[mirror_edk2.git] / MdeModulePkg / Library / DxeSecurityManagementLib / DxeSecurityManagementLib.c

/** @file\r
  Provides generic security measurement functions for DXE module.\r
\r
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiDxe.h>\r
#include <Protocol/LoadFile.h>\r
#include <Library/DebugLib.h>\r
#include <Library/DxeServicesLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/SecurityManagementLib.h>\r
#include <Library/DevicePathLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
\r
#define SECURITY_HANDLER_TABLE_SIZE  0x10\r
\r
//\r
// Secruity Operation on Image and none Image.\r
//\r
#define EFI_AUTH_IMAGE_OPERATION_MASK       (EFI_AUTH_OPERATION_VERIFY_IMAGE \\r
                                              | EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD \\r
                                              | EFI_AUTH_OPERATION_MEASURE_IMAGE)\r
#define EFI_AUTH_NONE_IMAGE_OPERATION_MASK  (EFI_AUTH_OPERATION_CONNECT_POLICY \\r
                                              | EFI_AUTH_OPERATION_AUTHENTICATION_STATE)\r
\r
typedef struct {\r
  UINT32                                        SecurityOperation;\r
  SECURITY_FILE_AUTHENTICATION_STATE_HANDLER    SecurityHandler;\r
} SECURITY_INFO;\r
\r
typedef struct {\r
  UINT32                                   Security2Operation;\r
  SECURITY2_FILE_AUTHENTICATION_HANDLER    Security2Handler;\r
} SECURITY2_INFO;\r
\r
UINT32         mCurrentAuthOperation       = 0;\r
UINT32         mNumberOfSecurityHandler    = 0;\r
UINT32         mMaxNumberOfSecurityHandler = 0;\r
SECURITY_INFO  *mSecurityTable             = NULL;\r
\r
UINT32          mCurrentAuthOperation2       = 0;\r
UINT32          mNumberOfSecurity2Handler    = 0;\r
UINT32          mMaxNumberOfSecurity2Handler = 0;\r
SECURITY2_INFO  *mSecurity2Table             = NULL;\r
\r
/**\r
  Reallocates more global memory to store the registered Handler list.\r
\r
  @retval  RETURN_SUCCESS            Reallocate memory successfully.\r
  @retval  RETURN_OUT_OF_RESOURCES   No enough memory to allocated.\r
**/\r
RETURN_STATUS\r
EFIAPI\r
ReallocateSecurityHandlerTable (\r
  VOID\r
  )\r
{\r
  //\r
  // Reallocate memory for security info structure.\r
  //\r
  mSecurityTable = ReallocatePool (\r
                     mMaxNumberOfSecurityHandler * sizeof (SECURITY_INFO),\r
                     (mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE) * sizeof (SECURITY_INFO),\r
                     mSecurityTable\r
                     );\r
\r
  //\r
  // No enough resource is allocated.\r
  //\r
  if (mSecurityTable == NULL) {\r
    return RETURN_OUT_OF_RESOURCES;\r
  }\r
\r
  //\r
  // Increase max handler number\r
  //\r
  mMaxNumberOfSecurityHandler = mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE;\r
  return RETURN_SUCCESS;\r
}\r
\r
/**\r
 Check whether an operation is valid according to the requirement of current operation,\r
 which must make sure that the measure image operation is the last one.\r
\r
 @param CurrentAuthOperation  Current operation.\r
 @param CheckAuthOperation    Operation to be checked.\r
\r
 @retval  TRUE   Operation is valid for current operation.\r
 @retval  FALSE  Operation is invalid for current operation.\r
**/\r
BOOLEAN\r
CheckAuthenticationOperation (\r
  IN  UINT32  CurrentAuthOperation,\r
  IN  UINT32  CheckAuthOperation\r
  )\r
{\r
  //\r
  // Make sure new auth operation can be recognized.\r
  //\r
  ASSERT ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK | EFI_AUTH_OPERATION_AUTHENTICATION_STATE | EFI_AUTH_OPERATION_IMAGE_REQUIRED)) == 0);\r
\r
  //\r
  // When current operation includes measure image operation,\r
  // only another measure image operation or none operation will be allowed.\r
  //\r
  if ((CurrentAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) {\r
    if (((CheckAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) ||\r
        ((CheckAuthOperation & EFI_AUTH_IMAGE_OPERATION_MASK) == EFI_AUTH_OPERATION_NONE))\r
    {\r
      return TRUE;\r
    } else {\r
      return FALSE;\r
    }\r
  }\r
\r
  //\r
  // When current operation doesn't include measure image operation,\r
  // any new operation will be allowed.\r
  //\r
  return TRUE;\r
}\r
\r
/**\r
  Register security measurement handler with its operation type. The different\r
  handler with the same operation can all be registered.\r
\r
  If SecurityHandler is NULL, then ASSERT().\r
  If no enough resources available to register new handler, then ASSERT().\r
  If AuthenticationOperation is not recongnized, then ASSERT().\r
  If the previous register handler can't be executed before the later register handler, then ASSERT().\r
\r
  @param[in]  SecurityHandler           Security measurement service handler to be registered.\r
  @param[in]  AuthenticationOperation   Operation type is specified for the registered handler.\r
\r
  @retval EFI_SUCCESS              The handlers were registered successfully.\r
**/\r
EFI_STATUS\r
EFIAPI\r
RegisterSecurityHandler (\r
  IN  SECURITY_FILE_AUTHENTICATION_STATE_HANDLER  SecurityHandler,\r
  IN  UINT32                                      AuthenticationOperation\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  ASSERT (SecurityHandler != NULL);\r
\r
  //\r
  // Make sure AuthenticationOperation is valid in the register order.\r
  //\r
  ASSERT (CheckAuthenticationOperation (mCurrentAuthOperation, AuthenticationOperation));\r
  mCurrentAuthOperation = mCurrentAuthOperation | AuthenticationOperation;\r
\r
  //\r
  // Check whether the handler lists is enough to store new handler.\r
  //\r
  if (mNumberOfSecurityHandler == mMaxNumberOfSecurityHandler) {\r
    //\r
    // Allocate more resources for new handler.\r
    //\r
    Status = ReallocateSecurityHandlerTable ();\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  //\r
  // Register new handler into the handler list.\r
  //\r
  mSecurityTable[mNumberOfSecurityHandler].SecurityOperation = AuthenticationOperation;\r
  mSecurityTable[mNumberOfSecurityHandler].SecurityHandler   = SecurityHandler;\r
  mNumberOfSecurityHandler++;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Execute registered handlers until one returns an error and that error is returned.\r
  If none of the handlers return an error, then EFI_SUCCESS is returned.\r
\r
  Before exectue handler, get the image buffer by file device path if a handler\r
  requires the image file. And return the image buffer to each handler when exectue handler.\r
\r
  The handlers are executed in same order to their registered order.\r
\r
  @param[in]  AuthenticationStatus\r
                           This is the authentication type returned from the Section\r
                           Extraction protocol. See the Section Extraction Protocol\r
                           Specification for details on this type.\r
  @param[in]  FilePath     This is a pointer to the device path of the file that is\r
                           being dispatched. This will optionally be used for logging.\r
\r
  @retval EFI_SUCCESS            The file specified by File did authenticate when more\r
                                 than one security handler services were registered,\r
                                 or the file did not authenticate when no security\r
                                 handler service was registered. And the platform policy\r
                                 dictates that the DXE Core may use File.\r
  @retval EFI_INVALID_PARAMETER  File is NULL.\r
  @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and\r
                                 the platform policy dictates that File should be placed\r
                                 in the untrusted state. A file may be promoted from\r
                                 the untrusted to the trusted state at a future time\r
                                 with a call to the Trust() DXE Service.\r
  @retval EFI_ACCESS_DENIED      The file specified by File did not authenticate, and\r
                                 the platform policy dictates that File should not be\r
                                 used for any purpose.\r
**/\r
EFI_STATUS\r
EFIAPI\r
ExecuteSecurityHandlers (\r
  IN  UINT32                          AuthenticationStatus,\r
  IN  CONST EFI_DEVICE_PATH_PROTOCOL  *FilePath\r
  )\r
{\r
  UINT32                    Index;\r
  EFI_STATUS                Status;\r
  UINT32                    HandlerAuthenticationStatus;\r
  VOID                      *FileBuffer;\r
  UINTN                     FileSize;\r
  EFI_HANDLE                Handle;\r
  EFI_DEVICE_PATH_PROTOCOL  *Node;\r
  EFI_DEVICE_PATH_PROTOCOL  *FilePathToVerfiy;\r
\r
  if (FilePath == NULL) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  //\r
  // Directly return successfully when no handler is registered.\r
  //\r
  if (mNumberOfSecurityHandler == 0) {\r
    return EFI_SUCCESS;\r
  }\r
\r
  Status                      = EFI_SUCCESS;\r
  FileBuffer                  = NULL;\r
  FileSize                    = 0;\r
  HandlerAuthenticationStatus = AuthenticationStatus;\r
  FilePathToVerfiy            = (EFI_DEVICE_PATH_PROTOCOL *)FilePath;\r
  //\r
  // Run security handler in same order to their registered list\r
  //\r
  for (Index = 0; Index < mNumberOfSecurityHandler; Index++) {\r
    if ((mSecurityTable[Index].SecurityOperation & EFI_AUTH_OPERATION_IMAGE_REQUIRED) == EFI_AUTH_OPERATION_IMAGE_REQUIRED) {\r
      //\r
      // Try get file buffer when the handler requires image buffer.\r
      //\r
      if (FileBuffer == NULL) {\r
        Node   = FilePathToVerfiy;\r
        Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);\r
        //\r
        // Try to get image by FALSE boot policy for the exact boot file path.\r
        //\r
        FileBuffer = GetFileBufferByFilePath (FALSE, FilePath, &FileSize, &AuthenticationStatus);\r
        if (FileBuffer == NULL) {\r
          //\r
          // Try to get image by TRUE boot policy for the inexact boot file path.\r
          //\r
          FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus);\r
        }\r
\r
        if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {\r
          //\r
          // LoadFile () may cause the device path of the Handle be updated.\r
          //\r
          FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node);\r
        }\r
      }\r
    }\r
\r
    Status = mSecurityTable[Index].SecurityHandler (\r
                                     HandlerAuthenticationStatus,\r
                                     FilePathToVerfiy,\r
                                     FileBuffer,\r
                                     FileSize\r
                                     );\r
    if (EFI_ERROR (Status)) {\r
      break;\r
    }\r
  }\r
\r
  if (FileBuffer != NULL) {\r
    FreePool (FileBuffer);\r
  }\r
\r
  if (FilePathToVerfiy != FilePath) {\r
    FreePool (FilePathToVerfiy);\r
  }\r
\r
  return Status;\r
}\r
\r
/**\r
  Reallocates more global memory to store the registered Securit2Handler list.\r
\r
  @retval  RETURN_SUCCESS            Reallocate memory successfully.\r
  @retval  RETURN_OUT_OF_RESOURCES   No enough memory to allocated.\r
**/\r
RETURN_STATUS\r
EFIAPI\r
ReallocateSecurity2HandlerTable (\r
  VOID\r
  )\r
{\r
  //\r
  // Reallocate memory for security info structure.\r
  //\r
  mSecurity2Table = ReallocatePool (\r
                      mMaxNumberOfSecurity2Handler * sizeof (SECURITY2_INFO),\r
                      (mMaxNumberOfSecurity2Handler + SECURITY_HANDLER_TABLE_SIZE) * sizeof (SECURITY2_INFO),\r
                      mSecurity2Table\r
                      );\r
\r
  //\r
  // No enough resource is allocated.\r
  //\r
  if (mSecurity2Table == NULL) {\r
    return RETURN_OUT_OF_RESOURCES;\r
  }\r
\r
  //\r
  // Increase max handler number\r
  //\r
  mMaxNumberOfSecurity2Handler = mMaxNumberOfSecurity2Handler + SECURITY_HANDLER_TABLE_SIZE;\r
  return RETURN_SUCCESS;\r
}\r
\r
/**\r
  Check whether an operation is valid according to the requirement of current operation,\r
  which must make sure that the measure image operation is the last one.\r
\r
  If AuthenticationOperation is not recongnized, return FALSE.\r
  If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, return FALSE.\r
  If AuthenticationOperation includes security operation and authentication operation, return FALSE.\r
  If the previous register handler can't be executed before the later register handler, return FALSE.\r
\r
  @param CurrentAuthOperation  Current operation.\r
  @param CheckAuthOperation    Operation to be checked.\r
\r
  @retval  TRUE   Operation is valid for current operation.\r
  @retval  FALSE  Operation is invalid for current operation.\r
**/\r
BOOLEAN\r
CheckAuthentication2Operation (\r
  IN  UINT32  CurrentAuthOperation,\r
  IN  UINT32  CheckAuthOperation\r
  )\r
{\r
  //\r
  // Make sure new auth operation can be recognized.\r
  //\r
  if (CheckAuthOperation == EFI_AUTH_OPERATION_NONE) {\r
    return FALSE;\r
  }\r
\r
  if ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK |\r
                              EFI_AUTH_NONE_IMAGE_OPERATION_MASK |\r
                              EFI_AUTH_OPERATION_IMAGE_REQUIRED)) != 0)\r
  {\r
    return FALSE;\r
  }\r
\r
  //\r
  // When current operation includes measure image operation,\r
  // only another measure image or none image operation will be allowed.\r
  //\r
  if ((CurrentAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) {\r
    if (((CheckAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) ||\r
        ((CheckAuthOperation & EFI_AUTH_IMAGE_OPERATION_MASK) == 0))\r
    {\r
      return TRUE;\r
    } else {\r
      return FALSE;\r
    }\r
  }\r
\r
  //\r
  // Any other operation will be allowed.\r
  //\r
  return TRUE;\r
}\r
\r
/**\r
  Register security measurement handler with its operation type. Different\r
  handlers with the same operation can all be registered.\r
\r
  If Security2Handler is NULL, then ASSERT().\r
  If no enough resources available to register new handler, then ASSERT().\r
  If AuthenticationOperation is not recongnized, then ASSERT().\r
  If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, then ASSERT().\r
  If the previous register handler can't be executed before the later register handler, then ASSERT().\r
\r
  @param[in]  Security2Handler          The security measurement service handler to be registered.\r
  @param[in]  AuthenticationOperation   The operation type is specified for the registered handler.\r
\r
  @retval EFI_SUCCESS              The handlers were registered successfully.\r
**/\r
EFI_STATUS\r
EFIAPI\r
RegisterSecurity2Handler (\r
  IN  SECURITY2_FILE_AUTHENTICATION_HANDLER  Security2Handler,\r
  IN  UINT32                                 AuthenticationOperation\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  ASSERT (Security2Handler != NULL);\r
\r
  //\r
  // Make sure AuthenticationOperation is valid in the register order.\r
  //\r
  ASSERT (CheckAuthentication2Operation (mCurrentAuthOperation2, AuthenticationOperation));\r
  mCurrentAuthOperation2 = mCurrentAuthOperation2 | AuthenticationOperation;\r
\r
  //\r
  // Check whether the handler lists is enough to store new handler.\r
  //\r
  if (mNumberOfSecurity2Handler == mMaxNumberOfSecurity2Handler) {\r
    //\r
    // Allocate more resources for new handler.\r
    //\r
    Status = ReallocateSecurity2HandlerTable ();\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  //\r
  // Register new handler into the handler list.\r
  //\r
  mSecurity2Table[mNumberOfSecurity2Handler].Security2Operation = AuthenticationOperation;\r
  mSecurity2Table[mNumberOfSecurity2Handler].Security2Handler   = Security2Handler;\r
  mNumberOfSecurity2Handler++;\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Execute registered handlers based on input AuthenticationOperation until\r
  one returns an error and that error is returned.\r
\r
  If none of the handlers return an error, then EFI_SUCCESS is returned.\r
  The handlers those satisfy AuthenticationOperation will only be executed.\r
  The handlers are executed in same order to their registered order.\r
\r
  @param[in]  AuthenticationOperation\r
                           The operation type specifies which handlers will be executed.\r
  @param[in]  AuthenticationStatus\r
                           The authentication status for the input file.\r
  @param[in]  File         This is a pointer to the device path of the file that is\r
                           being dispatched. This will optionally be used for logging.\r
  @param[in]  FileBuffer   A pointer to the buffer with the UEFI file image\r
  @param[in]  FileSize     The size of File buffer.\r
  @param[in]  BootPolicy   A boot policy that was used to call LoadImage() UEFI service.\r
\r
  @retval EFI_SUCCESS             The file specified by DevicePath and non-NULL\r
                                  FileBuffer did authenticate, and the platform policy dictates\r
                                  that the DXE Foundation may use the file.\r
  @retval EFI_SUCCESS             The device path specified by NULL device path DevicePath\r
                                  and non-NULL FileBuffer did authenticate, and the platform\r
                                  policy dictates that the DXE Foundation may execute the image in\r
                                  FileBuffer.\r
  @retval EFI_SUCCESS             FileBuffer is NULL and current user has permission to start\r
                                  UEFI device drivers on the device path specified by DevicePath.\r
  @retval EFI_SECURITY_VIOLATION  The file specified by File or FileBuffer did not\r
                                  authenticate, and the platform policy dictates that\r
                                  the file should be placed in the untrusted state.\r
  @retval EFI_SECURITY_VIOLATION  FileBuffer FileBuffer is NULL and the user has no\r
                                  permission to start UEFI device drivers on the device path specified\r
                                  by DevicePath.\r
  @retval EFI_SECURITY_VIOLATION  FileBuffer is not NULL and the user has no permission to load\r
                                  drivers from the device path specified by DevicePath. The\r
                                  image has been added into the list of the deferred images.\r
  @retval EFI_ACCESS_DENIED       The file specified by File did not authenticate, and\r
                                  the platform policy dictates that the DXE\r
                                  Foundation may not use File.\r
  @retval EFI_INVALID_PARAMETER   File and FileBuffer are both NULL.\r
**/\r
EFI_STATUS\r
EFIAPI\r
ExecuteSecurity2Handlers (\r
  IN  UINT32                          AuthenticationOperation,\r
  IN  UINT32                          AuthenticationStatus,\r
  IN  CONST EFI_DEVICE_PATH_PROTOCOL  *File  OPTIONAL,\r
  IN  VOID                            *FileBuffer,\r
  IN  UINTN                           FileSize,\r
  IN  BOOLEAN                         BootPolicy\r
  )\r
{\r
  UINT32      Index;\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Invalid case if File and FileBuffer are both NULL.\r
  //\r
  if ((File == NULL) && (FileBuffer == NULL)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  //\r
  // Directly return successfully when no handler is registered.\r
  //\r
  if (mNumberOfSecurity2Handler == 0) {\r
    return EFI_SUCCESS;\r
  }\r
\r
  //\r
  // Run security handler in same order to their registered list\r
  //\r
  for (Index = 0; Index < mNumberOfSecurity2Handler; Index++) {\r
    //\r
    // If FileBuffer is not NULL, the input is Image, which will be handled by EFI_AUTH_IMAGE_OPERATION_MASK operation.\r
    // If FileBuffer is NULL, the input is not Image, which will be handled by EFI_AUTH_NONE_IMAGE_OPERATION_MASK operation.\r
    // Other cases are ignored.\r
    //\r
    if (((FileBuffer != NULL) && ((mSecurity2Table[Index].Security2Operation & EFI_AUTH_IMAGE_OPERATION_MASK) != 0)) ||\r
        ((FileBuffer == NULL) && ((mSecurity2Table[Index].Security2Operation & EFI_AUTH_NONE_IMAGE_OPERATION_MASK) != 0)))\r
    {\r
      //\r
      // Execute registered handlers based on input AuthenticationOperation\r
      //\r
      if ((mSecurity2Table[Index].Security2Operation & AuthenticationOperation) != 0) {\r
        Status = mSecurity2Table[Index].Security2Handler (\r
                                          AuthenticationStatus,\r
                                          File,\r
                                          FileBuffer,\r
                                          FileSize,\r
                                          BootPolicy\r
                                          );\r
        if (EFI_ERROR (Status)) {\r
          return Status;\r
        }\r
      }\r
    }\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
Commit	Line	Data
cd98f305 LG	1	/** @file\r
	2	Provides generic security measurement functions for DXE module.\r
	3	\r
d1102dba	4	Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
9d510e61	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
cd98f305 LG	6	\r
	7	**/\r
	8	\r
	9	#include <PiDxe.h>\r
2b75e8cd	10	#include <Protocol/LoadFile.h>\r
cd98f305 LG	11	#include <Library/DebugLib.h>\r
	12	#include <Library/DxeServicesLib.h>\r
	13	#include <Library/MemoryAllocationLib.h>\r
	14	#include <Library/SecurityManagementLib.h>\r
2b75e8cd LG	15	#include <Library/DevicePathLib.h>\r
2b75e8cd LG	16	#include <Library/UefiBootServicesTableLib.h>\r
cd98f305	17	\r
1436aea4	18	#define SECURITY_HANDLER_TABLE_SIZE 0x10\r
cd98f305	19	\r
bc2dfdbc LG	20	//\r
	21	// Secruity Operation on Image and none Image.\r
	22	//\r
	23	#define EFI_AUTH_IMAGE_OPERATION_MASK (EFI_AUTH_OPERATION_VERIFY_IMAGE \\r
	24	\| EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD \\r
	25	\| EFI_AUTH_OPERATION_MEASURE_IMAGE)\r
	26	#define EFI_AUTH_NONE_IMAGE_OPERATION_MASK (EFI_AUTH_OPERATION_CONNECT_POLICY \\r
	27	\| EFI_AUTH_OPERATION_AUTHENTICATION_STATE)\r
cd98f305 LG	28	\r
cd98f305 LG	29	typedef struct {\r
1436aea4 MK	30	UINT32 SecurityOperation;\r
1436aea4 MK	31	SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler;\r
cd98f305 LG	32	} SECURITY_INFO;\r
cd98f305 LG	33	\r
bc2dfdbc	34	typedef struct {\r
1436aea4 MK	35	UINT32 Security2Operation;\r
1436aea4 MK	36	SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler;\r
bc2dfdbc LG	37	} SECURITY2_INFO;\r
bc2dfdbc LG	38	\r
1436aea4 MK	39	UINT32 mCurrentAuthOperation = 0;\r
	40	UINT32 mNumberOfSecurityHandler = 0;\r
	41	UINT32 mMaxNumberOfSecurityHandler = 0;\r
	42	SECURITY_INFO *mSecurityTable = NULL;\r
cd98f305	43	\r
1436aea4 MK	44	UINT32 mCurrentAuthOperation2 = 0;\r
	45	UINT32 mNumberOfSecurity2Handler = 0;\r
	46	UINT32 mMaxNumberOfSecurity2Handler = 0;\r
	47	SECURITY2_INFO *mSecurity2Table = NULL;\r
bc2dfdbc	48	\r
cd98f305 LG	49	/**\r
	50	Reallocates more global memory to store the registered Handler list.\r
	51	\r
	52	@retval RETURN_SUCCESS Reallocate memory successfully.\r
	53	@retval RETURN_OUT_OF_RESOURCES No enough memory to allocated.\r
	54	**/\r
	55	RETURN_STATUS\r
	56	EFIAPI\r
	57	ReallocateSecurityHandlerTable (\r
f826516d	58	VOID\r
cd98f305 LG	59	)\r
	60	{\r
	61	//\r
	62	// Reallocate memory for security info structure.\r
	63	//\r
	64	mSecurityTable = ReallocatePool (\r
d1102dba LG	65	mMaxNumberOfSecurityHandler * sizeof (SECURITY_INFO),\r
d1102dba LG	66	(mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE) * sizeof (SECURITY_INFO),\r
cd98f305 LG	67	mSecurityTable\r
	68	);\r
	69	\r
	70	//\r
	71	// No enough resource is allocated.\r
	72	//\r
	73	if (mSecurityTable == NULL) {\r
	74	return RETURN_OUT_OF_RESOURCES;\r
	75	}\r
	76	\r
	77	//\r
	78	// Increase max handler number\r
	79	//\r
	80	mMaxNumberOfSecurityHandler = mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE;\r
	81	return RETURN_SUCCESS;\r
	82	}\r
	83	\r
	84	/**\r
d1102dba	85	Check whether an operation is valid according to the requirement of current operation,\r
cd98f305 LG	86	which must make sure that the measure image operation is the last one.\r
	87	\r
	88	@param CurrentAuthOperation Current operation.\r
	89	@param CheckAuthOperation Operation to be checked.\r
	90	\r
	91	@retval TRUE Operation is valid for current operation.\r
	92	@retval FALSE Operation is invalid for current operation.\r
	93	**/\r
	94	BOOLEAN\r
	95	CheckAuthenticationOperation (\r
1436aea4 MK	96	IN UINT32 CurrentAuthOperation,\r
1436aea4 MK	97	IN UINT32 CheckAuthOperation\r
cd98f305	98	)\r
d1102dba	99	{\r
cd98f305 LG	100	//\r
	101	// Make sure new auth operation can be recognized.\r
	102	//\r
c9e88815	103	ASSERT ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK \| EFI_AUTH_OPERATION_AUTHENTICATION_STATE \| EFI_AUTH_OPERATION_IMAGE_REQUIRED)) == 0);\r
d1102dba	104	\r
cd98f305	105	//\r
d1102dba	106	// When current operation includes measure image operation,\r
cd98f305 LG	107	// only another measure image operation or none operation will be allowed.\r
	108	//\r
	109	if ((CurrentAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) {\r
	110	if (((CheckAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) \|\|\r
1436aea4 MK	111	((CheckAuthOperation & EFI_AUTH_IMAGE_OPERATION_MASK) == EFI_AUTH_OPERATION_NONE))\r
1436aea4 MK	112	{\r
cd98f305 LG	113	return TRUE;\r
	114	} else {\r
	115	return FALSE;\r
	116	}\r
	117	}\r
d1102dba	118	\r
cd98f305	119	//\r
d1102dba	120	// When current operation doesn't include measure image operation,\r
cd98f305 LG	121	// any new operation will be allowed.\r
	122	//\r
	123	return TRUE;\r
	124	}\r
	125	\r
	126	/**\r
	127	Register security measurement handler with its operation type. The different\r
	128	handler with the same operation can all be registered.\r
	129	\r
	130	If SecurityHandler is NULL, then ASSERT().\r
	131	If no enough resources available to register new handler, then ASSERT().\r
	132	If AuthenticationOperation is not recongnized, then ASSERT().\r
	133	If the previous register handler can't be executed before the later register handler, then ASSERT().\r
	134	\r
	135	@param[in] SecurityHandler Security measurement service handler to be registered.\r
	136	@param[in] AuthenticationOperation Operation type is specified for the registered handler.\r
	137	\r
	138	@retval EFI_SUCCESS The handlers were registered successfully.\r
	139	**/\r
	140	EFI_STATUS\r
	141	EFIAPI\r
	142	RegisterSecurityHandler (\r
	143	IN SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler,\r
	144	IN UINT32 AuthenticationOperation\r
	145	)\r
	146	{\r
	147	EFI_STATUS Status;\r
	148	\r
	149	ASSERT (SecurityHandler != NULL);\r
	150	\r
	151	//\r
	152	// Make sure AuthenticationOperation is valid in the register order.\r
	153	//\r
	154	ASSERT (CheckAuthenticationOperation (mCurrentAuthOperation, AuthenticationOperation));\r
	155	mCurrentAuthOperation = mCurrentAuthOperation \| AuthenticationOperation;\r
	156	\r
	157	//\r
	158	// Check whether the handler lists is enough to store new handler.\r
	159	//\r
	160	if (mNumberOfSecurityHandler == mMaxNumberOfSecurityHandler) {\r
	161	//\r
	162	// Allocate more resources for new handler.\r
	163	//\r
1436aea4	164	Status = ReallocateSecurityHandlerTable ();\r
cd98f305 LG	165	ASSERT_EFI_ERROR (Status);\r
	166	}\r
	167	\r
	168	//\r
	169	// Register new handler into the handler list.\r
	170	//\r
	171	mSecurityTable[mNumberOfSecurityHandler].SecurityOperation = AuthenticationOperation;\r
	172	mSecurityTable[mNumberOfSecurityHandler].SecurityHandler = SecurityHandler;\r
1436aea4	173	mNumberOfSecurityHandler++;\r
cd98f305 LG	174	\r
	175	return EFI_SUCCESS;\r
	176	}\r
	177	\r
	178	/**\r
	179	Execute registered handlers until one returns an error and that error is returned.\r
	180	If none of the handlers return an error, then EFI_SUCCESS is returned.\r
	181	\r
d1102dba	182	Before exectue handler, get the image buffer by file device path if a handler\r
cd98f305 LG	183	requires the image file. And return the image buffer to each handler when exectue handler.\r
	184	\r
	185	The handlers are executed in same order to their registered order.\r
	186	\r
d1102dba	187	@param[in] AuthenticationStatus\r
cd98f305 LG	188	This is the authentication type returned from the Section\r
	189	Extraction protocol. See the Section Extraction Protocol\r
	190	Specification for details on this type.\r
	191	@param[in] FilePath This is a pointer to the device path of the file that is\r
	192	being dispatched. This will optionally be used for logging.\r
	193	\r
	194	@retval EFI_SUCCESS The file specified by File did authenticate when more\r
d1102dba LG	195	than one security handler services were registered,\r
	196	or the file did not authenticate when no security\r
	197	handler service was registered. And the platform policy\r
cd98f305 LG	198	dictates that the DXE Core may use File.\r
	199	@retval EFI_INVALID_PARAMETER File is NULL.\r
	200	@retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and\r
	201	the platform policy dictates that File should be placed\r
	202	in the untrusted state. A file may be promoted from\r
	203	the untrusted to the trusted state at a future time\r
	204	with a call to the Trust() DXE Service.\r
	205	@retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and\r
	206	the platform policy dictates that File should not be\r
	207	used for any purpose.\r
	208	**/\r
	209	EFI_STATUS\r
	210	EFIAPI\r
	211	ExecuteSecurityHandlers (\r
1436aea4 MK	212	IN UINT32 AuthenticationStatus,\r
1436aea4 MK	213	IN CONST EFI_DEVICE_PATH_PROTOCOL *FilePath\r
cd98f305 LG	214	)\r
cd98f305 LG	215	{\r
1436aea4 MK	216	UINT32 Index;\r
	217	EFI_STATUS Status;\r
	218	UINT32 HandlerAuthenticationStatus;\r
	219	VOID *FileBuffer;\r
	220	UINTN FileSize;\r
	221	EFI_HANDLE Handle;\r
	222	EFI_DEVICE_PATH_PROTOCOL *Node;\r
	223	EFI_DEVICE_PATH_PROTOCOL *FilePathToVerfiy;\r
d1102dba	224	\r
cd98f305 LG	225	if (FilePath == NULL) {\r
	226	return EFI_INVALID_PARAMETER;\r
	227	}\r
	228	\r
	229	//\r
	230	// Directly return successfully when no handler is registered.\r
	231	//\r
	232	if (mNumberOfSecurityHandler == 0) {\r
	233	return EFI_SUCCESS;\r
	234	}\r
d1102dba	235	\r
cd98f305 LG	236	Status = EFI_SUCCESS;\r
	237	FileBuffer = NULL;\r
	238	FileSize = 0;\r
	239	HandlerAuthenticationStatus = AuthenticationStatus;\r
1436aea4	240	FilePathToVerfiy = (EFI_DEVICE_PATH_PROTOCOL *)FilePath;\r
cd98f305 LG	241	//\r
	242	// Run security handler in same order to their registered list\r
	243	//\r
1436aea4	244	for (Index = 0; Index < mNumberOfSecurityHandler; Index++) {\r
cd98f305 LG	245	if ((mSecurityTable[Index].SecurityOperation & EFI_AUTH_OPERATION_IMAGE_REQUIRED) == EFI_AUTH_OPERATION_IMAGE_REQUIRED) {\r
	246	//\r
	247	// Try get file buffer when the handler requires image buffer.\r
	248	//\r
	249	if (FileBuffer == NULL) {\r
2b75e8cd LG	250	Node = FilePathToVerfiy;\r
2b75e8cd LG	251	Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);\r
2983a79d LG	252	//\r
	253	// Try to get image by FALSE boot policy for the exact boot file path.\r
	254	//\r
cd98f305	255	FileBuffer = GetFileBufferByFilePath (FALSE, FilePath, &FileSize, &AuthenticationStatus);\r
2983a79d LG	256	if (FileBuffer == NULL) {\r
	257	//\r
	258	// Try to get image by TRUE boot policy for the inexact boot file path.\r
	259	//\r
	260	FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus);\r
	261	}\r
1436aea4	262	\r
2b75e8cd LG	263	if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {\r
	264	//\r
	265	// LoadFile () may cause the device path of the Handle be updated.\r
	266	//\r
	267	FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node);\r
	268	}\r
cd98f305 LG	269	}\r
cd98f305 LG	270	}\r
1436aea4	271	\r
cd98f305	272	Status = mSecurityTable[Index].SecurityHandler (\r
1436aea4 MK	273	HandlerAuthenticationStatus,\r
	274	FilePathToVerfiy,\r
	275	FileBuffer,\r
	276	FileSize\r
	277	);\r
cd98f305 LG	278	if (EFI_ERROR (Status)) {\r
	279	break;\r
	280	}\r
	281	}\r
	282	\r
	283	if (FileBuffer != NULL) {\r
	284	FreePool (FileBuffer);\r
	285	}\r
1436aea4	286	\r
2b75e8cd LG	287	if (FilePathToVerfiy != FilePath) {\r
	288	FreePool (FilePathToVerfiy);\r
	289	}\r
cd98f305 LG	290	\r
	291	return Status;\r
	292	}\r
bc2dfdbc LG	293	\r
	294	/**\r
	295	Reallocates more global memory to store the registered Securit2Handler list.\r
	296	\r
	297	@retval RETURN_SUCCESS Reallocate memory successfully.\r
	298	@retval RETURN_OUT_OF_RESOURCES No enough memory to allocated.\r
	299	**/\r
	300	RETURN_STATUS\r
	301	EFIAPI\r
	302	ReallocateSecurity2HandlerTable (\r
f826516d	303	VOID\r
bc2dfdbc LG	304	)\r
	305	{\r
	306	//\r
	307	// Reallocate memory for security info structure.\r
	308	//\r
	309	mSecurity2Table = ReallocatePool (\r
1436aea4 MK	310	mMaxNumberOfSecurity2Handler * sizeof (SECURITY2_INFO),\r
	311	(mMaxNumberOfSecurity2Handler + SECURITY_HANDLER_TABLE_SIZE) * sizeof (SECURITY2_INFO),\r
	312	mSecurity2Table\r
	313	);\r
bc2dfdbc LG	314	\r
	315	//\r
	316	// No enough resource is allocated.\r
	317	//\r
	318	if (mSecurity2Table == NULL) {\r
	319	return RETURN_OUT_OF_RESOURCES;\r
	320	}\r
	321	\r
	322	//\r
	323	// Increase max handler number\r
	324	//\r
	325	mMaxNumberOfSecurity2Handler = mMaxNumberOfSecurity2Handler + SECURITY_HANDLER_TABLE_SIZE;\r
	326	return RETURN_SUCCESS;\r
	327	}\r
	328	\r
	329	/**\r
d1102dba	330	Check whether an operation is valid according to the requirement of current operation,\r
bc2dfdbc	331	which must make sure that the measure image operation is the last one.\r
d1102dba	332	\r
bc2dfdbc LG	333	If AuthenticationOperation is not recongnized, return FALSE.\r
	334	If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, return FALSE.\r
	335	If AuthenticationOperation includes security operation and authentication operation, return FALSE.\r
	336	If the previous register handler can't be executed before the later register handler, return FALSE.\r
d1102dba	337	\r
bc2dfdbc LG	338	@param CurrentAuthOperation Current operation.\r
bc2dfdbc LG	339	@param CheckAuthOperation Operation to be checked.\r
d1102dba	340	\r
bc2dfdbc LG	341	@retval TRUE Operation is valid for current operation.\r
	342	@retval FALSE Operation is invalid for current operation.\r
	343	**/\r
	344	BOOLEAN\r
	345	CheckAuthentication2Operation (\r
1436aea4 MK	346	IN UINT32 CurrentAuthOperation,\r
1436aea4 MK	347	IN UINT32 CheckAuthOperation\r
bc2dfdbc	348	)\r
d1102dba	349	{\r
bc2dfdbc LG	350	//\r
	351	// Make sure new auth operation can be recognized.\r
	352	//\r
	353	if (CheckAuthOperation == EFI_AUTH_OPERATION_NONE) {\r
	354	return FALSE;\r
	355	}\r
1436aea4	356	\r
d1102dba LG	357	if ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK \|\r
d1102dba LG	358	EFI_AUTH_NONE_IMAGE_OPERATION_MASK \|\r
1436aea4 MK	359	EFI_AUTH_OPERATION_IMAGE_REQUIRED)) != 0)\r
1436aea4 MK	360	{\r
bc2dfdbc LG	361	return FALSE;\r
	362	}\r
	363	\r
	364	//\r
d1102dba	365	// When current operation includes measure image operation,\r
bc2dfdbc LG	366	// only another measure image or none image operation will be allowed.\r
	367	//\r
	368	if ((CurrentAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) {\r
	369	if (((CheckAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) \|\|\r
1436aea4 MK	370	((CheckAuthOperation & EFI_AUTH_IMAGE_OPERATION_MASK) == 0))\r
1436aea4 MK	371	{\r
bc2dfdbc LG	372	return TRUE;\r
	373	} else {\r
	374	return FALSE;\r
	375	}\r
	376	}\r
d1102dba	377	\r
bc2dfdbc LG	378	//\r
	379	// Any other operation will be allowed.\r
	380	//\r
	381	return TRUE;\r
	382	}\r
	383	\r
	384	/**\r
	385	Register security measurement handler with its operation type. Different\r
	386	handlers with the same operation can all be registered.\r
	387	\r
	388	If Security2Handler is NULL, then ASSERT().\r
	389	If no enough resources available to register new handler, then ASSERT().\r
	390	If AuthenticationOperation is not recongnized, then ASSERT().\r
	391	If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, then ASSERT().\r
	392	If the previous register handler can't be executed before the later register handler, then ASSERT().\r
	393	\r
	394	@param[in] Security2Handler The security measurement service handler to be registered.\r
	395	@param[in] AuthenticationOperation The operation type is specified for the registered handler.\r
	396	\r
	397	@retval EFI_SUCCESS The handlers were registered successfully.\r
	398	**/\r
	399	EFI_STATUS\r
	400	EFIAPI\r
	401	RegisterSecurity2Handler (\r
1436aea4 MK	402	IN SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler,\r
1436aea4 MK	403	IN UINT32 AuthenticationOperation\r
bc2dfdbc LG	404	)\r
	405	{\r
	406	EFI_STATUS Status;\r
	407	\r
	408	ASSERT (Security2Handler != NULL);\r
	409	\r
	410	//\r
	411	// Make sure AuthenticationOperation is valid in the register order.\r
	412	//\r
	413	ASSERT (CheckAuthentication2Operation (mCurrentAuthOperation2, AuthenticationOperation));\r
	414	mCurrentAuthOperation2 = mCurrentAuthOperation2 \| AuthenticationOperation;\r
	415	\r
	416	//\r
	417	// Check whether the handler lists is enough to store new handler.\r
	418	//\r
	419	if (mNumberOfSecurity2Handler == mMaxNumberOfSecurity2Handler) {\r
	420	//\r
	421	// Allocate more resources for new handler.\r
	422	//\r
1436aea4	423	Status = ReallocateSecurity2HandlerTable ();\r
bc2dfdbc LG	424	ASSERT_EFI_ERROR (Status);\r
	425	}\r
	426	\r
	427	//\r
	428	// Register new handler into the handler list.\r
	429	//\r
	430	mSecurity2Table[mNumberOfSecurity2Handler].Security2Operation = AuthenticationOperation;\r
	431	mSecurity2Table[mNumberOfSecurity2Handler].Security2Handler = Security2Handler;\r
1436aea4	432	mNumberOfSecurity2Handler++;\r
bc2dfdbc LG	433	\r
	434	return EFI_SUCCESS;\r
	435	}\r
	436	\r
	437	/**\r
d1102dba LG	438	Execute registered handlers based on input AuthenticationOperation until\r
	439	one returns an error and that error is returned.\r
	440	\r
bc2dfdbc LG	441	If none of the handlers return an error, then EFI_SUCCESS is returned.\r
	442	The handlers those satisfy AuthenticationOperation will only be executed.\r
	443	The handlers are executed in same order to their registered order.\r
	444	\r
d1102dba	445	@param[in] AuthenticationOperation\r
bc2dfdbc	446	The operation type specifies which handlers will be executed.\r
d1102dba	447	@param[in] AuthenticationStatus\r
bc2dfdbc LG	448	The authentication status for the input file.\r
	449	@param[in] File This is a pointer to the device path of the file that is\r
	450	being dispatched. This will optionally be used for logging.\r
	451	@param[in] FileBuffer A pointer to the buffer with the UEFI file image\r
	452	@param[in] FileSize The size of File buffer.\r
	453	@param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
	454	\r
	455	@retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
	456	FileBuffer did authenticate, and the platform policy dictates\r
	457	that the DXE Foundation may use the file.\r
	458	@retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r
	459	and non-NULL FileBuffer did authenticate, and the platform\r
	460	policy dictates that the DXE Foundation may execute the image in\r
	461	FileBuffer.\r
	462	@retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r
	463	UEFI device drivers on the device path specified by DevicePath.\r
	464	@retval EFI_SECURITY_VIOLATION The file specified by File or FileBuffer did not\r
d1102dba	465	authenticate, and the platform policy dictates that\r
bc2dfdbc LG	466	the file should be placed in the untrusted state.\r
	467	@retval EFI_SECURITY_VIOLATION FileBuffer FileBuffer is NULL and the user has no\r
	468	permission to start UEFI device drivers on the device path specified\r
	469	by DevicePath.\r
	470	@retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r
	471	drivers from the device path specified by DevicePath. The\r
	472	image has been added into the list of the deferred images.\r
	473	@retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and\r
	474	the platform policy dictates that the DXE\r
	475	Foundation may not use File.\r
d1102dba	476	@retval EFI_INVALID_PARAMETER File and FileBuffer are both NULL.\r
bc2dfdbc LG	477	**/\r
	478	EFI_STATUS\r
	479	EFIAPI\r
	480	ExecuteSecurity2Handlers (\r
1436aea4 MK	481	IN UINT32 AuthenticationOperation,\r
	482	IN UINT32 AuthenticationStatus,\r
	483	IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,\r
	484	IN VOID *FileBuffer,\r
	485	IN UINTN FileSize,\r
	486	IN BOOLEAN BootPolicy\r
bc2dfdbc LG	487	)\r
bc2dfdbc LG	488	{\r
1436aea4 MK	489	UINT32 Index;\r
1436aea4 MK	490	EFI_STATUS Status;\r
bc2dfdbc LG	491	\r
	492	//\r
	493	// Invalid case if File and FileBuffer are both NULL.\r
	494	//\r
1436aea4	495	if ((File == NULL) && (FileBuffer == NULL)) {\r
bc2dfdbc LG	496	return EFI_INVALID_PARAMETER;\r
	497	}\r
	498	\r
	499	//\r
	500	// Directly return successfully when no handler is registered.\r
	501	//\r
	502	if (mNumberOfSecurity2Handler == 0) {\r
	503	return EFI_SUCCESS;\r
	504	}\r
	505	\r
	506	//\r
	507	// Run security handler in same order to their registered list\r
	508	//\r
1436aea4	509	for (Index = 0; Index < mNumberOfSecurity2Handler; Index++) {\r
bc2dfdbc LG	510	//\r
	511	// If FileBuffer is not NULL, the input is Image, which will be handled by EFI_AUTH_IMAGE_OPERATION_MASK operation.\r
	512	// If FileBuffer is NULL, the input is not Image, which will be handled by EFI_AUTH_NONE_IMAGE_OPERATION_MASK operation.\r
	513	// Other cases are ignored.\r
	514	//\r
1436aea4 MK	515	if (((FileBuffer != NULL) && ((mSecurity2Table[Index].Security2Operation & EFI_AUTH_IMAGE_OPERATION_MASK) != 0)) \|\|\r
	516	((FileBuffer == NULL) && ((mSecurity2Table[Index].Security2Operation & EFI_AUTH_NONE_IMAGE_OPERATION_MASK) != 0)))\r
	517	{\r
bc2dfdbc LG	518	//\r
	519	// Execute registered handlers based on input AuthenticationOperation\r
	520	//\r
	521	if ((mSecurity2Table[Index].Security2Operation & AuthenticationOperation) != 0) {\r
	522	Status = mSecurity2Table[Index].Security2Handler (\r
1436aea4 MK	523	AuthenticationStatus,\r
	524	File,\r
	525	FileBuffer,\r
	526	FileSize,\r
	527	BootPolicy\r
	528	);\r
bc2dfdbc LG	529	if (EFI_ERROR (Status)) {\r
	530	return Status;\r
	531	}\r
	532	}\r
	533	}\r
	534	}\r
	535	\r
	536	return EFI_SUCCESS;\r
	537	}\r