Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / MdeModulePkg / Universal / SecurityStubDxe / README.md
@Ajax Dong Ajax Dong 2 days ago 1 KB Full restructure
Raw Blame History

SecurityStubDxe

Index Module Size Phase
0345 SecurityStubDxe 54,752 bytes DXE

UEFI DXE driver that installs the EFI Security Architecture Protocol (gEfiSecurityArchProtocolGuid) and EFI Security2 Architecture Protocol (gEfiSecurity2ArchProtocolGuid). Provides the platform's image verification and authorization policy, including secure boot enforcement, certificate database (DB/DBX) validation, and deferred 3rd-party image dispatch until after DxeSmmReadyToLock.

Key Functions

  • ModuleEntryPoint -- Driver entry point; installs Security and Security2 architecture protocols
  • SecurityStub -- Core security policy handler for image authentication
  • Defer3rdPartyImageLoad -- Delays 3rd-party image dispatch until after SMM ready-to-lock
  • DxeImageVerificationLib -- Image signature verification (SHA hash, X.509 certificate, PKCS7)
  • DxeTpmMeasureBootLib -- Measures boot images into TPM PCRs

Dependencies

  • gEfiSecurityArchProtocolGuid, gEfiSecurity2ArchProtocolGuid
  • UEFI Boot Services, Runtime Services
  • UEFI Device Path Library, Hob Library, PCD Library
  • AMI Image Verification Library
  • TPM 2.0 Measure Boot Library
  • Lenovo IPMI Command Library

Platform

x86-64, PE32+, UEFI DXE driver, VS2015 debug build.