Update PeiCore to follow PI spec to retrieve GUIDED section data when ExtractionPpi is not found.

Enhance PeiCore Security Policy to check AuthenticationStatus when SecurityPpi is not found.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Zeng, Star <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15817 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Gao, Liming 2014-08-18 05:43:06 +00:00 committed by lgao4
parent 03af275332
commit 9d8de12c31
2 changed files with 30 additions and 5 deletions

View File

@ -735,6 +735,7 @@ ProcessSection (
BOOLEAN SectionCached; BOOLEAN SectionCached;
VOID *TempOutputBuffer; VOID *TempOutputBuffer;
UINT32 TempAuthenticationStatus; UINT32 TempAuthenticationStatus;
UINT16 GuidedSectionAttributes;
PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices); PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);
*OutputBuffer = NULL; *OutputBuffer = NULL;
@ -834,9 +835,11 @@ ProcessSection (
Authentication = 0; Authentication = 0;
if (Section->Type == EFI_SECTION_GUID_DEFINED) { if (Section->Type == EFI_SECTION_GUID_DEFINED) {
if (IS_SECTION2 (Section)) { if (IS_SECTION2 (Section)) {
SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION2 *)Section)->SectionDefinitionGuid; SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION2 *)Section)->SectionDefinitionGuid;
GuidedSectionAttributes = ((EFI_GUID_DEFINED_SECTION2 *)Section)->Attributes;
} else { } else {
SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION *)Section)->SectionDefinitionGuid; SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION *)Section)->SectionDefinitionGuid;
GuidedSectionAttributes = ((EFI_GUID_DEFINED_SECTION *)Section)->Attributes;
} }
if (VerifyGuidedSectionGuid (SectionDefinitionGuid, &GuidSectionPpi)) { if (VerifyGuidedSectionGuid (SectionDefinitionGuid, &GuidSectionPpi)) {
Status = GuidSectionPpi->ExtractSection ( Status = GuidSectionPpi->ExtractSection (
@ -846,6 +849,21 @@ ProcessSection (
&PpiOutputSize, &PpiOutputSize,
&Authentication &Authentication
); );
} else if ((GuidedSectionAttributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) == 0) {
//
// Figure out the proper authentication status for GUIDED section without processing required
//
Status = EFI_SUCCESS;
if ((GuidedSectionAttributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) == EFI_GUIDED_SECTION_AUTH_STATUS_VALID) {
Authentication |= EFI_AUTH_STATUS_IMAGE_SIGNED | EFI_AUTH_STATUS_NOT_TESTED;
}
if (IS_SECTION2 (Section)) {
PpiOutputSize = SECTION2_SIZE (Section) - ((EFI_GUID_DEFINED_SECTION2 *) Section)->DataOffset;
PpiOutput = (UINT8 *) Section + ((EFI_GUID_DEFINED_SECTION2 *) Section)->DataOffset;
} else {
PpiOutputSize = SECTION_SIZE (Section) - ((EFI_GUID_DEFINED_SECTION *) Section)->DataOffset;
PpiOutput = (UINT8 *) Section + ((EFI_GUID_DEFINED_SECTION *) Section)->DataOffset;
}
} }
} else if (Section->Type == EFI_SECTION_COMPRESSION) { } else if (Section->Type == EFI_SECTION_COMPRESSION) {
Status = PeiServicesLocatePpi (&gEfiPeiDecompressPpiGuid, 0, NULL, (VOID **) &DecompressPpi); Status = PeiServicesLocatePpi (&gEfiPeiDecompressPpiGuid, 0, NULL, (VOID **) &DecompressPpi);

View File

@ -1,7 +1,7 @@
/** @file /** @file
EFI PEI Core Security services EFI PEI Core Security services
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -100,9 +100,16 @@ VerifyPeim (
EFI_STATUS Status; EFI_STATUS Status;
BOOLEAN DeferExection; BOOLEAN DeferExection;
Status = EFI_NOT_FOUND;
if (PrivateData->PrivateSecurityPpi == NULL) { if (PrivateData->PrivateSecurityPpi == NULL) {
Status = EFI_NOT_FOUND; //
// Check AuthenticationStatus first.
//
if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {
if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {
Status = EFI_SECURITY_VIOLATION;
}
}
} else { } else {
// //
// Check to see if the image is OK // Check to see if the image is OK