summaryrefslogtreecommitdiff
path: root/EdkModulePkg/Universal/Security
diff options
context:
space:
mode:
authorbbahnsen <bbahnsen@6f19259b-4bc3-4df7-8a09-765794883524>2006-04-21 22:54:32 +0000
committerbbahnsen <bbahnsen@6f19259b-4bc3-4df7-8a09-765794883524>2006-04-21 22:54:32 +0000
commit878ddf1fc3540a715f63594ed22b6929e881afb4 (patch)
treec56c44dac138137b510e1fba7c3efe5e4d84bea2 /EdkModulePkg/Universal/Security
downloadedk2-platforms-878ddf1fc3540a715f63594ed22b6929e881afb4.tar.xz
Initial import.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@3 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'EdkModulePkg/Universal/Security')
-rw-r--r--EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.c156
-rw-r--r--EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.dxs27
-rw-r--r--EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.h47
-rw-r--r--EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.mbd40
-rw-r--r--EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.msa55
-rw-r--r--EdkModulePkg/Universal/Security/SecurityStub/Dxe/build.xml47
6 files changed, 372 insertions, 0 deletions
diff --git a/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.c b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.c
new file mode 100644
index 0000000000..4b4581d4d8
--- /dev/null
+++ b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.c
@@ -0,0 +1,156 @@
+/*++
+
+Copyright (c) 2006, Intel Corporation
+All rights reserved. This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+Module Name:
+
+ SecurityStub.c
+
+Abstract:
+
+ This driver supports platform security service
+
+--*/
+
+#include "SecurityStub.h"
+
+//
+// Handle for the Security Architectural Protocol instance produced by this driver
+//
+EFI_HANDLE mSecurityArchProtocolHandle = NULL;
+
+//
+// Security Architectural Protocol instance produced by this driver
+//
+EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {
+ SecurityStubAuthenticateState
+};
+
+//
+// Worker functions
+//
+EFI_STATUS
+EFIAPI
+SecurityStubAuthenticateState (
+ IN EFI_SECURITY_ARCH_PROTOCOL *This,
+ IN UINT32 AuthenticationStatus,
+ IN EFI_DEVICE_PATH_PROTOCOL *File
+ )
+/*++
+
+Routine Description:
+
+ The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific
+ policy from the DXE core response to an attempt to use a file that returns a
+ given status for the authentication check from the section extraction protocol.
+
+ The possible responses in a given SAP implementation may include locking
+ flash upon failure to authenticate, attestation logging for all signed drivers,
+ and other exception operations. The File parameter allows for possible logging
+ within the SAP of the driver.
+
+ If File is NULL, then EFI_INVALID_PARAMETER is returned.
+
+ If the file specified by File with an authentication status specified by
+ AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
+
+ If the file specified by File with an authentication status specified by
+ AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
+ then EFI_ACCESS_DENIED is returned.
+
+ If the file specified by File with an authentication status specified by
+ AuthenticationStatus is not safe for the DXE Core to use right now, but it
+ might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
+ returned.
+
+Arguments:
+
+ This - The EFI_SECURITY_ARCH_PROTOCOL instance.
+
+ AuthenticationStatus - This is the authentication type returned from the Section
+ Extraction protocol. See the Section Extraction Protocol
+ Specification for details on this type.
+
+ File - This is a pointer to the device path of the file that is
+ being dispatched. This will optionally be used for logging.
+
+Returns:
+
+ EFI_SUCCESS - The file specified by File did authenticate, and the
+ platform policy dictates that the DXE Core may use File.
+
+ EFI_INVALID_PARAMETER - File is NULL.
+
+ EFI_SECURITY_VIOLATION - The file specified by File did not authenticate, and
+ the platform policy dictates that File should be placed
+ in the untrusted state. A file may be promoted from
+ the untrusted to the trusted state at a future time
+ with a call to the Trust() DXE Service.
+
+ EFI_ACCESS_DENIED - The file specified by File did not authenticate, and
+ the platform policy dictates that File should not be
+ used for any purpose.
+
+--*/
+{
+ if (File == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return EFI_SUCCESS;
+}
+
+EFI_STATUS
+EFIAPI
+SecurityStubInitialize (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+/*++
+
+Routine Description:
+
+ Initialize the state information for the Security Architectural Protocol
+
+Arguments:
+
+ ImageHandle of the loaded driver
+ Pointer to the System Table
+
+Returns:
+
+ Status
+
+ EFI_SUCCESS - successful installation of the service
+ EFI_OUT_OF_RESOURCES - cannot allocate protocol data structure
+ EFI_DEVICE_ERROR - cannot create the timer service
+
+--*/
+{
+ EFI_STATUS Status;
+
+ //
+ // Make sure the Security Architectural Protocol is not already installed in the system
+ //
+ ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);
+
+ //
+ // Install the Security Architectural Protocol onto a new handle
+ //
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mSecurityArchProtocolHandle,
+ &gEfiSecurityArchProtocolGuid,
+ &mSecurityStub,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ return Status;
+}
diff --git a/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.dxs b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.dxs
new file mode 100644
index 0000000000..bc3b419c92
--- /dev/null
+++ b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.dxs
@@ -0,0 +1,27 @@
+/*++
+
+Copyright (c) 2006, Intel Corporation
+All rights reserved. This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+Module Name:
+
+ SecurityStub.dxs
+
+Abstract:
+
+ Dependency expression source file.
+
+--*/
+
+#include <AutoGen.h>
+#include <DxeDepex.h>
+
+DEPENDENCY_START
+ TRUE
+DEPENDENCY_END
diff --git a/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.h b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.h
new file mode 100644
index 0000000000..420afd1e05
--- /dev/null
+++ b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.h
@@ -0,0 +1,47 @@
+/*++
+
+Copyright (c) 2006, Intel Corporation
+All rights reserved. This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+Module Name:
+
+ SecurityStub.h
+
+Abstract:
+
+ Some definitions for Security Architectural Protocol stub driver
+
+--*/
+
+#ifndef _SECURITY_STUB_ARCH_PROTOCOL_H
+#define _SECURITY_STUB_ARCH_PROTOCOL_H
+
+
+
+//
+// Function prototypes
+//
+EFI_STATUS
+EFIAPI
+SecurityStubAuthenticateState (
+ IN EFI_SECURITY_ARCH_PROTOCOL *This,
+ IN UINT32 AuthenticationStatus,
+ IN EFI_DEVICE_PATH_PROTOCOL *File
+ )
+;
+
+EFI_STATUS
+EFIAPI
+SecurityStubInitialize (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+;
+
+#endif
diff --git a/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.mbd b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.mbd
new file mode 100644
index 0000000000..2dc6fe738d
--- /dev/null
+++ b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.mbd
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (c) 2006, Intel Corporation
+All rights reserved. This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+-->
+<ModuleBuildDescription xmlns="http://www.TianoCore.org/2006/Edk2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.TianoCore.org/2006/Edk2.0 http://www.TianoCore.org/2006/Edk2.0/SurfaceArea.xsd">
+ <MbdHeader>
+ <BaseName>SecurityStub</BaseName>
+ <Guid>F80697E9-7FD6-4665-8646-88E33EF71DFC</Guid>
+ <Version>EDK_RELEASE_VERSION 0x00020000</Version>
+ <Description>FIX ME!</Description>
+ <Copyright>Copyright (c) 2004-2006, Intel Corporation</Copyright>
+ <License>
+ All rights reserved. This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+ </License>
+ <Created>2006-03-12 17:09</Created>
+ <Modified>2006-03-22 19:19</Modified>
+ </MbdHeader>
+ <Libraries>
+ <Library>UefiBootServicesTableLib</Library>
+ <Library>BaseLib</Library>
+ <Library>UefiMemoryLib</Library>
+ <Library>UefiLib</Library>
+ <Library>UefiDriverEntryPoint</Library>
+ <Library>DxeReportStatusCodeLib</Library>
+ <Library>BaseDebugLibReportStatusCode</Library>
+ <Library>EdkDxePrintLib</Library>
+ </Libraries>
+</ModuleBuildDescription>
diff --git a/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.msa b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.msa
new file mode 100644
index 0000000000..224fcec5a3
--- /dev/null
+++ b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/SecurityStub.msa
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright (c) 2006, Intel Corporation
+All rights reserved. This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+-->
+<ModuleSurfaceArea xmlns="http://www.TianoCore.org/2006/Edk2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.TianoCore.org/2006/Edk2.0 http://www.TianoCore.org/2006/Edk2.0/SurfaceArea.xsd">
+ <MsaHeader>
+ <BaseName>SecurityStub</BaseName>
+ <ModuleType>DXE_DRIVER</ModuleType>
+ <ComponentType>BS_DRIVER</ComponentType>
+ <Guid>F80697E9-7FD6-4665-8646-88E33EF71DFC</Guid>
+ <Version>EDK_RELEASE_VERSION 0x00020000</Version>
+ <Abstract>Component description file for SecurityStub module</Abstract>
+ <Description>FIX ME!</Description>
+ <Copyright>Copyright (c) 2004-2006, Intel Corporation</Copyright>
+ <License>
+ All rights reserved. This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+ </License>
+ <Specification>EFI_SPECIFICATION_VERSION 0x00000000</Specification>
+ <Created>2006-03-12 17:09</Created>
+ <Updated>2006-03-22 19:19</Updated>
+ </MsaHeader>
+ <LibraryClassDefinitions>
+ <LibraryClass Usage="ALWAYS_CONSUMED">DebugLib</LibraryClass>
+ <LibraryClass Usage="ALWAYS_CONSUMED">UefiBootServicesTableLib</LibraryClass>
+ <LibraryClass Usage="ALWAYS_CONSUMED">UefiDriverEntryPoint</LibraryClass>
+ </LibraryClassDefinitions>
+ <SourceFiles>
+ <Filename>SecurityStub.dxs</Filename>
+ <Filename>SecurityStub.h</Filename>
+ <Filename>SecurityStub.c</Filename>
+ </SourceFiles>
+ <Includes>
+ <PackageName>MdePkg</PackageName>
+ </Includes>
+ <Protocols>
+ <Protocol Usage="ALWAYS_PRODUCED">Security</Protocol>
+ </Protocols>
+ <Externs>
+ <Extern>
+ <ModuleEntryPoint>SecurityStubInitialize</ModuleEntryPoint>
+ </Extern>
+ </Externs>
+</ModuleSurfaceArea>
diff --git a/EdkModulePkg/Universal/Security/SecurityStub/Dxe/build.xml b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/build.xml
new file mode 100644
index 0000000000..991db08208
--- /dev/null
+++ b/EdkModulePkg/Universal/Security/SecurityStub/Dxe/build.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?><!-- Copyright (c) 2006, Intel Corporation
+All rights reserved. This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.-->
+<project basedir="." default="SecurityStub"><!--Apply external ANT tasks-->
+ <taskdef resource="GenBuild.tasks"/>
+ <taskdef resource="net/sf/antcontrib/antlib.xml"/>
+ <property environment="env"/>
+ <property name="WORKSPACE_DIR" value="${env.WORKSPACE}"/>
+ <import file="${WORKSPACE_DIR}\Tools\Conf\BuildMacro.xml"/><!--MODULE_RELATIVE PATH is relative to PACKAGE_DIR-->
+ <property name="MODULE_RELATIVE_PATH" value="Universal\Security\SecurityStub\Dxe"/>
+ <property name="MODULE_DIR" value="${PACKAGE_DIR}\${MODULE_RELATIVE_PATH}"/>
+ <property name="COMMON_FILE" value="${WORKSPACE_DIR}\Tools\Conf\Common.xml"/>
+ <target name="SecurityStub">
+ <GenBuild baseName="SecurityStub" mbdFilename="${MODULE_DIR}\SecurityStub.mbd" msaFilename="${MODULE_DIR}\SecurityStub.msa"/>
+ </target>
+ <target depends="SecurityStub_clean" name="clean"/>
+ <target depends="SecurityStub_cleanall" name="cleanall"/>
+ <target name="SecurityStub_clean">
+ <OutputDirSetup baseName="SecurityStub" mbdFilename="${MODULE_DIR}\SecurityStub.mbd" msaFilename="${MODULE_DIR}\SecurityStub.msa"/>
+ <if>
+ <available file="${DEST_DIR_OUTPUT}\SecurityStub_build.xml"/>
+ <then>
+ <ant antfile="${DEST_DIR_OUTPUT}\SecurityStub_build.xml" target="clean"/>
+ </then>
+ </if>
+ <delete dir="${DEST_DIR_OUTPUT}" excludes="*.xml"/>
+ </target>
+ <target name="SecurityStub_cleanall">
+ <OutputDirSetup baseName="SecurityStub" mbdFilename="${MODULE_DIR}\SecurityStub.mbd" msaFilename="${MODULE_DIR}\SecurityStub.msa"/>
+ <if>
+ <available file="${DEST_DIR_OUTPUT}\SecurityStub_build.xml"/>
+ <then>
+ <ant antfile="${DEST_DIR_OUTPUT}\SecurityStub_build.xml" target="cleanall"/>
+ </then>
+ </if>
+ <delete dir="${DEST_DIR_OUTPUT}"/>
+ <delete dir="${DEST_DIR_DEBUG}"/>
+ <delete>
+ <fileset dir="${BIN_DIR}" includes="**SecurityStub*"/>
+ </delete>
+ </target>
+</project> \ No newline at end of file