]>
Commit | Line | Data |
---|---|---|
b92b1209 LG |
1 | /** @file\r |
2 | Security2 Architectural Protocol as defined in PI Specification1.2.1 VOLUME 2 DXE\r | |
3 | \r | |
4 | Abstracts security-specific functions from the DXE Foundation of UEFI Image Verification,\r | |
5 | Trusted Computing Group (TCG) measured boot, and User Identity policy for image loading and\r | |
6 | consoles. This protocol must be produced by a boot service or runtime DXE driver.\r | |
9095d37b | 7 | \r |
b92b1209 LG |
8 | This protocol is optional and must be published prior to the EFI_SECURITY_ARCH_PROTOCOL.\r |
9 | As a result, the same driver must publish both of these interfaces.\r | |
9095d37b | 10 | \r |
b92b1209 LG |
11 | When both Security and Security2 Architectural Protocols are published, LoadImage must use\r |
12 | them in accordance with the following rules:\r | |
13 | The Security2 protocol must be used on every image being loaded.\r | |
9095d37b | 14 | The Security protocol must be used after the Securiy2 protocol and only on images that\r |
b92b1209 LG |
15 | have been read using Firmware Volume protocol.\r |
16 | \r | |
17 | When only Security architectural protocol is published, LoadImage must use it on every image\r | |
18 | being loaded.\r | |
19 | \r | |
9095d37b | 20 | Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>\r |
9344f092 | 21 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
b92b1209 LG |
22 | \r |
23 | **/\r | |
24 | \r | |
25 | #ifndef __ARCH_PROTOCOL_SECURITY2_H__\r | |
26 | #define __ARCH_PROTOCOL_SECURITY2_H__\r | |
27 | \r | |
28 | ///\r | |
29 | /// Global ID for the Security2 Code Architectural Protocol\r | |
30 | ///\r | |
31 | #define EFI_SECURITY2_ARCH_PROTOCOL_GUID \\r | |
32 | { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } }\r | |
9095d37b | 33 | \r |
2f88bd3a | 34 | typedef struct _EFI_SECURITY2_ARCH_PROTOCOL EFI_SECURITY2_ARCH_PROTOCOL;\r |
b92b1209 LG |
35 | \r |
36 | /**\r | |
37 | The DXE Foundation uses this service to measure and/or verify a UEFI image.\r | |
38 | \r | |
39 | This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI\r | |
40 | Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation\r | |
41 | invokes the FileAuthentication() with a DevicePath and corresponding image in\r | |
42 | FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the\r | |
43 | appropriate PCR. The image verification logic will confirm the integrity and provenance of the\r | |
44 | image in FileBuffer of length FileSize . The origin of the image will be DevicePath in\r | |
45 | these cases.\r | |
46 | If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected\r | |
47 | in order to support the User Identification policy.\r | |
9095d37b | 48 | \r |
b92b1209 LG |
49 | @param This The EFI_SECURITY2_ARCH_PROTOCOL instance.\r |
50 | @param File A pointer to the device path of the file that is\r | |
51 | being dispatched. This will optionally be used for logging.\r | |
52 | @param FileBuffer A pointer to the buffer with the UEFI file image.\r | |
53 | @param FileSize The size of the file.\r | |
54 | @param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If\r | |
55 | FileAuthentication() is invoked not from the LoadImage(),\r | |
56 | BootPolicy must be set to FALSE.\r | |
9095d37b | 57 | \r |
b92b1209 LG |
58 | @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r |
59 | FileBuffer did authenticate, and the platform policy dictates\r | |
60 | that the DXE Foundation may use the file.\r | |
61 | @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r | |
62 | and non-NULL FileBuffer did authenticate, and the platform\r | |
63 | policy dictates that the DXE Foundation may execute the image in\r | |
64 | FileBuffer.\r | |
65 | @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r | |
66 | UEFI device drivers on the device path specified by DevicePath.\r | |
67 | @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not\r | |
68 | authenticate, and the platform policy dictates that the file should be\r | |
69 | placed in the untrusted state. The image has been added to the file\r | |
70 | execution table.\r | |
71 | @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r | |
72 | authenticate, and the platform policy dictates that the DXE\r | |
73 | Foundation may not use File.\r | |
74 | @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r | |
75 | permission to start UEFI device drivers on the device path specified\r | |
76 | by DevicePath.\r | |
77 | @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r | |
78 | drivers from the device path specified by DevicePath. The\r | |
79 | image has been added into the list of the deferred images.\r | |
80 | **/\r | |
2f88bd3a | 81 | typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION)(\r |
b92b1209 | 82 | IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,\r |
d0e2f823 | 83 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,\r |
b92b1209 LG |
84 | IN VOID *FileBuffer,\r |
85 | IN UINTN FileSize,\r | |
86 | IN BOOLEAN BootPolicy\r | |
2f88bd3a | 87 | );\r |
b92b1209 LG |
88 | \r |
89 | ///\r | |
90 | /// The EFI_SECURITY2_ARCH_PROTOCOL is used to abstract platform-specific policy from the\r | |
91 | /// DXE Foundation. This includes measuring the PE/COFF image prior to invoking, comparing the\r | |
92 | /// image against a policy (whether a white-list/black-list of public image verification keys\r | |
93 | /// or registered hashes).\r | |
94 | ///\r | |
95 | struct _EFI_SECURITY2_ARCH_PROTOCOL {\r | |
2f88bd3a | 96 | EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication;\r |
b92b1209 LG |
97 | };\r |
98 | \r | |
2f88bd3a | 99 | extern EFI_GUID gEfiSecurity2ArchProtocolGuid;\r |
b92b1209 LG |
100 | \r |
101 | #endif\r |