SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf

   1 ## @file
   2 #  Provides security service of image verification
   3 #
   4 #  This library hooks LoadImage() API to verify every image by the verification policy.
   5 #
   6 #  Caution: This module requires additional review when modified.
   7 #  This library will have external input - PE/COFF image.
   8 #  This external input must be validated carefully to avoid security issues such as
   9 #  buffer overflow or integer overflow.
  10 #
  11 # Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
  12 # This program and the accompanying materials
  13 # are licensed and made available under the terms and conditions of the BSD License
  14 # which accompanies this distribution. The full text of the license may be found at
  15 # http://opensource.org/licenses/bsd-license.php
  16 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  17 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  18 #
  19 ##
  20
  21 [Defines]
  22   INF_VERSION                    = 0x00010005
  23   BASE_NAME                      = DxeImageVerificationLib
  24   MODULE_UNI_FILE                = DxeImageVerificationLib.uni
  25   FILE_GUID                      = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6
  26   MODULE_TYPE                    = DXE_DRIVER
  27   VERSION_STRING                 = 1.0
  28   LIBRARY_CLASS                  = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
  29   CONSTRUCTOR                    = DxeImageVerificationLibConstructor
  30
  31 #
  32 # The following information is for reference only and not required by the build tools.
  33 #
  34 #  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
  35 #
  36
  37 [Sources]
  38   DxeImageVerificationLib.c
  39   DxeImageVerificationLib.h
  40   Measurement.c
  41
  42 [Packages]
  43   MdePkg/MdePkg.dec
  44   MdeModulePkg/MdeModulePkg.dec
  45   CryptoPkg/CryptoPkg.dec
  46   SecurityPkg/SecurityPkg.dec
  47
  48 [LibraryClasses]
  49   MemoryAllocationLib
  50   BaseLib
  51   UefiLib
  52   UefiBootServicesTableLib
  53   UefiRuntimeServicesTableLib
  54   BaseMemoryLib
  55   DebugLib
  56   DevicePathLib
  57   BaseCryptLib
  58   SecurityManagementLib
  59   PeCoffLib
  60   TpmMeasurementLib
  61
  62 [Protocols]
  63   gEfiFirmwareVolume2ProtocolGuid       ## SOMETIMES_CONSUMES
  64   gEfiBlockIoProtocolGuid               ## SOMETIMES_CONSUMES
  65   gEfiSimpleFileSystemProtocolGuid      ## SOMETIMES_CONSUMES
  66
  67 [Guids]
  68   ## SOMETIMES_CONSUMES   ## Variable:L"DB"
  69   ## SOMETIMES_CONSUMES   ## Variable:L"DBX"
  70   ## SOMETIMES_CONSUMES   ## Variable:L"DBT"
  71   ## PRODUCES             ## SystemTable
  72   ## CONSUMES             ## SystemTable
  73   gEfiImageSecurityDatabaseGuid
  74
  75   ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
  76   ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
  77   gEfiCertSha1Guid
  78
  79   ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
  80   ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
  81   gEfiCertSha256Guid
  82
  83   ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
  84   ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
  85   gEfiCertSha384Guid
  86
  87   ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
  88   ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
  89   gEfiCertSha512Guid
  90
  91   gEfiCertX509Guid                      ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
  92   gEfiCertX509Sha256Guid                ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
  93   gEfiCertX509Sha384Guid                ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
  94   gEfiCertX509Sha512Guid                ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
  95   gEfiCertPkcs7Guid                     ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the certificate.
  96
  97 [Pcd]
  98   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy          ## SOMETIMES_CONSUMES
  99   gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy     ## SOMETIMES_CONSUMES
 100   gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy         ## SOMETIMES_CONSUMES