X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.inf;h=3430b6ea9dacd878443684c55d1dfbfb6a2b8028;hp=860d64ba83fec2f771eee10c0dbd8d6799f1ea72;hb=b3548d32ddb553a9e95503457c66d11462622d16;hpb=28186d45660c92b8d98b8b19b5f8e6ff71ea5fba
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
index 860d64ba83..3430b6ea9d 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
@@ -1,8 +1,14 @@
## @file
-# The library instance provides security service of image verification.
-# Image verification Library module supports UEFI2.3.1
+# Provides security service of image verification
#
-# Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+# This library hooks LoadImage() API to verify every image by the verification policy.
+#
+# Caution: This module requires additional review when modified.
+# This library will have external input - PE/COFF image.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+#
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -14,11 +20,12 @@
[Defines]
INF_VERSION = 0x00010005
- BASE_NAME = DxeImageVerificationLib
+ BASE_NAME = DxeImageVerificationLib
+ MODULE_UNI_FILE = DxeImageVerificationLib.uni
FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
- LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeImageVerificationLibConstructor
#
@@ -30,6 +37,7 @@
[Sources]
DxeImageVerificationLib.c
DxeImageVerificationLib.h
+ Measurement.c
[Packages]
MdePkg/MdePkg.dec
@@ -49,27 +57,44 @@
BaseCryptLib
SecurityManagementLib
PeCoffLib
+ TpmMeasurementLib
[Protocols]
- gEfiFirmwareVolume2ProtocolGuid
- gEfiBlockIoProtocolGuid
- gEfiSimpleFileSystemProtocolGuid
- gEfiVariableWriteArchProtocolGuid
-
+ gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
+
[Guids]
- gEfiCertTypeRsa2048Sha256Guid
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBT"
+ ## PRODUCES ## SystemTable
+ ## CONSUMES ## SystemTable
gEfiImageSecurityDatabaseGuid
+
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
gEfiCertSha1Guid
+
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
gEfiCertSha256Guid
- gEfiCertX509Guid
- gEfiCertRsa2048Guid
- gEfiSecureBootEnableDisableGuid
-
-[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
- gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy
- gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy
-
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
+ gEfiCertSha384Guid
+ ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature.
+ gEfiCertSha512Guid
+ gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertX509Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertX509Sha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertX509Sha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
+ gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate.
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy ## SOMETIMES_CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy ## SOMETIMES_CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy ## SOMETIMES_CONSUMES