tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi 

If FirmwareVolumeShadow PPI is available, then use it to
shadow FVs to memory.  Otherwise fallback to CopyMem().

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Patel Umang <umang.patel@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Umang Patel 2023-03-21 17:02:34 -07:00 committed by mergify[bot]
parent c8e631588b
commit 144028626e
3 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
SecurityPkg/FvReportPei/FvReportPei.c
View File

@ -114,12 +114,13 @@ VerifyHashedFv (
IN EFI_BOOT_MODE BootMode IN EFI_BOOT_MODE BootMode
) )
{ {
UINTN FvIndex; UINTN FvIndex;
CONST HASH_ALG_INFO *AlgInfo; CONST HASH_ALG_INFO *AlgInfo;
UINT8 *HashValue; UINT8 *HashValue;
UINT8 *FvHashValue; UINT8 *FvHashValue;
VOID *FvBuffer; VOID *FvBuffer;
EFI_STATUS Status; EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI *FvShadowPpi;
EFI_STATUS Status;
if ((HashInfo == NULL) || if ((HashInfo == NULL) ||
(HashInfo->HashSize == 0) || (HashInfo->HashSize == 0) ||
@ -191,8 +192,30 @@ VerifyHashedFv (
// Copy FV to permanent memory to avoid potential TOC/TOU. // Copy FV to permanent memory to avoid potential TOC/TOU.
// //
FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length)); FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));
ASSERT (FvBuffer != NULL); ASSERT (FvBuffer != NULL);
CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length); Status = PeiServicesLocatePpi (
&gEdkiiPeiFirmwareVolumeShadowPpiGuid,
0,
NULL,
(VOID **)&FvShadowPpi
);
if (!EFI_ERROR (Status)) {
Status = FvShadowPpi->FirmwareVolumeShadow (
(EFI_PHYSICAL_ADDRESS)FvInfo[FvIndex].Base,
FvBuffer,
(UINTN)FvInfo[FvIndex].Length
);
}
if (EFI_ERROR (Status)) {
CopyMem (
FvBuffer,
(CONST VOID *)(UINTN)FvInfo[FvIndex].Base,
(UINTN)FvInfo[FvIndex].Length
);
}
if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) { if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) {
Status = EFI_ABORTED; Status = EFI_ABORTED;

1
SecurityPkg/FvReportPei/FvReportPei.h
View File

@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <IndustryStandard/Tpm20.h> #include <IndustryStandard/Tpm20.h>
#include <Ppi/FirmwareVolumeInfoStoredHashFv.h> #include <Ppi/FirmwareVolumeInfoStoredHashFv.h>
#include <Ppi/FirmwareVolumeShadowPpi.h>
#include <Library/PeiServicesLib.h> #include <Library/PeiServicesLib.h>
#include <Library/PcdLib.h> #include <Library/PcdLib.h>

1
SecurityPkg/FvReportPei/FvReportPei.inf
View File

@ -46,6 +46,7 @@
[Ppis] [Ppis]
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## PRODUCES gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## PRODUCES
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid ## CONSUMES gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid ## CONSUMES
gEdkiiPeiFirmwareVolumeShadowPpiGuid ## CONSUMES
[Pcd] [Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass