tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: Create SecureBootVariableLib. 

This commits add library, which consist helper functions related
to creation/removal Secure Boot variables. Some of the functions
was moved from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
This commit is contained in:
Grzegorz Bernacki 2021-08-02 12:46:23 +02:00 committed by mergify[bot]
parent 2b47aaecef
commit bb806a6e88
6 changed files with 763 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
SecurityPkg/Include/Library/SecureBootVariableLib.h Normal file
View File

@ -0,0 +1,153 @@
/** @file
Provides a helper functions for creating variable authenticated
payloads, signature lists related to secure boot keys.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
Copyright (c) 2021, Semihalf All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef SECURE_BOOT_VARIABLE_LIB_H_
#define SECURE_BOOT_VARIABLE_LIB_H_
/**
Set the platform secure boot mode into "Custom" or "Standard" mode.
@param[in] SecureBootMode New secure boot mode: STANDARD_SECURE_BOOT_MODE or
CUSTOM_SECURE_BOOT_MODE.
@return EFI_SUCCESS The platform has switched to the special mode successfully.
@return other Fail to operate the secure boot mode.
--*/
EFI_STATUS
SetSecureBootMode (
IN UINT8 SecureBootMode
);
/**
Fetches the value of SetupMode variable.
@param[out] SetupMode Pointer to UINT8 for SetupMode output
@retval other Error codes from GetVariable.
--*/
EFI_STATUS
EFIAPI
GetSetupMode (
OUT UINT8 *SetupMode
);
/**
Create a EFI Signature List with data fetched from section specified as a argument.
Found keys are verified using RsaGetPublicKeyFromX509().
@param[in] KeyFileGuid A pointer to to the FFS filename GUID
@param[out] SigListsSize A pointer to size of signature list
@param[out] SigListsOut a pointer to a callee-allocated buffer with signature lists
@retval EFI_SUCCESS Create time based payload successfully.
@retval EFI_NOT_FOUND Section with key has not been found.
@retval EFI_INVALID_PARAMETER Embedded key has a wrong format.
@retval Others Unexpected error happens.
--*/
EFI_STATUS
SecureBootFetchData (
IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut
);
/**
Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2
descriptor with the input data. NO authentication is required in this function.
@param[in, out] DataSize On input, the size of Data buffer in bytes.
On output, the size of data returned in Data
buffer in bytes.
@param[in, out] Data On input, Pointer to data buffer to be wrapped or
pointer to NULL to wrap an empty payload.
On output, Pointer to the new payload date buffer allocated from pool,
it's caller's responsibility to free the memory when finish using it.
@retval EFI_SUCCESS Create time based payload successfully.
@retval EFI_OUT_OF_RESOURCES There are not enough memory resources to create time based payload.
@retval EFI_INVALID_PARAMETER The parameter is invalid.
@retval Others Unexpected error happens.
--*/
EFI_STATUS
CreateTimeBasedPayload (
IN OUT UINTN *DataSize,
IN OUT UINT8 **Data
);
/**
Clears the content of the 'db' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
DeleteDb (
VOID
);
/**
Clears the content of the 'dbx' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
DeleteDbx (
VOID
);
/**
Clears the content of the 'dbt' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
DeleteDbt (
VOID
);
/**
Clears the content of the 'KEK' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
DeleteKEK (
VOID
);
/**
Clears the content of the 'PK' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2(), GetTime() and SetVariable()
--*/
EFI_STATUS
EFIAPI
DeletePlatformKey (
VOID
);
#endif

510
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c Normal file
View File

@ -0,0 +1,510 @@
/** @file
This library provides helper functions to set/clear Secure Boot
keys and databases.
Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
Copyright (c) 2021, Semihalf All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Guid/GlobalVariable.h>
#include <Guid/AuthenticatedVariableFormat.h>
#include <Guid/ImageAuthentication.h>
#include <Library/BaseCryptLib.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/SecureBootVariableLib.h>
#include "Library/DxeServicesLib.h"
/** Creates EFI Signature List structure.
@param[in] Data A pointer to signature data.
@param[in] Size Size of signature data.
@param[out] SigList Created Signature List.
@retval EFI_SUCCESS Signature List was created successfully.
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
**/
STATIC
EFI_STATUS
CreateSigList (
IN VOID *Data,
IN UINTN Size,
OUT EFI_SIGNATURE_LIST **SigList
)
{
UINTN SigListSize;
EFI_SIGNATURE_LIST *TmpSigList;
EFI_SIGNATURE_DATA *SigData;
//
// Allocate data for Signature Database
//
SigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + Size;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SigListSize);
if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
//
// Only gEfiCertX509Guid type is supported
//
TmpSigList->SignatureListSize = (UINT32)SigListSize;
TmpSigList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + Size);
TmpSigList->SignatureHeaderSize = 0;
CopyGuid (&TmpSigList->SignatureType, &gEfiCertX509Guid);
//
// Copy key data
//
SigData = (EFI_SIGNATURE_DATA *) (TmpSigList + 1);
CopyGuid (&SigData->SignatureOwner, &gEfiGlobalVariableGuid);
CopyMem (&SigData->SignatureData[0], Data, Size);
*SigList = TmpSigList;
return EFI_SUCCESS;
}
/** Adds new signature list to signature database.
@param[in] SigLists A pointer to signature database.
@param[in] SigListAppend A signature list to be added.
@param[out] *SigListOut Created signature database.
@param[in, out] SigListsSize A size of created signature database.
@retval EFI_SUCCESS Signature List was added successfully.
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
**/
STATIC
EFI_STATUS
ConcatenateSigList (
IN EFI_SIGNATURE_LIST *SigLists,
IN EFI_SIGNATURE_LIST *SigListAppend,
OUT EFI_SIGNATURE_LIST **SigListOut,
IN OUT UINTN *SigListsSize
)
{
EFI_SIGNATURE_LIST *TmpSigList;
UINT8 *Offset;
UINTN NewSigListsSize;
NewSigListsSize = *SigListsSize + SigListAppend->SignatureListSize;
TmpSigList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (NewSigListsSize);
if (TmpSigList == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (TmpSigList, SigLists, *SigListsSize);
Offset = (UINT8 *)TmpSigList;
Offset += *SigListsSize;
CopyMem ((VOID *)Offset, SigListAppend, SigListAppend->SignatureListSize);
*SigListsSize = NewSigListsSize;
*SigListOut = TmpSigList;
return EFI_SUCCESS;
}
/**
Create a EFI Signature List with data fetched from section specified as a argument.
Found keys are verified using RsaGetPublicKeyFromX509().
@param[in] KeyFileGuid A pointer to to the FFS filename GUID
@param[out] SigListsSize A pointer to size of signature list
@param[out] SigListOut a pointer to a callee-allocated buffer with signature lists
@retval EFI_SUCCESS Create time based payload successfully.
@retval EFI_NOT_FOUND Section with key has not been found.
@retval EFI_INVALID_PARAMETER Embedded key has a wrong format.
@retval Others Unexpected error happens.
**/
EFI_STATUS
SecureBootFetchData (
IN EFI_GUID *KeyFileGuid,
OUT UINTN *SigListsSize,
OUT EFI_SIGNATURE_LIST **SigListOut
)
{
EFI_SIGNATURE_LIST *EfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig;
EFI_SIGNATURE_LIST *TmpEfiSig2;
EFI_STATUS Status;
VOID *Buffer;
VOID *RsaPubKey;
UINTN Size;
UINTN KeyIndex;
KeyIndex = 0;
EfiSig = NULL;
*SigListsSize = 0;
while (1) {
Status = GetSectionFromAnyFv (
KeyFileGuid,
EFI_SECTION_RAW,
KeyIndex,
&Buffer,
&Size
);
if (Status == EFI_SUCCESS) {
RsaPubKey = NULL;
if (RsaGetPublicKeyFromX509 (Buffer, Size, &RsaPubKey) == FALSE) {
DEBUG ((DEBUG_ERROR, "%a: Invalid key format: %d\n", __FUNCTION__, KeyIndex));
if (EfiSig != NULL) {
FreePool(EfiSig);
}
FreePool(Buffer);
return EFI_INVALID_PARAMETER;
}
Status = CreateSigList (Buffer, Size, &TmpEfiSig);
//
// Concatenate lists if more than one section found
//
if (KeyIndex == 0) {
EfiSig = TmpEfiSig;
*SigListsSize = TmpEfiSig->SignatureListSize;
} else {
ConcatenateSigList (EfiSig, TmpEfiSig, &TmpEfiSig2, SigListsSize);
FreePool (EfiSig);
FreePool (TmpEfiSig);
EfiSig = TmpEfiSig2;
}
KeyIndex++;
FreePool (Buffer);
} if (Status == EFI_NOT_FOUND) {
break;
}
};
if (KeyIndex == 0) {
return EFI_NOT_FOUND;
}
*SigListOut = EfiSig;
return EFI_SUCCESS;
}
/**
Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2
descriptor with the input data. NO authentication is required in this function.
@param[in, out] DataSize On input, the size of Data buffer in bytes.
On output, the size of data returned in Data
buffer in bytes.
@param[in, out] Data On input, Pointer to data buffer to be wrapped or
pointer to NULL to wrap an empty payload.
On output, Pointer to the new payload date buffer allocated from pool,
it's caller's responsibility to free the memory when finish using it.
@retval EFI_SUCCESS Create time based payload successfully.
@retval EFI_OUT_OF_RESOURCES There are not enough memory resources to create time based payload.
@retval EFI_INVALID_PARAMETER The parameter is invalid.
@retval Others Unexpected error happens.
**/
EFI_STATUS
CreateTimeBasedPayload (
IN OUT UINTN *DataSize,
IN OUT UINT8 **Data
)
{
EFI_STATUS Status;
UINT8 *NewData;
UINT8 *Payload;
UINTN PayloadSize;
EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData;
UINTN DescriptorSize;
EFI_TIME Time;
if (Data == NULL || DataSize == NULL) {
return EFI_INVALID_PARAMETER;
}
//
// In Setup mode or Custom mode, the variable does not need to be signed but the
// parameters to the SetVariable() call still need to be prepared as authenticated
// variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor without certificate
// data in it.
//
Payload = *Data;
PayloadSize = *DataSize;
DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize);
if (NewData == NULL) {
return EFI_OUT_OF_RESOURCES;
}
if ((Payload != NULL) && (PayloadSize != 0)) {
CopyMem (NewData + DescriptorSize, Payload, PayloadSize);
}
DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData);
ZeroMem (&Time, sizeof (EFI_TIME));
Status = gRT->GetTime (&Time, NULL);
if (EFI_ERROR (Status)) {
FreePool(NewData);
return Status;
}
Time.Pad1 = 0;
Time.Nanosecond = 0;
Time.TimeZone = 0;
Time.Daylight = 0;
Time.Pad2 = 0;
CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME));
DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
DescriptorData->AuthInfo.Hdr.wRevision = 0x0200;
DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID;
CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid);
if (Payload != NULL) {
FreePool(Payload);
}
*DataSize = DescriptorSize + PayloadSize;
*Data = NewData;
return EFI_SUCCESS;
}
/**
Internal helper function to delete a Variable given its name and GUID, NO authentication
required.
@param[in] VariableName Name of the Variable.
@param[in] VendorGuid GUID of the Variable.
@retval EFI_SUCCESS Variable deleted successfully.
@retval Others The driver failed to start the device.
**/
EFI_STATUS
DeleteVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
EFI_STATUS Status;
VOID* Variable;
UINT8 *Data;
UINTN DataSize;
UINT32 Attr;
GetVariable2 (VariableName, VendorGuid, &Variable, NULL);
if (Variable == NULL) {
return EFI_SUCCESS;
}
FreePool (Variable);
Data = NULL;
DataSize = 0;
Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
Status = CreateTimeBasedPayload (&DataSize, &Data);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
return Status;
}
Status = gRT->SetVariable (
VariableName,
VendorGuid,
Attr,
DataSize,
Data
);
if (Data != NULL) {
FreePool (Data);
}
return Status;
}
/**
Set the platform secure boot mode into "Custom" or "Standard" mode.
@param[in] SecureBootMode New secure boot mode: STANDARD_SECURE_BOOT_MODE or
CUSTOM_SECURE_BOOT_MODE.
@return EFI_SUCCESS The platform has switched to the special mode successfully.
@return other Fail to operate the secure boot mode.
**/
EFI_STATUS
SetSecureBootMode (
IN UINT8 SecureBootMode
)
{
return gRT->SetVariable (
EFI_CUSTOM_MODE_NAME,
&gEfiCustomModeEnableGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof (UINT8),
&SecureBootMode
);
}
/**
Fetches the value of SetupMode variable.
@param[out] SetupMode Pointer to UINT8 for SetupMode output
@retval other Retval from GetVariable.
**/
EFI_STATUS
EFIAPI
GetSetupMode (
OUT UINT8 *SetupMode
)
{
UINTN Size;
EFI_STATUS Status;
Size = sizeof (*SetupMode);
Status = gRT->GetVariable (
EFI_SETUP_MODE_NAME,
&gEfiGlobalVariableGuid,
NULL,
&Size,
SetupMode
);
if (EFI_ERROR (Status)) {
return Status;
}
return EFI_SUCCESS;
}
/**
Clears the content of the 'db' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
**/
EFI_STATUS
EFIAPI
DeleteDb (
VOID
)
{
EFI_STATUS Status;
Status = DeleteVariable (
EFI_IMAGE_SECURITY_DATABASE,
&gEfiImageSecurityDatabaseGuid
);
return Status;
}
/**
Clears the content of the 'dbx' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
**/
EFI_STATUS
EFIAPI
DeleteDbx (
VOID
)
{
EFI_STATUS Status;
Status = DeleteVariable (
EFI_IMAGE_SECURITY_DATABASE1,
&gEfiImageSecurityDatabaseGuid
);
return Status;
}
/**
Clears the content of the 'dbt' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
**/
EFI_STATUS
EFIAPI
DeleteDbt (
VOID
)
{
EFI_STATUS Status;
Status = DeleteVariable (
EFI_IMAGE_SECURITY_DATABASE2,
&gEfiImageSecurityDatabaseGuid
);
return Status;
}
/**
Clears the content of the 'KEK' variable.
@retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
while VendorGuid is NULL.
@retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
**/
EFI_STATUS
EFIAPI
DeleteKEK (
VOID
)
{
EFI_STATUS Status;
Status = DeleteVariable (
EFI_KEY_EXCHANGE_KEY_NAME,
&gEfiGlobalVariableGuid
);
return Status;
}
/**
Remove the PK variable.
@retval EFI_SUCCESS Delete PK successfully.
@retval Others Could not allow to delete PK.
**/
EFI_STATUS
EFIAPI
DeletePlatformKey (
VOID
)
{
EFI_STATUS Status;
Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE);
if (EFI_ERROR (Status)) {
return Status;
}
Status = DeleteVariable (
EFI_PLATFORM_KEY_NAME,
&gEfiGlobalVariableGuid
);
return Status;
}

79
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf Normal file
View File

@ -0,0 +1,79 @@
## @file
# Provides helper function for initialization of Secure Boot
# keys and databases.
#
# Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
# Copyright (c) 2021, Semihalf All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SecureBootVariableLib
MODULE_UNI_FILE = SecureBootVariableLib.uni
FILE_GUID = D4FFF5CA-6D8E-4DBD-8A4B-7C7CEBD97F6F
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = SecureBootVariableLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
SecureBootVariableLib.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
MemoryAllocationLib
BaseCryptLib
DxeServicesLib
[Guids]
## CONSUMES ## Variable:L"SetupMode"
## PRODUCES ## Variable:L"SetupMode"
## CONSUMES ## Variable:L"SecureBoot"
## PRODUCES ## Variable:L"SecureBoot"
## PRODUCES ## Variable:L"PK"
## PRODUCES ## Variable:L"KEK"
## CONSUMES ## Variable:L"PKDefault"
## CONSUMES ## Variable:L"KEKDefault"
## CONSUMES ## Variable:L"dbDefault"
## CONSUMES ## Variable:L"dbxDefault"
## CONSUMES ## Variable:L"dbtDefault"
gEfiGlobalVariableGuid
## SOMETIMES_CONSUMES ## Variable:L"DB"
## SOMETIMES_CONSUMES ## Variable:L"DBX"
## SOMETIMES_CONSUMES ## Variable:L"DBT"
gEfiImageSecurityDatabaseGuid
## CONSUMES ## Variable:L"SecureBootEnable"
## PRODUCES ## Variable:L"SecureBootEnable"
gEfiSecureBootEnableDisableGuid
## CONSUMES ## Variable:L"CustomMode"
## PRODUCES ## Variable:L"CustomMode"
gEfiCustomModeEnableGuid
gEfiCertTypeRsa2048Sha256Guid ## CONSUMES
gEfiCertX509Guid ## CONSUMES
gEfiCertPkcs7Guid ## CONSUMES
gDefaultPKFileGuid
gDefaultKEKFileGuid
gDefaultdbFileGuid
gDefaultdbxFileGuid
gDefaultdbtFileGuid

16
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni Normal file
View File

@ -0,0 +1,16 @@
// /** @file
//
// Provides helper function for initialization of Secure Boot
// keys and databases.
//
// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
// Copyright (c) 2021, Semihalf All rights reserved.<BR>
//
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Provides helper functions to initialize PK, KEK and databases based on default variables."
#string STR_MODULE_DESCRIPTION #language en-US "Provides helper functions to initialize PK, KEK and databases based on default variables."

4
SecurityPkg/SecurityPkg.dec
View File

@ -87,6 +87,10 @@
## @libraryclass Provides interfaces about firmware TPM measurement.
#
TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h
## @libraryclass Provides helper functions related to creation/removal Secure Boot variables.
#
SecureBootVariableLib|Include/Library/SecureBootVariableLib.h
[Guids]
## Security package token space guid.
# Include/Guid/SecurityPkgTokenSpace.h

1
SecurityPkg/SecurityPkg.dsc
View File

@ -70,6 +70,7 @@
RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
[LibraryClasses.ARM]
#