MdeModulePkg/PeiCore: allocate BootServicesCode memory for PE/COFF images

[mirror_edk2.git] / MdeModulePkg / Core / Pei / Security / Security.c
diff --git a/MdeModulePkg/Core/Pei/Security/Security.c b/MdeModulePkg/Core/Pei/Security/Security.c

index 27c4f52f1b153b7be20532fa03314a300c517a6c..763126057d910b8d34b1837dd85bede8524d15fa 100644 (file)
--- a/MdeModulePkg/Core/Pei/Security/Security.c
+++ b/MdeModulePkg/Core/Pei/Security/Security.c
@@ -1,8 +1,8 @@
  /** @file\r
    EFI PEI Core Security services\r
    \r
-Copyright (c) 2006, Intel Corporation                                                         \r
-All rights reserved. This program and the accompanying materials                          \r
+Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials                          \r
  are licensed and made available under the terms and conditions of the BSD License         \r
  which accompanies this distribution.  The full text of the license may be found at        \r
  http://opensource.org/licenses/bsd-license.php                                            \r
@@ -14,24 +14,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  \r
  #include "PeiMain.h"\r
  \r
-/**\r
-\r
-  Provide a callback for when the security PPI is installed.\r
-\r
-  @param PeiServices        An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
-  @param NotifyDescriptor   The descriptor for the notification event.\r
-  @param Ppi                Pointer to the PPI in question.\r
-\r
-  @return Always success\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-SecurityPpiNotifyCallback (\r
-  IN EFI_PEI_SERVICES           **PeiServices,\r
-  IN EFI_PEI_NOTIFY_DESCRIPTOR  *NotifyDescriptor,\r
-  IN VOID                       *Ppi\r
-  );\r
  \r
  EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList = {\r
     EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
@@ -96,13 +78,12 @@ SecurityPpiNotifyCallback (
  }\r
  \r
  /**\r
-\r
    Provide a callout to the security verification service.\r
  \r
-\r
    @param PrivateData     PeiCore's private data structure\r
    @param VolumeHandle    Handle of FV\r
    @param FileHandle      Handle of PEIM's ffs\r
+  @param AuthenticationStatus Authentication status\r
  \r
    @retval EFI_SUCCESS              Image is OK\r
    @retval EFI_SECURITY_VIOLATION   Image is illegal\r
@@ -112,26 +93,29 @@ EFI_STATUS
  VerifyPeim (\r
    IN PEI_CORE_INSTANCE      *PrivateData,\r
    IN EFI_PEI_FV_HANDLE      VolumeHandle,\r
-  IN EFI_PEI_FILE_HANDLE    FileHandle\r
+  IN EFI_PEI_FILE_HANDLE    FileHandle,\r
+  IN UINT32                 AuthenticationStatus\r
    )\r
  {\r
    EFI_STATUS                      Status;\r
-  UINT32                          AuthenticationStatus;\r
    BOOLEAN                         DeferExection;\r
  \r
-  //\r
-  // Set a default authentication state\r
-  //\r
-  AuthenticationStatus = 0;\r
-\r
+  Status = EFI_NOT_FOUND;\r
    if (PrivateData->PrivateSecurityPpi == NULL) {\r
-    Status = EFI_NOT_FOUND;\r
+    //\r
+    // Check AuthenticationStatus first.\r
+    //\r
+    if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r
+      if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r
+        Status = EFI_SECURITY_VIOLATION;\r
+      }\r
+    }\r
    } else {\r
      //\r
      // Check to see if the image is OK\r
      //\r
      Status = PrivateData->PrivateSecurityPpi->AuthenticationState (\r
-                                                (CONST EFI_PEI_SERVICES **) &PrivateData->PS,\r
+                                                (CONST EFI_PEI_SERVICES **) &PrivateData->Ps,\r
                                                  PrivateData->PrivateSecurityPpi,\r
                                                  AuthenticationStatus,\r
                                                  VolumeHandle,\r