sbat/lib.rs
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
4// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
5// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
6// option. This file may not be copied, modified, or distributed
7// except according to those terms.
8
9//! UEFI SBAT (Secure Boot Advanced Targeting)
10//!
11//! SBAT is used to revoke insecure UEFI executables in a way that won't
12//! eat up the limited storage space available in the UEFI environment.
13//!
14//! There are two important sources of data:
15//! 1. The SBAT metadata associated with each image describes the
16//! components in that image.
17//! 2. The SBAT revocation data stored in a UEFI variable provides a
18//! list of component versions that are no longer allowed to boot.
19//!
20//! Each entry in the revocation list contains component name and
21//! version fields. (The first entry, which is the sbat version, also
22//! has a date field. That date field acts as a version for the whole
23//! revocation list.) When validating an image, each component in the
24//! image is checked against the revocation entries. If the name
25//! matches, and if the component's version is less than the version in
26//! the corresponding revocation entry, the component is considered
27//! revoked and the image will not pass validation.
28//!
29//! The details and exact validation rules are described further in the
30//! [SBAT.md] and [SBAT.example.md] files in the shim repo.
31//!
32//! # API
33//!
34//! This `no_std` library handles parsing both sources of SBAT data
35//! ([`ImageSbat`] and [`RevocationSbat`] data), as well as performing
36//! the revocation comparison. The parsing starts with raw bytes
37//! containing the CSV; the library doesn't handle directly reading PE
38//! binaries or UEFI variables. Consider using the [`object`] crate to
39//! extract the `.sbat` section from a PE binary.
40//!
41//! If the `alloc` feature is enabled, the [`ImageSbatOwned`] and
42//! [`RevocationSbatOwned`] types can be be used. These types own the
43//! CSV string data rather than taking a reference to it. They deref to
44//! [`ImageSbat`] and [`RevocationSbat`] respectively.
45//!
46//! # Examples
47//!
48//! ```
49#![doc = include_str!("../tests/example.rs")]
50//! ```
51//!
52//! [SBAT.example.md]: https://github.com/rhboot/shim/blob/HEAD/SBAT.example.md
53//! [SBAT.md]: https://github.com/rhboot/shim/blob/HEAD/SBAT.md
54//! [`object`]: https://crates.io/crates/object
55
56#![warn(missing_docs)]
57#![warn(unsafe_code)]
58#![warn(clippy::arithmetic_side_effects)]
59#![warn(clippy::pedantic)]
60#![allow(clippy::enum_glob_use)]
61#![allow(clippy::missing_errors_doc)]
62#![allow(clippy::module_name_repetitions)]
63#![cfg_attr(docsrs, feature(doc_cfg))]
64// Allow using `std` if the `std` feature is enabled, or when running
65// tests. Otherwise enable `no_std`.
66#![cfg_attr(all(not(feature = "std"), not(test)), no_std)]
67
68#[cfg(feature = "alloc")]
69extern crate alloc as rust_alloc;
70
71mod component;
72mod csv;
73mod error;
74mod generation;
75mod image;
76mod lines;
77mod revocation_section;
78mod revocations;
79
80#[cfg(feature = "alloc")]
81mod alloc;
82
83pub use ValidationResult::{Allowed, Revoked};
84pub use component::Component;
85pub use csv::ALLOWED_SPECIAL_CHARS;
86pub use error::ParseError;
87pub use generation::Generation;
88pub use image::{Entries, Entry, ImageSbat, SBAT_SECTION_NAME, Vendor};
89pub use revocation_section::{
90 REVOCATION_SECTION_NAME, RevocationSection, RevocationSectionError,
91};
92pub use revocations::{RevocationSbat, RevokedComponents, ValidationResult};
93
94#[cfg(feature = "alloc")]
95pub use alloc::{ImageSbatOwned, RevocationSbatOwned};