]>
Commit | Line | Data |
---|---|---|
b303605e MK |
1 | /** @file\r |
2 | EFI PEI Platform Security services\r | |
3 | \r | |
4 | Copyright (c) 2013 Intel Corporation.\r | |
5 | \r | |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #include "PeiFvSecurity.h"\r | |
17 | \r | |
18 | EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoSecurityList = {\r | |
19 | (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r | |
20 | &gEfiPeiFirmwareVolumeInfoPpiGuid,\r | |
21 | FirmwareVolmeInfoPpiNotifySecurityCallback\r | |
22 | };\r | |
23 | \r | |
24 | /**\r | |
25 | Callback function to perform FV security checking on a FV Info PPI.\r | |
26 | \r | |
27 | @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r | |
28 | @param NotifyDescriptor Address of the notification descriptor data structure.\r | |
29 | @param Ppi Address of the PPI that was installed.\r | |
30 | \r | |
31 | @retval EFI_SUCCESS\r | |
32 | \r | |
33 | **/\r | |
34 | EFI_STATUS\r | |
35 | EFIAPI\r | |
36 | FirmwareVolmeInfoPpiNotifySecurityCallback (\r | |
37 | IN EFI_PEI_SERVICES **PeiServices,\r | |
38 | IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r | |
39 | IN VOID *Ppi\r | |
40 | )\r | |
41 | {\r | |
42 | EFI_STATUS Status;\r | |
43 | EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *FvInfoPpi;\r | |
44 | EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r | |
45 | \r | |
46 | FvInfoPpi = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;\r | |
47 | \r | |
48 | //\r | |
49 | // Locate the corresponding FV_PPI according to founded FV's format guid\r | |
50 | //\r | |
51 | Status = PeiServicesLocatePpi (\r | |
52 | &FvInfoPpi->FvFormat,\r | |
53 | 0,\r | |
54 | NULL,\r | |
55 | (VOID**)&FvPpi\r | |
56 | );\r | |
57 | ASSERT_EFI_ERROR (Status);\r | |
58 | \r | |
59 | //\r | |
60 | // Only authenticate parent Firmware Volume (child firmware volumes are covered by the parent)\r | |
61 | //\r | |
62 | if ((VOID *)FvInfoPpi->ParentFvName == NULL && (VOID *)FvInfoPpi->ParentFileName == NULL) {\r | |
63 | Status = PeiSecurityVerifyFv ((EFI_FIRMWARE_VOLUME_HEADER*) FvInfoPpi->FvInfo);\r | |
64 | ASSERT_EFI_ERROR (Status);\r | |
65 | }\r | |
66 | \r | |
67 | return EFI_SUCCESS;\r | |
68 | }\r | |
69 | \r | |
70 | /**\r | |
71 | Authenticates the Firmware Volume\r | |
72 | \r | |
73 | @param CurrentFvAddress Pointer to the current Firmware Volume under consideration\r | |
74 | \r | |
75 | @retval EFI_SUCCESS Firmware Volume is legal\r | |
76 | \r | |
77 | **/\r | |
78 | EFI_STATUS\r | |
79 | PeiSecurityVerifyFv (\r | |
80 | IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress\r | |
81 | )\r | |
82 | {\r | |
83 | EFI_STATUS Status;\r | |
84 | \r | |
85 | //\r | |
86 | // Call Security library to authenticate the Firmware Volume\r | |
87 | //\r | |
88 | DEBUG ((DEBUG_INFO, "PeiSecurityVerifyFv - CurrentFvAddress=0x%8x\n", (UINT32)CurrentFvAddress));\r | |
89 | Status = EFI_SUCCESS;\r | |
90 | \r | |
91 | return Status;\r | |
92 | }\r | |
93 | \r | |
94 | /**\r | |
95 | \r | |
96 | Entry point for the PEI Security PEIM\r | |
97 | Sets up a notification to perform PEI security checking\r | |
98 | \r | |
99 | @param FfsHeader Not used.\r | |
100 | @param PeiServices General purpose services available to every PEIM.\r | |
101 | \r | |
102 | @return EFI_SUCCESS PEI Security notification installed successfully.\r | |
103 | All others: PEI Security notification failed to install.\r | |
104 | \r | |
105 | **/\r | |
106 | EFI_STATUS\r | |
107 | PeiInitializeFvSecurity (\r | |
108 | VOID\r | |
109 | )\r | |
110 | {\r | |
111 | EFI_STATUS Status;\r | |
112 | \r | |
113 | Status = PeiServicesNotifyPpi (&mNotifyOnFvInfoSecurityList);\r | |
114 | \r | |
115 | return Status;\r | |
116 | }\r | |
117 | \r |