Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / MdePkg / Library / UefiBootServicesTableLib / AmiDeviceGuardApi / README.md
@Ajax Dong Ajax Dong 2 days ago 1 KB Restructure the repo
Raw Blame History

AmiDeviceGuardApi

Index: 0062 | Size: 9024 bytes | Arch: x64 | Phase: DXE

Overview

AMI Device Guard API DXE driver providing Secure Boot signature database management for the "db" (Allowed Signature Database) UEFI NV variable. Supports timestamped writes, certificate lookup by subject name, and Microsoft UEFI CA 2011 certificate validation. Installs a singleton Device Guard API protocol for querying and updating signature databases.

Key Functions

  • ReadSignatureDatabase -- Reads the "db" variable and searches for a certificate by subject name
  • UpdateSignatureDatabase -- Appends new signature data with timestamp headers via time-based authenticated writes
  • FindCertificateBySubject -- Iterates EFI_SIGNATURE_LIST entries to match certificate subject names in DER-encoded X.509 certs
  • SetVariableWithTimestamp -- Writes UEFI variables with EFI_TIME-based authentication headers and format magic

Protocols / Dependencies

  • AMI Device Guard API Protocol (installed singleton)
  • Firmware Volume Block (FVB) Protocol for variable raw reads
  • Image Security Database Protocol for certificate parsing
  • UEFI Runtime Services GetVariable/SetVariable

Platform

HR650X, AMI firmware, Windows Device Guard compatible, Microsoft UEFI CA 2011 subject matching