Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MsCorePkg/SecureBootKeyStoreLib: Add Library implementation #377

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
## @file - BaseSecureBootKeyStoreLib.inf
# Copyright (C) Microsoft Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#

[Defines]
INF_VERSION = 0x00010005
BASE_NAME = BaseSecureBootKeyStoreLib
FILE_GUID = 02EEF9DA-5557-4090-BFF5-E07EF0344805
VERSION_STRING = 1.0
MODULE_TYPE = BASE
LIBRARY_CLASS = SecureBootKeyStoreLib

#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#

[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
MsCorePkg/MsCorePkg.dec

[Sources]
SecureBootKeyStoreLib.c

[LibraryClasses]
PcdLib

[FixedPcd]
gMsCorePkgTokenSpaceGuid.PcdDefaultKek # CONSUMES
gMsCorePkgTokenSpaceGuid.PcdDefaultDb # CONSUMES
gMsCorePkgTokenSpaceGuid.PcdDefault3PDb # CONSUMES
gMsCorePkgTokenSpaceGuid.PcdDefaultDbx # CONSUMES
gMsCorePkgTokenSpaceGuid.PcdDefaultPk # CONSUMES
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
/** @file SecureBootKeyStoreLib.c


Copyright (C) Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

**/

#include <Uefi.h>
#include <UefiSecureBoot.h>

#include <Guid/ImageAuthentication.h>

#include <Library/SecureBootVariableLib.h>
#include <Library/PcdLib.h>

SECURE_BOOT_PAYLOAD_INFO mSecureBootPayload[] = {
{
.SecureBootKeyName = L"Microsoft Only",
.KekPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultKek),
.KekSize = (CONST UINT32)FixedPcdGetSize (PcdDefaultKek),
.DbPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultDb),
.DbSize = (CONST UINT32)FixedPcdGetSize (PcdDefaultDb),
.DbxPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultDbx),
.DbxSize = (CONST UINT32)FixedPcdGetSize (PcdDefaultDbx),
.PkPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultPk),
.PkSize = (CONST UINT32)FixedPcdGetSize (PcdDefaultPk),
.DbtPtr = NULL,
.DbtSize = 0,
},
{
.SecureBootKeyName = L"Microsoft Plus 3rd Party",
.KekPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultKek),
.KekSize = (CONST UINT32)FixedPcdGetSize (PcdDefaultKek),
.DbPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefault3PDb),
.DbSize = (CONST UINT32)FixedPcdGetSize (PcdDefault3PDb),
.DbxPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultDbx),
.DbxSize = (CONST UINT32)FixedPcdGetSize (PcdDefaultDbx),
.PkPtr = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultPk),
.PkSize = (CONST UINT32)FixedPcdGetSize (PcdDefaultPk),
.DbtPtr = NULL,
.DbtSize = 0,
}
};

/**
Interface to fetch platform Secure Boot Certificates, each payload
corresponds to a designated set of db, dbx, dbt, KEK, PK.

@param[in] Keys Pointer to hold the returned sets of keys. The
returned buffer will be treated as CONST and
permanent pointer. The consumer will NOT free
the buffer after use.
@param[in] KeyCount The number of sets available in the returned Keys.

@retval EFI_SUCCESS The Keys are properly fetched.
@retval EFI_INVALID_PARAMETER Inputs have NULL pointers.
**/
EFI_STATUS
EFIAPI
GetPlatformKeyStore (
OUT SECURE_BOOT_PAYLOAD_INFO **Keys,
OUT UINT8 *KeyCount
)
{
if ((Keys == NULL) || (KeyCount == NULL)) {
return EFI_INVALID_PARAMETER;
}

*Keys = mSecureBootPayload;
*KeyCount = ARRAY_SIZE (mSecureBootPayload);

return EFI_SUCCESS;
}
20 changes: 20 additions & 0 deletions MsCorePkg/MsCorePkg.dec
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,26 @@
## Default: 1024 * 4KiB = 4MB
gMsCorePkgTokenSpaceGuid.PcdDebugFileLoggerAllocatedPages|1024|UINT32|0x4000001C

## Pcd value representing the Pk for a platform
# Empty by default. Platform required to set this value to enable setting default secureboot variables.
gMsCorePkgTokenSpaceGuid.PcdDefaultPk |{ 0x0 }|VOID*|0x4000001D

## Pcd value representing the Db for a platform
# Empty by default. Platform required to set this value to enable setting default secureboot variables.
gMsCorePkgTokenSpaceGuid.PcdDefaultDb |{ 0x0 }|VOID*|0x4000001E

## Pcd value representing the 3PDb for a platform
# Empty by default. Platform required to set this value to enable setting default secureboot variables.
gMsCorePkgTokenSpaceGuid.PcdDefault3PDb | { 0x0 }|VOID*|0x4000001F

## Pcd value representing the Dbx for a platform
# Empty by default. Platform required to set this value to enable setting default secureboot variables.
gMsCorePkgTokenSpaceGuid.PcdDefaultDbx | { 0x0 }|VOID*|0x40000020

## Pcd value representing the Kek for a platform
# Empty by default. Platform required to set this value to enable setting default secureboot variables.
gMsCorePkgTokenSpaceGuid.PcdDefaultKek | { 0x0 }|VOID*|0x40000021

[PcdsDynamic, PcdsDynamicEx]
gMsCorePkgTokenSpaceGuid.PcdDeviceStateBitmask|0x00000000|UINT32|0x00010178

Expand Down
1 change: 1 addition & 0 deletions MsCorePkg/MsCorePkg.dsc
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@
MsCorePkg/Library/DxeIsCapsuleSupportedLib/DxeIsCapsuleSupportedLib.inf
MsCorePkg/Library/BaseIsCapsuleSupportedLibNull/BaseIsCapsuleSupportedLibNull.inf
MsCorePkg/Library/SecureBootKeyStoreLibNull/SecureBootKeyStoreLibNull.inf
MsCorePkg/Library/BaseSecureBootKeyStoreLib/BaseSecureBootKeyStoreLib.inf
MsCorePkg/Library/MuSecureBootKeySelectorLib/MuSecureBootKeySelectorLib.inf
MsCorePkg/HelloWorldRustDxe/HelloWorldRustDxe.inf

Expand Down