TianoCore EDK2 master
Loading...
Searching...
No Matches
Security.c
Go to the documentation of this file.
1
9#include "PeiMain.h"
10
11EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList = {
12 EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
13 &gEfiPeiSecurity2PpiGuid,
14 SecurityPpiNotifyCallback
15};
16
25VOID
26InitializeSecurityServices (
27 IN EFI_PEI_SERVICES **PeiServices,
28 IN PEI_CORE_INSTANCE *OldCoreData
29 )
30{
31 if (OldCoreData == NULL) {
32 PeiServicesNotifyPpi (&mNotifyList);
33 }
34
35 return;
36}
37
50EFI_STATUS
51EFIAPI
52SecurityPpiNotifyCallback (
53 IN EFI_PEI_SERVICES **PeiServices,
54 IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
55 IN VOID *Ppi
56 )
57{
58 PEI_CORE_INSTANCE *PrivateData;
59
60 //
61 // Get PEI Core private data
62 //
63 PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);
64
65 //
66 // If there isn't a security PPI installed, use the one from notification
67 //
68 if (PrivateData->PrivateSecurityPpi == NULL) {
69 PrivateData->PrivateSecurityPpi = (EFI_PEI_SECURITY2_PPI *)Ppi;
70 }
71
72 return EFI_SUCCESS;
73}
74
87EFI_STATUS
88VerifyPeim (
89 IN PEI_CORE_INSTANCE *PrivateData,
90 IN EFI_PEI_FV_HANDLE VolumeHandle,
91 IN EFI_PEI_FILE_HANDLE FileHandle,
92 IN UINT32 AuthenticationStatus
93 )
94{
95 EFI_STATUS Status;
96 BOOLEAN DeferExecution;
97
98 Status = EFI_NOT_FOUND;
99 if (PrivateData->PrivateSecurityPpi == NULL) {
100 //
101 // Check AuthenticationStatus first.
102 //
103 if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {
104 if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {
105 Status = EFI_SECURITY_VIOLATION;
106 }
107 }
108 } else {
109 //
110 // Check to see if the image is OK
111 //
112 Status = PrivateData->PrivateSecurityPpi->AuthenticationState (
113 (CONST EFI_PEI_SERVICES **)&PrivateData->Ps,
114 PrivateData->PrivateSecurityPpi,
115 AuthenticationStatus,
116 VolumeHandle,
117 FileHandle,
118 &DeferExecution
119 );
120 if (DeferExecution) {
121 Status = EFI_SECURITY_VIOLATION;
122 }
123 }
124
125 return Status;
126}
127
136EFI_STATUS
137VerifyFv (
138 IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress
139 )
140{
141 //
142 // Right now just pass the test. Future can authenticate and/or check the
143 // FV-header or other metric for goodness of binary.
144 //
145 return EFI_SUCCESS;
146}
PeiServicesNotifyPpi
EFI_STATUS EFIAPI PeiServicesNotifyPpi(IN CONST EFI_PEI_NOTIFY_DESCRIPTOR *NotifyList)
Definition: PeiServicesLib.c:146
NULL
#define NULL
Definition: Base.h:319
CONST
#define CONST
Definition: Base.h:259
IN
#define IN
Definition: Base.h:279
PEI_CORE_INSTANCE_FROM_PS_THIS
#define PEI_CORE_INSTANCE_FROM_PS_THIS(a)
Definition: PeiMain.h:343
EFI_PEI_FILE_HANDLE
VOID * EFI_PEI_FILE_HANDLE
Definition: PiPeiCis.h:26
EFI_PEI_FV_HANDLE
VOID * EFI_PEI_FV_HANDLE
Definition: PiPeiCis.h:21
InitializeSecurityServices
VOID InitializeSecurityServices(IN EFI_PEI_SERVICES **PeiServices, IN PEI_CORE_INSTANCE *OldCoreData)
Definition: Security.c:26
VerifyFv
EFI_STATUS VerifyFv(IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress)
Definition: Security.c:137
VerifyPeim
EFI_STATUS VerifyPeim(IN PEI_CORE_INSTANCE *PrivateData, IN EFI_PEI_FV_HANDLE VolumeHandle, IN EFI_PEI_FILE_HANDLE FileHandle, IN UINT32 AuthenticationStatus)
Definition: Security.c:88
SecurityPpiNotifyCallback
EFI_STATUS EFIAPI SecurityPpiNotifyCallback(IN EFI_PEI_SERVICES **PeiServices, IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, IN VOID *Ppi)
Definition: Security.c:52
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
_EFI_PEI_NOTIFY_DESCRIPTOR
Definition: PiPeiCis.h:110
_EFI_PEI_SECURITY2_PPI
Definition: Security2.h:87
_EFI_PEI_SERVICES
Definition: PiPeiCis.h:877
_PEI_CORE_INSTANCE
Definition: PeiMain.h:236
EFI_FIRMWARE_VOLUME_HEADER
Definition: PiFirmwareVolume.h:99