1 ## @file 2 # Provides security service of image verification 3 # 4 # This library hooks LoadImage() API to verify every image by the verification policy. 5 # 6 # Caution: This module requires additional review when modified. 7 # This library will have external input - PE/COFF image. 8 # This external input must be validated carefully to avoid security issues such as 9 # buffer overflow or integer overflow. 10 # 11 # Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 12 # This program and the accompanying materials 13 # are licensed and made available under the terms and conditions of the BSD License 14 # which accompanies this distribution. The full text of the license may be found at 15 # http://opensource.org/licenses/bsd-license.php 16 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 17 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 18 # 19 ## 20 21 [Defines] 22 INF_VERSION = 0x00010005 23 BASE_NAME = DxeImageVerificationLib 24 MODULE_UNI_FILE = DxeImageVerificationLib.uni 25 FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6 26 MODULE_TYPE = DXE_DRIVER 27 VERSION_STRING = 1.0 28 LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER 29 CONSTRUCTOR = DxeImageVerificationLibConstructor 30 31 # 32 # The following information is for reference only and not required by the build tools. 33 # 34 # VALID_ARCHITECTURES = IA32 X64 IPF EBC 35 # 36 37 [Sources] 38 DxeImageVerificationLib.c 39 DxeImageVerificationLib.h 40 Measurement.c 41 42 [Packages] 43 MdePkg/MdePkg.dec 44 MdeModulePkg/MdeModulePkg.dec 45 CryptoPkg/CryptoPkg.dec 46 SecurityPkg/SecurityPkg.dec 47 48 [LibraryClasses] 49 MemoryAllocationLib 50 BaseLib 51 UefiLib 52 UefiBootServicesTableLib 53 UefiRuntimeServicesTableLib 54 BaseMemoryLib 55 DebugLib 56 DevicePathLib 57 BaseCryptLib 58 SecurityManagementLib 59 PeCoffLib 60 TpmMeasurementLib 61 62 [Protocols] 63 gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES 64 gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES 65 gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES 66 67 [Guids] 68 ## SOMETIMES_CONSUMES ## Variable:L"DB" 69 ## SOMETIMES_CONSUMES ## Variable:L"DBX" 70 ## SOMETIMES_CONSUMES ## Variable:L"DBT" 71 ## PRODUCES ## SystemTable 72 ## CONSUMES ## SystemTable 73 gEfiImageSecurityDatabaseGuid 74 75 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 76 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 77 gEfiCertSha1Guid 78 79 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 80 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 81 gEfiCertSha256Guid 82 83 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 84 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 85 gEfiCertSha384Guid 86 87 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 88 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 89 gEfiCertSha512Guid 90 91 gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 92 gEfiCertX509Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 93 gEfiCertX509Sha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 94 gEfiCertX509Sha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 95 gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. 96 97 [Pcd] 98 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy ## SOMETIMES_CONSUMES 99 gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy ## SOMETIMES_CONSUMES 100 gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy ## SOMETIMES_CONSUMES 101
