audk/X86QemuLoadImageLib at a70860f4499571669f3795adf52ccb0fa02cdac1 - audk

History

Laszlo Ersek dafce295e6 OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from LoadImage() When an image fails Secure Boot validation, LoadImage() returns EFI_SECURITY_VIOLATION if the platform policy is DEFER_EXECUTE_ON_SECURITY_VIOLATION. If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain loaded). (Before <https://bugzilla.tianocore.org/show_bug.cgi?id=2129>, this difference would be masked, as DxeImageVerificationLib would incorrectly return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as well.) In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon seeing EFI_ACCESS_DENIED too. Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200605235242.32442-1-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>	2020-06-09 20:19:04 +00:00
..
X86QemuLoadImageLib.c	OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from LoadImage()	2020-06-09 20:19:04 +00:00
X86QemuLoadImageLib.inf	OvmfPkg: implement QEMU loader library for X86 with legacy fallback	2020-03-05 19:45:05 +00:00

Laszlo Ersek dafce295e6 OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from LoadImage()

When an image fails Secure Boot validation, LoadImage() returns
EFI_SECURITY_VIOLATION if the platform policy is
DEFER_EXECUTE_ON_SECURITY_VIOLATION.

If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then
LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain
loaded).

(Before <https://bugzilla.tianocore.org/show_bug.cgi?id=2129>, this
difference would be masked, as DxeImageVerificationLib would incorrectly
return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as
well.)

In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon
seeing EFI_ACCESS_DENIED too.

Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200605235242.32442-1-lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>

2020-06-09 20:19:04 +00:00

X86QemuLoadImageLib.c

OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from LoadImage()

2020-06-09 20:19:04 +00:00

X86QemuLoadImageLib.inf

OvmfPkg: implement QEMU loader library for X86 with legacy fallback

2020-03-05 19:45:05 +00:00