diff options
| author | kuqin <kuqin@microsoft.com> | 2022-04-15 13:38:11 -0700 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2022-07-07 01:07:00 +0000 |
| commit | 6de7c084dbb6d02f3b8cdb68dc4716df96c6758f (patch) | |
| tree | 98f705659b9da105c92db95852b6477308953ecc /SecurityPkg/Include | |
| parent | 56c717aafa037f8d1fa3ef8c7cf7f4de91c2575e (diff) | |
| download | edk2-6de7c084dbb6d02f3b8cdb68dc4716df96c6758f.tar.gz | |
SecurityPkg: SecureBootVariableLib: Updated signature list creator
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3910
This change removes the interface of SecureBootFetchData, and replaced
it with `SecureBootCreateDataFromInput`, which will require caller to
prepare available certificates in defined structures.
This improvement will eliminate the dependency of reading from FV,
extending the availability of this library instance.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Acked-by: Michael Kubacki <michael.kubacki@microsoft.com>
Diffstat (limited to 'SecurityPkg/Include')
| -rw-r--r-- | SecurityPkg/Include/Library/SecureBootVariableLib.h | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/SecurityPkg/Include/Library/SecureBootVariableLib.h b/SecurityPkg/Include/Library/SecureBootVariableLib.h index 9f2d41220b..24ff0df067 100644 --- a/SecurityPkg/Include/Library/SecureBootVariableLib.h +++ b/SecurityPkg/Include/Library/SecureBootVariableLib.h @@ -44,24 +44,29 @@ GetSetupMode ( );
/**
- Create a EFI Signature List with data fetched from section specified as a argument.
- Found keys are verified using RsaGetPublicKeyFromX509().
+ Create a EFI Signature List with data supplied from input argument.
+ The input certificates from KeyInfo parameter should be DER-encoded
+ format.
- @param[in] KeyFileGuid A pointer to to the FFS filename GUID
@param[out] SigListsSize A pointer to size of signature list
- @param[out] SigListsOut a pointer to a callee-allocated buffer with signature lists
+ @param[out] SigListOut A pointer to a callee-allocated buffer with signature lists
+ @param[in] KeyInfoCount The number of certificate pointer and size pairs inside KeyInfo.
+ @param[in] KeyInfo A pointer to all certificates, in the format of DER-encoded,
+ to be concatenated into signature lists.
- @retval EFI_SUCCESS Create time based payload successfully.
+ @retval EFI_SUCCESS Created signature list from payload successfully.
@retval EFI_NOT_FOUND Section with key has not been found.
- @retval EFI_INVALID_PARAMETER Embedded key has a wrong format.
+ @retval EFI_INVALID_PARAMETER Embedded key has a wrong format or input pointers are NULL.
@retval Others Unexpected error happens.
--*/
EFI_STATUS
-SecureBootFetchData (
- IN EFI_GUID *KeyFileGuid,
- OUT UINTN *SigListsSize,
- OUT EFI_SIGNATURE_LIST **SigListOut
+EFIAPI
+SecureBootCreateDataFromInput (
+ OUT UINTN *SigListsSize,
+ OUT EFI_SIGNATURE_LIST **SigListOut,
+ IN UINTN KeyInfoCount,
+ IN CONST SECURE_BOOT_CERTIFICATE_INFO *KeyInfo
);
/**
|