- Generated on Fri Nov 15 2024 18:01:32 for TianoCore EDK2 by
1.9.6
|
TianoCore EDK2 master
|
#include <PiDxe.h>#include <Protocol/LoadFile.h>#include <Library/DebugLib.h>#include <Library/DxeServicesLib.h>#include <Library/MemoryAllocationLib.h>#include <Library/SecurityManagementLib.h>#include <Library/DevicePathLib.h>#include <Library/UefiBootServicesTableLib.h>Go to the source code of this file.
Data Structures | |
| struct | SECURITY_INFO |
| struct | SECURITY2_INFO |
Macros | |
| #define | SECURITY_HANDLER_TABLE_SIZE 0x10 |
| #define | EFI_AUTH_IMAGE_OPERATION_MASK |
| #define | EFI_AUTH_NONE_IMAGE_OPERATION_MASK |
Functions | |
| RETURN_STATUS EFIAPI | ReallocateSecurityHandlerTable (VOID) |
| BOOLEAN | CheckAuthenticationOperation (IN UINT32 CurrentAuthOperation, IN UINT32 CheckAuthOperation) |
| EFI_STATUS EFIAPI | RegisterSecurityHandler (IN SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler, IN UINT32 AuthenticationOperation) |
| EFI_STATUS EFIAPI | ExecuteSecurityHandlers (IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *FilePath) |
| RETURN_STATUS EFIAPI | ReallocateSecurity2HandlerTable (VOID) |
| BOOLEAN | CheckAuthentication2Operation (IN UINT32 CurrentAuthOperation, IN UINT32 CheckAuthOperation) |
| EFI_STATUS EFIAPI | RegisterSecurity2Handler (IN SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler, IN UINT32 AuthenticationOperation) |
| EFI_STATUS EFIAPI | ExecuteSecurity2Handlers (IN UINT32 AuthenticationOperation, IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, IN VOID *FileBuffer, IN UINTN FileSize, IN BOOLEAN BootPolicy) |
Variables | |
| UINT32 | mCurrentAuthOperation = 0 |
| UINT32 | mNumberOfSecurityHandler = 0 |
| UINT32 | mMaxNumberOfSecurityHandler = 0 |
| SECURITY_INFO * | mSecurityTable = NULL |
| UINT32 | mCurrentAuthOperation2 = 0 |
| UINT32 | mNumberOfSecurity2Handler = 0 |
| UINT32 | mMaxNumberOfSecurity2Handler = 0 |
| SECURITY2_INFO * | mSecurity2Table = NULL |
Provides generic security measurement functions for DXE module.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file DxeSecurityManagementLib.c.
| #define EFI_AUTH_IMAGE_OPERATION_MASK |
Definition at line 23 of file DxeSecurityManagementLib.c.
| #define EFI_AUTH_NONE_IMAGE_OPERATION_MASK |
Definition at line 26 of file DxeSecurityManagementLib.c.
| #define SECURITY_HANDLER_TABLE_SIZE 0x10 |
Definition at line 18 of file DxeSecurityManagementLib.c.
| BOOLEAN CheckAuthentication2Operation | ( | IN UINT32 | CurrentAuthOperation, |
| IN UINT32 | CheckAuthOperation | ||
| ) |
Check whether an operation is valid according to the requirement of current operation, which must make sure that the measure image operation is the last one.
If AuthenticationOperation is not recongnized, return FALSE. If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, return FALSE. If AuthenticationOperation includes security operation and authentication operation, return FALSE. If the previous register handler can't be executed before the later register handler, return FALSE.
| CurrentAuthOperation | Current operation. |
| CheckAuthOperation | Operation to be checked. |
| TRUE | Operation is valid for current operation. |
| FALSE | Operation is invalid for current operation. |
Definition at line 345 of file DxeSecurityManagementLib.c.
| BOOLEAN CheckAuthenticationOperation | ( | IN UINT32 | CurrentAuthOperation, |
| IN UINT32 | CheckAuthOperation | ||
| ) |
Check whether an operation is valid according to the requirement of current operation, which must make sure that the measure image operation is the last one.
| CurrentAuthOperation | Current operation. |
| CheckAuthOperation | Operation to be checked. |
| TRUE | Operation is valid for current operation. |
| FALSE | Operation is invalid for current operation. |
Definition at line 95 of file DxeSecurityManagementLib.c.
| EFI_STATUS EFIAPI ExecuteSecurity2Handlers | ( | IN UINT32 | AuthenticationOperation, |
| IN UINT32 | AuthenticationStatus, | ||
| IN CONST EFI_DEVICE_PATH_PROTOCOL *File | OPTIONAL, | ||
| IN VOID * | FileBuffer, | ||
| IN UINTN | FileSize, | ||
| IN BOOLEAN | BootPolicy | ||
| ) |
Execute registered handlers based on input AuthenticationOperation until one returns an error and that error is returned.
If none of the handlers return an error, then EFI_SUCCESS is returned. The handlers those satisfy AuthenticationOperation will only be executed. The handlers are executed in same order to their registered order.
| [in] | AuthenticationOperation | The operation type specifies which handlers will be executed. |
| [in] | AuthenticationStatus | The authentication status for the input file. |
| [in] | File | This is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging. |
| [in] | FileBuffer | A pointer to the buffer with the UEFI file image |
| [in] | FileSize | The size of File buffer. |
| [in] | BootPolicy | A boot policy that was used to call LoadImage() UEFI service. |
| EFI_SUCCESS | The file specified by DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may use the file. |
| EFI_SUCCESS | The device path specified by NULL device path DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may execute the image in FileBuffer. |
| EFI_SUCCESS | FileBuffer is NULL and current user has permission to start UEFI device drivers on the device path specified by DevicePath. |
| EFI_SECURITY_VIOLATION | The file specified by File or FileBuffer did not authenticate, and the platform policy dictates that the file should be placed in the untrusted state. |
| EFI_SECURITY_VIOLATION | FileBuffer FileBuffer is NULL and the user has no permission to start UEFI device drivers on the device path specified by DevicePath. |
| EFI_SECURITY_VIOLATION | FileBuffer is not NULL and the user has no permission to load drivers from the device path specified by DevicePath. The image has been added into the list of the deferred images. |
| EFI_ACCESS_DENIED | The file specified by File did not authenticate, and the platform policy dictates that the DXE Foundation may not use File. |
| EFI_INVALID_PARAMETER | File and FileBuffer are both NULL. |
Definition at line 480 of file DxeSecurityManagementLib.c.
| EFI_STATUS EFIAPI ExecuteSecurityHandlers | ( | IN UINT32 | AuthenticationStatus, |
| IN CONST EFI_DEVICE_PATH_PROTOCOL * | FilePath | ||
| ) |
Execute registered handlers until one returns an error and that error is returned. If none of the handlers return an error, then EFI_SUCCESS is returned.
Before exectue handler, get the image buffer by file device path if a handler requires the image file. And return the image buffer to each handler when exectue handler.
The handlers are executed in same order to their registered order.
| [in] | AuthenticationStatus | This is the authentication type returned from the Section Extraction protocol. See the Section Extraction Protocol Specification for details on this type. |
| [in] | FilePath | This is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging. |
| EFI_SUCCESS | The file specified by File did authenticate when more than one security handler services were registered, or the file did not authenticate when no security handler service was registered. And the platform policy dictates that the DXE Core may use File. |
| EFI_INVALID_PARAMETER | File is NULL. |
| EFI_SECURITY_VIOLATION | The file specified by File did not authenticate, and the platform policy dictates that File should be placed in the untrusted state. A file may be promoted from the untrusted to the trusted state at a future time with a call to the Trust() DXE Service. |
| EFI_ACCESS_DENIED | The file specified by File did not authenticate, and the platform policy dictates that File should not be used for any purpose. |
Definition at line 211 of file DxeSecurityManagementLib.c.
| RETURN_STATUS EFIAPI ReallocateSecurity2HandlerTable | ( | VOID | ) |
Reallocates more global memory to store the registered Securit2Handler list.
| RETURN_SUCCESS | Reallocate memory successfully. |
| RETURN_OUT_OF_RESOURCES | No enough memory to allocated. |
Definition at line 302 of file DxeSecurityManagementLib.c.
| RETURN_STATUS EFIAPI ReallocateSecurityHandlerTable | ( | VOID | ) |
Reallocates more global memory to store the registered Handler list.
| RETURN_SUCCESS | Reallocate memory successfully. |
| RETURN_OUT_OF_RESOURCES | No enough memory to allocated. |
Definition at line 57 of file DxeSecurityManagementLib.c.
| EFI_STATUS EFIAPI RegisterSecurity2Handler | ( | IN SECURITY2_FILE_AUTHENTICATION_HANDLER | Security2Handler, |
| IN UINT32 | AuthenticationOperation | ||
| ) |
Register security measurement handler with its operation type. Different handlers with the same operation can all be registered.
If Security2Handler is NULL, then ASSERT(). If no enough resources available to register new handler, then ASSERT(). If AuthenticationOperation is not recongnized, then ASSERT(). If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, then ASSERT(). If the previous register handler can't be executed before the later register handler, then ASSERT().
| [in] | Security2Handler | The security measurement service handler to be registered. |
| [in] | AuthenticationOperation | The operation type is specified for the registered handler. |
| EFI_SUCCESS | The handlers were registered successfully. |
Definition at line 401 of file DxeSecurityManagementLib.c.
| EFI_STATUS EFIAPI RegisterSecurityHandler | ( | IN SECURITY_FILE_AUTHENTICATION_STATE_HANDLER | SecurityHandler, |
| IN UINT32 | AuthenticationOperation | ||
| ) |
Register security measurement handler with its operation type. The different handler with the same operation can all be registered.
If SecurityHandler is NULL, then ASSERT(). If no enough resources available to register new handler, then ASSERT(). If AuthenticationOperation is not recongnized, then ASSERT(). If the previous register handler can't be executed before the later register handler, then ASSERT().
| [in] | SecurityHandler | Security measurement service handler to be registered. |
| [in] | AuthenticationOperation | Operation type is specified for the registered handler. |
| EFI_SUCCESS | The handlers were registered successfully. |
Definition at line 142 of file DxeSecurityManagementLib.c.
| UINT32 mCurrentAuthOperation = 0 |
Definition at line 39 of file DxeSecurityManagementLib.c.
| UINT32 mCurrentAuthOperation2 = 0 |
Definition at line 44 of file DxeSecurityManagementLib.c.
| UINT32 mMaxNumberOfSecurity2Handler = 0 |
Definition at line 46 of file DxeSecurityManagementLib.c.
| UINT32 mMaxNumberOfSecurityHandler = 0 |
Definition at line 41 of file DxeSecurityManagementLib.c.
| UINT32 mNumberOfSecurity2Handler = 0 |
Definition at line 45 of file DxeSecurityManagementLib.c.
| UINT32 mNumberOfSecurityHandler = 0 |
Definition at line 40 of file DxeSecurityManagementLib.c.
| SECURITY2_INFO* mSecurity2Table = NULL |
Definition at line 47 of file DxeSecurityManagementLib.c.
| SECURITY_INFO* mSecurityTable = NULL |
Definition at line 42 of file DxeSecurityManagementLib.c.
1.9.6