# SecurityStubDxe

| Index | Module | Size | Phase |
|-------|--------|------|-------|
| 0345 | SecurityStubDxe | 54,752 bytes | DXE |

UEFI DXE driver that installs the EFI Security Architecture Protocol (`gEfiSecurityArchProtocolGuid`) and EFI Security2 Architecture Protocol (`gEfiSecurity2ArchProtocolGuid`). Provides the platform's image verification and authorization policy, including secure boot enforcement, certificate database (DB/DBX) validation, and deferred 3rd-party image dispatch until after `DxeSmmReadyToLock`.

## Key Functions

- **ModuleEntryPoint** -- Driver entry point; installs Security and Security2 architecture protocols
- **SecurityStub** -- Core security policy handler for image authentication
- **Defer3rdPartyImageLoad** -- Delays 3rd-party image dispatch until after SMM ready-to-lock
- **DxeImageVerificationLib** -- Image signature verification (SHA hash, X.509 certificate, PKCS7)
- **DxeTpmMeasureBootLib** -- Measures boot images into TPM PCRs

## Dependencies

- `gEfiSecurityArchProtocolGuid`, `gEfiSecurity2ArchProtocolGuid`
- UEFI Boot Services, Runtime Services
- UEFI Device Path Library, Hob Library, PCD Library
- AMI Image Verification Library
- TPM 2.0 Measure Boot Library
- Lenovo IPMI Command Library

## Platform

x86-64, PE32+, UEFI DXE driver, VS2015 debug build.