Add security package to repository.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,201 @@
|
||||
/** @file
|
||||
The internal header file includes the common header files, defines
|
||||
internal structure and functions used by ImageVerificationLib.
|
||||
|
||||
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __IMAGEVERIFICATIONLIB_H__
|
||||
#define __IMAGEVERIFICATIONLIB_H__
|
||||
|
||||
#include <Library/UefiDriverEntryPoint.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Library/UefiRuntimeServicesTableLib.h>
|
||||
#include <Library/UefiLib.h>
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/BaseCryptLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
#include <Library/DevicePathLib.h>
|
||||
#include <Library/SecurityManagementLib.h>
|
||||
#include <Protocol/FirmwareVolume2.h>
|
||||
#include <Protocol/DevicePath.h>
|
||||
#include <Protocol/BlockIo.h>
|
||||
#include <Protocol/SimpleFileSystem.h>
|
||||
#include <Protocol/VariableWrite.h>
|
||||
#include <Guid/ImageAuthentication.h>
|
||||
#include <IndustryStandard/PeImage.h>
|
||||
|
||||
#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
|
||||
#define EFI_CERT_TYPE_RSA2048_SIZE 256
|
||||
#define MAX_NOTIFY_STRING_LEN 64
|
||||
|
||||
//
|
||||
// Image type definitions
|
||||
//
|
||||
#define IMAGE_UNKNOWN 0x00000000
|
||||
#define IMAGE_FROM_FV 0x00000001
|
||||
#define IMAGE_FROM_OPTION_ROM 0x00000002
|
||||
#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003
|
||||
#define IMAGE_FROM_FIXED_MEDIA 0x00000004
|
||||
|
||||
//
|
||||
// Authorization policy bit definition
|
||||
//
|
||||
#define ALWAYS_EXECUTE 0x00000000
|
||||
#define NEVER_EXECUTE 0x00000001
|
||||
#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002
|
||||
#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003
|
||||
#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004
|
||||
#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005
|
||||
|
||||
//
|
||||
// Support hash types
|
||||
//
|
||||
#define HASHALG_SHA1 0x00000000
|
||||
#define HASHALG_SHA224 0x00000001
|
||||
#define HASHALG_SHA256 0x00000002
|
||||
#define HASHALG_SHA384 0x00000003
|
||||
#define HASHALG_SHA512 0x00000004
|
||||
#define HASHALG_MAX 0x00000005
|
||||
|
||||
//
|
||||
// Set max digest size as SHA256 Output (32 bytes) by far
|
||||
//
|
||||
#define MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
|
||||
//
|
||||
//
|
||||
// PKCS7 Certificate definition
|
||||
//
|
||||
typedef struct {
|
||||
WIN_CERTIFICATE Hdr;
|
||||
UINT8 CertData[1];
|
||||
} WIN_CERTIFICATE_EFI_PKCS;
|
||||
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for hash operations.
|
||||
|
||||
@return The size, in bytes, of the context buffer required for hash operations.
|
||||
|
||||
**/
|
||||
typedef
|
||||
UINTN
|
||||
(EFIAPI *HASH_GET_CONTEXT_SIZE)(
|
||||
VOID
|
||||
);
|
||||
|
||||
/**
|
||||
Initializes user-supplied memory pointed by HashContext as hash context for
|
||||
subsequent use.
|
||||
|
||||
If HashContext is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] HashContext Pointer to Context being initialized.
|
||||
|
||||
@retval TRUE HASH context initialization succeeded.
|
||||
@retval FALSE HASH context initialization failed.
|
||||
|
||||
**/
|
||||
typedef
|
||||
BOOLEAN
|
||||
(EFIAPI *HASH_INIT)(
|
||||
IN OUT VOID *HashContext
|
||||
);
|
||||
|
||||
|
||||
/**
|
||||
Performs digest on a data buffer of the specified length. This function can
|
||||
be called multiple times to compute the digest of long or discontinuous data streams.
|
||||
|
||||
If HashContext is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] HashContext Pointer to the MD5 context.
|
||||
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
||||
@param[in] DataLength Length of Data buffer in bytes.
|
||||
|
||||
@retval TRUE HASH data digest succeeded.
|
||||
@retval FALSE Invalid HASH context. After HashFinal function has been called, the
|
||||
HASH context cannot be reused.
|
||||
|
||||
**/
|
||||
typedef
|
||||
BOOLEAN
|
||||
(EFIAPI *HASH_UPDATE)(
|
||||
IN OUT VOID *HashContext,
|
||||
IN CONST VOID *Data,
|
||||
IN UINTN DataLength
|
||||
);
|
||||
|
||||
/**
|
||||
Completes hash computation and retrieves the digest value into the specified
|
||||
memory. After this function has been called, the context cannot be used again.
|
||||
|
||||
If HashContext is NULL, then ASSERT().
|
||||
If HashValue is NULL, then ASSERT().
|
||||
|
||||
@param[in, out] HashContext Pointer to the MD5 context
|
||||
@param[out] HashValue Pointer to a buffer that receives the HASH digest
|
||||
value.
|
||||
|
||||
@retval TRUE HASH digest computation succeeded.
|
||||
@retval FALSE HASH digest computation failed.
|
||||
|
||||
**/
|
||||
typedef
|
||||
BOOLEAN
|
||||
(EFIAPI *HASH_FINAL)(
|
||||
IN OUT VOID *HashContext,
|
||||
OUT UINT8 *HashValue
|
||||
);
|
||||
|
||||
|
||||
//
|
||||
// Hash Algorithm Table
|
||||
//
|
||||
typedef struct {
|
||||
//
|
||||
// Name for Hash Algorithm
|
||||
//
|
||||
CHAR16 *Name;
|
||||
//
|
||||
// Digest Length
|
||||
//
|
||||
UINTN DigestLength;
|
||||
//
|
||||
// Hash Algorithm OID ASN.1 Value
|
||||
//
|
||||
UINT8 *OidValue;
|
||||
//
|
||||
// Length of Hash OID Value
|
||||
//
|
||||
UINTN OidLength;
|
||||
//
|
||||
// Pointer to Hash GetContentSize function
|
||||
//
|
||||
HASH_GET_CONTEXT_SIZE GetContextSize;
|
||||
//
|
||||
// Pointer to Hash Init function
|
||||
//
|
||||
HASH_INIT HashInit;
|
||||
//
|
||||
// Pointer to Hash Update function
|
||||
//
|
||||
HASH_UPDATE HashUpdate;
|
||||
//
|
||||
// Pointer to Hash Final function
|
||||
//
|
||||
HASH_FINAL HashFinal;
|
||||
} HASH_TABLE;
|
||||
|
||||
#endif
|
@@ -0,0 +1,73 @@
|
||||
## @file
|
||||
# The library instance provides security service of image verification.
|
||||
# Image verification Library module supports UEFI2.3.1
|
||||
#
|
||||
# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
# http://opensource.org/licenses/bsd-license.php
|
||||
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#
|
||||
##
|
||||
|
||||
[Defines]
|
||||
INF_VERSION = 0x00010005
|
||||
BASE_NAME = DxeImageVerificationLib
|
||||
FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6
|
||||
MODULE_TYPE = DXE_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
|
||||
CONSTRUCTOR = DxeImageVerificationLibConstructor
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
#
|
||||
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
|
||||
#
|
||||
|
||||
[Sources]
|
||||
DxeImageVerificationLib.c
|
||||
DxeImageVerificationLib.h
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
MdeModulePkg/MdeModulePkg.dec
|
||||
CryptoPkg/CryptoPkg.dec
|
||||
SecurityPkg/SecurityPkg.dec
|
||||
|
||||
[LibraryClasses]
|
||||
MemoryAllocationLib
|
||||
BaseLib
|
||||
UefiLib
|
||||
UefiBootServicesTableLib
|
||||
UefiRuntimeServicesTableLib
|
||||
BaseMemoryLib
|
||||
DebugLib
|
||||
DevicePathLib
|
||||
BaseCryptLib
|
||||
SecurityManagementLib
|
||||
|
||||
[Protocols]
|
||||
gEfiFirmwareVolume2ProtocolGuid
|
||||
gEfiBlockIoProtocolGuid
|
||||
gEfiSimpleFileSystemProtocolGuid
|
||||
gEfiVariableWriteArchProtocolGuid
|
||||
|
||||
[Guids]
|
||||
gEfiCertTypeRsa2048Sha256Guid
|
||||
gEfiImageSecurityDatabaseGuid
|
||||
gEfiCertSha1Guid
|
||||
gEfiCertSha256Guid
|
||||
gEfiCertX509Guid
|
||||
gEfiCertRsa2048Guid
|
||||
|
||||
[Pcd]
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy
|
||||
|
||||
|
||||
|
||||
|
Reference in New Issue
Block a user