3 Copyright (c) 2006, Intel Corporation
4 All rights reserved. This program and the accompanying materials
5 are licensed and made available under the terms and conditions of the BSD License
6 which accompanies this distribution. The full text of the license may be found at
7 http://opensource.org/licenses/bsd-license.php
9 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
10 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
18 EFI PEI Core Security services
26 SecurityPpiNotifyCallback (
27 IN EFI_PEI_SERVICES
**PeiServices
,
28 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
32 static EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList
= {
33 EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
,
34 &gEfiPeiSecurityPpiGuid
,
35 SecurityPpiNotifyCallback
39 InitializeSecurityServices (
40 IN EFI_PEI_SERVICES
**PeiServices
,
41 IN PEI_CORE_INSTANCE
*OldCoreData
47 Initialize the security services.
51 PeiServices - The PEI core services table.
52 OldCoreData - Pointer to the old core data.
53 NULL if being run in non-permament memory mode.
60 if (OldCoreData
== NULL
) {
61 PeiServicesNotifyPpi (&mNotifyList
);
68 SecurityPpiNotifyCallback (
69 IN EFI_PEI_SERVICES
**PeiServices
,
70 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
77 Provide a callback for when the security PPI is installed.
81 PeiServices - The PEI core services table.
82 NotifyDescriptor - The descriptor for the notification event.
83 Ppi - Pointer to the PPI in question.
87 EFI_SUCCESS - The function is successfully processed.
91 PEI_CORE_INSTANCE
*PrivateData
;
94 // Get PEI Core private data
96 PrivateData
= PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices
);
99 // If there isn't a security PPI installed, use the one from notification
101 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
102 PrivateData
->PrivateSecurityPpi
= (EFI_PEI_SECURITY_PPI
*)Ppi
;
109 IN EFI_PEI_SERVICES
**PeiServices
,
110 IN EFI_FFS_FILE_HEADER
*CurrentPeimAddress
116 Provide a callout to the security verification service.
120 PeiServices - The PEI core services table.
121 CurrentPeimAddress - Pointer to the Firmware File under investigation.
125 EFI_SUCCESS - Image is OK
126 EFI_SECURITY_VIOLATION - Image is illegal
130 PEI_CORE_INSTANCE
*PrivateData
;
132 UINT32 AuthenticationStatus
;
133 BOOLEAN StartCrisisRecovery
;
136 // Set a default authentication state
138 AuthenticationStatus
= 0;
141 // get security PPI instance from PEI private data
143 PrivateData
= PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices
);
145 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
146 Status
= EFI_NOT_FOUND
;
149 // Check to see if the image is OK
151 Status
= PrivateData
->PrivateSecurityPpi
->AuthenticationState (
153 PrivateData
->PrivateSecurityPpi
,
154 AuthenticationStatus
,
158 if (StartCrisisRecovery
) {
159 Status
= EFI_SECURITY_VIOLATION
;
168 IN EFI_FIRMWARE_VOLUME_HEADER
*CurrentFvAddress
174 Verify a Firmware volume
178 CurrentFvAddress - Pointer to the current Firmware Volume under consideration
182 EFI_SUCCESS - Firmware Volume is legal
183 EFI_SECURITY_VIOLATION - Firmware Volume fails integrity test
188 // Right now just pass the test. Future can authenticate and/or check the
189 // FV-header or other metric for goodness of binary.