mirror of
https://github.com/CloverHackyColor/CloverBootloader.git
synced 2024-12-18 15:27:48 +01:00
102 lines
5.5 KiB
C
102 lines
5.5 KiB
C
|
/** @file
|
||
|
Security2 Architectural Protocol as defined in PI Specification1.2.1 VOLUME 2 DXE
|
||
|
|
||
|
Abstracts security-specific functions from the DXE Foundation of UEFI Image Verification,
|
||
|
Trusted Computing Group (TCG) measured boot, and User Identity policy for image loading and
|
||
|
consoles. This protocol must be produced by a boot service or runtime DXE driver.
|
||
|
|
||
|
This protocol is optional and must be published prior to the EFI_SECURITY_ARCH_PROTOCOL.
|
||
|
As a result, the same driver must publish both of these interfaces.
|
||
|
|
||
|
When both Security and Security2 Architectural Protocols are published, LoadImage must use
|
||
|
them in accordance with the following rules:
|
||
|
The Security2 protocol must be used on every image being loaded.
|
||
|
The Security protocol must be used after the Securiy2 protocol and only on images that
|
||
|
have been read using Firmware Volume protocol.
|
||
|
|
||
|
When only Security architectural protocol is published, LoadImage must use it on every image
|
||
|
being loaded.
|
||
|
|
||
|
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
|
||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||
|
|
||
|
**/
|
||
|
|
||
|
#ifndef __ARCH_PROTOCOL_SECURITY2_H__
|
||
|
#define __ARCH_PROTOCOL_SECURITY2_H__
|
||
|
|
||
|
///
|
||
|
/// Global ID for the Security2 Code Architectural Protocol
|
||
|
///
|
||
|
#define EFI_SECURITY2_ARCH_PROTOCOL_GUID \
|
||
|
{ 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } }
|
||
|
|
||
|
typedef struct _EFI_SECURITY2_ARCH_PROTOCOL EFI_SECURITY2_ARCH_PROTOCOL;
|
||
|
|
||
|
/**
|
||
|
The DXE Foundation uses this service to measure and/or verify a UEFI image.
|
||
|
|
||
|
This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI
|
||
|
Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation
|
||
|
invokes the FileAuthentication() with a DevicePath and corresponding image in
|
||
|
FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the
|
||
|
appropriate PCR. The image verification logic will confirm the integrity and provenance of the
|
||
|
image in FileBuffer of length FileSize . The origin of the image will be DevicePath in
|
||
|
these cases.
|
||
|
If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected
|
||
|
in order to support the User Identification policy.
|
||
|
|
||
|
@param This The EFI_SECURITY2_ARCH_PROTOCOL instance.
|
||
|
@param File A pointer to the device path of the file that is
|
||
|
being dispatched. This will optionally be used for logging.
|
||
|
@param FileBuffer A pointer to the buffer with the UEFI file image.
|
||
|
@param FileSize The size of the file.
|
||
|
@param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If
|
||
|
FileAuthentication() is invoked not from the LoadImage(),
|
||
|
BootPolicy must be set to FALSE.
|
||
|
|
||
|
@retval EFI_SUCCESS The file specified by DevicePath and non-NULL
|
||
|
FileBuffer did authenticate, and the platform policy dictates
|
||
|
that the DXE Foundation may use the file.
|
||
|
@retval EFI_SUCCESS The device path specified by NULL device path DevicePath
|
||
|
and non-NULL FileBuffer did authenticate, and the platform
|
||
|
policy dictates that the DXE Foundation may execute the image in
|
||
|
FileBuffer.
|
||
|
@retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
|
||
|
UEFI device drivers on the device path specified by DevicePath.
|
||
|
@retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not
|
||
|
authenticate, and the platform policy dictates that the file should be
|
||
|
placed in the untrusted state. The image has been added to the file
|
||
|
execution table.
|
||
|
@retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
|
||
|
authenticate, and the platform policy dictates that the DXE
|
||
|
Foundation may not use File.
|
||
|
@retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no
|
||
|
permission to start UEFI device drivers on the device path specified
|
||
|
by DevicePath.
|
||
|
@retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
|
||
|
drivers from the device path specified by DevicePath. The
|
||
|
image has been added into the list of the deferred images.
|
||
|
**/
|
||
|
typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION) (
|
||
|
IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,
|
||
|
IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
|
||
|
IN VOID *FileBuffer,
|
||
|
IN UINTN FileSize,
|
||
|
IN BOOLEAN BootPolicy
|
||
|
);
|
||
|
|
||
|
///
|
||
|
/// The EFI_SECURITY2_ARCH_PROTOCOL is used to abstract platform-specific policy from the
|
||
|
/// DXE Foundation. This includes measuring the PE/COFF image prior to invoking, comparing the
|
||
|
/// image against a policy (whether a white-list/black-list of public image verification keys
|
||
|
/// or registered hashes).
|
||
|
///
|
||
|
struct _EFI_SECURITY2_ARCH_PROTOCOL {
|
||
|
EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication;
|
||
|
};
|
||
|
|
||
|
extern EFI_GUID gEfiSecurity2ArchProtocolGuid;
|
||
|
|
||
|
#endif
|