How to Enable Security - jljusten/tianocore GitHub Wiki
EDK II implements a variety of platform security features. These are typically disabled or absent in open hardware platforms. While some platforms implement these with enable/disable build flags, other platforms require additional porting to enable security features.
EDK II provides an implementation of capsule-based firmware update and firmware recovery features that can detect if a firmware update or a recovery image delivered via UEFI Capsule has been modified. It can also verify that the capsule applies to the platform that receives the capsule, and verifies that a firmware update does not violate any of the platforms's firmware rollback rules.
Please refer to Capsule Based Firmware Update and Firmware Recovery for detailed porting instructions.
Note: Information for this section was written based on the UDK2010.SR1 release
Based on original variable driver in MdeModulePkg, variable driver in SecurityPkg provides authenticated variable service in UEFI 2.3.1 spec. Runtime crypto library, OpenSSL* library and variable driver are required to enable this feature.
1. Ensure OpensslLib* library instance is defined in [LibraryClasses] section of the platform DSC file:
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- For PEI driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
- For DXE driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
- For RUNTIME driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
- For SMM driver: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
- SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { <LibraryClasses> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf }
5. Add Authenticated Variable driver INF to [Component] section of the platform DSC file:
- SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
- INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
- INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
- INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
- INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
#Signature: gEfiAuthenticatedVariableGuid = # {0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92}} 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
8. Set appropriate value of gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize for security feature relative databases which uses EFI Variable as storage. Each database stores in a single variable, the maximum variable size is defined by PCD value of gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize.
Database categories include:
- 1) PK database: only one entry for public key of PK plus header info.
- 2) KEK database: multi-entry for public key of KEK plus header info.
- 3) Authorized signature database: multi-entries for authorized signatures
- 4) Forbidden signature database: multi-entries for forbidden signatures,
NOTICE: Typically the size of one X509 certificate is ~2k, which may exceed the default maximum variable size. Please adjust the value by PCD if needed.
9. Set a platform policy of image verification by PCDs. User can customize platform policy of image verification by PCD value before build a platform. In [PcdsFixedAtBuild] section of SecurityPkg.dec file, set the PCD value for each type of device accordingly.
For example, if the platform policy is defined as:
- 1) Trust all images from OptionROM.
- 2) Validate all images from removable devices and deny execute when security
- 3) Validate all images from hard disk and query user to make decision when
In this case, the PCD value should be set as following:
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001
- gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002
- gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05|UINT32|0x00000003
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
How to Sign UEFI Drivers & Applications .pdf
Note: Information for this section was written based on the UDK2010.SR1 release
In UID (User Identification) infrastructure, there are 4 UEFI drivers, one library instance and some platform specific changes in BDS. To enable UID feature:
1. Ensure the platform specific code had been integrated into the platform BDS. Identify () in User Manager Protocol should be invoked after console is ready and authentication device (e.g. Smart card) is connected.
2. Ensure OpensslLib* library instance is defined in [LibraryClasses] section of the platform DSC file:
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf3. Ensure BaseCryptLib library instances in each phase are defined in the platform DSC file:
PEI phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf DXE phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf RUNTIME phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
4. Add UID drivers to [Component] section of the platform DSC file:
- 1) UserIdentifyManagerDxe driver produces user manager protocol and loads
- SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf
- 2) PwdCredentialProviderDxe driver produces user credential protocol and
- SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
- 3) UsbCredentialProviderDxe driver produces user credential protocol and
- SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf
- 4) UserProfileManagerDxe driver provide UI configure for user profiles in
- SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { <LibraryClasses> NULL|SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf }
6. Add UID drivers to the platform FDF file:
- INF SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf
- INF SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf
- INF SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
- INF SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf
User can customize platform policy by changing the default PCD value in SecurityPkg.dec before building a platform.
- 1) Deferred image load policy
- 2) USB token file name
Note: Information for this section was written based on the UDK2010.SR1 release
TCG measured boot consists of two PEI modules, four DXE drivers and three libraries and some platform specific changes. To enable TCG TPM feature:
1. Ensure the platform specific changes had been done.
- 1) Memory should be cleared if ClearMemory bit of variable MemoryOverwriteRequestControl
- 2) TcgPhysicalPresenceLibProcessRequest () from TCG physical presenceLib library
2. Ensure OpensslLib* library instance is defined in [LibraryClasses] section of the platform DSC file:
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
DSC file:
- PEI phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
- DXE phase: BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
- 1) TPM common library
- SecurityPkg/Library/TpmCommLib/TpmCommLib.inf
- 2) TCG physical presence library
- SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
- 3) TPM measure boot library
The library instance provides measurement and log service for TPM measured boot. The instance is invoked during loading an image into memory. It should be added into LibraryClasses section of module SecurityStubDxe in the platform DSC file.
- SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { <LibraryClasses> NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf }
5. Add TPM drivers to [Component] section of the platform DSC file:
- 1) TCG TPM PEI driver initializes TPM device and measures the drivers in firmware.
- SecurityPkg/Tcg/TcgPei/TcgPei.inf
- 2) TCG TPM DXE driver produces EFI TCG protocol and measure the drivers which
- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
- 3) TCG SMM driver implements TPM definition block in ACPI table and registers
- SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
- 4) TCG UI driver provides a generic TCG configuration page in setup browser to
- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
- 5) TCG physical presence PEI driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to
- SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
- 6) TCG memory overwrite Control driver initilizes MemoryOverwriteRequestControl
- SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
- INF SecurityPkg/Tcg/TcgPei/TcgPei.inf
- INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
- INF SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
- INF SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf
- INF SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf
- INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
User can customize platform policy by changing the default PCD value in SecurityPkg.dec before building a platform.
- 1) TCG platform type
- gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006
- 2) Hide TPM device
- gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport|FALSE|BOOLEAN|0x00000007
1. In this version of implementation of authenticated variable service, we support:
- 1) Public exponent of RSA key value is fixed as 0x10001.
- 2) Encoding schema of RSA is PKCS1.15.
- * Other names and brands may be claimed as the property of others.