SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi

If FirmwareVolumeShadow PPI is available, then use it to shadow FVs to memory. Otherwise fallback to CopyMem(). Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Patel Umang <umang.patel@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2023-03-21 17:02:34 -07:00 · 2023-03-21 17:02:34 -07:00 · 144028626e
parent c8e631588b
commit 144028626e
3 changed files with 32 additions and 7 deletions
--- a/SecurityPkg/FvReportPei/FvReportPei.c
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@ -114,12 +114,13 @@ VerifyHashedFv (
  IN EFI_BOOT_MODE   BootMode
  )
 {
-  UINTN                FvIndex;
-  CONST HASH_ALG_INFO  *AlgInfo;
-  UINT8                *HashValue;
-  UINT8                *FvHashValue;
-  VOID                 *FvBuffer;
-  EFI_STATUS           Status;
+  UINTN                                 FvIndex;
+  CONST HASH_ALG_INFO                   *AlgInfo;
+  UINT8                                 *HashValue;
+  UINT8                                 *FvHashValue;
+  VOID                                  *FvBuffer;
+  EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI  *FvShadowPpi;
+  EFI_STATUS                            Status;

  if ((HashInfo == NULL) ||
      (HashInfo->HashSize == 0) ||
@ -191,8 +192,30 @@ VerifyHashedFv (
    // Copy FV to permanent memory to avoid potential TOC/TOU.
    //
    FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));
+
    ASSERT (FvBuffer != NULL);
-    CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length);
+    Status = PeiServicesLocatePpi (
+               &gEdkiiPeiFirmwareVolumeShadowPpiGuid,
+               0,
+               NULL,
+               (VOID **)&FvShadowPpi
+               );
+
+    if (!EFI_ERROR (Status)) {
+      Status = FvShadowPpi->FirmwareVolumeShadow (
+                              (EFI_PHYSICAL_ADDRESS)FvInfo[FvIndex].Base,
+                              FvBuffer,
+                              (UINTN)FvInfo[FvIndex].Length
+                              );
+    }
+
+    if (EFI_ERROR (Status)) {
+      CopyMem (
+        FvBuffer,
+        (CONST VOID *)(UINTN)FvInfo[FvIndex].Base,
+        (UINTN)FvInfo[FvIndex].Length
+        );
+    }

    if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) {
      Status = EFI_ABORTED;
--- a/SecurityPkg/FvReportPei/FvReportPei.h
+++ b/SecurityPkg/FvReportPei/FvReportPei.h
@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <IndustryStandard/Tpm20.h>

 #include <Ppi/FirmwareVolumeInfoStoredHashFv.h>
+#include <Ppi/FirmwareVolumeShadowPpi.h>

 #include <Library/PeiServicesLib.h>
 #include <Library/PcdLib.h>
--- a/SecurityPkg/FvReportPei/FvReportPei.inf
+++ b/SecurityPkg/FvReportPei/FvReportPei.inf
@ -46,6 +46,7 @@
 [Ppis]
  gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid   ## PRODUCES
  gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid  ## CONSUMES
+  gEdkiiPeiFirmwareVolumeShadowPpiGuid            ## CONSUMES

 [Pcd]
  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass