X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.inf;h=3430b6ea9dacd878443684c55d1dfbfb6a2b8028;hp=860d64ba83fec2f771eee10c0dbd8d6799f1ea72;hb=b3548d32ddb553a9e95503457c66d11462622d16;hpb=28186d45660c92b8d98b8b19b5f8e6ff71ea5fba

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
index 860d64ba83..3430b6ea9d 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
@@ -1,8 +1,14 @@
 ## @file
-#  The library instance provides security service of image verification.
-#  Image verification Library module supports UEFI2.3.1
+#  Provides security service of image verification
 #
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+#  This library hooks LoadImage() API to verify every image by the verification policy.
+#
+#  Caution: This module requires additional review when modified.
+#  This library will have external input - PE/COFF image.
+#  This external input must be validated carefully to avoid security issues such as
+#  buffer overflow or integer overflow.
+#
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
 # This program and the accompanying materials
 # are licensed and made available under the terms and conditions of the BSD License
 # which accompanies this distribution. The full text of the license may be found at
@@ -14,11 +20,12 @@
 
 [Defines]
   INF_VERSION                    = 0x00010005
-  BASE_NAME                      = DxeImageVerificationLib   
+  BASE_NAME                      = DxeImageVerificationLib
+  MODULE_UNI_FILE                = DxeImageVerificationLib.uni
   FILE_GUID                      = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6
   MODULE_TYPE                    = DXE_DRIVER
   VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER 
+  LIBRARY_CLASS                  = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
   CONSTRUCTOR                    = DxeImageVerificationLibConstructor
 
 #
@@ -30,6 +37,7 @@
 [Sources]
   DxeImageVerificationLib.c
   DxeImageVerificationLib.h
+  Measurement.c
 
 [Packages]
   MdePkg/MdePkg.dec
@@ -49,27 +57,44 @@
   BaseCryptLib
   SecurityManagementLib
   PeCoffLib
+  TpmMeasurementLib
 
 [Protocols]
-  gEfiFirmwareVolume2ProtocolGuid
-  gEfiBlockIoProtocolGuid
-  gEfiSimpleFileSystemProtocolGuid
-  gEfiVariableWriteArchProtocolGuid
-  
+  gEfiFirmwareVolume2ProtocolGuid       ## SOMETIMES_CONSUMES
+  gEfiBlockIoProtocolGuid               ## SOMETIMES_CONSUMES
+  gEfiSimpleFileSystemProtocolGuid      ## SOMETIMES_CONSUMES
+
 [Guids]
-  gEfiCertTypeRsa2048Sha256Guid
+  ## SOMETIMES_CONSUMES   ## Variable:L"DB"
+  ## SOMETIMES_CONSUMES   ## Variable:L"DBX"
+  ## SOMETIMES_CONSUMES   ## Variable:L"DBT"
+  ## PRODUCES             ## SystemTable
+  ## CONSUMES             ## SystemTable
   gEfiImageSecurityDatabaseGuid
+
+  ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
+  ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
   gEfiCertSha1Guid
+
+  ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
+  ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
   gEfiCertSha256Guid
-  gEfiCertX509Guid
-  gEfiCertRsa2048Guid
-  gEfiSecureBootEnableDisableGuid
-  
-[Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
-  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy
-  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy
 
-  
+  ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
+  ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
+  gEfiCertSha384Guid
 
+  ## SOMETIMES_CONSUMES   ## GUID       # Unique ID for the type of the signature.
+  ## SOMETIMES_PRODUCES   ## GUID       # Unique ID for the type of the signature.
+  gEfiCertSha512Guid
 
+  gEfiCertX509Guid                      ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
+  gEfiCertX509Sha256Guid                ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
+  gEfiCertX509Sha384Guid                ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
+  gEfiCertX509Sha512Guid                ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the signature.
+  gEfiCertPkcs7Guid                     ## SOMETIMES_CONSUMES    ## GUID     # Unique ID for the type of the certificate.
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy          ## SOMETIMES_CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy     ## SOMETIMES_CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy         ## SOMETIMES_CONSUMES
