summaryrefslogtreecommitdiffstats
path: root/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Include/Library/SecurityManagementLib.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/VBox/Devices/EFI/Firmware/MdeModulePkg/Include/Library/SecurityManagementLib.h')
-rw-r--r--src/VBox/Devices/EFI/Firmware/MdeModulePkg/Include/Library/SecurityManagementLib.h270
1 files changed, 270 insertions, 0 deletions
diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Include/Library/SecurityManagementLib.h b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Include/Library/SecurityManagementLib.h
new file mode 100644
index 00000000..1afc490f
--- /dev/null
+++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Include/Library/SecurityManagementLib.h
@@ -0,0 +1,270 @@
+/** @file
+ This library class defines a set of interfaces to abstract the policy of
+ security measurement by managing the different security measurement services.
+ The library instances can be implemented according to the different security policy.
+
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __SECURITY_MANAGEMENT_LIB_H__
+#define __SECURITY_MANAGEMENT_LIB_H__
+
+//
+// Authentication Operation defintions for User Identity (UID), Measured and Secure boot.
+//
+#define EFI_AUTH_OPERATION_NONE 0x00
+#define EFI_AUTH_OPERATION_VERIFY_IMAGE 0x01
+#define EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD 0x02
+#define EFI_AUTH_OPERATION_MEASURE_IMAGE 0x04
+#define EFI_AUTH_OPERATION_CONNECT_POLICY 0x08
+//
+// Authentication State Operation will check the authentication status of a file.
+//
+#define EFI_AUTH_OPERATION_AUTHENTICATION_STATE 0x10
+
+///
+/// Image buffer is required by the security handler.
+///
+#define EFI_AUTH_OPERATION_IMAGE_REQUIRED 0x80000000
+
+/**
+ The security handler is used to abstract platform-specific policy
+ from the DXE core response to an attempt to use a file that returns a
+ given status for the authentication check from the section extraction protocol.
+
+ The possible responses in a given SAP implementation may include locking
+ flash upon failure to authenticate, attestation logging for all signed drivers,
+ and other exception operations. The File parameter allows for possible logging
+ within the SAP of the driver.
+
+ If File is NULL, then EFI_INVALID_PARAMETER is returned.
+
+ If the file specified by File with an authentication status specified by
+ AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
+
+ If the file specified by File with an authentication status specified by
+ AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
+ then EFI_ACCESS_DENIED is returned.
+
+ If the file specified by File with an authentication status specified by
+ AuthenticationStatus is not safe for the DXE Core to use at the time, but it
+ might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
+ returned.
+
+ FileBuffer will be NULL and FileSize will be 0 if the handler being called
+ did not set EFI_AUTH_OPERATION_IMAGE_REQUIRED when it was registered.
+
+ @param[in] AuthenticationStatus
+ The authentication status returned from the security
+ measurement services for the input file.
+ @param[in] File The pointer to the device path of the file that is
+ being dispatched. This will optionally be used for logging.
+ @param[in] FileBuffer The file buffer matches the input file device path.
+ @param[in] FileSize The size of File buffer matches the input file device path.
+
+ @retval EFI_SUCCESS The file specified by File did authenticate, and the
+ platform policy dictates that the DXE Core may use File.
+ @retval EFI_INVALID_PARAMETER The file is NULL.
+ @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
+ the platform policy dictates that File should be placed
+ in the untrusted state. A file may be promoted from
+ the untrusted to the trusted state at a future time
+ with a call to the Trust() DXE Service.
+ @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and
+ the platform policy dictates that File should not be
+ used for any purpose.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *SECURITY_FILE_AUTHENTICATION_STATE_HANDLER)(
+ IN OUT UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File,
+ IN VOID *FileBuffer,
+ IN UINTN FileSize
+ );
+
+/**
+ Register security measurement handler with its operation type. Different
+ handlers with the same operation can all be registered.
+
+ If SecurityHandler is NULL, then ASSERT().
+ If no enough resources available to register new handler, then ASSERT().
+ If AuthenticationOperation is not recongnized, then ASSERT().
+ If the previous register handler can't be executed before the later register handler, then ASSERT().
+
+ @param[in] SecurityHandler The security measurement service handler to be registered.
+ @param[in] AuthenticationOperation Theoperation type is specified for the registered handler.
+
+ @retval EFI_SUCCESS The handlers were registered successfully.
+**/
+EFI_STATUS
+EFIAPI
+RegisterSecurityHandler (
+ IN SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler,
+ IN UINT32 AuthenticationOperation
+ );
+
+/**
+ Execute registered handlers until one returns an error and that error is returned.
+ If none of the handlers return an error, then EFI_SUCCESS is returned.
+
+ Before exectue handler, get the image buffer by file device path if a handler
+ requires the image file. And return the image buffer to each handler when exectue handler.
+
+ The handlers are executed in same order to their registered order.
+
+ @param[in] AuthenticationStatus
+ This is the authentication type returned from the Section
+ Extraction protocol. See the Section Extraction Protocol
+ Specification for details on this type.
+ @param[in] FilePath This is a pointer to the device path of the file that is
+ being dispatched. This will optionally be used for logging.
+
+ @retval EFI_SUCCESS The file specified by File authenticated when more
+ than one security handler services were registered,
+ or the file did not authenticate when no security
+ handler service was registered. And the platform policy
+ dictates that the DXE Core may use File.
+ @retval EFI_INVALID_PARAMETER File is NULL.
+ @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
+ the platform policy dictates that File should be placed
+ in the untrusted state. A file may be promoted from
+ the untrusted to the trusted state at a future time
+ with a call to the Trust() DXE Service.
+ @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and
+ the platform policy dictates that File should not be
+ used for any purpose.
+**/
+EFI_STATUS
+EFIAPI
+ExecuteSecurityHandlers (
+ IN UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *FilePath
+ );
+
+/**
+ The security handler is used to abstracts security-specific functions from the DXE
+ Foundation of UEFI Image Verification, Trusted Computing Group (TCG) measured boot,
+ User Identity policy for image loading and consoles, and for purposes of
+ handling GUIDed section encapsulations.
+
+ @param[in] AuthenticationStatus
+ The authentication status for the input file.
+ @param[in] File The pointer to the device path of the file that is
+ being dispatched. This will optionally be used for logging.
+ @param[in] FileBuffer A pointer to the buffer with the UEFI file image
+ @param[in] FileSize The size of File buffer.
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
+
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
+ FileBuffer did authenticate, and the platform policy dictates
+ that the DXE Foundation may use the file.
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath
+ and non-NULL FileBuffer did authenticate, and the platform
+ policy dictates that the DXE Foundation may execute the image in
+ FileBuffer.
+ @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
+ UEFI device drivers on the device path specified by DevicePath.
+ @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not
+ authenticate, and the platform policy dictates that the file should be
+ placed in the untrusted state. The image has been added to the file
+ execution table.
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
+ authenticate, and the platform policy dictates that the DXE
+ Foundation may not use File.
+ @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no
+ permission to start UEFI device drivers on the device path specified
+ by DevicePath.
+ @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
+ drivers from the device path specified by DevicePath. The
+ image has been added into the list of the deferred images.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *SECURITY2_FILE_AUTHENTICATION_HANDLER) (
+ IN UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File,
+ IN VOID *FileBuffer,
+ IN UINTN FileSize,
+ IN BOOLEAN BootPolicy
+ );
+
+/**
+ Register security measurement handler with its operation type. Different
+ handlers with the same operation can all be registered.
+
+ If SecurityHandler is NULL, then ASSERT().
+ If no enough resources available to register new handler, then ASSERT().
+ If AuthenticationOperation is not recongnized, then ASSERT().
+ If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, then ASSERT().
+ If the previous register handler can't be executed before the later register handler, then ASSERT().
+
+ @param[in] Security2Handler The security measurement service handler to be registered.
+ @param[in] AuthenticationOperation The operation type is specified for the registered handler.
+
+ @retval EFI_SUCCESS The handlers were registered successfully.
+**/
+EFI_STATUS
+EFIAPI
+RegisterSecurity2Handler (
+ IN SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler,
+ IN UINT32 AuthenticationOperation
+ );
+
+/**
+ Execute registered handlers based on input AuthenticationOperation until
+ one returns an error and that error is returned.
+
+ If none of the handlers return an error, then EFI_SUCCESS is returned.
+ The handlers those satisfy AuthenticationOperation will only be executed.
+ The handlers are executed in same order to their registered order.
+
+ @param[in] AuthenticationOperation
+ The operation type specifies which handlers will be executed.
+ @param[in] AuthenticationStatus
+ The authentication status for the input file.
+ @param[in] File This is a pointer to the device path of the file that is
+ being dispatched. This will optionally be used for logging.
+ @param[in] FileBuffer A pointer to the buffer with the UEFI file image
+ @param[in] FileSize The size of File buffer.
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
+
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
+ FileBuffer did authenticate, and the platform policy dictates
+ that the DXE Foundation may use the file.
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath
+ and non-NULL FileBuffer did authenticate, and the platform
+ policy dictates that the DXE Foundation may execute the image in
+ FileBuffer.
+ @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
+ UEFI device drivers on the device path specified by DevicePath.
+ @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not
+ authenticate, and the platform policy dictates that the file should be
+ placed in the untrusted state. The image has been added to the file
+ execution table.
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
+ authenticate, and the platform policy dictates that the DXE
+ Foundation may not use File.
+ @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no
+ permission to start UEFI device drivers on the device path specified
+ by DevicePath.
+ @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
+ drivers from the device path specified by DevicePath. The
+ image has been added into the list of the deferred images.
+ @retval EFI_INVALID_PARAMETER File and FileBuffer are both NULL.
+**/
+EFI_STATUS
+EFIAPI
+ExecuteSecurity2Handlers (
+ IN UINT32 AuthenticationOperation,
+ IN UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL
+ IN VOID *FileBuffer,
+ IN UINTN FileSize,
+ IN BOOLEAN BootPolicy
+ );
+
+#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-17 19:46:49 +0000