/** @file\r
EFI PEI Core Security services\r
- \r
-Copyright (c) 2006, Intel Corporation \r
-All rights reserved. This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php \r
- \r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
\r
-**/\r
-\r
-#include "PeiMain.h"\r
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
\r
-/**\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
- Provide a callback for when the security PPI is installed.\r
+**/\r
\r
- @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
- @param NotifyDescriptor The descriptor for the notification event.\r
- @param Ppi Pointer to the PPI in question.\r
+#include "PeiMain.h"\r
\r
- @return Always success\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-SecurityPpiNotifyCallback (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
- IN VOID *Ppi\r
- );\r
\r
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList = {\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
\r
Provide a callback for when the security PPI is installed.\r
This routine will cache installed security PPI into PeiCore's private data.\r
- \r
+\r
@param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
@param NotifyDescriptor The descriptor for the notification event.\r
@param Ppi Pointer to the PPI in question.\r
// Get PEI Core private data\r
//\r
PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);\r
- \r
+\r
//\r
// If there isn't a security PPI installed, use the one from notification\r
//\r
}\r
\r
/**\r
-\r
Provide a callout to the security verification service.\r
\r
-\r
@param PrivateData PeiCore's private data structure\r
@param VolumeHandle Handle of FV\r
@param FileHandle Handle of PEIM's ffs\r
+ @param AuthenticationStatus Authentication status\r
\r
@retval EFI_SUCCESS Image is OK\r
@retval EFI_SECURITY_VIOLATION Image is illegal\r
VerifyPeim (\r
IN PEI_CORE_INSTANCE *PrivateData,\r
IN EFI_PEI_FV_HANDLE VolumeHandle,\r
- IN EFI_PEI_FILE_HANDLE FileHandle\r
+ IN EFI_PEI_FILE_HANDLE FileHandle,\r
+ IN UINT32 AuthenticationStatus\r
)\r
{\r
EFI_STATUS Status;\r
- UINT32 AuthenticationStatus;\r
BOOLEAN DeferExection;\r
\r
- //\r
- // Set a default authentication state\r
- //\r
- AuthenticationStatus = 0;\r
-\r
+ Status = EFI_NOT_FOUND;\r
if (PrivateData->PrivateSecurityPpi == NULL) {\r
- Status = EFI_NOT_FOUND;\r
+ //\r
+ // Check AuthenticationStatus first.\r
+ //\r
+ if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r
+ if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r
+ Status = EFI_SECURITY_VIOLATION;\r
+ }\r
+ }\r
} else {\r
//\r
// Check to see if the image is OK\r
//\r
Status = PrivateData->PrivateSecurityPpi->AuthenticationState (\r
- (CONST EFI_PEI_SERVICES **) &PrivateData->PS,\r
+ (CONST EFI_PEI_SERVICES **) &PrivateData->Ps,\r
PrivateData->PrivateSecurityPpi,\r
AuthenticationStatus,\r
VolumeHandle,\r
projects / mirror_edk2.git / blobdiff