]>
Commit | Line | Data |
---|---|---|
615c6dd0 | 1 | /** @file\r |
b1f6a7c6 | 2 | EFI PEI Core Security services\r |
3 | \r | |
192f6d4c | 4 | Copyright (c) 2006, Intel Corporation \r |
5 | All rights reserved. This program and the accompanying materials \r | |
6 | are licensed and made available under the terms and conditions of the BSD License \r | |
7 | which accompanies this distribution. The full text of the license may be found at \r | |
8 | http://opensource.org/licenses/bsd-license.php \r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r | |
12 | \r | |
b1f6a7c6 | 13 | **/\r |
192f6d4c | 14 | \r |
0d516397 | 15 | #include "PeiMain.h"\r |
192f6d4c | 16 | \r |
192f6d4c | 17 | \r |
fe1e36e5 | 18 | EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList = {\r |
192f6d4c | 19 | EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r |
b0d803fe | 20 | &gEfiPeiSecurity2PpiGuid,\r |
192f6d4c | 21 | SecurityPpiNotifyCallback\r |
22 | };\r | |
23 | \r | |
b1f6a7c6 | 24 | /**\r |
192f6d4c | 25 | Initialize the security services.\r |
26 | \r | |
dc857d56 | 27 | @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r |
40f26b8f | 28 | @param OldCoreData Pointer to the old core data.\r |
b1f6a7c6 | 29 | NULL if being run in non-permament memory mode.\r |
192f6d4c | 30 | \r |
b1f6a7c6 | 31 | **/\r |
32 | VOID\r | |
33 | InitializeSecurityServices (\r | |
34 | IN EFI_PEI_SERVICES **PeiServices,\r | |
35 | IN PEI_CORE_INSTANCE *OldCoreData\r | |
36 | )\r | |
192f6d4c | 37 | {\r |
38 | if (OldCoreData == NULL) {\r | |
39 | PeiServicesNotifyPpi (&mNotifyList);\r | |
40 | }\r | |
41 | return;\r | |
42 | }\r | |
43 | \r | |
b1f6a7c6 | 44 | /**\r |
45 | \r | |
46 | Provide a callback for when the security PPI is installed.\r | |
82b8c8df | 47 | This routine will cache installed security PPI into PeiCore's private data.\r |
48 | \r | |
dc857d56 | 49 | @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r |
50 | @param NotifyDescriptor The descriptor for the notification event.\r | |
51 | @param Ppi Pointer to the PPI in question.\r | |
b1f6a7c6 | 52 | \r |
53 | @return Always success\r | |
54 | \r | |
55 | **/\r | |
192f6d4c | 56 | EFI_STATUS\r |
57 | EFIAPI\r | |
58 | SecurityPpiNotifyCallback (\r | |
59 | IN EFI_PEI_SERVICES **PeiServices,\r | |
60 | IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r | |
61 | IN VOID *Ppi\r | |
62 | )\r | |
192f6d4c | 63 | {\r |
64 | PEI_CORE_INSTANCE *PrivateData;\r | |
65 | \r | |
66 | //\r | |
67 | // Get PEI Core private data\r | |
68 | //\r | |
69 | PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);\r | |
70 | \r | |
71 | //\r | |
72 | // If there isn't a security PPI installed, use the one from notification\r | |
73 | //\r | |
74 | if (PrivateData->PrivateSecurityPpi == NULL) {\r | |
b0d803fe | 75 | PrivateData->PrivateSecurityPpi = (EFI_PEI_SECURITY2_PPI *)Ppi;\r |
192f6d4c | 76 | }\r |
77 | return EFI_SUCCESS;\r | |
78 | }\r | |
79 | \r | |
b1f6a7c6 | 80 | /**\r |
192f6d4c | 81 | \r |
82 | Provide a callout to the security verification service.\r | |
83 | \r | |
192f6d4c | 84 | \r |
b1f6a7c6 | 85 | @param PrivateData PeiCore's private data structure\r |
86 | @param VolumeHandle Handle of FV\r | |
87 | @param FileHandle Handle of PEIM's ffs\r | |
192f6d4c | 88 | \r |
b1f6a7c6 | 89 | @retval EFI_SUCCESS Image is OK\r |
90 | @retval EFI_SECURITY_VIOLATION Image is illegal\r | |
82b8c8df | 91 | @retval EFI_NOT_FOUND If security PPI is not installed.\r |
b1f6a7c6 | 92 | **/\r |
93 | EFI_STATUS\r | |
94 | VerifyPeim (\r | |
95 | IN PEI_CORE_INSTANCE *PrivateData,\r | |
96 | IN EFI_PEI_FV_HANDLE VolumeHandle,\r | |
97 | IN EFI_PEI_FILE_HANDLE FileHandle\r | |
98 | )\r | |
192f6d4c | 99 | {\r |
192f6d4c | 100 | EFI_STATUS Status;\r |
101 | UINT32 AuthenticationStatus;\r | |
b0d803fe | 102 | BOOLEAN DeferExection;\r |
192f6d4c | 103 | \r |
104 | //\r | |
105 | // Set a default authentication state\r | |
106 | //\r | |
107 | AuthenticationStatus = 0;\r | |
108 | \r | |
192f6d4c | 109 | if (PrivateData->PrivateSecurityPpi == NULL) {\r |
110 | Status = EFI_NOT_FOUND;\r | |
111 | } else {\r | |
112 | //\r | |
113 | // Check to see if the image is OK\r | |
114 | //\r | |
115 | Status = PrivateData->PrivateSecurityPpi->AuthenticationState (\r | |
b0d803fe | 116 | (CONST EFI_PEI_SERVICES **) &PrivateData->PS,\r |
192f6d4c | 117 | PrivateData->PrivateSecurityPpi,\r |
118 | AuthenticationStatus,\r | |
b0d803fe | 119 | VolumeHandle,\r |
120 | FileHandle,\r | |
121 | &DeferExection\r | |
192f6d4c | 122 | );\r |
b0d803fe | 123 | if (DeferExection) {\r |
192f6d4c | 124 | Status = EFI_SECURITY_VIOLATION;\r |
125 | }\r | |
126 | }\r | |
127 | return Status;\r | |
128 | }\r | |
129 | \r | |
130 | \r | |
b1f6a7c6 | 131 | /**\r |
132 | Verify a Firmware volume.\r | |
133 | \r | |
82b8c8df | 134 | @param CurrentFvAddress Pointer to the current Firmware Volume under consideration\r |
b1f6a7c6 | 135 | \r |
82b8c8df | 136 | @retval EFI_SUCCESS Firmware Volume is legal\r |
b1f6a7c6 | 137 | \r |
138 | **/\r | |
192f6d4c | 139 | EFI_STATUS\r |
140 | VerifyFv (\r | |
141 | IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress\r | |
142 | )\r | |
192f6d4c | 143 | {\r |
144 | //\r | |
145 | // Right now just pass the test. Future can authenticate and/or check the\r | |
146 | // FV-header or other metric for goodness of binary.\r | |
147 | //\r | |
148 | return EFI_SUCCESS;\r | |
149 | }\r |