diff options
| author | Jian J Wang <jian.j.wang@intel.com> | 2020-03-12 13:40:24 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2020-03-27 16:41:05 +0000 |
| commit | 5042ee43d9403c1ae445b6c976c51e57c8f2d522 (patch) | |
| tree | 3368b520a2f8277b1e84a4c2aea50c8777bfb775 /SecurityPkg | |
| parent | 4ac82ea1e11ed037468b01655200a425504f2c86 (diff) | |
| download | edk2-5042ee43d9403c1ae445b6c976c51e57c8f2d522.tar.gz edk2-5042ee43d9403c1ae445b6c976c51e57c8f2d522.tar.bz2 edk2-5042ee43d9403c1ae445b6c976c51e57c8f2d522.zip | |
SecurityPkg: add RpmcLib and VariableKeyLib public headers
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2594
RpmcLib.h and VariableKeyLib.h are header files required to access RPMC
device and Key generator from platform. They will be used to ensure the
integrity and confidentiality of NV variables.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg')
| -rw-r--r-- | SecurityPkg/Include/Library/RpmcLib.h | 43 | ||||
| -rw-r--r-- | SecurityPkg/Include/Library/VariableKeyLib.h | 60 | ||||
| -rw-r--r-- | SecurityPkg/SecurityPkg.dec | 8 |
3 files changed, 111 insertions, 0 deletions
diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Library/RpmcLib.h new file mode 100644 index 0000000000..5882bfae2f --- /dev/null +++ b/SecurityPkg/Include/Library/RpmcLib.h @@ -0,0 +1,43 @@ +/** @file
+ Public definitions for the Replay Protected Monotonic Counter (RPMC) Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _RPMC_LIB_H_
+#define _RPMC_LIB_H_
+
+#include <Uefi/UefiBaseType.h>
+
+/**
+ Requests the monotonic counter from the designated RPMC counter.
+
+ @param[out] CounterValue A pointer to a buffer to store the RPMC value.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter.
+ @retval EFI_UNSUPPORTED The operation is un-supported.
+**/
+EFI_STATUS
+EFIAPI
+RequestMonotonicCounter (
+ OUT UINT32 *CounterValue
+ );
+
+/**
+ Increments the monotonic counter in the SPI flash device by 1.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter.
+ @retval EFI_UNSUPPORTED The operation is un-supported.
+**/
+EFI_STATUS
+EFIAPI
+IncrementMonotonicCounter (
+ VOID
+ );
+
+#endif
+
diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Include/Library/VariableKeyLib.h new file mode 100644 index 0000000000..c805e2de00 --- /dev/null +++ b/SecurityPkg/Include/Library/VariableKeyLib.h @@ -0,0 +1,60 @@ +/** @file
+ Public definitions for Variable Key Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _VARIABLE_KEY_LIB_H_
+#define _VARIABLE_KEY_LIB_H_
+
+#include <Uefi/UefiBaseType.h>
+
+/**
+ Retrieves the key for integrity and/or confidentiality of variables.
+
+ @param[out] VariableKey A pointer to pointer for the variable key buffer.
+ @param[in,out] VariableKeySize The size in bytes of the variable key.
+
+ @retval EFI_SUCCESS The variable key was returned.
+ @retval EFI_DEVICE_ERROR An error occurred while attempting to get the variable key.
+ @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface.
+ @retval EFI_UNSUPPORTED The variable key is not supported in the current boot configuration.
+**/
+EFI_STATUS
+EFIAPI
+GetVariableKey (
+ OUT VOID **VariableKey,
+ IN OUT UINTN *VariableKeySize
+ );
+
+/**
+ Regenerates the variable key.
+
+ @retval EFI_SUCCESS The variable key was regenerated successfully.
+ @retval EFI_DEVICE_ERROR An error occurred while attempting to regenerate the key.
+ @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface.
+ @retval EFI_UNSUPPORTED Key regeneration is not supported in the current boot configuration.
+**/
+EFI_STATUS
+EFIAPI
+RegenerateVariableKey (
+ VOID
+ );
+
+/**
+ Locks the regenerate key interface.
+
+ @retval EFI_SUCCESS The key interface was locked successfully.
+ @retval EFI_UNSUPPORTED Locking the key interface is not supported in the current boot configuration.
+ @retval Others An error occurred while attempting to lock the key interface.
+**/
+EFI_STATUS
+EFIAPI
+LockVariableKeyInterface (
+ VOID
+ );
+
+#endif
+
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 5335cc5397..2cdfb02cc5 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -76,6 +76,14 @@ #
TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h
+ ## @libraryclass Provides interfaces to access RPMC device.
+ #
+ RpmcLib|Include/Library/RpmcLib.h
+
+ ## @libraryclass Provides interfaces to access variable root key.
+ #
+ VariableKeyLib|Include/Library/VariableKeyLib.h
+
[Guids]
## Security package token space guid.
# Include/Guid/SecurityPkgTokenSpace.h
|