The release 2.5, April 2015 of the Unified Extensible Firmware Interface Specification (UEFI) contains 2 new protocols:
The specification is available in at http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf from the UEFI web site.
The functions provided are:
You may be surprised that there is no function to list the available readers. This is because UEFI has its own way to enumerate resources. Each smart card reader will have its own
This can be used to access a smart card and get a secret key from the smart card after a PIN has been verified. The secret key could be used to decipher the hard disk.
The functions provided are:
I already implemented the Smart Card Reader Protocol. I will proposed it for inclusion to TianoCore.
But if you are a developer you can play with it now.
- Smart Card Reader Protocol
- Smart Card Edge Protocol
The specification is available in at http://www.uefi.org/sites/default/files/resources/UEFI%202_5.pdf from the UEFI web site.
Smart Card Reader Protocol
The Smart Card Reader Protocol is described in chapter 35.6.1 page 2241 (yes, the specification is one huge document of 14 MB and 2588 pages).The functions provided are:
typedef struct _EFI_SMART_CARD_READER_PROTOCOL {
EFI_SMART_CARD_READER_CONNECT SCardConnect;
EFI_SMART_CARD_READER_DISCONNECT SCardDisconnect;
EFI_SMART_CARD_READER_STATUS SCardStatus;
EFI_SMART_CARD_READER_TRANSMIT SCardTransmit;
EFI_SMART_CARD_READER_CONTROL SCardControl;
EFI_SMART_CARD_READER_GET_ATTRIB SCardGetAttrib;
} EFI_SMART_CARD_READER_PROTOCOL;
You may be surprised that there is no function to list the available readers. This is because UEFI has its own way to enumerate resources. Each smart card reader will have its own
EFI_SMART_CARD_READER_PROTOCOL
structure. The program just have to iterate over all the protocols identified as EFI_SMART_CARD_READER_PROTOCOL_GUID
.Usage
The planned usage of the Smart Card Reader Protocol is to be used from an UEFI application so before the operating system (Windows, GNU/Linux, Mac OS X, etc.) is started.This can be used to access a smart card and get a secret key from the smart card after a PIN has been verified. The secret key could be used to decipher the hard disk.
Smart Card Edge Protocol
The Smart Card Edge Protocol is described in chapter 35.6.2 page 2253.The functions provided are:
typedef struct _EFI_SMART_CARD_EDGE_PROTOCOL {
EFI_SMART_CARD_EDGE_GET_CONTEXT GetContext;
EFI_SMART_CARD_EDGE_CONNECT Connect;
EFI_SMART_CARD_EDGE_DISCONNECT Disconnect;
EFI_SMART_CARD_EDGE_GET_CSN GetCsn;
EFI_SMART_CARD_EDGE_GET_READER_NAME GetReaderName;
EFI_SMART_CARD_EDGE_VERIFY_PIN VerifyPin;
EFI_SMART_CARD_EDGE_GET_PIN_REMAINING GetPinRemaining;
EFI_SMART_CARD_EDGE_GET_DATA GetData;
EFI_SMART_CARD_EDGE_GET_CREDENTIAL GetCredential;
EFI_SMART_CARD_EDGE_SIGN_DATA SignData;
EFI_SMART_CARD_EDGE_DECRYPT_DATA DecryptData;
EFI_SMART_CARD_EDGE_BUILD_DH_AGREEMENT BuildDHAgreement;
} EFI_SMART_CARD_EDGE_PROTOCOL;
Usage
This API allows to easily use a PKI card. It is the same idea as a PKCS#11 or MiniDriver library: abstract the smart card specificities and make an UEFI application able to use different PKI smart cards without writing specific source code.Can I use it now?
The specification is now public. You can implement it yourself and play with it. Or you can wait for someone else to implement it and provide it in the UEFI of your next computer.I already implemented the Smart Card Reader Protocol. I will proposed it for inclusion to TianoCore.
Conclusion
Stay tuned. Do not expect to have it included in the UEFI of your next computer before some time.But if you are a developer you can play with it now.
ConversionConversion EmoticonEmoticon