## @file\r
-# The library instance provides security service of image verification.\r
-# Image verification Library module supports UEFI2.3.1\r
+# Provides security service of image verification\r
#\r
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
+# This library hooks LoadImage() API to verify every image by the verification policy.\r
+#\r
+# Caution: This module requires additional review when modified.\r
+# This library will have external input - PE/COFF image.\r
+# This external input must be validated carefully to avoid security issues such as\r
+# buffer overflow or integer overflow.\r
+#\r
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
# This program and the accompanying materials\r
# are licensed and made available under the terms and conditions of the BSD License\r
# which accompanies this distribution. The full text of the license may be found at\r
\r
[Defines]\r
INF_VERSION = 0x00010005\r
- BASE_NAME = DxeImageVerificationLib \r
+ BASE_NAME = DxeImageVerificationLib\r
+ MODULE_UNI_FILE = DxeImageVerificationLib.uni\r
FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6\r
MODULE_TYPE = DXE_DRIVER\r
VERSION_STRING = 1.0\r
- LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER \r
+ LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER\r
CONSTRUCTOR = DxeImageVerificationLibConstructor\r
\r
#\r
[Sources]\r
DxeImageVerificationLib.c\r
DxeImageVerificationLib.h\r
+ Measurement.c\r
\r
[Packages]\r
MdePkg/MdePkg.dec\r
BaseCryptLib\r
SecurityManagementLib\r
PeCoffLib\r
+ TpmMeasurementLib\r
\r
[Protocols]\r
- gEfiFirmwareVolume2ProtocolGuid\r
- gEfiBlockIoProtocolGuid\r
- gEfiSimpleFileSystemProtocolGuid\r
- gEfiVariableWriteArchProtocolGuid\r
- \r
+ gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES\r
+ gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES\r
+ gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES\r
+\r
[Guids]\r
- gEfiCertTypeRsa2048Sha256Guid\r
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"\r
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"\r
+ ## SOMETIMES_CONSUMES ## Variable:L"DBT"\r
+ ## PRODUCES ## SystemTable\r
+ ## CONSUMES ## SystemTable\r
gEfiImageSecurityDatabaseGuid\r
+\r
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.\r
gEfiCertSha1Guid\r
+\r
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.\r
gEfiCertSha256Guid\r
- gEfiCertX509Guid\r
- gEfiCertRsa2048Guid\r
- gEfiSecureBootEnableDisableGuid\r
- \r
-[Pcd]\r
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy\r
- gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy\r
- gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy\r
\r
- \r
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.\r
+ gEfiCertSha384Guid\r
\r
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.\r
+ gEfiCertSha512Guid\r
\r
+ gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ gEfiCertX509Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ gEfiCertX509Sha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ gEfiCertX509Sha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
+ gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate.\r
+\r
+[Pcd]\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy ## SOMETIMES_CONSUMES\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy ## SOMETIMES_CONSUMES\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy ## SOMETIMES_CONSUMES\r