[mirror_edk2.git] / MdePkg / Include / Ppi / Security2.h

/** @file\r
  This file declares Pei Security2 PPI.\r
\r
  This PPI is installed by some platform PEIM that abstracts the security \r
  policy to the PEI Foundation, namely the case of a PEIM's authentication \r
  state being returned during the PEI section extraction process.\r
\r
  Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>\r
  This program and the accompanying materials                          \r
  are licensed and made available under the terms and conditions of the BSD License         \r
  which accompanies this distribution.  The full text of the license may be found at        \r
  http://opensource.org/licenses/bsd-license.php                                            \r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     \r
  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             \r
\r
  @par Revision Reference:\r
  This PPI is introduced in PI Version 1.0.\r
\r
**/\r
\r
#ifndef __SECURITY2_PPI_H__\r
#define __SECURITY2_PPI_H__\r
\r
#define EFI_PEI_SECURITY2_PPI_GUID \\r
  { 0xdcd0be23, 0x9586, 0x40f4, { 0xb6, 0x43, 0x6, 0x52, 0x2c, 0xed, 0x4e, 0xde } }\r
\r
\r
typedef struct _EFI_PEI_SECURITY2_PPI  EFI_PEI_SECURITY2_PPI;\r
\r
/**\r
  Allows the platform builder to implement a security policy \r
  in response to varying file authentication states.\r
\r
  This service is published by some platform PEIM. The purpose of\r
  this service is to expose a given platform's policy-based\r
  response to the PEI Foundation. For example, if there is a PEIM\r
  in a GUIDed encapsulation section and the extraction of the PEI\r
  file section yields an authentication failure, there is no a\r
  priori policy in the PEI Foundation. Specifically, this\r
  situation leads to the question whether PEIMs that are either\r
  not in GUIDed sections or are in sections whose authentication\r
  fails should still be executed.\r
\r
  @param PeiServices             An indirect pointer to the PEI Services\r
                                 Table published by the PEI Foundation.\r
  @param This                    Interface pointer that implements the\r
                                 particular EFI_PEI_SECURITY2_PPI instance.\r
  @param AuthenticationStatus    Authentication status of the file.\r
                                 xx00 Image was not signed.\r
                                 xxx1 Platform security policy override. \r
                                      Assumes same meaning as 0010 (the image was signed, the\r
                                      signature was tested, and the signature passed authentication test).\r
                                 0010 Image was signed, the signature was tested, \r
                                      and the signature passed authentication test.\r
                                 0110 Image was signed and the signature was not tested.\r
                                 1010 Image was signed, the signature was tested, \r
                                      and the signature failed the authentication test.\r
  @param FvHandle                Handle of the volume in which the file\r
                                 resides. This allows different policies\r
                                 depending on different firmware volumes.\r
  @param FileHandle              Handle of the file under review.\r
  @param DeferExecution          Pointer to a variable that alerts the\r
                                 PEI Foundation to defer execution of a\r
                                 PEIM.\r
\r
  @retval EFI_SUCCESS            The service performed its action successfully.\r
  @retval EFI_SECURITY_VIOLATION The object cannot be trusted.\r
\r
**/\r
typedef\r
EFI_STATUS\r
(EFIAPI *EFI_PEI_SECURITY_AUTHENTICATION_STATE)(\r
  IN CONST  EFI_PEI_SERVICES      **PeiServices,\r
  IN CONST  EFI_PEI_SECURITY2_PPI *This,\r
  IN UINT32                       AuthenticationStatus,\r
  IN EFI_PEI_FV_HANDLE            FvHandle,\r
  IN EFI_PEI_FILE_HANDLE          FileHandle,\r
  IN OUT    BOOLEAN               *DeferExecution\r
);\r
\r
///\r
/// This PPI is a means by which the platform builder can indicate\r
/// a response to a PEIM's authentication state. This can be in\r
/// the form of a requirement for the PEI Foundation to skip a\r
/// module using the DeferExecution Boolean output in the\r
/// AuthenticationState() member function. Alternately, the\r
/// Security PPI can invoke something like a cryptographic PPI\r
/// that hashes the PEIM contents to log attestations, for which\r
/// the FileHandle parameter in AuthenticationState() will be\r
/// useful. If this PPI does not exist, PEIMs will be considered\r
/// trusted.\r
///\r
struct _EFI_PEI_SECURITY2_PPI {\r
  EFI_PEI_SECURITY_AUTHENTICATION_STATE   AuthenticationState;\r
};\r
\r
\r
extern EFI_GUID gEfiPeiSecurity2PpiGuid;\r
\r
#endif\r
Commit	Line	Data
e5544398	1	/** @file\r
d7132512	2	This file declares Pei Security2 PPI.\r
e5544398	3	\r
d7132512	4	This PPI is installed by some platform PEIM that abstracts the security \r
4ca9b6c4	5	policy to the PEI Foundation, namely the case of a PEIM's authentication \r
d7132512 LG	6	state being returned during the PEI section extraction process.\r
d7132512 LG	7	\r
c7935105	8	Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>\r
9df063a0	9	This program and the accompanying materials \r
e5544398	10	are licensed and made available under the terms and conditions of the BSD License \r
	11	which accompanies this distribution. The full text of the license may be found at \r
	12	http://opensource.org/licenses/bsd-license.php \r
	13	\r
	14	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	15	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
	16	\r
e5544398	17	@par Revision Reference:\r
0047820e	18	This PPI is introduced in PI Version 1.0.\r
e5544398	19	\r
	20	**/\r
	21	\r
	22	#ifndef __SECURITY2_PPI_H__\r
	23	#define __SECURITY2_PPI_H__\r
	24	\r
	25	#define EFI_PEI_SECURITY2_PPI_GUID \\r
	26	{ 0xdcd0be23, 0x9586, 0x40f4, { 0xb6, 0x43, 0x6, 0x52, 0x2c, 0xed, 0x4e, 0xde } }\r
	27	\r
	28	\r
53f2d96e	29	typedef struct _EFI_PEI_SECURITY2_PPI EFI_PEI_SECURITY2_PPI;\r
e5544398	30	\r
e5544398	31	/**\r
d7132512 LG	32	Allows the platform builder to implement a security policy \r
	33	in response to varying file authentication states.\r
	34	\r
e5544398	35	This service is published by some platform PEIM. The purpose of\r
	36	this service is to expose a given platform's policy-based\r
	37	response to the PEI Foundation. For example, if there is a PEIM\r
	38	in a GUIDed encapsulation section and the extraction of the PEI\r
	39	file section yields an authentication failure, there is no a\r
	40	priori policy in the PEI Foundation. Specifically, this\r
	41	situation leads to the question whether PEIMs that are either\r
	42	not in GUIDed sections or are in sections whose authentication\r
13c38031	43	fails should still be executed.\r
	44	\r
	45	@param PeiServices An indirect pointer to the PEI Services\r
	46	Table published by the PEI Foundation.\r
	47	@param This Interface pointer that implements the\r
	48	particular EFI_PEI_SECURITY2_PPI instance.\r
	49	@param AuthenticationStatus Authentication status of the file.\r
9319d2c2 LG	50	xx00 Image was not signed.\r
	51	xxx1 Platform security policy override. \r
	52	Assumes same meaning as 0010 (the image was signed, the\r
	53	signature was tested, and the signature passed authentication test).\r
	54	0010 Image was signed, the signature was tested, \r
	55	and the signature passed authentication test.\r
	56	0110 Image was signed and the signature was not tested.\r
	57	1010 Image was signed, the signature was tested, \r
	58	and the signature failed the authentication test.\r
13c38031	59	@param FvHandle Handle of the volume in which the file\r
	60	resides. This allows different policies\r
	61	depending on different firmware volumes.\r
	62	@param FileHandle Handle of the file under review.\r
	63	@param DeferExecution Pointer to a variable that alerts the\r
	64	PEI Foundation to defer execution of a\r
	65	PEIM.\r
	66	\r
	67	@retval EFI_SUCCESS The service performed its action successfully.\r
	68	@retval EFI_SECURITY_VIOLATION The object cannot be trusted.\r
e5544398	69	\r
	70	**/\r
	71	typedef\r
	72	EFI_STATUS\r
8b13229b	73	(EFIAPI *EFI_PEI_SECURITY_AUTHENTICATION_STATE)(\r
e5544398	74	IN CONST EFI_PEI_SERVICES **PeiServices,\r
e5544398	75	IN CONST EFI_PEI_SECURITY2_PPI *This,\r
13c38031	76	IN UINT32 AuthenticationStatus,\r
13c38031	77	IN EFI_PEI_FV_HANDLE FvHandle,\r
c7935105	78	IN EFI_PEI_FILE_HANDLE FileHandle,\r
e5544398	79	IN OUT BOOLEAN *DeferExecution\r
	80	);\r
	81	\r
13c38031	82	///\r
	83	/// This PPI is a means by which the platform builder can indicate\r
	84	/// a response to a PEIM's authentication state. This can be in\r
	85	/// the form of a requirement for the PEI Foundation to skip a\r
	86	/// module using the DeferExecution Boolean output in the\r
	87	/// AuthenticationState() member function. Alternately, the\r
	88	/// Security PPI can invoke something like a cryptographic PPI\r
	89	/// that hashes the PEIM contents to log attestations, for which\r
	90	/// the FileHandle parameter in AuthenticationState() will be\r
	91	/// useful. If this PPI does not exist, PEIMs will be considered\r
	92	/// trusted.\r
	93	///\r
e5544398	94	struct _EFI_PEI_SECURITY2_PPI {\r
	95	EFI_PEI_SECURITY_AUTHENTICATION_STATE AuthenticationState;\r
	96	};\r
	97	\r
	98	\r
	99	extern EFI_GUID gEfiPeiSecurity2PpiGuid;\r
	100	\r
	101	#endif\r