diff options
-rw-r--r-- | MdePkg/Include/Pi/PiPeiCis.h | 3 | ||||
-rw-r--r-- | MdePkg/Include/Ppi/Security.h | 73 | ||||
-rw-r--r-- | MdePkg/Include/Ppi/Security2.h | 129 |
3 files changed, 130 insertions, 75 deletions
diff --git a/MdePkg/Include/Pi/PiPeiCis.h b/MdePkg/Include/Pi/PiPeiCis.h index e2e4299e33..44cf1672ec 100644 --- a/MdePkg/Include/Pi/PiPeiCis.h +++ b/MdePkg/Include/Pi/PiPeiCis.h @@ -841,8 +841,7 @@ typedef struct _EFI_SEC_PEI_HAND_OFF { **/
typedef
VOID
-EFIAPI
-(*EFI_PEI_CORE_ENTRY_POINT)(
+(EFIAPI *EFI_PEI_CORE_ENTRY_POINT)(
IN CONST EFI_SEC_PEI_HAND_OFF *SecCoreData,
IN CONST EFI_PEI_PPI_DESCRIPTOR *PpiList
);
diff --git a/MdePkg/Include/Ppi/Security.h b/MdePkg/Include/Ppi/Security.h deleted file mode 100644 index 814a18ee4b..0000000000 --- a/MdePkg/Include/Ppi/Security.h +++ /dev/null @@ -1,73 +0,0 @@ -/** @file
- This file declares Security Architectural PPI.
-
- Copyright (c) 2006, Intel Corporation
- All rights reserved. This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
- Module Name: Security.h
-
- @par Revision Reference:
- This PPI is defined in PI.
- Version 1.0.
-
-**/
-
-#ifndef __SECURITY_PPI_H__
-#define __SECURITY_PPI_H__
-
-#define EFI_PEI_SECURITY_PPI_GUID \
- { \
- 0x1388066e, 0x3a57, 0x4efa, {0x98, 0xf3, 0xc1, 0x2f, 0x3a, 0x95, 0x8a, 0x29 } \
- }
-
-typedef struct _EFI_PEI_SECURITY_PPI EFI_PEI_SECURITY_PPI;
-
-/**
- Allows the platform builder to implement a security policy in response
- to varying file authentication states.
-
- @param PeiServices Pointer to the PEI Services Table.
- @param This Interface pointer that implements the particular EFI_PEI_SECURITY_PPI instance.
- @param AuthenticationStatus
- Status returned by the verification service as part of section extraction.
- @param FfsFileHeader Pointer to the file under review.
- @param DeferExecution Pointer to a variable that alerts the PEI Foundation to defer execution of a PEIM.
-
- @retval EFI_SUCCESS The service performed its action successfully.
- @retval EFI_SECURITY_VIOLATION The object cannot be trusted
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_PEI_SECURITY_AUTHENTICATION_STATE) (
- IN EFI_PEI_SERVICES **PeiServices,
- IN EFI_PEI_SECURITY_PPI *This,
- IN UINT32 AuthenticationStatus,
- IN EFI_FFS_FILE_HEADER *FfsFileHeader,
- IN OUT BOOLEAN *StartCrisisRecovery
- );
-
-/**
- @par Ppi Description:
- This PPI is installed by some platform PEIM that abstracts the security
- policy to the PEI Foundation, namely the case of a PEIM's authentication
- state being returned during the PEI section extraction process.
-
- @param AuthenticationState
- Allows the platform builder to implement a security policy in response
- to varying file authentication states.
-
-**/
-struct _EFI_PEI_SECURITY_PPI {
- EFI_PEI_SECURITY_AUTHENTICATION_STATE AuthenticationState;
-};
-
-extern EFI_GUID gEfiPeiSecurityPpiGuid;
-
-#endif
diff --git a/MdePkg/Include/Ppi/Security2.h b/MdePkg/Include/Ppi/Security2.h new file mode 100644 index 0000000000..4fdb900f2e --- /dev/null +++ b/MdePkg/Include/Ppi/Security2.h @@ -0,0 +1,129 @@ +/** @file
+ This file declares Security2 Architectural PPI.
+
+ Copyright (c) 2006 - 2007, Intel Corporation
+ All rights reserved. This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ Module Name: Security.h
+
+ @par Revision Reference:
+ This PPI is defined in PI.
+ Version 1.0.
+
+**/
+
+#ifndef __SECURITY2_PPI_H__
+#define __SECURITY2_PPI_H__
+
+#define EFI_PEI_SECURITY2_PPI_GUID \
+ { 0xdcd0be23, 0x9586, 0x40f4, { 0xb6, 0x43, 0x6, 0x52, 0x2c, 0xed, 0x4e, 0xde } }
+
+
+typedef _EFI_PEI_SECURITY2_PPI EFI_PEI_SECURITY2_PPI;
+
+/**
+
+ This service is published by some platform PEIM. The purpose of
+ this service is to expose a given platform's policy-based
+ response to the PEI Foundation. For example, if there is a PEIM
+ in a GUIDed encapsulation section and the extraction of the PEI
+ file section yields an authentication failure, there is no a
+ priori policy in the PEI Foundation. Specifically, this
+ situation leads to the question whether PEIMs that are either
+ not in GUIDed sections or are in sections whose authentication
+ fails should still be executed. In fact, it is the
+ responsibility of the platform builder to make this decision.
+ This platform-scoped policy is a result that a desktop system
+ might not be able to skip or not execute PEIMs because the
+ skipped PEIM could be the agent that initializes main memory.
+ Alternately, a system may require that unsigned PEIMs not be
+ executed under any circumstances. In either case, the PEI
+ Foundation simply multiplexes access to the Section Extraction
+ PPI and the Security PPI. The Section Extraction PPI determines
+ the contents of a section, and the Security PPI tells the PEI
+ Foundation whether or not to invoke the PEIM. The PEIM that
+ publishes the AuthenticationState() service uses its parameters
+ in the following ways: ?? AuthenticationStatus conveys the
+ source information upon which the PEIM acts. 1) The
+ DeferExecution value tells the PEI Foundation whether or not to
+ dispatch the PEIM. In addition, between receiving the
+ AuthenticationState() from the PEI Foundation and returning with
+ the DeferExecution value, the PEIM that publishes
+ AuthenticationState() can do the following: 2) Log the file
+ state. 3) Lock the firmware hubs in response to an unsigned
+ PEIM being discovered. These latter behaviors are platform-
+ and market-specific and thus outside the scope of the PEI CIS.
+
+ @param This Interface pointer that implements the particular
+ EFI_PEI_SECURITY2_PPI instance.
+
+
+ @param AuthenticationStatus Authentication status of the
+ file.
+
+ @param FvHandle Handle of the volume in which the file
+ resides. Type EFI_PEI_FV_HANDLE is defined
+ in FfsFindNextVolume. This allows different
+ policies depending on different firmware
+ volumes.
+
+ @param FileHandle Handle of the file under review. Type
+ EFI_PEI FILE HANDLE is defined in
+ FfsFindNextFile.
+
+ @param DeferExecution Pointer to a variable that alerts the
+ PEI Foundation to defer execution of a
+ PEIM.
+
+ @retval EFI_SUCCESS The service performed its action
+ successfully.
+
+ @retval EFI_SECURITY_VIOLATION The object cannot be trusted.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_PEI_SECURITY_AUTHENTICATION_STATE) (
+ IN CONST EFI_PEI_SERVICES **PeiServices,
+ IN CONST EFI_PEI_SECURITY2_PPI *This,
+ IN CONST UINT32 AuthenticationStatus,
+ IN CONST EFI_PEI_FV_HANDLE FvHandle,
+ IN CONST EFI_PEI_FV_HANDLE FileHandle,
+ IN OUT BOOLEAN *DeferExecution
+);
+
+/**
+
+ This PPI is a means by which the platform builder can indicate
+ a response to a PEIM's authentication state. This can be in
+ the form of a requirement for the PEI Foundation to skip a
+ module using the DeferExecution Boolean output in the
+ AuthenticationState() member function. Alternately, the
+ Security PPI can invoke something like a cryptographic PPI
+ that hashes the PEIM contents to log attestations, for which
+ the FileHandle parameter in AuthenticationState() will be
+ useful. If this PPI does not exist, PEIMs will be considered
+ trusted.
+
+ @param AuthenticationState Allows the platform builder to
+ implement a security policy in
+ response to varying file
+ authentication states. See the
+ AuthenticationState() function
+ description.
+
+**/
+struct _EFI_PEI_SECURITY2_PPI {
+ EFI_PEI_SECURITY_AUTHENTICATION_STATE AuthenticationState;
+};
+
+
+extern EFI_GUID gEfiPeiSecurity2PpiGuid;
+
+#endif
|