diff options
Diffstat (limited to 'src/include/ipxe/efi/Protocol')
70 files changed, 2173 insertions, 187 deletions
diff --git a/src/include/ipxe/efi/Protocol/AbsolutePointer.h b/src/include/ipxe/efi/Protocol/AbsolutePointer.h index 48810f90c..886d214a9 100644 --- a/src/include/ipxe/efi/Protocol/AbsolutePointer.h +++ b/src/include/ipxe/efi/Protocol/AbsolutePointer.h @@ -14,6 +14,7 @@ #define __ABSOLUTE_POINTER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ABSOLUTE_POINTER_PROTOCOL_GUID \ { 0x8D59D32B, 0xC655, 0x4AE9, { 0x9B, 0x15, 0xF2, 0x59, 0x04, 0x99, 0x2A, 0x43 } } diff --git a/src/include/ipxe/efi/Protocol/AcpiTable.h b/src/include/ipxe/efi/Protocol/AcpiTable.h index 27a9873c3..601e7b769 100644 --- a/src/include/ipxe/efi/Protocol/AcpiTable.h +++ b/src/include/ipxe/efi/Protocol/AcpiTable.h @@ -14,6 +14,7 @@ #define __ACPI_TABLE_H___ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ACPI_TABLE_PROTOCOL_GUID \ { 0xffe06bdd, 0x6107, 0x46a6, { 0x7b, 0xb2, 0x5a, 0x9c, 0x7e, 0xc5, 0x27, 0x5c }} diff --git a/src/include/ipxe/efi/Protocol/AdapterInformation.h b/src/include/ipxe/efi/Protocol/AdapterInformation.h new file mode 100644 index 000000000..b52288793 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/AdapterInformation.h @@ -0,0 +1,258 @@ +/** @file + EFI Adapter Information Protocol definition. + The EFI Adapter Information Protocol is used to dynamically and quickly discover + or set device information for an adapter. + + Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.4 + +**/ + +#ifndef __EFI_ADAPTER_INFORMATION_PROTOCOL_H__ +#define __EFI_ADAPTER_INFORMATION_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_ADAPTER_INFORMATION_PROTOCOL_GUID \ + { \ + 0xE5DD1403, 0xD622, 0xC24E, {0x84, 0x88, 0xC7, 0x1B, 0x17, 0xF5, 0xE8, 0x02 } \ + } + +#define EFI_ADAPTER_INFO_MEDIA_STATE_GUID \ + { \ + 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 } \ + } + +#define EFI_ADAPTER_INFO_NETWORK_BOOT_GUID \ + { \ + 0x1FBD2960, 0x4130, 0x41E5, {0x94, 0xAC, 0xD2, 0xCF, 0x03, 0x7F, 0xB3, 0x7C } \ + } + +#define EFI_ADAPTER_INFO_SAN_MAC_ADDRESS_GUID \ + { \ + 0x114da5ef, 0x2cf1, 0x4e12, {0x9b, 0xbb, 0xc4, 0x70, 0xb5, 0x52, 0x5, 0xd9 } \ + } + +#define EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT_GUID \ + { \ + 0x4bd56be3, 0x4975, 0x4d8a, {0xa0, 0xad, 0xc4, 0x91, 0x20, 0x4b, 0x5d, 0x4d} \ + } + +#define EFI_ADAPTER_INFO_MEDIA_TYPE_GUID \ + { \ + 0x8484472f, 0x71ec, 0x411a, { 0xb3, 0x9c, 0x62, 0xcd, 0x94, 0xd9, 0x91, 0x6e } \ + } + +typedef struct _EFI_ADAPTER_INFORMATION_PROTOCOL EFI_ADAPTER_INFORMATION_PROTOCOL; + +/// +/// EFI_ADAPTER_INFO_MEDIA_STATE +/// +typedef struct { + /// + /// Returns the current media state status. MediaState can have any of the following values: + /// EFI_SUCCESS: There is media attached to the network adapter. EFI_NOT_READY: This detects a bounced state. + /// There was media attached to the network adapter, but it was removed and reattached. EFI_NO_MEDIA: There is + /// not any media attached to the network. + /// + EFI_STATUS MediaState; +} EFI_ADAPTER_INFO_MEDIA_STATE; + +/// +/// EFI_ADAPTER_INFO_MEDIA_TYPE +/// +typedef struct { + /// + /// Indicates the current media type. MediaType can have any of the following values: + /// 1: Ethernet Network Adapter + /// 2: Ethernet Wireless Network Adapter + /// 3~255: Reserved + /// + UINT8 MediaType; +} EFI_ADAPTER_INFO_MEDIA_TYPE; + +/// +/// EFI_ADAPTER_INFO_NETWORK_BOOT +/// +typedef struct { + /// + /// TRUE if the adapter supports booting from iSCSI IPv4 targets. + /// + BOOLEAN iScsiIpv4BootCapablity; + /// + /// TRUE if the adapter supports booting from iSCSI IPv6 targets. + /// + BOOLEAN iScsiIpv6BootCapablity; + /// + /// TRUE if the adapter supports booting from FCoE targets. + /// + BOOLEAN FCoeBootCapablity; + /// + /// TRUE if the adapter supports an offload engine (such as TCP + /// Offload Engine (TOE)) for its iSCSI or FCoE boot operations. + /// + BOOLEAN OffloadCapability; + /// + /// TRUE if the adapter supports multipath I/O (MPIO) for its iSCSI + /// boot operations. + /// + BOOLEAN iScsiMpioCapability; + /// + /// TRUE if the adapter is currently configured to boot from iSCSI + /// IPv4 targets. + /// + BOOLEAN iScsiIpv4Boot; + /// + /// TRUE if the adapter is currently configured to boot from iSCSI + /// IPv6 targets. + /// + BOOLEAN iScsiIpv6Boot; + /// + /// TRUE if the adapter is currently configured to boot from FCoE targets. + /// + BOOLEAN FCoeBoot; +} EFI_ADAPTER_INFO_NETWORK_BOOT; + +/// +/// EFI_ADAPTER_INFO_SAN_MAC_ADDRESS +/// +typedef struct { + /// + /// Returns the SAN MAC address for the adapter.For adapters that support today's 802.3 ethernet + /// networking and Fibre-Channel Over Ethernet (FCOE), this conveys the FCOE SAN MAC address from the adapter. + /// + EFI_MAC_ADDRESS SanMacAddress; +} EFI_ADAPTER_INFO_SAN_MAC_ADDRESS; + +/// +/// EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT +/// +typedef struct { + /// + /// Returns capability of UNDI to support IPv6 traffic. + /// + BOOLEAN Ipv6Support; +} EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT; + +/** + Returns the current state information for the adapter. + + This function returns information of type InformationType from the adapter. + If an adapter does not support the requested informational type, then + EFI_UNSUPPORTED is returned. If an adapter does not contain Information for + the requested InformationType, it fills InformationBlockSize with 0 and + returns EFI_NOT_FOUND. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[in] InformationType A pointer to an EFI_GUID that defines the contents of InformationBlock. + @param[out] InforamtionBlock The service returns a pointer to the buffer with the InformationBlock + structure which contains details about the data specific to InformationType. + @param[out] InforamtionBlockSize The driver returns the size of the InformationBlock in bytes. + + @retval EFI_SUCCESS The InformationType information was retrieved. + @retval EFI_UNSUPPORTED The InformationType is not known. + @retval EFI_NOT_FOUND Information is not available for the requested information type. + @retval EFI_DEVICE_ERROR The device reported an error. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InformationBlock is NULL. + @retval EFI_INVALID_PARAMETER InformationBlockSize is NULL. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_GET_INFO)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + IN EFI_GUID *InformationType, + OUT VOID **InformationBlock, + OUT UINTN *InformationBlockSize + ); + +/** + Sets state information for an adapter. + + This function sends information of type InformationType for an adapter. + If an adapter does not support the requested information type, then EFI_UNSUPPORTED + is returned. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[in] InformationType A pointer to an EFI_GUID that defines the contents of InformationBlock. + @param[in] InforamtionBlock A pointer to the InformationBlock structure which contains details + about the data specific to InformationType. + @param[in] InforamtionBlockSize The size of the InformationBlock in bytes. + + @retval EFI_SUCCESS The information was received and interpreted successfully. + @retval EFI_UNSUPPORTED The InformationType is not known. + @retval EFI_DEVICE_ERROR The device reported an error. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InformationBlock is NULL. + @retval EFI_WRITE_PROTECTED The InformationType cannot be modified using EFI_ADAPTER_INFO_SET_INFO(). + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_SET_INFO)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + IN EFI_GUID *InformationType, + IN VOID *InformationBlock, + IN UINTN InformationBlockSize + ); + +/** + Get a list of supported information types for this instance of the protocol. + + This function returns a list of InformationType GUIDs that are supported on an + adapter with this instance of EFI_ADAPTER_INFORMATION_PROTOCOL. The list is returned + in InfoTypesBuffer, and the number of GUID pointers in InfoTypesBuffer is returned in + InfoTypesBufferCount. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[out] InfoTypesBuffer A pointer to the array of InformationType GUIDs that are supported + by This. + @param[out] InfoTypesBufferCount A pointer to the number of GUIDs present in InfoTypesBuffer. + + @retval EFI_SUCCESS The list of information type GUIDs that are supported on this adapter was + returned in InfoTypesBuffer. The number of information type GUIDs was + returned in InfoTypesBufferCount. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InfoTypesBuffer is NULL. + @retval EFI_INVALID_PARAMETER InfoTypesBufferCount is NULL. + @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the results. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_GET_SUPPORTED_TYPES)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + OUT EFI_GUID **InfoTypesBuffer, + OUT UINTN *InfoTypesBufferCount + ); + +/// +/// EFI_ADAPTER_INFORMATION_PROTOCOL +/// The protocol for adapter provides the following services. +/// - Gets device state information from adapter. +/// - Sets device information for adapter. +/// - Gets a list of supported information types for this instance of the protocol. +/// +struct _EFI_ADAPTER_INFORMATION_PROTOCOL { + EFI_ADAPTER_INFO_GET_INFO GetInformation; + EFI_ADAPTER_INFO_SET_INFO SetInformation; + EFI_ADAPTER_INFO_GET_SUPPORTED_TYPES GetSupportedTypes; +}; + +extern EFI_GUID gEfiAdapterInformationProtocolGuid; + +extern EFI_GUID gEfiAdapterInfoMediaStateGuid; + +extern EFI_GUID gEfiAdapterInfoNetworkBootGuid; + +extern EFI_GUID gEfiAdapterInfoSanMacAddressGuid; + +extern EFI_GUID gEfiAdapterInfoUndiIpv6SupportGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/AppleNetBoot.h b/src/include/ipxe/efi/Protocol/AppleNetBoot.h index 5946524fd..417730bc3 100644 --- a/src/include/ipxe/efi/Protocol/AppleNetBoot.h +++ b/src/include/ipxe/efi/Protocol/AppleNetBoot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_APPLE_NET_BOOT_PROTOCOL_GUID \ { 0x78ee99fb, 0x6a5e, 0x4186, \ diff --git a/src/include/ipxe/efi/Protocol/Arp.h b/src/include/ipxe/efi/Protocol/Arp.h index 0f60e3c4f..26dc89d59 100644 --- a/src/include/ipxe/efi/Protocol/Arp.h +++ b/src/include/ipxe/efi/Protocol/Arp.h @@ -19,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_ARP_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ARP_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/BlockIo.h b/src/include/ipxe/efi/Protocol/BlockIo.h index 5efaf6e90..c5614b1ef 100644 --- a/src/include/ipxe/efi/Protocol/BlockIo.h +++ b/src/include/ipxe/efi/Protocol/BlockIo.h @@ -13,6 +13,7 @@ #define __BLOCK_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_BLOCK_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/BlockIo2.h b/src/include/ipxe/efi/Protocol/BlockIo2.h index abc2f8a9b..b985b5dab 100644 --- a/src/include/ipxe/efi/Protocol/BlockIo2.h +++ b/src/include/ipxe/efi/Protocol/BlockIo2.h @@ -14,6 +14,7 @@ #define __BLOCK_IO2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/BlockIo.h> diff --git a/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h b/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h index 69d9b1dcf..a304f3bfa 100644 --- a/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h +++ b/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h @@ -15,6 +15,7 @@ #define _EFI_BUS_SPECIFIC_DRIVER_OVERRIDE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the Bus Specific Driver Override Protocol diff --git a/src/include/ipxe/efi/Protocol/ComponentName.h b/src/include/ipxe/efi/Protocol/ComponentName.h index cd7f4d0e3..89e2e19d2 100644 --- a/src/include/ipxe/efi/Protocol/ComponentName.h +++ b/src/include/ipxe/efi/Protocol/ComponentName.h @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_COMPONENT_NAME_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The global ID for the Component Name Protocol. diff --git a/src/include/ipxe/efi/Protocol/ComponentName2.h b/src/include/ipxe/efi/Protocol/ComponentName2.h index 886c9eb52..ad7818a46 100644 --- a/src/include/ipxe/efi/Protocol/ComponentName2.h +++ b/src/include/ipxe/efi/Protocol/ComponentName2.h @@ -12,6 +12,7 @@ #define __EFI_COMPONENT_NAME2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the Component Name Protocol diff --git a/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h b/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h index c96484ff9..cdff796a4 100644 --- a/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h +++ b/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h @@ -26,6 +26,7 @@ Abstract: #define __CONSOLE_CONTROL_H__ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_CONSOLE_CONTROL_PROTOCOL_GUID \ { 0xf42f7782, 0x12e, 0x4c12, {0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21} } diff --git a/src/include/ipxe/efi/Protocol/DebugSupport.h b/src/include/ipxe/efi/Protocol/DebugSupport.h index 8f930e335..e97b4c7f1 100644 --- a/src/include/ipxe/efi/Protocol/DebugSupport.h +++ b/src/include/ipxe/efi/Protocol/DebugSupport.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __DEBUG_SUPPORT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/PeImage.h> @@ -682,23 +683,23 @@ typedef struct { UINT32 STVAL; } EFI_SYSTEM_CONTEXT_RISCV64; -// -// LoongArch processor exception types. -// -// The exception types is located in the CSR ESTAT -// register offset 16 bits, width 6 bits. -// -// If you want to register an exception hook, you can -// shfit the number left by 16 bits, and the exception -// handler will know the types. -// -// For example: -// mCpu->CpuRegisterInterruptHandler ( -// mCpu, -// (EXCEPT_LOONGARCH_PPI << CSR_ESTAT_EXC_SHIFT), -// PpiExceptionHandler -// ); -// +/// +/// LoongArch processor exception types. +/// +/// The exception types is located in the CSR ESTAT +/// register offset 16 bits, width 6 bits. +/// +/// If you want to register an exception hook, you can +/// shfit the number left by 16 bits, and the exception +/// handler will know the types. +/// +/// For example: +/// mCpu->CpuRegisterInterruptHandler ( +/// mCpu, +/// (EXCEPT_LOONGARCH_PPI << CSR_ESTAT_EXC_SHIFT), +/// PpiExceptionHandler +/// ); +/// #define EXCEPT_LOONGARCH_INT 0 #define EXCEPT_LOONGARCH_PIL 1 #define EXCEPT_LOONGARCH_PIS 2 @@ -718,11 +719,22 @@ typedef struct { #define EXCEPT_LOONGARCH_SXD 16 #define EXCEPT_LOONGARCH_ASXD 17 #define EXCEPT_LOONGARCH_FPE 18 -#define EXCEPT_LOONGARCH_TBR 64 // For code only, there is no such type in the ISA spec, the TLB refill is defined for an independent exception. +#define EXCEPT_LOONGARCH_WPE 19 +#define EXCEPT_LOONGARCH_BTD 20 +#define EXCEPT_LOONGARCH_BTE 21 +#define EXCEPT_LOONGARCH_GSPR 22 +#define EXCEPT_LOONGARCH_HVC 23 +#define EXCEPT_LOONGARCH_GCXC 24 -// -// LoongArch processor Interrupt types. -// +/// +/// For coding convenience, define the maximum valid +/// LoongArch exception. +/// +#define MAX_LOONGARCH_EXCEPTION 64 + +/// +/// LoongArch processor Interrupt types. +/// #define EXCEPT_LOONGARCH_INT_SIP0 0 #define EXCEPT_LOONGARCH_INT_SIP1 1 #define EXCEPT_LOONGARCH_INT_IP0 2 @@ -737,11 +749,11 @@ typedef struct { #define EXCEPT_LOONGARCH_INT_TIMER 11 #define EXCEPT_LOONGARCH_INT_IPI 12 -// -// For coding convenience, define the maximum valid -// LoongArch interrupt. -// -#define MAX_LOONGARCH_INTERRUPT 14 +/// +/// For coding convenience, define the maximum valid +/// LoongArch interrupt. +/// +#define MAX_LOONGARCH_INTERRUPT 16 typedef struct { UINT64 R0; @@ -840,7 +852,6 @@ typedef enum { IsaX64 = IMAGE_FILE_MACHINE_X64, ///< 0x8664 IsaIpf = IMAGE_FILE_MACHINE_IA64, ///< 0x0200 IsaEbc = IMAGE_FILE_MACHINE_EBC, ///< 0x0EBC - IsaArm = IMAGE_FILE_MACHINE_ARMTHUMB_MIXED, ///< 0x01c2 IsaAArch64 = IMAGE_FILE_MACHINE_ARM64 ///< 0xAA64 } EFI_INSTRUCTION_SET_ARCHITECTURE; diff --git a/src/include/ipxe/efi/Protocol/DevicePath.h b/src/include/ipxe/efi/Protocol/DevicePath.h index 3256d5594..fd7a0ea27 100644 --- a/src/include/ipxe/efi/Protocol/DevicePath.h +++ b/src/include/ipxe/efi/Protocol/DevicePath.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DEVICE_PATH_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/PcAnsi.h> #include <ipxe/efi/IndustryStandard/Bluetooth.h> @@ -840,6 +841,26 @@ typedef struct { } NVME_NAMESPACE_DEVICE_PATH; /// +/// NVMe over Fabric (NVMe-oF) Namespace Device Path SubType. +/// +#define MSG_NVME_OF_NAMESPACE_DP 0x22 +typedef struct { + EFI_DEVICE_PATH_PROTOCOL Header; + /// + /// Namespace Identifier Type (NIDT) + /// + UINT8 NamespaceIdType; + /// + /// Namespace Identifier (NID) + /// + UINT8 NamespaceId[16]; + /// + /// Unique identifier of an NVM subsystem + /// + CHAR8 SubsystemNqn[]; +} NVME_OF_NAMESPACE_DEVICE_PATH; + +/// /// DNS Device Path SubType /// #define MSG_DNS_DP 0x1F @@ -1289,6 +1310,7 @@ typedef union { SAS_DEVICE_PATH Sas; SASEX_DEVICE_PATH SasEx; NVME_NAMESPACE_DEVICE_PATH NvmeNamespace; + NVME_OF_NAMESPACE_DEVICE_PATH NvmeOfNamespace; DNS_DEVICE_PATH Dns; URI_DEVICE_PATH Uri; BLUETOOTH_DEVICE_PATH Bluetooth; @@ -1345,6 +1367,7 @@ typedef union { SAS_DEVICE_PATH *Sas; SASEX_DEVICE_PATH *SasEx; NVME_NAMESPACE_DEVICE_PATH *NvmeNamespace; + NVME_OF_NAMESPACE_DEVICE_PATH *NvmeOfNamespace; DNS_DEVICE_PATH *Dns; URI_DEVICE_PATH *Uri; BLUETOOTH_DEVICE_PATH *Bluetooth; diff --git a/src/include/ipxe/efi/Protocol/DevicePathToText.h b/src/include/ipxe/efi/Protocol/DevicePathToText.h index 2f591b9a2..fc68a7686 100644 --- a/src/include/ipxe/efi/Protocol/DevicePathToText.h +++ b/src/include/ipxe/efi/Protocol/DevicePathToText.h @@ -11,6 +11,7 @@ #define __DEVICE_PATH_TO_TEXT_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Device Path To Text protocol diff --git a/src/include/ipxe/efi/Protocol/Dhcp4.h b/src/include/ipxe/efi/Protocol/Dhcp4.h index 1e7e27b11..c0a365c17 100644 --- a/src/include/ipxe/efi/Protocol/Dhcp4.h +++ b/src/include/ipxe/efi/Protocol/Dhcp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DHCP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DHCP4_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dhcp6.h b/src/include/ipxe/efi/Protocol/Dhcp6.h index 19f59086c..5a3e6148e 100644 --- a/src/include/ipxe/efi/Protocol/Dhcp6.h +++ b/src/include/ipxe/efi/Protocol/Dhcp6.h @@ -14,6 +14,7 @@ #define __EFI_DHCP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DHCP6_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/DiskIo.h b/src/include/ipxe/efi/Protocol/DiskIo.h index c5ce5d339..7a81ad5ad 100644 --- a/src/include/ipxe/efi/Protocol/DiskIo.h +++ b/src/include/ipxe/efi/Protocol/DiskIo.h @@ -14,6 +14,7 @@ #define __DISK_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DISK_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dns4.h b/src/include/ipxe/efi/Protocol/Dns4.h index 0ab07e519..36e9757a3 100644 --- a/src/include/ipxe/efi/Protocol/Dns4.h +++ b/src/include/ipxe/efi/Protocol/Dns4.h @@ -16,6 +16,7 @@ #define __EFI_DNS4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DNS4_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dns6.h b/src/include/ipxe/efi/Protocol/Dns6.h index 3b88c88eb..524988c5f 100644 --- a/src/include/ipxe/efi/Protocol/Dns6.h +++ b/src/include/ipxe/efi/Protocol/Dns6.h @@ -16,6 +16,7 @@ #define __EFI_DNS6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DNS6_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/DriverBinding.h b/src/include/ipxe/efi/Protocol/DriverBinding.h index 3c2027506..903545b98 100644 --- a/src/include/ipxe/efi/Protocol/DriverBinding.h +++ b/src/include/ipxe/efi/Protocol/DriverBinding.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DRIVER_BINDING_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The global ID for the ControllerHandle Driver Protocol. diff --git a/src/include/ipxe/efi/Protocol/EapConfiguration.h b/src/include/ipxe/efi/Protocol/EapConfiguration.h new file mode 100644 index 000000000..980873945 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/EapConfiguration.h @@ -0,0 +1,156 @@ +/** @file + This file defines the EFI EAP Configuration protocol. + + Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.5 + +**/ + +#ifndef __EFI_EAP_CONFIGURATION_PROTOCOL_H__ +#define __EFI_EAP_CONFIGURATION_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +/// +/// EFI EAP Configuration protocol provides a way to set and get EAP configuration. +/// +#define EFI_EAP_CONFIGURATION_PROTOCOL_GUID \ + { \ + 0xe5b58dbb, 0x7688, 0x44b4, {0x97, 0xbf, 0x5f, 0x1d, 0x4b, 0x7c, 0xc8, 0xdb } \ + } + +typedef struct _EFI_EAP_CONFIGURATION_PROTOCOL EFI_EAP_CONFIGURATION_PROTOCOL; + +/// +/// Make sure it not conflict with any real EapTypeXXX +/// +#define EFI_EAP_TYPE_ATTRIBUTE 0 + +typedef enum { + /// + /// EFI_EAP_TYPE_ATTRIBUTE + /// + EfiEapConfigEapAuthMethod, + EfiEapConfigEapSupportedAuthMethod, + /// + /// EapTypeIdentity + /// + EfiEapConfigIdentityString, + /// + /// EapTypeEAPTLS/EapTypePEAP + /// + EfiEapConfigEapTlsCACert, + EfiEapConfigEapTlsClientCert, + EfiEapConfigEapTlsClientPrivateKeyFile, + EfiEapConfigEapTlsClientPrivateKeyFilePassword, // ASCII format, Volatile + EfiEapConfigEapTlsCipherSuite, + EfiEapConfigEapTlsSupportedCipherSuite, + /// + /// EapTypeMSChapV2 + /// + EfiEapConfigEapMSChapV2Password, // UNICODE format, Volatile + /// + /// EapTypePEAP + /// + EfiEapConfigEap2ndAuthMethod, + /// + /// More... + /// +} EFI_EAP_CONFIG_DATA_TYPE; + +/// +/// EFI_EAP_TYPE +/// +typedef UINT8 EFI_EAP_TYPE; +#define EFI_EAP_TYPE_ATTRIBUTE 0 +#define EFI_EAP_TYPE_IDENTITY 1 +#define EFI_EAP_TYPE_NOTIFICATION 2 +#define EFI_EAP_TYPE_NAK 3 +#define EFI_EAP_TYPE_MD5CHALLENGE 4 +#define EFI_EAP_TYPE_OTP 5 +#define EFI_EAP_TYPE_GTC 6 +#define EFI_EAP_TYPE_EAPTLS 13 +#define EFI_EAP_TYPE_EAPSIM 18 +#define EFI_EAP_TYPE_TTLS 21 +#define EFI_EAP_TYPE_PEAP 25 +#define EFI_EAP_TYPE_MSCHAPV2 26 +#define EFI_EAP_TYPE_EAP_EXTENSION 33 + +/** + Set EAP configuration data. + + The SetData() function sets EAP configuration to non-volatile storage or volatile + storage. + + @param[in] This Pointer to the EFI_EAP_CONFIGURATION_PROTOCOL instance. + @param[in] EapType EAP type. + @param[in] DataType Configuration data type. + @param[in] Data Pointer to configuration data. + @param[in] DataSize Total size of configuration data. + + @retval EFI_SUCCESS The EAP configuration data is set successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The EapType or DataType is unsupported. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_EAP_CONFIGURATION_SET_DATA)( + IN EFI_EAP_CONFIGURATION_PROTOCOL *This, + IN EFI_EAP_TYPE EapType, + IN EFI_EAP_CONFIG_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get EAP configuration data. + + The GetData() function gets EAP configuration. + + @param[in] This Pointer to the EFI_EAP_CONFIGURATION_PROTOCOL instance. + @param[in] EapType EAP type. + @param[in] DataType Configuration data type. + @param[in, out] Data Pointer to configuration data. + @param[in, out] DataSize Total size of configuration data. On input, it means + the size of Data buffer. On output, it means the size + of copied Data buffer if EFI_SUCCESS, and means the + size of desired Data buffer if EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The EAP configuration data is got successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + Data is NULL. + DataSize is NULL. + @retval EFI_UNSUPPORTED The EapType or DataType is unsupported. + @retval EFI_NOT_FOUND The EAP configuration data is not found. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the buffer. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_EAP_CONFIGURATION_GET_DATA)( + IN EFI_EAP_CONFIGURATION_PROTOCOL *This, + IN EFI_EAP_TYPE EapType, + IN EFI_EAP_CONFIG_DATA_TYPE DataType, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ); + +/// +/// The EFI_EAP_CONFIGURATION_PROTOCOL +/// is designed to provide a way to set and get EAP configuration, such as Certificate, +/// private key file. +/// +struct _EFI_EAP_CONFIGURATION_PROTOCOL { + EFI_EAP_CONFIGURATION_SET_DATA SetData; + EFI_EAP_CONFIGURATION_GET_DATA GetData; +}; + +extern EFI_GUID gEfiEapConfigurationProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/FormBrowser2.h b/src/include/ipxe/efi/Protocol/FormBrowser2.h index 5e6f940b8..7f726757b 100644 --- a/src/include/ipxe/efi/Protocol/FormBrowser2.h +++ b/src/include/ipxe/efi/Protocol/FormBrowser2.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_FORM_BROWSER2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/HiiPlatformSetupFormset.h> diff --git a/src/include/ipxe/efi/Protocol/GraphicsOutput.h b/src/include/ipxe/efi/Protocol/GraphicsOutput.h index b89315c7d..1e822c208 100644 --- a/src/include/ipxe/efi/Protocol/GraphicsOutput.h +++ b/src/include/ipxe/efi/Protocol/GraphicsOutput.h @@ -12,6 +12,7 @@ #define __GRAPHICS_OUTPUT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Hash.h b/src/include/ipxe/efi/Protocol/Hash.h new file mode 100644 index 000000000..aabbc3026 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Hash.h @@ -0,0 +1,172 @@ +/** @file + EFI_HASH_SERVICE_BINDING_PROTOCOL as defined in UEFI 2.0. + EFI_HASH_PROTOCOL as defined in UEFI 2.0. + The EFI Hash Service Binding Protocol is used to locate hashing services support + provided by a driver and to create and destroy instances of the EFI Hash Protocol + so that a multiple drivers can use the underlying hashing services. + +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __EFI_HASH_PROTOCOL_H__ +#define __EFI_HASH_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_HASH_SERVICE_BINDING_PROTOCOL_GUID \ + { \ + 0x42881c98, 0xa4f3, 0x44b0, {0xa3, 0x9d, 0xdf, 0xa1, 0x86, 0x67, 0xd8, 0xcd } \ + } + +#define EFI_HASH_PROTOCOL_GUID \ + { \ + 0xc5184932, 0xdba5, 0x46db, {0xa5, 0xba, 0xcc, 0x0b, 0xda, 0x9c, 0x14, 0x35 } \ + } + +#define EFI_HASH_ALGORITHM_SHA1_GUID \ + { \ + 0x2ae9d80f, 0x3fb2, 0x4095, {0xb7, 0xb1, 0xe9, 0x31, 0x57, 0xb9, 0x46, 0xb6 } \ + } + +#define EFI_HASH_ALGORITHM_SHA224_GUID \ + { \ + 0x8df01a06, 0x9bd5, 0x4bf7, {0xb0, 0x21, 0xdb, 0x4f, 0xd9, 0xcc, 0xf4, 0x5b } \ + } + +#define EFI_HASH_ALGORITHM_SHA256_GUID \ + { \ + 0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \ + } + +#define EFI_HASH_ALGORITHM_SHA384_GUID \ + { \ + 0xefa96432, 0xde33, 0x4dd2, {0xae, 0xe6, 0x32, 0x8c, 0x33, 0xdf, 0x77, 0x7a } \ + } + +#define EFI_HASH_ALGORITHM_SHA512_GUID \ + { \ + 0xcaa4381e, 0x750c, 0x4770, {0xb8, 0x70, 0x7a, 0x23, 0xb4, 0xe4, 0x21, 0x30 } \ + } + +#define EFI_HASH_ALGORTIHM_MD5_GUID \ + { \ + 0xaf7c79c, 0x65b5, 0x4319, {0xb0, 0xae, 0x44, 0xec, 0x48, 0x4e, 0x4a, 0xd7 } \ + } + +#define EFI_HASH_ALGORITHM_SHA1_NOPAD_GUID \ + { \ + 0x24c5dc2f, 0x53e2, 0x40ca, {0x9e, 0xd6, 0xa5, 0xd9, 0xa4, 0x9f, 0x46, 0x3b } \ + } + +#define EFI_HASH_ALGORITHM_SHA256_NOPAD_GUID \ + { \ + 0x8628752a, 0x6cb7, 0x4814, {0x96, 0xfc, 0x24, 0xa8, 0x15, 0xac, 0x22, 0x26 } \ + } + +// +// Note: Use of the following algorithms with EFI_HASH_PROTOCOL is deprecated. +// EFI_HASH_ALGORITHM_SHA1_GUID +// EFI_HASH_ALGORITHM_SHA224_GUID +// EFI_HASH_ALGORITHM_SHA256_GUID +// EFI_HASH_ALGORITHM_SHA384_GUID +// EFI_HASH_ALGORITHM_SHA512_GUID +// EFI_HASH_ALGORTIHM_MD5_GUID +// + +typedef struct _EFI_HASH_PROTOCOL EFI_HASH_PROTOCOL; + +typedef UINT8 EFI_MD5_HASH[16]; +typedef UINT8 EFI_SHA1_HASH[20]; +typedef UINT8 EFI_SHA224_HASH[28]; +typedef UINT8 EFI_SHA256_HASH[32]; +typedef UINT8 EFI_SHA384_HASH[48]; +typedef UINT8 EFI_SHA512_HASH[64]; + +typedef union { + EFI_MD5_HASH *Md5Hash; + EFI_SHA1_HASH *Sha1Hash; + EFI_SHA224_HASH *Sha224Hash; + EFI_SHA256_HASH *Sha256Hash; + EFI_SHA384_HASH *Sha384Hash; + EFI_SHA512_HASH *Sha512Hash; +} EFI_HASH_OUTPUT; + +/** + Returns the size of the hash which results from a specific algorithm. + + @param[in] This Points to this instance of EFI_HASH_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[out] HashSize Holds the returned size of the algorithm's hash. + + @retval EFI_SUCCESS Hash size returned successfully. + @retval EFI_INVALID_PARAMETER HashSize is NULL or HashAlgorithm is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported + by this driver. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_HASH_GET_HASH_SIZE)( + IN CONST EFI_HASH_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + OUT UINTN *HashSize + ); + +/** + Creates a hash for the specified message text. + + @param[in] This Points to this instance of EFI_HASH_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[in] Extend Specifies whether to create a new hash (FALSE) or extend the specified + existing hash (TRUE). + @param[in] Message Points to the start of the message. + @param[in] MessageSize The size of Message, in bytes. + @param[in,out] Hash On input, if Extend is TRUE, then this parameter holds a pointer + to a pointer to an array containing the hash to extend. If Extend + is FALSE, then this parameter holds a pointer to a pointer to a + caller-allocated array that will receive the result of the hash + computation. On output (regardless of the value of Extend), the + array will contain the result of the hash computation. + + @retval EFI_SUCCESS Hash returned successfully. + @retval EFI_INVALID_PARAMETER Message or Hash, HashAlgorithm is NULL or MessageSize is 0. + MessageSize is not an integer multiple of block size. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this + driver. Or, Extend is TRUE, and the algorithm doesn't support extending the hash. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_HASH_HASH)( + IN CONST EFI_HASH_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + IN BOOLEAN Extend, + IN CONST UINT8 *Message, + IN UINT64 MessageSize, + IN OUT EFI_HASH_OUTPUT *Hash + ); + +/// +/// This protocol allows creating a hash of an arbitrary message digest +/// using one or more hash algorithms. +/// +struct _EFI_HASH_PROTOCOL { + EFI_HASH_GET_HASH_SIZE GetHashSize; + EFI_HASH_HASH Hash; +}; + +extern EFI_GUID gEfiHashServiceBindingProtocolGuid; +extern EFI_GUID gEfiHashProtocolGuid; +extern EFI_GUID gEfiHashAlgorithmSha1Guid; +extern EFI_GUID gEfiHashAlgorithmSha224Guid; +extern EFI_GUID gEfiHashAlgorithmSha256Guid; +extern EFI_GUID gEfiHashAlgorithmSha384Guid; +extern EFI_GUID gEfiHashAlgorithmSha512Guid; +extern EFI_GUID gEfiHashAlgorithmMD5Guid; +extern EFI_GUID gEfiHashAlgorithmSha1NoPadGuid; +extern EFI_GUID gEfiHashAlgorithmSha256NoPadGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/HiiConfigAccess.h b/src/include/ipxe/efi/Protocol/HiiConfigAccess.h index aaa51a31b..e48a48335 100644 --- a/src/include/ipxe/efi/Protocol/HiiConfigAccess.h +++ b/src/include/ipxe/efi/Protocol/HiiConfigAccess.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_HII_CONFIG_ACCESS_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/FormBrowser2.h> diff --git a/src/include/ipxe/efi/Protocol/HiiDatabase.h b/src/include/ipxe/efi/Protocol/HiiDatabase.h index d077b1167..4338319d1 100644 --- a/src/include/ipxe/efi/Protocol/HiiDatabase.h +++ b/src/include/ipxe/efi/Protocol/HiiDatabase.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_DATABASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HII_DATABASE_PROTOCOL_GUID \ { 0xef9fc172, 0xa1b2, 0x4693, { 0xb3, 0x27, 0x6d, 0x32, 0xfc, 0x41, 0x60, 0x42 } } diff --git a/src/include/ipxe/efi/Protocol/HiiFont.h b/src/include/ipxe/efi/Protocol/HiiFont.h index 248f13ea5..6d6f88514 100644 --- a/src/include/ipxe/efi/Protocol/HiiFont.h +++ b/src/include/ipxe/efi/Protocol/HiiFont.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_FONT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/GraphicsOutput.h> #include <ipxe/efi/Protocol/HiiImage.h> diff --git a/src/include/ipxe/efi/Protocol/HiiImage.h b/src/include/ipxe/efi/Protocol/HiiImage.h index 20fd72578..f40c00eb7 100644 --- a/src/include/ipxe/efi/Protocol/HiiImage.h +++ b/src/include/ipxe/efi/Protocol/HiiImage.h @@ -13,6 +13,7 @@ #define __HII_IMAGE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/GraphicsOutput.h> diff --git a/src/include/ipxe/efi/Protocol/Http.h b/src/include/ipxe/efi/Protocol/Http.h index d30a5aa46..84eb20600 100644 --- a/src/include/ipxe/efi/Protocol/Http.h +++ b/src/include/ipxe/efi/Protocol/Http.h @@ -17,6 +17,7 @@ #define __EFI_HTTP_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID \ { \ @@ -100,7 +101,8 @@ typedef enum { HTTP_STATUS_503_SERVICE_UNAVAILABLE, HTTP_STATUS_504_GATEWAY_TIME_OUT, HTTP_STATUS_505_HTTP_VERSION_NOT_SUPPORTED, - HTTP_STATUS_308_PERMANENT_REDIRECT + HTTP_STATUS_308_PERMANENT_REDIRECT, + HTTP_STATUS_429_TOO_MANY_REQUESTS } EFI_HTTP_STATUS_CODE; /// @@ -190,12 +192,27 @@ typedef struct { /// The URI of a remote host. From the information in this field, the HTTP instance /// will be able to determine whether to use HTTP or HTTPS and will also be able to /// determine the port number to use. If no port number is specified, port 80 (HTTP) - /// is assumed. See RFC 3986 for more details on URI syntax. + /// or 443 (HTTPS) is assumed. See RFC 3986 for more details on URI syntax. /// CHAR16 *Url; } EFI_HTTP_REQUEST_DATA; /// +/// EFI_HTTP_CONNECT_REQUEST_DATA +/// +typedef struct { + EFI_HTTP_REQUEST_DATA Base; + /// + /// The URI of an Proxy Host. This field will be NULL if there is no Proxy Host + /// in the device path. From the information in this field, the HTTP instance will + /// be able to determine whether to use HTTP or HTTPS and will also be able to + /// determine the port number to use. If no port number is specified, port 80 (HTTP) + /// or 443 (HTTPS) is assumed. See RFC 3986 for more details on URI syntax. + /// + CHAR16 *ProxyUrl; +} EFI_HTTP_CONNECT_REQUEST_DATA; + +/// /// EFI_HTTP_RESPONSE_DATA /// typedef struct { diff --git a/src/include/ipxe/efi/Protocol/Ip4.h b/src/include/ipxe/efi/Protocol/Ip4.h index 0455c7b2f..f45465860 100644 --- a/src/include/ipxe/efi/Protocol/Ip4.h +++ b/src/include/ipxe/efi/Protocol/Ip4.h @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/Ip4Config.h b/src/include/ipxe/efi/Protocol/Ip4Config.h index ff47fd2b7..45d395ca8 100644 --- a/src/include/ipxe/efi/Protocol/Ip4Config.h +++ b/src/include/ipxe/efi/Protocol/Ip4Config.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_IP4CONFIG_H +#define _IPXE_EFI_IP4CONFIG_H + /** @file This file provides a definition of the EFI IPv4 Configuration Protocol. @@ -14,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP4CONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> @@ -176,3 +180,5 @@ struct _EFI_IP4_CONFIG_PROTOCOL { extern EFI_GUID gEfiIp4ConfigProtocolGuid; #endif + +#endif /* _IPXE_EFI_IP4CONFIG_H */ diff --git a/src/include/ipxe/efi/Protocol/Ip4Config2.h b/src/include/ipxe/efi/Protocol/Ip4Config2.h index ca091dea5..362387179 100644 --- a/src/include/ipxe/efi/Protocol/Ip4Config2.h +++ b/src/include/ipxe/efi/Protocol/Ip4Config2.h @@ -14,6 +14,7 @@ This Protocol is introduced in UEFI Specification 2.5 #define __EFI_IP4CONFIG2_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> diff --git a/src/include/ipxe/efi/Protocol/Ip6.h b/src/include/ipxe/efi/Protocol/Ip6.h index c70df1906..2d19b806a 100644 --- a/src/include/ipxe/efi/Protocol/Ip6.h +++ b/src/include/ipxe/efi/Protocol/Ip6.h @@ -22,6 +22,7 @@ #define __EFI_IP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/Ip6Config.h b/src/include/ipxe/efi/Protocol/Ip6Config.h index 5665e93b9..75c5adbb0 100644 --- a/src/include/ipxe/efi/Protocol/Ip6Config.h +++ b/src/include/ipxe/efi/Protocol/Ip6Config.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP6CONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/LoadFile.h b/src/include/ipxe/efi/Protocol/LoadFile.h index 034b22b55..47e164600 100644 --- a/src/include/ipxe/efi/Protocol/LoadFile.h +++ b/src/include/ipxe/efi/Protocol/LoadFile.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_LOAD_FILE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOAD_FILE_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/LoadFile2.h b/src/include/ipxe/efi/Protocol/LoadFile2.h index 2cb155dda..409e411cf 100644 --- a/src/include/ipxe/efi/Protocol/LoadFile2.h +++ b/src/include/ipxe/efi/Protocol/LoadFile2.h @@ -16,6 +16,7 @@ #define __EFI_LOAD_FILE2_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOAD_FILE2_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/LoadedImage.h b/src/include/ipxe/efi/Protocol/LoadedImage.h index db331b88f..401f464fa 100755 --- a/src/include/ipxe/efi/Protocol/LoadedImage.h +++ b/src/include/ipxe/efi/Protocol/LoadedImage.h @@ -13,6 +13,7 @@ #define __LOADED_IMAGE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOADED_IMAGE_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/ManagedNetwork.h b/src/include/ipxe/efi/Protocol/ManagedNetwork.h index 44a27ed1f..60e7e9ae8 100644 --- a/src/include/ipxe/efi/Protocol/ManagedNetwork.h +++ b/src/include/ipxe/efi/Protocol/ManagedNetwork.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_MANAGED_NETWORK_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/SimpleNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/MpService.h b/src/include/ipxe/efi/Protocol/MpService.h index cd1bb27fe..1a1874662 100644 --- a/src/include/ipxe/efi/Protocol/MpService.h +++ b/src/include/ipxe/efi/Protocol/MpService.h @@ -40,6 +40,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _MP_SERVICE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the EFI_MP_SERVICES_PROTOCOL. diff --git a/src/include/ipxe/efi/Protocol/Mtftp4.h b/src/include/ipxe/efi/Protocol/Mtftp4.h index 4890c8ab2..5e50fcc9f 100644 --- a/src/include/ipxe/efi/Protocol/Mtftp4.h +++ b/src/include/ipxe/efi/Protocol/Mtftp4.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_MTFTP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_MTFTP4_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Mtftp6.h b/src/include/ipxe/efi/Protocol/Mtftp6.h index b08af87e1..5a6d640e5 100644 --- a/src/include/ipxe/efi/Protocol/Mtftp6.h +++ b/src/include/ipxe/efi/Protocol/Mtftp6.h @@ -17,6 +17,7 @@ #define __EFI_MTFTP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_MTFTP6_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h b/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h index 1ce13f273..5a0a82071 100644 --- a/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h +++ b/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_NETWORK_INTERFACE_IDENTIFER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // GUID retired from UEFI Specification 2.1b diff --git a/src/include/ipxe/efi/Protocol/PciIo.h b/src/include/ipxe/efi/Protocol/PciIo.h index c733925d5..3c2582cab 100644 --- a/src/include/ipxe/efi/Protocol/PciIo.h +++ b/src/include/ipxe/efi/Protocol/PciIo.h @@ -11,6 +11,7 @@ #define __PCI_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the PCI I/O Protocol diff --git a/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h b/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h index b6a478027..674e864d1 100644 --- a/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h +++ b/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h @@ -14,6 +14,7 @@ #define __PCI_ROOT_BRIDGE_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Library/BaseLib.h> diff --git a/src/include/ipxe/efi/Protocol/PxeBaseCode.h b/src/include/ipxe/efi/Protocol/PxeBaseCode.h index 20efd7280..5db934370 100644 --- a/src/include/ipxe/efi/Protocol/PxeBaseCode.h +++ b/src/include/ipxe/efi/Protocol/PxeBaseCode.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PXE_BASE_CODE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// PXE Base Code protocol. @@ -36,7 +37,7 @@ typedef EFI_PXE_BASE_CODE_PROTOCOL EFI_PXE_BASE_CODE; /// /// Default IP TTL and ToS. /// -#define DEFAULT_TTL 16 +#define DEFAULT_TTL 64 #define DEFAULT_ToS 0 /// @@ -155,8 +156,6 @@ typedef UINT16 EFI_PXE_BASE_CODE_UDP_PORT; #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0006 #elif defined (MDE_CPU_X64) #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0007 -#elif defined (MDE_CPU_ARM) -#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000A #elif defined (MDE_CPU_AARCH64) #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000B #elif defined (MDE_CPU_RISCV64) diff --git a/src/include/ipxe/efi/Protocol/Rng.h b/src/include/ipxe/efi/Protocol/Rng.h index 92d648bee..e4ad3d716 100644 --- a/src/include/ipxe/efi/Protocol/Rng.h +++ b/src/include/ipxe/efi/Protocol/Rng.h @@ -8,10 +8,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ -#ifndef __EFI_RNG_PROTOCOL_H__ -#define __EFI_RNG_PROTOCOL_H__ +#ifndef EFI_RNG_PROTOCOL_H_ +#define EFI_RNG_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Guid/Rng.h> /// /// Global ID for the Random Number Generator Protocol @@ -21,142 +24,8 @@ FILE_LICENCE ( BSD2_PATENT ); 0x3152bca5, 0xeade, 0x433d, {0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ } -typedef struct _EFI_RNG_PROTOCOL EFI_RNG_PROTOCOL; - -/// -/// A selection of EFI_RNG_PROTOCOL algorithms. -/// The algorithms listed are optional, not meant to be exhaustive and be argmented by -/// vendors or other industry standards. -/// - -typedef EFI_GUID EFI_RNG_ALGORITHM; - -/// -/// The algorithms corresponds to SP800-90 as defined in -/// NIST SP 800-90, "Recommendation for Random Number Generation Using Deterministic Random -/// Bit Generators", March 2007. -/// -#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \ - { \ - 0xa7af67cb, 0x603b, 0x4d42, {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96 } \ - } -#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \ - { \ - 0xc5149b43, 0xae85, 0x4f53, {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7 } \ - } -#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \ - { \ - 0x44f0de6e, 0x4d8c, 0x4045, {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e } \ - } -/// -/// The algorithms correspond to X9.31 as defined in -/// NIST, "Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using -/// the 3-Key Triple DES and AES Algorithm", January 2005. -/// -#define EFI_RNG_ALGORITHM_X9_31_3DES_GUID \ - { \ - 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 } \ - } -#define EFI_RNG_ALGORITHM_X9_31_AES_GUID \ - { \ - 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 } \ - } -/// -/// The "raw" algorithm, when supported, is intended to provide entropy directly from -/// the source, without it going through some deterministic random bit generator. -/// -#define EFI_RNG_ALGORITHM_RAW \ - { \ - 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \ - } -/// -/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant -/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be -/// inclusive of different geographies. -/// -#define EFI_RNG_ALGORITHM_ARM_RNDR \ - { \ - 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \ - } - -/** - Returns information about the random number generation implementation. - - @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. - @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. - On output with a return code of EFI_SUCCESS, the size - in bytes of the data returned in RNGAlgorithmList. On output - with a return code of EFI_BUFFER_TOO_SMALL, - the size of RNGAlgorithmList required to obtain the list. - @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver - with one EFI_RNG_ALGORITHM element for each supported - RNG algorithm. The list must not change across multiple - calls to the same driver. The first algorithm in the list - is the default algorithm for the driver. - - @retval EFI_SUCCESS The RNG algorithm list was returned successfully. - @retval EFI_UNSUPPORTED The services is not supported by this driver. - @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a - hardware or firmware error. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. - @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_RNG_GET_INFO)( - IN EFI_RNG_PROTOCOL *This, - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList - ); - -/** - Produces and returns an RNG value using either the default or specified RNG algorithm. - - @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. - @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG - algorithm to use. May be NULL in which case the function will - use its default RNG algorithm. - @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by - RNGValue. The driver shall return exactly this numbers of bytes. - @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the - resulting RNG value. - - @retval EFI_SUCCESS The RNG value was returned successfully. - @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by - this driver. - @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or - firmware error. - @retval EFI_NOT_READY There is not enough random data available to satisfy the length - requested by RNGValueLength. - @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_RNG_GET_RNG)( - IN EFI_RNG_PROTOCOL *This, - IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, - IN UINTN RNGValueLength, - OUT UINT8 *RNGValue - ); - -/// -/// The Random Number Generator (RNG) protocol provides random bits for use in -/// applications, or entropy for seeding other random number generators. -/// -struct _EFI_RNG_PROTOCOL { - EFI_RNG_GET_INFO GetInfo; - EFI_RNG_GET_RNG GetRNG; -}; +typedef EFI_RNG_INTERFACE EFI_RNG_PROTOCOL; extern EFI_GUID gEfiRngProtocolGuid; -extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid; -extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid; -extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; -extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; -extern EFI_GUID gEfiRngAlgorithmX931AesGuid; -extern EFI_GUID gEfiRngAlgorithmRaw; -extern EFI_GUID gEfiRngAlgorithmArmRndr; #endif diff --git a/src/include/ipxe/efi/Protocol/SerialIo.h b/src/include/ipxe/efi/Protocol/SerialIo.h index 1e44a21c4..31fd99215 100644 --- a/src/include/ipxe/efi/Protocol/SerialIo.h +++ b/src/include/ipxe/efi/Protocol/SerialIo.h @@ -13,6 +13,7 @@ #define __SERIAL_IO_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SERIAL_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/ServiceBinding.h b/src/include/ipxe/efi/Protocol/ServiceBinding.h index 6baf73aa7..d23059ccf 100644 --- a/src/include/ipxe/efi/Protocol/ServiceBinding.h +++ b/src/include/ipxe/efi/Protocol/ServiceBinding.h @@ -14,6 +14,7 @@ #define __EFI_SERVICE_BINDING_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Forward reference for pure ANSI compatability diff --git a/src/include/ipxe/efi/Protocol/ShimLock.h b/src/include/ipxe/efi/Protocol/ShimLock.h index b31365173..8fd3c3bc8 100644 --- a/src/include/ipxe/efi/Protocol/ShimLock.h +++ b/src/include/ipxe/efi/Protocol/ShimLock.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SHIM_LOCK_PROTOCOL_GUID \ { 0x605dab50, 0xe046, 0x4300, \ diff --git a/src/include/ipxe/efi/Protocol/SimpleFileSystem.h b/src/include/ipxe/efi/Protocol/SimpleFileSystem.h index 62edb2a88..39944c31a 100644 --- a/src/include/ipxe/efi/Protocol/SimpleFileSystem.h +++ b/src/include/ipxe/efi/Protocol/SimpleFileSystem.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_FILE_SYSTEM_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/SimpleNetwork.h b/src/include/ipxe/efi/Protocol/SimpleNetwork.h index 141ab8856..d7e4e1182 100644 --- a/src/include/ipxe/efi/Protocol/SimpleNetwork.h +++ b/src/include/ipxe/efi/Protocol/SimpleNetwork.h @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_NETWORK_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_NETWORK_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/SimplePointer.h b/src/include/ipxe/efi/Protocol/SimplePointer.h index 45ddf8d5c..1381b7ec1 100644 --- a/src/include/ipxe/efi/Protocol/SimplePointer.h +++ b/src/include/ipxe/efi/Protocol/SimplePointer.h @@ -12,6 +12,7 @@ #define __SIMPLE_POINTER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_POINTER_PROTOCOL_GUID \ { \ @@ -56,12 +57,12 @@ typedef struct { UINT64 ResolutionX; /// /// The resolution of the pointer device on the y-axis in counts/mm. - /// If 0, then the pointer device does not support an x-axis. + /// If 0, then the pointer device does not support a y-axis. /// UINT64 ResolutionY; /// /// The resolution of the pointer device on the z-axis in counts/mm. - /// If 0, then the pointer device does not support an x-axis. + /// If 0, then the pointer device does not support a z-axis. /// UINT64 ResolutionZ; /// diff --git a/src/include/ipxe/efi/Protocol/SimpleTextIn.h b/src/include/ipxe/efi/Protocol/SimpleTextIn.h index 11daeb5bc..1198ff81a 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextIn.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextIn.h @@ -13,6 +13,7 @@ #define __SIMPLE_TEXT_IN_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_TEXT_INPUT_PROTOCOL_GUID \ { \ @@ -102,6 +103,7 @@ EFI_STATUS @retval EFI_NOT_READY There was no keystroke data available. @retval EFI_DEVICE_ERROR The keystroke information was not returned due to hardware errors. + @retval EFI_UNSUPPORTED The device does not support the ability to read keystroke data. **/ typedef diff --git a/src/include/ipxe/efi/Protocol/SimpleTextInEx.h b/src/include/ipxe/efi/Protocol/SimpleTextInEx.h index 9a93da509..f797a45c9 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextInEx.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextInEx.h @@ -14,6 +14,7 @@ #define __SIMPLE_TEXT_IN_EX_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/SimpleTextIn.h> @@ -188,6 +189,7 @@ typedef struct { @retval EFI_NOT_READY There was no keystroke data available. @retval EFI_DEVICE_ERROR The keystroke information was not returned due to hardware errors. + @retval EFI_UNSUPPORTED The device does not support the ability to read keystroke data. **/ diff --git a/src/include/ipxe/efi/Protocol/SimpleTextOut.h b/src/include/ipxe/efi/Protocol/SimpleTextOut.h index 824018822..349e9debe 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextOut.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextOut.h @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_TEXT_OUT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h b/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h new file mode 100644 index 000000000..f00eb925c --- /dev/null +++ b/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h @@ -0,0 +1,213 @@ +/** @file + EFI Storage Security Command Protocol as defined in UEFI 2.3.1 specification. + This protocol is used to abstract mass storage devices to allow code running in + the EFI boot services environment to send security protocol commands to mass + storage devices without specific knowledge of the type of device or controller + that manages the device. + + Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __STORAGE_SECURITY_COMMAND_H__ +#define __STORAGE_SECURITY_COMMAND_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_STORAGE_SECURITY_COMMAND_PROTOCOL_GUID \ + { \ + 0xC88B0B6D, 0x0DFC, 0x49A7, {0x9C, 0xB4, 0x49, 0x07, 0x4B, 0x4C, 0x3A, 0x78 } \ + } + +typedef struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL EFI_STORAGE_SECURITY_COMMAND_PROTOCOL; + +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. + + If the PayloadBufferSize is zero, the security protocol command is sent using the + Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. If there is no + block IO protocol supported by the physical device, the + value of MediaId is undefined. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT if the + time required to execute the receive data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the + data written to the payload data buffer. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available + data from the device. The PayloadBuffer contains the truncated data. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and + PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_STORAGE_SECURITY_RECEIVE_DATA)( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer, + OUT UINTN *PayloadTransferSize + ); + +/** + Send a security protocol command to a device. + + The SendData function sends a security protocol command containing the payload + PayloadBuffer to the given MediaId. The security protocol command sent is + defined by SecurityProtocolId and contains the security protocol specific data + SecurityProtocolSpecificData. If the underlying protocol command requires a + specific padding for the command payload, the SendData function shall add padding + bytes to the command payload to satisfy the padding requirements. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL OUT command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. If the PayloadBufferSize is zero, the security protocol command is + sent using the Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall + return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function + shall return EFI_UNSUPPORTED. If there is no media in the device, the function + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the + device, the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall return + EFI_SUCCESS. If the security protocol command completes with an error, the function + shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. If there is no + block IO protocol supported by the physical device, the + value of MediaId is undefined. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT if the + time required to execute the receive data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_STORAGE_SECURITY_SEND_DATA)( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + IN VOID *PayloadBuffer + ); + +/// +/// The EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is used to send security protocol +/// commands to a mass storage device. Two types of security protocol commands +/// are supported. SendData sends a command with data to a device. ReceiveData +/// sends a command that receives data and/or the result of one or more commands +/// sent by SendData. +/// +/// The security protocol command formats supported shall be based on the definition +/// of the SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT commands defined in SPC-4. +/// If the device uses the SCSI command set, no translation is needed in the firmware +/// and the firmware can package the parameters into a SECURITY PROTOCOL IN or SECURITY +/// PROTOCOL OUT command and send the command to the device. If the device uses a +/// non-SCSI command set, the firmware shall map the command and data payload to the +/// corresponding command and payload format defined in the non-SCSI command set +/// (for example, TRUSTED RECEIVE and TRUSTED SEND in ATA8-ACS). +/// +/// The firmware shall automatically add an EFI_STORAGE_SECURITY_COMMAND_PROTOCOL +/// for any storage devices detected during system boot that support SPC-4, ATA8-ACS +/// or their successors. +/// +struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL { + EFI_STORAGE_SECURITY_RECEIVE_DATA ReceiveData; + EFI_STORAGE_SECURITY_SEND_DATA SendData; +}; + +extern EFI_GUID gEfiStorageSecurityCommandProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/Supplicant.h b/src/include/ipxe/efi/Protocol/Supplicant.h new file mode 100644 index 000000000..51a568335 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Supplicant.h @@ -0,0 +1,461 @@ +/** @file + This file defines the EFI Supplicant Protocol. + + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.6 + +**/ + +#ifndef __EFI_SUPPLICANT_PROTOCOL_H__ +#define __EFI_SUPPLICANT_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Protocol/WiFi2.h> + +/// +/// The EFI Supplicant Service Binding Protocol is used to locate EFI +/// Supplicant Protocol drivers to create and destroy child of the driver to +/// communicate with other host using Supplicant protocol. +/// +#define EFI_SUPPLICANT_SERVICE_BINDING_PROTOCOL_GUID \ + { \ + 0x45bcd98e, 0x59ad, 0x4174, { 0x95, 0x46, 0x34, 0x4a, 0x7, 0x48, 0x58, 0x98 } \ + } + +/// +/// The EFI Supplicant protocol provides services to process authentication and +/// data encryption/decryption for security management. +/// +#define EFI_SUPPLICANT_PROTOCOL_GUID \ + { \ + 0x54fcc43e, 0xaa89, 0x4333, { 0x9a, 0x85, 0xcd, 0xea, 0x24, 0x5, 0x1e, 0x9e } \ + } + +typedef struct _EFI_SUPPLICANT_PROTOCOL EFI_SUPPLICANT_PROTOCOL; + +/// +/// EFI_SUPPLICANT_CRYPT_MODE +/// +typedef enum { + // + // Encrypt data provided in the fragment buffers. + // + EfiSupplicantEncrypt, + // + // Decrypt data provided in the fragment buffers. + // + EfiSupplicantDecrypt, +} EFI_SUPPLICANT_CRYPT_MODE; + +/// +/// EFI_SUPPLICANT_DATA_TYPE +/// +typedef enum { + // + // Session Configuration + // + + // + // Current authentication type in use. The corresponding Data is of type + // EFI_80211_AKM_SUITE_SELECTOR. + // + EfiSupplicant80211AKMSuite, + // + // Group data encryption type in use. The corresponding Data is of type + // EFI_SUPPLICANT_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211GroupDataCipherSuite, + // + // Pairwise encryption type in use. The corresponding Data is of type + // EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211PairwiseCipherSuite, + // + // PSK password. The corresponding Data is a NULL-terminated ASCII string. + // + EfiSupplicant80211PskPassword, + // + // Target SSID name. The corresponding Data is of type EFI_80211_SSID. + // + EfiSupplicant80211TargetSSIDName, + // + // Station MAC address. The corresponding Data is of type + // EFI_80211_MAC_ADDRESS. + // + EfiSupplicant80211StationMac, + // + // Target SSID MAC address. The corresponding Data is 6 bytes MAC address. + // + EfiSupplicant80211TargetSSIDMac, + + // + // Session Information + // + + // + // 802.11 PTK. The corresponding Data is of type EFI_SUPPLICANT_KEY. + // + EfiSupplicant80211PTK, + // + // 802.11 GTK. The corresponding Data is of type EFI_SUPPLICANT_GTK_LIST. + // + EfiSupplicant80211GTK, + // + // Supplicant state. The corresponding Data is + // EFI_EAPOL_SUPPLICANT_PAE_STATE. + // + EfiSupplicantState, + // + // 802.11 link state. The corresponding Data is EFI_80211_LINK_STATE. + // + EfiSupplicant80211LinkState, + // + // Flag indicates key is refreshed. The corresponding Data is + // EFI_SUPPLICANT_KEY_REFRESH. + // + EfiSupplicantKeyRefresh, + + // + // Session Configuration + // + + // + // Supported authentication types. The corresponding Data is of type + // EFI_80211_AKM_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedAKMSuites, + // + // Supported software encryption types provided by supplicant driver. The + // corresponding Data is of type EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedSoftwareCipherSuites, + // + // Supported hardware encryption types provided by wireless UNDI driver. The + // corresponding Data is of type EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedHardwareCipherSuites, + + // + // Session Information + // + + // + // 802.11 Integrity GTK. The corresponding Data is of type + // EFI_SUPPLICANT_GTK_LIST. + // + EfiSupplicant80211IGTK, + // + // 802.11 PMK. The corresponding Data is 32 bytes pairwise master key. + // + EfiSupplicant80211PMK, + EfiSupplicantDataTypeMaximum +} EFI_SUPPLICANT_DATA_TYPE; + +/// +/// EFI_80211_LINK_STATE +/// +typedef enum { + // + // Indicates initial start state, unauthenticated, unassociated. + // + Ieee80211UnauthenticatedUnassociated, + // + // Indicates authenticated, unassociated. + // + Ieee80211AuthenticatedUnassociated, + // + // Indicates authenticated and associated, but pending RSN authentication. + // + Ieee80211PendingRSNAuthentication, + // + // Indicates authenticated and associated. + // + Ieee80211AuthenticatedAssociated +} EFI_80211_LINK_STATE; + +/// +/// EFI_SUPPLICANT_KEY_TYPE (IEEE Std 802.11 Section 6.3.19.1.2) +/// +typedef enum { + Group, + Pairwise, + PeerKey, + IGTK +} EFI_SUPPLICANT_KEY_TYPE; + +/// +/// EFI_SUPPLICANT_KEY_DIRECTION (IEEE Std 802.11 Section 6.3.19.1.2) +/// +typedef enum { + // + // Indicates that the keys are being installed for the receive direction. + // + Receive, + // + // Indicates that the keys are being installed for the transmit direction. + // + Transmit, + // + // Indicates that the keys are being installed for both the receive and + // transmit directions. + // + Both +} EFI_SUPPLICANT_KEY_DIRECTION; + +/// +/// EFI_SUPPLICANT_KEY_REFRESH +/// +typedef struct { + // + // If TRUE, indicates GTK is just refreshed after a successful call to + // EFI_SUPPLICANT_PROTOCOL.BuildResponsePacket(). + // + BOOLEAN GTKRefresh; +} EFI_SUPPLICANT_KEY_REFRESH; + +#define EFI_MAX_KEY_LEN 64 + +/// +/// EFI_SUPPLICANT_KEY +/// +typedef struct { + // + // The key value. + // + UINT8 Key[EFI_MAX_KEY_LEN]; + // + // Length in bytes of the Key. Should be up to EFI_MAX_KEY_LEN. + // + UINT8 KeyLen; + // + // The key identifier. + // + UINT8 KeyId; + // + // Defines whether this key is a group key, pairwise key, PeerKey, or + // Integrity Group. + // + EFI_SUPPLICANT_KEY_TYPE KeyType; + // + // The value is set according to the KeyType. + // + EFI_80211_MAC_ADDRESS Addr; + // + // The Receive Sequence Count value. + // + UINT8 Rsc[8]; + // + // Length in bytes of the Rsc. Should be up to 8. + // + UINT8 RscLen; + // + // Indicates whether the key is configured by the Authenticator or + // Supplicant. The value true indicates Authenticator. + // + BOOLEAN IsAuthenticator; + // + // The cipher suite required for this association. + // + EFI_80211_SUITE_SELECTOR CipherSuite; + // + // Indicates the direction for which the keys are to be installed. + // + EFI_SUPPLICANT_KEY_DIRECTION Direction; +} EFI_SUPPLICANT_KEY; + +/// +/// EFI_SUPPLICANT_GTK_LIST +/// +typedef struct { + // + // Indicates the number of GTKs that are contained in GTKList. + // + UINT8 GTKCount; + // + // A variable-length array of GTKs of type EFI_SUPPLICANT_KEY. The number of + // entries is specified by GTKCount. + // + EFI_SUPPLICANT_KEY GTKList[1]; +} EFI_SUPPLICANT_GTK_LIST; + +/// +/// EFI_SUPPLICANT_FRAGMENT_DATA +/// +typedef struct { + // + // Length of data buffer in the fragment. + // + UINT32 FragmentLength; + // + // Pointer to the data buffer in the fragment. + // + VOID *FragmentBuffer; +} EFI_SUPPLICANT_FRAGMENT_DATA; + +/** + BuildResponsePacket() is called during STA and AP authentication is in + progress. Supplicant derives the PTK or session keys depend on type of + authentication is being employed. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] RequestBuffer Pointer to the most recently received EAPOL + packet. NULL means the supplicant need + initiate the EAP authentication session and + send EAPOL-Start message. + @param[in] RequestBufferSize + Packet size in bytes for the most recently + received EAPOL packet. 0 is only valid when + RequestBuffer is NULL. + @param[out] Buffer Pointer to the buffer to hold the built + packet. + @param[in, out] BufferSize Pointer to the buffer size in bytes. On + input, it is the buffer size provided by the + caller. On output, it is the buffer size in + fact needed to contain the packet. + + @retval EFI_SUCCESS The required EAPOL packet is built + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + RequestBuffer is NULL, but RequestSize is + NOT 0. + RequestBufferSize is 0. + Buffer is NULL, but RequestBuffer is NOT 0. + BufferSize is NULL. + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response + packet. + @retval EFI_NOT_READY Current EAPOL session state is NOT ready to + build ResponsePacket. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_BUILD_RESPONSE_PACKET)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN UINT8 *RequestBuffer OPTIONAL, + IN UINTN RequestBufferSize OPTIONAL, + OUT UINT8 *Buffer, + IN OUT UINTN *BufferSize + ); + +/** + ProcessPacket() is called to Supplicant driver to encrypt or decrypt the data + depending type of authentication type. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in, out] FragmentTable Pointer to a list of fragment. The caller + will take responsible to handle the original + FragmentTable while it may be reallocated in + Supplicant driver. + @param[in] FragmentCount Number of fragment. + @param[in] CryptMode Crypt mode. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + FragmentTable is NULL. + FragmentCount is NULL. + CryptMode is invalid. + @retval EFI_NOT_READY Current supplicant state is NOT Authenticated. + @retval EFI_ABORTED Something wrong decryption the message. + @retval EFI_UNSUPPORTED This API is not supported. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_PROCESS_PACKET)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN OUT EFI_SUPPLICANT_FRAGMENT_DATA **FragmentTable, + IN UINT32 *FragmentCount, + IN EFI_SUPPLICANT_CRYPT_MODE CryptMode + ); + +/** + Set Supplicant configuration data. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] DataType The type of data. + @param[in] Data Pointer to the buffer to hold the data. + @param[in] DataSize Pointer to the buffer size in bytes. + + @retval EFI_SUCCESS The Supplicant configuration data is set + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_SET_DATA)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN EFI_SUPPLICANT_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get Supplicant configuration data. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] DataType The type of data. + @param[out] Data Pointer to the buffer to hold the data. + Ignored if DataSize is 0. + @param[in, out] DataSize Pointer to the buffer size in bytes. On + input, it is the buffer size provided by the + caller. On output, it is the buffer size in + fact needed to contain the packet. + + @retval EFI_SUCCESS The Supplicant configuration data is got + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + DataSize is NULL. + Data is NULL if *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The Supplicant configuration data is not + found. + @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the + specified configuration data and the required + size is returned in DataSize. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_GET_DATA)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN EFI_SUPPLICANT_DATA_TYPE DataType, + OUT UINT8 *Data OPTIONAL, + IN OUT UINTN *DataSize + ); + +/// +/// The EFI_SUPPLICANT_PROTOCOL is designed to provide unified place for WIFI +/// and EAP security management. Both PSK authentication and 802.1X EAP +/// authentication can be managed via this protocol and driver or application +/// as a consumer can only focus on about packet transmitting or receiving. +/// +struct _EFI_SUPPLICANT_PROTOCOL { + EFI_SUPPLICANT_BUILD_RESPONSE_PACKET BuildResponsePacket; + EFI_SUPPLICANT_PROCESS_PACKET ProcessPacket; + EFI_SUPPLICANT_SET_DATA SetData; + EFI_SUPPLICANT_GET_DATA GetData; +}; + +extern EFI_GUID gEfiSupplicantServiceBindingProtocolGuid; +extern EFI_GUID gEfiSupplicantProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/Tcg2Protocol.h b/src/include/ipxe/efi/Protocol/Tcg2Protocol.h new file mode 100644 index 000000000..4333211b6 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Tcg2Protocol.h @@ -0,0 +1,338 @@ +/** @file + TPM2 Protocol as defined in TCG PC Client Platform EFI Protocol Specification Family "2.0". + See http://trustedcomputinggroup.org for the latest specification + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_PROTOCOL_H__ +#define __TCG2_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/IndustryStandard/UefiTcgPlatform.h> +#include <ipxe/efi/IndustryStandard/Tpm20.h> + +#define EFI_TCG2_PROTOCOL_GUID \ + {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }} + +typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL; + +typedef struct tdEFI_TCG2_VERSION { + UINT8 Major; + UINT8 Minor; +} EFI_TCG2_VERSION; + +typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP; +typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT; +typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP; + +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001 +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 + +typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY { + // + // Allocated size of the structure + // + UINT8 Size; + // + // Version of the EFI_TCG2_BOOT_SERVICE_CAPABILITY structure itself. + // For this version of the protocol, the Major version shall be set to 1 + // and the Minor version shall be set to 1. + // + EFI_TCG2_VERSION StructureVersion; + // + // Version of the EFI TCG2 protocol. + // For this version of the protocol, the Major version shall be set to 1 + // and the Minor version shall be set to 1. + // + EFI_TCG2_VERSION ProtocolVersion; + // + // Supported hash algorithms (this bitmap is determined by the supported PCR + // banks in the TPM and the hashing algorithms supported by the firmware) + // + EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; + // + // Bitmap of supported event log formats + // + EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs; + // + // False = TPM not present + // + BOOLEAN TPMPresentFlag; + // + // Max size (in bytes) of a command that can be sent to the TPM + // + UINT16 MaxCommandSize; + // + // Max size (in bytes) of a response that can be provided by the TPM + // + UINT16 MaxResponseSize; + // + // 4-byte Vendor ID + // (see TCG Vendor ID registry, Section "TPM Capabilities Vendor ID") + // + UINT32 ManufacturerID; + // + // Maximum number of PCR banks (hashing algorithms) supported. + // No granularity is provided to support a specific set of algorithms. + // Minimum value is 1. + // + UINT32 NumberOfPCRBanks; + // + // A bitmap of currently active PCR banks (hashing algorithms). + // This is a subset of the supported hashing algorithms reported in HashAlgorithmBitMap. + // NumberOfPcrBanks defines the number of bits that are set. + // + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks; +} EFI_TCG2_BOOT_SERVICE_CAPABILITY; + +#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 +#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 +#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004 +#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008 +#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 + +// +// This bit is shall be set when an event shall be extended but not logged. +// +#define EFI_TCG2_EXTEND_ONLY 0x0000000000000001 +// +// This bit shall be set when the intent is to measure a PE/COFF image. +// +#define PE_COFF_IMAGE 0x0000000000000010 + +#define MAX_PCR_INDEX 23 + +#pragma pack(1) + +#define EFI_TCG2_EVENT_HEADER_VERSION 1 + +typedef struct { + // + // Size of the event header itself (sizeof(EFI_TCG2_EVENT_HEADER)). + // + UINT32 HeaderSize; + // + // Header version. For this version of this specification, the value shall be 1. + // + UINT16 HeaderVersion; + // + // Index of the PCR that shall be extended (0 - 23). + // + TCG_PCRINDEX PCRIndex; + // + // Type of the event that shall be extended (and optionally logged). + // + TCG_EVENTTYPE EventType; +} EFI_TCG2_EVENT_HEADER; + +typedef struct tdEFI_TCG2_EVENT { + // + // Total size of the event including the Size component, the header and the Event data. + // + UINT32 Size; + EFI_TCG2_EVENT_HEADER Header; + UINT8 Event[1]; +} EFI_TCG2_EVENT; + +#pragma pack() + +/** + The EFI_TCG2_PROTOCOL GetCapability function call provides protocol + capability information and state information. + + @param[in] This Indicates the calling context + @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY + structure and sets the size field to the size of the structure allocated. + The callee fills in the fields with the EFI protocol capability information + and the current EFI TCG2 state information up to the number of fields which + fit within the size of the structure passed in. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + The ProtocolCapability variable will not be populated. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + The ProtocolCapability variable will not be populated. + @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response. + It will be partially populated (required Size field will be set). +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_CAPABILITY)( + IN EFI_TCG2_PROTOCOL *This, + IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability + ); + +/** + The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to + retrieve the address of a given event log and its last entry. + + @param[in] This Indicates the calling context + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[out] EventLogLocation A pointer to the memory address of the event log. + @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would + have exceeded the area allocated for events, this value is set to TRUE. + Otherwise, the value will be FALSE and the Event Log will be complete. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect + (e.g. asking for an event log whose format is not supported). +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_EVENT_LOG)( + IN EFI_TCG2_PROTOCOL *This, + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + OUT BOOLEAN *EventLogTruncated + ); + +/** + The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with + an opportunity to extend and optionally log events without requiring + knowledge of actual TPM commands. + The extend operation will occur even if this function cannot create an event + log entry (e.g. due to the event log being full). + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] DataToHash Physical address of the start of the data buffer to be hashed. + @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash. + @param[in] EfiTcgEvent Pointer to data buffer containing information about the event. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_UNSUPPORTED The PE/COFF image type is not supported. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_HASH_LOG_EXTEND_EVENT)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT64 Flags, + IN EFI_PHYSICAL_ADDRESS DataToHash, + IN UINT64 DataToHashLen, + IN EFI_TCG2_EVENT *EfiTcgEvent + ); + +/** + This service enables the sending of commands to the TPM. + + @param[in] This Indicates the calling context + @param[in] InputParameterBlockSize Size of the TPM input parameter block. + @param[in] InputParameterBlock Pointer to the TPM input parameter block. + @param[in] OutputParameterBlockSize Size of the TPM output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SUBMIT_COMMAND)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN UINT32 OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service returns the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks. + + @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *ActivePcrBanks + ); + +/** + This service sets the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set. + + @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 ActivePcrBanks + ); + +/** + This service retrieves the result of a previous invocation of SetActivePcrBanks. + + @param[in] This Indicates the calling context + @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot. + @param[out] Response The response from the SetActivePcrBank request. + + @retval EFI_SUCCESS The result value could be returned. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *OperationPresent, + OUT UINT32 *Response + ); + +struct tdEFI_TCG2_PROTOCOL { + EFI_TCG2_GET_CAPABILITY GetCapability; + EFI_TCG2_GET_EVENT_LOG GetEventLog; + EFI_TCG2_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; + EFI_TCG2_SUBMIT_COMMAND SubmitCommand; + EFI_TCG2_GET_ACTIVE_PCR_BANKS GetActivePcrBanks; + EFI_TCG2_SET_ACTIVE_PCR_BANKS SetActivePcrBanks; + EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks; +}; + +extern EFI_GUID gEfiTcg2ProtocolGuid; + +// +// Log entries after Get Event Log service +// + +#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID \ + {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }} + +extern EFI_GUID gEfiTcg2FinalEventsTableGuid; + +typedef struct tdEFI_TCG2_FINAL_EVENTS_TABLE { + // + // The version of this structure. + // + UINT64 Version; + // + // Number of events recorded after invocation of GetEventLog API + // + UINT64 NumberOfEvents; + // + // List of events of type TCG_PCR_EVENT2. + // + // TCG_PCR_EVENT2 Event[1]; +} EFI_TCG2_FINAL_EVENTS_TABLE; + +#define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1 + +#endif diff --git a/src/include/ipxe/efi/Protocol/TcgService.h b/src/include/ipxe/efi/Protocol/TcgService.h index d225ae884..88b9f0ea9 100644 --- a/src/include/ipxe/efi/Protocol/TcgService.h +++ b/src/include/ipxe/efi/Protocol/TcgService.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _TCG_SERVICE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/UefiTcgPlatform.h> diff --git a/src/include/ipxe/efi/Protocol/Tcp4.h b/src/include/ipxe/efi/Protocol/Tcp4.h index 249f1fe0c..eeecd366d 100644 --- a/src/include/ipxe/efi/Protocol/Tcp4.h +++ b/src/include/ipxe/efi/Protocol/Tcp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_TCP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> diff --git a/src/include/ipxe/efi/Protocol/Tcp6.h b/src/include/ipxe/efi/Protocol/Tcp6.h index ddceaaf9f..df0ed6500 100644 --- a/src/include/ipxe/efi/Protocol/Tcp6.h +++ b/src/include/ipxe/efi/Protocol/Tcp6.h @@ -16,6 +16,7 @@ #define __EFI_TCP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/Udp4.h b/src/include/ipxe/efi/Protocol/Udp4.h index dc0586d81..7e8cc68c9 100644 --- a/src/include/ipxe/efi/Protocol/Udp4.h +++ b/src/include/ipxe/efi/Protocol/Udp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_UDP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> // diff --git a/src/include/ipxe/efi/Protocol/Udp6.h b/src/include/ipxe/efi/Protocol/Udp6.h index 5a62a3e02..4f176b8db 100644 --- a/src/include/ipxe/efi/Protocol/Udp6.h +++ b/src/include/ipxe/efi/Protocol/Udp6.h @@ -15,6 +15,7 @@ #define __EFI_UDP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/UgaDraw.h b/src/include/ipxe/efi/Protocol/UgaDraw.h index c268bd2d2..9e07948c4 100644 --- a/src/include/ipxe/efi/Protocol/UgaDraw.h +++ b/src/include/ipxe/efi/Protocol/UgaDraw.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_UGADRAW_H +#define _IPXE_EFI_UGADRAW_H + /** @file UGA Draw protocol from the EFI 1.10 specification. @@ -12,6 +15,7 @@ #define __UGA_DRAW_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_UGA_DRAW_PROTOCOL_GUID \ { \ @@ -159,3 +163,5 @@ struct _EFI_UGA_DRAW_PROTOCOL { extern EFI_GUID gEfiUgaDrawProtocolGuid; #endif + +#endif /* _IPXE_EFI_UGADRAW_H */ diff --git a/src/include/ipxe/efi/Protocol/UnicodeCollation.h b/src/include/ipxe/efi/Protocol/UnicodeCollation.h index f708624ee..96933d006 100644 --- a/src/include/ipxe/efi/Protocol/UnicodeCollation.h +++ b/src/include/ipxe/efi/Protocol/UnicodeCollation.h @@ -12,11 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UNICODE_COLLATION_H__ FILE_LICENCE ( BSD2_PATENT ); - -#define EFI_UNICODE_COLLATION_PROTOCOL_GUID \ - { \ - 0x1d85cd7f, 0xf43d, 0x11d2, {0x9a, 0xc, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ - } +FILE_SECBOOT ( PERMITTED ); #define EFI_UNICODE_COLLATION_PROTOCOL2_GUID \ { \ @@ -26,16 +22,6 @@ FILE_LICENCE ( BSD2_PATENT ); typedef struct _EFI_UNICODE_COLLATION_PROTOCOL EFI_UNICODE_COLLATION_PROTOCOL; /// -/// Protocol GUID name defined in EFI1.1. -/// -#define UNICODE_COLLATION_PROTOCOL EFI_UNICODE_COLLATION_PROTOCOL_GUID - -/// -/// Protocol defined in EFI1.1. -/// -typedef EFI_UNICODE_COLLATION_PROTOCOL UNICODE_COLLATION_INTERFACE; - -/// /// Protocol data structures and defines /// #define EFI_UNICODE_BYTE_ORDER_MARK (CHAR16) (0xfeff) @@ -182,7 +168,6 @@ struct _EFI_UNICODE_COLLATION_PROTOCOL { CHAR8 *SupportedLanguages; }; -extern EFI_GUID gEfiUnicodeCollationProtocolGuid; extern EFI_GUID gEfiUnicodeCollation2ProtocolGuid; #endif diff --git a/src/include/ipxe/efi/Protocol/Usb2HostController.h b/src/include/ipxe/efi/Protocol/Usb2HostController.h index 657918d44..4ef2a0cc6 100644 --- a/src/include/ipxe/efi/Protocol/Usb2HostController.h +++ b/src/include/ipxe/efi/Protocol/Usb2HostController.h @@ -13,6 +13,7 @@ #define _USB2_HOSTCONTROLLER_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/UsbIo.h> diff --git a/src/include/ipxe/efi/Protocol/UsbHostController.h b/src/include/ipxe/efi/Protocol/UsbHostController.h index 5336f00b3..f694b80d5 100644 --- a/src/include/ipxe/efi/Protocol/UsbHostController.h +++ b/src/include/ipxe/efi/Protocol/UsbHostController.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_USBHOSTCONTROLLER_H +#define _IPXE_EFI_USBHOSTCONTROLLER_H + /** @file EFI_USB_HC_PROTOCOL as defined in EFI 1.10. @@ -14,6 +17,7 @@ #define _USB_HOSTCONTROLLER_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Usb2HostController.h> @@ -501,3 +505,5 @@ struct _EFI_USB_HC_PROTOCOL { extern EFI_GUID gEfiUsbHcProtocolGuid; #endif + +#endif /* _IPXE_EFI_USBHOSTCONTROLLER_H */ diff --git a/src/include/ipxe/efi/Protocol/UsbIo.h b/src/include/ipxe/efi/Protocol/UsbIo.h index d5f02bb17..7686f241e 100644 --- a/src/include/ipxe/efi/Protocol/UsbIo.h +++ b/src/include/ipxe/efi/Protocol/UsbIo.h @@ -14,6 +14,7 @@ #define __USB_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Usb.h> diff --git a/src/include/ipxe/efi/Protocol/VlanConfig.h b/src/include/ipxe/efi/Protocol/VlanConfig.h index 79b6bc463..aa163ab95 100644 --- a/src/include/ipxe/efi/Protocol/VlanConfig.h +++ b/src/include/ipxe/efi/Protocol/VlanConfig.h @@ -13,6 +13,7 @@ #define __EFI_VLANCONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_VLAN_CONFIG_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/WiFi2.h b/src/include/ipxe/efi/Protocol/WiFi2.h new file mode 100644 index 000000000..016e6f588 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/WiFi2.h @@ -0,0 +1,410 @@ +/** @file + This file defines the EFI Wireless MAC Connection II Protocol. + + Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.6 + +**/ + +#ifndef __EFI_WIFI2_PROTOCOL_H__ +#define __EFI_WIFI2_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL_GUID \ + { \ + 0x1b0fb9bf, 0x699d, 0x4fdd, { 0xa7, 0xc3, 0x25, 0x46, 0x68, 0x1b, 0xf6, 0x3b } \ + } + +typedef struct _EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL; + +/// +/// EFI_80211_BSS_TYPE +/// +typedef enum { + IeeeInfrastructureBSS, + IeeeIndependentBSS, + IeeeMeshBSS, + IeeeAnyBss +} EFI_80211_BSS_TYPE; + +/// +/// EFI_80211_CONNECT_NETWORK_RESULT_CODE +/// +typedef enum { + // + // The connection establishment operation finished successfully. + // + ConnectSuccess, + // + // The connection was refused by the Network. + // + ConnectRefused, + // + // The connection establishment operation failed (i.e, Network is not + // detected). + // + ConnectFailed, + // + // The connection establishment operation was terminated on timeout. + // + ConnectFailureTimeout, + // + // The connection establishment operation failed on other reason. + // + ConnectFailedReasonUnspecified +} EFI_80211_CONNECT_NETWORK_RESULT_CODE; + +/// +/// EFI_80211_MAC_ADDRESS +/// +typedef struct { + UINT8 Addr[6]; +} EFI_80211_MAC_ADDRESS; + +#define EFI_MAX_SSID_LEN 32 + +/// +/// EFI_80211_SSID +/// +typedef struct { + // + // Length in bytes of the SSId. If zero, ignore SSId field. + // + UINT8 SSIdLen; + // + // Specifies the service set identifier. + // + UINT8 SSId[EFI_MAX_SSID_LEN]; +} EFI_80211_SSID; + +/// +/// EFI_80211_GET_NETWORKS_DATA +/// +typedef struct { + // + // The number of EFI_80211_SSID in SSIDList. If zero, SSIDList should be + // ignored. + // + UINT32 NumOfSSID; + // + // The SSIDList is a pointer to an array of EFI_80211_SSID instances. The + // number of entries is specified by NumOfSSID. The array should only include + // SSIDs of hidden networks. It is suggested that the caller inputs less than + // 10 elements in the SSIDList. It is the caller's responsibility to free + // this buffer. + // + EFI_80211_SSID SSIDList[1]; +} EFI_80211_GET_NETWORKS_DATA; + +/// +/// EFI_80211_SUITE_SELECTOR +/// +typedef struct { + // + // Organization Unique Identifier, as defined in IEEE 802.11 standard, + // usually set to 00-0F-AC. + // + UINT8 Oui[3]; + // + // Suites types, as defined in IEEE 802.11 standard. + // + UINT8 SuiteType; +} EFI_80211_SUITE_SELECTOR; + +/// +/// EFI_80211_AKM_SUITE_SELECTOR +/// +typedef struct { + // + // Indicates the number of AKM suite selectors that are contained in + // AKMSuiteList. If zero, the AKMSuiteList is ignored. + // + UINT16 AKMSuiteCount; + // + // A variable-length array of AKM suites, as defined in IEEE 802.11 standard, + // Table 8-101. The number of entries is specified by AKMSuiteCount. + // + EFI_80211_SUITE_SELECTOR AKMSuiteList[1]; +} EFI_80211_AKM_SUITE_SELECTOR; + +/// +/// EFI_80211_CIPHER_SUITE_SELECTOR +/// +typedef struct { + // + // Indicates the number of cipher suites that are contained in + // CipherSuiteList. If zero, the CipherSuiteList is ignored. + // + UINT16 CipherSuiteCount; + // + // A variable-length array of cipher suites, as defined in IEEE 802.11 + // standard, Table 8-99. The number of entries is specified by + // CipherSuiteCount. + // + EFI_80211_SUITE_SELECTOR CipherSuiteList[1]; +} EFI_80211_CIPHER_SUITE_SELECTOR; + +/// +/// EFI_80211_NETWORK +/// +typedef struct { + // + // Specifies the type of the BSS. + // + EFI_80211_BSS_TYPE BSSType; + // + // Specifies the SSID of the BSS. + // + EFI_80211_SSID SSId; + // + // Pointer to the AKM suites supported in the wireless network. + // + EFI_80211_AKM_SUITE_SELECTOR *AKMSuite; + // + // Pointer to the cipher suites supported in the wireless network. + // + EFI_80211_CIPHER_SUITE_SELECTOR *CipherSuite; +} EFI_80211_NETWORK; + +/// +/// EFI_80211_NETWORK_DESCRIPTION +/// +typedef struct { + // + // Specifies the found wireless network. + // + EFI_80211_NETWORK Network; + // + // Indicates the network quality as a value between 0 to 100, where 100 + // indicates the highest network quality. + // + UINT8 NetworkQuality; +} EFI_80211_NETWORK_DESCRIPTION; + +/// +/// EFI_80211_GET_NETWORKS_RESULT +/// +typedef struct { + // + // The number of EFI_80211_NETWORK_DESCRIPTION in NetworkDesc. If zero, + // NetworkDesc should be ignored. + // + UINT8 NumOfNetworkDesc; + // + // The NetworkDesc is a pointer to an array of EFI_80211_NETWORK_DESCRIPTION + // instances. It is caller's responsibility to free this buffer. + // + EFI_80211_NETWORK_DESCRIPTION NetworkDesc[1]; +} EFI_80211_GET_NETWORKS_RESULT; + +/// +/// EFI_80211_GET_NETWORKS_TOKEN +/// +typedef struct { + // + // If the status code returned by GetNetworks() is EFI_SUCCESS, then this + // Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully. + // EFI_NOT_FOUND: Failed to find available wireless networks. + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // EFI_NOT_READY: The operation is started but not yet completed. + // + EFI_STATUS Status; + // + // Pointer to the input data for getting networks. + // + EFI_80211_GET_NETWORKS_DATA *Data; + // + // Indicates the scan result. It is caller's responsibility to free this + // buffer. + // + EFI_80211_GET_NETWORKS_RESULT *Result; +} EFI_80211_GET_NETWORKS_TOKEN; + +/// +/// EFI_80211_CONNECT_NETWORK_DATA +/// +typedef struct { + // + // Specifies the wireless network to connect to. + // + EFI_80211_NETWORK *Network; + // + // Specifies a time limit in seconds that is optionally present, after which + // the connection establishment procedure is terminated by the UNDI driver. + // This is an optional parameter and may be 0. Values of 5 seconds or higher + // are recommended. + // + UINT32 FailureTimeout; +} EFI_80211_CONNECT_NETWORK_DATA; + +/// +/// EFI_80211_CONNECT_NETWORK_TOKEN +/// +typedef struct { + // + // If the status code returned by ConnectNetwork() is EFI_SUCCESS, then this + // Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully. + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // EFI_NOT_READY: The operation is started but not yet completed. + // + EFI_STATUS Status; + // + // Pointer to the connection data. + // + EFI_80211_CONNECT_NETWORK_DATA *Data; + // + // Indicates the connection state. + // + EFI_80211_CONNECT_NETWORK_RESULT_CODE ResultCode; +} EFI_80211_CONNECT_NETWORK_TOKEN; + +/// +/// EFI_80211_DISCONNECT_NETWORK_TOKEN +/// +typedef struct { + // + // If the status code returned by DisconnectNetwork() is EFI_SUCCESS, then + // this Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // + EFI_STATUS Status; +} EFI_80211_DISCONNECT_NETWORK_TOKEN; + +/** + Request a survey of potential wireless networks that administrator can later + elect to try to join. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for getting wireless + network. + + @retval EFI_SUCCESS The operation started, and an event will + eventually be raised for the caller. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters is not + supported by this implementation. + @retval EFI_ALREADY_STARTED The operation of getting wireless network is + already started. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_GET_NETWORKS)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_GET_NETWORKS_TOKEN *Token + ); + +/** + Connect a wireless network specified by a particular SSID, BSS type and + Security type. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for connecting wireless + network. + + @retval EFI_SUCCESS The operation started successfully. Results + will be notified eventually. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters are not + supported by this implementation. + @retval EFI_ALREADY_STARTED The connection process is already started. + @retval EFI_NOT_FOUND The specified wireless network is not found. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_CONNECT_NETWORK)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_CONNECT_NETWORK_TOKEN *Token + ); + +/** + Request a disconnection with current connected wireless network. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for disconnecting + wireless network. + + @retval EFI_SUCCESS The operation started successfully. Results + will be notified eventually. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters are not + supported by this implementation. + @retval EFI_NOT_FOUND Not connected to a wireless network. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_DISCONNECT_NETWORK)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_DISCONNECT_NETWORK_TOKEN *Token + ); + +/// +/// The EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL provides network management +/// service interfaces for 802.11 network stack. It is used by network +/// applications (and drivers) to establish wireless connection with a wireless +/// network. +/// +struct _EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL { + EFI_WIRELESS_MAC_CONNECTION_II_GET_NETWORKS GetNetworks; + EFI_WIRELESS_MAC_CONNECTION_II_CONNECT_NETWORK ConnectNetwork; + EFI_WIRELESS_MAC_CONNECTION_II_DISCONNECT_NETWORK DisconnectNetwork; +}; + +extern EFI_GUID gEfiWiFi2ProtocolGuid; + +#endif |