This library is used to authenticate a UEFI defined FMP Capsule.

Cc: Feng Tian <feng.tian@...>
Cc: Star Zeng <star.zeng@...>
Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Liming Gao <liming.gao@...>
Cc: Chao Zhang <chao.b.zhang@...>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@...>
---
MdeModulePkg/Include/Library/FmpAuthenticationLib.h | 91 ++++++++++++++++++++
1 file changed, 91 insertions(+)

diff --git a/MdeModulePkg/Include/Library/FmpAuthenticationLib.h b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h
new file mode 100644
index 0000000..895698e
--- /dev/null
+++ b/MdeModulePkg/Include/Library/FmpAuthenticationLib.h
@@ -0,0 +1,91 @@
+/** @file
+ FMP capsule authenitcation Library.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+
+#ifndef __FMP_AUTHENTICATION_LIB_H__
+#define __FMP_AUTHENTICATION_LIB_H__
+
+/**
+ The handler is used to do the authentication for FMP capsule based upon
+ EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+
+ Caution: This function may receive untrusted input.
+
+ @param[in] Image Points to the new FMP authentication image,
+ start from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+ @param[in] ImageSize Size of the authentication image in bytes.
+ @param[out] LastAttemptStatus The last attempt status, which will be recorded
+ in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+
+ @retval RETURN_SUCCESS Authentication pass.
+ @retval RETURN_SECURITY_VIOLATION Authentication fail.
+ The detail reson is recorded in LastAttemptStatus.
+**/
+typedef
+RETURN_STATUS
+(EFIAPI *FMP_AUTHENTICATION_HANDLER) (
+ IN VOID *Image,
+ IN UINTN ImageSize,
+ OUT UINT32 *LastAttemptStatus
+ );
+
+/**
+ Register FMP authentication handler with CertType.
+
+ If CertType is NULL, then ASSERT().
+ If FmpAuthenticationHandler is NULL, then ASSERT().
+
+ @param[in] CertType The certificate type associated with the FMP auth handler.
+ @param[in] FmpAuthenticationHandler The FMP authentication handler to be registered.
+
+ @retval RETURN_SUCCESS The handlers were registered.
+ @retval RETURN_OUT_OF_RESOURCES There are not enough resources available to register the handlers.
+**/
+RETURN_STATUS
+EFIAPI
+RegisterFmpAuthenticationHandler(
+ IN GUID *CertType,
+ IN FMP_AUTHENTICATION_HANDLER FmpAuthenticationHandler
+ );
+
+/**
+ Execute FMP authentication handlers.
+
+ Caution: This function may receive untrusted input.
+
+ If Image is NULL, then ASSERT().
+ If ImageSize is 0, then ASSERT().
+ If LastAttemptStatus is NULL, then ASSERT().
+
+ @param[in] Image Points to the new FMP authentication image,
+ start from EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+ @param[in] ImageSize Size of the authentication image in bytes.
+ @param[out] LastAttemptStatus The last attempt status, which will be recorded
+ in ESRT and FMP EFI_FIRMWARE_IMAGE_DESCRIPTOR.
+
+ @retval RETURN_SUCCESS Authentication pass.
+ @retval RETURN_SECURITY_VIOLATION Authentication fail.
+ The detail reson is recorded in LastAttemptStatus.
+ @retval RETURN_UNSUPPORTED No Authentication handler associated with CertType.
+**/
+RETURN_STATUS
+EFIAPI
+ExecuteFmpAuthenticationHandler(
+ IN VOID *Image,
+ IN UINTN ImageSize,
+ OUT UINT32 *LastAttemptStatus
+ );
+
+#endif
+
--
2.7.4.windows.1