SecurityPkg: add RpmcLib and VariableKeyLib public headers

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 RpmcLib.h and VariableKeyLib.h are header files required to access RPMC device and Key generator from platform. They will be used to ensure the integrity and confidentiality of NV variables. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Nishant C Mistry <nishant.c.mistry@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2020-03-12 13:40:24 +08:00
parent 4ac82ea1e1
commit 5042ee43d9
3 changed files with 111 additions and 0 deletions
--- a/SecurityPkg/Include/Library/RpmcLib.h
+++ b/SecurityPkg/Include/Library/RpmcLib.h
@@ -0,0 +1,43 @@
+/** @file
+  Public definitions for the Replay Protected Monotonic Counter (RPMC) Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _RPMC_LIB_H_
+#define _RPMC_LIB_H_
+
+#include <Uefi/UefiBaseType.h>
+
+/**
+  Requests the monotonic counter from the designated RPMC counter.
+
+  @param[out]   CounterValue            A pointer to a buffer to store the RPMC value.
+
+  @retval       EFI_SUCCESS             The operation completed successfully.
+  @retval       EFI_DEVICE_ERROR        A device error occurred while attempting to update the counter.
+  @retval       EFI_UNSUPPORTED         The operation is un-supported.
+**/
+EFI_STATUS
+EFIAPI
+RequestMonotonicCounter (
+  OUT UINT32  *CounterValue
+  );
+
+/**
+  Increments the monotonic counter in the SPI flash device by 1.
+
+  @retval       EFI_SUCCESS             The operation completed successfully.
+  @retval       EFI_DEVICE_ERROR        A device error occurred while attempting to update the counter.
+  @retval       EFI_UNSUPPORTED         The operation is un-supported.
+**/
+EFI_STATUS
+EFIAPI
+IncrementMonotonicCounter (
+  VOID
+  );
+
+#endif
+
--- a/SecurityPkg/Include/Library/VariableKeyLib.h
+++ b/SecurityPkg/Include/Library/VariableKeyLib.h
@@ -0,0 +1,60 @@
+/** @file
+  Public definitions for Variable Key Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _VARIABLE_KEY_LIB_H_
+#define _VARIABLE_KEY_LIB_H_
+
+#include <Uefi/UefiBaseType.h>
+
+/**
+  Retrieves the key for integrity and/or confidentiality of variables.
+
+  @param[out]     VariableKey         A pointer to pointer for the variable key buffer.
+  @param[in,out]  VariableKeySize     The size in bytes of the variable key.
+
+  @retval       EFI_SUCCESS             The variable key was returned.
+  @retval       EFI_DEVICE_ERROR        An error occurred while attempting to get the variable key.
+  @retval       EFI_ACCESS_DENIED       The function was invoked after locking the key interface.
+  @retval       EFI_UNSUPPORTED         The variable key is not supported in the current boot configuration.
+**/
+EFI_STATUS
+EFIAPI
+GetVariableKey (
+      OUT VOID    **VariableKey,
+  IN  OUT UINTN   *VariableKeySize
+  );
+
+/**
+  Regenerates the variable key.
+
+  @retval       EFI_SUCCESS             The variable key was regenerated successfully.
+  @retval       EFI_DEVICE_ERROR        An error occurred while attempting to regenerate the key.
+  @retval       EFI_ACCESS_DENIED       The function was invoked after locking the key interface.
+  @retval       EFI_UNSUPPORTED         Key regeneration is not supported in the current boot configuration.
+**/
+EFI_STATUS
+EFIAPI
+RegenerateVariableKey (
+  VOID
+  );
+
+/**
+  Locks the regenerate key interface.
+
+  @retval       EFI_SUCCESS             The key interface was locked successfully.
+  @retval       EFI_UNSUPPORTED         Locking the key interface is not supported in the current boot configuration.
+  @retval       Others                  An error occurred while attempting to lock the key interface.
+**/
+EFI_STATUS
+EFIAPI
+LockVariableKeyInterface (
+  VOID
+  );
+
+#endif
+
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -76,6 +76,14 @@
  #
  TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h

+  ## @libraryclass  Provides interfaces to access RPMC device.
+  #
+  RpmcLib|Include/Library/RpmcLib.h
+
+  ## @libraryclass  Provides interfaces to access variable root key.
+  #
+  VariableKeyLib|Include/Library/VariableKeyLib.h
+
 [Guids]
  ## Security package token space guid.
  # Include/Guid/SecurityPkgTokenSpace.h