_PCR_EVENT *TCGLogData, + uint32_t *EventNumber, + EFI_PHYSICAL_ADDRESS *EventLogLastEntry); +}; + +typedef struct efi_tpm_protocol efi_tpm_protocol_t; + +typedef uint32_t TREE_EVENT_LOG_BITMAP; + +typedef uint32_t EFI_TCG2_EVENT_LOG_BITMAP; +typedef uint32_t EFI_TCG2_EVENT_LOG_FORMAT; +typedef uint32_t EFI_TCG2_EVENT_ALGORITHM_BITMAP; + +typedef struct tdTREE_VERSION { + uint8_t Major; + uint8_t Minor; +} TREE_VERSION; + +typedef struct tdEFI_TCG2_VERSION { + uint8_t Major; + uint8_t Minor; +} EFI_TCG2_VERSION; + +typedef struct tdTREE_BOOT_SERVICE_CAPABILITY { + uint8_t Size; + TREE_VERSION StructureVersion; + TREE_VERSION ProtocolVersion; + uint32_t HashAlgorithmBitmap; + TREE_EVENT_LOG_BITMAP SupportedEventLogs; + BOOLEAN TrEEPresentFlag; + uint16_t MaxCommandSize; + uint16_t MaxResponseSize; + uint32_t ManufacturerID; +} TREE_BOOT_SERVICE_CAPABILITY; + +typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY { + uint8_t Size; + EFI_TCG2_VERSION StructureVersion; + EFI_TCG2_VERSION ProtocolVersion; + EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; + EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs; + BOOLEAN TPMPresentFlag; + uint16_t MaxCommandSize; + uint16_t MaxResponseSize; + uint32_t ManufacturerID; + uint32_t NumberOfPcrBanks; + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks; +} EFI_TCG2_BOOT_SERVICE_CAPABILITY; + +typedef uint32_t TCG_PCRINDEX; +typedef uint32_t TCG_EVENTTYPE; + +typedef struct tdEFI_TCG2_EVENT_HEADER { + uint32_t HeaderSize; + uint16_t HeaderVersion; + TCG_PCRINDEX PCRIndex; + TCG_EVENTTYPE EventType; +} __attribute__ ((packed)) EFI_TCG2_EVENT_HEADER; + +typedef struct tdEFI_TCG2_EVENT { + uint32_t Size; + EFI_TCG2_EVENT_HEADER Header; + uint8_t Event[1]; +} __attribute__ ((packed)) EFI_TCG2_EVENT; + +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001 +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 + +struct efi_tpm2_protocol +{ + EFI_STATUS (EFIAPI *get_capability) (struct efi_tpm2_protocol *this, + EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability); + EFI_STATUS (EFIAPI *get_event_log) (struct efi_tpm2_protocol *this, + EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + EFI_PHYSICAL_ADDRESS *EventLogLocation, + EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + BOOLEAN *EventLogTruncated); + EFI_STATUS (EFIAPI *hash_log_extend_event) (struct efi_tpm2_protocol *this, + uint64_t Flags, + EFI_PHYSICAL_ADDRESS DataToHash, + uint64_t DataToHashLen, + EFI_TCG2_EVENT *EfiTcgEvent); + EFI_STATUS (EFIAPI *submit_command) (struct efi_tpm2_protocol *this, + uint32_t InputParameterBlockSize, + uint8_t *InputParameterBlock, + uint32_t OutputParameterBlockSize, + uint8_t *OutputParameterBlock); + EFI_STATUS (EFIAPI *get_active_pcr_blanks) (struct efi_tpm2_protocol *this, + uint32_t *ActivePcrBanks); + EFI_STATUS (EFIAPI *set_active_pcr_banks) (struct efi_tpm2_protocol *this, + uint32_t ActivePcrBanks); + EFI_STATUS (EFIAPI *get_result_of_set_active_pcr_banks) (struct efi_tpm2_protocol *this, + uint32_t *OperationPresent, + uint32_t *Response); +}; + +typedef struct efi_tpm2_protocol efi_tpm2_protocol_t; + +typedef UINT32 TCG_EVENTTYPE; + +#define EV_EFI_EVENT_BASE ((TCG_EVENTTYPE) 0x80000000) +#define EV_EFI_VARIABLE_DRIVER_CONFIG (EV_EFI_EVENT_BASE + 1) +#define EV_EFI_VARIABLE_BOOT (EV_EFI_EVENT_BASE + 2) +#define EV_EFI_BOOT_SERVICES_APPLICATION (EV_EFI_EVENT_BASE + 3) +#define EV_EFI_BOOT_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 4) +#define EV_EFI_RUNTIME_SERVICES_DRIVER (EV_EFI_EVENT_BASE + 5) +#define EV_EFI_GPT_EVENT (EV_EFI_EVENT_BASE + 6) +#define EV_EFI_ACTION (EV_EFI_EVENT_BASE + 7) +#define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8) +#define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9) +#define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0) + +#define PE_COFF_IMAGE 0x0000000000000010 + +#endif /* SHIM_TPM_H */ +// vim:fenc=utf-8:tw=75 diff --git a/include/ucs2.h b/include/ucs2.h new file mode 100644 index 00000000..806774c7 --- /dev/null +++ b/include/ucs2.h @@ -0,0 +1,139 @@ +/* + * shim - trivial UEFI first-stage bootloader + * + * Copyright 2013 Red Hat, Inc <pjones@redhat.com> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Significant portions of this code are derived from Tianocore + * (http://tianocore.sf.net) and are Copyright 2009-2012 Intel + * Corporation. + */ + +#ifndef SHIM_UCS2_H +#define SHIM_UCS2_H + +#include <stdbool.h> + +static inline INTN +__attribute__((unused)) +StrCaseCmp(CHAR16 *s0, CHAR16 *s1) +{ + CHAR16 c0, c1; + while (1) { + if (*s0 == L'\0' || *s1 == L'\0') + return *s1 - *s0; + c0 = (*s0 >= L'a' && *s0 <= L'z') ? *s0 - 32 : *s0; + c1 = (*s1 >= L'a' && *s1 <= L'z') ? *s1 - 32 : *s1; + if (c0 != c1) + return c1 - c0; + s0++; + s1++; + } + return 0; +} + +static inline INTN +__attribute__((unused)) +StrnCaseCmp(CHAR16 *s0, CHAR16 *s1, int n) +{ + CHAR16 c0, c1; + int x = 0; + while (n > x++) { + if (*s0 == L'\0' || *s1 == L'\0') + return *s1 - *s0; + c0 = (*s0 >= L'a' && *s0 <= L'z') ? *s0 - 32 : *s0; + c1 = (*s1 >= L'a' && *s1 <= L'z') ? *s1 - 32 : *s1; + if (c0 != c1) + return c1 - c0; + s0++; + s1++; + } + return 0; +} + +static inline UINTN +__attribute__((unused)) +StrCSpn(const CHAR16 *s, const CHAR16 *reject) +{ + UINTN ret; + + for (ret = 0; s[ret] != L'\0'; ret++) { + int i; + for (i = 0; reject[i] != L'\0'; i++) { + if (reject[i] == s[ret]) + return ret; + } + } + return ret; +} + +/* + * Test if an entire buffer is nothing but NUL characters. This + * implementation "gracefully" ignores the difference between the + * UTF-8/ASCII 1-byte NUL and the UCS-2 2-byte NUL. + */ +static inline bool +__attribute__((__unused__)) +is_all_nuls(UINT8 *data, UINTN data_size) +{ + UINTN i; + + for (i = 0; i < data_size; i++) { + if (data[i] != 0) + return false; + } + return true; +} + +static inline UINTN +__attribute__((__unused__)) +count_ucs2_strings(UINT8 *data, UINTN data_size) +{ + UINTN pos = 0; + UINTN last_nul_pos = 0; + UINTN num_nuls = 0; + UINTN i; + + if (data_size % 2 != 0) + return 0; + + for (i = pos; i < data_size; i++) { + if (i % 2 != 0) { + if (data[i] != 0) + return 0; + } else if (data[i] == 0) { + last_nul_pos = i; + num_nuls++; + } + pos = i; + } + if (num_nuls > 0 && last_nul_pos != pos - 1) + return 0; + return num_nuls; +} + +#endif /* SHIM_UCS2_H */ diff --git a/include/variables.h b/include/variables.h index deed269c..8566a1a4 100644 --- a/include/variables.h +++ b/include/variables.h @@ -1,5 +1,7 @@ -#include <efiauthenticated.h> +#ifndef SHIM_VARIABLES_H +#define SHIM_VARIABLES_H +#include <efiauthenticated.h> #include <PeImage.h> /* for SHA256_DIGEST_SIZE */ #define certlist_for_each_certentry(cl, cl_init, s, s_init) \ @@ -57,3 +59,5 @@ variable_enroll_hash(CHAR16 *var, EFI_GUID owner, EFI_STATUS variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner, void **out, int *outlen); + +#endif /* SHIM_VARIABLES_H */ diff --git a/include/version.h b/include/version.h deleted file mode 100644 index 09fd44ae..00000000 --- a/include/version.h +++ /dev/null @@ -1,8 +0,0 @@ -#define VERSION "1.3.4" - -static void -version(const char *progname) -{ - printf("%s " VERSION "\n", progname); -} - diff --git a/include/wincert.h b/include/wincert.h index 68d1974a..a3ce12a2 100644 --- a/include/wincert.h +++ b/include/wincert.h @@ -1,5 +1,5 @@ -#ifndef _INC_WINCERT_H -#define _INC_WINCERT_H +#ifndef SHIM_WINCERT_H +#define SHIM_WINCERT_H /// /// The WIN_CERTIFICATE structure is part of the PE/COFF specification. @@ -30,4 +30,4 @@ typedef struct { } WIN_CERTIFICATE; -#endif +#endif /* SHIM_WINCERT_H */ |