]>
Commit | Line | Data |
---|---|---|
e5544398 | 1 | /** @file\r |
d7132512 | 2 | This file declares Pei Security2 PPI.\r |
e5544398 | 3 | \r |
d7132512 | 4 | This PPI is installed by some platform PEIM that abstracts the security \r |
4ca9b6c4 | 5 | policy to the PEI Foundation, namely the case of a PEIM's authentication \r |
d7132512 LG |
6 | state being returned during the PEI section extraction process.\r |
7 | \r | |
8 | Copyright (c) 2006 - 2008, Intel Corporation\r | |
e5544398 | 9 | All rights reserved. This program and the accompanying materials \r |
10 | are licensed and made available under the terms and conditions of the BSD License \r | |
11 | which accompanies this distribution. The full text of the license may be found at \r | |
12 | http://opensource.org/licenses/bsd-license.php \r | |
13 | \r | |
14 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r | |
15 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r | |
16 | \r | |
e5544398 | 17 | @par Revision Reference:\r |
0047820e | 18 | This PPI is introduced in PI Version 1.0.\r |
e5544398 | 19 | \r |
20 | **/\r | |
21 | \r | |
22 | #ifndef __SECURITY2_PPI_H__\r | |
23 | #define __SECURITY2_PPI_H__\r | |
24 | \r | |
25 | #define EFI_PEI_SECURITY2_PPI_GUID \\r | |
26 | { 0xdcd0be23, 0x9586, 0x40f4, { 0xb6, 0x43, 0x6, 0x52, 0x2c, 0xed, 0x4e, 0xde } }\r | |
27 | \r | |
28 | \r | |
53f2d96e | 29 | typedef struct _EFI_PEI_SECURITY2_PPI EFI_PEI_SECURITY2_PPI;\r |
e5544398 | 30 | \r |
31 | /**\r | |
d7132512 LG |
32 | Allows the platform builder to implement a security policy \r |
33 | in response to varying file authentication states.\r | |
34 | \r | |
e5544398 | 35 | This service is published by some platform PEIM. The purpose of\r |
36 | this service is to expose a given platform's policy-based\r | |
37 | response to the PEI Foundation. For example, if there is a PEIM\r | |
38 | in a GUIDed encapsulation section and the extraction of the PEI\r | |
39 | file section yields an authentication failure, there is no a\r | |
40 | priori policy in the PEI Foundation. Specifically, this\r | |
41 | situation leads to the question whether PEIMs that are either\r | |
42 | not in GUIDed sections or are in sections whose authentication\r | |
13c38031 | 43 | fails should still be executed.\r |
44 | \r | |
45 | @param PeiServices An indirect pointer to the PEI Services\r | |
46 | Table published by the PEI Foundation.\r | |
47 | @param This Interface pointer that implements the\r | |
48 | particular EFI_PEI_SECURITY2_PPI instance.\r | |
49 | @param AuthenticationStatus Authentication status of the file.\r | |
9319d2c2 LG |
50 | xx00 Image was not signed.\r |
51 | xxx1 Platform security policy override. \r | |
52 | Assumes same meaning as 0010 (the image was signed, the\r | |
53 | signature was tested, and the signature passed authentication test).\r | |
54 | 0010 Image was signed, the signature was tested, \r | |
55 | and the signature passed authentication test.\r | |
56 | 0110 Image was signed and the signature was not tested.\r | |
57 | 1010 Image was signed, the signature was tested, \r | |
58 | and the signature failed the authentication test.\r | |
13c38031 | 59 | @param FvHandle Handle of the volume in which the file\r |
60 | resides. This allows different policies\r | |
61 | depending on different firmware volumes.\r | |
62 | @param FileHandle Handle of the file under review.\r | |
63 | @param DeferExecution Pointer to a variable that alerts the\r | |
64 | PEI Foundation to defer execution of a\r | |
65 | PEIM.\r | |
66 | \r | |
67 | @retval EFI_SUCCESS The service performed its action successfully.\r | |
68 | @retval EFI_SECURITY_VIOLATION The object cannot be trusted.\r | |
e5544398 | 69 | \r |
70 | **/\r | |
71 | typedef\r | |
72 | EFI_STATUS\r | |
8b13229b | 73 | (EFIAPI *EFI_PEI_SECURITY_AUTHENTICATION_STATE)(\r |
e5544398 | 74 | IN CONST EFI_PEI_SERVICES **PeiServices,\r |
75 | IN CONST EFI_PEI_SECURITY2_PPI *This,\r | |
13c38031 | 76 | IN UINT32 AuthenticationStatus,\r |
77 | IN EFI_PEI_FV_HANDLE FvHandle,\r | |
78 | IN EFI_PEI_FV_HANDLE FileHandle,\r | |
e5544398 | 79 | IN OUT BOOLEAN *DeferExecution\r |
80 | );\r | |
81 | \r | |
13c38031 | 82 | ///\r |
83 | /// This PPI is a means by which the platform builder can indicate\r | |
84 | /// a response to a PEIM's authentication state. This can be in\r | |
85 | /// the form of a requirement for the PEI Foundation to skip a\r | |
86 | /// module using the DeferExecution Boolean output in the\r | |
87 | /// AuthenticationState() member function. Alternately, the\r | |
88 | /// Security PPI can invoke something like a cryptographic PPI\r | |
89 | /// that hashes the PEIM contents to log attestations, for which\r | |
90 | /// the FileHandle parameter in AuthenticationState() will be\r | |
91 | /// useful. If this PPI does not exist, PEIMs will be considered\r | |
92 | /// trusted.\r | |
93 | ///\r | |
e5544398 | 94 | struct _EFI_PEI_SECURITY2_PPI {\r |
95 | EFI_PEI_SECURITY_AUTHENTICATION_STATE AuthenticationState;\r | |
96 | };\r | |
97 | \r | |
98 | \r | |
99 | extern EFI_GUID gEfiPeiSecurity2PpiGuid;\r | |
100 | \r | |
101 | #endif\r |