/** @file\r
EFI PEI Core Security services\r
\r
-Copyright (c) 2006, Intel Corporation \r
-All rights reserved. This program and the accompanying materials \r
+Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php \r
\r
#include "PeiMain.h"\r
\r
-/**\r
-\r
- Provide a callback for when the security PPI is installed.\r
-\r
- @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
- @param NotifyDescriptor The descriptor for the notification event.\r
- @param Ppi Pointer to the PPI in question.\r
-\r
- @return Always success\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-SecurityPpiNotifyCallback (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
- IN VOID *Ppi\r
- );\r
\r
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList = {\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
}\r
\r
/**\r
-\r
Provide a callout to the security verification service.\r
\r
-\r
@param PrivateData PeiCore's private data structure\r
@param VolumeHandle Handle of FV\r
@param FileHandle Handle of PEIM's ffs\r
+ @param AuthenticationStatus Authentication status\r
\r
@retval EFI_SUCCESS Image is OK\r
@retval EFI_SECURITY_VIOLATION Image is illegal\r
VerifyPeim (\r
IN PEI_CORE_INSTANCE *PrivateData,\r
IN EFI_PEI_FV_HANDLE VolumeHandle,\r
- IN EFI_PEI_FILE_HANDLE FileHandle\r
+ IN EFI_PEI_FILE_HANDLE FileHandle,\r
+ IN UINT32 AuthenticationStatus\r
)\r
{\r
EFI_STATUS Status;\r
- UINT32 AuthenticationStatus;\r
BOOLEAN DeferExection;\r
\r
- //\r
- // Set a default authentication state\r
- //\r
- AuthenticationStatus = 0;\r
-\r
+ Status = EFI_NOT_FOUND;\r
if (PrivateData->PrivateSecurityPpi == NULL) {\r
- Status = EFI_NOT_FOUND;\r
+ //\r
+ // Check AuthenticationStatus first.\r
+ //\r
+ if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r
+ if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r
+ Status = EFI_SECURITY_VIOLATION;\r
+ }\r
+ }\r
} else {\r
//\r
// Check to see if the image is OK\r
//\r
Status = PrivateData->PrivateSecurityPpi->AuthenticationState (\r
- (CONST EFI_PEI_SERVICES **) &PrivateData->PS,\r
+ (CONST EFI_PEI_SERVICES **) &PrivateData->Ps,\r
PrivateData->PrivateSecurityPpi,\r
AuthenticationStatus,\r
VolumeHandle,\r