1. Update DxeCore to get correct AuthenticationStatus and invoke gSecurity after FV image file is extracted by ReadSection(), and remove the gSecurity invoking in SmmDriverDispatchHandler() in SmmCore since FV has been verified in DxeCore.

2. Update SmmLoadImage() to return EFI_SECURITY_VIOLATION when gSecurity returns EFI_SECURITY_VIOLATION. Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14113 6f19259b-4bc3-4df7-8a09-765794883524
2013-01-29 07:43:17 +00:00 · 2013-01-29 07:43:17 +00:00 · 022ff6bbba
parent 0777cea600
commit 022ff6bbba
2 changed files with 32 additions and 47 deletions
--- a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c
+++ b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c
@ -26,7 +26,7 @@
  Depex - Dependency Expresion.
  SOR   - Schedule On Request - Don't schedule if this bit is set.

-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@ -984,6 +984,7 @@ CoreProcessFvImageFile (
  UINTN                               BufferSize;
  EFI_FIRMWARE_VOLUME_HEADER          *FvHeader;
  UINT32                              FvAlignment;
+  EFI_DEVICE_PATH_PROTOCOL            *FvFileDevicePath;

  //
  // Read the first (and only the first) firmware volume section
@ -1004,6 +1005,32 @@ CoreProcessFvImageFile (
                 &AuthenticationStatus
                 );
  if (!EFI_ERROR (Status)) {
+     //
+    // Evaluate the authentication status of the Firmware Volume through
+    // Security Architectural Protocol
+    //
+    if (gSecurity != NULL) {
+      FvFileDevicePath = CoreFvToDevicePath (Fv, FvHandle, DriverName);
+      Status = gSecurity->FileAuthenticationState (
+                            gSecurity,
+                            AuthenticationStatus,
+                            FvFileDevicePath
+                            );
+      if (FvFileDevicePath != NULL) {
+        FreePool (FvFileDevicePath);
+      }
+
+      if (Status != EFI_SUCCESS) {
+        //
+        // Security check failed. The firmware volume should not be used for any purpose.
+        //
+        if (Buffer != NULL) {
+          FreePool (Buffer);
+        }
+        return Status;
+      }
+    }
+
    //
    // FvImage should be at its required alignment.
    //
@ -1087,7 +1114,6 @@ CoreFwVolEventProtocolNotify (
 {
  EFI_STATUS                    Status;
  EFI_STATUS                    GetNextFileStatus;
-  EFI_STATUS                    SecurityStatus;
  EFI_FIRMWARE_VOLUME2_PROTOCOL *Fv;
  EFI_DEVICE_PATH_PROTOCOL      *FvDevicePath;
  EFI_HANDLE                    FvHandle;
@ -1159,24 +1185,6 @@ CoreFwVolEventProtocolNotify (
      continue;
    }

-    //
-    // Evaluate the authentication status of the Firmware Volume through
-    // Security Architectural Protocol
-    //
-    if (gSecurity != NULL) {
-      SecurityStatus = gSecurity->FileAuthenticationState (
-                                    gSecurity,
-                                    0,
-                                    FvDevicePath
-                                    );
-      if (SecurityStatus != EFI_SUCCESS) {
-        //
-        // Security check failed. The firmware volume should not be used for any purpose.
-        //
-        continue;
-      }
-    }
-
    //
    // Discover Drivers in FV and add them to the Discovered Driver List.
    // Process EFI_FV_FILETYPE_DRIVER type and then EFI_FV_FILETYPE_COMBINED_PEIM_DRIVER
--- a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
+++ b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
@ -27,7 +27,7 @@

  Depex - Dependency Expresion.

-  Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
  This program and the accompanying materials are licensed and made available 
  under the terms and conditions of the BSD License which accompanies this 
  distribution.  The full text of the license may be found at        
@ -671,6 +671,9 @@ SmmLoadImage (
  // used the UEFI Boot Services AllocatePool() function
  //
  Status = gBS->FreePool(Buffer);
+  if (!EFI_ERROR (Status) && EFI_ERROR (SecurityStatus)) {
+    Status = SecurityStatus;
+  }
  return Status;  
 }

@ -1197,7 +1200,6 @@ SmmDriverDispatchHandler (
  UINTN                         HandleCount;
  EFI_HANDLE                    *HandleBuffer;
  EFI_STATUS                    GetNextFileStatus;
-  EFI_STATUS                    SecurityStatus;
  EFI_FIRMWARE_VOLUME2_PROTOCOL *Fv;
  EFI_DEVICE_PATH_PROTOCOL      *FvDevicePath;
  EFI_HANDLE                    FvHandle;
@ -1258,31 +1260,6 @@ SmmDriverDispatchHandler (
      continue;
    }

-    //
-    // If the Security Architectural Protocol has not been located yet, then attempt to locate it
-    //
-    if (mSecurity == NULL) {
-      gBS->LocateProtocol (&gEfiSecurityArchProtocolGuid, NULL, (VOID**)&mSecurity);
-    }
-
-    //
-    // Evaluate the authentication status of the Firmware Volume through
-    // Security Architectural Protocol
-    //
-    if (mSecurity != NULL) {
-      SecurityStatus = mSecurity->FileAuthenticationState (
-                                    mSecurity,
-                                    0,
-                                    FvDevicePath
-                                    );
-      if (SecurityStatus != EFI_SUCCESS) {
-        //
-        // Security check failed. The firmware volume should not be used for any purpose.
-        //
-        continue;
-      }
-    }
-
    //
    // Discover Drivers in FV and add them to the Discovered Driver List.
    // Process EFI_FV_FILETYPE_SMM type and then EFI_FV_FILETYPE_COMBINED_SMM_DXE