[mirror_edk2.git] / QuarkPlatformPkg / Platform / Pei / PlatformInit / PeiFvSecurity.c

/** @file\r
EFI PEI Platform Security services\r
\r
Copyright (c) 2013 Intel Corporation.\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "PeiFvSecurity.h"\r
\r
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoSecurityList = {\r
    (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
    &gEfiPeiFirmwareVolumeInfoPpiGuid,\r
    FirmwareVolmeInfoPpiNotifySecurityCallback\r
};\r
\r
/**\r
  Callback function to perform FV security checking on a FV Info PPI.\r
\r
  @param PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
  @param NotifyDescriptor  Address of the notification descriptor data structure.\r
  @param Ppi               Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FirmwareVolmeInfoPpiNotifySecurityCallback (\r
  IN EFI_PEI_SERVICES              **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR     *NotifyDescriptor,\r
  IN VOID                          *Ppi\r
  )\r
{\r
  EFI_STATUS  Status;\r
  EFI_PEI_FIRMWARE_VOLUME_INFO_PPI      *FvInfoPpi;\r
  EFI_PEI_FIRMWARE_VOLUME_PPI           *FvPpi;\r
\r
  FvInfoPpi = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;\r
\r
  //\r
  // Locate the corresponding FV_PPI according to founded FV's format guid\r
  //\r
  Status = PeiServicesLocatePpi (\r
             &FvInfoPpi->FvFormat,\r
             0,\r
             NULL,\r
             (VOID**)&FvPpi\r
             );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  //\r
  // Only authenticate parent Firmware Volume (child firmware volumes are covered by the parent)\r
  //\r
  if ((VOID *)FvInfoPpi->ParentFvName == NULL && (VOID *)FvInfoPpi->ParentFileName == NULL) {\r
    Status = PeiSecurityVerifyFv ((EFI_FIRMWARE_VOLUME_HEADER*) FvInfoPpi->FvInfo);\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Authenticates the Firmware Volume\r
\r
  @param CurrentFvAddress   Pointer to the current Firmware Volume under consideration\r
\r
  @retval EFI_SUCCESS       Firmware Volume is legal\r
\r
**/\r
EFI_STATUS\r
PeiSecurityVerifyFv (\r
  IN EFI_FIRMWARE_VOLUME_HEADER  *CurrentFvAddress\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  //\r
  // Call Security library to authenticate the Firmware Volume\r
  //\r
  DEBUG ((DEBUG_INFO, "PeiSecurityVerifyFv - CurrentFvAddress=0x%8x\n", (UINT32)CurrentFvAddress));\r
  Status = EFI_SUCCESS;\r
\r
  return Status;\r
}\r
\r
/**\r
\r
  Entry point for the PEI Security PEIM\r
  Sets up a notification to perform PEI security checking\r
\r
  @param  FfsHeader    Not used.\r
  @param  PeiServices  General purpose services available to every PEIM.\r
\r
  @return EFI_SUCCESS  PEI Security notification installed successfully.\r
          All others: PEI Security notification failed to install.\r
\r
**/\r
EFI_STATUS\r
PeiInitializeFvSecurity (\r
  VOID\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  Status = PeiServicesNotifyPpi (&mNotifyOnFvInfoSecurityList);\r
\r
  return Status;\r
}\r
\r
Commit	Line	Data
b303605e MK	1	/** @file\r
	2	EFI PEI Platform Security services\r
	3	\r
	4	Copyright (c) 2013 Intel Corporation.\r
	5	\r
	6	This program and the accompanying materials\r
	7	are licensed and made available under the terms and conditions of the BSD License\r
	8	which accompanies this distribution. The full text of the license may be found at\r
	9	http://opensource.org/licenses/bsd-license.php\r
	10	\r
	11	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	12	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	13	\r
	14	**/\r
	15	\r
	16	#include "PeiFvSecurity.h"\r
	17	\r
	18	EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoSecurityList = {\r
	19	(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
	20	&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
	21	FirmwareVolmeInfoPpiNotifySecurityCallback\r
	22	};\r
	23	\r
	24	/**\r
	25	Callback function to perform FV security checking on a FV Info PPI.\r
	26	\r
	27	@param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
	28	@param NotifyDescriptor Address of the notification descriptor data structure.\r
	29	@param Ppi Address of the PPI that was installed.\r
	30	\r
	31	@retval EFI_SUCCESS\r
	32	\r
	33	**/\r
	34	EFI_STATUS\r
	35	EFIAPI\r
	36	FirmwareVolmeInfoPpiNotifySecurityCallback (\r
	37	IN EFI_PEI_SERVICES **PeiServices,\r
	38	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
	39	IN VOID *Ppi\r
	40	)\r
	41	{\r
	42	EFI_STATUS Status;\r
	43	EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *FvInfoPpi;\r
	44	EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
	45	\r
	46	FvInfoPpi = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;\r
	47	\r
	48	//\r
	49	// Locate the corresponding FV_PPI according to founded FV's format guid\r
	50	//\r
	51	Status = PeiServicesLocatePpi (\r
	52	&FvInfoPpi->FvFormat,\r
	53	0,\r
	54	NULL,\r
	55	(VOID**)&FvPpi\r
	56	);\r
	57	ASSERT_EFI_ERROR (Status);\r
	58	\r
	59	//\r
	60	// Only authenticate parent Firmware Volume (child firmware volumes are covered by the parent)\r
	61	//\r
	62	if ((VOID )FvInfoPpi->ParentFvName == NULL && (VOID )FvInfoPpi->ParentFileName == NULL) {\r
	63	Status = PeiSecurityVerifyFv ((EFI_FIRMWARE_VOLUME_HEADER*) FvInfoPpi->FvInfo);\r
	64	ASSERT_EFI_ERROR (Status);\r
65	}\r
66	\r
67	return EFI_SUCCESS;\r
68	}\r
69	\r
70	/**\r
71	Authenticates the Firmware Volume\r
72	\r
73	@param CurrentFvAddress Pointer to the current Firmware Volume under consideration\r
74	\r
75	@retval EFI_SUCCESS Firmware Volume is legal\r
76	\r
77	**/\r
78	EFI_STATUS\r
79	PeiSecurityVerifyFv (\r
80	IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress\r
81	)\r
82	{\r
83	EFI_STATUS Status;\r
84	\r
85	//\r
86	// Call Security library to authenticate the Firmware Volume\r
87	//\r
88	DEBUG ((DEBUG_INFO, "PeiSecurityVerifyFv - CurrentFvAddress=0x%8x\n", (UINT32)CurrentFvAddress));\r
89	Status = EFI_SUCCESS;\r
90	\r
91	return Status;\r
92	}\r
93	\r
94	/**\r
95	\r
96	Entry point for the PEI Security PEIM\r
97	Sets up a notification to perform PEI security checking\r
98	\r
99	@param FfsHeader Not used.\r
100	@param PeiServices General purpose services available to every PEIM.\r
101	\r
102	@return EFI_SUCCESS PEI Security notification installed successfully.\r
103	All others: PEI Security notification failed to install.\r
104	\r
105	**/\r
106	EFI_STATUS\r
107	PeiInitializeFvSecurity (\r
108	VOID\r
109	)\r
110	{\r
111	EFI_STATUS Status;\r
112	\r
113	Status = PeiServicesNotifyPpi (&mNotifyOnFvInfoSecurityList);\r
114	\r
115	return Status;\r
116	}\r
117	\r