]>
Commit | Line | Data |
---|---|---|
ce2f5557 | 1 | /** @file\r |
bc2dfdbc | 2 | This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.\r |
ce2f5557 | 3 | \r |
d1102dba | 4 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r |
9d510e61 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
ce2f5557 | 6 | \r |
7 | **/\r | |
8 | \r | |
9 | \r | |
109e9a61 LG |
10 | #include <Uefi.h>\r |
11 | #include <Protocol/Security.h>\r | |
bc2dfdbc | 12 | #include <Protocol/Security2.h>\r |
109e9a61 LG |
13 | #include <Library/DebugLib.h>\r |
14 | #include <Library/UefiBootServicesTableLib.h>\r | |
15 | #include <Library/UefiDriverEntryPoint.h>\r | |
cd98f305 | 16 | #include <Library/SecurityManagementLib.h>\r |
8be37a5c | 17 | #include "Defer3rdPartyImageLoad.h"\r |
ce2f5557 | 18 | \r |
19 | //\r | |
20 | // Handle for the Security Architectural Protocol instance produced by this driver\r | |
21 | //\r | |
22 | EFI_HANDLE mSecurityArchProtocolHandle = NULL;\r | |
23 | \r | |
ce2f5557 | 24 | /**\r |
d1102dba LG |
25 | The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific\r |
26 | policy from the DXE core response to an attempt to use a file that returns a\r | |
27 | given status for the authentication check from the section extraction protocol.\r | |
ce2f5557 | 28 | \r |
d1102dba LG |
29 | The possible responses in a given SAP implementation may include locking\r |
30 | flash upon failure to authenticate, attestation logging for all signed drivers,\r | |
31 | and other exception operations. The File parameter allows for possible logging\r | |
ce2f5557 | 32 | within the SAP of the driver.\r |
33 | \r | |
34 | If File is NULL, then EFI_INVALID_PARAMETER is returned.\r | |
35 | \r | |
d1102dba | 36 | If the file specified by File with an authentication status specified by\r |
ce2f5557 | 37 | AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r |
38 | \r | |
d1102dba LG |
39 | If the file specified by File with an authentication status specified by\r |
40 | AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r | |
ce2f5557 | 41 | then EFI_ACCESS_DENIED is returned.\r |
42 | \r | |
d1102dba LG |
43 | If the file specified by File with an authentication status specified by\r |
44 | AuthenticationStatus is not safe for the DXE Core to use right now, but it\r | |
45 | might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r | |
ce2f5557 | 46 | returned.\r |
47 | \r | |
48 | @param This The EFI_SECURITY_ARCH_PROTOCOL instance.\r | |
d1102dba | 49 | @param AuthenticationStatus\r |
ce2f5557 | 50 | This is the authentication type returned from the Section\r |
51 | Extraction protocol. See the Section Extraction Protocol\r | |
52 | Specification for details on this type.\r | |
53 | @param File This is a pointer to the device path of the file that is\r | |
54 | being dispatched. This will optionally be used for logging.\r | |
55 | \r | |
109e9a61 | 56 | @retval EFI_SUCCESS Do nothing and return success.\r |
5d69642d | 57 | @retval EFI_INVALID_PARAMETER File is NULL.\r |
ce2f5557 | 58 | **/\r |
59 | EFI_STATUS\r | |
60 | EFIAPI\r | |
61 | SecurityStubAuthenticateState (\r | |
c48d41d2 LG |
62 | IN CONST EFI_SECURITY_ARCH_PROTOCOL *This,\r |
63 | IN UINT32 AuthenticationStatus,\r | |
64 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File\r | |
ce2f5557 | 65 | )\r |
66 | {\r | |
c9e88815 | 67 | EFI_STATUS Status;\r |
d1102dba LG |
68 | \r |
69 | Status = ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_AUTHENTICATION_STATE,\r | |
70 | AuthenticationStatus,\r | |
bc2dfdbc | 71 | File,\r |
d1102dba LG |
72 | NULL,\r |
73 | 0,\r | |
bc2dfdbc LG |
74 | FALSE\r |
75 | );\r | |
c9e88815 LG |
76 | if (Status == EFI_SUCCESS) {\r |
77 | Status = ExecuteSecurityHandlers (AuthenticationStatus, File);\r | |
78 | }\r | |
d1102dba | 79 | \r |
c9e88815 | 80 | return Status;\r |
bc2dfdbc LG |
81 | }\r |
82 | \r | |
83 | /**\r | |
84 | The DXE Foundation uses this service to measure and/or verify a UEFI image.\r | |
85 | \r | |
86 | This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI\r | |
87 | Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation\r | |
88 | invokes the FileAuthentication() with a DevicePath and corresponding image in\r | |
89 | FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the\r | |
90 | appropriate PCR. The image verification logic will confirm the integrity and provenance of the\r | |
91 | image in FileBuffer of length FileSize . The origin of the image will be DevicePath in\r | |
92 | these cases.\r | |
93 | If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected\r | |
94 | in order to support the User Identification policy.\r | |
d1102dba | 95 | \r |
bc2dfdbc LG |
96 | @param This The EFI_SECURITY2_ARCH_PROTOCOL instance.\r |
97 | @param File A pointer to the device path of the file that is\r | |
98 | being dispatched. This will optionally be used for logging.\r | |
99 | @param FileBuffer A pointer to the buffer with the UEFI file image.\r | |
100 | @param FileSize The size of the file.\r | |
101 | @param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If\r | |
102 | FileAuthentication() is invoked not from the LoadImage(),\r | |
103 | BootPolicy must be set to FALSE.\r | |
d1102dba | 104 | \r |
bc2dfdbc LG |
105 | @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r |
106 | FileBuffer did authenticate, and the platform policy dictates\r | |
107 | that the DXE Foundation may use the file.\r | |
108 | @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r | |
109 | and non-NULL FileBuffer did authenticate, and the platform\r | |
110 | policy dictates that the DXE Foundation may execute the image in\r | |
111 | FileBuffer.\r | |
112 | @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r | |
113 | UEFI device drivers on the device path specified by DevicePath.\r | |
114 | @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not\r | |
115 | authenticate, and the platform policy dictates that the file should be\r | |
116 | placed in the untrusted state. The image has been added to the file\r | |
117 | execution table.\r | |
118 | @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r | |
119 | authenticate, and the platform policy dictates that the DXE\r | |
120 | Foundation many not use File.\r | |
121 | @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r | |
122 | permission to start UEFI device drivers on the device path specified\r | |
123 | by DevicePath.\r | |
124 | @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r | |
125 | drivers from the device path specified by DevicePath. The\r | |
126 | image has been added into the list of the deferred images.\r | |
127 | **/\r | |
128 | EFI_STATUS\r | |
129 | EFIAPI\r | |
130 | Security2StubAuthenticate (\r | |
131 | IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,\r | |
1e823422 | 132 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL\r |
bc2dfdbc LG |
133 | IN VOID *FileBuffer,\r |
134 | IN UINTN FileSize,\r | |
135 | IN BOOLEAN BootPolicy\r | |
136 | )\r | |
137 | {\r | |
8be37a5c RN |
138 | EFI_STATUS Status;\r |
139 | \r | |
140 | if (FileBuffer != NULL) {\r | |
141 | Status = Defer3rdPartyImageLoad (File, BootPolicy);\r | |
142 | if (EFI_ERROR (Status)) {\r | |
143 | return Status;\r | |
144 | }\r | |
145 | }\r | |
146 | \r | |
d1102dba LG |
147 | return ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_VERIFY_IMAGE |\r |
148 | EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD |\r | |
bc2dfdbc | 149 | EFI_AUTH_OPERATION_MEASURE_IMAGE |\r |
d1102dba LG |
150 | EFI_AUTH_OPERATION_CONNECT_POLICY,\r |
151 | 0,\r | |
bc2dfdbc | 152 | File,\r |
d1102dba LG |
153 | FileBuffer,\r |
154 | FileSize,\r | |
bc2dfdbc LG |
155 | BootPolicy\r |
156 | );\r | |
ce2f5557 | 157 | }\r |
158 | \r | |
109e9a61 | 159 | //\r |
bc2dfdbc | 160 | // Security2 and Security Architectural Protocol instance produced by this driver\r |
109e9a61 | 161 | //\r |
d1102dba LG |
162 | EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {\r |
163 | SecurityStubAuthenticateState\r | |
109e9a61 | 164 | };\r |
ce2f5557 | 165 | \r |
d1102dba LG |
166 | EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = {\r |
167 | Security2StubAuthenticate\r | |
bc2dfdbc LG |
168 | };\r |
169 | \r | |
ce2f5557 | 170 | /**\r |
bc2dfdbc | 171 | Installs Security2 and Security Architectural Protocol.\r |
ce2f5557 | 172 | \r |
109e9a61 LG |
173 | @param ImageHandle The image handle of this driver.\r |
174 | @param SystemTable A pointer to the EFI System Table.\r | |
d1102dba | 175 | \r |
5d69642d | 176 | @retval EFI_SUCCESS Install the sample Security Architectural Protocol successfully.\r |
ce2f5557 | 177 | \r |
178 | **/\r | |
179 | EFI_STATUS\r | |
180 | EFIAPI\r | |
181 | SecurityStubInitialize (\r | |
182 | IN EFI_HANDLE ImageHandle,\r | |
183 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
184 | )\r | |
185 | {\r | |
186 | EFI_STATUS Status;\r | |
187 | \r | |
188 | //\r | |
189 | // Make sure the Security Architectural Protocol is not already installed in the system\r | |
190 | //\r | |
bc2dfdbc | 191 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurity2ArchProtocolGuid);\r |
ce2f5557 | 192 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);\r |
193 | \r | |
194 | //\r | |
195 | // Install the Security Architectural Protocol onto a new handle\r | |
196 | //\r | |
197 | Status = gBS->InstallMultipleProtocolInterfaces (\r | |
198 | &mSecurityArchProtocolHandle,\r | |
bc2dfdbc LG |
199 | &gEfiSecurity2ArchProtocolGuid,\r |
200 | &mSecurity2Stub,\r | |
ce2f5557 | 201 | &gEfiSecurityArchProtocolGuid,\r |
202 | &mSecurityStub,\r | |
203 | NULL\r | |
204 | );\r | |
205 | ASSERT_EFI_ERROR (Status);\r | |
206 | \r | |
8be37a5c RN |
207 | Defer3rdPartyImageLoadInitialize ();\r |
208 | \r | |
5d69642d | 209 | return EFI_SUCCESS;\r |
ce2f5557 | 210 | }\r |