OpenCore  1.0.4
OpenCore Bootloader
Loading...
Searching...
No Matches
Functions | Variables
OcAppleSecureBootLib.c File Reference
#include <Uefi.h>
#include <Guid/AppleVariable.h>
#include <Protocol/AppleSecureBoot.h>
#include <Protocol/AppleImg4Verification.h>
#include <Protocol/SimpleFileSystem.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/BaseOverflowLib.h>
#include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/OcDevicePathLib.h>
#include <Library/OcFileLib.h>
#include <Library/OcMiscLib.h>
#include <Library/OcStringLib.h>
#include <Library/PrintLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>

Go to the source code of this file.

Functions

STATIC UINT8 InternalImg4GetFailureReason (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN UINT8 SbPolicy, IN EFI_STATUS Status)
 
EFI_STATUS OcAppleSecureBootBootstrapValues (IN CONST CHAR8 *Model, IN UINT64 Ecid OPTIONAL)
 
STATIC VOID EFIAPI AppleSbSetAvailability (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN BOOLEAN Available)
 
STATIC EFI_STATUS EFIAPI AppleSbGetWindowsPolicy (IN APPLE_SECURE_BOOT_PROTOCOL *This, OUT UINT8 *Policy)
 
STATIC EFI_STATUS EFIAPI AppleSbGetWindowsFailureReason (IN APPLE_SECURE_BOOT_PROTOCOL *This, OUT UINT8 *Reason)
 
STATIC EFI_STATUS EFIAPI AppleSbSetWindowsFailureReason (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN UINT8 Reason)
 
STATIC VOID * InternalReadFile (IN EFI_FILE_PROTOCOL *Volume, IN CHAR16 *FilePath, OUT UINT32 *FileSize)
 
STATIC EFI_STATUS EFIAPI AppleSbGetFailureReason (IN APPLE_SECURE_BOOT_PROTOCOL *This, OUT UINT8 *Reason)
 
STATIC EFI_STATUS EFIAPI AppleSbSetFailureReason (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN UINT8 Reason)
 
STATIC EFI_STATUS EFIAPI AppleSbGetKernelFailureReason (IN APPLE_SECURE_BOOT_PROTOCOL *This, OUT UINT8 *Reason)
 
STATIC EFI_STATUS EFIAPI AppleSbSetKernelFailureReason (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN UINT8 Reason)
 
STATIC EFI_STATUS EFIAPI AppleSbGetPolicy (IN APPLE_SECURE_BOOT_PROTOCOL *This, OUT UINT8 *Policy)
 
STATIC EFI_STATUS InternalVerifyImg4Worker (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN CONST VOID *ImageBuffer, IN UINTN ImageSize, IN CONST VOID *ManifestBuffer, IN UINTN ManifestSize, IN UINT32 ObjType, IN BOOLEAN SetFailureReason, IN UINT8 SbPolicy)
 
STATIC EFI_STATUS EFIAPI InternalGetImg4ByPath (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, IN UINT8 SbPolicy, OUT VOID **ManifestBufferPtr, OUT UINTN *ManifestSizePtr)
 
STATIC EFI_STATUS EFIAPI AppleSbVerifyImg4ByPath (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, IN UINT32 ObjType, IN BOOLEAN SetFailureReason)
 
STATIC EFI_STATUS EFIAPI AppleSbVerifyImg4 (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN CONST VOID *ImageBuffer, IN UINTN ImageSize, IN CONST VOID *ManifestBuffer, IN UINTN ManifestSize, IN UINT32 ObjType, IN BOOLEAN SetFailureReason)
 
STATIC EFI_STATUS EFIAPI AppleSbVerifyWindowsByPath (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, IN BOOLEAN SetFailureReason)
 
STATIC EFI_STATUS EFIAPI AppleSbVerifyWindows (IN APPLE_SECURE_BOOT_PROTOCOL *This, IN CONST VOID *TargetBuffer, IN UINTN TargetSize, IN BOOLEAN SetFailureReason)
 
APPLE_SECURE_BOOT_PROTOCOLOcAppleSecureBootInstallProtocol (IN BOOLEAN Reinstall, IN UINT8 SbPolicy, IN UINT8 SbWinPolicy OPTIONAL, IN BOOLEAN SbWinPolicyValid)
 
APPLE_SECURE_BOOT_PROTOCOLOcAppleSecureBootGetProtocol (VOID)
 
VOID OcAppleSecureBootSetDmgLoading (IN BOOLEAN LoadingDmg)
 
BOOLEAN OcAppleSecureBootGetDmgLoading (OUT UINT8 *RealPolicy OPTIONAL)
 
EFI_STATUS OcAppleSecureBootVerify (IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, IN VOID *SourceBuffer, IN UINTN SourceSize)
 

Variables

STATIC APPLE_SECURE_BOOT_PROTOCOLmSecureBoot
 
STATIC CHAR8 mSbHardwareModel [16]
 
STATIC UINT64 mSbEcid
 
STATIC BOOLEAN mDmgLoading = FALSE
 
STATIC UINT8 mDmgLoadingPolicy = AppleImg4SbModeMedium
 
STATIC BOOLEAN mSbAvailable = TRUE
 
STATIC UINT8 mSbPolicy = AppleImg4SbModeMedium
 
STATIC UINT8 mSbWindowsPolicy = 1
 
STATIC BOOLEAN mSbWindowsPolicyValid = TRUE
 

Detailed Description

OC Apple Secure Boot library.

Copyright (C) 2019, Download-Fritz. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php.

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

Definition in file OcAppleSecureBootLib.c.

Function Documentation

◆ AppleSbGetFailureReason()

STATIC EFI_STATUS EFIAPI AppleSbGetFailureReason ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
OUT UINT8 * Reason )

Retrieves the current Secure Boot failure reason.

Parameters
[in]ThisA pointer to the current protocol instance.
[out]ReasonOn output, the current failure reason.
Return values
EFI_SUCCESSThe current failure reason has been returned.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.

Definition at line 333 of file OcAppleSecureBootLib.c.

◆ AppleSbGetKernelFailureReason()

STATIC EFI_STATUS EFIAPI AppleSbGetKernelFailureReason ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
OUT UINT8 * Reason )

Retrieves the current Secure Boot Kernel failure reason.

Parameters
[in]ThisA pointer to the current protocol instance.
[out]ReasonOn output, the current Kernel failure reason.
Return values
EFI_SUCCESSThe current failure reason has been returned.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.

Definition at line 404 of file OcAppleSecureBootLib.c.

◆ AppleSbGetPolicy()

STATIC EFI_STATUS EFIAPI AppleSbGetPolicy ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
OUT UINT8 * Policy )

Retrieves the current Secure Boot policy.

Parameters
[in]ThisA pointer to the current protocol instance.
[out]PolicyOn output, the current Secure Boot policy.
Return values
EFI_SUCCESSThe current policy has been returned.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.
EFI_NOT_FOUNDThe current policy could not be retrieved.

Definition at line 476 of file OcAppleSecureBootLib.c.

◆ AppleSbGetWindowsFailureReason()

STATIC EFI_STATUS EFIAPI AppleSbGetWindowsFailureReason ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
OUT UINT8 * Reason )

Retrieves the current Secure Boot Windows failure reason.

Parameters
[in]ThisA pointer to the current protocol instance.
[out]ReasonOn output, the current Windows failure reason.
Return values
EFI_SUCCESSThe current failure reason has been returned.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.

Definition at line 209 of file OcAppleSecureBootLib.c.

◆ AppleSbGetWindowsPolicy()

STATIC EFI_STATUS EFIAPI AppleSbGetWindowsPolicy ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
OUT UINT8 * Policy )

Retrieves the current Secure Boot Windows policy.

Parameters
[in]ThisA pointer to the current protocol instance.
[out]PolicyOn output, the current Secure Boot Windows policy.
Return values
EFI_SUCCESSThe current policy has been returned.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.
EFI_NOT_FOUNDThe current policy could not be retrieved.

Definition at line 174 of file OcAppleSecureBootLib.c.

◆ AppleSbSetAvailability()

STATIC VOID EFIAPI AppleSbSetAvailability ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN BOOLEAN Available )

Sets the Secure Boot availability state.

Parameters
[in]ThisA pointer to the current protocol instance.
[in]AvailableThe new availability status for Secure Boot.

Definition at line 152 of file OcAppleSecureBootLib.c.

◆ AppleSbSetFailureReason()

STATIC EFI_STATUS EFIAPI AppleSbSetFailureReason ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN UINT8 Reason )

Sets the Secure Boot failure reason.

Parameters
[in]ThisA pointer to the current protocol instance.
[in]ReasonThe failure reason to set.
Return values
EFI_SUCCESSThe failure reason has been set successfully.
EFI_UNSUPPORTEDSecure Boot is currently unavailable.

Definition at line 373 of file OcAppleSecureBootLib.c.

◆ AppleSbSetKernelFailureReason()

STATIC EFI_STATUS EFIAPI AppleSbSetKernelFailureReason ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN UINT8 Reason )

Sets the Secure Boot Kernel failure reason.

Parameters
[in]ThisA pointer to the current protocol instance.
[in]ReasonThe Kernel failure reason to set.
Return values
EFI_SUCCESSThe failure reason has been set successfully.
EFI_UNSUPPORTEDSecure Boot is currently unavailable.

Definition at line 444 of file OcAppleSecureBootLib.c.

◆ AppleSbSetWindowsFailureReason()

STATIC EFI_STATUS EFIAPI AppleSbSetWindowsFailureReason ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN UINT8 Reason )

Sets the Secure Boot Windows failure reason.

Parameters
[in]ThisA pointer to the current protocol instance.
[in]ReasonThe Windows failure reason to set.
Return values
EFI_SUCCESSThe failure reason has been set successfully.
EFI_UNSUPPORTEDSecure Boot is currently unavailable.

Definition at line 249 of file OcAppleSecureBootLib.c.

◆ AppleSbVerifyImg4()

STATIC EFI_STATUS EFIAPI AppleSbVerifyImg4 ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN CONST VOID * ImageBuffer,
IN UINTN ImageSize,
IN CONST VOID * ManifestBuffer,
IN UINTN ManifestSize,
IN UINT32 ObjType,
IN BOOLEAN SetFailureReason )

Verify the signature of ImageBuffer against ObjType within a IMG4 Manifest.

Parameters
[in]ThisThe pointer to the current protocol instance.
[in]ImageBufferThe buffer to validate.
[in]ImageSizeThe size, in bytes, of ImageBuffer.
[in]ManifestBufferThe buffer of the IMG4 Manifest.
[in]ManifestSizeThe size, in bytes, of ManifestBuffer.
[in]ObjTypeThe IMG4 object type to validate against.
[in]SetFailureReasonWhether to set the failure reason.
Return values
EFI_SUCCESSImageBuffer is correctly signed.
EFI_LOAD_ERRORThe current policy is invalid.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.
EFI_UNSUPPORTEDSecure Boot is currently unavailable or disabled.
EFI_OUT_OF_RESOURCESNot enough resources are available.
EFI_SECURITY_VIOLATIONImageBuffer's signature is invalid.

Definition at line 739 of file OcAppleSecureBootLib.c.

◆ AppleSbVerifyImg4ByPath()

STATIC EFI_STATUS EFIAPI AppleSbVerifyImg4ByPath ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN EFI_DEVICE_PATH_PROTOCOL * DevicePath,
IN UINT32 ObjType,
IN BOOLEAN SetFailureReason )

Verify the signature of the file at DevicePath via the matching IMG4 Manifest.

Parameters
[in]ThisA pointer to the current protocol instance.
[in]DevicePathThe device path to the image to validate.
[in]ObjTypeThe IMG4 object type to validate against.
[in]SetFailureReasonWhether to set the failure reason.
Return values
EFI_SUCCESSThe file at DevicePath is correctly signed.
EFI_LOAD_ERRORThe current policy is invalid.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.
EFI_UNSUPPORTEDSecure Boot is currently unavailable or disabled.
EFI_OUT_OF_RESOURCESNot enough resources are available.
EFI_NO_MEDIAThe file at DevicePath could not be read.
EFI_NOT_FOUNDThe file's IMG4 Manifest could not be found.
EFI_SECURITY_VIOLATIONThe file's signature is invalid.

Definition at line 701 of file OcAppleSecureBootLib.c.

◆ AppleSbVerifyWindows()

STATIC EFI_STATUS EFIAPI AppleSbVerifyWindows ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN CONST VOID * TargetBuffer,
IN UINTN TargetSize,
IN BOOLEAN SetFailureReason )

Verify the signature of TargetBuffer against a Microsoft certificate chain.

Parameters
[in]ThisThe pointer to the current protocol instance.
[in]TargetBufferThe buffer to validate.
[in]TargetSizeThe size, in bytes, of TargetBuffer.
[in]SetFailureReasonWhether to set the failure reason.
Return values
EFI_SUCCESSImageBuffer is correctly signed.
EFI_LOAD_ERRORThe current policy is invalid.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.
EFI_UNSUPPORTEDSecure Boot is currently unavailable or disabled.
EFI_ACCESSDENIED A suiting certificate could not be found.
EFI_SECURITY_VIOLATIONTargetBuffer's signature is invalid.

Definition at line 847 of file OcAppleSecureBootLib.c.

◆ AppleSbVerifyWindowsByPath()

STATIC EFI_STATUS EFIAPI AppleSbVerifyWindowsByPath ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN EFI_DEVICE_PATH_PROTOCOL * DevicePath,
IN BOOLEAN SetFailureReason )

Verify the signature of the image at DebicePath against a Microsoft certificate chain.

Parameters
[in]ThisThe pointer to the current protocol instance.
[in]DevicePathThe device path to the image to validate.
[in]SetFailureReasonWhether to set the failure reason.
Return values
EFI_SUCCESSThe file at DevicePath is correctly signed.
EFI_LOAD_ERRORThe current policy is invalid.
EFI_INVALID_PARAMETEROne or more required parameters are NULL.
EFI_UNSUPPORTEDSecure Boot is currently unavailable or disabled.
EFI_OUT_OF_RESOURCESNot enough resources are available.
EFI_NO_MEDIAThe file at DevicePath could not be read.
EFI_ACCESSDENIED A suiting certificate could not be found.
EFI_SECURITY_VIOLATIONthe file's signature is invalid.

Definition at line 813 of file OcAppleSecureBootLib.c.

◆ InternalGetImg4ByPath()

STATIC EFI_STATUS EFIAPI InternalGetImg4ByPath ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN EFI_DEVICE_PATH_PROTOCOL * DevicePath,
IN UINT8 SbPolicy,
OUT VOID ** ManifestBufferPtr,
OUT UINTN * ManifestSizePtr )

Definition at line 555 of file OcAppleSecureBootLib.c.

◆ InternalImg4GetFailureReason()

STATIC UINT8 InternalImg4GetFailureReason ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN UINT8 SbPolicy,
IN EFI_STATUS Status )

Definition at line 48 of file OcAppleSecureBootLib.c.

◆ InternalReadFile()

STATIC VOID * InternalReadFile ( IN EFI_FILE_PROTOCOL * Volume,
IN CHAR16 * FilePath,
OUT UINT32 * FileSize )

Definition at line 269 of file OcAppleSecureBootLib.c.

◆ InternalVerifyImg4Worker()

STATIC EFI_STATUS InternalVerifyImg4Worker ( IN APPLE_SECURE_BOOT_PROTOCOL * This,
IN CONST VOID * ImageBuffer,
IN UINTN ImageSize,
IN CONST VOID * ManifestBuffer,
IN UINTN ManifestSize,
IN UINT32 ObjType,
IN BOOLEAN SetFailureReason,
IN UINT8 SbPolicy )

Definition at line 496 of file OcAppleSecureBootLib.c.

◆ OcAppleSecureBootBootstrapValues()

EFI_STATUS OcAppleSecureBootBootstrapValues ( IN CONST CHAR8 * Model,
IN UINT64 Ecid OPTIONAL )

Bootstrap NVRAM and library values for secure booting.

Parameters
[in]ModelSecure boot model (without ap suffix in lower-case).
[in]EcidEnclave identifier, optional.
Return values
EFI_SUCCESSOn success.

Definition at line 89 of file OcAppleSecureBootLib.c.

◆ OcAppleSecureBootGetDmgLoading()

BOOLEAN OcAppleSecureBootGetDmgLoading ( OUT UINT8 *RealPolicy OPTIONAL)

Get DMG loading status on Apple Secure Boot protocol.

Parameters
[out]RealPolicyActual secure boot policy, optional.
Return values
TRUEwhen loading DMG.

Definition at line 1010 of file OcAppleSecureBootLib.c.

◆ OcAppleSecureBootGetProtocol()

APPLE_SECURE_BOOT_PROTOCOL * OcAppleSecureBootGetProtocol ( VOID )

Obtain initialised Apple Secure Boot protocol.

Returns
initialised protocol.

Definition at line 976 of file OcAppleSecureBootLib.c.

◆ OcAppleSecureBootInstallProtocol()

APPLE_SECURE_BOOT_PROTOCOL * OcAppleSecureBootInstallProtocol ( IN BOOLEAN Reinstall,
IN UINT8 SbPolicy,
IN UINT8 SbWinPolicy OPTIONAL,
IN BOOLEAN SbWinPolicyValid )

Install and initialise the Apple Secure Boot protocol.

Parameters
[in]ReinstallReplace any installed protocol.
[in]SbPolicyApple Secure Boot Policy to install.
[in]SbWinPolicyApple Secure Boot Windows Policy to install.
[in]SbWinPolicyValidWhether SbWinPolicy should be installed.
Returns
Installed or located protocol.
Return values
NULLThere was an error locating or installing the protocol.

Definition at line 890 of file OcAppleSecureBootLib.c.

◆ OcAppleSecureBootSetDmgLoading()

VOID OcAppleSecureBootSetDmgLoading ( IN BOOLEAN LoadingDmg)

Report DMG loading to Apple Secure Boot protocol.

Parameters
[in]LoadingDmgTRUE after loading DMG.

Definition at line 985 of file OcAppleSecureBootLib.c.

◆ OcAppleSecureBootVerify()

EFI_STATUS OcAppleSecureBootVerify ( IN EFI_DEVICE_PATH_PROTOCOL * DevicePath,
IN VOID * SourceBuffer,
IN UINTN SourceSize )

Perform image verification at path.

Parameters
[in]DevicePathPath to the image.
[in]SourceBufferImage contents.
[in]SourceSizeImage size.
Return values
EFI_SUCCESSon success.
EFI_SECURITY_VIOLATIONwhen corrupted signature (should abort and die).
EFI_ERRORwhen other errors happened (can continue with UEFI loader).

Definition at line 1022 of file OcAppleSecureBootLib.c.

Variable Documentation

◆ mDmgLoading

STATIC BOOLEAN mDmgLoading = FALSE

Definition at line 39 of file OcAppleSecureBootLib.c.

◆ mDmgLoadingPolicy

STATIC UINT8 mDmgLoadingPolicy = AppleImg4SbModeMedium

Definition at line 40 of file OcAppleSecureBootLib.c.

◆ mSbAvailable

STATIC BOOLEAN mSbAvailable = TRUE

Definition at line 41 of file OcAppleSecureBootLib.c.

◆ mSbEcid

STATIC UINT64 mSbEcid

Definition at line 38 of file OcAppleSecureBootLib.c.

◆ mSbHardwareModel

STATIC CHAR8 mSbHardwareModel[16]

Definition at line 37 of file OcAppleSecureBootLib.c.

◆ mSbPolicy

STATIC UINT8 mSbPolicy = AppleImg4SbModeMedium

Definition at line 42 of file OcAppleSecureBootLib.c.

◆ mSbWindowsPolicy

STATIC UINT8 mSbWindowsPolicy = 1

Definition at line 43 of file OcAppleSecureBootLib.c.

◆ mSbWindowsPolicyValid

STATIC BOOLEAN mSbWindowsPolicyValid = TRUE

Definition at line 44 of file OcAppleSecureBootLib.c.

◆ mSecureBoot

STATIC APPLE_SECURE_BOOT_PROTOCOL* mSecureBoot

Definition at line 36 of file OcAppleSecureBootLib.c.