[efi] Add TLS authentication header and GUID definitions

Add the TlsAuthentication.h header from EDK2's NetworkPkg, along with
a GUID definition for EFI_TLS_CA_CERTIFICATE_GUID.

It is unclear whether or not the TlsCaCertificate variable is intended
to be a UEFI standard.  Its presence in NetworkPkg (rather than
MdePkg) suggests not, but the choice of EFI_TLS_CA_CERTIFICATE_GUID
(rather than e.g. EDKII_TLS_CA_CERTIFICATE_GUID) suggests that it is
intended to be included in future versions of the standard.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/include/ipxe/efi/Guid/TlsAuthentication.h b/src/include/ipxe/efi/Guid/TlsAuthentication.h
new file mode 100644 (file)
index 0000000..f1e1b4f
--- /dev/null
+++ b/src/include/ipxe/efi/Guid/TlsAuthentication.h
@@ -0,0 +1,25 @@
+/** @file
+  This file defines TlsCaCertificate variable.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __TLS_AUTHENTICATION_H__
+#define __TLS_AUTHENTICATION_H__
+
+FILE_LICENCE ( BSD2_PATENT );
+
+// Private variable for CA Certificate configuration
+//
+#define EFI_TLS_CA_CERTIFICATE_GUID \
+  { \
+    0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
+  }
+
+#define EFI_TLS_CA_CERTIFICATE_VARIABLE  L"TlsCaCertificate"
+
+extern EFI_GUID  gEfiTlsCaCertificateGuid;
+
+#endif

diff --git a/src/include/ipxe/efi/efi.h b/src/include/ipxe/efi/efi.h
index 862a38e5ca116d050cc902b52514e5ba5551d328..486c6070ec8c65500db45cdea3696ef396f7d036 100644 (file)
--- a/src/include/ipxe/efi/efi.h
+++ b/src/include/ipxe/efi/efi.h
@@ -249,6 +249,7 @@ extern EFI_GUID efi_cert_x509_guid;
 extern EFI_GUID efi_file_info_id;
 extern EFI_GUID efi_file_system_info_id;
 extern EFI_GUID efi_global_variable;
+extern EFI_GUID efi_tls_ca_certificate_guid;
 
 extern EFI_HANDLE efi_image_handle;
 extern EFI_LOADED_IMAGE_PROTOCOL *efi_loaded_image;

diff --git a/src/include/ipxe/efi/import.pl b/src/include/ipxe/efi/import.pl
index 0a7669f43e8508ba923ca89a2d66a5abbff442e6..346d45e5fa2aceff902bad288d7706a638a8726d 100755 (executable)
--- a/src/include/ipxe/efi/import.pl
+++ b/src/include/ipxe/efi/import.pl
@@ -118,7 +118,8 @@ pod2usage ( 1 ) unless @ARGV == 1;
 my $edktop = shift;
 
 # Identify edk import directories
-my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include" ];
+my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include",
+               "NetworkPkg/Include" ];
 foreach my $edkdir ( @$edkdirs ) {
   die "Directory \"$edktop\" does not appear to contain the EFI EDK2 "
       ."(missing \"$edkdir\")\n" unless -d catdir ( $edktop, $edkdir );

diff --git a/src/interface/efi/efi_guid.c b/src/interface/efi/efi_guid.c
index ae78c068e4428a92ceeb2fd15a374b51b1b7883b..9d9c9ef916ac808eade626c9517dd6519d7ee424 100644 (file)
--- a/src/interface/efi/efi_guid.c
+++ b/src/interface/efi/efi_guid.c
@@ -87,6 +87,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/efi/Guid/FileSystemInfo.h>
 #include <ipxe/efi/Guid/GlobalVariable.h>
 #include <ipxe/efi/Guid/ImageAuthentication.h>
+#include <ipxe/efi/Guid/TlsAuthentication.h>
 
 /** @file
  *
@@ -407,6 +408,9 @@ EFI_GUID efi_file_system_info_id = EFI_FILE_SYSTEM_INFO_ID;
 /** Global variable GUID */
 EFI_GUID efi_global_variable = EFI_GLOBAL_VARIABLE;
 
+/** TLS CA certificate variable GUID */
+EFI_GUID efi_tls_ca_certificate_guid = EFI_TLS_CA_CERTIFICATE_GUID;
+
 /** HttpBootDxe module GUID */
 static EFI_GUID efi_http_boot_dxe_guid = {
        0xecebcb00, 0xd9c8, 0x11e4,
@@ -583,6 +587,8 @@ static struct efi_well_known_guid efi_well_known_guids[] = {
          "Tcp6" },
        { &efi_tcp6_service_binding_protocol_guid,
          "Tcp6Sb" },
+       { &efi_tls_ca_certificate_guid,
+         "TlsCaCert" },
        { &efi_tree_protocol_guid,
          "TrEE" },
        { &efi_udp4_protocol_guid,