]>
Commit | Line | Data |
---|---|---|
d0043e49 | 1 | /** @file\r |
2 | Implement image authentication status check in UEFI2.3.1.\r | |
3 | \r | |
b3548d32 | 4 | Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>\r |
289b714b | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
d0043e49 | 6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include <PiDxe.h>\r | |
10 | #include <Library/SecurityManagementLib.h>\r | |
11 | \r | |
12 | \r | |
13 | /**\r | |
14 | Check image authentication status returned from Section Extraction Protocol\r | |
b3548d32 LG |
15 | \r |
16 | @param[in] AuthenticationStatus This is the authentication status returned from\r | |
d0043e49 | 17 | the Section Extraction Protocol when reading the input file.\r |
18 | @param[in] File This is a pointer to the device path of the file that is\r | |
19 | being dispatched. This will optionally be used for logging.\r | |
20 | @param[in] FileBuffer File buffer matches the input file device path.\r | |
21 | @param[in] FileSize Size of File buffer matches the input file device path.\r | |
22 | @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r | |
23 | \r | |
24 | @retval EFI_SUCCESS The input file specified by File did authenticate, and the\r | |
25 | platform policy dictates that the DXE Core may use File.\r | |
26 | @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r | |
27 | authenticate, and the platform policy dictates that the DXE\r | |
28 | Foundation many not use File.\r | |
29 | \r | |
30 | **/\r | |
31 | EFI_STATUS\r | |
32 | EFIAPI\r | |
33 | DxeImageAuthenticationStatusHandler (\r | |
34 | IN UINT32 AuthenticationStatus,\r | |
c14f034a | 35 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL\r |
d0043e49 | 36 | IN VOID *FileBuffer,\r |
37 | IN UINTN FileSize,\r | |
38 | IN BOOLEAN BootPolicy\r | |
39 | )\r | |
40 | {\r | |
89799ec9 | 41 | if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {\r |
42 | if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {\r | |
d0043e49 | 43 | return EFI_ACCESS_DENIED;\r |
44 | }\r | |
45 | }\r | |
46 | \r | |
47 | return EFI_SUCCESS;\r | |
48 | }\r | |
49 | \r | |
50 | \r | |
51 | /**\r | |
d6b926e7 | 52 | Register image authentication status check handler.\r |
d0043e49 | 53 | \r |
54 | @param ImageHandle ImageHandle of the loaded driver.\r | |
55 | @param SystemTable Pointer to the EFI System Table.\r | |
56 | \r | |
57 | @retval EFI_SUCCESS The handlers were registered successfully.\r | |
58 | **/\r | |
59 | EFI_STATUS\r | |
60 | EFIAPI\r | |
61 | DxeImageAuthenticationStatusLibConstructor (\r | |
62 | IN EFI_HANDLE ImageHandle,\r | |
63 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
64 | )\r | |
65 | {\r | |
66 | return RegisterSecurity2Handler (\r | |
67 | DxeImageAuthenticationStatusHandler,\r | |
68 | EFI_AUTH_OPERATION_AUTHENTICATION_STATE\r | |
69 | );\r | |
70 | }\r |