1 /* 2 * SPDX-License-Identifier: GPL-2.0-or-later 3 * 4 * uefi-vars device - state struct and function prototypes 5 */ 6 #ifndef QEMU_UEFI_VAR_SERVICE_H 7 #define QEMU_UEFI_VAR_SERVICE_H 8 9 #include "qemu/uuid.h" 10 #include "qemu/queue.h" 11 12 #include "hw/uefi/var-service-edk2.h" 13 14 #define MAX_BUFFER_SIZE (64 * 1024) 15 16 typedef struct uefi_variable uefi_variable; 17 typedef struct uefi_var_policy uefi_var_policy; 18 typedef struct uefi_vars_state uefi_vars_state; 19 20 typedef struct uefi_vars_cert uefi_vars_cert; 21 typedef struct uefi_vars_hash uefi_vars_hash; 22 typedef struct uefi_vars_siglist uefi_vars_siglist; 23 24 struct uefi_variable { 25 QemuUUID guid; 26 uint16_t *name; 27 uint32_t name_size; 28 uint32_t attributes; 29 void *data; 30 uint32_t data_size; 31 efi_time time; 32 void *digest; 33 uint32_t digest_size; 34 QTAILQ_ENTRY(uefi_variable) next; 35 }; 36 37 struct uefi_var_policy { 38 variable_policy_entry *entry; 39 uint32_t entry_size; 40 uint16_t *name; 41 uint32_t name_size; 42 43 /* number of hashmarks (wildcard character) in name */ 44 uint32_t hashmarks; 45 46 QTAILQ_ENTRY(uefi_var_policy) next; 47 }; 48 49 struct uefi_vars_state { 50 MemoryRegion mr; 51 uint16_t sts; 52 uint32_t buf_size; 53 uint32_t buf_addr_lo; 54 uint32_t buf_addr_hi; 55 uint8_t *buffer; 56 QTAILQ_HEAD(, uefi_variable) variables; 57 QTAILQ_HEAD(, uefi_var_policy) var_policies; 58 59 /* pio transfer buffer */ 60 uint32_t pio_xfer_offset; 61 uint8_t *pio_xfer_buffer; 62 63 /* boot phases */ 64 bool end_of_dxe; 65 bool ready_to_boot; 66 bool exit_boot_service; 67 bool policy_locked; 68 69 /* storage accounting */ 70 uint64_t max_storage; 71 uint64_t used_storage; 72 73 /* config options */ 74 char *jsonfile; 75 int jsonfd; 76 bool force_secure_boot; 77 bool disable_custom_mode; 78 bool use_pio; 79 }; 80 81 struct uefi_vars_cert { 82 QTAILQ_ENTRY(uefi_vars_cert) next; 83 QemuUUID owner; 84 uint64_t size; 85 uint8_t data[]; 86 }; 87 88 struct uefi_vars_hash { 89 QTAILQ_ENTRY(uefi_vars_hash) next; 90 QemuUUID owner; 91 uint8_t data[]; 92 }; 93 94 struct uefi_vars_siglist { 95 QTAILQ_HEAD(, uefi_vars_cert) x509; 96 QTAILQ_HEAD(, uefi_vars_hash) sha256; 97 }; 98 99 /* vars-service-guid.c */ 100 extern const QemuUUID EfiGlobalVariable; 101 extern const QemuUUID EfiImageSecurityDatabase; 102 extern const QemuUUID EfiCustomModeEnable; 103 extern const QemuUUID EfiSecureBootEnableDisable; 104 105 extern const QemuUUID EfiCertSha256Guid; 106 extern const QemuUUID EfiCertSha384Guid; 107 extern const QemuUUID EfiCertSha512Guid; 108 extern const QemuUUID EfiCertRsa2048Guid; 109 extern const QemuUUID EfiCertX509Guid; 110 extern const QemuUUID EfiCertTypePkcs7Guid; 111 112 extern const QemuUUID EfiSmmVariableProtocolGuid; 113 extern const QemuUUID VarCheckPolicyLibMmiHandlerGuid; 114 115 extern const QemuUUID EfiEndOfDxeEventGroupGuid; 116 extern const QemuUUID EfiEventReadyToBootGuid; 117 extern const QemuUUID EfiEventExitBootServicesGuid; 118 119 /* vars-service-utils.c */ 120 gboolean uefi_str_is_valid(const uint16_t *str, size_t len, 121 gboolean must_be_null_terminated); 122 size_t uefi_strlen(const uint16_t *str, size_t len); 123 gboolean uefi_str_equal_ex(const uint16_t *a, size_t alen, 124 const uint16_t *b, size_t blen, 125 gboolean wildcards_in_a); 126 gboolean uefi_str_equal(const uint16_t *a, size_t alen, 127 const uint16_t *b, size_t blen); 128 char *uefi_ucs2_to_ascii(const uint16_t *ucs2, uint64_t ucs2_size); 129 int uefi_time_compare(efi_time *a, efi_time *b); 130 void uefi_trace_variable(const char *action, QemuUUID guid, 131 const uint16_t *name, uint64_t name_size); 132 void uefi_trace_status(const char *action, efi_status status); 133 134 /* vars-service-core.c */ 135 extern const VMStateDescription vmstate_uefi_vars; 136 void uefi_vars_init(Object *obj, uefi_vars_state *uv); 137 void uefi_vars_realize(uefi_vars_state *uv, Error **errp); 138 void uefi_vars_hard_reset(uefi_vars_state *uv); 139 140 /* vars-service-json.c */ 141 void uefi_vars_json_init(uefi_vars_state *uv, Error **errp); 142 void uefi_vars_json_save(uefi_vars_state *uv); 143 void uefi_vars_json_load(uefi_vars_state *uv, Error **errp); 144 145 /* vars-service-vars.c */ 146 extern const VMStateDescription vmstate_uefi_variable; 147 uefi_variable *uefi_vars_find_variable(uefi_vars_state *uv, QemuUUID guid, 148 const uint16_t *name, 149 uint64_t name_size); 150 void uefi_vars_set_variable(uefi_vars_state *uv, QemuUUID guid, 151 const uint16_t *name, uint64_t name_size, 152 uint32_t attributes, 153 void *data, uint64_t data_size); 154 void uefi_vars_clear_volatile(uefi_vars_state *uv); 155 void uefi_vars_clear_all(uefi_vars_state *uv); 156 void uefi_vars_update_storage(uefi_vars_state *uv); 157 uint32_t uefi_vars_mm_vars_proto(uefi_vars_state *uv); 158 159 /* vars-service-auth.c */ 160 bool uefi_vars_is_sb_pk(uefi_variable *var); 161 bool uefi_vars_is_sb_any(uefi_variable *var); 162 efi_status uefi_vars_check_auth_2(uefi_vars_state *uv, uefi_variable *var, 163 mm_variable_access *va, void *data); 164 efi_status uefi_vars_check_secure_boot(uefi_vars_state *uv, uefi_variable *var); 165 void uefi_vars_auth_init(uefi_vars_state *uv); 166 167 /* vars-service-pkcs7.c */ 168 efi_status uefi_vars_check_pkcs7_2(uefi_variable *siglist, 169 void **digest, uint32_t *digest_size, 170 mm_variable_access *va, void *data); 171 172 /* vars-service-siglist.c */ 173 void uefi_vars_siglist_init(uefi_vars_siglist *siglist); 174 void uefi_vars_siglist_free(uefi_vars_siglist *siglist); 175 void uefi_vars_siglist_parse(uefi_vars_siglist *siglist, 176 void *data, uint64_t size); 177 uint64_t uefi_vars_siglist_blob_size(uefi_vars_siglist *siglist); 178 void uefi_vars_siglist_blob_generate(uefi_vars_siglist *siglist, 179 void *data, uint64_t size); 180 181 /* vars-service-policy.c */ 182 extern const VMStateDescription vmstate_uefi_var_policy; 183 efi_status uefi_vars_policy_check(uefi_vars_state *uv, 184 uefi_variable *var, 185 gboolean is_newvar); 186 void uefi_vars_policies_clear(uefi_vars_state *uv); 187 uefi_var_policy *uefi_vars_add_policy(uefi_vars_state *uv, 188 variable_policy_entry *pe); 189 uint32_t uefi_vars_mm_check_policy_proto(uefi_vars_state *uv); 190 191 #endif /* QEMU_UEFI_VAR_SERVICE_H */ 192