mirror of https://github.com/acidanthera/audk.git
134 lines
5.4 KiB
C
134 lines
5.4 KiB
C
/** @file
|
|
Platform Device Security Policy Protocol definition
|
|
|
|
Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
|
|
#ifndef EDKII_DEVICE_SECURITY_POLICY_PROTOCOL_H_
|
|
#define EDKII_DEVICE_SECURITY_POLICY_PROTOCOL_H_
|
|
|
|
#include <Uefi.h>
|
|
#include <Protocol/DeviceSecurity.h>
|
|
|
|
typedef struct _EDKII_DEVICE_SECURITY_POLICY_PROTOCOL EDKII_DEVICE_SECURITY_POLICY_PROTOCOL;
|
|
|
|
//
|
|
// Revision The revision to which the DEVICE_SECURITY_POLICY protocol interface adheres.
|
|
// All future revisions must be backwards compatible.
|
|
// If a future version is not back wards compatible it is not the same GUID.
|
|
//
|
|
#define EDKII_DEVICE_SECURITY_POLICY_PROTOCOL_REVISION 0x00010000
|
|
|
|
//
|
|
// Revision The revision to which the DEVICE_SECURITY_POLICY structure adheres.
|
|
// All future revisions must be backwards compatible.
|
|
//
|
|
#define EDKII_DEVICE_SECURITY_POLICY_REVISION 0x00010000
|
|
|
|
///
|
|
/// The macro for the policy defined in EDKII_DEVICE_SECURITY_POLICY
|
|
///
|
|
#define EDKII_DEVICE_MEASUREMENT_REQUIRED BIT0
|
|
#define EDKII_DEVICE_AUTHENTICATION_REQUIRED BIT0
|
|
|
|
///
|
|
/// The device security policy data structure
|
|
///
|
|
typedef struct {
|
|
UINT32 Revision;
|
|
UINT32 MeasurementPolicy;
|
|
UINT32 AuthenticationPolicy;
|
|
} EDKII_DEVICE_SECURITY_POLICY;
|
|
|
|
//
|
|
// Revision The revision to which the DEVICE_SECURITY_STATE structure adheres.
|
|
// All future revisions must be backwards compatible.
|
|
//
|
|
#define EDKII_DEVICE_SECURITY_STATE_REVISION 0x00010000
|
|
|
|
///
|
|
/// The macro for the state defined in EDKII_DEVICE_SECURITY_STATE
|
|
///
|
|
#define EDKII_DEVICE_SECURITY_STATE_SUCCESS 0
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR BIT31
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_UNSUPPORTED (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x0)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_GET_POLICY_PROTOCOL (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x1)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_OUT_OF_RESOURCE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x2)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_NO_CAPABILITIES (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x10)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x11)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_TCG_EXTEND_TPM_PCR (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x20)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_MEASUREMENT_AUTH_FAILURE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x21)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_CHALLENGE_FAILURE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x30)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_CERTIFIACTE_FAILURE (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x31)
|
|
#define EDKII_DEVICE_SECURITY_STATE_ERROR_NO_CERT_PROVISION (EDKII_DEVICE_SECURITY_STATE_ERROR + 0x32)
|
|
|
|
///
|
|
/// The device security state data structure
|
|
///
|
|
typedef struct {
|
|
UINT32 Revision;
|
|
UINT32 MeasurementState;
|
|
UINT32 AuthenticationState;
|
|
} EDKII_DEVICE_SECURITY_STATE;
|
|
|
|
/**
|
|
This function returns the device security policy associated with the device.
|
|
|
|
The device security driver may call this interface to get the platform policy
|
|
for the specific device and determine if the measurement or authentication
|
|
is required.
|
|
|
|
@param[in] This The protocol instance pointer.
|
|
@param[in] DeviceId The Identifier for the device.
|
|
@param[out] DeviceSecurityPolicy The Device Security Policy associated with the device.
|
|
|
|
@retval EFI_SUCCESS The device security policy is returned
|
|
@retval EFI_UNSUPPORTED The function is unsupported for the specific Device.
|
|
**/
|
|
typedef
|
|
EFI_STATUS
|
|
(EFIAPI *EDKII_DEVICE_SECURITY_GET_DEVICE_POLICY)(
|
|
IN EDKII_DEVICE_SECURITY_POLICY_PROTOCOL *This,
|
|
IN EDKII_DEVICE_IDENTIFIER *DeviceId,
|
|
OUT EDKII_DEVICE_SECURITY_POLICY *DeviceSecurityPolicy
|
|
);
|
|
|
|
/**
|
|
This function sets the device state based upon the authentication result.
|
|
|
|
The device security driver may call this interface to give the platform
|
|
a notify based upon the measurement or authentication result.
|
|
If the authentication or measurement fails, the platform may choose:
|
|
1) Do nothing.
|
|
2) Disable this device or slot temporarily and continue boot.
|
|
3) Reset the platform and retry again.
|
|
4) Disable this device or slot permanently.
|
|
5) Any other platform specific action.
|
|
|
|
@param[in] This The protocol instance pointer.
|
|
@param[in] DeviceId The Identifier for the device.
|
|
@param[in] DeviceSecurityState The Device Security state associated with the device.
|
|
|
|
@retval EFI_SUCCESS The device state is set.
|
|
@retval EFI_UNSUPPORTED The function is unsupported for the specific Device.
|
|
**/
|
|
typedef
|
|
EFI_STATUS
|
|
(EFIAPI *EDKII_DEVICE_SECURITY_NOTIFY_DEVICE_STATE)(
|
|
IN EDKII_DEVICE_SECURITY_POLICY_PROTOCOL *This,
|
|
IN EDKII_DEVICE_IDENTIFIER *DeviceId,
|
|
IN EDKII_DEVICE_SECURITY_STATE *DeviceSecurityState
|
|
);
|
|
|
|
struct _EDKII_DEVICE_SECURITY_POLICY_PROTOCOL {
|
|
UINT32 Revision;
|
|
EDKII_DEVICE_SECURITY_GET_DEVICE_POLICY GetDevicePolicy;
|
|
EDKII_DEVICE_SECURITY_NOTIFY_DEVICE_STATE NotifyDeviceState;
|
|
};
|
|
|
|
extern EFI_GUID gEdkiiDeviceSecurityPolicyProtocolGuid;
|
|
|
|
#endif
|