diff options
Diffstat (limited to 'src/include/ipxe/efi')
163 files changed, 4387 insertions, 485 deletions
diff --git a/src/include/ipxe/efi/AArch64/ProcessorBind.h b/src/include/ipxe/efi/AArch64/ProcessorBind.h index 3a7f77465..a64646ab4 100644 --- a/src/include/ipxe/efi/AArch64/ProcessorBind.h +++ b/src/include/ipxe/efi/AArch64/ProcessorBind.h @@ -13,6 +13,7 @@ #define __PROCESSOR_BIND_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Define the processor type so other code can make processor based choices diff --git a/src/include/ipxe/efi/Arm/ProcessorBind.h b/src/include/ipxe/efi/Arm/ProcessorBind.h index 6d558a2dd..4f90eff84 100644 --- a/src/include/ipxe/efi/Arm/ProcessorBind.h +++ b/src/include/ipxe/efi/Arm/ProcessorBind.h @@ -1,3 +1,7 @@ +#ifndef _IPXE_EFI_ARM_PROCESSORBIND_H +#define _IPXE_EFI_ARM_PROCESSORBIND_H + + /** @file Processor or Compiler specific defines and types for ARM. @@ -15,7 +19,11 @@ FILE_LICENCE ( BSD2_PATENT ); /// /// Define the processor type so other code can make processor based choices /// -#define MDE_CPU_ARM +/// Upstream EDK2 headers no longer accept MDE_CPU_ARM: define +/// MDE_CPU_EBC to prevent build errors. (The definition doesn't +/// actually affect anything used by iPXE.) +/// +#define MDE_CPU_EBC // // Make sure we are using the correct packing rules per EFI specification @@ -238,3 +246,5 @@ typedef INT32 INTN; #endif #endif + +#endif /* _IPXE_EFI_ARM_PROCESSORBIND_H */ diff --git a/src/include/ipxe/efi/Base.h b/src/include/ipxe/efi/Base.h index 46c31a3b1..0002309a3 100644 --- a/src/include/ipxe/efi/Base.h +++ b/src/include/ipxe/efi/Base.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __BASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Include processor specific binding @@ -61,7 +62,7 @@ FILE_LICENCE ( BSD2_PATENT ); /// up to the compiler to remove any code past that point. /// #define UNREACHABLE() __builtin_unreachable () - #elif defined (__has_feature) + #elif defined (__has_builtin) && defined (__has_feature) #if __has_builtin (__builtin_unreachable) /// /// Signal compilers and analyzers that this call is not reachable. It is @@ -580,7 +581,7 @@ struct _LIST_ENTRY { **/ #define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) -#if defined (_M_ARM) || defined (_M_ARM64) +#if defined (_M_ARM64) // // MSFT ARM variable argument list support. // @@ -802,12 +803,12 @@ typedef UINTN *BASE_LIST; @param Message Raised compiler diagnostic message when expression is false. **/ -#ifdef MDE_CPU_EBC -#define STATIC_ASSERT(Expression, Message) -#elif defined (_MSC_EXTENSIONS) || defined (__cplusplus) +#if defined (__cplusplus) #define STATIC_ASSERT static_assert -#else +#elif defined (__GNUC__) || defined (__clang__) #define STATIC_ASSERT _Static_assert +#elif defined (_MSC_EXTENSIONS) +#define STATIC_ASSERT static_assert #endif // @@ -890,7 +891,7 @@ STATIC_ASSERT (ALIGNOF (__VERIFY_INT32_ENUM_SIZE) == sizeof (__VERIFY_INT32_ENUM @return A pointer to the structure from one of it's elements. **/ -#define BASE_CR(Record, TYPE, Field) ((TYPE *) ((CHAR8 *) (Record) - OFFSET_OF (TYPE, Field))) +#define BASE_CR(Record, TYPE, Field) ((TYPE *) (VOID *) ((CHAR8 *) (Record) - OFFSET_OF (TYPE, Field))) /** Checks whether a value is a power of two. @@ -1060,7 +1061,7 @@ typedef UINTN RETURN_STATUS; @retval FALSE The high bit of StatusCode is clear. **/ -#define RETURN_ERROR(StatusCode) (((INTN)(RETURN_STATUS)(StatusCode)) < 0) +#define RETURN_ERROR(StatusCode) (((RETURN_STATUS)(StatusCode)) >= MAX_BIT) /// /// The operation completed successfully. diff --git a/src/include/ipxe/efi/Guid/Acpi.h b/src/include/ipxe/efi/Guid/Acpi.h index 09b399926..70beebe34 100644 --- a/src/include/ipxe/efi/Guid/Acpi.h +++ b/src/include/ipxe/efi/Guid/Acpi.h @@ -17,6 +17,7 @@ #define __ACPI_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define ACPI_TABLE_GUID \ { \ diff --git a/src/include/ipxe/efi/Guid/Fdt.h b/src/include/ipxe/efi/Guid/Fdt.h new file mode 100644 index 000000000..5e303ab34 --- /dev/null +++ b/src/include/ipxe/efi/Guid/Fdt.h @@ -0,0 +1,20 @@ +/** @file +* +* Copyright (c) 2013-2014, ARM Limited. All rights reserved. +* +* SPDX-License-Identifier: BSD-2-Clause-Patent +* +**/ + +#ifndef __FDT_H__ +#define __FDT_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define FDT_TABLE_GUID \ + { 0xb1b621d5, 0xf19c, 0x41a5, { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } } + +extern EFI_GUID gFdtTableGuid; + +#endif /* __FDT_H__ */ diff --git a/src/include/ipxe/efi/Guid/FileInfo.h b/src/include/ipxe/efi/Guid/FileInfo.h index 62c5f4c0c..7baa4550f 100644 --- a/src/include/ipxe/efi/Guid/FileInfo.h +++ b/src/include/ipxe/efi/Guid/FileInfo.h @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __FILE_INFO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_FILE_INFO_ID \ { \ diff --git a/src/include/ipxe/efi/Guid/FileSystemInfo.h b/src/include/ipxe/efi/Guid/FileSystemInfo.h index aadebc046..7f6b9cfdc 100644 --- a/src/include/ipxe/efi/Guid/FileSystemInfo.h +++ b/src/include/ipxe/efi/Guid/FileSystemInfo.h @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __FILE_SYSTEM_INFO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_FILE_SYSTEM_INFO_ID \ { \ diff --git a/src/include/ipxe/efi/Guid/GlobalVariable.h b/src/include/ipxe/efi/Guid/GlobalVariable.h new file mode 100644 index 000000000..48fe5337e --- /dev/null +++ b/src/include/ipxe/efi/Guid/GlobalVariable.h @@ -0,0 +1,195 @@ +/** @file + GUID for EFI (NVRAM) Variables. + + Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + GUID defined in UEFI 2.1 +**/ + +#ifndef __GLOBAL_VARIABLE_GUID_H__ +#define __GLOBAL_VARIABLE_GUID_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_GLOBAL_VARIABLE \ + { \ + 0x8BE4DF61, 0x93CA, 0x11d2, {0xAA, 0x0D, 0x00, 0xE0, 0x98, 0x03, 0x2B, 0x8C } \ + } + +extern EFI_GUID gEfiGlobalVariableGuid; + +// +// Follow UEFI 2.4 spec: +// To prevent name collisions with possible future globally defined variables, +// other internal firmware data variables that are not defined here must be +// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or +// any other GUID defined by the UEFI Specification. Implementations must +// only permit the creation of variables with a UEFI Specification-defined +// VendorGuid when these variables are documented in the UEFI Specification. +// +// Note: except the globally defined variables defined below, the spec also defines +// L"Boot####" - A boot load option. +// L"Driver####" - A driver load option. +// L"SysPrep####" - A System Prep application load option. +// L"Key####" - Describes hot key relationship with a Boot#### load option. +// The attribute for them is NV+BS+RT, #### is a printed hex value, and no 0x or h +// is included in the hex value. They can not be expressed as a #define like other globally +// defined variables, it is because we can not list the Boot0000, Boot0001, etc one by one. +// + +/// +/// The language codes that the firmware supports. This value is deprecated. +/// Its attribute is BS+RT. +/// +#define EFI_LANG_CODES_VARIABLE_NAME L"LangCodes" +/// +/// The language code that the system is configured for. This value is deprecated. +/// Its attribute is NV+BS+RT. +/// +#define EFI_LANG_VARIABLE_NAME L"Lang" +/// +/// The firmware's boot managers timeout, in seconds, before initiating the default boot selection. +/// Its attribute is NV+BS+RT. +/// +#define EFI_TIME_OUT_VARIABLE_NAME L"Timeout" +/// +/// The language codes that the firmware supports. +/// Its attribute is BS+RT. +/// +#define EFI_PLATFORM_LANG_CODES_VARIABLE_NAME L"PlatformLangCodes" +/// +/// The language code that the system is configured for. +/// Its attribute is NV+BS+RT. +/// +#define EFI_PLATFORM_LANG_VARIABLE_NAME L"PlatformLang" +/// +/// The device path of the default input/output/error output console. +/// Its attribute is NV+BS+RT. +/// +#define EFI_CON_IN_VARIABLE_NAME L"ConIn" +#define EFI_CON_OUT_VARIABLE_NAME L"ConOut" +#define EFI_ERR_OUT_VARIABLE_NAME L"ErrOut" +/// +/// The device path of all possible input/output/error output devices. +/// Its attribute is BS+RT. +/// +#define EFI_CON_IN_DEV_VARIABLE_NAME L"ConInDev" +#define EFI_CON_OUT_DEV_VARIABLE_NAME L"ConOutDev" +#define EFI_ERR_OUT_DEV_VARIABLE_NAME L"ErrOutDev" +/// +/// The ordered boot option load list. +/// Its attribute is NV+BS+RT. +/// +#define EFI_BOOT_ORDER_VARIABLE_NAME L"BootOrder" +/// +/// The boot option for the next boot only. +/// Its attribute is NV+BS+RT. +/// +#define EFI_BOOT_NEXT_VARIABLE_NAME L"BootNext" +/// +/// The boot option that was selected for the current boot. +/// Its attribute is BS+RT. +/// +#define EFI_BOOT_CURRENT_VARIABLE_NAME L"BootCurrent" +/// +/// The types of boot options supported by the boot manager. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME L"BootOptionSupport" +/// +/// The ordered driver load option list. +/// Its attribute is NV+BS+RT. +/// +#define EFI_DRIVER_ORDER_VARIABLE_NAME L"DriverOrder" +/// +/// The ordered System Prep Application load option list. +/// Its attribute is NV+BS+RT. +/// +#define EFI_SYS_PREP_ORDER_VARIABLE_NAME L"SysPrepOrder" +/// +/// Identifies the level of hardware error record persistence +/// support implemented by the platform. This variable is +/// only modified by firmware and is read-only to the OS. +/// Its attribute is NV+BS+RT. +/// +#define EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME L"HwErrRecSupport" +/// +/// Whether the system is operating in setup mode (1) or not (0). +/// All other values are reserved. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_SETUP_MODE_NAME L"SetupMode" +/// +/// The Key Exchange Key Signature Database. +/// Its attribute is NV+BS+RT+AT. +/// +#define EFI_KEY_EXCHANGE_KEY_NAME L"KEK" +/// +/// The public Platform Key. +/// Its attribute is NV+BS+RT+AT. +/// +#define EFI_PLATFORM_KEY_NAME L"PK" +/// +/// Array of GUIDs representing the type of signatures supported +/// by the platform firmware. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_SIGNATURE_SUPPORT_NAME L"SignatureSupport" +/// +/// Whether the platform firmware is operating in Secure boot mode (1) or not (0). +/// All other values are reserved. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_SECURE_BOOT_MODE_NAME L"SecureBoot" +/// +/// The OEM's default Key Exchange Key Signature Database. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_KEK_DEFAULT_VARIABLE_NAME L"KEKDefault" +/// +/// The OEM's default public Platform Key. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_PK_DEFAULT_VARIABLE_NAME L"PKDefault" +/// +/// The OEM's default secure boot signature store. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_DB_DEFAULT_VARIABLE_NAME L"dbDefault" +/// +/// The OEM's default secure boot blacklist signature store. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_DBX_DEFAULT_VARIABLE_NAME L"dbxDefault" +/// +/// The OEM's default secure boot timestamp signature store. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_DBT_DEFAULT_VARIABLE_NAME L"dbtDefault" +/// +/// Allows the firmware to indicate supported features and actions to the OS. +/// Its attribute is BS+RT. +/// +#define EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME L"OsIndicationsSupported" +/// +/// Allows the OS to request the firmware to enable certain features and to take certain actions. +/// Its attribute is NV+BS+RT. +/// +#define EFI_OS_INDICATIONS_VARIABLE_NAME L"OsIndications" +/// +/// Whether the system is configured to use only vendor provided +/// keys or not. Should be treated as read-only. +/// Its attribute is BS+RT. +/// +#define EFI_VENDOR_KEYS_VARIABLE_NAME L"VendorKeys" + +/// +/// Whether the platform firmware is operating in device authentication boot mode (1) or not (0). +/// The content is UINT8. +/// +#define EFI_DEVICE_AUTH_BOOT_MODE_NAME L"devAuthBoot" + +#endif diff --git a/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h b/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h index 2636a1e4a..a3fb84732 100644 --- a/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h +++ b/src/include/ipxe/efi/Guid/HiiFormMapMethodGuid.h @@ -12,6 +12,7 @@ #define __EFI_HII_FORMMAP_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HII_STANDARD_FORM_GUID \ { 0x3bd2f4ec, 0xe524, 0x46e4, { 0xa9, 0xd8, 0x51, 0x1, 0x17, 0x42, 0x55, 0x62 } } diff --git a/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h b/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h index e9a0e026c..647360242 100644 --- a/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h +++ b/src/include/ipxe/efi/Guid/HiiPlatformSetupFormset.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_PLATFORM_SETUP_FORMSET_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HII_PLATFORM_SETUP_FORMSET_GUID \ { 0x93039971, 0x8545, 0x4b04, { 0xb4, 0x5e, 0x32, 0xeb, 0x83, 0x26, 0x4, 0xe } } diff --git a/src/include/ipxe/efi/Guid/ImageAuthentication.h b/src/include/ipxe/efi/Guid/ImageAuthentication.h new file mode 100644 index 000000000..6b82eb5d0 --- /dev/null +++ b/src/include/ipxe/efi/Guid/ImageAuthentication.h @@ -0,0 +1,388 @@ +/** @file + Image signature database are defined for the signed image validation. + + Copyright (c) 2009 - 2024, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + GUIDs defined in UEFI 2.5 spec. +**/ + +#ifndef __IMAGE_AUTHTICATION_H__ +#define __IMAGE_AUTHTICATION_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Guid/GlobalVariable.h> +#include <ipxe/efi/Protocol/Hash.h> + +#define EFI_IMAGE_SECURITY_DATABASE_GUID \ + { \ + 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f } \ + } + +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the authorized signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE L"db" +/// +/// Varialbe name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the forbidden signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx" +/// +/// Variable name with guid EFI_IMAGE_SECURITY_DATABASE_GUID +/// for the timestamp signature database. +/// +#define EFI_IMAGE_SECURITY_DATABASE2 L"dbt" + +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 + +#define SETUP_MODE 1 +#define USER_MODE 0 + +#define DEVICE_AUTH_BOOT_MODE_ENABLE 1 +#define DEVICE_AUTH_BOOT_MODE_DISABLE 0 + +// *********************************************************************** +// Signature Database +// *********************************************************************** +/// +/// The format of a signature database. +/// +#pragma pack(1) + +typedef struct { + /// + /// An identifier which identifies the agent which added the signature to the list. + /// + EFI_GUID SignatureOwner; + /// + /// The format of the signature is defined by the SignatureType. + /// + UINT8 SignatureData[1]; +} EFI_SIGNATURE_DATA; + +typedef struct { + /// + /// Type of the signature. GUID signature types are defined in below. + /// + EFI_GUID SignatureType; + /// + /// Total size of the signature list, including this header. + /// + UINT32 SignatureListSize; + /// + /// Size of the signature header which precedes the array of signatures. + /// + UINT32 SignatureHeaderSize; + /// + /// Size of each signature. + /// + UINT32 SignatureSize; + /// + /// Header before the array of signatures. The format of this header is specified + /// by the SignatureType. + /// UINT8 SignatureHeader[SignatureHeaderSize]; + /// + /// An array of signatures. Each signature is SignatureSize bytes in length. + /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; + /// +} EFI_SIGNATURE_LIST; + +typedef struct { + /// + /// The SHA256 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA256_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA256; + +typedef struct { + /// + /// The SHA384 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA384_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA384; + +typedef struct { + /// + /// The SHA512 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SHA512_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SHA512; + +typedef UINT8 EFI_SM3_HASH[32]; + +typedef struct { + /// + /// The SM3 hash of an X.509 certificate's To-Be-Signed contents. + /// + EFI_SM3_HASH ToBeSignedHash; + /// + /// The time that the certificate shall be considered to be revoked. + /// + EFI_TIME TimeOfRevocation; +} EFI_CERT_X509_SM3; + +#pragma pack() + +/// +/// This identifies a signature containing a SHA-256 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 32 bytes. +/// +#define EFI_CERT_SHA256_GUID \ + { \ + 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28} \ + } + +/// +/// This identifies a signature containing an RSA-2048 key. The key (only the modulus +/// since the public key exponent is known to be 0x10001) shall be stored in big-endian +/// order. +/// The SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size +/// of SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_GUID \ + { \ + 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6} \ + } + +/// +/// This identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA256_GUID \ + { \ + 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84} \ + } + +/// +/// This identifies a signature containing a SHA-1 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 20 bytes. +/// +#define EFI_CERT_SHA1_GUID \ + { \ + 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87, 0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd} \ + } + +/// +/// This identifies a signature containing a SM3 hash. The SignatureSize shall always +/// be 16 (size of SignatureOwner component) + 32 bytes. +/// +#define EFI_CERT_SM3_GUID \ + { \ + 0x57347f87, 0x7a9b, 0x403a, { 0xb9, 0x3c, 0xdc, 0x4a, 0xfb, 0x7a, 0xe, 0xbc } \ + } + +/// +/// TThis identifies a signature containing a RSA-2048 signature of a SHA-1 hash. The +/// SignatureHeader size shall always be 0. The SignatureSize shall always be 16 (size of +/// SignatureOwner component) + 256 bytes. +/// +#define EFI_CERT_RSA2048_SHA1_GUID \ + { \ + 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80} \ + } + +/// +/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 +/// certificate then verification of the signature of an image should validate the public +/// key certificate in the image using certificate path verification, up to this X.509 +/// certificate as a trusted root. The SignatureHeader size shall always be 0. The +/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + +/// the size of the certificate itself. +/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. +/// +#define EFI_CERT_X509_GUID \ + { \ + 0xa5c059a1, 0x94e4, 0x4aa7, {0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72} \ + } + +/// +/// This identifies a signature containing the SM3 hash of an X.509 certificate's To-Be-Signed +/// contents, and a time of revocation. The SignatureHeader size shall always be 0. The +/// SignatureSize shall always be 16 (size of the SignatureOwner component) + 32 bytes for +/// an EFI_CERT_X509_SM3 structure. If the TimeOfRevocation is non-zero, the certificate should +/// be considered to be revoked from that time and onwards, and otherwise the certificate shall +/// be considered to always be revoked. +/// +#define EFI_CERT_X509_SM3_GUID \ + { \ + 0x60d807e5, 0x10b4, 0x49a9, {0x93, 0x31, 0xe4, 0x4, 0x37, 0x88, 0x8d, 0x37 } \ + } + +/// +/// This identifies a signature containing a SHA-224 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 28 bytes. +/// +#define EFI_CERT_SHA224_GUID \ + { \ + 0xb6e5233, 0xa65c, 0x44c9, {0x94, 0x7, 0xd9, 0xab, 0x83, 0xbf, 0xc8, 0xbd} \ + } + +/// +/// This identifies a signature containing a SHA-384 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 48 bytes. +/// +#define EFI_CERT_SHA384_GUID \ + { \ + 0xff3e5307, 0x9fd0, 0x48c9, {0x85, 0xf1, 0x8a, 0xd5, 0x6c, 0x70, 0x1e, 0x1} \ + } + +/// +/// This identifies a signature containing a SHA-512 hash. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of SignatureOwner component) + +/// 64 bytes. +/// +#define EFI_CERT_SHA512_GUID \ + { \ + 0x93e0fae, 0xa6c4, 0x4f50, {0x9f, 0x1b, 0xd4, 0x1e, 0x2b, 0x89, 0xc1, 0x9a} \ + } + +/// +/// This identifies a signature containing the SHA256 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 48 bytes for an EFI_CERT_X509_SHA256 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA256_GUID \ + { \ + 0x3bd2a492, 0x96c0, 0x4079, {0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed } \ + } + +/// +/// This identifies a signature containing the SHA384 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 64 bytes for an EFI_CERT_X509_SHA384 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA384_GUID \ + { \ + 0x7076876e, 0x80c2, 0x4ee6, {0xaa, 0xd2, 0x28, 0xb3, 0x49, 0xa6, 0x86, 0x5b } \ + } + +/// +/// This identifies a signature containing the SHA512 hash of an X.509 certificate's +/// To-Be-Signed contents, and a time of revocation. The SignatureHeader size shall +/// always be 0. The SignatureSize shall always be 16 (size of the SignatureOwner component) +/// + 80 bytes for an EFI_CERT_X509_SHA512 structure. If the TimeOfRevocation is non-zero, +/// the certificate should be considered to be revoked from that time and onwards, and +/// otherwise the certificate shall be considered to always be revoked. +/// +#define EFI_CERT_X509_SHA512_GUID \ + { \ + 0x446dbf63, 0x2502, 0x4cda, {0xbc, 0xfa, 0x24, 0x65, 0xd2, 0xb0, 0xfe, 0x9d } \ + } + +/// +/// This identifies a signature containing a DER-encoded PKCS #7 version 1.5 [RFC2315] +/// SignedData value. +/// +#define EFI_CERT_TYPE_PKCS7_GUID \ + { \ + 0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \ + } + +// *********************************************************************** +// Image Execution Information Table Definition +// *********************************************************************** +typedef UINT32 EFI_IMAGE_EXECUTION_ACTION; + +#define EFI_IMAGE_EXECUTION_AUTHENTICATION 0x00000007 +#define EFI_IMAGE_EXECUTION_AUTH_UNTESTED 0x00000000 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED 0x00000001 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED 0x00000002 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND 0x00000003 +#define EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND 0x00000004 +#define EFI_IMAGE_EXECUTION_POLICY_FAILED 0x00000005 +#define EFI_IMAGE_EXECUTION_INITIALIZED 0x00000008 + +// +// EFI_IMAGE_EXECUTION_INFO is added to EFI System Configuration Table +// and assigned the GUID EFI_IMAGE_SECURITY_DATABASE_GUID. +// +typedef struct { + /// + /// Describes the action taken by the firmware regarding this image. + /// + EFI_IMAGE_EXECUTION_ACTION Action; + /// + /// Size of all of the entire structure. + /// + UINT32 InfoSize; + /// + /// If this image was a UEFI device driver (for option ROM, for example) this is the + /// null-terminated, user-friendly name for the device. If the image was for an application, + /// then this is the name of the application. If this cannot be determined, then a simple + /// NULL character should be put in this position. + /// CHAR16 Name[]; + /// + + /// + /// For device drivers, this is the device path of the device for which this device driver + /// was intended. In some cases, the driver itself may be stored as part of the system + /// firmware, but this field should record the device's path, not the firmware path. For + /// applications, this is the device path of the application. If this cannot be determined, + /// a simple end-of-path device node should be put in this position. + /// EFI_DEVICE_PATH_PROTOCOL DevicePath; + /// + + /// + /// Zero or more image signatures. If the image contained no signatures, + /// then this field is empty. + /// EFI_SIGNATURE_LIST Signature; + /// +} EFI_IMAGE_EXECUTION_INFO; + +typedef struct { + /// + /// Number of EFI_IMAGE_EXECUTION_INFO structures. + /// + UINTN NumberOfImages; + /// + /// Number of image instances of EFI_IMAGE_EXECUTION_INFO structures. + /// + // EFI_IMAGE_EXECUTION_INFO InformationInfo[] +} EFI_IMAGE_EXECUTION_INFO_TABLE; + +extern EFI_GUID gEfiImageSecurityDatabaseGuid; +extern EFI_GUID gEfiCertSha256Guid; +extern EFI_GUID gEfiCertRsa2048Guid; +extern EFI_GUID gEfiCertRsa2048Sha256Guid; +extern EFI_GUID gEfiCertSha1Guid; +extern EFI_GUID gEfiCertRsa2048Sha1Guid; +extern EFI_GUID gEfiCertX509Guid; +extern EFI_GUID gEfiCertSha224Guid; +extern EFI_GUID gEfiCertSha384Guid; +extern EFI_GUID gEfiCertSha512Guid; +extern EFI_GUID gEfiCertX509Sha256Guid; +extern EFI_GUID gEfiCertX509Sha384Guid; +extern EFI_GUID gEfiCertX509Sha512Guid; +extern EFI_GUID gEfiCertPkcs7Guid; +extern EFI_GUID gEfiCertSm3Guid; +extern EFI_GUID gEfiCertX509Sm3Guid; + +#endif diff --git a/src/include/ipxe/efi/Guid/MdeModuleHii.h b/src/include/ipxe/efi/Guid/MdeModuleHii.h index 102025ac8..1634b8c62 100644 --- a/src/include/ipxe/efi/Guid/MdeModuleHii.h +++ b/src/include/ipxe/efi/Guid/MdeModuleHii.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __MDEMODULE_HII_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define NARROW_CHAR 0xFFF0 #define WIDE_CHAR 0xFFF1 diff --git a/src/include/ipxe/efi/Guid/MicrosoftVendor.h b/src/include/ipxe/efi/Guid/MicrosoftVendor.h new file mode 100644 index 000000000..ded1b9019 --- /dev/null +++ b/src/include/ipxe/efi/Guid/MicrosoftVendor.h @@ -0,0 +1,58 @@ +/** @file + Declare the GUID that is expected: + + - as EFI_SIGNATURE_DATA.SignatureOwner GUID in association with X509 and + RSA2048 Secure Boot certificates issued by/for Microsoft, + + - as UEFI variable vendor GUID in association with (unspecified) + Microsoft-owned variables. + + Copyright (C) 2014-2019, Red Hat, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + - MSDN: System.Fundamentals.Firmware at + <https://msdn.microsoft.com/en-us/ie/dn932805(v=vs.94)>. +**/ + +#ifndef MICROSOFT_VENDOR_H_ +#define MICROSOFT_VENDOR_H_ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Uefi/UefiBaseType.h> + +// +// The following test cases of the Secure Boot Logo Test in the Microsoft +// Hardware Certification Kit: +// +// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent +// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB +// +// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be +// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the +// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509 +// certificates: +// +// - "Microsoft Corporation KEK CA 2011" (in KEK) +// - "Microsoft Windows Production PCA 2011" (in db) +// - "Microsoft Corporation UEFI CA 2011" (in db) +// +// This is despite the fact that the UEFI specification requires +// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS, +// application or driver) that enrolled and therefore owns +// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued +// EFI_SIGNATURE_DATA.SignatureData. +// +#define MICROSOFT_VENDOR_GUID \ + { 0x77fa9abd, \ + 0x0359, \ + 0x4d32, \ + { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, \ + } + +extern EFI_GUID gMicrosoftVendorGuid; + +#endif /* MICROSOFT_VENDOR_H_ */ diff --git a/src/include/ipxe/efi/Guid/PcAnsi.h b/src/include/ipxe/efi/Guid/PcAnsi.h index 82835a2e3..73b740afd 100644 --- a/src/include/ipxe/efi/Guid/PcAnsi.h +++ b/src/include/ipxe/efi/Guid/PcAnsi.h @@ -13,6 +13,7 @@ #define __PC_ANSI_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_PC_ANSI_GUID \ { \ diff --git a/src/include/ipxe/efi/Guid/Rng.h b/src/include/ipxe/efi/Guid/Rng.h new file mode 100644 index 000000000..448b3a69b --- /dev/null +++ b/src/include/ipxe/efi/Guid/Rng.h @@ -0,0 +1,158 @@ +/** @file + Random Number Generator (RNG) GUIDs and structures shared across RNG interfaces. + + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef RNG_GUID_H_ +#define RNG_GUID_H_ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +typedef struct _EFI_RNG_INTERFACE EFI_RNG_INTERFACE; + +/// +/// A selection of EFI_RNG_PROTOCOL algorithms. +/// The algorithms listed are optional, not meant to be exhaustive and be argmented by +/// vendors or other industry standards. +/// +typedef EFI_GUID EFI_RNG_ALGORITHM; + +/// +/// The algorithms corresponds to SP800-90 as defined in +/// NIST SP 800-90, "Recommendation for Random Number Generation Using Deterministic Random +/// Bit Generators", March 2007. +/// +#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \ + { \ + 0xa7af67cb, 0x603b, 0x4d42, {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96 } \ + } +#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \ + { \ + 0xc5149b43, 0xae85, 0x4f53, {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7 } \ + } +#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \ + { \ + 0x44f0de6e, 0x4d8c, 0x4045, {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e } \ + } + +/// +/// The algorithms correspond to X9.31 as defined in +/// NIST, "Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using +/// the 3-Key Triple DES and AES Algorithm", January 2005. +/// +#define EFI_RNG_ALGORITHM_X9_31_3DES_GUID \ + { \ + 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 } \ + } +#define EFI_RNG_ALGORITHM_X9_31_AES_GUID \ + { \ + 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 } \ + } + +/// +/// The "raw" algorithm, when supported, is intended to provide entropy directly from +/// the source, without it going through some deterministic random bit generator. +/// +#define EFI_RNG_ALGORITHM_RAW \ + { \ + 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \ + } + +/// +/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant +/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be +/// inclusive of different geographies. +/// +#define EFI_RNG_ALGORITHM_ARM_RNDR \ + { \ + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \ + } + +/** + Returns information about the random number generation implementation. + + @param[in] This A pointer to this interface instance. + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_UNSUPPORTED The services is not supported by this driver. + @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a + hardware or firmware error. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_RNG_GET_INFO)( + IN EFI_RNG_INTERFACE *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ); + +/** + Produces and returns an RNG value using either the default or specified RNG algorithm. + + @param[in] This A pointer to this interface instance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG + algorithm to use. May be NULL in which case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by + RNGValue. The driver shall return exactly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfully. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data available to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_RNG_GET_RNG)( + IN EFI_RNG_INTERFACE *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ); + +/// +/// The Random Number Generator (RNG) interface provides random bits for use in +/// applications, or entropy for seeding other random number generators. +/// +/// This interface is shared between the RNG Protocol defined in the UEFI 2.4 Specification +/// and the RNG PPI defined in the PI 1.9 Specification. +/// +struct _EFI_RNG_INTERFACE { + EFI_RNG_GET_INFO GetInfo; + EFI_RNG_GET_RNG GetRNG; +}; + +extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid; +extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid; +extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; +extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; +extern EFI_GUID gEfiRngAlgorithmX931AesGuid; +extern EFI_GUID gEfiRngAlgorithmRaw; +extern EFI_GUID gEfiRngAlgorithmArmRndr; + +#endif // #ifndef RNG_GUID_H_ diff --git a/src/include/ipxe/efi/Guid/SmBios.h b/src/include/ipxe/efi/Guid/SmBios.h index 0a47a0525..45149bc6f 100644 --- a/src/include/ipxe/efi/Guid/SmBios.h +++ b/src/include/ipxe/efi/Guid/SmBios.h @@ -17,6 +17,7 @@ #define __SMBIOS_GUID_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define SMBIOS_TABLE_GUID \ { \ diff --git a/src/include/ipxe/efi/Guid/TlsAuthentication.h b/src/include/ipxe/efi/Guid/TlsAuthentication.h new file mode 100644 index 000000000..806fba92c --- /dev/null +++ b/src/include/ipxe/efi/Guid/TlsAuthentication.h @@ -0,0 +1,26 @@ +/** @file + This file defines TlsCaCertificate variable. + +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TLS_AUTHENTICATION_H__ +#define __TLS_AUTHENTICATION_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +// Private variable for CA Certificate configuration +// +#define EFI_TLS_CA_CERTIFICATE_GUID \ + { \ + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \ + } + +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate" + +extern EFI_GUID gEfiTlsCaCertificateGuid; + +#endif diff --git a/src/include/ipxe/efi/Guid/WinCertificate.h b/src/include/ipxe/efi/Guid/WinCertificate.h index 1c706d3a4..efa6c3d9b 100644 --- a/src/include/ipxe/efi/Guid/WinCertificate.h +++ b/src/include/ipxe/efi/Guid/WinCertificate.h @@ -12,6 +12,7 @@ #define __EFI_WIN_CERTIFICATE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // _WIN_CERTIFICATE.wCertificateType diff --git a/src/include/ipxe/efi/Ia32/ProcessorBind.h b/src/include/ipxe/efi/Ia32/ProcessorBind.h index b922597fb..4272ed254 100644 --- a/src/include/ipxe/efi/Ia32/ProcessorBind.h +++ b/src/include/ipxe/efi/Ia32/ProcessorBind.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PROCESSOR_BIND_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Define the processor type so other code can make processor based choices. diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi10.h b/src/include/ipxe/efi/IndustryStandard/Acpi10.h index e9a561c22..0dc281b55 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi10.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi10.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _ACPI_1_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/AcpiAml.h> diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi20.h b/src/include/ipxe/efi/IndustryStandard/Acpi20.h index ad28120b2..131d760da 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi20.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi20.h @@ -9,6 +9,7 @@ #define _ACPI_2_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi10.h> diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi30.h b/src/include/ipxe/efi/IndustryStandard/Acpi30.h index ff82bf203..d5c1a82b3 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi30.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi30.h @@ -2,6 +2,7 @@ ACPI 3.0 definitions from the ACPI Specification Revision 3.0b October 10, 2006 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -9,9 +10,20 @@ #define _ACPI_3_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi20.h> +/// +/// _CSD Revision for ACPI 3.0 +/// +#define EFI_ACPI_3_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 3.0 +/// +#define EFI_ACPI_3_0_AML_CSD_NUM_ENTRIES 6 + // // Define for Descriptor // diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi40.h b/src/include/ipxe/efi/IndustryStandard/Acpi40.h index 97b817039..f668ce04b 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi40.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi40.h @@ -2,6 +2,7 @@ ACPI 4.0 definitions from the ACPI Specification Revision 4.0a April 5, 2010 Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -9,10 +10,21 @@ #define _ACPI_4_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi30.h> /// +/// _CSD Revision for ACPI 4.0 +/// +#define EFI_ACPI_4_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 4.0 +/// +#define EFI_ACPI_4_0_AML_CSD_NUM_ENTRIES 6 + +/// /// _PSD Revision for ACPI 4.0 /// #define EFI_ACPI_4_0_AML_PSD_REVISION 0 diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi50.h b/src/include/ipxe/efi/IndustryStandard/Acpi50.h index 2addcb008..1621411b1 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi50.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi50.h @@ -4,6 +4,7 @@ Copyright (c) 2014 Hewlett-Packard Development Company, L.P.<BR> Copyright (c) 2011 - 2022, Intel Corporation. All rights reserved.<BR> Copyright (c) 2020, ARM Ltd. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -11,9 +12,20 @@ #define _ACPI_5_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi40.h> +/// +/// _CSD Revision for ACPI 5.0 +/// +#define EFI_ACPI_5_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 5.0 +/// +#define EFI_ACPI_5_0_AML_CSD_NUM_ENTRIES 6 + // // Define for Descriptor // @@ -123,6 +135,40 @@ typedef PACKED struct { UINT16 DeviceSelection; } EFI_ACPI_SERIAL_BUS_RESOURCE_SPI_DESCRIPTOR; +/// Revision ID of serial bus uart descriptor +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_REVISION_ID 0x1 + +/// Type specific flags +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_LITTLE_ENDIAN 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_BIG_ENDIAN 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_5_BITS_PER_BYTE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_6_BITS_PER_BYTE 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_7_BITS_PER_BYTE 0x2 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_8_BITS_PER_BYTE 0x3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_9_BITS_PER_BYTE 0x4 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_NONE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_1 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_1_5 0x2 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_STOP_BIT_2 0x3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_NONE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_HW 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_TSF_FC_XON_XOFF 0x2 + +/// Parity definitions +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_NONE 0x0 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_EVEN 0x1 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_ODD 0x2 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_MARK 0x3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_PARITY_SPACE 0x4 + +/// Serial lines in use bits +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_RTS BIT7 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_CTS BIT6 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DTR BIT5 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DSR BIT4 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_RI BIT3 +#define EFI_ACPI_5_0_SERIAL_BUS_RESOURCE_UART_DESCRIPTOR_LIN_DTD BIT2 + /// /// Serial Bus Resource Descriptor (UART) /// diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi51.h b/src/include/ipxe/efi/IndustryStandard/Acpi51.h index a2079ecc5..ec48c5b25 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi51.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi51.h @@ -5,6 +5,7 @@ Copyright (c) 2014 - 2022, Intel Corporation. All rights reserved.<BR> (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> Copyright (c) 2020, ARM Ltd. All rights reserved.<BR> + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -12,10 +13,21 @@ #define _ACPI_5_1_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi50.h> /// +/// _CSD Revision for ACPI 5.1 +/// +#define EFI_ACPI_5_1_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 5.1 +/// +#define EFI_ACPI_5_1_AML_CSD_NUM_ENTRIES 6 + +/// /// _PSD Revision for ACPI 5.1 /// #define EFI_ACPI_5_1_AML_PSD_REVISION 0 @@ -1762,6 +1774,7 @@ typedef struct { #define EFI_ACPI_5_1_EINJ_EXECUTE_OPERATION 0x05 #define EFI_ACPI_5_1_EINJ_CHECK_BUSY_STATUS 0x06 #define EFI_ACPI_5_1_EINJ_GET_COMMAND_STATUS 0x07 +#define EFI_ACPI_5_1_EINJ_SET_ERROR_TYPE_WITH_ADDRESS 0x08 #define EFI_ACPI_5_1_EINJ_TRIGGER_ERROR 0xFF /// @@ -1825,6 +1838,25 @@ typedef struct { } EFI_ACPI_5_1_EINJ_TRIGGER_ACTION_TABLE; /// +/// Windows ACPI Emulated devices Table +/// +typedef struct { + EFI_ACPI_DESCRIPTION_HEADER Header; + /// + /// Container of a bitmask of Windows behavior that this system requires + /// Bit 0 - RTC good + /// Bit 1 - ACPI PM timer good + /// + UINT32 EmulatedDeviceFlags; +} EFI_ACPI_5_1_WAET_TABLE; + +/// +/// WAET Flags. All other bits are reserved and must be 0. +/// +#define EFI_ACPI_5_1_WAET_FLAGS_RTC_GOOD BIT0 +#define EFI_ACPI_5_1_WAET_FLAGS_ACPI_PM_TIMER_GOOD BIT1 + +/// /// Platform Communications Channel Table (PCCT) /// typedef struct { diff --git a/src/include/ipxe/efi/IndustryStandard/Acpi60.h b/src/include/ipxe/efi/IndustryStandard/Acpi60.h index c8d99214c..251e27e49 100644 --- a/src/include/ipxe/efi/IndustryStandard/Acpi60.h +++ b/src/include/ipxe/efi/IndustryStandard/Acpi60.h @@ -4,6 +4,7 @@ Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.<BR> (C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR> Copyright (c) 2020, ARM Ltd. All rights reserved.<BR> + Copyright (C) 2025, Advanced Micro Devices, Inc. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -11,10 +12,21 @@ #define _ACPI_6_0_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Acpi51.h> /// +/// _CSD Revision for ACPI 6.0 +/// +#define EFI_ACPI_6_0_AML_CSD_REVISION 0 + +/// +/// _CSD NumEntries for ACPI 6.0 +/// +#define EFI_ACPI_6_0_AML_CSD_NUM_ENTRIES 6 + +/// /// _PSD Revision for ACPI 6.0 /// #define EFI_ACPI_6_0_AML_PSD_REVISION 0 @@ -1949,6 +1961,7 @@ typedef struct { #define EFI_ACPI_6_0_EINJ_EXECUTE_OPERATION 0x05 #define EFI_ACPI_6_0_EINJ_CHECK_BUSY_STATUS 0x06 #define EFI_ACPI_6_0_EINJ_GET_COMMAND_STATUS 0x07 +#define EFI_ACPI_6_0_EINJ_SET_ERROR_TYPE_WITH_ADDRESS 0x08 #define EFI_ACPI_6_0_EINJ_TRIGGER_ERROR 0xFF /// diff --git a/src/include/ipxe/efi/IndustryStandard/AcpiAml.h b/src/include/ipxe/efi/IndustryStandard/AcpiAml.h index d7a83f7fa..4ea320cd0 100644 --- a/src/include/ipxe/efi/IndustryStandard/AcpiAml.h +++ b/src/include/ipxe/efi/IndustryStandard/AcpiAml.h @@ -11,6 +11,7 @@ #define _ACPI_AML_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // ACPI AML definition diff --git a/src/include/ipxe/efi/IndustryStandard/Bluetooth.h b/src/include/ipxe/efi/IndustryStandard/Bluetooth.h index 97b6526b3..b2547ca0b 100644 --- a/src/include/ipxe/efi/IndustryStandard/Bluetooth.h +++ b/src/include/ipxe/efi/IndustryStandard/Bluetooth.h @@ -11,6 +11,7 @@ #define _BLUETOOTH_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #pragma pack(1) diff --git a/src/include/ipxe/efi/IndustryStandard/Pci22.h b/src/include/ipxe/efi/IndustryStandard/Pci22.h index 161333d88..477761c32 100644 --- a/src/include/ipxe/efi/IndustryStandard/Pci22.h +++ b/src/include/ipxe/efi/IndustryStandard/Pci22.h @@ -17,6 +17,7 @@ #define _PCI22_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define PCI_MAX_BUS 255 #define PCI_MAX_DEVICE 31 diff --git a/src/include/ipxe/efi/IndustryStandard/PeImage.h b/src/include/ipxe/efi/IndustryStandard/PeImage.h index c1f1a09cb..f99deb051 100644 --- a/src/include/ipxe/efi/IndustryStandard/PeImage.h +++ b/src/include/ipxe/efi/IndustryStandard/PeImage.h @@ -20,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PE_IMAGE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // PE32+ Subsystem type for EFI images @@ -27,7 +28,6 @@ FILE_LICENCE ( BSD2_PATENT ); #define EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION 10 #define EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 #define EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 -#define EFI_IMAGE_SUBSYSTEM_SAL_RUNTIME_DRIVER 13///< defined PI Specification, 1.0 // // PE32+ Machine type for EFI images diff --git a/src/include/ipxe/efi/IndustryStandard/Tpm12.h b/src/include/ipxe/efi/IndustryStandard/Tpm12.h index 6bebcb7bd..02fda8564 100644 --- a/src/include/ipxe/efi/IndustryStandard/Tpm12.h +++ b/src/include/ipxe/efi/IndustryStandard/Tpm12.h @@ -10,6 +10,7 @@ #define _TPM12_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The start of TPM return codes @@ -746,8 +747,8 @@ typedef struct tdTPM_PERMANENT_FLAGS { BOOLEAN TPMpost; BOOLEAN TPMpostLock; BOOLEAN FIPS; - BOOLEAN operator; - BOOLEAN enableRevokeEK; + BOOLEAN operator_; + BOOLEAN enableRevokeEK; BOOLEAN nvLocked; BOOLEAN readSRKPub; BOOLEAN tpmEstablished; diff --git a/src/include/ipxe/efi/IndustryStandard/Tpm20.h b/src/include/ipxe/efi/IndustryStandard/Tpm20.h index b314d6e91..c70e0a121 100644 --- a/src/include/ipxe/efi/IndustryStandard/Tpm20.h +++ b/src/include/ipxe/efi/IndustryStandard/Tpm20.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _TPM20_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Tpm12.h> @@ -205,15 +206,16 @@ typedef UINT16 TPM_ALG_ID; // Table 8 - TPM_ECC_CURVE Constants typedef UINT16 TPM_ECC_CURVE; -#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) -#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) -#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) -#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) -#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) -#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) -#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) -#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) -#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) +#define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) +#define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) +#define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) +#define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) +#define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) +#define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) +#define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) +#define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) +#define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) +#define TPM_ECC_BP_P512_R1 (TPM_ECC_CURVE)(0x0032) // Table 11 - TPM_CC Constants (Numeric Order) typedef UINT32 TPM_CC; @@ -1249,7 +1251,7 @@ typedef union { TPMI_AES_KEY_BITS aes; TPMI_SM4_KEY_BITS SM4; TPM_KEY_BITS sym; - TPMI_ALG_HASH xor; + TPMI_ALG_HASH xor_; } TPMU_SYM_KEY_BITS; // Table 123 - TPMU_SYM_MODE Union @@ -1322,7 +1324,7 @@ typedef struct { // Table 136 - TPMU_SCHEME_KEYEDHASH Union typedef union { TPMS_SCHEME_HMAC hmac; - TPMS_SCHEME_XOR xor; + TPMS_SCHEME_XOR xor_; } TPMU_SCHEME_KEYEDHASH; // Table 137 - TPMT_KEYEDHASH_SCHEME Structure diff --git a/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h index a89986712..98bf7b689 100644 --- a/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h +++ b/src/include/ipxe/efi/IndustryStandard/UefiTcgPlatform.h @@ -1,8 +1,8 @@ /** @file TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final and - TCG PC Client Platform Firmware Profile Specification, Revision 1.05 + TCG PC Client Platform Firmware Profile Specification, Revision 1.06 - Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2006 - 2024, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -11,6 +11,7 @@ #define __UEFI_TCG_PLATFORM_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Tpm12.h> #include <ipxe/efi/IndustryStandard/Tpm20.h> @@ -55,6 +56,18 @@ FILE_LICENCE ( BSD2_PATENT ); #define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0) #define EV_EFI_SPDM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 0xE1) #define EV_EFI_SPDM_FIRMWARE_CONFIG (EV_EFI_EVENT_BASE + 0xE2) +#define EV_EFI_SPDM_DEVICE_BLOB EV_EFI_SPDM_FIRMWARE_BLOB +#define EV_EFI_SPDM_DEVICE_CONFIG EV_EFI_SPDM_FIRMWARE_CONFIG +// +// The SPDM policy database for SPDM verification. +// It goes to PCR7 +// +#define EV_EFI_SPDM_DEVICE_POLICY (EV_EFI_EVENT_BASE + 0xE3) +// +// The SPDM policy authority for SPDM verification for the signature +// of GET_MEASUREMENT or CHALLENGE_AUTH. It goes to PCR7. +// +#define EV_EFI_SPDM_DEVICE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE4) #define EFI_CALLING_EFI_APPLICATION \ "Calling EFI Application from Boot Option" @@ -376,6 +389,7 @@ typedef struct { #define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2 0 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2 0 #define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105 105 +#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106 106 typedef struct { UINT8 signature[16]; @@ -440,6 +454,7 @@ typedef struct tdTCG_PCClientTaggedEvent { #define TCG_Sp800_155_PlatformId_Event_SIGNATURE "SP800-155 Event" #define TCG_Sp800_155_PlatformId_Event2_SIGNATURE "SP800-155 Event2" +#define TCG_Sp800_155_PlatformId_Event3_SIGNATURE "SP800-155 Event3" typedef struct tdTCG_Sp800_155_PlatformId_Event2 { UINT8 Signature[16]; @@ -461,14 +476,57 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event2 { // UINT8 PlatformModel[PlatformModelSize]; // UINT8 PlatformVersionSize; // UINT8 PlatformVersion[PlatformVersionSize]; + // UINT8 FirmwareManufacturerStrSize; + // UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize]; + // UINT32 FirmwareManufacturerId; + // UINT8 FirmwareVersion; + // UINT8 FirmwareVersion[FirmwareVersionSize]; +} TCG_Sp800_155_PlatformId_Event2; + +typedef struct tdTCG_Sp800_155_PlatformId_Event3 { + UINT8 Signature[16]; + // + // Where Vendor ID is an integer defined + // at http://www.iana.org/assignments/enterprisenumbers + // + UINT32 VendorId; + // + // 16-byte identifier of a given platform's static configuration of code + // + EFI_GUID ReferenceManifestGuid; + // UINT8 PlatformManufacturerStrSize; + // UINT8 PlatformManufacturerStr[PlatformManufacturerStrSize]; // UINT8 PlatformModelSize; // UINT8 PlatformModel[PlatformModelSize]; + // UINT8 PlatformVersionSize; + // UINT8 PlatformVersion[PlatformVersionSize]; // UINT8 FirmwareManufacturerStrSize; // UINT8 FirmwareManufacturerStr[FirmwareManufacturerStrSize]; // UINT32 FirmwareManufacturerId; // UINT8 FirmwareVersion; - // UINT8 FirmwareVersion[FirmwareVersionSize]]; -} TCG_Sp800_155_PlatformId_Event2; + // UINT8 FirmwareVersion[FirmwareVersionSize]; + // + // Below structure is newly added in TCG_Sp800_155_PlatformId_Event3 + // + // UINT32 RimLocatorType; + // UINT32 RimLocatorLength; + // UINT8 RimLocator[RimLocatorLength]; + // UINT32 PlatformCertLocatorType; + // UINT32 PlatformCertLocatorLength; + // UINT8 PlatformCertLocator[PlatformCertLocatorLength]; +} TCG_Sp800_155_PlatformId_Event3; + +/** + * TCG specifies a locator type with the following values + * 0 - Raw data in the locator itself. + * 1 - URI in rtf2396 format. + * 2 - local device path in EFI_DEVICE_PATH_PROTOCOL format. + * 3 - UEFI variable (16 byte EFI_GUID, then 00-terminated UCS2 string) +**/ +#define TCG_LOCATOR_TYPE_RAW_DATA 0 +#define TCG_LOCATOR_TYPE_URI 1 +#define TCG_LOCATOR_TYPE_DEVICE_PATH 2 +#define TCG_LOCATOR_TYPE_UEFI_VARIABLE 3 #define TCG_EfiStartupLocalityEvent_SIGNATURE "StartupLocality" @@ -494,4 +552,173 @@ typedef struct tdTCG_EfiStartupLocalityEvent { // #pragma pack () +// +// ====================================================================================================================== +// Event Type PCR Event Log Usage +// ====================================================================================================================== +// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device +// EV_EFI_SPDM_DEVICE_CONFIG 3 SPDM_MEASUREMENT_BLOCK (subtype) MEASUREMENT from device +// EV_EFI_SPDM_DEVICE_BLOB 2 SPDM_MEASUREMENT_SUMMARY_HASH.TCB (subtype) SUMMARY_HASH from device + +// EV_EFI_SPDM_DEVICE_POLICY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_LIST Provisioned device public cert. +// EV_EFI_SPDM_DEVICE_AUTHORITY 7 UEFI_VARIABLE_DATA with EFI_SIGNATURE_DATA CHALLENGE_AUTH signature verification +// ====================================================================================================================== +// + +#define PCR_INDEX_FOR_SIGNATURE_DB 7 + +#pragma pack(1) + +#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_1 1 +#define TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2 2 +#define TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2 "SPDM Device Sec2" + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 AuthState; + UINT8 Reserved; + UINT32 Length; // Length in bytes for all following structures. + UINT32 DeviceType; + UINT32 SubHeaderType; + UINT32 SubHeaderLength; // Length in bytes of the sub header followed by. + UINT64 SubHeaderUID; // Universal identifier assigned by the event log creator. It can be used to bind two sub header structure together. + // UINT64 DevicePathLength; + // UINT8 DevicePath[DevicePathLength]; +} TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2; + +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS 0 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH 1 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING 2 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG 3 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID 4 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM 0xFF + +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_MEASUREMENT_BLOCK 0 +#define TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN 1 + +typedef struct { + UINT16 SpdmVersion; + UINT8 SpdmMeasurementBlockCount; + UINT8 Reserved; + UINT32 SpdmMeasurementHashAlgo; + // SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK; + +typedef struct { + UINT16 SpdmVersion; + UINT8 SpdmSlotId; + UINT8 Reserved; + UINT32 SpdmHashAlgo; + // SPDM_CERT_CHAIN SpdmCertChain; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN; + +typedef struct { + UINT32 Type; + UINT32 Length; + UINT8 Value[1]; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT; + +typedef union { + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN SpdmCertChain; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_OEM_MEASUREMENT OemMeasurement; +} TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER; + +typedef union { + TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT Pci; + TCG_DEVICE_SECURITY_EVENT_DATA_USB_CONTEXT Usb; +} TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT; + +typedef struct { + TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2 EventDataHeader; + TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER EventDataSubHeader; + TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT DeviceContext; +} TCG_DEVICE_SECURITY_EVENT_DATA2; + +#pragma pack() + +// +// EventType:EV_NO_ACTION +// ====================================================================================================================== +// NVIndex Name PCR/NvIndex Event Log Usage +// ====================================================================================================================== +// NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 NV_INDEX_INSTANCE_EVENT_LOG_STRUCT NV Extend Record for instance data (CertChain) +// NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT NV Extend Record for dynamic data (Nonce) + +// EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ExitPmAuth +// EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 EVENT_LOG_INTEGRITY_NV_INDEX_STRUCT Event Log Integrity for ReadyToBoot +// ====================================================================================================================== +// + +#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE 0x01C40200 +#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC 0x01C40201 +#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_EXIT_PM_AUTH 0x01C40202 +#define TCG_EVENT_LOG_INTEGRITY_NV_INDEX_READY_TO_BOOT 0x01C40203 + +#pragma pack(1) + +#define TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE "NvIndexInstance" +#define TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION 1 + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 Reserved[6]; + // TCG_DEVICE_SECURITY_EVENT_DATA2 Data; +} TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT; + +#define TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE "NvIndexDynamic " +#define TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION 1 + +#define TCG_SPDM_CHALLENGE_DESCRIPTION "SPDM CHALLENGE" +#define TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION "SPDM CHALLENGE_AUTH" +#define TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION "SPDM GET_MEASUREMENTS" +#define TCG_SPDM_MEASUREMENTS_DESCRIPTION "SPDM MEASUREMENTS" + +typedef struct { + UINT8 Signature[16]; + UINT16 Version; + UINT8 Reserved[6]; + UINT64 Uid; + // UINT16 DescriptionSize; + // UINT8 Description[DescriptionSize]; + // UINT16 DataSize; + // UINT8 Data[DataSize]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_GET_MEASUREMENTS_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_GET_MEASUREMENTS; + +typedef struct { + TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT Header; + UINT16 DescriptionSize; + UINT8 Description[sizeof (TCG_SPDM_MEASUREMENTS_DESCRIPTION)]; + UINT16 DataSize; + UINT8 Data[32]; +} TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_MEASUREMENTS; + +#pragma pack() + #endif diff --git a/src/include/ipxe/efi/IndustryStandard/Usb.h b/src/include/ipxe/efi/IndustryStandard/Usb.h index 8c7fe834f..a2b6c1ab9 100644 --- a/src/include/ipxe/efi/IndustryStandard/Usb.h +++ b/src/include/ipxe/efi/IndustryStandard/Usb.h @@ -2,6 +2,8 @@ Support for USB 2.0 standard. Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR> + Copyright (c) 2024, American Megatrends International LLC. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -10,6 +12,7 @@ #define __USB_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Subset of Class and Subclass definitions from USB Specs @@ -134,6 +137,21 @@ typedef struct { } USB_CONFIG_DESCRIPTOR; /// +/// Standard Interface Association Descriptor +/// USB 3.0 spec, Section 9.6.4 +/// +typedef struct { + UINT8 Length; + UINT8 DescriptorType; + UINT8 FirstInterface; + UINT8 InterfaceCount; + UINT8 FunctionClass; + UINT8 FunctionSubclass; + UINT8 FunctionProtocol; + UINT8 FunctionDescriptionStringIndex; +} USB_INTERFACE_ASSOCIATION_DESCRIPTOR; + +/// /// Standard Interface Descriptor /// USB 2.0 spec, Section 9.6.5 /// @@ -209,13 +227,16 @@ typedef enum { // // USB Descriptor types // - USB_DESC_TYPE_DEVICE = 0x01, - USB_DESC_TYPE_CONFIG = 0x02, - USB_DESC_TYPE_STRING = 0x03, - USB_DESC_TYPE_INTERFACE = 0x04, - USB_DESC_TYPE_ENDPOINT = 0x05, - USB_DESC_TYPE_HID = 0x21, - USB_DESC_TYPE_REPORT = 0x22, + USB_DESC_TYPE_DEVICE = 0x01, + USB_DESC_TYPE_CONFIG = 0x02, + USB_DESC_TYPE_STRING = 0x03, + USB_DESC_TYPE_INTERFACE = 0x04, + USB_DESC_TYPE_ENDPOINT = 0x05, + USB_DESC_TYPE_INTERFACE_ASSOCIATION = 0x0b, + USB_DESC_TYPE_HID = 0x21, + USB_DESC_TYPE_REPORT = 0x22, + USB_DESC_TYPE_CS_INTERFACE = 0x24, + USB_DESC_TYPE_CS_ENDPOINT = 0x25, // // Features to be cleared by CLEAR_FEATURE requests diff --git a/src/include/ipxe/efi/Library/BaseLib.h b/src/include/ipxe/efi/Library/BaseLib.h index 16ea35cd2..30e2c76b1 100644 --- a/src/include/ipxe/efi/Library/BaseLib.h +++ b/src/include/ipxe/efi/Library/BaseLib.h @@ -7,6 +7,7 @@ Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR> Copyright (c) Microsoft Corporation.<BR> Portions Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR> Portions Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR> +Copyright (c) 2023 - 2024, Arm Limited. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @@ -16,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __BASE_LIB__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Definitions for architecture-specific types @@ -78,26 +80,6 @@ typedef struct { #endif // defined (MDE_CPU_EBC) -#if defined (MDE_CPU_ARM) - -typedef struct { - UINT32 R3; ///< A copy of R13. - UINT32 R4; - UINT32 R5; - UINT32 R6; - UINT32 R7; - UINT32 R8; - UINT32 R9; - UINT32 R10; - UINT32 R11; - UINT32 R12; - UINT32 R14; -} BASE_LIBRARY_JUMP_BUFFER; - -#define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 4 - -#endif // defined (MDE_CPU_ARM) - #if defined (MDE_CPU_AARCH64) typedef struct { // GP regs @@ -128,6 +110,92 @@ typedef struct { #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 8 +/** + Reads the current value of CNTPCT_EL0 register. + + Reads and returns the current value of CNTPCT_EL0. + This function is only available on AARCH64. + + @return The current value of CNTPCT_EL0 +**/ +UINT64 +EFIAPI +ArmReadCntPctReg ( + VOID + ); + +// +// Bit shifts for the ID_AA64ISAR0_EL1 register. +// +#define ARM_ID_AA64ISAR0_EL1_AES_SHIFT (4U) +#define ARM_ID_AA64ISAR0_EL1_SHA1_SHIFT (8U) +#define ARM_ID_AA64ISAR0_EL1_SHA2_SHIFT (12U) +#define ARM_ID_AA64ISAR0_EL1_CRC32_SHIFT (16U) +#define ARM_ID_AA64ISAR0_EL1_ATOMIC_SHIFT (20U) +#define ARM_ID_AA64ISAR0_EL1_RDM_SHIFT (28U) +#define ARM_ID_AA64ISAR0_EL1_SHA3_SHIFT (32U) +#define ARM_ID_AA64ISAR0_EL1_SM3_SHIFT (36U) +#define ARM_ID_AA64ISAR0_EL1_SM4_SHIFT (40U) +#define ARM_ID_AA64ISAR0_EL1_DP_SHIFT (44U) +#define ARM_ID_AA64ISAR0_EL1_FHM_SHIFT (48U) +#define ARM_ID_AA64ISAR0_EL1_TS_SHIFT (52U) +#define ARM_ID_AA64ISAR0_EL1_TLB_SHIFT (56U) +#define ARM_ID_AA64ISAR0_EL1_RNDR_SHIFT (60U) + +// +// Bit masks for the ID_AA64ISAR0_EL1 fields. +// +#define ARM_ID_AA64ISAR0_EL1_AES_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SHA1_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SHA2_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_CRC32_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_ATOMIC_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_RDM_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SHA3_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SM3_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_SM4_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_DP_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_FHM_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_TS_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_TLB_MASK (0xFU) +#define ARM_ID_AA64ISAR0_EL1_RNDR_MASK (0xFU) + +// +// Bit masks for the ID_AA64ISAR0_EL1 field values. +// +#define ARM_ID_AA64ISAR0_EL1_AES_FEAT_AES_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_AES_FEAT_PMULL_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_SHA1_FEAT_SHA1_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SHA2_FEAT_SHA256_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SHA2_FEAT_SHA512_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_CRC32_HAVE_CRC32_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_ATOMIC_FEAT_LSE_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_RDM_FEAT_RDM_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SHA3_FEAT_SHA3_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SM3_FEAT_SM3_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_SM4_FEAT_SM4_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_DP_FEAT_DOTPROD_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_FHM_FEAT_FHM_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_TS_FEAT_FLAGM_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_TS_FEAT_FLAGM2_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_TLB_FEAT_TLBIOS_MASK (0x1U) +#define ARM_ID_AA64ISAR0_EL1_TLB_FEAT_TLBIRANGE_MASK (0x2U) +#define ARM_ID_AA64ISAR0_EL1_RNDR_FEAT_RNG_MASK (0x1U) + +/** + Reads the current value of ID_AA64ISAR0_EL1 register. + + Reads and returns the current value of ID_AA64ISAR0_EL1. + This function is only available on AARCH64. + + @return The current value of ID_AA64ISAR0_EL1 +**/ +UINT64 +EFIAPI +ArmReadIdAA64Isar0Reg ( + VOID + ); + #endif // defined (MDE_CPU_AARCH64) #if defined (MDE_CPU_RISCV64) @@ -2902,7 +2970,7 @@ InitializeListHead ( If ListHead is NULL, then ASSERT(). If Entry is NULL, then ASSERT(). - If ListHead was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If ListHead was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and prior to insertion the number of nodes in ListHead, including the ListHead node, is greater than or @@ -2931,7 +2999,7 @@ InsertHeadList ( If ListHead is NULL, then ASSERT(). If Entry is NULL, then ASSERT(). - If ListHead was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If ListHead was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and prior to insertion the number of nodes in ListHead, including the ListHead node, is greater than or @@ -2955,11 +3023,11 @@ InsertTailList ( Retrieves the first node of a doubly linked list. Returns the first node of a doubly linked list. List must have been - initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is empty, then List is returned. If List is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -2981,12 +3049,12 @@ GetFirstNode ( Retrieves the next node of a doubly linked list. Returns the node of a doubly linked list that follows Node. - List must have been initialized with INTIALIZE_LIST_HEAD_VARIABLE() + List must have been initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is empty, then List is returned. If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and List contains more than PcdMaximumLinkedListLength nodes, then ASSERT(). @@ -3009,12 +3077,12 @@ GetNextNode ( Retrieves the previous node of a doubly linked list. Returns the node of a doubly linked list that precedes Node. - List must have been initialized with INTIALIZE_LIST_HEAD_VARIABLE() + List must have been initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is empty, then List is returned. If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and List contains more than PcdMaximumLinkedListLength nodes, then ASSERT(). @@ -3040,7 +3108,7 @@ GetPreviousNode ( zero nodes, this function returns TRUE. Otherwise, it returns FALSE. If ListHead is NULL, then ASSERT(). - If ListHead was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If ListHead was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -3065,11 +3133,11 @@ IsListEmpty ( Returns TRUE if Node is equal to List. Returns FALSE if Node is one of the nodes in the doubly linked list specified by List. List must have been - initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -3096,11 +3164,11 @@ IsNull ( Returns TRUE if Node is the last node in the doubly linked list specified by List. Otherwise, FALSE is returned. List must have been initialized with - INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). If List is NULL, then ASSERT(). If Node is NULL, then ASSERT(). - If List was not initialized with INTIALIZE_LIST_HEAD_VARIABLE() or + If List was not initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(), then ASSERT(). If PcdMaximumLinkedListLength is not zero, and the number of nodes in List, including the List node, is greater than or equal to @@ -3129,7 +3197,7 @@ IsNodeAtEnd ( Otherwise, the location of the FirstEntry node is swapped with the location of the SecondEntry node in a doubly linked list. SecondEntry must be in the same double linked list as FirstEntry and that double linked list must have - been initialized with INTIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). + been initialized with INITIALIZE_LIST_HEAD_VARIABLE() or InitializeListHead(). SecondEntry is returned after the nodes are swapped. If FirstEntry is NULL, then ASSERT(). @@ -3774,7 +3842,7 @@ DivS64x64Remainder ( UINT16 EFIAPI ReadUnaligned16 ( - IN CONST UINT16 *Buffer + IN CONST VOID *Buffer ); /** @@ -3795,7 +3863,7 @@ ReadUnaligned16 ( UINT16 EFIAPI WriteUnaligned16 ( - OUT UINT16 *Buffer, + OUT VOID *Buffer, IN UINT16 Value ); @@ -3815,7 +3883,7 @@ WriteUnaligned16 ( UINT32 EFIAPI ReadUnaligned24 ( - IN CONST UINT32 *Buffer + IN CONST VOID *Buffer ); /** @@ -3836,7 +3904,7 @@ ReadUnaligned24 ( UINT32 EFIAPI WriteUnaligned24 ( - OUT UINT32 *Buffer, + OUT VOID *Buffer, IN UINT32 Value ); @@ -3856,7 +3924,7 @@ WriteUnaligned24 ( UINT32 EFIAPI ReadUnaligned32 ( - IN CONST UINT32 *Buffer + IN CONST VOID *Buffer ); /** @@ -3877,7 +3945,7 @@ ReadUnaligned32 ( UINT32 EFIAPI WriteUnaligned32 ( - OUT UINT32 *Buffer, + OUT VOID *Buffer, IN UINT32 Value ); @@ -3897,7 +3965,7 @@ WriteUnaligned32 ( UINT64 EFIAPI ReadUnaligned64 ( - IN CONST UINT64 *Buffer + IN CONST VOID *Buffer ); /** @@ -3918,7 +3986,7 @@ ReadUnaligned64 ( UINT64 EFIAPI WriteUnaligned64 ( - OUT UINT64 *Buffer, + OUT VOID *Buffer, IN UINT64 Value ); @@ -4630,6 +4698,101 @@ BitFieldCountOnes64 ( IN UINTN EndBit ); +/******************************************************************************* + + UUID (Universally Unique IDentifier), as defined in RFC4122 + (https://datatracker.ietf.org/doc/html/rfc4122#section-4.1), is a 128-bit number + used to uniquely identify information in computer systems. + + UUIDs contains 5 fields: + - time_low: 32 bits + - time_mid: 16 bits + - time_hi_and_version: 16 bits + - clock_seq_hi_and_reserved: 8 bits + - clock_seq_low: 8 bits + - node: 8 bits * 6 + + Each field encoded with the Most Significant Byte first (known as network byte + order, or big-endian). + + GUID (Globally Unique Identifier), on the other hand, is a 128-bit number used + in UEFI environments, which is similar to UUID but has a different byte order + in memory. See https://uefi.org/specs/UEFI/2.11/Apx_A_GUID_and_Time_Formats.html + + GUID also contains 5 fields: + - TimeLow: 32 bits + - TimeMid: 16 bits + - TimeHiAndVersion: 16 bits + - ClockSeqHighAndReserved: 16 bits + - ClockSeqLow: 8 bits + - Node: 8 bits * 6 + + TimeLow, TimeMid, TimeHighAndVersion fields in the EFI are encoded with the Least + Significant Byte first (also known as little-endian). + + Example: + Consider the same string representation/registry format for MM communication v2: + "378daedc-f06b-4446-8314-40ab933c87a3" + + In UUID format, it is represented as: + - Data fields: + - time_low: 0x37 0x8d 0xae 0xdc (0x378daedc in big-endian) + - time_mid: 0xf0 0x6b (0xf06b in big-endian) + - time_hi_and_version: 0x44 0x46 (0x4446 in big-endian) + - clock_seq_hi_and_reserved: 0x83 + - clock_seq_low: 0x14 + - node: 0x00, 0xab, 0x93, 0x3c, 0x87, 0xa3 + - Byte representation in memory: + - 37 8d ae dc f0 6b 44 46 83 14 40 ab 93 3c 87 a3 + + However, in GUID format, it is represented as: + - Data fields: + - TimeLow: 0xdc 0xae 0x8d 0x37 (0x378daedc in little-endian) + - TimeMid: 0x6b 0xf0 (0xf06b in little-endian) + - TimeHiAndVersion: 0x46 0x44 (0x4446 in little-endian) + - ClockSeqHighAndReserved: 0x83 + - ClockSeqLow: 0x14 + - Node: 0x00, 0xab, 0x93, 0x3c, 0x87, 0xa3 + - Byte representation in memory: + - dc ae 8d 37 6b f0 46 44 83 14 40 ab 93 3c 87 a3 + +*******************************************************************************/ + +/** + This function converts a GUID in UEFI format to a UUID in RFC4122 format. + + The conversion is done by swapping the byte order of the TimeLow, TimeMid, and + TimeHiAndVersion fields, while keeping the ClockSeq and Node fields unchanged. + + @param [in] FromGuid GUID in format to be converted to UUID RFC4122 format. + @param [out] ToUuid Pointer to a GUID structure that will hold the converted + UUID in RFC4122 format. +**/ +VOID +EFIAPI +ConvertGuidToUuid ( + IN GUID *FromGuid, + OUT GUID *ToUuid + ); + +/** + This function converts a UUID in RFC4122 format to a GUID in UEFI format. + + The conversion is done by swapping the byte order of the time_low, time_mid, and + time_hi_and_version fields, while keeping the ClockSeq and Node fields unchanged. + This function is symmetric to ConvertGuidToUuid. + + @param [in] FromUuid UUID in RFC4122 format to be converted to GUID in UEFI format. + @param [out] ToGuid Pointer to a GUID structure that will hold the converted + GUID in UEFI format. +**/ +VOID +EFIAPI +ConvertUuidToGuid ( + IN GUID *FromUuid, + OUT GUID *ToGuid + ); + // // Base Library Checksum Functions // @@ -4902,6 +5065,23 @@ CalculateCrc32c ( IN UINT32 InitialValue ); +/** + Calculates the CRC16-CCITT-FALSE checksum of the given buffer. + + @param[in] Buffer Pointer to the buffer. + @param[in] Length Length of the buffer, in bytes. + @param[in] InitialValue Initial value of the CRC. + + @return The CRC16-CCITT-FALSE checksum. +**/ +UINT16 +EFIAPI +CalculateCrc16CcittF ( + IN CONST VOID *Buffer, + IN UINTN Length, + IN UINT16 InitialValue + ); + // // Base Library CPU Functions // @@ -5157,8 +5337,6 @@ SpeculationBarrier ( VOID ); -#if defined (MDE_CPU_X64) || defined (MDE_CPU_IA32) - /** The TDCALL instruction causes a VM exit to the Intel TDX module. It is used to call guest-side Intel TDX functions, either local or a TD exit @@ -5221,7 +5399,17 @@ TdIsEnabled ( VOID ); -#endif +/** + Probe if running as some kind of SEV guest. + + @return FALSE Not running as a guest under any kind of SEV + @return TRUE Running as a guest under any kind of SEV +**/ +BOOLEAN +EFIAPI +SevGuestIsEnabled ( + VOID + ); #if defined (MDE_CPU_X64) // @@ -7878,6 +8066,45 @@ AsmVmgExit ( VOID ); +/// +/// The structure used to supply and return data to and from the SVSM. +/// +typedef struct { + VOID *Caa; + UINT64 RaxIn; + UINT64 RcxIn; + UINT64 RdxIn; + UINT64 R8In; + UINT64 R9In; + UINT64 RaxOut; + UINT64 RcxOut; + UINT64 RdxOut; + UINT64 R8Out; + UINT64 R9Out; + UINT8 *CallPending; +} SVSM_CALL_DATA; + +/** + Executes a VMGEXIT instruction (VMMCALL with a REP prefix) with arguments + and return code + + Executes a VMGEXIT instruction placing the specified arguments in the + corresponding registers before invocation. Upon return an XCHG is done to + atomically clear and retrieve the SVSM call pending value. The returned RAX + register value becomes the function return code. This function is intended + for use with an SVSM. This function is only available on IA-32 and x64. + + @param[in,out] SvsmCallPending Pointer to the location of the SVSM call data + + @return Value of the RAX register on return + +**/ +UINT32 +EFIAPI +AsmVmgExitSvsm ( + IN OUT SVSM_CALL_DATA *SvsmCallData + ); + /** Patch the immediate operand of an IA32 or X64 instruction such that the byte, word, dword or qword operand is encoded at the end of the instruction's diff --git a/src/include/ipxe/efi/LoongArch64/ProcessorBind.h b/src/include/ipxe/efi/LoongArch64/ProcessorBind.h index 42d8b7942..ba7c52ce7 100644 --- a/src/include/ipxe/efi/LoongArch64/ProcessorBind.h +++ b/src/include/ipxe/efi/LoongArch64/ProcessorBind.h @@ -11,6 +11,7 @@ #define PROCESSOR_BIND_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // Define the processor type so other code can make processor based choices diff --git a/src/include/ipxe/efi/Pi/PiBootMode.h b/src/include/ipxe/efi/Pi/PiBootMode.h index 1d8a8a9af..9451c8cbe 100644 --- a/src/include/ipxe/efi/Pi/PiBootMode.h +++ b/src/include/ipxe/efi/Pi/PiBootMode.h @@ -13,6 +13,7 @@ #define __PI_BOOT_MODE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// EFI boot mode diff --git a/src/include/ipxe/efi/Pi/PiDependency.h b/src/include/ipxe/efi/Pi/PiDependency.h index bfe30c430..8c9ffc40b 100644 --- a/src/include/ipxe/efi/Pi/PiDependency.h +++ b/src/include/ipxe/efi/Pi/PiDependency.h @@ -13,6 +13,7 @@ #define __PI_DEPENDENCY_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// If present, this must be the first and only opcode, diff --git a/src/include/ipxe/efi/Pi/PiDxeCis.h b/src/include/ipxe/efi/Pi/PiDxeCis.h index 9b9254936..b501b053f 100644 --- a/src/include/ipxe/efi/Pi/PiDxeCis.h +++ b/src/include/ipxe/efi/Pi/PiDxeCis.h @@ -5,7 +5,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: - PI Version 1.7 + PI Version 1.8.A **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_DXECIS_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiMultiPhase.h> #include <ipxe/efi/Pi/PiMultiPhase.h> @@ -58,14 +59,11 @@ typedef enum { /// system. If all memory has the same reliability, then this bit is not used. /// EfiGcdMemoryTypeMoreReliable, - // /// - // /// A memory region that describes system memory that has not been accepted - // /// by a corresponding call to the underlying isolation architecture. - // /// - // /// Please be noted: - // /// EfiGcdMemoryTypeUnaccepted is defined in PrePiDxeCis.h because it has not been - // /// defined in PI spec. - // EfiGcdMemoryTypeUnaccepted, + /// + /// A memory region that describes system memory that has not been accepted + /// by a corresponding call to the underlying isolation architecture. + /// + EfiGcdMemoryTypeUnaccepted, EfiGcdMemoryTypeMaximum = 7 } EFI_GCD_MEMORY_TYPE; @@ -696,8 +694,8 @@ EFI_STATUS // DXE Services Table // #define DXE_SERVICES_SIGNATURE 0x565245535f455844ULL -#define DXE_SPECIFICATION_MAJOR_REVISION 1 -#define DXE_SPECIFICATION_MINOR_REVISION 70 +#define DXE_SPECIFICATION_MAJOR_REVISION PI_SPECIFICATION_MAJOR_REVISION +#define DXE_SPECIFICATION_MINOR_REVISION PI_SPECIFICATION_MINOR_REVISION #define DXE_SERVICES_REVISION ((DXE_SPECIFICATION_MAJOR_REVISION<<16) | (DXE_SPECIFICATION_MINOR_REVISION)) typedef struct { diff --git a/src/include/ipxe/efi/Pi/PiFirmwareFile.h b/src/include/ipxe/efi/Pi/PiFirmwareFile.h index daf66f8a2..f81070bb0 100644 --- a/src/include/ipxe/efi/Pi/PiFirmwareFile.h +++ b/src/include/ipxe/efi/Pi/PiFirmwareFile.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_FIRMWARE_FILE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #pragma pack(1) /// diff --git a/src/include/ipxe/efi/Pi/PiFirmwareVolume.h b/src/include/ipxe/efi/Pi/PiFirmwareVolume.h index f46134fee..c67f70dcb 100644 --- a/src/include/ipxe/efi/Pi/PiFirmwareVolume.h +++ b/src/include/ipxe/efi/Pi/PiFirmwareVolume.h @@ -13,6 +13,7 @@ #define __PI_FIRMWAREVOLUME_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// EFI_FV_FILE_ATTRIBUTES diff --git a/src/include/ipxe/efi/Pi/PiHob.h b/src/include/ipxe/efi/Pi/PiHob.h index 5ecdf321f..4a98e2645 100644 --- a/src/include/ipxe/efi/Pi/PiHob.h +++ b/src/include/ipxe/efi/Pi/PiHob.h @@ -5,7 +5,7 @@ Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: - PI Version 1.6 + PI Version 1.9 **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_HOB_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // HobType of EFI_HOB_GENERIC_HEADER. @@ -234,16 +235,8 @@ typedef UINT32 EFI_RESOURCE_TYPE; #define EFI_RESOURCE_MEMORY_MAPPED_IO_PORT 0x00000004 #define EFI_RESOURCE_MEMORY_RESERVED 0x00000005 #define EFI_RESOURCE_IO_RESERVED 0x00000006 -// -// BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED is defined for unaccepted memory. -// But this defitinion has not been officially in the PI spec. Base -// on the code-first we define BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED at -// MdeModulePkg/Include/Pi/PrePiHob.h and update EFI_RESOURCE_MAX_MEMORY_TYPE -// to 8. After BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED is officially published -// in PI spec, we will re-visit here. -// -// #define BZ3937_EFI_RESOURCE_MEMORY_UNACCEPTED 0x00000007 -#define EFI_RESOURCE_MAX_MEMORY_TYPE 0x00000008 +#define EFI_RESOURCE_MEMORY_UNACCEPTED 0x00000007 +#define EFI_RESOURCE_MAX_MEMORY_TYPE 0x00000008 /// /// A type of recount attribute type. @@ -299,6 +292,9 @@ typedef UINT32 EFI_RESOURCE_ATTRIBUTE_TYPE; #define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTED 0x00040000 #define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTABLE 0x00080000 +#define EFI_RESOURCE_ATTRIBUTE_ENCRYPTED 0x04000000 +#define EFI_RESOURCE_ATTRIBUTE_SPECIAL_PURPOSE 0x08000000 +#define EFI_RESOURCE_ATTRIBUTE_HOT_PLUGGABLE 0x10000000 // // Physical memory relative reliability attribute. This // memory provides higher reliability relative to other diff --git a/src/include/ipxe/efi/Pi/PiMultiPhase.h b/src/include/ipxe/efi/Pi/PiMultiPhase.h index e631821ca..f5ee07068 100644 --- a/src/include/ipxe/efi/Pi/PiMultiPhase.h +++ b/src/include/ipxe/efi/Pi/PiMultiPhase.h @@ -5,7 +5,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: - These elements are defined in UEFI Platform Initialization Specification 1.2. + These elements are defined in UEFI Platform Initialization Specification 1.8.A **/ @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_MULTIPHASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Pi/PiFirmwareVolume.h> #include <ipxe/efi/Pi/PiFirmwareFile.h> @@ -22,6 +23,13 @@ FILE_LICENCE ( BSD2_PATENT ); #include <ipxe/efi/Pi/PiStatusCode.h> #include <ipxe/efi/Pi/PiS3BootScript.h> +// +// PI Specification Version Information +// +#define PI_SPECIFICATION_MAJOR_REVISION 1 +#define PI_SPECIFICATION_MINOR_REVISION 80 +#define PI_SPECIFICATION_VERSION ((PI_SPECIFICATION_MAJOR_REVISION << 16) | (PI_SPECIFICATION_MINOR_REVISION)) + /** Produces an error code in the range reserved for use by the Platform Initialization Architecture Specification. @@ -106,6 +114,14 @@ FILE_LICENCE ( BSD2_PATENT ); #define EFI_SMRAM_LOCKED EFI_MMRAM_LOCKED /// +/// MM Communicate header constants +/// +#define COMMUNICATE_HEADER_V3_GUID \ + { \ + 0x68e8c853, 0x2ba9, 0x4dd7, { 0x9a, 0xc0, 0x91, 0xe1, 0x61, 0x55, 0xc9, 0x35 } \ + } + +/// /// Structure describing a MMRAM region and its accessibility attributes. /// typedef struct { @@ -151,6 +167,47 @@ typedef struct _EFI_MM_RESERVED_MMRAM_REGION { UINT64 MmramReservedSize; } EFI_MM_RESERVED_MMRAM_REGION; +#pragma pack(1) + +/// +/// To avoid confusion in interpreting frames, the buffer communicating to MM core through +/// EFI_MM_COMMUNICATE3 or later should always start with EFI_MM_COMMUNICATE_HEADER_V3. +/// +typedef struct { + /// + /// Indicator GUID for MM core that the communication buffer is compliant with this v3 header. + /// Must be gEfiMmCommunicateHeaderV3Guid. + /// + EFI_GUID HeaderGuid; + /// + /// Describes the size of the entire buffer (in bytes) available for communication, including this communication header. + /// + UINT64 BufferSize; + /// + /// Reserved for future use. + /// + UINT64 Reserved; + /// + /// Allows for disambiguation of the message format. + /// + EFI_GUID MessageGuid; + /// + /// Describes the size of MessageData (in bytes) and does not include the size of the header. + /// + UINT64 MessageSize; + /// + /// Designates an array of bytes that is MessageSize in size. + /// + UINT8 MessageData[]; +} EFI_MM_COMMUNICATE_HEADER_V3; + +#pragma pack() + +STATIC_ASSERT ( + (sizeof (EFI_MM_COMMUNICATE_HEADER_V3) == OFFSET_OF (EFI_MM_COMMUNICATE_HEADER_V3, MessageData)), \ + "sizeof (EFI_MM_COMMUNICATE_HEADER_V3) does not align with the beginning of flexible array MessageData" + ); + typedef enum { EFI_PCD_TYPE_8, EFI_PCD_TYPE_16, @@ -210,4 +267,6 @@ EFI_STATUS IN VOID *ProcedureArgument ); +extern EFI_GUID gEfiMmCommunicateHeaderV3Guid; + #endif diff --git a/src/include/ipxe/efi/Pi/PiS3BootScript.h b/src/include/ipxe/efi/Pi/PiS3BootScript.h index f016e1245..e7086a565 100644 --- a/src/include/ipxe/efi/Pi/PiS3BootScript.h +++ b/src/include/ipxe/efi/Pi/PiS3BootScript.h @@ -1,5 +1,5 @@ /** @file - This file contains the boot script defintions that are shared between the + This file contains the boot script definitions that are shared between the Boot Script Executor PPI and the Boot Script Save Protocol. Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> @@ -11,6 +11,7 @@ #define _PI_S3_BOOT_SCRIPT_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // ******************************************* // EFI Boot Script Opcode definitions diff --git a/src/include/ipxe/efi/Pi/PiStatusCode.h b/src/include/ipxe/efi/Pi/PiStatusCode.h index 427e5061d..6015cabb2 100644 --- a/src/include/ipxe/efi/Pi/PiStatusCode.h +++ b/src/include/ipxe/efi/Pi/PiStatusCode.h @@ -2,6 +2,7 @@ StatusCode related definitions in PI. Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2024, NVIDIA CORPORATION & AFFILIATES. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @par Revision Reference: @@ -14,9 +15,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_STATUS_CODE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // -// Required for IA32, X64, IPF, ARM and EBC defines for CPU exception types +// Required for IA32, X64, IPF, and EBC defines for CPU exception types // #include <ipxe/efi/Protocol/DebugSupport.h> @@ -142,6 +144,7 @@ typedef struct { #define EFI_COMPUTING_UNIT_CACHE (EFI_COMPUTING_UNIT | 0x00040000) #define EFI_COMPUTING_UNIT_MEMORY (EFI_COMPUTING_UNIT | 0x00050000) #define EFI_COMPUTING_UNIT_CHIPSET (EFI_COMPUTING_UNIT | 0x00060000) +#define EFI_COMPUTING_UNIT_MANAGEABILITY (EFI_COMPUTING_UNIT | 0x00070000) ///@} /// @@ -346,6 +349,16 @@ typedef struct { ///@} /// +/// Computing Unit Manageability Subclass Error Code definitions. +/// The detail information is reported by REPORT_STATUS_CODE_WITH_EXTENDED_DATA +// with ASCII string in EFI_STATUS_CODE_STRING_DATA. +///@{ +#define EFI_MANAGEABILITY_EC_REDFISH_COMMUNICATION_ERROR (EFI_SUBCLASS_SPECIFIC | 0x00000000) +#define EFI_MANAGEABILITY_EC_REDFISH_HOST_INTERFACE_ERROR (EFI_SUBCLASS_SPECIFIC | 0x00000001) +#define EFI_MANAGEABILITY_EC_REDFISH_BOOTSTRAP_CREDENTIAL_ERROR (EFI_SUBCLASS_SPECIFIC | 0x00000002) +///@} + +/// /// Peripheral Subclass definitions. /// Values of 12-127 are reserved for future use by this specification. /// Values of 128-255 are reserved for OEM use. diff --git a/src/include/ipxe/efi/PiDxe.h b/src/include/ipxe/efi/PiDxe.h index 698c139f0..cef2a0273 100644 --- a/src/include/ipxe/efi/PiDxe.h +++ b/src/include/ipxe/efi/PiDxe.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_DXE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiBaseType.h> #include <ipxe/efi/Uefi/UefiSpec.h> diff --git a/src/include/ipxe/efi/ProcessorBind.h b/src/include/ipxe/efi/ProcessorBind.h index dbccf346d..9fb8012f7 100644 --- a/src/include/ipxe/efi/ProcessorBind.h +++ b/src/include/ipxe/efi/ProcessorBind.h @@ -2,6 +2,7 @@ #define _IPXE_EFI_PROCESSOR_BIND_H FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /* * EFI header files rely on having the CPU architecture directory @@ -10,13 +11,43 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * - mcb30 */ -#ifdef EFI_HOSTONLY +/* Determine EFI architecture name (if existent) */ +#if defined ( __i386__ ) +#define EFIARCH Ia32 +#endif +#if defined ( __x86_64__ ) +#define EFIARCH X64 +#endif +#if defined ( __arm__ ) +#define EFIARCH Arm +#endif +#if defined ( __aarch64__ ) +#define EFIARCH AArch64 +#endif +#if defined ( __loongarch__ ) +#define EFIARCH LoongArch64 +#endif +#if defined ( __riscv ) && ( _riscv_xlen == 64 ) +#define EFIARCH RiscV64 +#endif + +/* Determine architecture-specific ProcessorBind.h path */ +#define PROCESSORBIND(_arch) <ipxe/efi/_arch/ProcessorBind.h> /* - * We cannot rely on the EDK2 ProcessorBind.h headers when compiling a - * binary for execution on the build host itself, since the host's CPU - * architecture may not even be supported by EDK2. + * We do not want to use any EFI-specific calling conventions etc when + * compiling a binary for execution on the build host itself. */ +#ifdef EFI_HOSTONLY +#undef EFIARCH +#endif + +#if defined ( EFIARCH ) + +/* Include architecture-specific ProcessorBind.h if existent */ +#include PROCESSORBIND(EFIARCH) + +#else /* EFIARCH */ /* Define the basic integer types in terms of the host's <stdint.h> */ #include <stdint.h> @@ -30,8 +61,8 @@ typedef uint16_t UINT16; typedef uint32_t UINT32; typedef uint64_t UINT64; typedef unsigned long UINTN; -typedef int8_t CHAR8; -typedef int16_t CHAR16; +typedef char CHAR8; +typedef uint16_t CHAR16; typedef uint8_t BOOLEAN; /* Define EFIAPI as whatever API the host uses by default */ @@ -40,31 +71,12 @@ typedef uint8_t BOOLEAN; /* Define an architecture-neutral MDE_CPU macro to prevent build errors */ #define MDE_CPU_EBC +/* Define a dummy boot file name to prevent build errors */ +#define EFI_REMOVABLE_MEDIA_FILE_NAME L"\\EFI\\BOOT\\BOOTNONE.EFI" + /* Define MAX_BIT in terms of UINTN */ #define MAX_BIT ( ( ( UINTN ) 1U ) << ( ( 8 * sizeof ( UINTN ) ) - 1 ) ) -#else /* EFI_HOSTONLY */ - -#ifdef __i386__ -#include <ipxe/efi/Ia32/ProcessorBind.h> -#endif - -#ifdef __x86_64__ -#include <ipxe/efi/X64/ProcessorBind.h> -#endif - -#ifdef __arm__ -#include <ipxe/efi/Arm/ProcessorBind.h> -#endif - -#ifdef __aarch64__ -#include <ipxe/efi/AArch64/ProcessorBind.h> -#endif - -#ifdef __loongarch__ -#include <ipxe/efi/LoongArch64/ProcessorBind.h> -#endif - -#endif /* EFI_HOSTONLY */ +#endif /* EFIARCH */ #endif /* _IPXE_EFI_PROCESSOR_BIND_H */ diff --git a/src/include/ipxe/efi/Protocol/AbsolutePointer.h b/src/include/ipxe/efi/Protocol/AbsolutePointer.h index 48810f90c..886d214a9 100644 --- a/src/include/ipxe/efi/Protocol/AbsolutePointer.h +++ b/src/include/ipxe/efi/Protocol/AbsolutePointer.h @@ -14,6 +14,7 @@ #define __ABSOLUTE_POINTER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ABSOLUTE_POINTER_PROTOCOL_GUID \ { 0x8D59D32B, 0xC655, 0x4AE9, { 0x9B, 0x15, 0xF2, 0x59, 0x04, 0x99, 0x2A, 0x43 } } diff --git a/src/include/ipxe/efi/Protocol/AcpiTable.h b/src/include/ipxe/efi/Protocol/AcpiTable.h index 27a9873c3..601e7b769 100644 --- a/src/include/ipxe/efi/Protocol/AcpiTable.h +++ b/src/include/ipxe/efi/Protocol/AcpiTable.h @@ -14,6 +14,7 @@ #define __ACPI_TABLE_H___ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ACPI_TABLE_PROTOCOL_GUID \ { 0xffe06bdd, 0x6107, 0x46a6, { 0x7b, 0xb2, 0x5a, 0x9c, 0x7e, 0xc5, 0x27, 0x5c }} diff --git a/src/include/ipxe/efi/Protocol/AdapterInformation.h b/src/include/ipxe/efi/Protocol/AdapterInformation.h new file mode 100644 index 000000000..b52288793 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/AdapterInformation.h @@ -0,0 +1,258 @@ +/** @file + EFI Adapter Information Protocol definition. + The EFI Adapter Information Protocol is used to dynamically and quickly discover + or set device information for an adapter. + + Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.4 + +**/ + +#ifndef __EFI_ADAPTER_INFORMATION_PROTOCOL_H__ +#define __EFI_ADAPTER_INFORMATION_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_ADAPTER_INFORMATION_PROTOCOL_GUID \ + { \ + 0xE5DD1403, 0xD622, 0xC24E, {0x84, 0x88, 0xC7, 0x1B, 0x17, 0xF5, 0xE8, 0x02 } \ + } + +#define EFI_ADAPTER_INFO_MEDIA_STATE_GUID \ + { \ + 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 } \ + } + +#define EFI_ADAPTER_INFO_NETWORK_BOOT_GUID \ + { \ + 0x1FBD2960, 0x4130, 0x41E5, {0x94, 0xAC, 0xD2, 0xCF, 0x03, 0x7F, 0xB3, 0x7C } \ + } + +#define EFI_ADAPTER_INFO_SAN_MAC_ADDRESS_GUID \ + { \ + 0x114da5ef, 0x2cf1, 0x4e12, {0x9b, 0xbb, 0xc4, 0x70, 0xb5, 0x52, 0x5, 0xd9 } \ + } + +#define EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT_GUID \ + { \ + 0x4bd56be3, 0x4975, 0x4d8a, {0xa0, 0xad, 0xc4, 0x91, 0x20, 0x4b, 0x5d, 0x4d} \ + } + +#define EFI_ADAPTER_INFO_MEDIA_TYPE_GUID \ + { \ + 0x8484472f, 0x71ec, 0x411a, { 0xb3, 0x9c, 0x62, 0xcd, 0x94, 0xd9, 0x91, 0x6e } \ + } + +typedef struct _EFI_ADAPTER_INFORMATION_PROTOCOL EFI_ADAPTER_INFORMATION_PROTOCOL; + +/// +/// EFI_ADAPTER_INFO_MEDIA_STATE +/// +typedef struct { + /// + /// Returns the current media state status. MediaState can have any of the following values: + /// EFI_SUCCESS: There is media attached to the network adapter. EFI_NOT_READY: This detects a bounced state. + /// There was media attached to the network adapter, but it was removed and reattached. EFI_NO_MEDIA: There is + /// not any media attached to the network. + /// + EFI_STATUS MediaState; +} EFI_ADAPTER_INFO_MEDIA_STATE; + +/// +/// EFI_ADAPTER_INFO_MEDIA_TYPE +/// +typedef struct { + /// + /// Indicates the current media type. MediaType can have any of the following values: + /// 1: Ethernet Network Adapter + /// 2: Ethernet Wireless Network Adapter + /// 3~255: Reserved + /// + UINT8 MediaType; +} EFI_ADAPTER_INFO_MEDIA_TYPE; + +/// +/// EFI_ADAPTER_INFO_NETWORK_BOOT +/// +typedef struct { + /// + /// TRUE if the adapter supports booting from iSCSI IPv4 targets. + /// + BOOLEAN iScsiIpv4BootCapablity; + /// + /// TRUE if the adapter supports booting from iSCSI IPv6 targets. + /// + BOOLEAN iScsiIpv6BootCapablity; + /// + /// TRUE if the adapter supports booting from FCoE targets. + /// + BOOLEAN FCoeBootCapablity; + /// + /// TRUE if the adapter supports an offload engine (such as TCP + /// Offload Engine (TOE)) for its iSCSI or FCoE boot operations. + /// + BOOLEAN OffloadCapability; + /// + /// TRUE if the adapter supports multipath I/O (MPIO) for its iSCSI + /// boot operations. + /// + BOOLEAN iScsiMpioCapability; + /// + /// TRUE if the adapter is currently configured to boot from iSCSI + /// IPv4 targets. + /// + BOOLEAN iScsiIpv4Boot; + /// + /// TRUE if the adapter is currently configured to boot from iSCSI + /// IPv6 targets. + /// + BOOLEAN iScsiIpv6Boot; + /// + /// TRUE if the adapter is currently configured to boot from FCoE targets. + /// + BOOLEAN FCoeBoot; +} EFI_ADAPTER_INFO_NETWORK_BOOT; + +/// +/// EFI_ADAPTER_INFO_SAN_MAC_ADDRESS +/// +typedef struct { + /// + /// Returns the SAN MAC address for the adapter.For adapters that support today's 802.3 ethernet + /// networking and Fibre-Channel Over Ethernet (FCOE), this conveys the FCOE SAN MAC address from the adapter. + /// + EFI_MAC_ADDRESS SanMacAddress; +} EFI_ADAPTER_INFO_SAN_MAC_ADDRESS; + +/// +/// EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT +/// +typedef struct { + /// + /// Returns capability of UNDI to support IPv6 traffic. + /// + BOOLEAN Ipv6Support; +} EFI_ADAPTER_INFO_UNDI_IPV6_SUPPORT; + +/** + Returns the current state information for the adapter. + + This function returns information of type InformationType from the adapter. + If an adapter does not support the requested informational type, then + EFI_UNSUPPORTED is returned. If an adapter does not contain Information for + the requested InformationType, it fills InformationBlockSize with 0 and + returns EFI_NOT_FOUND. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[in] InformationType A pointer to an EFI_GUID that defines the contents of InformationBlock. + @param[out] InforamtionBlock The service returns a pointer to the buffer with the InformationBlock + structure which contains details about the data specific to InformationType. + @param[out] InforamtionBlockSize The driver returns the size of the InformationBlock in bytes. + + @retval EFI_SUCCESS The InformationType information was retrieved. + @retval EFI_UNSUPPORTED The InformationType is not known. + @retval EFI_NOT_FOUND Information is not available for the requested information type. + @retval EFI_DEVICE_ERROR The device reported an error. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InformationBlock is NULL. + @retval EFI_INVALID_PARAMETER InformationBlockSize is NULL. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_GET_INFO)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + IN EFI_GUID *InformationType, + OUT VOID **InformationBlock, + OUT UINTN *InformationBlockSize + ); + +/** + Sets state information for an adapter. + + This function sends information of type InformationType for an adapter. + If an adapter does not support the requested information type, then EFI_UNSUPPORTED + is returned. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[in] InformationType A pointer to an EFI_GUID that defines the contents of InformationBlock. + @param[in] InforamtionBlock A pointer to the InformationBlock structure which contains details + about the data specific to InformationType. + @param[in] InforamtionBlockSize The size of the InformationBlock in bytes. + + @retval EFI_SUCCESS The information was received and interpreted successfully. + @retval EFI_UNSUPPORTED The InformationType is not known. + @retval EFI_DEVICE_ERROR The device reported an error. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InformationBlock is NULL. + @retval EFI_WRITE_PROTECTED The InformationType cannot be modified using EFI_ADAPTER_INFO_SET_INFO(). + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_SET_INFO)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + IN EFI_GUID *InformationType, + IN VOID *InformationBlock, + IN UINTN InformationBlockSize + ); + +/** + Get a list of supported information types for this instance of the protocol. + + This function returns a list of InformationType GUIDs that are supported on an + adapter with this instance of EFI_ADAPTER_INFORMATION_PROTOCOL. The list is returned + in InfoTypesBuffer, and the number of GUID pointers in InfoTypesBuffer is returned in + InfoTypesBufferCount. + + @param[in] This A pointer to the EFI_ADAPTER_INFORMATION_PROTOCOL instance. + @param[out] InfoTypesBuffer A pointer to the array of InformationType GUIDs that are supported + by This. + @param[out] InfoTypesBufferCount A pointer to the number of GUIDs present in InfoTypesBuffer. + + @retval EFI_SUCCESS The list of information type GUIDs that are supported on this adapter was + returned in InfoTypesBuffer. The number of information type GUIDs was + returned in InfoTypesBufferCount. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_INVALID_PARAMETER InfoTypesBuffer is NULL. + @retval EFI_INVALID_PARAMETER InfoTypesBufferCount is NULL. + @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the results. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_ADAPTER_INFO_GET_SUPPORTED_TYPES)( + IN EFI_ADAPTER_INFORMATION_PROTOCOL *This, + OUT EFI_GUID **InfoTypesBuffer, + OUT UINTN *InfoTypesBufferCount + ); + +/// +/// EFI_ADAPTER_INFORMATION_PROTOCOL +/// The protocol for adapter provides the following services. +/// - Gets device state information from adapter. +/// - Sets device information for adapter. +/// - Gets a list of supported information types for this instance of the protocol. +/// +struct _EFI_ADAPTER_INFORMATION_PROTOCOL { + EFI_ADAPTER_INFO_GET_INFO GetInformation; + EFI_ADAPTER_INFO_SET_INFO SetInformation; + EFI_ADAPTER_INFO_GET_SUPPORTED_TYPES GetSupportedTypes; +}; + +extern EFI_GUID gEfiAdapterInformationProtocolGuid; + +extern EFI_GUID gEfiAdapterInfoMediaStateGuid; + +extern EFI_GUID gEfiAdapterInfoNetworkBootGuid; + +extern EFI_GUID gEfiAdapterInfoSanMacAddressGuid; + +extern EFI_GUID gEfiAdapterInfoUndiIpv6SupportGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/AppleNetBoot.h b/src/include/ipxe/efi/Protocol/AppleNetBoot.h index 5946524fd..417730bc3 100644 --- a/src/include/ipxe/efi/Protocol/AppleNetBoot.h +++ b/src/include/ipxe/efi/Protocol/AppleNetBoot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_APPLE_NET_BOOT_PROTOCOL_GUID \ { 0x78ee99fb, 0x6a5e, 0x4186, \ diff --git a/src/include/ipxe/efi/Protocol/Arp.h b/src/include/ipxe/efi/Protocol/Arp.h index 0f60e3c4f..26dc89d59 100644 --- a/src/include/ipxe/efi/Protocol/Arp.h +++ b/src/include/ipxe/efi/Protocol/Arp.h @@ -19,6 +19,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_ARP_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_ARP_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/BlockIo.h b/src/include/ipxe/efi/Protocol/BlockIo.h index 5efaf6e90..c5614b1ef 100644 --- a/src/include/ipxe/efi/Protocol/BlockIo.h +++ b/src/include/ipxe/efi/Protocol/BlockIo.h @@ -13,6 +13,7 @@ #define __BLOCK_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_BLOCK_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/BlockIo2.h b/src/include/ipxe/efi/Protocol/BlockIo2.h index abc2f8a9b..b985b5dab 100644 --- a/src/include/ipxe/efi/Protocol/BlockIo2.h +++ b/src/include/ipxe/efi/Protocol/BlockIo2.h @@ -14,6 +14,7 @@ #define __BLOCK_IO2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/BlockIo.h> diff --git a/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h b/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h index 69d9b1dcf..a304f3bfa 100644 --- a/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h +++ b/src/include/ipxe/efi/Protocol/BusSpecificDriverOverride.h @@ -15,6 +15,7 @@ #define _EFI_BUS_SPECIFIC_DRIVER_OVERRIDE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the Bus Specific Driver Override Protocol diff --git a/src/include/ipxe/efi/Protocol/ComponentName.h b/src/include/ipxe/efi/Protocol/ComponentName.h index cd7f4d0e3..89e2e19d2 100644 --- a/src/include/ipxe/efi/Protocol/ComponentName.h +++ b/src/include/ipxe/efi/Protocol/ComponentName.h @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_COMPONENT_NAME_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The global ID for the Component Name Protocol. diff --git a/src/include/ipxe/efi/Protocol/ComponentName2.h b/src/include/ipxe/efi/Protocol/ComponentName2.h index 886c9eb52..ad7818a46 100644 --- a/src/include/ipxe/efi/Protocol/ComponentName2.h +++ b/src/include/ipxe/efi/Protocol/ComponentName2.h @@ -12,6 +12,7 @@ #define __EFI_COMPONENT_NAME2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the Component Name Protocol diff --git a/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h b/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h index c96484ff9..cdff796a4 100644 --- a/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h +++ b/src/include/ipxe/efi/Protocol/ConsoleControl/ConsoleControl.h @@ -26,6 +26,7 @@ Abstract: #define __CONSOLE_CONTROL_H__ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_CONSOLE_CONTROL_PROTOCOL_GUID \ { 0xf42f7782, 0x12e, 0x4c12, {0x99, 0x56, 0x49, 0xf9, 0x43, 0x4, 0xf7, 0x21} } diff --git a/src/include/ipxe/efi/Protocol/DebugSupport.h b/src/include/ipxe/efi/Protocol/DebugSupport.h index 8f930e335..e97b4c7f1 100644 --- a/src/include/ipxe/efi/Protocol/DebugSupport.h +++ b/src/include/ipxe/efi/Protocol/DebugSupport.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __DEBUG_SUPPORT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/PeImage.h> @@ -682,23 +683,23 @@ typedef struct { UINT32 STVAL; } EFI_SYSTEM_CONTEXT_RISCV64; -// -// LoongArch processor exception types. -// -// The exception types is located in the CSR ESTAT -// register offset 16 bits, width 6 bits. -// -// If you want to register an exception hook, you can -// shfit the number left by 16 bits, and the exception -// handler will know the types. -// -// For example: -// mCpu->CpuRegisterInterruptHandler ( -// mCpu, -// (EXCEPT_LOONGARCH_PPI << CSR_ESTAT_EXC_SHIFT), -// PpiExceptionHandler -// ); -// +/// +/// LoongArch processor exception types. +/// +/// The exception types is located in the CSR ESTAT +/// register offset 16 bits, width 6 bits. +/// +/// If you want to register an exception hook, you can +/// shfit the number left by 16 bits, and the exception +/// handler will know the types. +/// +/// For example: +/// mCpu->CpuRegisterInterruptHandler ( +/// mCpu, +/// (EXCEPT_LOONGARCH_PPI << CSR_ESTAT_EXC_SHIFT), +/// PpiExceptionHandler +/// ); +/// #define EXCEPT_LOONGARCH_INT 0 #define EXCEPT_LOONGARCH_PIL 1 #define EXCEPT_LOONGARCH_PIS 2 @@ -718,11 +719,22 @@ typedef struct { #define EXCEPT_LOONGARCH_SXD 16 #define EXCEPT_LOONGARCH_ASXD 17 #define EXCEPT_LOONGARCH_FPE 18 -#define EXCEPT_LOONGARCH_TBR 64 // For code only, there is no such type in the ISA spec, the TLB refill is defined for an independent exception. +#define EXCEPT_LOONGARCH_WPE 19 +#define EXCEPT_LOONGARCH_BTD 20 +#define EXCEPT_LOONGARCH_BTE 21 +#define EXCEPT_LOONGARCH_GSPR 22 +#define EXCEPT_LOONGARCH_HVC 23 +#define EXCEPT_LOONGARCH_GCXC 24 -// -// LoongArch processor Interrupt types. -// +/// +/// For coding convenience, define the maximum valid +/// LoongArch exception. +/// +#define MAX_LOONGARCH_EXCEPTION 64 + +/// +/// LoongArch processor Interrupt types. +/// #define EXCEPT_LOONGARCH_INT_SIP0 0 #define EXCEPT_LOONGARCH_INT_SIP1 1 #define EXCEPT_LOONGARCH_INT_IP0 2 @@ -737,11 +749,11 @@ typedef struct { #define EXCEPT_LOONGARCH_INT_TIMER 11 #define EXCEPT_LOONGARCH_INT_IPI 12 -// -// For coding convenience, define the maximum valid -// LoongArch interrupt. -// -#define MAX_LOONGARCH_INTERRUPT 14 +/// +/// For coding convenience, define the maximum valid +/// LoongArch interrupt. +/// +#define MAX_LOONGARCH_INTERRUPT 16 typedef struct { UINT64 R0; @@ -840,7 +852,6 @@ typedef enum { IsaX64 = IMAGE_FILE_MACHINE_X64, ///< 0x8664 IsaIpf = IMAGE_FILE_MACHINE_IA64, ///< 0x0200 IsaEbc = IMAGE_FILE_MACHINE_EBC, ///< 0x0EBC - IsaArm = IMAGE_FILE_MACHINE_ARMTHUMB_MIXED, ///< 0x01c2 IsaAArch64 = IMAGE_FILE_MACHINE_ARM64 ///< 0xAA64 } EFI_INSTRUCTION_SET_ARCHITECTURE; diff --git a/src/include/ipxe/efi/Protocol/DevicePath.h b/src/include/ipxe/efi/Protocol/DevicePath.h index 3256d5594..fd7a0ea27 100644 --- a/src/include/ipxe/efi/Protocol/DevicePath.h +++ b/src/include/ipxe/efi/Protocol/DevicePath.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DEVICE_PATH_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/PcAnsi.h> #include <ipxe/efi/IndustryStandard/Bluetooth.h> @@ -840,6 +841,26 @@ typedef struct { } NVME_NAMESPACE_DEVICE_PATH; /// +/// NVMe over Fabric (NVMe-oF) Namespace Device Path SubType. +/// +#define MSG_NVME_OF_NAMESPACE_DP 0x22 +typedef struct { + EFI_DEVICE_PATH_PROTOCOL Header; + /// + /// Namespace Identifier Type (NIDT) + /// + UINT8 NamespaceIdType; + /// + /// Namespace Identifier (NID) + /// + UINT8 NamespaceId[16]; + /// + /// Unique identifier of an NVM subsystem + /// + CHAR8 SubsystemNqn[]; +} NVME_OF_NAMESPACE_DEVICE_PATH; + +/// /// DNS Device Path SubType /// #define MSG_DNS_DP 0x1F @@ -1289,6 +1310,7 @@ typedef union { SAS_DEVICE_PATH Sas; SASEX_DEVICE_PATH SasEx; NVME_NAMESPACE_DEVICE_PATH NvmeNamespace; + NVME_OF_NAMESPACE_DEVICE_PATH NvmeOfNamespace; DNS_DEVICE_PATH Dns; URI_DEVICE_PATH Uri; BLUETOOTH_DEVICE_PATH Bluetooth; @@ -1345,6 +1367,7 @@ typedef union { SAS_DEVICE_PATH *Sas; SASEX_DEVICE_PATH *SasEx; NVME_NAMESPACE_DEVICE_PATH *NvmeNamespace; + NVME_OF_NAMESPACE_DEVICE_PATH *NvmeOfNamespace; DNS_DEVICE_PATH *Dns; URI_DEVICE_PATH *Uri; BLUETOOTH_DEVICE_PATH *Bluetooth; diff --git a/src/include/ipxe/efi/Protocol/DevicePathToText.h b/src/include/ipxe/efi/Protocol/DevicePathToText.h index 2f591b9a2..fc68a7686 100644 --- a/src/include/ipxe/efi/Protocol/DevicePathToText.h +++ b/src/include/ipxe/efi/Protocol/DevicePathToText.h @@ -11,6 +11,7 @@ #define __DEVICE_PATH_TO_TEXT_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Device Path To Text protocol diff --git a/src/include/ipxe/efi/Protocol/Dhcp4.h b/src/include/ipxe/efi/Protocol/Dhcp4.h index 1e7e27b11..c0a365c17 100644 --- a/src/include/ipxe/efi/Protocol/Dhcp4.h +++ b/src/include/ipxe/efi/Protocol/Dhcp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DHCP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DHCP4_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dhcp6.h b/src/include/ipxe/efi/Protocol/Dhcp6.h index 19f59086c..5a3e6148e 100644 --- a/src/include/ipxe/efi/Protocol/Dhcp6.h +++ b/src/include/ipxe/efi/Protocol/Dhcp6.h @@ -14,6 +14,7 @@ #define __EFI_DHCP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DHCP6_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/DiskIo.h b/src/include/ipxe/efi/Protocol/DiskIo.h index c5ce5d339..7a81ad5ad 100644 --- a/src/include/ipxe/efi/Protocol/DiskIo.h +++ b/src/include/ipxe/efi/Protocol/DiskIo.h @@ -14,6 +14,7 @@ #define __DISK_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DISK_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dns4.h b/src/include/ipxe/efi/Protocol/Dns4.h index 0ab07e519..36e9757a3 100644 --- a/src/include/ipxe/efi/Protocol/Dns4.h +++ b/src/include/ipxe/efi/Protocol/Dns4.h @@ -16,6 +16,7 @@ #define __EFI_DNS4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DNS4_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Dns6.h b/src/include/ipxe/efi/Protocol/Dns6.h index 3b88c88eb..524988c5f 100644 --- a/src/include/ipxe/efi/Protocol/Dns6.h +++ b/src/include/ipxe/efi/Protocol/Dns6.h @@ -16,6 +16,7 @@ #define __EFI_DNS6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_DNS6_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/DriverBinding.h b/src/include/ipxe/efi/Protocol/DriverBinding.h index 3c2027506..903545b98 100644 --- a/src/include/ipxe/efi/Protocol/DriverBinding.h +++ b/src/include/ipxe/efi/Protocol/DriverBinding.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_DRIVER_BINDING_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The global ID for the ControllerHandle Driver Protocol. diff --git a/src/include/ipxe/efi/Protocol/EapConfiguration.h b/src/include/ipxe/efi/Protocol/EapConfiguration.h new file mode 100644 index 000000000..980873945 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/EapConfiguration.h @@ -0,0 +1,156 @@ +/** @file + This file defines the EFI EAP Configuration protocol. + + Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.5 + +**/ + +#ifndef __EFI_EAP_CONFIGURATION_PROTOCOL_H__ +#define __EFI_EAP_CONFIGURATION_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +/// +/// EFI EAP Configuration protocol provides a way to set and get EAP configuration. +/// +#define EFI_EAP_CONFIGURATION_PROTOCOL_GUID \ + { \ + 0xe5b58dbb, 0x7688, 0x44b4, {0x97, 0xbf, 0x5f, 0x1d, 0x4b, 0x7c, 0xc8, 0xdb } \ + } + +typedef struct _EFI_EAP_CONFIGURATION_PROTOCOL EFI_EAP_CONFIGURATION_PROTOCOL; + +/// +/// Make sure it not conflict with any real EapTypeXXX +/// +#define EFI_EAP_TYPE_ATTRIBUTE 0 + +typedef enum { + /// + /// EFI_EAP_TYPE_ATTRIBUTE + /// + EfiEapConfigEapAuthMethod, + EfiEapConfigEapSupportedAuthMethod, + /// + /// EapTypeIdentity + /// + EfiEapConfigIdentityString, + /// + /// EapTypeEAPTLS/EapTypePEAP + /// + EfiEapConfigEapTlsCACert, + EfiEapConfigEapTlsClientCert, + EfiEapConfigEapTlsClientPrivateKeyFile, + EfiEapConfigEapTlsClientPrivateKeyFilePassword, // ASCII format, Volatile + EfiEapConfigEapTlsCipherSuite, + EfiEapConfigEapTlsSupportedCipherSuite, + /// + /// EapTypeMSChapV2 + /// + EfiEapConfigEapMSChapV2Password, // UNICODE format, Volatile + /// + /// EapTypePEAP + /// + EfiEapConfigEap2ndAuthMethod, + /// + /// More... + /// +} EFI_EAP_CONFIG_DATA_TYPE; + +/// +/// EFI_EAP_TYPE +/// +typedef UINT8 EFI_EAP_TYPE; +#define EFI_EAP_TYPE_ATTRIBUTE 0 +#define EFI_EAP_TYPE_IDENTITY 1 +#define EFI_EAP_TYPE_NOTIFICATION 2 +#define EFI_EAP_TYPE_NAK 3 +#define EFI_EAP_TYPE_MD5CHALLENGE 4 +#define EFI_EAP_TYPE_OTP 5 +#define EFI_EAP_TYPE_GTC 6 +#define EFI_EAP_TYPE_EAPTLS 13 +#define EFI_EAP_TYPE_EAPSIM 18 +#define EFI_EAP_TYPE_TTLS 21 +#define EFI_EAP_TYPE_PEAP 25 +#define EFI_EAP_TYPE_MSCHAPV2 26 +#define EFI_EAP_TYPE_EAP_EXTENSION 33 + +/** + Set EAP configuration data. + + The SetData() function sets EAP configuration to non-volatile storage or volatile + storage. + + @param[in] This Pointer to the EFI_EAP_CONFIGURATION_PROTOCOL instance. + @param[in] EapType EAP type. + @param[in] DataType Configuration data type. + @param[in] Data Pointer to configuration data. + @param[in] DataSize Total size of configuration data. + + @retval EFI_SUCCESS The EAP configuration data is set successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The EapType or DataType is unsupported. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_EAP_CONFIGURATION_SET_DATA)( + IN EFI_EAP_CONFIGURATION_PROTOCOL *This, + IN EFI_EAP_TYPE EapType, + IN EFI_EAP_CONFIG_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get EAP configuration data. + + The GetData() function gets EAP configuration. + + @param[in] This Pointer to the EFI_EAP_CONFIGURATION_PROTOCOL instance. + @param[in] EapType EAP type. + @param[in] DataType Configuration data type. + @param[in, out] Data Pointer to configuration data. + @param[in, out] DataSize Total size of configuration data. On input, it means + the size of Data buffer. On output, it means the size + of copied Data buffer if EFI_SUCCESS, and means the + size of desired Data buffer if EFI_BUFFER_TOO_SMALL. + + @retval EFI_SUCCESS The EAP configuration data is got successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: + Data is NULL. + DataSize is NULL. + @retval EFI_UNSUPPORTED The EapType or DataType is unsupported. + @retval EFI_NOT_FOUND The EAP configuration data is not found. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the buffer. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_EAP_CONFIGURATION_GET_DATA)( + IN EFI_EAP_CONFIGURATION_PROTOCOL *This, + IN EFI_EAP_TYPE EapType, + IN EFI_EAP_CONFIG_DATA_TYPE DataType, + IN OUT VOID *Data, + IN OUT UINTN *DataSize + ); + +/// +/// The EFI_EAP_CONFIGURATION_PROTOCOL +/// is designed to provide a way to set and get EAP configuration, such as Certificate, +/// private key file. +/// +struct _EFI_EAP_CONFIGURATION_PROTOCOL { + EFI_EAP_CONFIGURATION_SET_DATA SetData; + EFI_EAP_CONFIGURATION_GET_DATA GetData; +}; + +extern EFI_GUID gEfiEapConfigurationProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/FormBrowser2.h b/src/include/ipxe/efi/Protocol/FormBrowser2.h index 5e6f940b8..7f726757b 100644 --- a/src/include/ipxe/efi/Protocol/FormBrowser2.h +++ b/src/include/ipxe/efi/Protocol/FormBrowser2.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_FORM_BROWSER2_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/HiiPlatformSetupFormset.h> diff --git a/src/include/ipxe/efi/Protocol/GraphicsOutput.h b/src/include/ipxe/efi/Protocol/GraphicsOutput.h index b89315c7d..1e822c208 100644 --- a/src/include/ipxe/efi/Protocol/GraphicsOutput.h +++ b/src/include/ipxe/efi/Protocol/GraphicsOutput.h @@ -12,6 +12,7 @@ #define __GRAPHICS_OUTPUT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Hash.h b/src/include/ipxe/efi/Protocol/Hash.h new file mode 100644 index 000000000..aabbc3026 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Hash.h @@ -0,0 +1,172 @@ +/** @file + EFI_HASH_SERVICE_BINDING_PROTOCOL as defined in UEFI 2.0. + EFI_HASH_PROTOCOL as defined in UEFI 2.0. + The EFI Hash Service Binding Protocol is used to locate hashing services support + provided by a driver and to create and destroy instances of the EFI Hash Protocol + so that a multiple drivers can use the underlying hashing services. + +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __EFI_HASH_PROTOCOL_H__ +#define __EFI_HASH_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_HASH_SERVICE_BINDING_PROTOCOL_GUID \ + { \ + 0x42881c98, 0xa4f3, 0x44b0, {0xa3, 0x9d, 0xdf, 0xa1, 0x86, 0x67, 0xd8, 0xcd } \ + } + +#define EFI_HASH_PROTOCOL_GUID \ + { \ + 0xc5184932, 0xdba5, 0x46db, {0xa5, 0xba, 0xcc, 0x0b, 0xda, 0x9c, 0x14, 0x35 } \ + } + +#define EFI_HASH_ALGORITHM_SHA1_GUID \ + { \ + 0x2ae9d80f, 0x3fb2, 0x4095, {0xb7, 0xb1, 0xe9, 0x31, 0x57, 0xb9, 0x46, 0xb6 } \ + } + +#define EFI_HASH_ALGORITHM_SHA224_GUID \ + { \ + 0x8df01a06, 0x9bd5, 0x4bf7, {0xb0, 0x21, 0xdb, 0x4f, 0xd9, 0xcc, 0xf4, 0x5b } \ + } + +#define EFI_HASH_ALGORITHM_SHA256_GUID \ + { \ + 0x51aa59de, 0xfdf2, 0x4ea3, {0xbc, 0x63, 0x87, 0x5f, 0xb7, 0x84, 0x2e, 0xe9 } \ + } + +#define EFI_HASH_ALGORITHM_SHA384_GUID \ + { \ + 0xefa96432, 0xde33, 0x4dd2, {0xae, 0xe6, 0x32, 0x8c, 0x33, 0xdf, 0x77, 0x7a } \ + } + +#define EFI_HASH_ALGORITHM_SHA512_GUID \ + { \ + 0xcaa4381e, 0x750c, 0x4770, {0xb8, 0x70, 0x7a, 0x23, 0xb4, 0xe4, 0x21, 0x30 } \ + } + +#define EFI_HASH_ALGORTIHM_MD5_GUID \ + { \ + 0xaf7c79c, 0x65b5, 0x4319, {0xb0, 0xae, 0x44, 0xec, 0x48, 0x4e, 0x4a, 0xd7 } \ + } + +#define EFI_HASH_ALGORITHM_SHA1_NOPAD_GUID \ + { \ + 0x24c5dc2f, 0x53e2, 0x40ca, {0x9e, 0xd6, 0xa5, 0xd9, 0xa4, 0x9f, 0x46, 0x3b } \ + } + +#define EFI_HASH_ALGORITHM_SHA256_NOPAD_GUID \ + { \ + 0x8628752a, 0x6cb7, 0x4814, {0x96, 0xfc, 0x24, 0xa8, 0x15, 0xac, 0x22, 0x26 } \ + } + +// +// Note: Use of the following algorithms with EFI_HASH_PROTOCOL is deprecated. +// EFI_HASH_ALGORITHM_SHA1_GUID +// EFI_HASH_ALGORITHM_SHA224_GUID +// EFI_HASH_ALGORITHM_SHA256_GUID +// EFI_HASH_ALGORITHM_SHA384_GUID +// EFI_HASH_ALGORITHM_SHA512_GUID +// EFI_HASH_ALGORTIHM_MD5_GUID +// + +typedef struct _EFI_HASH_PROTOCOL EFI_HASH_PROTOCOL; + +typedef UINT8 EFI_MD5_HASH[16]; +typedef UINT8 EFI_SHA1_HASH[20]; +typedef UINT8 EFI_SHA224_HASH[28]; +typedef UINT8 EFI_SHA256_HASH[32]; +typedef UINT8 EFI_SHA384_HASH[48]; +typedef UINT8 EFI_SHA512_HASH[64]; + +typedef union { + EFI_MD5_HASH *Md5Hash; + EFI_SHA1_HASH *Sha1Hash; + EFI_SHA224_HASH *Sha224Hash; + EFI_SHA256_HASH *Sha256Hash; + EFI_SHA384_HASH *Sha384Hash; + EFI_SHA512_HASH *Sha512Hash; +} EFI_HASH_OUTPUT; + +/** + Returns the size of the hash which results from a specific algorithm. + + @param[in] This Points to this instance of EFI_HASH_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[out] HashSize Holds the returned size of the algorithm's hash. + + @retval EFI_SUCCESS Hash size returned successfully. + @retval EFI_INVALID_PARAMETER HashSize is NULL or HashAlgorithm is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported + by this driver. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_HASH_GET_HASH_SIZE)( + IN CONST EFI_HASH_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + OUT UINTN *HashSize + ); + +/** + Creates a hash for the specified message text. + + @param[in] This Points to this instance of EFI_HASH_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[in] Extend Specifies whether to create a new hash (FALSE) or extend the specified + existing hash (TRUE). + @param[in] Message Points to the start of the message. + @param[in] MessageSize The size of Message, in bytes. + @param[in,out] Hash On input, if Extend is TRUE, then this parameter holds a pointer + to a pointer to an array containing the hash to extend. If Extend + is FALSE, then this parameter holds a pointer to a pointer to a + caller-allocated array that will receive the result of the hash + computation. On output (regardless of the value of Extend), the + array will contain the result of the hash computation. + + @retval EFI_SUCCESS Hash returned successfully. + @retval EFI_INVALID_PARAMETER Message or Hash, HashAlgorithm is NULL or MessageSize is 0. + MessageSize is not an integer multiple of block size. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this + driver. Or, Extend is TRUE, and the algorithm doesn't support extending the hash. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_HASH_HASH)( + IN CONST EFI_HASH_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + IN BOOLEAN Extend, + IN CONST UINT8 *Message, + IN UINT64 MessageSize, + IN OUT EFI_HASH_OUTPUT *Hash + ); + +/// +/// This protocol allows creating a hash of an arbitrary message digest +/// using one or more hash algorithms. +/// +struct _EFI_HASH_PROTOCOL { + EFI_HASH_GET_HASH_SIZE GetHashSize; + EFI_HASH_HASH Hash; +}; + +extern EFI_GUID gEfiHashServiceBindingProtocolGuid; +extern EFI_GUID gEfiHashProtocolGuid; +extern EFI_GUID gEfiHashAlgorithmSha1Guid; +extern EFI_GUID gEfiHashAlgorithmSha224Guid; +extern EFI_GUID gEfiHashAlgorithmSha256Guid; +extern EFI_GUID gEfiHashAlgorithmSha384Guid; +extern EFI_GUID gEfiHashAlgorithmSha512Guid; +extern EFI_GUID gEfiHashAlgorithmMD5Guid; +extern EFI_GUID gEfiHashAlgorithmSha1NoPadGuid; +extern EFI_GUID gEfiHashAlgorithmSha256NoPadGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/HiiConfigAccess.h b/src/include/ipxe/efi/Protocol/HiiConfigAccess.h index aaa51a31b..e48a48335 100644 --- a/src/include/ipxe/efi/Protocol/HiiConfigAccess.h +++ b/src/include/ipxe/efi/Protocol/HiiConfigAccess.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_HII_CONFIG_ACCESS_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/FormBrowser2.h> diff --git a/src/include/ipxe/efi/Protocol/HiiDatabase.h b/src/include/ipxe/efi/Protocol/HiiDatabase.h index d077b1167..4338319d1 100644 --- a/src/include/ipxe/efi/Protocol/HiiDatabase.h +++ b/src/include/ipxe/efi/Protocol/HiiDatabase.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_DATABASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HII_DATABASE_PROTOCOL_GUID \ { 0xef9fc172, 0xa1b2, 0x4693, { 0xb3, 0x27, 0x6d, 0x32, 0xfc, 0x41, 0x60, 0x42 } } diff --git a/src/include/ipxe/efi/Protocol/HiiFont.h b/src/include/ipxe/efi/Protocol/HiiFont.h index 248f13ea5..6d6f88514 100644 --- a/src/include/ipxe/efi/Protocol/HiiFont.h +++ b/src/include/ipxe/efi/Protocol/HiiFont.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __HII_FONT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/GraphicsOutput.h> #include <ipxe/efi/Protocol/HiiImage.h> diff --git a/src/include/ipxe/efi/Protocol/HiiImage.h b/src/include/ipxe/efi/Protocol/HiiImage.h index 20fd72578..f40c00eb7 100644 --- a/src/include/ipxe/efi/Protocol/HiiImage.h +++ b/src/include/ipxe/efi/Protocol/HiiImage.h @@ -13,6 +13,7 @@ #define __HII_IMAGE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/GraphicsOutput.h> diff --git a/src/include/ipxe/efi/Protocol/Http.h b/src/include/ipxe/efi/Protocol/Http.h index d30a5aa46..84eb20600 100644 --- a/src/include/ipxe/efi/Protocol/Http.h +++ b/src/include/ipxe/efi/Protocol/Http.h @@ -17,6 +17,7 @@ #define __EFI_HTTP_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_HTTP_SERVICE_BINDING_PROTOCOL_GUID \ { \ @@ -100,7 +101,8 @@ typedef enum { HTTP_STATUS_503_SERVICE_UNAVAILABLE, HTTP_STATUS_504_GATEWAY_TIME_OUT, HTTP_STATUS_505_HTTP_VERSION_NOT_SUPPORTED, - HTTP_STATUS_308_PERMANENT_REDIRECT + HTTP_STATUS_308_PERMANENT_REDIRECT, + HTTP_STATUS_429_TOO_MANY_REQUESTS } EFI_HTTP_STATUS_CODE; /// @@ -190,12 +192,27 @@ typedef struct { /// The URI of a remote host. From the information in this field, the HTTP instance /// will be able to determine whether to use HTTP or HTTPS and will also be able to /// determine the port number to use. If no port number is specified, port 80 (HTTP) - /// is assumed. See RFC 3986 for more details on URI syntax. + /// or 443 (HTTPS) is assumed. See RFC 3986 for more details on URI syntax. /// CHAR16 *Url; } EFI_HTTP_REQUEST_DATA; /// +/// EFI_HTTP_CONNECT_REQUEST_DATA +/// +typedef struct { + EFI_HTTP_REQUEST_DATA Base; + /// + /// The URI of an Proxy Host. This field will be NULL if there is no Proxy Host + /// in the device path. From the information in this field, the HTTP instance will + /// be able to determine whether to use HTTP or HTTPS and will also be able to + /// determine the port number to use. If no port number is specified, port 80 (HTTP) + /// or 443 (HTTPS) is assumed. See RFC 3986 for more details on URI syntax. + /// + CHAR16 *ProxyUrl; +} EFI_HTTP_CONNECT_REQUEST_DATA; + +/// /// EFI_HTTP_RESPONSE_DATA /// typedef struct { diff --git a/src/include/ipxe/efi/Protocol/Ip4.h b/src/include/ipxe/efi/Protocol/Ip4.h index 0455c7b2f..f45465860 100644 --- a/src/include/ipxe/efi/Protocol/Ip4.h +++ b/src/include/ipxe/efi/Protocol/Ip4.h @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/Ip4Config.h b/src/include/ipxe/efi/Protocol/Ip4Config.h index ff47fd2b7..45d395ca8 100644 --- a/src/include/ipxe/efi/Protocol/Ip4Config.h +++ b/src/include/ipxe/efi/Protocol/Ip4Config.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_IP4CONFIG_H +#define _IPXE_EFI_IP4CONFIG_H + /** @file This file provides a definition of the EFI IPv4 Configuration Protocol. @@ -14,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP4CONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> @@ -176,3 +180,5 @@ struct _EFI_IP4_CONFIG_PROTOCOL { extern EFI_GUID gEfiIp4ConfigProtocolGuid; #endif + +#endif /* _IPXE_EFI_IP4CONFIG_H */ diff --git a/src/include/ipxe/efi/Protocol/Ip4Config2.h b/src/include/ipxe/efi/Protocol/Ip4Config2.h index ca091dea5..362387179 100644 --- a/src/include/ipxe/efi/Protocol/Ip4Config2.h +++ b/src/include/ipxe/efi/Protocol/Ip4Config2.h @@ -14,6 +14,7 @@ This Protocol is introduced in UEFI Specification 2.5 #define __EFI_IP4CONFIG2_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> diff --git a/src/include/ipxe/efi/Protocol/Ip6.h b/src/include/ipxe/efi/Protocol/Ip6.h index c70df1906..2d19b806a 100644 --- a/src/include/ipxe/efi/Protocol/Ip6.h +++ b/src/include/ipxe/efi/Protocol/Ip6.h @@ -22,6 +22,7 @@ #define __EFI_IP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/Ip6Config.h b/src/include/ipxe/efi/Protocol/Ip6Config.h index 5665e93b9..75c5adbb0 100644 --- a/src/include/ipxe/efi/Protocol/Ip6Config.h +++ b/src/include/ipxe/efi/Protocol/Ip6Config.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_IP6CONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/LoadFile.h b/src/include/ipxe/efi/Protocol/LoadFile.h index 034b22b55..47e164600 100644 --- a/src/include/ipxe/efi/Protocol/LoadFile.h +++ b/src/include/ipxe/efi/Protocol/LoadFile.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_LOAD_FILE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOAD_FILE_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/LoadFile2.h b/src/include/ipxe/efi/Protocol/LoadFile2.h index 2cb155dda..409e411cf 100644 --- a/src/include/ipxe/efi/Protocol/LoadFile2.h +++ b/src/include/ipxe/efi/Protocol/LoadFile2.h @@ -16,6 +16,7 @@ #define __EFI_LOAD_FILE2_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOAD_FILE2_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/LoadedImage.h b/src/include/ipxe/efi/Protocol/LoadedImage.h index db331b88f..401f464fa 100755 --- a/src/include/ipxe/efi/Protocol/LoadedImage.h +++ b/src/include/ipxe/efi/Protocol/LoadedImage.h @@ -13,6 +13,7 @@ #define __LOADED_IMAGE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_LOADED_IMAGE_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/ManagedNetwork.h b/src/include/ipxe/efi/Protocol/ManagedNetwork.h index 44a27ed1f..60e7e9ae8 100644 --- a/src/include/ipxe/efi/Protocol/ManagedNetwork.h +++ b/src/include/ipxe/efi/Protocol/ManagedNetwork.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_MANAGED_NETWORK_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/SimpleNetwork.h> diff --git a/src/include/ipxe/efi/Protocol/MpService.h b/src/include/ipxe/efi/Protocol/MpService.h index cd1bb27fe..1a1874662 100644 --- a/src/include/ipxe/efi/Protocol/MpService.h +++ b/src/include/ipxe/efi/Protocol/MpService.h @@ -40,6 +40,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _MP_SERVICE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the EFI_MP_SERVICES_PROTOCOL. diff --git a/src/include/ipxe/efi/Protocol/Mtftp4.h b/src/include/ipxe/efi/Protocol/Mtftp4.h index 4890c8ab2..5e50fcc9f 100644 --- a/src/include/ipxe/efi/Protocol/Mtftp4.h +++ b/src/include/ipxe/efi/Protocol/Mtftp4.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_MTFTP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_MTFTP4_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/Mtftp6.h b/src/include/ipxe/efi/Protocol/Mtftp6.h index b08af87e1..5a6d640e5 100644 --- a/src/include/ipxe/efi/Protocol/Mtftp6.h +++ b/src/include/ipxe/efi/Protocol/Mtftp6.h @@ -17,6 +17,7 @@ #define __EFI_MTFTP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_MTFTP6_SERVICE_BINDING_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h b/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h index 1ce13f273..5a0a82071 100644 --- a/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h +++ b/src/include/ipxe/efi/Protocol/NetworkInterfaceIdentifier.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_NETWORK_INTERFACE_IDENTIFER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); // // GUID retired from UEFI Specification 2.1b diff --git a/src/include/ipxe/efi/Protocol/PciIo.h b/src/include/ipxe/efi/Protocol/PciIo.h index c733925d5..3c2582cab 100644 --- a/src/include/ipxe/efi/Protocol/PciIo.h +++ b/src/include/ipxe/efi/Protocol/PciIo.h @@ -11,6 +11,7 @@ #define __PCI_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Global ID for the PCI I/O Protocol diff --git a/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h b/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h index b6a478027..674e864d1 100644 --- a/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h +++ b/src/include/ipxe/efi/Protocol/PciRootBridgeIo.h @@ -14,6 +14,7 @@ #define __PCI_ROOT_BRIDGE_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Library/BaseLib.h> diff --git a/src/include/ipxe/efi/Protocol/PxeBaseCode.h b/src/include/ipxe/efi/Protocol/PxeBaseCode.h index 20efd7280..5db934370 100644 --- a/src/include/ipxe/efi/Protocol/PxeBaseCode.h +++ b/src/include/ipxe/efi/Protocol/PxeBaseCode.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PXE_BASE_CODE_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// PXE Base Code protocol. @@ -36,7 +37,7 @@ typedef EFI_PXE_BASE_CODE_PROTOCOL EFI_PXE_BASE_CODE; /// /// Default IP TTL and ToS. /// -#define DEFAULT_TTL 16 +#define DEFAULT_TTL 64 #define DEFAULT_ToS 0 /// @@ -155,8 +156,6 @@ typedef UINT16 EFI_PXE_BASE_CODE_UDP_PORT; #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0006 #elif defined (MDE_CPU_X64) #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x0007 -#elif defined (MDE_CPU_ARM) -#define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000A #elif defined (MDE_CPU_AARCH64) #define EFI_PXE_CLIENT_SYSTEM_ARCHITECTURE 0x000B #elif defined (MDE_CPU_RISCV64) diff --git a/src/include/ipxe/efi/Protocol/Rng.h b/src/include/ipxe/efi/Protocol/Rng.h index 92d648bee..e4ad3d716 100644 --- a/src/include/ipxe/efi/Protocol/Rng.h +++ b/src/include/ipxe/efi/Protocol/Rng.h @@ -8,10 +8,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ -#ifndef __EFI_RNG_PROTOCOL_H__ -#define __EFI_RNG_PROTOCOL_H__ +#ifndef EFI_RNG_PROTOCOL_H_ +#define EFI_RNG_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Guid/Rng.h> /// /// Global ID for the Random Number Generator Protocol @@ -21,142 +24,8 @@ FILE_LICENCE ( BSD2_PATENT ); 0x3152bca5, 0xeade, 0x433d, {0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \ } -typedef struct _EFI_RNG_PROTOCOL EFI_RNG_PROTOCOL; - -/// -/// A selection of EFI_RNG_PROTOCOL algorithms. -/// The algorithms listed are optional, not meant to be exhaustive and be argmented by -/// vendors or other industry standards. -/// - -typedef EFI_GUID EFI_RNG_ALGORITHM; - -/// -/// The algorithms corresponds to SP800-90 as defined in -/// NIST SP 800-90, "Recommendation for Random Number Generation Using Deterministic Random -/// Bit Generators", March 2007. -/// -#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \ - { \ - 0xa7af67cb, 0x603b, 0x4d42, {0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96 } \ - } -#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \ - { \ - 0xc5149b43, 0xae85, 0x4f53, {0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7 } \ - } -#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \ - { \ - 0x44f0de6e, 0x4d8c, 0x4045, {0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e } \ - } -/// -/// The algorithms correspond to X9.31 as defined in -/// NIST, "Recommended Random Number Generator Based on ANSI X9.31 Appendix A.2.4 Using -/// the 3-Key Triple DES and AES Algorithm", January 2005. -/// -#define EFI_RNG_ALGORITHM_X9_31_3DES_GUID \ - { \ - 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 } \ - } -#define EFI_RNG_ALGORITHM_X9_31_AES_GUID \ - { \ - 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 } \ - } -/// -/// The "raw" algorithm, when supported, is intended to provide entropy directly from -/// the source, without it going through some deterministic random bit generator. -/// -#define EFI_RNG_ALGORITHM_RAW \ - { \ - 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \ - } -/// -/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant -/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be -/// inclusive of different geographies. -/// -#define EFI_RNG_ALGORITHM_ARM_RNDR \ - { \ - 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \ - } - -/** - Returns information about the random number generation implementation. - - @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. - @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. - On output with a return code of EFI_SUCCESS, the size - in bytes of the data returned in RNGAlgorithmList. On output - with a return code of EFI_BUFFER_TOO_SMALL, - the size of RNGAlgorithmList required to obtain the list. - @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver - with one EFI_RNG_ALGORITHM element for each supported - RNG algorithm. The list must not change across multiple - calls to the same driver. The first algorithm in the list - is the default algorithm for the driver. - - @retval EFI_SUCCESS The RNG algorithm list was returned successfully. - @retval EFI_UNSUPPORTED The services is not supported by this driver. - @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a - hardware or firmware error. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. - @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_RNG_GET_INFO)( - IN EFI_RNG_PROTOCOL *This, - IN OUT UINTN *RNGAlgorithmListSize, - OUT EFI_RNG_ALGORITHM *RNGAlgorithmList - ); - -/** - Produces and returns an RNG value using either the default or specified RNG algorithm. - - @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. - @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG - algorithm to use. May be NULL in which case the function will - use its default RNG algorithm. - @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by - RNGValue. The driver shall return exactly this numbers of bytes. - @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the - resulting RNG value. - - @retval EFI_SUCCESS The RNG value was returned successfully. - @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by - this driver. - @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or - firmware error. - @retval EFI_NOT_READY There is not enough random data available to satisfy the length - requested by RNGValueLength. - @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. - -**/ -typedef -EFI_STATUS -(EFIAPI *EFI_RNG_GET_RNG)( - IN EFI_RNG_PROTOCOL *This, - IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, - IN UINTN RNGValueLength, - OUT UINT8 *RNGValue - ); - -/// -/// The Random Number Generator (RNG) protocol provides random bits for use in -/// applications, or entropy for seeding other random number generators. -/// -struct _EFI_RNG_PROTOCOL { - EFI_RNG_GET_INFO GetInfo; - EFI_RNG_GET_RNG GetRNG; -}; +typedef EFI_RNG_INTERFACE EFI_RNG_PROTOCOL; extern EFI_GUID gEfiRngProtocolGuid; -extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid; -extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid; -extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; -extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; -extern EFI_GUID gEfiRngAlgorithmX931AesGuid; -extern EFI_GUID gEfiRngAlgorithmRaw; -extern EFI_GUID gEfiRngAlgorithmArmRndr; #endif diff --git a/src/include/ipxe/efi/Protocol/SerialIo.h b/src/include/ipxe/efi/Protocol/SerialIo.h index 1e44a21c4..31fd99215 100644 --- a/src/include/ipxe/efi/Protocol/SerialIo.h +++ b/src/include/ipxe/efi/Protocol/SerialIo.h @@ -13,6 +13,7 @@ #define __SERIAL_IO_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SERIAL_IO_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/ServiceBinding.h b/src/include/ipxe/efi/Protocol/ServiceBinding.h index 6baf73aa7..d23059ccf 100644 --- a/src/include/ipxe/efi/Protocol/ServiceBinding.h +++ b/src/include/ipxe/efi/Protocol/ServiceBinding.h @@ -14,6 +14,7 @@ #define __EFI_SERVICE_BINDING_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Forward reference for pure ANSI compatability diff --git a/src/include/ipxe/efi/Protocol/ShimLock.h b/src/include/ipxe/efi/Protocol/ShimLock.h index b31365173..8fd3c3bc8 100644 --- a/src/include/ipxe/efi/Protocol/ShimLock.h +++ b/src/include/ipxe/efi/Protocol/ShimLock.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( BSD3 ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SHIM_LOCK_PROTOCOL_GUID \ { 0x605dab50, 0xe046, 0x4300, \ diff --git a/src/include/ipxe/efi/Protocol/SimpleFileSystem.h b/src/include/ipxe/efi/Protocol/SimpleFileSystem.h index 62edb2a88..39944c31a 100644 --- a/src/include/ipxe/efi/Protocol/SimpleFileSystem.h +++ b/src/include/ipxe/efi/Protocol/SimpleFileSystem.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_FILE_SYSTEM_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_FILE_SYSTEM_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/SimpleNetwork.h b/src/include/ipxe/efi/Protocol/SimpleNetwork.h index 141ab8856..d7e4e1182 100644 --- a/src/include/ipxe/efi/Protocol/SimpleNetwork.h +++ b/src/include/ipxe/efi/Protocol/SimpleNetwork.h @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_NETWORK_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_NETWORK_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/SimplePointer.h b/src/include/ipxe/efi/Protocol/SimplePointer.h index 45ddf8d5c..1381b7ec1 100644 --- a/src/include/ipxe/efi/Protocol/SimplePointer.h +++ b/src/include/ipxe/efi/Protocol/SimplePointer.h @@ -12,6 +12,7 @@ #define __SIMPLE_POINTER_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_POINTER_PROTOCOL_GUID \ { \ @@ -56,12 +57,12 @@ typedef struct { UINT64 ResolutionX; /// /// The resolution of the pointer device on the y-axis in counts/mm. - /// If 0, then the pointer device does not support an x-axis. + /// If 0, then the pointer device does not support a y-axis. /// UINT64 ResolutionY; /// /// The resolution of the pointer device on the z-axis in counts/mm. - /// If 0, then the pointer device does not support an x-axis. + /// If 0, then the pointer device does not support a z-axis. /// UINT64 ResolutionZ; /// diff --git a/src/include/ipxe/efi/Protocol/SimpleTextIn.h b/src/include/ipxe/efi/Protocol/SimpleTextIn.h index 11daeb5bc..1198ff81a 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextIn.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextIn.h @@ -13,6 +13,7 @@ #define __SIMPLE_TEXT_IN_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_TEXT_INPUT_PROTOCOL_GUID \ { \ @@ -102,6 +103,7 @@ EFI_STATUS @retval EFI_NOT_READY There was no keystroke data available. @retval EFI_DEVICE_ERROR The keystroke information was not returned due to hardware errors. + @retval EFI_UNSUPPORTED The device does not support the ability to read keystroke data. **/ typedef diff --git a/src/include/ipxe/efi/Protocol/SimpleTextInEx.h b/src/include/ipxe/efi/Protocol/SimpleTextInEx.h index 9a93da509..f797a45c9 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextInEx.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextInEx.h @@ -14,6 +14,7 @@ #define __SIMPLE_TEXT_IN_EX_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/SimpleTextIn.h> @@ -188,6 +189,7 @@ typedef struct { @retval EFI_NOT_READY There was no keystroke data available. @retval EFI_DEVICE_ERROR The keystroke information was not returned due to hardware errors. + @retval EFI_UNSUPPORTED The device does not support the ability to read keystroke data. **/ diff --git a/src/include/ipxe/efi/Protocol/SimpleTextOut.h b/src/include/ipxe/efi/Protocol/SimpleTextOut.h index 824018822..349e9debe 100644 --- a/src/include/ipxe/efi/Protocol/SimpleTextOut.h +++ b/src/include/ipxe/efi/Protocol/SimpleTextOut.h @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __SIMPLE_TEXT_OUT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h b/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h new file mode 100644 index 000000000..f00eb925c --- /dev/null +++ b/src/include/ipxe/efi/Protocol/StorageSecurityCommand.h @@ -0,0 +1,213 @@ +/** @file + EFI Storage Security Command Protocol as defined in UEFI 2.3.1 specification. + This protocol is used to abstract mass storage devices to allow code running in + the EFI boot services environment to send security protocol commands to mass + storage devices without specific knowledge of the type of device or controller + that manages the device. + + Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __STORAGE_SECURITY_COMMAND_H__ +#define __STORAGE_SECURITY_COMMAND_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_STORAGE_SECURITY_COMMAND_PROTOCOL_GUID \ + { \ + 0xC88B0B6D, 0x0DFC, 0x49A7, {0x9C, 0xB4, 0x49, 0x07, 0x4B, 0x4C, 0x3A, 0x78 } \ + } + +typedef struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL EFI_STORAGE_SECURITY_COMMAND_PROTOCOL; + +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. + + If the PayloadBufferSize is zero, the security protocol command is sent using the + Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. If there is no + block IO protocol supported by the physical device, the + value of MediaId is undefined. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT if the + time required to execute the receive data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the + data written to the payload data buffer. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available + data from the device. The PayloadBuffer contains the truncated data. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and + PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_STORAGE_SECURITY_RECEIVE_DATA)( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer, + OUT UINTN *PayloadTransferSize + ); + +/** + Send a security protocol command to a device. + + The SendData function sends a security protocol command containing the payload + PayloadBuffer to the given MediaId. The security protocol command sent is + defined by SecurityProtocolId and contains the security protocol specific data + SecurityProtocolSpecificData. If the underlying protocol command requires a + specific padding for the command payload, the SendData function shall add padding + bytes to the command payload to satisfy the padding requirements. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL OUT command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. If the PayloadBufferSize is zero, the security protocol command is + sent using the Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall + return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function + shall return EFI_UNSUPPORTED. If there is no media in the device, the function + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the + device, the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall return + EFI_SUCCESS. If the security protocol command completes with an error, the function + shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. If there is no + block IO protocol supported by the physical device, the + value of MediaId is undefined. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT if the + time required to execute the receive data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_STORAGE_SECURITY_SEND_DATA)( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + IN VOID *PayloadBuffer + ); + +/// +/// The EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is used to send security protocol +/// commands to a mass storage device. Two types of security protocol commands +/// are supported. SendData sends a command with data to a device. ReceiveData +/// sends a command that receives data and/or the result of one or more commands +/// sent by SendData. +/// +/// The security protocol command formats supported shall be based on the definition +/// of the SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT commands defined in SPC-4. +/// If the device uses the SCSI command set, no translation is needed in the firmware +/// and the firmware can package the parameters into a SECURITY PROTOCOL IN or SECURITY +/// PROTOCOL OUT command and send the command to the device. If the device uses a +/// non-SCSI command set, the firmware shall map the command and data payload to the +/// corresponding command and payload format defined in the non-SCSI command set +/// (for example, TRUSTED RECEIVE and TRUSTED SEND in ATA8-ACS). +/// +/// The firmware shall automatically add an EFI_STORAGE_SECURITY_COMMAND_PROTOCOL +/// for any storage devices detected during system boot that support SPC-4, ATA8-ACS +/// or their successors. +/// +struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL { + EFI_STORAGE_SECURITY_RECEIVE_DATA ReceiveData; + EFI_STORAGE_SECURITY_SEND_DATA SendData; +}; + +extern EFI_GUID gEfiStorageSecurityCommandProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/Supplicant.h b/src/include/ipxe/efi/Protocol/Supplicant.h new file mode 100644 index 000000000..51a568335 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Supplicant.h @@ -0,0 +1,461 @@ +/** @file + This file defines the EFI Supplicant Protocol. + + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.6 + +**/ + +#ifndef __EFI_SUPPLICANT_PROTOCOL_H__ +#define __EFI_SUPPLICANT_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/Protocol/WiFi2.h> + +/// +/// The EFI Supplicant Service Binding Protocol is used to locate EFI +/// Supplicant Protocol drivers to create and destroy child of the driver to +/// communicate with other host using Supplicant protocol. +/// +#define EFI_SUPPLICANT_SERVICE_BINDING_PROTOCOL_GUID \ + { \ + 0x45bcd98e, 0x59ad, 0x4174, { 0x95, 0x46, 0x34, 0x4a, 0x7, 0x48, 0x58, 0x98 } \ + } + +/// +/// The EFI Supplicant protocol provides services to process authentication and +/// data encryption/decryption for security management. +/// +#define EFI_SUPPLICANT_PROTOCOL_GUID \ + { \ + 0x54fcc43e, 0xaa89, 0x4333, { 0x9a, 0x85, 0xcd, 0xea, 0x24, 0x5, 0x1e, 0x9e } \ + } + +typedef struct _EFI_SUPPLICANT_PROTOCOL EFI_SUPPLICANT_PROTOCOL; + +/// +/// EFI_SUPPLICANT_CRYPT_MODE +/// +typedef enum { + // + // Encrypt data provided in the fragment buffers. + // + EfiSupplicantEncrypt, + // + // Decrypt data provided in the fragment buffers. + // + EfiSupplicantDecrypt, +} EFI_SUPPLICANT_CRYPT_MODE; + +/// +/// EFI_SUPPLICANT_DATA_TYPE +/// +typedef enum { + // + // Session Configuration + // + + // + // Current authentication type in use. The corresponding Data is of type + // EFI_80211_AKM_SUITE_SELECTOR. + // + EfiSupplicant80211AKMSuite, + // + // Group data encryption type in use. The corresponding Data is of type + // EFI_SUPPLICANT_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211GroupDataCipherSuite, + // + // Pairwise encryption type in use. The corresponding Data is of type + // EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211PairwiseCipherSuite, + // + // PSK password. The corresponding Data is a NULL-terminated ASCII string. + // + EfiSupplicant80211PskPassword, + // + // Target SSID name. The corresponding Data is of type EFI_80211_SSID. + // + EfiSupplicant80211TargetSSIDName, + // + // Station MAC address. The corresponding Data is of type + // EFI_80211_MAC_ADDRESS. + // + EfiSupplicant80211StationMac, + // + // Target SSID MAC address. The corresponding Data is 6 bytes MAC address. + // + EfiSupplicant80211TargetSSIDMac, + + // + // Session Information + // + + // + // 802.11 PTK. The corresponding Data is of type EFI_SUPPLICANT_KEY. + // + EfiSupplicant80211PTK, + // + // 802.11 GTK. The corresponding Data is of type EFI_SUPPLICANT_GTK_LIST. + // + EfiSupplicant80211GTK, + // + // Supplicant state. The corresponding Data is + // EFI_EAPOL_SUPPLICANT_PAE_STATE. + // + EfiSupplicantState, + // + // 802.11 link state. The corresponding Data is EFI_80211_LINK_STATE. + // + EfiSupplicant80211LinkState, + // + // Flag indicates key is refreshed. The corresponding Data is + // EFI_SUPPLICANT_KEY_REFRESH. + // + EfiSupplicantKeyRefresh, + + // + // Session Configuration + // + + // + // Supported authentication types. The corresponding Data is of type + // EFI_80211_AKM_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedAKMSuites, + // + // Supported software encryption types provided by supplicant driver. The + // corresponding Data is of type EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedSoftwareCipherSuites, + // + // Supported hardware encryption types provided by wireless UNDI driver. The + // corresponding Data is of type EFI_80211_CIPHER_SUITE_SELECTOR. + // + EfiSupplicant80211SupportedHardwareCipherSuites, + + // + // Session Information + // + + // + // 802.11 Integrity GTK. The corresponding Data is of type + // EFI_SUPPLICANT_GTK_LIST. + // + EfiSupplicant80211IGTK, + // + // 802.11 PMK. The corresponding Data is 32 bytes pairwise master key. + // + EfiSupplicant80211PMK, + EfiSupplicantDataTypeMaximum +} EFI_SUPPLICANT_DATA_TYPE; + +/// +/// EFI_80211_LINK_STATE +/// +typedef enum { + // + // Indicates initial start state, unauthenticated, unassociated. + // + Ieee80211UnauthenticatedUnassociated, + // + // Indicates authenticated, unassociated. + // + Ieee80211AuthenticatedUnassociated, + // + // Indicates authenticated and associated, but pending RSN authentication. + // + Ieee80211PendingRSNAuthentication, + // + // Indicates authenticated and associated. + // + Ieee80211AuthenticatedAssociated +} EFI_80211_LINK_STATE; + +/// +/// EFI_SUPPLICANT_KEY_TYPE (IEEE Std 802.11 Section 6.3.19.1.2) +/// +typedef enum { + Group, + Pairwise, + PeerKey, + IGTK +} EFI_SUPPLICANT_KEY_TYPE; + +/// +/// EFI_SUPPLICANT_KEY_DIRECTION (IEEE Std 802.11 Section 6.3.19.1.2) +/// +typedef enum { + // + // Indicates that the keys are being installed for the receive direction. + // + Receive, + // + // Indicates that the keys are being installed for the transmit direction. + // + Transmit, + // + // Indicates that the keys are being installed for both the receive and + // transmit directions. + // + Both +} EFI_SUPPLICANT_KEY_DIRECTION; + +/// +/// EFI_SUPPLICANT_KEY_REFRESH +/// +typedef struct { + // + // If TRUE, indicates GTK is just refreshed after a successful call to + // EFI_SUPPLICANT_PROTOCOL.BuildResponsePacket(). + // + BOOLEAN GTKRefresh; +} EFI_SUPPLICANT_KEY_REFRESH; + +#define EFI_MAX_KEY_LEN 64 + +/// +/// EFI_SUPPLICANT_KEY +/// +typedef struct { + // + // The key value. + // + UINT8 Key[EFI_MAX_KEY_LEN]; + // + // Length in bytes of the Key. Should be up to EFI_MAX_KEY_LEN. + // + UINT8 KeyLen; + // + // The key identifier. + // + UINT8 KeyId; + // + // Defines whether this key is a group key, pairwise key, PeerKey, or + // Integrity Group. + // + EFI_SUPPLICANT_KEY_TYPE KeyType; + // + // The value is set according to the KeyType. + // + EFI_80211_MAC_ADDRESS Addr; + // + // The Receive Sequence Count value. + // + UINT8 Rsc[8]; + // + // Length in bytes of the Rsc. Should be up to 8. + // + UINT8 RscLen; + // + // Indicates whether the key is configured by the Authenticator or + // Supplicant. The value true indicates Authenticator. + // + BOOLEAN IsAuthenticator; + // + // The cipher suite required for this association. + // + EFI_80211_SUITE_SELECTOR CipherSuite; + // + // Indicates the direction for which the keys are to be installed. + // + EFI_SUPPLICANT_KEY_DIRECTION Direction; +} EFI_SUPPLICANT_KEY; + +/// +/// EFI_SUPPLICANT_GTK_LIST +/// +typedef struct { + // + // Indicates the number of GTKs that are contained in GTKList. + // + UINT8 GTKCount; + // + // A variable-length array of GTKs of type EFI_SUPPLICANT_KEY. The number of + // entries is specified by GTKCount. + // + EFI_SUPPLICANT_KEY GTKList[1]; +} EFI_SUPPLICANT_GTK_LIST; + +/// +/// EFI_SUPPLICANT_FRAGMENT_DATA +/// +typedef struct { + // + // Length of data buffer in the fragment. + // + UINT32 FragmentLength; + // + // Pointer to the data buffer in the fragment. + // + VOID *FragmentBuffer; +} EFI_SUPPLICANT_FRAGMENT_DATA; + +/** + BuildResponsePacket() is called during STA and AP authentication is in + progress. Supplicant derives the PTK or session keys depend on type of + authentication is being employed. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] RequestBuffer Pointer to the most recently received EAPOL + packet. NULL means the supplicant need + initiate the EAP authentication session and + send EAPOL-Start message. + @param[in] RequestBufferSize + Packet size in bytes for the most recently + received EAPOL packet. 0 is only valid when + RequestBuffer is NULL. + @param[out] Buffer Pointer to the buffer to hold the built + packet. + @param[in, out] BufferSize Pointer to the buffer size in bytes. On + input, it is the buffer size provided by the + caller. On output, it is the buffer size in + fact needed to contain the packet. + + @retval EFI_SUCCESS The required EAPOL packet is built + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + RequestBuffer is NULL, but RequestSize is + NOT 0. + RequestBufferSize is 0. + Buffer is NULL, but RequestBuffer is NOT 0. + BufferSize is NULL. + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response + packet. + @retval EFI_NOT_READY Current EAPOL session state is NOT ready to + build ResponsePacket. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_BUILD_RESPONSE_PACKET)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN UINT8 *RequestBuffer OPTIONAL, + IN UINTN RequestBufferSize OPTIONAL, + OUT UINT8 *Buffer, + IN OUT UINTN *BufferSize + ); + +/** + ProcessPacket() is called to Supplicant driver to encrypt or decrypt the data + depending type of authentication type. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in, out] FragmentTable Pointer to a list of fragment. The caller + will take responsible to handle the original + FragmentTable while it may be reallocated in + Supplicant driver. + @param[in] FragmentCount Number of fragment. + @param[in] CryptMode Crypt mode. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + FragmentTable is NULL. + FragmentCount is NULL. + CryptMode is invalid. + @retval EFI_NOT_READY Current supplicant state is NOT Authenticated. + @retval EFI_ABORTED Something wrong decryption the message. + @retval EFI_UNSUPPORTED This API is not supported. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_PROCESS_PACKET)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN OUT EFI_SUPPLICANT_FRAGMENT_DATA **FragmentTable, + IN UINT32 *FragmentCount, + IN EFI_SUPPLICANT_CRYPT_MODE CryptMode + ); + +/** + Set Supplicant configuration data. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] DataType The type of data. + @param[in] Data Pointer to the buffer to hold the data. + @param[in] DataSize Pointer to the buffer size in bytes. + + @retval EFI_SUCCESS The Supplicant configuration data is set + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + Data is NULL. + DataSize is 0. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_SET_DATA)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN EFI_SUPPLICANT_DATA_TYPE DataType, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + Get Supplicant configuration data. + + @param[in] This Pointer to the EFI_SUPPLICANT_PROTOCOL + instance. + @param[in] DataType The type of data. + @param[out] Data Pointer to the buffer to hold the data. + Ignored if DataSize is 0. + @param[in, out] DataSize Pointer to the buffer size in bytes. On + input, it is the buffer size provided by the + caller. On output, it is the buffer size in + fact needed to contain the packet. + + @retval EFI_SUCCESS The Supplicant configuration data is got + successfully. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + DataSize is NULL. + Data is NULL if *DataSize is not zero. + @retval EFI_UNSUPPORTED The DataType is unsupported. + @retval EFI_NOT_FOUND The Supplicant configuration data is not + found. + @retval EFI_BUFFER_TOO_SMALL The size of Data is too small for the + specified configuration data and the required + size is returned in DataSize. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_SUPPLICANT_GET_DATA)( + IN EFI_SUPPLICANT_PROTOCOL *This, + IN EFI_SUPPLICANT_DATA_TYPE DataType, + OUT UINT8 *Data OPTIONAL, + IN OUT UINTN *DataSize + ); + +/// +/// The EFI_SUPPLICANT_PROTOCOL is designed to provide unified place for WIFI +/// and EAP security management. Both PSK authentication and 802.1X EAP +/// authentication can be managed via this protocol and driver or application +/// as a consumer can only focus on about packet transmitting or receiving. +/// +struct _EFI_SUPPLICANT_PROTOCOL { + EFI_SUPPLICANT_BUILD_RESPONSE_PACKET BuildResponsePacket; + EFI_SUPPLICANT_PROCESS_PACKET ProcessPacket; + EFI_SUPPLICANT_SET_DATA SetData; + EFI_SUPPLICANT_GET_DATA GetData; +}; + +extern EFI_GUID gEfiSupplicantServiceBindingProtocolGuid; +extern EFI_GUID gEfiSupplicantProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/Protocol/Tcg2Protocol.h b/src/include/ipxe/efi/Protocol/Tcg2Protocol.h new file mode 100644 index 000000000..4333211b6 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/Tcg2Protocol.h @@ -0,0 +1,338 @@ +/** @file + TPM2 Protocol as defined in TCG PC Client Platform EFI Protocol Specification Family "2.0". + See http://trustedcomputinggroup.org for the latest specification + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_PROTOCOL_H__ +#define __TCG2_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/IndustryStandard/UefiTcgPlatform.h> +#include <ipxe/efi/IndustryStandard/Tpm20.h> + +#define EFI_TCG2_PROTOCOL_GUID \ + {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }} + +typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL; + +typedef struct tdEFI_TCG2_VERSION { + UINT8 Major; + UINT8 Minor; +} EFI_TCG2_VERSION; + +typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP; +typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT; +typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP; + +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001 +#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002 + +typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY { + // + // Allocated size of the structure + // + UINT8 Size; + // + // Version of the EFI_TCG2_BOOT_SERVICE_CAPABILITY structure itself. + // For this version of the protocol, the Major version shall be set to 1 + // and the Minor version shall be set to 1. + // + EFI_TCG2_VERSION StructureVersion; + // + // Version of the EFI TCG2 protocol. + // For this version of the protocol, the Major version shall be set to 1 + // and the Minor version shall be set to 1. + // + EFI_TCG2_VERSION ProtocolVersion; + // + // Supported hash algorithms (this bitmap is determined by the supported PCR + // banks in the TPM and the hashing algorithms supported by the firmware) + // + EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap; + // + // Bitmap of supported event log formats + // + EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs; + // + // False = TPM not present + // + BOOLEAN TPMPresentFlag; + // + // Max size (in bytes) of a command that can be sent to the TPM + // + UINT16 MaxCommandSize; + // + // Max size (in bytes) of a response that can be provided by the TPM + // + UINT16 MaxResponseSize; + // + // 4-byte Vendor ID + // (see TCG Vendor ID registry, Section "TPM Capabilities Vendor ID") + // + UINT32 ManufacturerID; + // + // Maximum number of PCR banks (hashing algorithms) supported. + // No granularity is provided to support a specific set of algorithms. + // Minimum value is 1. + // + UINT32 NumberOfPCRBanks; + // + // A bitmap of currently active PCR banks (hashing algorithms). + // This is a subset of the supported hashing algorithms reported in HashAlgorithmBitMap. + // NumberOfPcrBanks defines the number of bits that are set. + // + EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks; +} EFI_TCG2_BOOT_SERVICE_CAPABILITY; + +#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001 +#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002 +#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004 +#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008 +#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010 + +// +// This bit is shall be set when an event shall be extended but not logged. +// +#define EFI_TCG2_EXTEND_ONLY 0x0000000000000001 +// +// This bit shall be set when the intent is to measure a PE/COFF image. +// +#define PE_COFF_IMAGE 0x0000000000000010 + +#define MAX_PCR_INDEX 23 + +#pragma pack(1) + +#define EFI_TCG2_EVENT_HEADER_VERSION 1 + +typedef struct { + // + // Size of the event header itself (sizeof(EFI_TCG2_EVENT_HEADER)). + // + UINT32 HeaderSize; + // + // Header version. For this version of this specification, the value shall be 1. + // + UINT16 HeaderVersion; + // + // Index of the PCR that shall be extended (0 - 23). + // + TCG_PCRINDEX PCRIndex; + // + // Type of the event that shall be extended (and optionally logged). + // + TCG_EVENTTYPE EventType; +} EFI_TCG2_EVENT_HEADER; + +typedef struct tdEFI_TCG2_EVENT { + // + // Total size of the event including the Size component, the header and the Event data. + // + UINT32 Size; + EFI_TCG2_EVENT_HEADER Header; + UINT8 Event[1]; +} EFI_TCG2_EVENT; + +#pragma pack() + +/** + The EFI_TCG2_PROTOCOL GetCapability function call provides protocol + capability information and state information. + + @param[in] This Indicates the calling context + @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY + structure and sets the size field to the size of the structure allocated. + The callee fills in the fields with the EFI protocol capability information + and the current EFI TCG2 state information up to the number of fields which + fit within the size of the structure passed in. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + The ProtocolCapability variable will not be populated. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + The ProtocolCapability variable will not be populated. + @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response. + It will be partially populated (required Size field will be set). +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_CAPABILITY)( + IN EFI_TCG2_PROTOCOL *This, + IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability + ); + +/** + The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to + retrieve the address of a given event log and its last entry. + + @param[in] This Indicates the calling context + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[out] EventLogLocation A pointer to the memory address of the event log. + @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would + have exceeded the area allocated for events, this value is set to TRUE. + Otherwise, the value will be FALSE and the Event Log will be complete. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect + (e.g. asking for an event log whose format is not supported). +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_EVENT_LOG)( + IN EFI_TCG2_PROTOCOL *This, + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + OUT BOOLEAN *EventLogTruncated + ); + +/** + The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with + an opportunity to extend and optionally log events without requiring + knowledge of actual TPM commands. + The extend operation will occur even if this function cannot create an event + log entry (e.g. due to the event log being full). + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] DataToHash Physical address of the start of the data buffer to be hashed. + @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash. + @param[in] EfiTcgEvent Pointer to data buffer containing information about the event. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_UNSUPPORTED The PE/COFF image type is not supported. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_HASH_LOG_EXTEND_EVENT)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT64 Flags, + IN EFI_PHYSICAL_ADDRESS DataToHash, + IN UINT64 DataToHashLen, + IN EFI_TCG2_EVENT *EfiTcgEvent + ); + +/** + This service enables the sending of commands to the TPM. + + @param[in] This Indicates the calling context + @param[in] InputParameterBlockSize Size of the TPM input parameter block. + @param[in] InputParameterBlock Pointer to the TPM input parameter block. + @param[in] OutputParameterBlockSize Size of the TPM output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SUBMIT_COMMAND)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN UINT32 OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service returns the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks. + + @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *ActivePcrBanks + ); + +/** + This service sets the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set. + + @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 ActivePcrBanks + ); + +/** + This service retrieves the result of a previous invocation of SetActivePcrBanks. + + @param[in] This Indicates the calling context + @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot. + @param[out] Response The response from the SetActivePcrBank request. + + @retval EFI_SUCCESS The result value could be returned. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS)( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *OperationPresent, + OUT UINT32 *Response + ); + +struct tdEFI_TCG2_PROTOCOL { + EFI_TCG2_GET_CAPABILITY GetCapability; + EFI_TCG2_GET_EVENT_LOG GetEventLog; + EFI_TCG2_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; + EFI_TCG2_SUBMIT_COMMAND SubmitCommand; + EFI_TCG2_GET_ACTIVE_PCR_BANKS GetActivePcrBanks; + EFI_TCG2_SET_ACTIVE_PCR_BANKS SetActivePcrBanks; + EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks; +}; + +extern EFI_GUID gEfiTcg2ProtocolGuid; + +// +// Log entries after Get Event Log service +// + +#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID \ + {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }} + +extern EFI_GUID gEfiTcg2FinalEventsTableGuid; + +typedef struct tdEFI_TCG2_FINAL_EVENTS_TABLE { + // + // The version of this structure. + // + UINT64 Version; + // + // Number of events recorded after invocation of GetEventLog API + // + UINT64 NumberOfEvents; + // + // List of events of type TCG_PCR_EVENT2. + // + // TCG_PCR_EVENT2 Event[1]; +} EFI_TCG2_FINAL_EVENTS_TABLE; + +#define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1 + +#endif diff --git a/src/include/ipxe/efi/Protocol/TcgService.h b/src/include/ipxe/efi/Protocol/TcgService.h index d225ae884..88b9f0ea9 100644 --- a/src/include/ipxe/efi/Protocol/TcgService.h +++ b/src/include/ipxe/efi/Protocol/TcgService.h @@ -11,6 +11,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define _TCG_SERVICE_PROTOCOL_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/UefiTcgPlatform.h> diff --git a/src/include/ipxe/efi/Protocol/Tcp4.h b/src/include/ipxe/efi/Protocol/Tcp4.h index 249f1fe0c..eeecd366d 100644 --- a/src/include/ipxe/efi/Protocol/Tcp4.h +++ b/src/include/ipxe/efi/Protocol/Tcp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_TCP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> diff --git a/src/include/ipxe/efi/Protocol/Tcp6.h b/src/include/ipxe/efi/Protocol/Tcp6.h index ddceaaf9f..df0ed6500 100644 --- a/src/include/ipxe/efi/Protocol/Tcp6.h +++ b/src/include/ipxe/efi/Protocol/Tcp6.h @@ -16,6 +16,7 @@ #define __EFI_TCP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/ManagedNetwork.h> #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/Udp4.h b/src/include/ipxe/efi/Protocol/Udp4.h index dc0586d81..7e8cc68c9 100644 --- a/src/include/ipxe/efi/Protocol/Udp4.h +++ b/src/include/ipxe/efi/Protocol/Udp4.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_UDP4_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip4.h> // diff --git a/src/include/ipxe/efi/Protocol/Udp6.h b/src/include/ipxe/efi/Protocol/Udp6.h index 5a62a3e02..4f176b8db 100644 --- a/src/include/ipxe/efi/Protocol/Udp6.h +++ b/src/include/ipxe/efi/Protocol/Udp6.h @@ -15,6 +15,7 @@ #define __EFI_UDP6_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Ip6.h> diff --git a/src/include/ipxe/efi/Protocol/UgaDraw.h b/src/include/ipxe/efi/Protocol/UgaDraw.h index c268bd2d2..9e07948c4 100644 --- a/src/include/ipxe/efi/Protocol/UgaDraw.h +++ b/src/include/ipxe/efi/Protocol/UgaDraw.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_UGADRAW_H +#define _IPXE_EFI_UGADRAW_H + /** @file UGA Draw protocol from the EFI 1.10 specification. @@ -12,6 +15,7 @@ #define __UGA_DRAW_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_UGA_DRAW_PROTOCOL_GUID \ { \ @@ -159,3 +163,5 @@ struct _EFI_UGA_DRAW_PROTOCOL { extern EFI_GUID gEfiUgaDrawProtocolGuid; #endif + +#endif /* _IPXE_EFI_UGADRAW_H */ diff --git a/src/include/ipxe/efi/Protocol/UnicodeCollation.h b/src/include/ipxe/efi/Protocol/UnicodeCollation.h index f708624ee..96933d006 100644 --- a/src/include/ipxe/efi/Protocol/UnicodeCollation.h +++ b/src/include/ipxe/efi/Protocol/UnicodeCollation.h @@ -12,11 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UNICODE_COLLATION_H__ FILE_LICENCE ( BSD2_PATENT ); - -#define EFI_UNICODE_COLLATION_PROTOCOL_GUID \ - { \ - 0x1d85cd7f, 0xf43d, 0x11d2, {0x9a, 0xc, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ - } +FILE_SECBOOT ( PERMITTED ); #define EFI_UNICODE_COLLATION_PROTOCOL2_GUID \ { \ @@ -26,16 +22,6 @@ FILE_LICENCE ( BSD2_PATENT ); typedef struct _EFI_UNICODE_COLLATION_PROTOCOL EFI_UNICODE_COLLATION_PROTOCOL; /// -/// Protocol GUID name defined in EFI1.1. -/// -#define UNICODE_COLLATION_PROTOCOL EFI_UNICODE_COLLATION_PROTOCOL_GUID - -/// -/// Protocol defined in EFI1.1. -/// -typedef EFI_UNICODE_COLLATION_PROTOCOL UNICODE_COLLATION_INTERFACE; - -/// /// Protocol data structures and defines /// #define EFI_UNICODE_BYTE_ORDER_MARK (CHAR16) (0xfeff) @@ -182,7 +168,6 @@ struct _EFI_UNICODE_COLLATION_PROTOCOL { CHAR8 *SupportedLanguages; }; -extern EFI_GUID gEfiUnicodeCollationProtocolGuid; extern EFI_GUID gEfiUnicodeCollation2ProtocolGuid; #endif diff --git a/src/include/ipxe/efi/Protocol/Usb2HostController.h b/src/include/ipxe/efi/Protocol/Usb2HostController.h index 657918d44..4ef2a0cc6 100644 --- a/src/include/ipxe/efi/Protocol/Usb2HostController.h +++ b/src/include/ipxe/efi/Protocol/Usb2HostController.h @@ -13,6 +13,7 @@ #define _USB2_HOSTCONTROLLER_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/UsbIo.h> diff --git a/src/include/ipxe/efi/Protocol/UsbHostController.h b/src/include/ipxe/efi/Protocol/UsbHostController.h index 5336f00b3..f694b80d5 100644 --- a/src/include/ipxe/efi/Protocol/UsbHostController.h +++ b/src/include/ipxe/efi/Protocol/UsbHostController.h @@ -1,3 +1,6 @@ +#ifndef _IPXE_EFI_USBHOSTCONTROLLER_H +#define _IPXE_EFI_USBHOSTCONTROLLER_H + /** @file EFI_USB_HC_PROTOCOL as defined in EFI 1.10. @@ -14,6 +17,7 @@ #define _USB_HOSTCONTROLLER_H_ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Protocol/Usb2HostController.h> @@ -501,3 +505,5 @@ struct _EFI_USB_HC_PROTOCOL { extern EFI_GUID gEfiUsbHcProtocolGuid; #endif + +#endif /* _IPXE_EFI_USBHOSTCONTROLLER_H */ diff --git a/src/include/ipxe/efi/Protocol/UsbIo.h b/src/include/ipxe/efi/Protocol/UsbIo.h index d5f02bb17..7686f241e 100644 --- a/src/include/ipxe/efi/Protocol/UsbIo.h +++ b/src/include/ipxe/efi/Protocol/UsbIo.h @@ -14,6 +14,7 @@ #define __USB_IO_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/IndustryStandard/Usb.h> diff --git a/src/include/ipxe/efi/Protocol/VlanConfig.h b/src/include/ipxe/efi/Protocol/VlanConfig.h index 79b6bc463..aa163ab95 100644 --- a/src/include/ipxe/efi/Protocol/VlanConfig.h +++ b/src/include/ipxe/efi/Protocol/VlanConfig.h @@ -13,6 +13,7 @@ #define __EFI_VLANCONFIG_PROTOCOL_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #define EFI_VLAN_CONFIG_PROTOCOL_GUID \ { \ diff --git a/src/include/ipxe/efi/Protocol/WiFi2.h b/src/include/ipxe/efi/Protocol/WiFi2.h new file mode 100644 index 000000000..016e6f588 --- /dev/null +++ b/src/include/ipxe/efi/Protocol/WiFi2.h @@ -0,0 +1,410 @@ +/** @file + This file defines the EFI Wireless MAC Connection II Protocol. + + Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This Protocol is introduced in UEFI Specification 2.6 + +**/ + +#ifndef __EFI_WIFI2_PROTOCOL_H__ +#define __EFI_WIFI2_PROTOCOL_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +#define EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL_GUID \ + { \ + 0x1b0fb9bf, 0x699d, 0x4fdd, { 0xa7, 0xc3, 0x25, 0x46, 0x68, 0x1b, 0xf6, 0x3b } \ + } + +typedef struct _EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL; + +/// +/// EFI_80211_BSS_TYPE +/// +typedef enum { + IeeeInfrastructureBSS, + IeeeIndependentBSS, + IeeeMeshBSS, + IeeeAnyBss +} EFI_80211_BSS_TYPE; + +/// +/// EFI_80211_CONNECT_NETWORK_RESULT_CODE +/// +typedef enum { + // + // The connection establishment operation finished successfully. + // + ConnectSuccess, + // + // The connection was refused by the Network. + // + ConnectRefused, + // + // The connection establishment operation failed (i.e, Network is not + // detected). + // + ConnectFailed, + // + // The connection establishment operation was terminated on timeout. + // + ConnectFailureTimeout, + // + // The connection establishment operation failed on other reason. + // + ConnectFailedReasonUnspecified +} EFI_80211_CONNECT_NETWORK_RESULT_CODE; + +/// +/// EFI_80211_MAC_ADDRESS +/// +typedef struct { + UINT8 Addr[6]; +} EFI_80211_MAC_ADDRESS; + +#define EFI_MAX_SSID_LEN 32 + +/// +/// EFI_80211_SSID +/// +typedef struct { + // + // Length in bytes of the SSId. If zero, ignore SSId field. + // + UINT8 SSIdLen; + // + // Specifies the service set identifier. + // + UINT8 SSId[EFI_MAX_SSID_LEN]; +} EFI_80211_SSID; + +/// +/// EFI_80211_GET_NETWORKS_DATA +/// +typedef struct { + // + // The number of EFI_80211_SSID in SSIDList. If zero, SSIDList should be + // ignored. + // + UINT32 NumOfSSID; + // + // The SSIDList is a pointer to an array of EFI_80211_SSID instances. The + // number of entries is specified by NumOfSSID. The array should only include + // SSIDs of hidden networks. It is suggested that the caller inputs less than + // 10 elements in the SSIDList. It is the caller's responsibility to free + // this buffer. + // + EFI_80211_SSID SSIDList[1]; +} EFI_80211_GET_NETWORKS_DATA; + +/// +/// EFI_80211_SUITE_SELECTOR +/// +typedef struct { + // + // Organization Unique Identifier, as defined in IEEE 802.11 standard, + // usually set to 00-0F-AC. + // + UINT8 Oui[3]; + // + // Suites types, as defined in IEEE 802.11 standard. + // + UINT8 SuiteType; +} EFI_80211_SUITE_SELECTOR; + +/// +/// EFI_80211_AKM_SUITE_SELECTOR +/// +typedef struct { + // + // Indicates the number of AKM suite selectors that are contained in + // AKMSuiteList. If zero, the AKMSuiteList is ignored. + // + UINT16 AKMSuiteCount; + // + // A variable-length array of AKM suites, as defined in IEEE 802.11 standard, + // Table 8-101. The number of entries is specified by AKMSuiteCount. + // + EFI_80211_SUITE_SELECTOR AKMSuiteList[1]; +} EFI_80211_AKM_SUITE_SELECTOR; + +/// +/// EFI_80211_CIPHER_SUITE_SELECTOR +/// +typedef struct { + // + // Indicates the number of cipher suites that are contained in + // CipherSuiteList. If zero, the CipherSuiteList is ignored. + // + UINT16 CipherSuiteCount; + // + // A variable-length array of cipher suites, as defined in IEEE 802.11 + // standard, Table 8-99. The number of entries is specified by + // CipherSuiteCount. + // + EFI_80211_SUITE_SELECTOR CipherSuiteList[1]; +} EFI_80211_CIPHER_SUITE_SELECTOR; + +/// +/// EFI_80211_NETWORK +/// +typedef struct { + // + // Specifies the type of the BSS. + // + EFI_80211_BSS_TYPE BSSType; + // + // Specifies the SSID of the BSS. + // + EFI_80211_SSID SSId; + // + // Pointer to the AKM suites supported in the wireless network. + // + EFI_80211_AKM_SUITE_SELECTOR *AKMSuite; + // + // Pointer to the cipher suites supported in the wireless network. + // + EFI_80211_CIPHER_SUITE_SELECTOR *CipherSuite; +} EFI_80211_NETWORK; + +/// +/// EFI_80211_NETWORK_DESCRIPTION +/// +typedef struct { + // + // Specifies the found wireless network. + // + EFI_80211_NETWORK Network; + // + // Indicates the network quality as a value between 0 to 100, where 100 + // indicates the highest network quality. + // + UINT8 NetworkQuality; +} EFI_80211_NETWORK_DESCRIPTION; + +/// +/// EFI_80211_GET_NETWORKS_RESULT +/// +typedef struct { + // + // The number of EFI_80211_NETWORK_DESCRIPTION in NetworkDesc. If zero, + // NetworkDesc should be ignored. + // + UINT8 NumOfNetworkDesc; + // + // The NetworkDesc is a pointer to an array of EFI_80211_NETWORK_DESCRIPTION + // instances. It is caller's responsibility to free this buffer. + // + EFI_80211_NETWORK_DESCRIPTION NetworkDesc[1]; +} EFI_80211_GET_NETWORKS_RESULT; + +/// +/// EFI_80211_GET_NETWORKS_TOKEN +/// +typedef struct { + // + // If the status code returned by GetNetworks() is EFI_SUCCESS, then this + // Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully. + // EFI_NOT_FOUND: Failed to find available wireless networks. + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // EFI_NOT_READY: The operation is started but not yet completed. + // + EFI_STATUS Status; + // + // Pointer to the input data for getting networks. + // + EFI_80211_GET_NETWORKS_DATA *Data; + // + // Indicates the scan result. It is caller's responsibility to free this + // buffer. + // + EFI_80211_GET_NETWORKS_RESULT *Result; +} EFI_80211_GET_NETWORKS_TOKEN; + +/// +/// EFI_80211_CONNECT_NETWORK_DATA +/// +typedef struct { + // + // Specifies the wireless network to connect to. + // + EFI_80211_NETWORK *Network; + // + // Specifies a time limit in seconds that is optionally present, after which + // the connection establishment procedure is terminated by the UNDI driver. + // This is an optional parameter and may be 0. Values of 5 seconds or higher + // are recommended. + // + UINT32 FailureTimeout; +} EFI_80211_CONNECT_NETWORK_DATA; + +/// +/// EFI_80211_CONNECT_NETWORK_TOKEN +/// +typedef struct { + // + // If the status code returned by ConnectNetwork() is EFI_SUCCESS, then this + // Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully. + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // EFI_NOT_READY: The operation is started but not yet completed. + // + EFI_STATUS Status; + // + // Pointer to the connection data. + // + EFI_80211_CONNECT_NETWORK_DATA *Data; + // + // Indicates the connection state. + // + EFI_80211_CONNECT_NETWORK_RESULT_CODE ResultCode; +} EFI_80211_CONNECT_NETWORK_TOKEN; + +/// +/// EFI_80211_DISCONNECT_NETWORK_TOKEN +/// +typedef struct { + // + // If the status code returned by DisconnectNetwork() is EFI_SUCCESS, then + // this Event will be signaled after the Status field is updated by the EFI + // Wireless MAC Connection Protocol II driver. The type of Event must be + // EFI_NOTIFY_SIGNAL. + // + EFI_EVENT Event; + // + // Will be set to one of the following values: + // EFI_SUCCESS: The operation completed successfully + // EFI_DEVICE_ERROR: An unexpected network or system error occurred. + // EFI_ACCESS_DENIED: The operation is not completed due to some underlying + // hardware or software state. + // + EFI_STATUS Status; +} EFI_80211_DISCONNECT_NETWORK_TOKEN; + +/** + Request a survey of potential wireless networks that administrator can later + elect to try to join. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for getting wireless + network. + + @retval EFI_SUCCESS The operation started, and an event will + eventually be raised for the caller. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters is not + supported by this implementation. + @retval EFI_ALREADY_STARTED The operation of getting wireless network is + already started. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_GET_NETWORKS)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_GET_NETWORKS_TOKEN *Token + ); + +/** + Connect a wireless network specified by a particular SSID, BSS type and + Security type. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for connecting wireless + network. + + @retval EFI_SUCCESS The operation started successfully. Results + will be notified eventually. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters are not + supported by this implementation. + @retval EFI_ALREADY_STARTED The connection process is already started. + @retval EFI_NOT_FOUND The specified wireless network is not found. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_CONNECT_NETWORK)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_CONNECT_NETWORK_TOKEN *Token + ); + +/** + Request a disconnection with current connected wireless network. + + @param[in] This Pointer to the + EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL + instance. + @param[in] Token Pointer to the token for disconnecting + wireless network. + + @retval EFI_SUCCESS The operation started successfully. Results + will be notified eventually. + @retval EFI_INVALID_PARAMETER One or more of the following conditions is + TRUE: + This is NULL. + Token is NULL. + @retval EFI_UNSUPPORTED One or more of the input parameters are not + supported by this implementation. + @retval EFI_NOT_FOUND Not connected to a wireless network. + @retval EFI_OUT_OF_RESOURCES Required system resources could not be + allocated. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_WIRELESS_MAC_CONNECTION_II_DISCONNECT_NETWORK)( + IN EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL *This, + IN EFI_80211_DISCONNECT_NETWORK_TOKEN *Token + ); + +/// +/// The EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL provides network management +/// service interfaces for 802.11 network stack. It is used by network +/// applications (and drivers) to establish wireless connection with a wireless +/// network. +/// +struct _EFI_WIRELESS_MAC_CONNECTION_II_PROTOCOL { + EFI_WIRELESS_MAC_CONNECTION_II_GET_NETWORKS GetNetworks; + EFI_WIRELESS_MAC_CONNECTION_II_CONNECT_NETWORK ConnectNetwork; + EFI_WIRELESS_MAC_CONNECTION_II_DISCONNECT_NETWORK DisconnectNetwork; +}; + +extern EFI_GUID gEfiWiFi2ProtocolGuid; + +#endif diff --git a/src/include/ipxe/efi/RiscV64/ProcessorBind.h b/src/include/ipxe/efi/RiscV64/ProcessorBind.h new file mode 100644 index 000000000..7b3122fc2 --- /dev/null +++ b/src/include/ipxe/efi/RiscV64/ProcessorBind.h @@ -0,0 +1,176 @@ +/** @file + Processor or Compiler specific defines and types for RISC-V + + Copyright (c) 2016 - 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PROCESSOR_BIND_H__ +#define PROCESSOR_BIND_H__ + +FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); + +/// +/// Define the processor type so other code can make processor based choices +/// +#define MDE_CPU_RISCV64 + +// +// Make sure we are using the correct packing rules per EFI specification +// +#if !defined (__GNUC__) + #pragma pack() +#endif + +/// +/// 8-byte unsigned value +/// +typedef unsigned long long UINT64 __attribute__ ((aligned (8))); +/// +/// 8-byte signed value +/// +typedef long long INT64 __attribute__ ((aligned (8))); +/// +/// 4-byte unsigned value +/// +typedef unsigned int UINT32 __attribute__ ((aligned (4))); +/// +/// 4-byte signed value +/// +typedef int INT32 __attribute__ ((aligned (4))); +/// +/// 2-byte unsigned value +/// +typedef unsigned short UINT16 __attribute__ ((aligned (2))); +/// +/// 2-byte Character. Unless otherwise specified all strings are stored in the +/// UTF-16 encoding format as defined by Unicode 2.1 and ISO/IEC 10646 standards. +/// +typedef unsigned short CHAR16 __attribute__ ((aligned (2))); +/// +/// 2-byte signed value +/// +typedef short INT16 __attribute__ ((aligned (2))); +/// +/// Logical Boolean. 1-byte value containing 0 for FALSE or a 1 for TRUE. Other +/// values are undefined. +/// +typedef unsigned char BOOLEAN; +/// +/// 1-byte unsigned value +/// +typedef unsigned char UINT8; +/// +/// 1-byte Character +/// +typedef char CHAR8; +/// +/// 1-byte signed value +/// +typedef signed char INT8; +/// +/// Unsigned value of native width. (4 bytes on supported 32-bit processor instructions, +/// 8 bytes on supported 64-bit processor instructions) +/// +typedef UINT64 UINTN __attribute__ ((aligned (8))); +/// +/// Signed value of native width. (4 bytes on supported 32-bit processor instructions, +/// 8 bytes on supported 64-bit processor instructions) +/// +typedef INT64 INTN __attribute__ ((aligned (8))); + +// +// Processor specific defines +// + +/// +/// A value of native width with the highest bit set. +/// +#define MAX_BIT 0x8000000000000000ULL +/// +/// A value of native width with the two highest bits set. +/// +#define MAX_2_BITS 0xC000000000000000ULL + +/// +/// Maximum legal RV64 address +/// +#define MAX_ADDRESS 0xFFFFFFFFFFFFFFFFULL + +/// +/// Maximum usable address at boot time (48 bits using 4 KB pages in Supervisor mode) +/// +#define MAX_ALLOC_ADDRESS 0xFFFFFFFFFFFFULL + +/// +/// Maximum legal RISC-V INTN and UINTN values. +/// +#define MAX_INTN ((INTN)0x7FFFFFFFFFFFFFFFULL) +#define MAX_UINTN ((UINTN)0xFFFFFFFFFFFFFFFFULL) + +/// +/// The stack alignment required for RISC-V +/// +#define CPU_STACK_ALIGNMENT 16 + +/// +/// Page allocation granularity for RISC-V +/// +#define DEFAULT_PAGE_ALLOCATION_GRANULARITY (0x1000) +#define RUNTIME_PAGE_ALLOCATION_GRANULARITY (0x1000) + +// +// Modifier to ensure that all protocol member functions and EFI intrinsics +// use the correct C calling convention. All protocol member functions and +// EFI intrinsics are required to modify their member functions with EFIAPI. +// +#ifdef EFIAPI +/// +/// If EFIAPI is already defined, then we use that definition. +/// +#elif defined (__GNUC__) +/// +/// Define the standard calling convention regardless of optimization level +/// The GCC support assumes a GCC compiler that supports the EFI ABI. The EFI +/// ABI is much closer to the x64 Microsoft* ABI than standard x64 (x86-64) +/// GCC ABI. Thus a standard x64 (x86-64) GCC compiler can not be used for +/// x64. Warning the assembly code in the MDE x64 does not follow the correct +/// ABI for the standard x64 (x86-64) GCC. +/// +#define EFIAPI +#else +/// +/// The default for a non Microsoft* or GCC compiler is to assume the EFI ABI +/// is the standard. +/// +#define EFIAPI +#endif + +#if defined (__GNUC__) +/// +/// For GNU assembly code, .global or .globl can declare global symbols. +/// Define this macro to unify the usage. +/// +#define ASM_GLOBAL .globl +#endif + +/** + Return the pointer to the first instruction of a function given a function pointer. + On x64 CPU architectures, these two pointer values are the same, + so the implementation of this macro is very simple. + + @param FunctionPointer A pointer to a function. + + @return The pointer to the first instruction of a function given a function pointer. + +**/ +#define FUNCTION_ENTRY_POINT(FunctionPointer) (VOID *)(UINTN)(FunctionPointer) + +#ifndef __USER_LABEL_PREFIX__ +#define __USER_LABEL_PREFIX__ +#endif + +#endif diff --git a/src/include/ipxe/efi/Uefi.h b/src/include/ipxe/efi/Uefi.h index 2a9973df9..4b8aad331 100644 --- a/src/include/ipxe/efi/Uefi.h +++ b/src/include/ipxe/efi/Uefi.h @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __PI_UEFI_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiBaseType.h> #include <ipxe/efi/Uefi/UefiSpec.h> diff --git a/src/include/ipxe/efi/Uefi/UefiBaseType.h b/src/include/ipxe/efi/Uefi/UefiBaseType.h index bf3aa9bb2..80560ed97 100644 --- a/src/include/ipxe/efi/Uefi/UefiBaseType.h +++ b/src/include/ipxe/efi/Uefi/UefiBaseType.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_BASETYPE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Base.h> @@ -235,11 +236,6 @@ typedef union { #define EFI_IMAGE_MACHINE_X64 0x8664 /// -/// PE32+ Machine type for ARM mixed ARM and Thumb/Thumb2 images. -/// -#define EFI_IMAGE_MACHINE_ARMTHUMB_MIXED 0x01C2 - -/// /// PE32+ Machine type for AARCH64 A64 images. /// #define EFI_IMAGE_MACHINE_AARCH64 0xAA64 @@ -272,12 +268,6 @@ typedef union { #define EFI_IMAGE_MACHINE_CROSS_TYPE_SUPPORTED(Machine) ((Machine) == EFI_IMAGE_MACHINE_IA32) - #elif defined (MDE_CPU_ARM) - -#define EFI_IMAGE_MACHINE_TYPE_SUPPORTED(Machine) ((Machine) == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED) - -#define EFI_IMAGE_MACHINE_CROSS_TYPE_SUPPORTED(Machine) (FALSE) - #elif defined (MDE_CPU_AARCH64) #define EFI_IMAGE_MACHINE_TYPE_SUPPORTED(Machine) \ diff --git a/src/include/ipxe/efi/Uefi/UefiGpt.h b/src/include/ipxe/efi/Uefi/UefiGpt.h index 38eff7df5..4699edee5 100644 --- a/src/include/ipxe/efi/Uefi/UefiGpt.h +++ b/src/include/ipxe/efi/Uefi/UefiGpt.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_GPT_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// The primary GUID Partition Table Header must be diff --git a/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h b/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h index 36468e022..700cb4693 100644 --- a/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h +++ b/src/include/ipxe/efi/Uefi/UefiInternalFormRepresentation.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_INTERNAL_FORMREPRESENTATION_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Guid/HiiFormMapMethodGuid.h> @@ -1698,7 +1699,17 @@ typedef enum { EfiKeyF12, EfiKeyPrint, EfiKeySLck, - EfiKeyPause + EfiKeyPause, + EfiKeyIntl0, + EfiKeyIntl1, + EfiKeyIntl2, + EfiKeyIntl3, + EfiKeyIntl4, + EfiKeyIntl5, + EfiKeyIntl6, + EfiKeyIntl7, + EfiKeyIntl8, + EfiKeyIntl9 } EFI_KEY; typedef struct { diff --git a/src/include/ipxe/efi/Uefi/UefiMultiPhase.h b/src/include/ipxe/efi/Uefi/UefiMultiPhase.h index 4ac760469..9584f152d 100644 --- a/src/include/ipxe/efi/Uefi/UefiMultiPhase.h +++ b/src/include/ipxe/efi/Uefi/UefiMultiPhase.h @@ -10,6 +10,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_MULTIPHASE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Attributes of variable. @@ -110,7 +111,22 @@ typedef enum { /// by a corresponding call to the underlying isolation architecture. /// EfiUnacceptedMemoryType, - EfiMaxMemoryType + EfiMaxMemoryType, + // + // +---------------------------------------------------+ + // | 0..(EfiMaxMemoryType - 1) - Normal memory type | + // +---------------------------------------------------+ + // | EfiMaxMemoryType..0x6FFFFFFF - Invalid | + // +---------------------------------------------------+ + // | 0x70000000..0x7FFFFFFF - OEM reserved | + // +---------------------------------------------------+ + // | 0x80000000..0xFFFFFFFF - OS reserved | + // +---------------------------------------------------+ + // + MEMORY_TYPE_OEM_RESERVED_MIN = 0x70000000, + MEMORY_TYPE_OEM_RESERVED_MAX = 0x7FFFFFFF, + MEMORY_TYPE_OS_RESERVED_MIN = 0x80000000, + MEMORY_TYPE_OS_RESERVED_MAX = 0xFFFFFFFF } EFI_MEMORY_TYPE; /// diff --git a/src/include/ipxe/efi/Uefi/UefiPxe.h b/src/include/ipxe/efi/Uefi/UefiPxe.h index b4366eda5..54c90f19c 100644 --- a/src/include/ipxe/efi/Uefi/UefiPxe.h +++ b/src/include/ipxe/efi/Uefi/UefiPxe.h @@ -16,6 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __EFI_PXE_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #pragma pack(1) diff --git a/src/include/ipxe/efi/Uefi/UefiSpec.h b/src/include/ipxe/efi/Uefi/UefiSpec.h index cc166fc34..824e8dba6 100644 --- a/src/include/ipxe/efi/Uefi/UefiSpec.h +++ b/src/include/ipxe/efi/Uefi/UefiSpec.h @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define __UEFI_SPEC_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/Uefi/UefiMultiPhase.h> @@ -108,6 +109,16 @@ typedef enum { #define EFI_MEMORY_CPU_CRYPTO 0x0000000000080000ULL // +// If this flag is set, the memory region is present and capable of having +// memory dynamically removed from the platform. This attribute serves as +// a hint to the OS prior to its ACPI subsystem initialization to avoid +// allocating this memory for core OS data or code that cannot be dynamically +// relocated at runtime. If this flag is clear, the memory region is not +// capable of being dynamically removed from the platform at runtime. +// +#define EFI_MEMORY_HOT_PLUGGABLE 0x0000000000100000 + +// // Runtime memory attribute // #define EFI_MEMORY_RUNTIME 0x8000000000000000ULL @@ -1841,21 +1852,24 @@ EFI_STATUS // // EFI Runtime Services Table // -#define EFI_SYSTEM_TABLE_SIGNATURE SIGNATURE_64 ('I','B','I',' ','S','Y','S','T') -#define EFI_2_80_SYSTEM_TABLE_REVISION ((2 << 16) | (80)) -#define EFI_2_70_SYSTEM_TABLE_REVISION ((2 << 16) | (70)) -#define EFI_2_60_SYSTEM_TABLE_REVISION ((2 << 16) | (60)) -#define EFI_2_50_SYSTEM_TABLE_REVISION ((2 << 16) | (50)) -#define EFI_2_40_SYSTEM_TABLE_REVISION ((2 << 16) | (40)) -#define EFI_2_31_SYSTEM_TABLE_REVISION ((2 << 16) | (31)) -#define EFI_2_30_SYSTEM_TABLE_REVISION ((2 << 16) | (30)) -#define EFI_2_20_SYSTEM_TABLE_REVISION ((2 << 16) | (20)) -#define EFI_2_10_SYSTEM_TABLE_REVISION ((2 << 16) | (10)) -#define EFI_2_00_SYSTEM_TABLE_REVISION ((2 << 16) | (00)) -#define EFI_1_10_SYSTEM_TABLE_REVISION ((1 << 16) | (10)) -#define EFI_1_02_SYSTEM_TABLE_REVISION ((1 << 16) | (02)) -#define EFI_SYSTEM_TABLE_REVISION EFI_2_70_SYSTEM_TABLE_REVISION -#define EFI_SPECIFICATION_VERSION EFI_SYSTEM_TABLE_REVISION +#define EFI_SYSTEM_TABLE_SIGNATURE SIGNATURE_64 ('I','B','I',' ','S','Y','S','T') +#define EFI_2_110_SYSTEM_TABLE_REVISION ((2 << 16) | (110)) +#define EFI_2_100_SYSTEM_TABLE_REVISION ((2 << 16) | (100)) +#define EFI_2_90_SYSTEM_TABLE_REVISION ((2 << 16) | (90)) +#define EFI_2_80_SYSTEM_TABLE_REVISION ((2 << 16) | (80)) +#define EFI_2_70_SYSTEM_TABLE_REVISION ((2 << 16) | (70)) +#define EFI_2_60_SYSTEM_TABLE_REVISION ((2 << 16) | (60)) +#define EFI_2_50_SYSTEM_TABLE_REVISION ((2 << 16) | (50)) +#define EFI_2_40_SYSTEM_TABLE_REVISION ((2 << 16) | (40)) +#define EFI_2_31_SYSTEM_TABLE_REVISION ((2 << 16) | (31)) +#define EFI_2_30_SYSTEM_TABLE_REVISION ((2 << 16) | (30)) +#define EFI_2_20_SYSTEM_TABLE_REVISION ((2 << 16) | (20)) +#define EFI_2_10_SYSTEM_TABLE_REVISION ((2 << 16) | (10)) +#define EFI_2_00_SYSTEM_TABLE_REVISION ((2 << 16) | (00)) +#define EFI_1_10_SYSTEM_TABLE_REVISION ((1 << 16) | (10)) +#define EFI_1_02_SYSTEM_TABLE_REVISION ((1 << 16) | (02)) +#define EFI_SYSTEM_TABLE_REVISION EFI_2_70_SYSTEM_TABLE_REVISION +#define EFI_SPECIFICATION_VERSION EFI_SYSTEM_TABLE_REVISION #define EFI_RUNTIME_SERVICES_SIGNATURE SIGNATURE_64 ('R','U','N','T','S','E','R','V') #define EFI_RUNTIME_SERVICES_REVISION EFI_SPECIFICATION_VERSION @@ -2044,7 +2058,8 @@ typedef struct { UINT32 FirmwareRevision; /// /// The handle for the active console input device. This handle must support - /// EFI_SIMPLE_TEXT_INPUT_PROTOCOL and EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL. + /// EFI_SIMPLE_TEXT_INPUT_PROTOCOL and EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL. If + /// there is no active console, these protocols must still be present. /// EFI_HANDLE ConsoleInHandle; /// @@ -2053,7 +2068,9 @@ typedef struct { /// EFI_SIMPLE_TEXT_INPUT_PROTOCOL *ConIn; /// - /// The handle for the active console output device. + /// The handle for the active console output device. This handle must support the + /// EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL. If there is no active console, these protocols + /// must still be present. /// EFI_HANDLE ConsoleOutHandle; /// @@ -2063,7 +2080,8 @@ typedef struct { EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL *ConOut; /// /// The handle for the active standard error console device. - /// This handle must support the EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL. + /// This handle must support the EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL. If there + /// is no active console, this protocol must still be present. /// EFI_HANDLE StandardErrorHandle; /// @@ -2252,7 +2270,7 @@ typedef struct { #define EFI_REMOVABLE_MEDIA_FILE_NAME_IA32 L"\\EFI\\BOOT\\BOOTIA32.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_IA64 L"\\EFI\\BOOT\\BOOTIA64.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_X64 L"\\EFI\\BOOT\\BOOTX64.EFI" -#define EFI_REMOVABLE_MEDIA_FILE_NAME_ARM L"\\EFI\\BOOT\\BOOTARM.EFI" +#define EFI_REMOVABLE_MEDIA_FILE_NAME_EBC L"\\EFI\\BOOT\\BOOTARM.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_AARCH64 L"\\EFI\\BOOT\\BOOTAA64.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_RISCV64 L"\\EFI\\BOOT\\BOOTRISCV64.EFI" #define EFI_REMOVABLE_MEDIA_FILE_NAME_LOONGARCH64 L"\\EFI\\BOOT\\BOOTLOONGARCH64.EFI" @@ -2263,8 +2281,7 @@ typedef struct { #elif defined (MDE_CPU_X64) #define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_X64 #elif defined (MDE_CPU_EBC) - #elif defined (MDE_CPU_ARM) -#define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_ARM +#define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_EBC #elif defined (MDE_CPU_AARCH64) #define EFI_REMOVABLE_MEDIA_FILE_NAME EFI_REMOVABLE_MEDIA_FILE_NAME_AARCH64 #elif defined (MDE_CPU_RISCV64) diff --git a/src/include/ipxe/efi/X64/ProcessorBind.h b/src/include/ipxe/efi/X64/ProcessorBind.h index 062a77ba7..fd8c04484 100644 --- a/src/include/ipxe/efi/X64/ProcessorBind.h +++ b/src/include/ipxe/efi/X64/ProcessorBind.h @@ -10,6 +10,7 @@ #define __PROCESSOR_BIND_H__ FILE_LICENCE ( BSD2_PATENT ); +FILE_SECBOOT ( PERMITTED ); /// /// Define the processor type so other code can make processor based choices diff --git a/src/include/ipxe/efi/efi.h b/src/include/ipxe/efi/efi.h index 2137b824d..9554a6ad7 100644 --- a/src/include/ipxe/efi/efi.h +++ b/src/include/ipxe/efi/efi.h @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER ); +FILE_SECBOOT ( PERMITTED ); /* EFI headers rudely redefine NULL */ #undef NULL @@ -39,10 +40,10 @@ FILE_LICENCE ( GPL2_OR_LATER ); #define EFIAPI __attribute__((cdecl,regparm(0))) #endif -/* EFI headers define EFI_HANDLE as a void pointer, which renders type - * checking somewhat useless. Work around this bizarre sabotage - * attempt by redefining EFI_HANDLE as a pointer to an anonymous - * structure. +/* EFI headers define EFI_HANDLE and EFI_EVENT as void pointers, which + * renders type checking somewhat useless. Work around this bizarre + * sabotage attempt by redefining both as pointers to anonymous + * structures. * * EFI headers perform some ABI validation checks via _Static_assert() * that may fail when EFI headers are included on a non-EFI platform. @@ -50,13 +51,16 @@ FILE_LICENCE ( GPL2_OR_LATER ); * included. */ #define EFI_HANDLE STUPID_EFI_HANDLE +#define EFI_EVENT STUPID_EFI_EVENT #ifndef PLATFORM_efi #define _Static_assert(expr, msg) #endif #include <ipxe/efi/Uefi/UefiBaseType.h> #undef EFI_HANDLE +#undef EFI_EVENT #undef _Static_assert typedef struct {} *EFI_HANDLE; +typedef struct {} *EFI_EVENT; /* Include the top-level EFI header files */ #include <ipxe/efi/Uefi.h> @@ -172,6 +176,7 @@ struct efi_config_table { extern EFI_GUID efi_absolute_pointer_protocol_guid; extern EFI_GUID efi_acpi_table_protocol_guid; +extern EFI_GUID efi_adapter_information_protocol_guid; extern EFI_GUID efi_apple_net_boot_protocol_guid; extern EFI_GUID efi_arp_protocol_guid; extern EFI_GUID efi_arp_service_binding_protocol_guid; @@ -192,6 +197,7 @@ extern EFI_GUID efi_dns4_service_binding_protocol_guid; extern EFI_GUID efi_dns6_protocol_guid; extern EFI_GUID efi_dns6_service_binding_protocol_guid; extern EFI_GUID efi_driver_binding_protocol_guid; +extern EFI_GUID efi_eap_configuration_protocol_guid; extern EFI_GUID efi_graphics_output_protocol_guid; extern EFI_GUID efi_hii_config_access_protocol_guid; extern EFI_GUID efi_hii_font_protocol_guid; @@ -219,6 +225,7 @@ extern EFI_GUID efi_nii31_protocol_guid; extern EFI_GUID efi_pci_io_protocol_guid; extern EFI_GUID efi_pci_root_bridge_io_protocol_guid; extern EFI_GUID efi_pxe_base_code_protocol_guid; +extern EFI_GUID efi_rng_protocol_guid; extern EFI_GUID efi_serial_io_protocol_guid; extern EFI_GUID efi_shim_lock_protocol_guid; extern EFI_GUID efi_simple_file_system_protocol_guid; @@ -227,7 +234,10 @@ extern EFI_GUID efi_simple_pointer_protocol_guid; extern EFI_GUID efi_simple_text_input_protocol_guid; extern EFI_GUID efi_simple_text_input_ex_protocol_guid; extern EFI_GUID efi_simple_text_output_protocol_guid; +extern EFI_GUID efi_storage_security_command_protocol_guid; +extern EFI_GUID efi_supplicant_protocol_guid; extern EFI_GUID efi_tcg_protocol_guid; +extern EFI_GUID efi_tcg2_protocol_guid; extern EFI_GUID efi_tcp4_protocol_guid; extern EFI_GUID efi_tcp4_service_binding_protocol_guid; extern EFI_GUID efi_tcp6_protocol_guid; @@ -243,9 +253,21 @@ extern EFI_GUID efi_usb_hc_protocol_guid; extern EFI_GUID efi_usb2_hc_protocol_guid; extern EFI_GUID efi_usb_io_protocol_guid; extern EFI_GUID efi_vlan_config_protocol_guid; +extern EFI_GUID efi_wifi2_protocol_guid; +extern EFI_GUID efi_acpi_10_table_guid; +extern EFI_GUID efi_acpi_20_table_guid; +extern EFI_GUID efi_fdt_table_guid; +extern EFI_GUID efi_smbios_table_guid; +extern EFI_GUID efi_smbios2_table_guid; + +extern EFI_GUID efi_cert_x509_guid; extern EFI_GUID efi_file_info_id; extern EFI_GUID efi_file_system_info_id; +extern EFI_GUID efi_global_variable; +extern EFI_GUID efi_image_security_database_guid; +extern EFI_GUID efi_microsoft_vendor_guid; +extern EFI_GUID efi_tls_ca_certificate_guid; extern EFI_HANDLE efi_image_handle; extern EFI_LOADED_IMAGE_PROTOCOL *efi_loaded_image; @@ -258,6 +280,8 @@ extern int efi_shutdown_in_progress; extern const __attribute__ (( pure )) char * efi_guid_ntoa ( CONST EFI_GUID *guid ); extern const __attribute__ (( pure )) char * +efi_tpl_name ( EFI_TPL tpl ); +extern const __attribute__ (( pure )) char * efi_locate_search_type_name ( EFI_LOCATE_SEARCH_TYPE search_type ); extern const __attribute__ (( pure )) char * efi_open_attributes_name ( unsigned int attributes ); @@ -384,5 +408,90 @@ extern EFI_STATUS efi_init ( EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *systab ); extern void efi_raise_tpl ( struct efi_saved_tpl *tpl ); extern void efi_restore_tpl ( struct efi_saved_tpl *tpl ); +extern int efi_open_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + void **interface ); +extern int efi_open_unsafe_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + void **interface ); +extern void efi_close_unsafe ( EFI_HANDLE handle, EFI_GUID *protocol ); +extern int efi_open_by_driver_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + void **interface ); +extern void efi_close_by_driver ( EFI_HANDLE handle, EFI_GUID *protocol ); +extern int efi_open_by_child_untyped ( EFI_HANDLE handle, EFI_GUID *protocol, + EFI_HANDLE child, void **interface ); +extern void efi_close_by_child ( EFI_HANDLE handle, EFI_GUID *protocol, + EFI_HANDLE child ); +extern int efi_connect ( EFI_HANDLE device, EFI_HANDLE driver ); +extern int efi_disconnect ( EFI_HANDLE device, EFI_HANDLE driver ); + +/** + * Test protocol existence + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @ret rc Return status code + */ +#define efi_test( handle, protocol ) \ + efi_open_untyped ( (handle), (protocol), NULL ) + +/** + * Open protocol for ephemeral use + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open( handle, protocol, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_untyped ( (handle), (protocol), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) + +/** + * Open protocol for unsafe persistent use + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open_unsafe( handle, protocol, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_unsafe_untyped ( (handle), (protocol), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) + +/** + * Open protocol for persistent use by a driver + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open_by_driver( handle, protocol, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_by_driver_untyped ( (handle), (protocol), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) + +/** + * Open protocol for persistent use by a child controller + * + * @v handle EFI handle + * @v protocol Protocol GUID + * @v child Child controller handle + * @v interface Protocol interface pointer to fill in + * @ret rc Return status code + */ +#define efi_open_by_child( handle, protocol, child, interface ) ( { \ + typeof ( *(interface) ) check_ptr_ptr = NULL; \ + efi_open_by_child_untyped ( (handle), (protocol), (child), \ + ( ( void ) check_ptr_ptr, \ + ( void ** ) (interface) ) ); \ + } ) #endif /* _IPXE_EFI_H */ diff --git a/src/include/ipxe/efi/efi_acpi.h b/src/include/ipxe/efi/efi_acpi.h index a698863a6..d11ae95b1 100644 --- a/src/include/ipxe/efi/efi_acpi.h +++ b/src/include/ipxe/efi/efi_acpi.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef ACPI_EFI #define ACPI_PREFIX_efi @@ -20,9 +21,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * * @v signature Requested table signature * @v index Requested index of table with this signature - * @ret table Table, or UNULL if not found + * @ret table Table, or NULL if not found */ -static inline __attribute__ (( always_inline )) userptr_t +static inline __attribute__ (( always_inline )) const struct acpi_header * ACPI_INLINE ( efi, acpi_find ) ( uint32_t signature, unsigned int index ) { return acpi_find_via_rsdt ( signature, index ); diff --git a/src/include/ipxe/efi/efi_autoboot.h b/src/include/ipxe/efi/efi_autoboot.h index 94fd2d766..29b80fd86 100644 --- a/src/include/ipxe/efi/efi_autoboot.h +++ b/src/include/ipxe/efi/efi_autoboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_autoexec.h b/src/include/ipxe/efi/efi_autoexec.h index 18bc4200c..1e68daeee 100644 --- a/src/include/ipxe/efi/efi_autoexec.h +++ b/src/include/ipxe/efi/efi_autoexec.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int efi_autoexec_load ( void ); diff --git a/src/include/ipxe/efi/efi_block.h b/src/include/ipxe/efi/efi_block.h index f8cf7fc13..b010d71a3 100644 --- a/src/include/ipxe/efi/efi_block.h +++ b/src/include/ipxe/efi/efi_block.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef SANBOOT_EFI #define SANBOOT_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_cachedhcp.h b/src/include/ipxe/efi/efi_cachedhcp.h index 5968a1ea2..86164f463 100644 --- a/src/include/ipxe/efi/efi_cachedhcp.h +++ b/src/include/ipxe/efi/efi_cachedhcp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_cmdline.h b/src/include/ipxe/efi/efi_cmdline.h index 45abd5493..ed43d71a7 100644 --- a/src/include/ipxe/efi/efi_cmdline.h +++ b/src/include/ipxe/efi/efi_cmdline.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> #include <wchar.h> diff --git a/src/include/ipxe/efi/efi_download.h b/src/include/ipxe/efi/efi_download.h index 740fcadf5..ca96efae2 100644 --- a/src/include/ipxe/efi/efi_download.h +++ b/src/include/ipxe/efi/efi_download.h @@ -20,6 +20,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER ); +FILE_SECBOOT ( PERMITTED ); /** @file * diff --git a/src/include/ipxe/efi/efi_driver.h b/src/include/ipxe/efi/efi_driver.h index 7b64e1e0b..f373e47d3 100644 --- a/src/include/ipxe/efi/efi_driver.h +++ b/src/include/ipxe/efi/efi_driver.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/device.h> #include <ipxe/tables.h> @@ -34,6 +35,13 @@ struct efi_driver { /** Name */ const char *name; /** + * Exclude existing drivers + * + * @v device EFI device handle + * @ret rc Return status code + */ + int ( * exclude ) ( EFI_HANDLE device ); + /** * Check if driver supports device * * @v device EFI device handle @@ -62,8 +70,10 @@ struct efi_driver { #define __efi_driver( order ) __table_entry ( EFI_DRIVERS, order ) #define EFI_DRIVER_EARLY 01 /**< Early drivers */ -#define EFI_DRIVER_NORMAL 02 /**< Normal drivers */ -#define EFI_DRIVER_LATE 03 /**< Late drivers */ +#define EFI_DRIVER_HARDWARE 02 /**< Hardware drivers */ +#define EFI_DRIVER_NII 03 /**< NII protocol drivers */ +#define EFI_DRIVER_SNP 04 /**< SNP protocol drivers */ +#define EFI_DRIVER_MNP 05 /**< MNP protocol drivers */ /** * Set EFI driver-private data @@ -91,6 +101,7 @@ extern void efidev_free ( struct efi_device *efidev ); extern struct efi_device * efidev_parent ( struct device *dev ); extern int efi_driver_install ( void ); extern void efi_driver_uninstall ( void ); +extern int efi_driver_exclude ( EFI_HANDLE device, EFI_GUID *protocol ); extern int efi_driver_connect_all ( void ); extern void efi_driver_disconnect_all ( void ); extern void efi_driver_reconnect_all ( void ); diff --git a/src/include/ipxe/efi/efi_fdt.h b/src/include/ipxe/efi/efi_fdt.h new file mode 100644 index 000000000..644e6ddf9 --- /dev/null +++ b/src/include/ipxe/efi/efi_fdt.h @@ -0,0 +1,18 @@ +#ifndef _IPXE_EFI_FDT_H +#define _IPXE_EFI_FDT_H + +/** @file + * + * EFI Flattened Device Tree + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/efi.h> + +extern int efi_fdt_install ( const char *cmdline ); +extern int efi_fdt_uninstall ( void ); + +#endif /* _IPXE_EFI_FDT_H */ diff --git a/src/include/ipxe/efi/efi_file.h b/src/include/ipxe/efi/efi_file.h index 79c073cf1..bf14297a1 100644 --- a/src/include/ipxe/efi/efi_file.h +++ b/src/include/ipxe/efi/efi_file.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int efi_file_install ( EFI_HANDLE handle ); extern void efi_file_uninstall ( EFI_HANDLE handle ); diff --git a/src/include/ipxe/efi/efi_hii.h b/src/include/ipxe/efi/efi_hii.h index bbec31194..8a001723f 100644 --- a/src/include/ipxe/efi/efi_hii.h +++ b/src/include/ipxe/efi/efi_hii.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <string.h> #include <ipxe/efi/Uefi/UefiInternalFormRepresentation.h> diff --git a/src/include/ipxe/efi/efi_image.h b/src/include/ipxe/efi/efi_image.h index 0fc0402b1..7fd2e2894 100644 --- a/src/include/ipxe/efi/efi_image.h +++ b/src/include/ipxe/efi/efi_image.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/image.h> diff --git a/src/include/ipxe/efi/efi_nap.h b/src/include/ipxe/efi/efi_nap.h new file mode 100644 index 000000000..6c01072c3 --- /dev/null +++ b/src/include/ipxe/efi/efi_nap.h @@ -0,0 +1,19 @@ +#ifndef _IPXE_EFI_NAP_H +#define _IPXE_EFI_NAP_H + +/** @file + * + * CPU sleeping + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#ifdef NAP_EFI +#define NAP_PREFIX_efi +#else +#define NAP_PREFIX_efi __efi_ +#endif + +#endif /* _IPXE_EFI_NAP_H */ diff --git a/src/include/ipxe/efi/efi_null.h b/src/include/ipxe/efi/efi_null.h index d23d36349..e81545485 100644 --- a/src/include/ipxe/efi/efi_null.h +++ b/src/include/ipxe/efi/efi_null.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> #include <ipxe/efi/Protocol/AppleNetBoot.h> diff --git a/src/include/ipxe/efi/efi_path.h b/src/include/ipxe/efi/efi_path.h index 57fce4028..f68d782fb 100644 --- a/src/include/ipxe/efi/efi_path.h +++ b/src/include/ipxe/efi/efi_path.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/interface.h> #include <ipxe/efi/efi.h> @@ -43,6 +44,7 @@ efi_path_prev ( EFI_DEVICE_PATH_PROTOCOL *path, extern EFI_DEVICE_PATH_PROTOCOL * efi_path_end ( EFI_DEVICE_PATH_PROTOCOL *path ); extern size_t efi_path_len ( EFI_DEVICE_PATH_PROTOCOL *path ); +extern int efi_path_check ( EFI_DEVICE_PATH_PROTOCOL *path, size_t max ); extern void * efi_path_mac ( EFI_DEVICE_PATH_PROTOCOL *path ); extern unsigned int efi_path_vlan ( EFI_DEVICE_PATH_PROTOCOL *path ); extern int efi_path_guid ( EFI_DEVICE_PATH_PROTOCOL *path, union uuid *uuid ); @@ -58,6 +60,10 @@ extern EFI_DEVICE_PATH_PROTOCOL * efi_fcp_path ( struct fcp_description *desc ); extern EFI_DEVICE_PATH_PROTOCOL * efi_ib_srp_path ( struct ib_srp_device *ib_srp ); extern EFI_DEVICE_PATH_PROTOCOL * efi_usb_path ( struct usb_function *func ); +extern EFI_DEVICE_PATH_PROTOCOL * efi_load_path ( EFI_LOAD_OPTION *load, + size_t len ); +extern EFI_DEVICE_PATH_PROTOCOL * efi_boot_path ( unsigned int number ); +extern EFI_DEVICE_PATH_PROTOCOL * efi_current_boot_path ( void ); extern EFI_DEVICE_PATH_PROTOCOL * efi_describe ( struct interface *interface ); #define efi_describe_TYPE( object_type ) \ diff --git a/src/include/ipxe/efi/efi_pci.h b/src/include/ipxe/efi/efi_pci.h index 2ea1a8f0e..670fb7d7a 100644 --- a/src/include/ipxe/efi/efi_pci.h +++ b/src/include/ipxe/efi/efi_pci.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/pci.h> #include <ipxe/efi/efi.h> @@ -25,9 +26,6 @@ struct efi_pci_device { EFI_PCI_IO_PROTOCOL *io; }; -extern int efipci_open ( EFI_HANDLE device, UINT32 attributes, - struct efi_pci_device *efipci ); -extern void efipci_close ( EFI_HANDLE device ); extern int efipci_info ( EFI_HANDLE device, struct efi_pci_device *efipci ); #endif /* _IPXE_EFI_PCI_H */ diff --git a/src/include/ipxe/efi/efi_pci_api.h b/src/include/ipxe/efi/efi_pci_api.h index cf5e1d020..474555871 100644 --- a/src/include/ipxe/efi/efi_pci_api.h +++ b/src/include/ipxe/efi/efi_pci_api.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef PCIAPI_EFI #define PCIAPI_PREFIX_efi @@ -33,17 +34,14 @@ extern int efipci_write ( struct pci_device *pci, unsigned long location, unsigned long value ); /** - * Find next PCI bus:dev.fn address range in system + * Check if PCI bus probing is allowed * - * @v busdevfn Starting PCI bus:dev.fn address - * @v range PCI bus:dev.fn address range to fill in + * @v pci PCI device + * @ret ok Bus probing is allowed */ -static inline __always_inline void -PCIAPI_INLINE ( efi, pci_discover ) ( uint32_t busdevfn __unused, - struct pci_range *range ) { - - /* EFI does not want us to scan the PCI bus ourselves */ - range->count = 0; +static inline __always_inline int +PCIAPI_INLINE ( efi, pci_can_probe ) ( struct pci_device *pci __unused ) { + return 0; } /** diff --git a/src/include/ipxe/efi/efi_pxe.h b/src/include/ipxe/efi/efi_pxe.h index b356f3789..d9aac455c 100644 --- a/src/include/ipxe/efi/efi_pxe.h +++ b/src/include/ipxe/efi/efi_pxe.h @@ -10,6 +10,7 @@ #include <ipxe/netdevice.h> FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern int efi_pxe_install ( EFI_HANDLE handle, struct net_device *netdev ); extern void efi_pxe_uninstall ( EFI_HANDLE handle ); diff --git a/src/include/ipxe/efi/efi_reboot.h b/src/include/ipxe/efi/efi_reboot.h index 249cae8c5..8eb38f271 100644 --- a/src/include/ipxe/efi/efi_reboot.h +++ b/src/include/ipxe/efi/efi_reboot.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef REBOOT_EFI #define REBOOT_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_service.h b/src/include/ipxe/efi/efi_service.h index ca4c7b2a4..2c5bc8fe9 100644 --- a/src/include/ipxe/efi/efi_service.h +++ b/src/include/ipxe/efi/efi_service.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_shim.h b/src/include/ipxe/efi/efi_shim.h index 21f24315a..d205dec6d 100644 --- a/src/include/ipxe/efi/efi_shim.h +++ b/src/include/ipxe/efi/efi_shim.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/image.h> #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_siglist.h b/src/include/ipxe/efi/efi_siglist.h new file mode 100644 index 000000000..f2a2fcfd0 --- /dev/null +++ b/src/include/ipxe/efi/efi_siglist.h @@ -0,0 +1,22 @@ +#ifndef _IPXE_EFI_SIGLIST_H +#define _IPXE_EFI_SIGLIST_H + +/** @file + * + * PEM-encoded ASN.1 data + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <stdint.h> +#include <ipxe/asn1.h> +#include <ipxe/image.h> + +extern int efisig_asn1 ( const void *data, size_t len, size_t offset, + struct asn1_cursor **cursor ); + +extern struct image_type efisig_image_type __image_type ( PROBE_NORMAL ); + +#endif /* _IPXE_EFI_SIGLIST_H */ diff --git a/src/include/ipxe/efi/efi_smbios.h b/src/include/ipxe/efi/efi_smbios.h index d890d5460..23af651a8 100644 --- a/src/include/ipxe/efi/efi_smbios.h +++ b/src/include/ipxe/efi/efi_smbios.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef SMBIOS_EFI #define SMBIOS_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_snp.h b/src/include/ipxe/efi/efi_snp.h index 96373b57d..0822466db 100644 --- a/src/include/ipxe/efi/efi_snp.h +++ b/src/include/ipxe/efi/efi_snp.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/list.h> #include <ipxe/netdevice.h> @@ -30,8 +31,8 @@ struct efi_snp_device { struct list_head list; /** The underlying iPXE network device */ struct net_device *netdev; - /** The underlying EFI device */ - struct efi_device *efidev; + /** EFI parent device handle (if any) */ + EFI_HANDLE parent; /** EFI device handle */ EFI_HANDLE handle; /** The SNP structure itself */ diff --git a/src/include/ipxe/efi/efi_strings.h b/src/include/ipxe/efi/efi_strings.h index a7adff827..36f5a7eb0 100644 --- a/src/include/ipxe/efi/efi_strings.h +++ b/src/include/ipxe/efi/efi_strings.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stddef.h> #include <stdint.h> diff --git a/src/include/ipxe/efi/efi_table.h b/src/include/ipxe/efi/efi_table.h new file mode 100644 index 000000000..714069e15 --- /dev/null +++ b/src/include/ipxe/efi/efi_table.h @@ -0,0 +1,38 @@ +#ifndef _IPXE_EFI_TABLE_H +#define _IPXE_EFI_TABLE_H + +/** @file + * + * EFI configuration tables + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include <ipxe/efi/efi.h> + +/** An installable EFI configuration table type */ +struct efi_table { + /** Table GUID */ + EFI_GUID *guid; + /** + * Determine length of table + * + * @v data Configuration table data (presumed valid) + * @ret len Length of table + * + * EFI does not record the length of installed configuration + * tables. Consumers must understand the specific type of + * table in order to be able to determine its length from the + * contents. + */ + size_t ( * len ) ( const void *data ); +}; + +extern void * efi_find_table ( EFI_GUID *guid ); +extern int efi_install_table ( struct efi_table *table, const void *data, + void **backup ); +extern int efi_uninstall_table ( struct efi_table *table, void **backup ); + +#endif /* _IPXE_EFI_TABLE_H */ diff --git a/src/include/ipxe/efi/efi_time.h b/src/include/ipxe/efi/efi_time.h index 099994b57..8b2addc0f 100644 --- a/src/include/ipxe/efi/efi_time.h +++ b/src/include/ipxe/efi/efi_time.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <stdint.h> diff --git a/src/include/ipxe/efi/efi_uaccess.h b/src/include/ipxe/efi/efi_uaccess.h deleted file mode 100644 index 3cc750405..000000000 --- a/src/include/ipxe/efi/efi_uaccess.h +++ /dev/null @@ -1,103 +0,0 @@ -#ifndef _IPXE_EFI_UACCESS_H -#define _IPXE_EFI_UACCESS_H - -/** @file - * - * iPXE user access API for EFI - * - * EFI runs with flat physical addressing, so the various mappings - * between virtual addresses, I/O addresses and bus addresses are all - * no-ops. - */ - -FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); - -#ifdef UACCESS_EFI -#define UACCESS_PREFIX_efi -#else -#define UACCESS_PREFIX_efi __efi_ -#endif - -/** - * Convert physical address to user pointer - * - * @v phys_addr Physical address - * @ret userptr User pointer - */ -static inline __always_inline userptr_t -UACCESS_INLINE ( efi, phys_to_user ) ( unsigned long phys_addr ) { - return phys_addr; -} - -/** - * Convert user buffer to physical address - * - * @v userptr User pointer - * @v offset Offset from user pointer - * @ret phys_addr Physical address - */ -static inline __always_inline unsigned long -UACCESS_INLINE ( efi, user_to_phys ) ( userptr_t userptr, off_t offset ) { - return ( userptr + offset ); -} - -static inline __always_inline userptr_t -UACCESS_INLINE ( efi, virt_to_user ) ( volatile const void *addr ) { - return trivial_virt_to_user ( addr ); -} - -static inline __always_inline void * -UACCESS_INLINE ( efi, user_to_virt ) ( userptr_t userptr, off_t offset ) { - return trivial_user_to_virt ( userptr, offset ); -} - -static inline __always_inline userptr_t -UACCESS_INLINE ( efi, userptr_add ) ( userptr_t userptr, off_t offset ) { - return trivial_userptr_add ( userptr, offset ); -} - -static inline __always_inline off_t -UACCESS_INLINE ( efi, userptr_sub ) ( userptr_t userptr, - userptr_t subtrahend ) { - return trivial_userptr_sub ( userptr, subtrahend ); -} - -static inline __always_inline void -UACCESS_INLINE ( efi, memcpy_user ) ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, - size_t len ) { - trivial_memcpy_user ( dest, dest_off, src, src_off, len ); -} - -static inline __always_inline void -UACCESS_INLINE ( efi, memmove_user ) ( userptr_t dest, off_t dest_off, - userptr_t src, off_t src_off, - size_t len ) { - trivial_memmove_user ( dest, dest_off, src, src_off, len ); -} - -static inline __always_inline int -UACCESS_INLINE ( efi, memcmp_user ) ( userptr_t first, off_t first_off, - userptr_t second, off_t second_off, - size_t len ) { - return trivial_memcmp_user ( first, first_off, second, second_off, len); -} - -static inline __always_inline void -UACCESS_INLINE ( efi, memset_user ) ( userptr_t buffer, off_t offset, - int c, size_t len ) { - trivial_memset_user ( buffer, offset, c, len ); -} - -static inline __always_inline size_t -UACCESS_INLINE ( efi, strlen_user ) ( userptr_t buffer, off_t offset ) { - return trivial_strlen_user ( buffer, offset ); -} - -static inline __always_inline off_t -UACCESS_INLINE ( efi, memchr_user ) ( userptr_t buffer, off_t offset, - int c, size_t len ) { - return trivial_memchr_user ( buffer, offset, c, len ); -} - -#endif /* _IPXE_EFI_UACCESS_H */ diff --git a/src/include/ipxe/efi/efi_umalloc.h b/src/include/ipxe/efi/efi_umalloc.h index 4eb2a5f9b..4d5c706ca 100644 --- a/src/include/ipxe/efi/efi_umalloc.h +++ b/src/include/ipxe/efi/efi_umalloc.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #ifdef UMALLOC_EFI #define UMALLOC_PREFIX_efi diff --git a/src/include/ipxe/efi/efi_usb.h b/src/include/ipxe/efi/efi_usb.h index 06baff529..cbcef0e52 100644 --- a/src/include/ipxe/efi/efi_usb.h +++ b/src/include/ipxe/efi/efi_usb.h @@ -7,6 +7,9 @@ * */ +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + #include <ipxe/list.h> #include <ipxe/efi/efi.h> #include <ipxe/efi/efi_driver.h> diff --git a/src/include/ipxe/efi/efi_utils.h b/src/include/ipxe/efi/efi_utils.h index 98659b150..29dc171d2 100644 --- a/src/include/ipxe/efi/efi_utils.h +++ b/src/include/ipxe/efi/efi_utils.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> diff --git a/src/include/ipxe/efi/efi_veto.h b/src/include/ipxe/efi/efi_veto.h index c9ecbb05c..be48441ad 100644 --- a/src/include/ipxe/efi/efi_veto.h +++ b/src/include/ipxe/efi/efi_veto.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern void efi_veto ( void ); diff --git a/src/include/ipxe/efi/efi_watchdog.h b/src/include/ipxe/efi/efi_watchdog.h index 4a56b9a29..1801c6d6c 100644 --- a/src/include/ipxe/efi/efi_watchdog.h +++ b/src/include/ipxe/efi/efi_watchdog.h @@ -7,6 +7,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); extern struct retry_timer efi_watchdog; diff --git a/src/include/ipxe/efi/efi_wrap.h b/src/include/ipxe/efi/efi_wrap.h index 2747a9e33..7801c77d0 100644 --- a/src/include/ipxe/efi/efi_wrap.h +++ b/src/include/ipxe/efi/efi_wrap.h @@ -7,10 +7,15 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include <ipxe/efi/efi.h> -extern EFI_BOOT_SERVICES * efi_wrap_bs ( void ); -extern void efi_wrap ( EFI_HANDLE handle ); +extern void efi_wrap_bs ( EFI_BOOT_SERVICES *wrapped ); +extern void efi_wrap_rs ( EFI_RUNTIME_SERVICES *wrapped ); +extern void efi_wrap_systab ( int global ); +extern void efi_unwrap ( void ); + +extern void efi_wrap_image ( EFI_HANDLE handle ); #endif /* _IPXE_EFI_WRAP_H */ diff --git a/src/include/ipxe/efi/import.pl b/src/include/ipxe/efi/import.pl index 0a7669f43..9490e2f7b 100755 --- a/src/include/ipxe/efi/import.pl +++ b/src/include/ipxe/efi/import.pl @@ -71,17 +71,19 @@ sub try_import_file { push @dependencies, $2; } # Check for BSD licence statement - if ( /^\s*SPDX-License-Identifier: BSD-2-Clause-Patent$/ ) { + if ( /\s*SPDX-License-Identifier: BSD-2-Clause-Patent$/ ) { die "Licence detected after header guard\n" if $guard; $licence = "BSD2_PATENT"; } # Write out line print $outfh "$_\n"; - # Apply FILE_LICENCE() immediately after include guard + # Apply FILE_LICENCE()/FILE_SECBOOT() immediately after include guard if ( defined $maybe_guard && ! defined $guard ) { if ( /^\#define\s+${maybe_guard}$/ ) { $guard = $maybe_guard; - print $outfh "\nFILE_LICENCE ( $licence );\n" if $licence; + print $outfh "\n"; + print $outfh "FILE_LICENCE ( $licence );\n" if $licence; + print $outfh "FILE_SECBOOT ( PERMITTED );\n"; } undef $maybe_guard; } @@ -118,7 +120,9 @@ pod2usage ( 1 ) unless @ARGV == 1; my $edktop = shift; # Identify edk import directories -my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include" ]; +my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include", + "NetworkPkg/Include", "EmbeddedPkg/Include", + "OvmfPkg/Include" ]; foreach my $edkdir ( @$edkdirs ) { die "Directory \"$edktop\" does not appear to contain the EFI EDK2 " ."(missing \"$edkdir\")\n" unless -d catdir ( $edktop, $edkdir ); diff --git a/src/include/ipxe/efi/mnpnet.h b/src/include/ipxe/efi/mnpnet.h index 99d6cf083..1f2d0d1f6 100644 --- a/src/include/ipxe/efi/mnpnet.h +++ b/src/include/ipxe/efi/mnpnet.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); struct efi_device; struct net_device; |