]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.\r | |
3 | \r | |
4 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r | |
5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
6 | \r | |
7 | **/\r | |
8 | \r | |
9 | #include <Uefi.h>\r | |
10 | #include <Protocol/Security.h>\r | |
11 | #include <Protocol/Security2.h>\r | |
12 | #include <Library/DebugLib.h>\r | |
13 | #include <Library/UefiBootServicesTableLib.h>\r | |
14 | #include <Library/UefiDriverEntryPoint.h>\r | |
15 | #include <Library/SecurityManagementLib.h>\r | |
16 | #include "Defer3rdPartyImageLoad.h"\r | |
17 | \r | |
18 | //\r | |
19 | // Handle for the Security Architectural Protocol instance produced by this driver\r | |
20 | //\r | |
21 | EFI_HANDLE mSecurityArchProtocolHandle = NULL;\r | |
22 | \r | |
23 | /**\r | |
24 | The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific\r | |
25 | policy from the DXE core response to an attempt to use a file that returns a\r | |
26 | given status for the authentication check from the section extraction protocol.\r | |
27 | \r | |
28 | The possible responses in a given SAP implementation may include locking\r | |
29 | flash upon failure to authenticate, attestation logging for all signed drivers,\r | |
30 | and other exception operations. The File parameter allows for possible logging\r | |
31 | within the SAP of the driver.\r | |
32 | \r | |
33 | If File is NULL, then EFI_INVALID_PARAMETER is returned.\r | |
34 | \r | |
35 | If the file specified by File with an authentication status specified by\r | |
36 | AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r | |
37 | \r | |
38 | If the file specified by File with an authentication status specified by\r | |
39 | AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r | |
40 | then EFI_ACCESS_DENIED is returned.\r | |
41 | \r | |
42 | If the file specified by File with an authentication status specified by\r | |
43 | AuthenticationStatus is not safe for the DXE Core to use right now, but it\r | |
44 | might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r | |
45 | returned.\r | |
46 | \r | |
47 | @param This The EFI_SECURITY_ARCH_PROTOCOL instance.\r | |
48 | @param AuthenticationStatus\r | |
49 | This is the authentication type returned from the Section\r | |
50 | Extraction protocol. See the Section Extraction Protocol\r | |
51 | Specification for details on this type.\r | |
52 | @param File This is a pointer to the device path of the file that is\r | |
53 | being dispatched. This will optionally be used for logging.\r | |
54 | \r | |
55 | @retval EFI_SUCCESS Do nothing and return success.\r | |
56 | @retval EFI_INVALID_PARAMETER File is NULL.\r | |
57 | **/\r | |
58 | EFI_STATUS\r | |
59 | EFIAPI\r | |
60 | SecurityStubAuthenticateState (\r | |
61 | IN CONST EFI_SECURITY_ARCH_PROTOCOL *This,\r | |
62 | IN UINT32 AuthenticationStatus,\r | |
63 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File\r | |
64 | )\r | |
65 | {\r | |
66 | EFI_STATUS Status;\r | |
67 | \r | |
68 | Status = ExecuteSecurity2Handlers (\r | |
69 | EFI_AUTH_OPERATION_AUTHENTICATION_STATE,\r | |
70 | AuthenticationStatus,\r | |
71 | File,\r | |
72 | NULL,\r | |
73 | 0,\r | |
74 | FALSE\r | |
75 | );\r | |
76 | if (Status == EFI_SUCCESS) {\r | |
77 | Status = ExecuteSecurityHandlers (AuthenticationStatus, File);\r | |
78 | }\r | |
79 | \r | |
80 | return Status;\r | |
81 | }\r | |
82 | \r | |
83 | /**\r | |
84 | The DXE Foundation uses this service to measure and/or verify a UEFI image.\r | |
85 | \r | |
86 | This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI\r | |
87 | Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation\r | |
88 | invokes the FileAuthentication() with a DevicePath and corresponding image in\r | |
89 | FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the\r | |
90 | appropriate PCR. The image verification logic will confirm the integrity and provenance of the\r | |
91 | image in FileBuffer of length FileSize . The origin of the image will be DevicePath in\r | |
92 | these cases.\r | |
93 | If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected\r | |
94 | in order to support the User Identification policy.\r | |
95 | \r | |
96 | @param This The EFI_SECURITY2_ARCH_PROTOCOL instance.\r | |
97 | @param File A pointer to the device path of the file that is\r | |
98 | being dispatched. This will optionally be used for logging.\r | |
99 | @param FileBuffer A pointer to the buffer with the UEFI file image.\r | |
100 | @param FileSize The size of the file.\r | |
101 | @param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If\r | |
102 | FileAuthentication() is invoked not from the LoadImage(),\r | |
103 | BootPolicy must be set to FALSE.\r | |
104 | \r | |
105 | @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r | |
106 | FileBuffer did authenticate, and the platform policy dictates\r | |
107 | that the DXE Foundation may use the file.\r | |
108 | @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r | |
109 | and non-NULL FileBuffer did authenticate, and the platform\r | |
110 | policy dictates that the DXE Foundation may execute the image in\r | |
111 | FileBuffer.\r | |
112 | @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r | |
113 | UEFI device drivers on the device path specified by DevicePath.\r | |
114 | @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not\r | |
115 | authenticate, and the platform policy dictates that the file should be\r | |
116 | placed in the untrusted state. The image has been added to the file\r | |
117 | execution table.\r | |
118 | @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r | |
119 | authenticate, and the platform policy dictates that the DXE\r | |
120 | Foundation many not use File.\r | |
121 | @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r | |
122 | permission to start UEFI device drivers on the device path specified\r | |
123 | by DevicePath.\r | |
124 | @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r | |
125 | drivers from the device path specified by DevicePath. The\r | |
126 | image has been added into the list of the deferred images.\r | |
127 | **/\r | |
128 | EFI_STATUS\r | |
129 | EFIAPI\r | |
130 | Security2StubAuthenticate (\r | |
131 | IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,\r | |
132 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,\r | |
133 | IN VOID *FileBuffer,\r | |
134 | IN UINTN FileSize,\r | |
135 | IN BOOLEAN BootPolicy\r | |
136 | )\r | |
137 | {\r | |
138 | EFI_STATUS Status;\r | |
139 | \r | |
140 | if (FileBuffer != NULL) {\r | |
141 | Status = Defer3rdPartyImageLoad (File, BootPolicy);\r | |
142 | if (EFI_ERROR (Status)) {\r | |
143 | return Status;\r | |
144 | }\r | |
145 | }\r | |
146 | \r | |
147 | return ExecuteSecurity2Handlers (\r | |
148 | EFI_AUTH_OPERATION_VERIFY_IMAGE |\r | |
149 | EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD |\r | |
150 | EFI_AUTH_OPERATION_MEASURE_IMAGE |\r | |
151 | EFI_AUTH_OPERATION_CONNECT_POLICY,\r | |
152 | 0,\r | |
153 | File,\r | |
154 | FileBuffer,\r | |
155 | FileSize,\r | |
156 | BootPolicy\r | |
157 | );\r | |
158 | }\r | |
159 | \r | |
160 | //\r | |
161 | // Security2 and Security Architectural Protocol instance produced by this driver\r | |
162 | //\r | |
163 | EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {\r | |
164 | SecurityStubAuthenticateState\r | |
165 | };\r | |
166 | \r | |
167 | EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = {\r | |
168 | Security2StubAuthenticate\r | |
169 | };\r | |
170 | \r | |
171 | /**\r | |
172 | Installs Security2 and Security Architectural Protocol.\r | |
173 | \r | |
174 | @param ImageHandle The image handle of this driver.\r | |
175 | @param SystemTable A pointer to the EFI System Table.\r | |
176 | \r | |
177 | @retval EFI_SUCCESS Install the sample Security Architectural Protocol successfully.\r | |
178 | \r | |
179 | **/\r | |
180 | EFI_STATUS\r | |
181 | EFIAPI\r | |
182 | SecurityStubInitialize (\r | |
183 | IN EFI_HANDLE ImageHandle,\r | |
184 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
185 | )\r | |
186 | {\r | |
187 | EFI_STATUS Status;\r | |
188 | \r | |
189 | //\r | |
190 | // Make sure the Security Architectural Protocol is not already installed in the system\r | |
191 | //\r | |
192 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurity2ArchProtocolGuid);\r | |
193 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);\r | |
194 | \r | |
195 | //\r | |
196 | // Install the Security Architectural Protocol onto a new handle\r | |
197 | //\r | |
198 | Status = gBS->InstallMultipleProtocolInterfaces (\r | |
199 | &mSecurityArchProtocolHandle,\r | |
200 | &gEfiSecurity2ArchProtocolGuid,\r | |
201 | &mSecurity2Stub,\r | |
202 | &gEfiSecurityArchProtocolGuid,\r | |
203 | &mSecurityStub,\r | |
204 | NULL\r | |
205 | );\r | |
206 | ASSERT_EFI_ERROR (Status);\r | |
207 | \r | |
208 | Defer3rdPartyImageLoadInitialize ();\r | |
209 | \r | |
210 | return EFI_SUCCESS;\r | |
211 | }\r |