+/**\r
+ The security handler is used to abstracts security-specific functions from the DXE\r
+ Foundation of UEFI Image Verification, Trusted Computing Group (TCG) measured boot,\r
+ User Identity policy for image loading and consoles, and for purposes of\r
+ handling GUIDed section encapsulations.\r
+\r
+ @param[in] AuthenticationStatus\r
+ The authentication status for the input file.\r
+ @param[in] File The pointer to the device path of the file that is\r
+ being dispatched. This will optionally be used for logging.\r
+ @param[in] FileBuffer A pointer to the buffer with the UEFI file image\r
+ @param[in] FileSize The size of File buffer.\r
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
+\r
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
+ FileBuffer did authenticate, and the platform policy dictates\r
+ that the DXE Foundation may use the file.\r
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r
+ and non-NULL FileBuffer did authenticate, and the platform\r
+ policy dictates that the DXE Foundation may execute the image in\r
+ FileBuffer.\r
+ @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r
+ UEFI device drivers on the device path specified by DevicePath.\r
+ @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the file should be\r
+ placed in the untrusted state. The image has been added to the file\r
+ execution table.\r
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the DXE\r
+ Foundation may not use File.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r
+ permission to start UEFI device drivers on the device path specified\r
+ by DevicePath.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r
+ drivers from the device path specified by DevicePath. The\r
+ image has been added into the list of the deferred images.\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *SECURITY2_FILE_AUTHENTICATION_HANDLER) (\r
+ IN UINT32 AuthenticationStatus,\r
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
+ IN VOID *FileBuffer,\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
+ );\r
+\r
+/**\r
+ Register security measurement handler with its operation type. Different\r
+ handlers with the same operation can all be registered.\r
+\r
+ If SecurityHandler is NULL, then ASSERT().\r
+ If no enough resources available to register new handler, then ASSERT().\r
+ If AuthenticationOperation is not recongnized, then ASSERT().\r
+ If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, then ASSERT().\r
+ If the previous register handler can't be executed before the later register handler, then ASSERT().\r
+\r
+ @param[in] Security2Handler The security measurement service handler to be registered.\r
+ @param[in] AuthenticationOperation The operation type is specified for the registered handler.\r
+\r
+ @retval EFI_SUCCESS The handlers were registered successfully.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+RegisterSecurity2Handler (\r
+ IN SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler,\r
+ IN UINT32 AuthenticationOperation\r
+ );\r
+\r
+/**\r
+ Execute registered handlers based on input AuthenticationOperation until\r
+ one returns an error and that error is returned.\r
+\r
+ If none of the handlers return an error, then EFI_SUCCESS is returned.\r
+ The handlers those satisfy AuthenticationOperation will only be executed.\r
+ The handlers are executed in same order to their registered order.\r
+\r
+ @param[in] AuthenticationOperation\r
+ The operation type specifies which handlers will be executed.\r
+ @param[in] AuthenticationStatus\r
+ The authentication status for the input file.\r
+ @param[in] File This is a pointer to the device path of the file that is\r
+ being dispatched. This will optionally be used for logging.\r
+ @param[in] FileBuffer A pointer to the buffer with the UEFI file image\r
+ @param[in] FileSize The size of File buffer.\r
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
+\r
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
+ FileBuffer did authenticate, and the platform policy dictates\r
+ that the DXE Foundation may use the file.\r
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r
+ and non-NULL FileBuffer did authenticate, and the platform\r
+ policy dictates that the DXE Foundation may execute the image in\r
+ FileBuffer.\r
+ @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r
+ UEFI device drivers on the device path specified by DevicePath.\r
+ @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the file should be\r
+ placed in the untrusted state. The image has been added to the file\r
+ execution table.\r
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the DXE\r
+ Foundation may not use File.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r
+ permission to start UEFI device drivers on the device path specified\r
+ by DevicePath.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r
+ drivers from the device path specified by DevicePath. The\r
+ image has been added into the list of the deferred images.\r
+ @retval EFI_INVALID_PARAMETER File and FileBuffer are both NULL.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+ExecuteSecurity2Handlers (\r
+ IN UINT32 AuthenticationOperation,\r
+ IN UINT32 AuthenticationStatus,\r
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
+ IN VOID *FileBuffer,\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
+ );\r
+\r