]>
Commit | Line | Data |
---|---|---|
d0043e49 | 1 | /** @file\r |
2 | Implement image authentication status check in UEFI2.3.1.\r | |
3 | \r | |
b3548d32 | 4 | Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>\r |
d0043e49 | 5 | This program and the accompanying materials\r |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include <PiDxe.h>\r | |
16 | #include <Library/SecurityManagementLib.h>\r | |
17 | \r | |
18 | \r | |
19 | /**\r | |
20 | Check image authentication status returned from Section Extraction Protocol\r | |
b3548d32 LG |
21 | \r |
22 | @param[in] AuthenticationStatus This is the authentication status returned from\r | |
d0043e49 | 23 | the Section Extraction Protocol when reading the input file.\r |
24 | @param[in] File This is a pointer to the device path of the file that is\r | |
25 | being dispatched. This will optionally be used for logging.\r | |
26 | @param[in] FileBuffer File buffer matches the input file device path.\r | |
27 | @param[in] FileSize Size of File buffer matches the input file device path.\r | |
28 | @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r | |
29 | \r | |
30 | @retval EFI_SUCCESS The input file specified by File did authenticate, and the\r | |
31 | platform policy dictates that the DXE Core may use File.\r | |
32 | @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r | |
33 | authenticate, and the platform policy dictates that the DXE\r | |
34 | Foundation many not use File.\r | |
35 | \r | |
36 | **/\r | |
37 | EFI_STATUS\r | |
38 | EFIAPI\r | |
39 | DxeImageAuthenticationStatusHandler (\r | |
40 | IN UINT32 AuthenticationStatus,\r | |
41 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r | |
42 | IN VOID *FileBuffer,\r | |
43 | IN UINTN FileSize,\r | |
44 | IN BOOLEAN BootPolicy\r | |
45 | )\r | |
46 | {\r | |
89799ec9 | 47 | if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r |
48 | if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r | |
d0043e49 | 49 | return EFI_ACCESS_DENIED;\r |
50 | }\r | |
51 | }\r | |
52 | \r | |
53 | return EFI_SUCCESS;\r | |
54 | }\r | |
55 | \r | |
56 | \r | |
57 | /**\r | |
58 | Register image authenticaion status check handler.\r | |
59 | \r | |
60 | @param ImageHandle ImageHandle of the loaded driver.\r | |
61 | @param SystemTable Pointer to the EFI System Table.\r | |
62 | \r | |
63 | @retval EFI_SUCCESS The handlers were registered successfully.\r | |
64 | **/\r | |
65 | EFI_STATUS\r | |
66 | EFIAPI\r | |
67 | DxeImageAuthenticationStatusLibConstructor (\r | |
68 | IN EFI_HANDLE ImageHandle,\r | |
69 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
70 | )\r | |
71 | {\r | |
72 | return RegisterSecurity2Handler (\r | |
73 | DxeImageAuthenticationStatusHandler,\r | |
74 | EFI_AUTH_OPERATION_AUTHENTICATION_STATE\r | |
75 | );\r | |
76 | }\r |