--- /dev/null
+/** @file\r
+\r
+ Blob verification library\r
+\r
+ This library class allows verifiying whether blobs from external sources\r
+ (such as QEMU's firmware config) are trusted.\r
+\r
+ Copyright (C) 2021, IBM Corporation\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+**/\r
+\r
+#ifndef BLOB_VERIFIER_LIB_H_\r
+#define BLOB_VERIFIER_LIB_H_\r
+\r
+#include <Uefi/UefiBaseType.h>\r
+#include <Base.h>\r
+\r
+/**\r
+ Verify blob from an external source.\r
+\r
+ @param[in] BlobName The name of the blob\r
+ @param[in] Buf The data of the blob\r
+ @param[in] BufSize The size of the blob in bytes\r
+\r
+ @retval EFI_SUCCESS The blob was verified successfully.\r
+ @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore\r
+ should be considered non-secure.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VerifyBlob (\r
+ IN CONST CHAR16 *BlobName,\r
+ IN CONST VOID *Buf,\r
+ IN UINT32 BufSize\r
+ );\r
+\r
+#endif\r
--- /dev/null
+## @file\r
+#\r
+# Null implementation of the blob verifier library.\r
+#\r
+# Copyright (C) 2021, IBM Corp\r
+#\r
+# SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 1.29\r
+ BASE_NAME = BlobVerifierLibNull\r
+ FILE_GUID = b1b5533e-e01a-43bb-9e54-414f00ca036e\r
+ MODULE_TYPE = BASE\r
+ VERSION_STRING = 1.0\r
+ LIBRARY_CLASS = BlobVerifierLib\r
+\r
+[Sources]\r
+ BlobVerifierNull.c\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ OvmfPkg/OvmfPkg.dec\r
--- /dev/null
+/** @file\r
+\r
+ Null implementation of the blob verifier library.\r
+\r
+ Copyright (C) 2021, IBM Corporation\r
+\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
+**/\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BlobVerifierLib.h>\r
+\r
+/**\r
+ Verify blob from an external source.\r
+\r
+ @param[in] BlobName The name of the blob\r
+ @param[in] Buf The data of the blob\r
+ @param[in] BufSize The size of the blob in bytes\r
+\r
+ @retval EFI_SUCCESS The blob was verified successfully.\r
+ @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore\r
+ should be considered non-secure.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VerifyBlob (\r
+ IN CONST CHAR16 *BlobName,\r
+ IN CONST VOID *Buf,\r
+ IN UINT32 BufSize\r
+ )\r
+{\r
+ return EFI_SUCCESS;\r
+}\r
## @libraryclass Access bhyve's firmware control interface.\r
BhyveFwCtlLib|Include/Library/BhyveFwCtlLib.h\r
\r
+ ## @libraryclass Verify blobs read from the VMM\r
+ BlobVerifierLib|Include/Library/BlobVerifierLib.h\r
+\r
## @libraryclass Loads and boots a Linux kernel image\r
#\r
LoadLinuxLib|Include/Library/LoadLinuxLib.h\r