[mirror_edk2.git] / SecurityPkg / Library / DxeImageAuthenticationStatusLib / DxeImageAuthenticationStatusLib.c

/** @file\r
  Implement image authentication status check in UEFI2.3.1.\r
\r
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiDxe.h>\r
#include <Library/SecurityManagementLib.h>\r
\r
/**\r
  Check image authentication status returned from Section Extraction Protocol\r
\r
  @param[in]    AuthenticationStatus  This is the authentication status returned from\r
                             the Section Extraction Protocol when reading the input file.\r
  @param[in]    File       This is a pointer to the device path of the file that is\r
                           being dispatched. This will optionally be used for logging.\r
  @param[in]    FileBuffer File buffer matches the input file device path.\r
  @param[in]    FileSize   Size of File buffer matches the input file device path.\r
  @param[in]    BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
\r
  @retval EFI_SUCCESS            The input file specified by File did authenticate, and the\r
                                 platform policy dictates that the DXE Core may use File.\r
  @retval EFI_ACCESS_DENIED      The file specified by File and FileBuffer did not\r
                                 authenticate, and the platform policy dictates that the DXE\r
                                 Foundation many not use File.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
DxeImageAuthenticationStatusHandler (\r
  IN  UINT32                          AuthenticationStatus,\r
  IN  CONST EFI_DEVICE_PATH_PROTOCOL  *File  OPTIONAL,\r
  IN  VOID                            *FileBuffer,\r
  IN  UINTN                           FileSize,\r
  IN  BOOLEAN                         BootPolicy\r
  )\r
{\r
  if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r
    if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r
      return EFI_ACCESS_DENIED;\r
    }\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Register image authentication status check handler.\r
\r
  @param  ImageHandle   ImageHandle of the loaded driver.\r
  @param  SystemTable   Pointer to the EFI System Table.\r
\r
  @retval EFI_SUCCESS   The handlers were registered successfully.\r
**/\r
EFI_STATUS\r
EFIAPI\r
DxeImageAuthenticationStatusLibConstructor (\r
  IN EFI_HANDLE        ImageHandle,\r
  IN EFI_SYSTEM_TABLE  *SystemTable\r
  )\r
{\r
  return RegisterSecurity2Handler (\r
           DxeImageAuthenticationStatusHandler,\r
           EFI_AUTH_OPERATION_AUTHENTICATION_STATE\r
           );\r
}\r
Commit	Line	Data
d0043e49	1	/** @file\r
	2	Implement image authentication status check in UEFI2.3.1.\r
	3	\r
b3548d32	4	Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
d0043e49	6	\r
	7	**/\r
	8	\r
	9	#include <PiDxe.h>\r
	10	#include <Library/SecurityManagementLib.h>\r
	11	\r
d0043e49	12	/**\r
d0043e49	13	Check image authentication status returned from Section Extraction Protocol\r
b3548d32 LG	14	\r
b3548d32 LG	15	@param[in] AuthenticationStatus This is the authentication status returned from\r
d0043e49	16	the Section Extraction Protocol when reading the input file.\r
	17	@param[in] File This is a pointer to the device path of the file that is\r
	18	being dispatched. This will optionally be used for logging.\r
	19	@param[in] FileBuffer File buffer matches the input file device path.\r
	20	@param[in] FileSize Size of File buffer matches the input file device path.\r
	21	@param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
	22	\r
	23	@retval EFI_SUCCESS The input file specified by File did authenticate, and the\r
	24	platform policy dictates that the DXE Core may use File.\r
	25	@retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r
	26	authenticate, and the platform policy dictates that the DXE\r
	27	Foundation many not use File.\r
	28	\r
	29	**/\r
	30	EFI_STATUS\r
	31	EFIAPI\r
	32	DxeImageAuthenticationStatusHandler (\r
c411b485 MK	33	IN UINT32 AuthenticationStatus,\r
	34	IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,\r
	35	IN VOID *FileBuffer,\r
	36	IN UINTN FileSize,\r
	37	IN BOOLEAN BootPolicy\r
d0043e49	38	)\r
d0043e49	39	{\r
89799ec9	40	if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r
89799ec9	41	if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED \| EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r
d0043e49	42	return EFI_ACCESS_DENIED;\r
	43	}\r
	44	}\r
	45	\r
	46	return EFI_SUCCESS;\r
	47	}\r
	48	\r
d0043e49	49	/**\r
d6b926e7	50	Register image authentication status check handler.\r
d0043e49	51	\r
	52	@param ImageHandle ImageHandle of the loaded driver.\r
	53	@param SystemTable Pointer to the EFI System Table.\r
	54	\r
	55	@retval EFI_SUCCESS The handlers were registered successfully.\r
	56	**/\r
	57	EFI_STATUS\r
	58	EFIAPI\r
	59	DxeImageAuthenticationStatusLibConstructor (\r
	60	IN EFI_HANDLE ImageHandle,\r
	61	IN EFI_SYSTEM_TABLE *SystemTable\r
	62	)\r
	63	{\r
	64	return RegisterSecurity2Handler (\r
	65	DxeImageAuthenticationStatusHandler,\r
	66	EFI_AUTH_OPERATION_AUTHENTICATION_STATE\r
	67	);\r
	68	}\r