MdeModulePkg/SecurityStubDxe: Report failure if image is load earlier

The 3rd party image should be loaded after EndOfDxe event signal and
DxeSmmReadyToLock protocol installation. But non-SMM platform doesn't
published DxeSmmReadyToLock protocol.
So the SecurityStubDxe can only depend on EndOfDxe event.

This patch enhances the SecurityStubDxe to listen on
DxeSmmReadyToLock protocol installation and if any 3rd party image
is loaded before DxeSmmReadyToLock, it reports failure.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
This commit is contained in:
Ruiyu Ni 2016-11-01 16:42:21 +08:00
parent 048bcba1bc
commit e048823f57
3 changed files with 65 additions and 1 deletions

View File

@ -30,6 +30,7 @@ typedef struct {
DEFERRED_3RD_PARTY_IMAGE_INFO *ImageInfo; ///< deferred 3rd party image item DEFERRED_3RD_PARTY_IMAGE_INFO *ImageInfo; ///< deferred 3rd party image item
} DEFERRED_3RD_PARTY_IMAGE_TABLE; } DEFERRED_3RD_PARTY_IMAGE_TABLE;
BOOLEAN mImageLoadedAfterEndOfDxe = FALSE;
BOOLEAN mEndOfDxe = FALSE; BOOLEAN mEndOfDxe = FALSE;
DEFERRED_3RD_PARTY_IMAGE_TABLE mDeferred3rdPartyImage = { DEFERRED_3RD_PARTY_IMAGE_TABLE mDeferred3rdPartyImage = {
0, // Deferred image count 0, // Deferred image count
@ -256,6 +257,53 @@ EndOfDxe (
mEndOfDxe = TRUE; mEndOfDxe = TRUE;
} }
/**
Event notification for gEfiDxeSmmReadyToLockProtocolGuid event.
This function reports failure if any deferred image is loaded before
this callback.
Platform should publish ReadyToLock protocol immediately after signaling
of the End of DXE Event.
@param Event The Event that is being processed, not used.
@param Context Event Context, not used.
**/
VOID
EFIAPI
DxeSmmReadyToLock (
IN EFI_EVENT Event,
IN VOID *Context
)
{
EFI_STATUS Status;
VOID *Interface;
Status = gBS->LocateProtocol (&gEfiDxeSmmReadyToLockProtocolGuid, NULL, &Interface);
if (EFI_ERROR (Status)) {
return;
}
gBS->CloseEvent (Event);
if (mImageLoadedAfterEndOfDxe) {
//
// Platform should not dispatch the 3rd party images after signaling EndOfDxe event
// but before publishing DxeSmmReadyToLock protocol.
//
DEBUG ((
DEBUG_ERROR,
"[Security] 3rd party images must be dispatched after DxeSmmReadyToLock Protocol installation!\n"
));
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_UNRECOVERED,
(EFI_SOFTWARE_DXE_BS_DRIVER | EFI_SW_EC_ILLEGAL_SOFTWARE_STATE)
);
ASSERT (FALSE);
CpuDeadLoop ();
}
}
/** /**
Defer the 3rd party image load and installs Deferred Image Load Protocol. Defer the 3rd party image load and installs Deferred Image Load Protocol.
@ -303,6 +351,7 @@ Defer3rdPartyImageLoad (
); );
if (mEndOfDxe) { if (mEndOfDxe) {
mImageLoadedAfterEndOfDxe = TRUE;
// //
// The image might be first time loaded after EndOfDxe, // The image might be first time loaded after EndOfDxe,
// So ImageInfo can be NULL. // So ImageInfo can be NULL.
@ -334,6 +383,7 @@ Defer3rdPartyImageLoadInitialize (
EFI_STATUS Status; EFI_STATUS Status;
EFI_HANDLE Handle; EFI_HANDLE Handle;
EFI_EVENT Event; EFI_EVENT Event;
VOID *Registration;
Handle = NULL; Handle = NULL;
Status = gBS->InstallMultipleProtocolInterfaces ( Status = gBS->InstallMultipleProtocolInterfaces (
@ -353,4 +403,12 @@ Defer3rdPartyImageLoadInitialize (
&Event &Event
); );
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
EfiCreateProtocolNotifyEvent (
&gEfiDxeSmmReadyToLockProtocolGuid,
TPL_CALLBACK,
DxeSmmReadyToLock,
NULL,
&Registration
);
} }

View File

@ -15,16 +15,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef _DEFER_3RD_PARTY_IMAGE_LOAD_H_ #ifndef _DEFER_3RD_PARTY_IMAGE_LOAD_H_
#define _DEFER_3RD_PARTY_IMAGE_LOAD_H_ #define _DEFER_3RD_PARTY_IMAGE_LOAD_H_
#include <Uefi.h> #include <PiDxe.h>
#include <Guid/EventGroup.h> #include <Guid/EventGroup.h>
#include <Protocol/DeferredImageLoad.h> #include <Protocol/DeferredImageLoad.h>
#include <Protocol/FirmwareVolume2.h> #include <Protocol/FirmwareVolume2.h>
#include <Protocol/DxeSmmReadyToLock.h>
#include <Library/UefiBootServicesTableLib.h> #include <Library/UefiBootServicesTableLib.h>
#include <Library/BaseMemoryLib.h> #include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h> #include <Library/MemoryAllocationLib.h>
#include <Library/DevicePathLib.h> #include <Library/DevicePathLib.h>
#include <Library/DebugLib.h> #include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/ReportStatusCodeLib.h>
/** /**
Returns information about a deferred image. Returns information about a deferred image.

View File

@ -41,6 +41,8 @@
UefiBootServicesTableLib UefiBootServicesTableLib
DebugLib DebugLib
SecurityManagementLib SecurityManagementLib
ReportStatusCodeLib
UefiLib
[Guids] [Guids]
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
@ -49,6 +51,7 @@
gEfiSecurityArchProtocolGuid ## PRODUCES gEfiSecurityArchProtocolGuid ## PRODUCES
gEfiSecurity2ArchProtocolGuid ## PRODUCES gEfiSecurity2ArchProtocolGuid ## PRODUCES
gEfiDeferredImageLoadProtocolGuid ## PRODUCES gEfiDeferredImageLoadProtocolGuid ## PRODUCES
gEfiDxeSmmReadyToLockProtocolGuid ## CONSUMES
[Depex] [Depex]
TRUE TRUE