]>
Commit | Line | Data |
---|---|---|
ce2f5557 | 1 | /** @file\r |
bc2dfdbc | 2 | This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.\r |
ce2f5557 | 3 | \r |
d1102dba | 4 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r |
9d510e61 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
ce2f5557 | 6 | \r |
7 | **/\r | |
8 | \r | |
109e9a61 LG |
9 | #include <Uefi.h>\r |
10 | #include <Protocol/Security.h>\r | |
bc2dfdbc | 11 | #include <Protocol/Security2.h>\r |
109e9a61 LG |
12 | #include <Library/DebugLib.h>\r |
13 | #include <Library/UefiBootServicesTableLib.h>\r | |
14 | #include <Library/UefiDriverEntryPoint.h>\r | |
cd98f305 | 15 | #include <Library/SecurityManagementLib.h>\r |
8be37a5c | 16 | #include "Defer3rdPartyImageLoad.h"\r |
ce2f5557 | 17 | \r |
18 | //\r | |
19 | // Handle for the Security Architectural Protocol instance produced by this driver\r | |
20 | //\r | |
1436aea4 | 21 | EFI_HANDLE mSecurityArchProtocolHandle = NULL;\r |
ce2f5557 | 22 | \r |
ce2f5557 | 23 | /**\r |
d1102dba LG |
24 | The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific\r |
25 | policy from the DXE core response to an attempt to use a file that returns a\r | |
26 | given status for the authentication check from the section extraction protocol.\r | |
ce2f5557 | 27 | \r |
d1102dba LG |
28 | The possible responses in a given SAP implementation may include locking\r |
29 | flash upon failure to authenticate, attestation logging for all signed drivers,\r | |
30 | and other exception operations. The File parameter allows for possible logging\r | |
ce2f5557 | 31 | within the SAP of the driver.\r |
32 | \r | |
33 | If File is NULL, then EFI_INVALID_PARAMETER is returned.\r | |
34 | \r | |
d1102dba | 35 | If the file specified by File with an authentication status specified by\r |
ce2f5557 | 36 | AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r |
37 | \r | |
d1102dba LG |
38 | If the file specified by File with an authentication status specified by\r |
39 | AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r | |
ce2f5557 | 40 | then EFI_ACCESS_DENIED is returned.\r |
41 | \r | |
d1102dba LG |
42 | If the file specified by File with an authentication status specified by\r |
43 | AuthenticationStatus is not safe for the DXE Core to use right now, but it\r | |
44 | might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r | |
ce2f5557 | 45 | returned.\r |
46 | \r | |
47 | @param This The EFI_SECURITY_ARCH_PROTOCOL instance.\r | |
d1102dba | 48 | @param AuthenticationStatus\r |
ce2f5557 | 49 | This is the authentication type returned from the Section\r |
50 | Extraction protocol. See the Section Extraction Protocol\r | |
51 | Specification for details on this type.\r | |
52 | @param File This is a pointer to the device path of the file that is\r | |
53 | being dispatched. This will optionally be used for logging.\r | |
54 | \r | |
109e9a61 | 55 | @retval EFI_SUCCESS Do nothing and return success.\r |
5d69642d | 56 | @retval EFI_INVALID_PARAMETER File is NULL.\r |
ce2f5557 | 57 | **/\r |
58 | EFI_STATUS\r | |
59 | EFIAPI\r | |
60 | SecurityStubAuthenticateState (\r | |
c48d41d2 LG |
61 | IN CONST EFI_SECURITY_ARCH_PROTOCOL *This,\r |
62 | IN UINT32 AuthenticationStatus,\r | |
63 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File\r | |
ce2f5557 | 64 | )\r |
65 | {\r | |
1436aea4 MK |
66 | EFI_STATUS Status;\r |
67 | \r | |
68 | Status = ExecuteSecurity2Handlers (\r | |
69 | EFI_AUTH_OPERATION_AUTHENTICATION_STATE,\r | |
70 | AuthenticationStatus,\r | |
71 | File,\r | |
72 | NULL,\r | |
73 | 0,\r | |
74 | FALSE\r | |
75 | );\r | |
c9e88815 LG |
76 | if (Status == EFI_SUCCESS) {\r |
77 | Status = ExecuteSecurityHandlers (AuthenticationStatus, File);\r | |
78 | }\r | |
d1102dba | 79 | \r |
c9e88815 | 80 | return Status;\r |
bc2dfdbc LG |
81 | }\r |
82 | \r | |
83 | /**\r | |
84 | The DXE Foundation uses this service to measure and/or verify a UEFI image.\r | |
85 | \r | |
86 | This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI\r | |
87 | Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation\r | |
88 | invokes the FileAuthentication() with a DevicePath and corresponding image in\r | |
89 | FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the\r | |
90 | appropriate PCR. The image verification logic will confirm the integrity and provenance of the\r | |
91 | image in FileBuffer of length FileSize . The origin of the image will be DevicePath in\r | |
92 | these cases.\r | |
93 | If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected\r | |
94 | in order to support the User Identification policy.\r | |
d1102dba | 95 | \r |
bc2dfdbc LG |
96 | @param This The EFI_SECURITY2_ARCH_PROTOCOL instance.\r |
97 | @param File A pointer to the device path of the file that is\r | |
98 | being dispatched. This will optionally be used for logging.\r | |
99 | @param FileBuffer A pointer to the buffer with the UEFI file image.\r | |
100 | @param FileSize The size of the file.\r | |
101 | @param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If\r | |
102 | FileAuthentication() is invoked not from the LoadImage(),\r | |
103 | BootPolicy must be set to FALSE.\r | |
d1102dba | 104 | \r |
bc2dfdbc LG |
105 | @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r |
106 | FileBuffer did authenticate, and the platform policy dictates\r | |
107 | that the DXE Foundation may use the file.\r | |
108 | @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r | |
109 | and non-NULL FileBuffer did authenticate, and the platform\r | |
110 | policy dictates that the DXE Foundation may execute the image in\r | |
111 | FileBuffer.\r | |
112 | @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r | |
113 | UEFI device drivers on the device path specified by DevicePath.\r | |
114 | @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not\r | |
115 | authenticate, and the platform policy dictates that the file should be\r | |
116 | placed in the untrusted state. The image has been added to the file\r | |
117 | execution table.\r | |
118 | @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r | |
119 | authenticate, and the platform policy dictates that the DXE\r | |
120 | Foundation many not use File.\r | |
121 | @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r | |
122 | permission to start UEFI device drivers on the device path specified\r | |
123 | by DevicePath.\r | |
124 | @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r | |
125 | drivers from the device path specified by DevicePath. The\r | |
126 | image has been added into the list of the deferred images.\r | |
127 | **/\r | |
128 | EFI_STATUS\r | |
129 | EFIAPI\r | |
130 | Security2StubAuthenticate (\r | |
1436aea4 MK |
131 | IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,\r |
132 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,\r | |
133 | IN VOID *FileBuffer,\r | |
134 | IN UINTN FileSize,\r | |
135 | IN BOOLEAN BootPolicy\r | |
bc2dfdbc LG |
136 | )\r |
137 | {\r | |
1436aea4 | 138 | EFI_STATUS Status;\r |
8be37a5c RN |
139 | \r |
140 | if (FileBuffer != NULL) {\r | |
141 | Status = Defer3rdPartyImageLoad (File, BootPolicy);\r | |
142 | if (EFI_ERROR (Status)) {\r | |
143 | return Status;\r | |
144 | }\r | |
145 | }\r | |
146 | \r | |
1436aea4 MK |
147 | return ExecuteSecurity2Handlers (\r |
148 | EFI_AUTH_OPERATION_VERIFY_IMAGE |\r | |
149 | EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD |\r | |
150 | EFI_AUTH_OPERATION_MEASURE_IMAGE |\r | |
151 | EFI_AUTH_OPERATION_CONNECT_POLICY,\r | |
152 | 0,\r | |
153 | File,\r | |
154 | FileBuffer,\r | |
155 | FileSize,\r | |
156 | BootPolicy\r | |
157 | );\r | |
ce2f5557 | 158 | }\r |
159 | \r | |
109e9a61 | 160 | //\r |
bc2dfdbc | 161 | // Security2 and Security Architectural Protocol instance produced by this driver\r |
109e9a61 | 162 | //\r |
d1102dba LG |
163 | EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {\r |
164 | SecurityStubAuthenticateState\r | |
109e9a61 | 165 | };\r |
ce2f5557 | 166 | \r |
1436aea4 | 167 | EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = {\r |
d1102dba | 168 | Security2StubAuthenticate\r |
bc2dfdbc LG |
169 | };\r |
170 | \r | |
ce2f5557 | 171 | /**\r |
bc2dfdbc | 172 | Installs Security2 and Security Architectural Protocol.\r |
ce2f5557 | 173 | \r |
109e9a61 LG |
174 | @param ImageHandle The image handle of this driver.\r |
175 | @param SystemTable A pointer to the EFI System Table.\r | |
d1102dba | 176 | \r |
5d69642d | 177 | @retval EFI_SUCCESS Install the sample Security Architectural Protocol successfully.\r |
ce2f5557 | 178 | \r |
179 | **/\r | |
180 | EFI_STATUS\r | |
181 | EFIAPI\r | |
182 | SecurityStubInitialize (\r | |
183 | IN EFI_HANDLE ImageHandle,\r | |
184 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
185 | )\r | |
186 | {\r | |
187 | EFI_STATUS Status;\r | |
188 | \r | |
189 | //\r | |
190 | // Make sure the Security Architectural Protocol is not already installed in the system\r | |
191 | //\r | |
bc2dfdbc | 192 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurity2ArchProtocolGuid);\r |
ce2f5557 | 193 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);\r |
194 | \r | |
195 | //\r | |
196 | // Install the Security Architectural Protocol onto a new handle\r | |
197 | //\r | |
198 | Status = gBS->InstallMultipleProtocolInterfaces (\r | |
199 | &mSecurityArchProtocolHandle,\r | |
bc2dfdbc LG |
200 | &gEfiSecurity2ArchProtocolGuid,\r |
201 | &mSecurity2Stub,\r | |
ce2f5557 | 202 | &gEfiSecurityArchProtocolGuid,\r |
203 | &mSecurityStub,\r | |
204 | NULL\r | |
205 | );\r | |
206 | ASSERT_EFI_ERROR (Status);\r | |
207 | \r | |
8be37a5c RN |
208 | Defer3rdPartyImageLoadInitialize ();\r |
209 | \r | |
5d69642d | 210 | return EFI_SUCCESS;\r |
ce2f5557 | 211 | }\r |