/** @file\r
EFI PEI Core Security services\r
- \r
-Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php \r
- \r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+\r
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
\r
Provide a callback for when the security PPI is installed.\r
This routine will cache installed security PPI into PeiCore's private data.\r
- \r
+\r
@param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
@param NotifyDescriptor The descriptor for the notification event.\r
@param Ppi Pointer to the PPI in question.\r
// Get PEI Core private data\r
//\r
PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);\r
- \r
+\r
//\r
// If there isn't a security PPI installed, use the one from notification\r
//\r
}\r
\r
/**\r
-\r
Provide a callout to the security verification service.\r
\r
-\r
@param PrivateData PeiCore's private data structure\r
@param VolumeHandle Handle of FV\r
@param FileHandle Handle of PEIM's ffs\r
+ @param AuthenticationStatus Authentication status\r
\r
@retval EFI_SUCCESS Image is OK\r
@retval EFI_SECURITY_VIOLATION Image is illegal\r
VerifyPeim (\r
IN PEI_CORE_INSTANCE *PrivateData,\r
IN EFI_PEI_FV_HANDLE VolumeHandle,\r
- IN EFI_PEI_FILE_HANDLE FileHandle\r
+ IN EFI_PEI_FILE_HANDLE FileHandle,\r
+ IN UINT32 AuthenticationStatus\r
)\r
{\r
EFI_STATUS Status;\r
- UINT32 AuthenticationStatus;\r
BOOLEAN DeferExection;\r
\r
- //\r
- // Set a default authentication state\r
- //\r
- AuthenticationStatus = 0;\r
-\r
+ Status = EFI_NOT_FOUND;\r
if (PrivateData->PrivateSecurityPpi == NULL) {\r
- Status = EFI_NOT_FOUND;\r
+ //\r
+ // Check AuthenticationStatus first.\r
+ //\r
+ if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r
+ if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r
+ Status = EFI_SECURITY_VIOLATION;\r
+ }\r
+ }\r
} else {\r
//\r
// Check to see if the image is OK\r