Add security package to repository.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
gdong1
2011-09-02 07:49:32 +00:00
parent 986d1dfb08
commit 0c18794ea4
102 changed files with 38487 additions and 0 deletions

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,201 @@
/** @file
The internal header file includes the common header files, defines
internal structure and functions used by ImageVerificationLib.
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __IMAGEVERIFICATIONLIB_H__
#define __IMAGEVERIFICATIONLIB_H__
#include <Library/UefiDriverEntryPoint.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiLib.h>
#include <Library/BaseLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/PcdLib.h>
#include <Library/DevicePathLib.h>
#include <Library/SecurityManagementLib.h>
#include <Protocol/FirmwareVolume2.h>
#include <Protocol/DevicePath.h>
#include <Protocol/BlockIo.h>
#include <Protocol/SimpleFileSystem.h>
#include <Protocol/VariableWrite.h>
#include <Guid/ImageAuthentication.h>
#include <IndustryStandard/PeImage.h>
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
#define EFI_CERT_TYPE_RSA2048_SIZE 256
#define MAX_NOTIFY_STRING_LEN 64
//
// Image type definitions
//
#define IMAGE_UNKNOWN 0x00000000
#define IMAGE_FROM_FV 0x00000001
#define IMAGE_FROM_OPTION_ROM 0x00000002
#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
#define IMAGE_FROM_FIXED_MEDIA 0x00000004
//
// Authorization policy bit definition
//
#define ALWAYS_EXECUTE 0x00000000
#define NEVER_EXECUTE 0x00000001
#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
//
// Support hash types
//
#define HASHALG_SHA1 0x00000000
#define HASHALG_SHA224 0x00000001
#define HASHALG_SHA256 0x00000002
#define HASHALG_SHA384 0x00000003
#define HASHALG_SHA512 0x00000004
#define HASHALG_MAX 0x00000005
//
// Set max digest size as SHA256 Output (32 bytes) by far
//
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
//
//
// PKCS7 Certificate definition
//
typedef struct {
WIN_CERTIFICATE Hdr;
UINT8 CertData[1];
} WIN_CERTIFICATE_EFI_PKCS;
/**
Retrieves the size, in bytes, of the context buffer required for hash operations.
@return The size, in bytes, of the context buffer required for hash operations.
**/
typedef
UINTN
(EFIAPI *HASH_GET_CONTEXT_SIZE)(
VOID
);
/**
Initializes user-supplied memory pointed by HashContext as hash context for
subsequent use.
If HashContext is NULL, then ASSERT().
@param[in, out] HashContext Pointer to Context being initialized.
@retval TRUE HASH context initialization succeeded.
@retval FALSE HASH context initialization failed.
**/
typedef
BOOLEAN
(EFIAPI *HASH_INIT)(
IN OUT VOID *HashContext
);
/**
Performs digest on a data buffer of the specified length. This function can
be called multiple times to compute the digest of long or discontinuous data streams.
If HashContext is NULL, then ASSERT().
@param[in, out] HashContext Pointer to the MD5 context.
@param[in] Data Pointer to the buffer containing the data to be hashed.
@param[in] DataLength Length of Data buffer in bytes.
@retval TRUE HASH data digest succeeded.
@retval FALSE Invalid HASH context. After HashFinal function has been called, the
HASH context cannot be reused.
**/
typedef
BOOLEAN
(EFIAPI *HASH_UPDATE)(
IN OUT VOID *HashContext,
IN CONST VOID *Data,
IN UINTN DataLength
);
/**
Completes hash computation and retrieves the digest value into the specified
memory. After this function has been called, the context cannot be used again.
If HashContext is NULL, then ASSERT().
If HashValue is NULL, then ASSERT().
@param[in, out] HashContext Pointer to the MD5 context
@param[out] HashValue Pointer to a buffer that receives the HASH digest
value.
@retval TRUE HASH digest computation succeeded.
@retval FALSE HASH digest computation failed.
**/
typedef
BOOLEAN
(EFIAPI *HASH_FINAL)(
IN OUT VOID *HashContext,
OUT UINT8 *HashValue
);
//
// Hash Algorithm Table
//
typedef struct {
//
// Name for Hash Algorithm
//
CHAR16 *Name;
//
// Digest Length
//
UINTN DigestLength;
//
// Hash Algorithm OID ASN.1 Value
//
UINT8 *OidValue;
//
// Length of Hash OID Value
//
UINTN OidLength;
//
// Pointer to Hash GetContentSize function
//
HASH_GET_CONTEXT_SIZE GetContextSize;
//
// Pointer to Hash Init function
//
HASH_INIT HashInit;
//
// Pointer to Hash Update function
//
HASH_UPDATE HashUpdate;
//
// Pointer to Hash Final function
//
HASH_FINAL HashFinal;
} HASH_TABLE;
#endif

View File

@@ -0,0 +1,73 @@
## @file
# The library instance provides security service of image verification.
# Image verification Library module supports UEFI2.3.1
#
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = DxeImageVerificationLib
FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
CONSTRUCTOR = DxeImageVerificationLibConstructor
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
#
[Sources]
DxeImageVerificationLib.c
DxeImageVerificationLib.h
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
MemoryAllocationLib
BaseLib
UefiLib
UefiBootServicesTableLib
UefiRuntimeServicesTableLib
BaseMemoryLib
DebugLib
DevicePathLib
BaseCryptLib
SecurityManagementLib
[Protocols]
gEfiFirmwareVolume2ProtocolGuid
gEfiBlockIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid
gEfiVariableWriteArchProtocolGuid
[Guids]
gEfiCertTypeRsa2048Sha256Guid
gEfiImageSecurityDatabaseGuid
gEfiCertSha1Guid
gEfiCertSha256Guid
gEfiCertX509Guid
gEfiCertRsa2048Guid
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy