SecurityPkg/Library/DxeImageVerificationLib/GoogleTest/DxeImageVerificationLibGoogleTest.h - edk2 - Git at Google

 /** @file
   Unit tests for the implementation of DxeImageVerificationLib.

   Copyright (c) 2025, Yandex. All rights reserved.
   SPDX-License-Identifier: BSD-2-Clause-Patent
 **/

 #ifndef DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H
 #define DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H

 /**
   Provide verification service for signed images, which include both signature validation
   and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and
   MSFT Authenticode type signatures are supported.

   In this implementation, only verify external executables when in USER MODE.
   Executables from FV is bypass, so pass in AuthenticationStatus is ignored.

   The image verification policy is:
     If the image is signed,
       At least one valid signature or at least one hash value of the image must match a record
       in the security database "db", and no valid signature nor any hash value of the image may
       be reflected in the security database "dbx".
     Otherwise, the image is not signed,
       The hash value of the image must match a record in the security database "db", and
       not be reflected in the security data base "dbx".

   Caution: This function may receive untrusted input.
   PE/COFF image is external input, so this function will validate its data structure
   within this image buffer before use.

   @param[in]    AuthenticationStatus
                            This is the authentication status returned from the security
                            measurement services for the input file.
   @param[in]    File       This is a pointer to the device path of the file that is
                            being dispatched. This will optionally be used for logging.
   @param[in]    FileBuffer File buffer matches the input file device path.
   @param[in]    FileSize   Size of File buffer matches the input file device path.
   @param[in]    BootPolicy A boot policy that was used to call LoadImage() UEFI service.

   @retval EFI_SUCCESS            The file specified by DevicePath and non-NULL
                                  FileBuffer did authenticate, and the platform policy dictates
                                  that the DXE Foundation may use the file.
   @retval EFI_SUCCESS            The device path specified by NULL device path DevicePath
                                  and non-NULL FileBuffer did authenticate, and the platform
                                  policy dictates that the DXE Foundation may execute the image in
                                  FileBuffer.
   @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
                                  the platform policy dictates that File should be placed
                                  in the untrusted state. The image has been added to the file
                                  execution table.
   @retval EFI_ACCESS_DENIED      The file specified by File and FileBuffer did not
                                  authenticate, and the platform policy dictates that the DXE
                                  Foundation may not use File. The image has
                                  been added to the file execution table.

 **/
 EFI_STATUS
 EFIAPI
 DxeImageVerificationHandler (
   IN  UINT32                          AuthenticationStatus,
   IN  CONST EFI_DEVICE_PATH_PROTOCOL  *File  OPTIONAL,
   IN  VOID                            *FileBuffer,
   IN  UINTN                           FileSize,
   IN  BOOLEAN                         BootPolicy
   );

 //
 // The DxeImageVerificationLib.h file has dependencies on Pi/PiFirmwareVolume.h and Pi/PiFirmwareFile.h.
 // These macros are copied from the header file to prevent PiPei.h from being included in HOST_APPLICATION.
 //

 //
 // Authorization policy bit definition
 //
 #define ALWAYS_EXECUTE  0x00000000
 #define NEVER_EXECUTE   0x00000001

 #endif // DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H
	/** @file
	Unit tests for the implementation of DxeImageVerificationLib.

	Copyright (c) 2025, Yandex. All rights reserved.
	SPDX-License-Identifier: BSD-2-Clause-Patent
	**/

	#ifndef DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H
	#define DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H

	/**
	Provide verification service for signed images, which include both signature validation
	and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and
	MSFT Authenticode type signatures are supported.

	In this implementation, only verify external executables when in USER MODE.
	Executables from FV is bypass, so pass in AuthenticationStatus is ignored.

	The image verification policy is:
	If the image is signed,
	At least one valid signature or at least one hash value of the image must match a record
	in the security database "db", and no valid signature nor any hash value of the image may
	be reflected in the security database "dbx".
	Otherwise, the image is not signed,
	The hash value of the image must match a record in the security database "db", and
	not be reflected in the security data base "dbx".

	Caution: This function may receive untrusted input.
	PE/COFF image is external input, so this function will validate its data structure
	within this image buffer before use.

	@param[in] AuthenticationStatus
	This is the authentication status returned from the security
	measurement services for the input file.
	@param[in] File This is a pointer to the device path of the file that is
	being dispatched. This will optionally be used for logging.
	@param[in] FileBuffer File buffer matches the input file device path.
	@param[in] FileSize Size of File buffer matches the input file device path.
	@param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.

	@retval EFI_SUCCESS The file specified by DevicePath and non-NULL
	FileBuffer did authenticate, and the platform policy dictates
	that the DXE Foundation may use the file.
	@retval EFI_SUCCESS The device path specified by NULL device path DevicePath
	and non-NULL FileBuffer did authenticate, and the platform
	policy dictates that the DXE Foundation may execute the image in
	FileBuffer.
	@retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
	the platform policy dictates that File should be placed
	in the untrusted state. The image has been added to the file
	execution table.
	@retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
	authenticate, and the platform policy dictates that the DXE
	Foundation may not use File. The image has
	been added to the file execution table.

	**/
	EFI_STATUS
	EFIAPI
	DxeImageVerificationHandler (
	IN UINT32 AuthenticationStatus,
	IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
	IN VOID *FileBuffer,
	IN UINTN FileSize,
	IN BOOLEAN BootPolicy
	);

	//
	// The DxeImageVerificationLib.h file has dependencies on Pi/PiFirmwareVolume.h and Pi/PiFirmwareFile.h.
	// These macros are copied from the header file to prevent PiPei.h from being included in HOST_APPLICATION.
	//

	//
	// Authorization policy bit definition
	//
	#define ALWAYS_EXECUTE 0x00000000
	#define NEVER_EXECUTE 0x00000001

	#endif // DXE_IMAGE_VERIFICATION_LIB_GOOGLE_TEST_H