summaryrefslogtreecommitdiff
path: root/MdePkg
diff options
context:
space:
mode:
Diffstat (limited to 'MdePkg')
-rw-r--r--MdePkg/Include/Protocol/Security2.h107
-rw-r--r--MdePkg/Include/Uefi/UefiSpec.h9
-rw-r--r--MdePkg/MdePkg.dec6
3 files changed, 119 insertions, 3 deletions
diff --git a/MdePkg/Include/Protocol/Security2.h b/MdePkg/Include/Protocol/Security2.h
new file mode 100644
index 0000000000..d282837b39
--- /dev/null
+++ b/MdePkg/Include/Protocol/Security2.h
@@ -0,0 +1,107 @@
+/** @file
+ Security2 Architectural Protocol as defined in PI Specification1.2.1 VOLUME 2 DXE
+
+ Abstracts security-specific functions from the DXE Foundation of UEFI Image Verification,
+ Trusted Computing Group (TCG) measured boot, and User Identity policy for image loading and
+ consoles. This protocol must be produced by a boot service or runtime DXE driver.
+
+ This protocol is optional and must be published prior to the EFI_SECURITY_ARCH_PROTOCOL.
+ As a result, the same driver must publish both of these interfaces.
+
+ When both Security and Security2 Architectural Protocols are published, LoadImage must use
+ them in accordance with the following rules:
+ The Security2 protocol must be used on every image being loaded.
+ The Security protocol must be used after the Securiy2 protocol and only on images that
+ have been read using Firmware Volume protocol.
+
+ When only Security architectural protocol is published, LoadImage must use it on every image
+ being loaded.
+
+ Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __ARCH_PROTOCOL_SECURITY2_H__
+#define __ARCH_PROTOCOL_SECURITY2_H__
+
+///
+/// Global ID for the Security2 Code Architectural Protocol
+///
+#define EFI_SECURITY2_ARCH_PROTOCOL_GUID \
+ { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } }
+
+typedef struct _EFI_SECURITY2_ARCH_PROTOCOL EFI_SECURITY2_ARCH_PROTOCOL;
+
+/**
+ The DXE Foundation uses this service to measure and/or verify a UEFI image.
+
+ This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI
+ Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation
+ invokes the FileAuthentication() with a DevicePath and corresponding image in
+ FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the
+ appropriate PCR. The image verification logic will confirm the integrity and provenance of the
+ image in FileBuffer of length FileSize . The origin of the image will be DevicePath in
+ these cases.
+ If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected
+ in order to support the User Identification policy.
+
+ @param This The EFI_SECURITY2_ARCH_PROTOCOL instance.
+ @param File A pointer to the device path of the file that is
+ being dispatched. This will optionally be used for logging.
+ @param FileBuffer A pointer to the buffer with the UEFI file image.
+ @param FileSize The size of the file.
+ @param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If
+ FileAuthentication() is invoked not from the LoadImage(),
+ BootPolicy must be set to FALSE.
+
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
+ FileBuffer did authenticate, and the platform policy dictates
+ that the DXE Foundation may use the file.
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath
+ and non-NULL FileBuffer did authenticate, and the platform
+ policy dictates that the DXE Foundation may execute the image in
+ FileBuffer.
+ @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
+ UEFI device drivers on the device path specified by DevicePath.
+ @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not
+ authenticate, and the platform policy dictates that the file should be
+ placed in the untrusted state. The image has been added to the file
+ execution table.
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
+ authenticate, and the platform policy dictates that the DXE
+ Foundation may not use File.
+ @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no
+ permission to start UEFI device drivers on the device path specified
+ by DevicePath.
+ @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
+ drivers from the device path specified by DevicePath. The
+ image has been added into the list of the deferred images.
+**/
+typedef EFI_STATUS (EFIAPI *EFI_SECURITY2_FILE_AUTHENTICATION) (
+ IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
+ IN VOID *FileBuffer,
+ IN UINTN FileSize,
+ IN BOOLEAN BootPolicy
+);
+
+///
+/// The EFI_SECURITY2_ARCH_PROTOCOL is used to abstract platform-specific policy from the
+/// DXE Foundation. This includes measuring the PE/COFF image prior to invoking, comparing the
+/// image against a policy (whether a white-list/black-list of public image verification keys
+/// or registered hashes).
+///
+struct _EFI_SECURITY2_ARCH_PROTOCOL {
+ EFI_SECURITY2_FILE_AUTHENTICATION FileAuthentication;
+};
+
+extern EFI_GUID gEfiSecurity2ArchProtocolGuid;
+
+#endif
diff --git a/MdePkg/Include/Uefi/UefiSpec.h b/MdePkg/Include/Uefi/UefiSpec.h
index f389693845..ffdfcd6398 100644
--- a/MdePkg/Include/Uefi/UefiSpec.h
+++ b/MdePkg/Include/Uefi/UefiSpec.h
@@ -281,7 +281,9 @@ EFI_STATUS
@retval EFI_NOT_FOUND 1) There are no EFI_DRIVER_BINDING_PROTOCOL instances
present in the system.
2) No drivers were connected to ControllerHandle.
-
+ @retval EFI_SECURITY_VIOLATION
+ The user has no permission to start UEFI device drivers on the device path
+ associated with the ControllerHandle or specified by the RemainingDevicePath.
**/
typedef
EFI_STATUS
@@ -848,8 +850,9 @@ EFI_STATUS
@param ExitData The pointer to a pointer to a data buffer that includes a Null-terminated
string, optionally followed by additional binary data.
- @retval EFI_INVALID_PARAMETER ImageHandle is either an invalid image handle or the image
- has already been initialized with StartImage.
+ @retval EFI_INVALID_PARAMETER ImageHandle is either an invalid image handle or the image
+ has already been initialized with StartImage.
+ @retval EFI_SECURITY_VIOLATION The current platform policy specifies that the image should not be started.
@return Exit code from image
**/
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 59b7ac4838..b29cb01c27 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -887,6 +887,12 @@
gEfiExtendedSalMcaLogServicesProtocolGuid = { 0xcb3fd86e, 0x38a3, 0x4c03, {0x9a, 0x5c, 0x90, 0xcf, 0xa3, 0xa2, 0xab, 0x7a } }
#
+ # Protocols defined in PI1.2.1
+ #
+ ## Include/Protocol/Security2.h
+ gEfiSecurity2ArchProtocolGuid = { 0x94ab2f58, 0x1438, 0x4ef1, {0x91, 0x52, 0x18, 0x94, 0x1a, 0x3a, 0x0e, 0x68 } }
+
+ #
# Protocols defined in UEFI2.1/UEFI2.0/EFI1.1
#