tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/MdeModulePkg/Core/Pei/Security/Security.c

170 lines
4.8 KiB
C
Raw Blame History

/** @file
EFI PEI Core Security services
Copyright (c) 2006, Intel Corporation
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <PeiMain.h>
/**
Provide a callback for when the security PPI is installed.
@param PeiServices - The PEI core services table.
@param NotifyDescriptor - The descriptor for the notification event.
@param Ppi - Pointer to the PPI in question.
@return Always success
**/
EFI_STATUS
EFIAPI
SecurityPpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
);
STATIC EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList = {
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
&gEfiPeiSecurity2PpiGuid,
SecurityPpiNotifyCallback
};
/**
Initialize the security services.
@param PeiServices - The PEI core services table.
@param OldCoreData - Pointer to the old core data.
NULL if being run in non-permament memory mode.
**/
VOID
InitializeSecurityServices (
IN EFI_PEI_SERVICES **PeiServices,
IN PEI_CORE_INSTANCE *OldCoreData
)
{
if (OldCoreData == NULL) {
PeiServicesNotifyPpi (&mNotifyList);
}
return;
}
/**
Provide a callback for when the security PPI is installed.
@param PeiServices - The PEI core services table.
@param NotifyDescriptor - The descriptor for the notification event.
@param Ppi - Pointer to the PPI in question.
@return Always success
**/
EFI_STATUS
EFIAPI
SecurityPpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
)
{
PEI_CORE_INSTANCE *PrivateData;
//
// Get PEI Core private data
//
PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);
//
// If there isn't a security PPI installed, use the one from notification
//
if (PrivateData->PrivateSecurityPpi == NULL) {
PrivateData->PrivateSecurityPpi = (EFI_PEI_SECURITY2_PPI *)Ppi;
}
return EFI_SUCCESS;
}
/**
Provide a callout to the security verification service.
@param PrivateData PeiCore's private data structure
@param VolumeHandle Handle of FV
@param FileHandle Handle of PEIM's ffs
@retval EFI_SUCCESS Image is OK
@retval EFI_SECURITY_VIOLATION Image is illegal
**/
EFI_STATUS
VerifyPeim (
IN PEI_CORE_INSTANCE *PrivateData,
IN EFI_PEI_FV_HANDLE VolumeHandle,
IN EFI_PEI_FILE_HANDLE FileHandle
)
{
EFI_STATUS Status;
UINT32 AuthenticationStatus;
BOOLEAN DeferExection;
//
// Set a default authentication state
//
AuthenticationStatus = 0;
if (PrivateData->PrivateSecurityPpi == NULL) {
Status = EFI_NOT_FOUND;
} else {
//
// Check to see if the image is OK
//
Status = PrivateData->PrivateSecurityPpi->AuthenticationState (
(CONST EFI_PEI_SERVICES **) &PrivateData->PS,
PrivateData->PrivateSecurityPpi,
AuthenticationStatus,
VolumeHandle,
FileHandle,
&DeferExection
);
if (DeferExection) {
Status = EFI_SECURITY_VIOLATION;
}
}
return Status;
}
/**
Verify a Firmware volume.
@param CurrentFvAddress - Pointer to the current Firmware Volume under consideration
@retval EFI_SUCCESS - Firmware Volume is legal
@retval EFI_SECURITY_VIOLATION - Firmware Volume fails integrity test
**/
EFI_STATUS
VerifyFv (
IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress
)
{
//
// Right now just pass the test. Future can authenticate and/or check the
// FV-header or other metric for goodness of binary.
//
return EFI_SUCCESS;
}
Reference in New Issue View Git Blame Copy Permalink