SecurityPkg: AuthVariableLib: Customized SecureBoot Mode transition.

Implement Customized SecureBoot Mode transition logic according to Mantis 1263, including AuditMode/DeployedMode/PK update management. Also implement image verification logic in AuditMode. Image Certificate & Hash are recorded to EFI Image Execution Table. https://mantis.uefi.org/mantis/view.php?id=1263 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Zeng Star <star.zeng@intel.com> Reviewed-by: Long Qin <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19133 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-07 06:20:02 +00:00
parent af9af05bec
commit 4fc08e8d68
5 changed files with 1913 additions and 269 deletions
--- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
@@ -85,6 +85,10 @@
  ## PRODUCES            ## Variable:L"AuthVarKeyDatabase"
  gEfiAuthenticatedVariableGuid

+  ## CONSUMES            ## Variable:L"SecureBootMode"
+  ## PRODUCES            ## Variable:L"SecureBootMode"
+  gEdkiiSecureBootModeGuid
+
  gEfiCertTypeRsa2048Sha256Guid  ## SOMETIMES_CONSUMES   ## GUID  # Unique ID for the type of the certificate.
  gEfiCertPkcs7Guid              ## SOMETIMES_CONSUMES   ## GUID  # Unique ID for the type of the certificate.
  gEfiCertX509Guid               ## SOMETIMES_CONSUMES   ## GUID  # Unique ID for the type of the signature.