You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
108 lines
5.7 KiB
108 lines
5.7 KiB
/** @file
|
|
Security2 Architectural Protocol as defined in PI Specification1.2.1 VOLUME 2 DXE
|
|
|
|
Abstracts security-specific functions from the DXE Foundation of UEFI Image Verification,
|
|
Trusted Computing Group (TCG) measured boot, and User Identity policy for image loading and
|
|
consoles. This protocol must be produced by a boot service or runtime DXE driver.
|
|
|
|
This protocol is optional and must be published prior to the EFI_SECURITY_ARCH_PROTOCOL.
|
|
As a result, the same driver must publish both of these interfaces.
|
|
|
|
When both Security and Security2 Architectural Protocols are published, LoadImage must use
|
|
them in accordance with the following rules:
|
|
The Security2 protocol must be used on every image being loaded.
|
|
The Security protocol must be used after the Securiy2 protocol and only on images that
|
|
have been read using Firmware Volume protocol.
|
|
|
|
When only Security architectural protocol is published, LoadImage must use it on every image
|
|
being loaded.
|
|
|
|
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
|
|
This program and the accompanying materials
|
|
are licensed and made available under the terms and conditions of the BSD License
|
|
which accompanies this distribution. The full text of the license may be found at
|
|
http://opensource.org/licenses/bsd-license.php
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
**/
|
|
|
|
#ifndef __ARCH_PROTOCOL_SECURITY2_H__
|
|
#define __ARCH_PROTOCOL_SECURITY2_H__
|
|
|
|
///
|
|
/// Global ID for the Security2 Code Architectural Protocol
|
|
///
|
|
#define EFI_SECURITY2_ARCH_PROTOCOL_GUID \
|
|
{ 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } }
|
|
|
|
typedef struct _EFI_SECURITY2_ARCH_PROTOCOL EFI_SECURITY2_ARCH_PROTOCOL;
|
|
|
|
/**
|
|
The DXE Foundation uses this service to measure and/or verify a UEFI image.
|
|
|
|
This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI
|
|
Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation
|
|
invokes the FileAuthentication() with a DevicePath and corresponding image in
|
|
FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the
|
|
appropriate PCR. The image verification logic will confirm the integrity and provenance of the
|
|
image in FileBuffer of length FileSize . The origin of the image will be DevicePath in
|
|
these cases.
|
|
If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected
|
|
in order to support the User Identification policy.
|
|
|
|
@param This The EFI_SECURITY2_ARCH_PROTOCOL instance.
|
|
@param File A pointer to the device path of the file that is
|
|
being dispatched. This will optionally be used for logging.
|
|
@param FileBuffer A pointer to the buffer with the UEFI file image.
|
|
@param FileSize The size of the file.
|
|
@param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If
|
|
FileAuthentication() is invoked not from the LoadImage(),
|
|
BootPolicy must be set to FALSE.
|
|
|
|
@retval EFI_SUCCESS The file specified by DevicePath and non-NULL
|
|
FileBuffer did authenticate, and the platform policy dictates
|
|
that the DXE Foundation may use the file.
|
|
@retval EFI_SUCCESS The device path specified by NULL device path DevicePath
|
|
and non-NULL FileBuffer did authenticate, and the platform
|
|
policy dictates that the DXE Foundation may execute the image in
|
|
FileBuffer.
|
|
@retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
|
|
UEFI device drivers on the device path specified by DevicePath.
|
|
@retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not
|
|
authenticate, and the platform policy dictates that the file should be
|
|
placed in the untrusted state. The image has been added to the file
|
|
execution table.
|
|
@retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
|
|
authenticate, and the platform policy dictates that the DXE
|
|
Foundation may not use File.
|
|
@retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no
|
|
permission to start UEFI device drivers on the device path specified
|
|
by DevicePath.
|
|
@retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
|
|
drivers from the device path specified by DevicePath. The
|
|
image has been added into the list of the deferred images.
|
|
**/
|
|
typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION) (
|
|
IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,
|
|
IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
|
|
IN VOID *FileBuffer,
|
|
IN UINTN FileSize,
|
|
IN BOOLEAN BootPolicy
|
|
);
|
|
|
|
///
|
|
/// The EFI_SECURITY2_ARCH_PROTOCOL is used to abstract platform-specific policy from the
|
|
/// DXE Foundation. This includes measuring the PE/COFF image prior to invoking, comparing the
|
|
/// image against a policy (whether a white-list/black-list of public image verification keys
|
|
/// or registered hashes).
|
|
///
|
|
struct _EFI_SECURITY2_ARCH_PROTOCOL {
|
|
EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication;
|
|
};
|
|
|
|
extern EFI_GUID gEfiSecurity2ArchProtocolGuid;
|
|
|
|
#endif
|