[edk2-devel] [Patch v2 12/28] SecurityPkg: Add new variable types and functions

Judah Vang judah.vang at intel.com
Fri Apr 29 18:04:14 UTC 2022 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594

Add new variable encryption/decryption function prototypes.
Add new variable digest structure. Add new Protected
variable function prototypes. Update RPMC APIs to Add
an index because there is could more than one counter.

Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Nishant C Mistry <nishant.c.mistry at intel.com>
Signed-off-by: Jian J Wang <jian.j.wang at intel.com>
Signed-off-by: Nishant C Mistry <nishant.c.mistry at intel.com>
Signed-off-by: Judah Vang <judah.vang at intel.com>
---
 SecurityPkg/Include/Library/RpmcLib.h        | 15 +++++---
 SecurityPkg/Include/Library/VariableKeyLib.h | 37 +++-----------------
 2 files changed, 16 insertions(+), 36 deletions(-)

diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Library/RpmcLib.h
index df4ba34ba8cf..cb71dfcd7e4d 100644
--- a/SecurityPkg/Include/Library/RpmcLib.h
+++ b/SecurityPkg/Include/Library/RpmcLib.h
@@ -1,19 +1,23 @@
 /** @file
   Public definitions for the Replay Protected Monotonic Counter (RPMC) Library.
 
-Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
-#ifndef _RPMC_LIB_H_
-#define _RPMC_LIB_H_
+#ifndef RPMC_LIB_H_
+#define RPMC_LIB_H_
 
 #include <Uefi/UefiBaseType.h>
 
+#define RPMC_COUNTER_1  0
+#define RPMC_COUNTER_2  1
+
 /**
   Requests the monotonic counter from the designated RPMC counter.
 
+  @param[in]    CounterIndex            The RPMC index
   @param[out]   CounterValue            A pointer to a buffer to store the RPMC value.
 
   @retval       EFI_SUCCESS             The operation completed successfully.
@@ -23,12 +27,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 EFI_STATUS
 EFIAPI
 RequestMonotonicCounter (
+  IN  UINT8   CounterIndex,
   OUT UINT32  *CounterValue
   );
 
 /**
   Increments the monotonic counter in the SPI flash device by 1.
 
+  @param[in]    CounterIndex            The RPMC index
+
   @retval       EFI_SUCCESS             The operation completed successfully.
   @retval       EFI_DEVICE_ERROR        A device error occurred while attempting to update the counter.
   @retval       EFI_UNSUPPORTED         The operation is un-supported.
@@ -36,7 +43,7 @@ RequestMonotonicCounter (
 EFI_STATUS
 EFIAPI
 IncrementMonotonicCounter (
-  VOID
+  IN  UINT8  CounterIndex
   );
 
 #endif
diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Include/Library/VariableKeyLib.h
index 561ebad09da2..6076c4d4731b 100644
--- a/SecurityPkg/Include/Library/VariableKeyLib.h
+++ b/SecurityPkg/Include/Library/VariableKeyLib.h
@@ -1,13 +1,13 @@
 /** @file
   Public definitions for Variable Key Library.
 
-Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
-#ifndef _VARIABLE_KEY_LIB_H_
-#define _VARIABLE_KEY_LIB_H_
+#ifndef VARIABLE_KEY_LIB_H_
+#define VARIABLE_KEY_LIB_H_
 
 #include <Uefi/UefiBaseType.h>
 
@@ -25,35 +25,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 EFI_STATUS
 EFIAPI
 GetVariableKey (
-  OUT VOID       **VariableKey,
-  IN  OUT UINTN  *VariableKeySize
-  );
-
-/**
-  Regenerates the variable key.
-
-  @retval       EFI_SUCCESS             The variable key was regenerated successfully.
-  @retval       EFI_DEVICE_ERROR        An error occurred while attempting to regenerate the key.
-  @retval       EFI_ACCESS_DENIED       The function was invoked after locking the key interface.
-  @retval       EFI_UNSUPPORTED         Key regeneration is not supported in the current boot configuration.
-**/
-EFI_STATUS
-EFIAPI
-RegenerateVariableKey (
-  VOID
-  );
-
-/**
-  Locks the regenerate key interface.
-
-  @retval       EFI_SUCCESS             The key interface was locked successfully.
-  @retval       EFI_UNSUPPORTED         Locking the key interface is not supported in the current boot configuration.
-  @retval       Others                  An error occurred while attempting to lock the key interface.
-**/
-EFI_STATUS
-EFIAPI
-LockVariableKeyInterface (
-  VOID
+  OUT VOID   *VariableKey,
+  IN  UINTN  VariableKeySize
   );
 
 #endif
-- 
2.35.1.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89431): https://edk2.groups.io/g/devel/message/89431
Mute This Topic: https://groups.io/mt/90781899/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list