OUT EFI_PHYSICAL_ADDRESS *PeiCoreImageBase\r
)\r
{\r
+ BOOLEAN S3Resume;\r
+\r
*PeiCoreImageBase = 0;\r
\r
- if (IsS3Resume ()) {\r
+ S3Resume = IsS3Resume ();\r
+ if (S3Resume && !FeaturePcdGet (PcdSmmSmramRequire)) {\r
+ //\r
+ // A malicious runtime OS may have injected something into our previously\r
+ // decoded PEI FV, but we don't care about that unless SMM/SMRAM is required.\r
+ //\r
DEBUG ((EFI_D_VERBOSE, "SEC: S3 resume\n"));\r
GetS3ResumePeiFv (BootFv);\r
} else {\r
- DEBUG ((EFI_D_VERBOSE, "SEC: Normal boot\n"));\r
+ //\r
+ // We're either not resuming, or resuming "securely" -- we'll decompress\r
+ // both PEI FV and DXE FV from pristine flash.\r
+ //\r
+ DEBUG ((EFI_D_VERBOSE, "SEC: %a\n",\r
+ S3Resume ? "S3 resume (with PEI decompression)" : "Normal boot"));\r
FindMainFv (BootFv);\r
\r
DecompressMemFvs (BootFv);\r