1## @file 2# Provides security service of image verification 3# 4# This library hooks LoadImage() API to verify every image by the verification policy. 5# 6# Caution: This module requires additional review when modified. 7# This library will have external input - PE/COFF image. 8# This external input must be validated carefully to avoid security issues such as 9# buffer overflow or integer overflow. 10# 11# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> 12# This program and the accompanying materials 13# are licensed and made available under the terms and conditions of the BSD License 14# which accompanies this distribution. The full text of the license may be found at 15# http://opensource.org/licenses/bsd-license.php 16# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 17# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 18# 19## 20 21[Defines] 22 INF_VERSION = 0x00010005 23 BASE_NAME = DxeImageVerificationLib 24 MODULE_UNI_FILE = DxeImageVerificationLib.uni 25 FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6 26 MODULE_TYPE = DXE_DRIVER 27 VERSION_STRING = 1.0 28 LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER 29 CONSTRUCTOR = DxeImageVerificationLibConstructor 30 31# 32# The following information is for reference only and not required by the build tools. 33# 34# VALID_ARCHITECTURES = IA32 X64 IPF EBC 35# 36 37[Sources] 38 DxeImageVerificationLib.c 39 DxeImageVerificationLib.h 40 Measurement.c 41 42[Packages] 43 MdePkg/MdePkg.dec 44 MdeModulePkg/MdeModulePkg.dec 45 CryptoPkg/CryptoPkg.dec 46 SecurityPkg/SecurityPkg.dec 47 48[LibraryClasses] 49 MemoryAllocationLib 50 BaseLib 51 UefiLib 52 UefiBootServicesTableLib 53 UefiRuntimeServicesTableLib 54 BaseMemoryLib 55 DebugLib 56 DevicePathLib 57 BaseCryptLib 58 SecurityManagementLib 59 PeCoffLib 60 TpmMeasurementLib 61 62[Protocols] 63 gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES 64 gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES 65 gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES 66 67[Guids] 68 ## SOMETIMES_CONSUMES ## Variable:L"DB" 69 ## SOMETIMES_CONSUMES ## Variable:L"DBX" 70 ## SOMETIMES_CONSUMES ## Variable:L"DBT" 71 ## PRODUCES ## SystemTable 72 ## CONSUMES ## SystemTable 73 gEfiImageSecurityDatabaseGuid 74 75 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 76 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 77 gEfiCertSha1Guid 78 79 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 80 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 81 gEfiCertSha256Guid 82 83 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 84 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 85 gEfiCertSha384Guid 86 87 ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 88 ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. 89 gEfiCertSha512Guid 90 91 gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 92 gEfiCertX509Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 93 gEfiCertX509Sha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 94 gEfiCertX509Sha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. 95 gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. 96 97[Pcd] 98 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy ## SOMETIMES_CONSUMES 99 gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy ## SOMETIMES_CONSUMES 100 gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy ## SOMETIMES_CONSUMES 101