From b2d76fdd421b5081c2e03ae46079ccf8ecc045fe Mon Sep 17 00:00:00 2001 From: Jian J Wang Date: Thu, 15 Dec 2022 11:02:23 +0800 Subject: [PATCH] SecurityPkg: deprecate RpmcLib and VariableKeyLib REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594 There's no real usage of these two libraries. They're deprecated. Cc: Jiewen Yao Cc: Michael D Kinney Cc: Nishant C Mistry Cc: Judah Vang Signed-off-by: Jian J Wang Reviewed-by: Jiewen Yao Acked-by: Michael D Kinney --- SecurityPkg/Include/Library/RpmcLib.h | 42 ------------ SecurityPkg/Include/Library/VariableKeyLib.h | 59 ----------------- SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 46 ------------- .../Library/RpmcLibNull/RpmcLibNull.inf | 33 ---------- .../VariableKeyLibNull/VariableKeyLibNull.c | 66 ------------------- .../VariableKeyLibNull/VariableKeyLibNull.inf | 33 ---------- SecurityPkg/SecurityPkg.dec | 8 --- SecurityPkg/SecurityPkg.dsc | 4 -- 8 files changed, 291 deletions(-) delete mode 100644 SecurityPkg/Include/Library/RpmcLib.h delete mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c delete mode 100644 SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf delete mode 100644 SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c delete mode 100644 SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Library/RpmcLib.h deleted file mode 100644 index df4ba34ba8..0000000000 --- a/SecurityPkg/Include/Library/RpmcLib.h +++ /dev/null @@ -1,42 +0,0 @@ -/** @file - Public definitions for the Replay Protected Monotonic Counter (RPMC) Library. - -Copyright (c) 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef _RPMC_LIB_H_ -#define _RPMC_LIB_H_ - -#include - -/** - Requests the monotonic counter from the designated RPMC counter. - - @param[out] CounterValue A pointer to a buffer to store the RPMC value. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -RequestMonotonicCounter ( - OUT UINT32 *CounterValue - ); - -/** - Increments the monotonic counter in the SPI flash device by 1. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -IncrementMonotonicCounter ( - VOID - ); - -#endif diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Include/Library/VariableKeyLib.h deleted file mode 100644 index 561ebad09d..0000000000 --- a/SecurityPkg/Include/Library/VariableKeyLib.h +++ /dev/null @@ -1,59 +0,0 @@ -/** @file - Public definitions for Variable Key Library. - -Copyright (c) 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#ifndef _VARIABLE_KEY_LIB_H_ -#define _VARIABLE_KEY_LIB_H_ - -#include - -/** - Retrieves the key for integrity and/or confidentiality of variables. - - @param[out] VariableKey A pointer to pointer for the variable key buffer. - @param[in,out] VariableKeySize The size in bytes of the variable key. - - @retval EFI_SUCCESS The variable key was returned. - @retval EFI_DEVICE_ERROR An error occurred while attempting to get the variable key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED The variable key is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize - ); - -/** - Regenerates the variable key. - - @retval EFI_SUCCESS The variable key was regenerated successfully. - @retval EFI_DEVICE_ERROR An error occurred while attempting to regenerate the key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED Key regeneration is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -RegenerateVariableKey ( - VOID - ); - -/** - Locks the regenerate key interface. - - @retval EFI_SUCCESS The key interface was locked successfully. - @retval EFI_UNSUPPORTED Locking the key interface is not supported in the current boot configuration. - @retval Others An error occurred while attempting to lock the key interface. -**/ -EFI_STATUS -EFIAPI -LockVariableKeyInterface ( - VOID - ); - -#endif diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c deleted file mode 100644 index 792e48250e..0000000000 --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c +++ /dev/null @@ -1,46 +0,0 @@ -/** @file - NULL RpmcLib instance for build purpose. - -Copyright (c) 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ - -#include -#include - -/** - Requests the monotonic counter from the designated RPMC counter. - - @param[out] CounterValue A pointer to a buffer to store the RPMC value. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -RequestMonotonicCounter ( - OUT UINT32 *CounterValue - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} - -/** - Increments the monotonic counter in the SPI flash device by 1. - - @retval EFI_SUCCESS The operation completed successfully. - @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. - @retval EFI_UNSUPPORTED The operation is un-supported. -**/ -EFI_STATUS -EFIAPI -IncrementMonotonicCounter ( - VOID - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf deleted file mode 100644 index 500edfa87d..0000000000 --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf +++ /dev/null @@ -1,33 +0,0 @@ -## @file -# Provides Null version of RpmcLib for build purpose. -# -# Copyright (c) 2020, Intel Corporation. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010029 - BASE_NAME = RpmcLibNull - FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 - MODULE_TYPE = BASE - VERSION_STRING = 1.0 - LIBRARY_CLASS = RpmcLib - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 -# - -[Sources] - RpmcLibNull.c - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - DebugLib - diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c deleted file mode 100644 index a08def767b..0000000000 --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c +++ /dev/null @@ -1,66 +0,0 @@ -/** @file - Null version of VariableKeyLib for build purpose. Don't use it in real product. - -Copyright (c) 2020, Intel Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clause-Patent - -**/ -#include -#include - -/** - Retrieves the key for integrity and/or confidentiality of variables. - - @param[out] VariableKey A pointer to pointer for the variable key buffer. - @param[in,out] VariableKeySize The size in bytes of the variable key. - - @retval EFI_SUCCESS The variable key was returned. - @retval EFI_DEVICE_ERROR An error occurred while attempting to get the variable key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED The variable key is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} - -/** - Regenerates the variable key. - - @retval EFI_SUCCESS The variable key was regenerated successfully. - @retval EFI_DEVICE_ERROR An error occurred while attempting to regenerate the key. - @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. - @retval EFI_UNSUPPORTED Key regeneration is not supported in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -RegenerateVariableKey ( - VOID - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} - -/** - Locks the regenerate key interface. - - @retval EFI_SUCCESS The key interface was locked successfully. - @retval EFI_UNSUPPORTED Locking the key interface is not supported in the current boot configuration. - @retval Others An error occurred while attempting to lock the key interface. -**/ -EFI_STATUS -EFIAPI -LockVariableKeyInterface ( - VOID - ) -{ - ASSERT (FALSE); - return EFI_UNSUPPORTED; -} diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf deleted file mode 100644 index ea74e38cf9..0000000000 --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf +++ /dev/null @@ -1,33 +0,0 @@ -## @file -# Provides Null version of VariableKeyLib for build only. -# -# Copyright (c) 2020, Intel Corporation. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -# -## - -[Defines] - INF_VERSION = 0x00010029 - BASE_NAME = VariableKeyLibNull - FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A - MODULE_TYPE = BASE - VERSION_STRING = 1.0 - LIBRARY_CLASS = VariableKeyLib - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 -# - -[Sources] - VariableKeyLibNull.c - -[Packages] - MdePkg/MdePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - BaseLib - DebugLib - diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 7ecf9565d9..358b3dc543 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -80,14 +80,6 @@ # TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h - ## @libraryclass Provides interfaces to access RPMC device. - # - RpmcLib|Include/Library/RpmcLib.h - - ## @libraryclass Provides interfaces to access variable root key. - # - VariableKeyLib|Include/Library/VariableKeyLib.h - ## @libraryclass Provides interfaces about firmware TPM measurement. # TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 30d911d8a1..2f679c87a9 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -68,8 +68,6 @@ TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf - VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf - RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf @@ -264,8 +262,6 @@ # # Variable Confidentiality & Integrity # - SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf - SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf #