2 Section Extraction Protocol implementation.
4 Stream database is implemented as a linked list of section streams,
5 where each stream contains a linked list of children, which may be leaves or
8 Children that are encapsulations generate new stream entries
9 when they are created. Streams can also be created by calls to
10 SEP->OpenSectionStream().
12 The database is only created far enough to return the requested data from
13 any given stream, or to determine that the requested data is not found.
15 If a GUIDed encapsulation is encountered, there are three possiblilites.
17 1) A support protocol is found, in which the stream is simply processed with
20 2) A support protocol is not found, but the data is available to be read
21 without processing. In this case, the database is built up through the
22 recursions to return the data, and a RPN event is set that will enable
23 the stream in question to be refreshed if and when the required section
24 extraction protocol is published.This insures the AuthenticationStatus
25 does not become stale in the cache.
27 3) A support protocol is not found, and the data is not available to be read
28 without it. This results in EFI_PROTOCOL_ERROR.
30 Copyright (c) 2006 - 2008, Intel Corporation. <BR>
31 All rights reserved. This program and the accompanying materials
32 are licensed and made available under the terms and conditions of the BSD License
33 which accompanies this distribution. The full text of the license may be found at
34 http://opensource.org/licenses/bsd-license.php
36 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
37 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
44 // Local defines and typedefs
46 #define CORE_SECTION_CHILD_SIGNATURE EFI_SIGNATURE_32('S','X','C','S')
47 #define CHILD_SECTION_NODE_FROM_LINK(Node) \
48 CR (Node, CORE_SECTION_CHILD_NODE, Link, CORE_SECTION_CHILD_SIGNATURE)
56 // StreamBase + OffsetInStream == pointer to section header in stream. The
57 // stream base is always known when walking the sections within.
59 UINT32 OffsetInStream
;
61 // Then EncapsulatedStreamHandle below is always 0 if the section is NOT an
62 // encapsulating section. Otherwise, it contains the stream handle
63 // of the encapsulated stream. This handle is ALWAYS produced any time an
64 // encapsulating child is encountered, irrespective of whether the
65 // encapsulated stream is processed further.
67 UINTN EncapsulatedStreamHandle
;
68 EFI_GUID
*EncapsulationGuid
;
69 } CORE_SECTION_CHILD_NODE
;
71 #define CORE_SECTION_STREAM_SIGNATURE EFI_SIGNATURE_32('S','X','S','S')
72 #define STREAM_NODE_FROM_LINK(Node) \
73 CR (Node, CORE_SECTION_STREAM_NODE, Link, CORE_SECTION_STREAM_SIGNATURE)
83 // Authentication status is from GUIDed encapsulations.
85 UINT32 AuthenticationStatus
;
86 } CORE_SECTION_STREAM_NODE
;
88 #define NULL_STREAM_HANDLE 0
91 CORE_SECTION_CHILD_NODE
*ChildNode
;
92 CORE_SECTION_STREAM_NODE
*ParentStream
;
99 The ExtractSection() function processes the input section and
100 allocates a buffer from the pool in which it returns the section
101 contents. If the section being extracted contains
102 authentication information (the section's
103 GuidedSectionHeader.Attributes field has the
104 EFI_GUIDED_SECTION_AUTH_STATUS_VALID bit set), the values
105 returned in AuthenticationStatus must reflect the results of
106 the authentication operation. Depending on the algorithm and
107 size of the encapsulated data, the time that is required to do
108 a full authentication may be prohibitively long for some
109 classes of systems. To indicate this, use
110 EFI_SECURITY_POLICY_PROTOCOL_GUID, which may be published by
111 the security policy driver (see the Platform Initialization
112 Driver Execution Environment Core Interface Specification for
113 more details and the GUID definition). If the
114 EFI_SECURITY_POLICY_PROTOCOL_GUID exists in the handle
115 database, then, if possible, full authentication should be
116 skipped and the section contents simply returned in the
117 OutputBuffer. In this case, the
118 EFI_AUTH_STATUS_PLATFORM_OVERRIDE bit AuthenticationStatus
119 must be set on return. ExtractSection() is callable only from
120 TPL_NOTIFY and below. Behavior of ExtractSection() at any
121 EFI_TPL above TPL_NOTIFY is undefined. Type EFI_TPL is
122 defined in RaiseTPL() in the UEFI 2.0 specification.
125 @param This Indicates the
126 EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL instance.
127 @param InputSection Buffer containing the input GUIDed section
128 to be processed. OutputBuffer OutputBuffer
129 is allocated from boot services pool
130 memory and contains the new section
131 stream. The caller is responsible for
133 @param OutputBuffer *OutputBuffer is allocated from boot services
134 pool memory and contains the new section stream.
135 The caller is responsible for freeing this buffer.
136 @param OutputSize A pointer to a caller-allocated UINTN in
137 which the size of OutputBuffer allocation
138 is stored. If the function returns
139 anything other than EFI_SUCCESS, the value
140 of OutputSize is undefined.
142 @param AuthenticationStatus A pointer to a caller-allocated
143 UINT32 that indicates the
144 authentication status of the
145 output buffer. If the input
147 GuidedSectionHeader.Attributes
149 EFI_GUIDED_SECTION_AUTH_STATUS_VAL
150 bit as clear, AuthenticationStatus
151 must return zero. Both local bits
152 (19:16) and aggregate bits (3:0)
153 in AuthenticationStatus are
154 returned by ExtractSection().
155 These bits reflect the status of
156 the extraction operation. The bit
157 pattern in both regions must be
158 the same, as the local and
159 aggregate authentication statuses
160 have equivalent meaning at this
161 level. If the function returns
162 anything other than EFI_SUCCESS,
163 the value of AuthenticationStatus
167 @retval EFI_SUCCESS The InputSection was successfully
168 processed and the section contents were
171 @retval EFI_OUT_OF_RESOURCES The system has insufficient
172 resources to process the
175 @retval EFI_INVALID_PARAMETER The GUID in InputSection does
176 not match this instance of the
177 GUIDed Section Extraction
183 CustomGuidedSectionExtract (
184 IN CONST EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL
*This
,
185 IN CONST VOID
*InputSection
,
186 OUT VOID
**OutputBuffer
,
187 OUT UINTN
*OutputSize
,
188 OUT UINT32
*AuthenticationStatus
194 LIST_ENTRY mStreamRoot
= INITIALIZE_LIST_HEAD_VARIABLE (mStreamRoot
);
196 EFI_HANDLE mSectionExtractionHandle
= NULL
;
198 EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL mCustomGuidedSectionExtractionProtocol
= {
199 CustomGuidedSectionExtract
204 Entry point of the section extraction code. Initializes an instance of the
205 section extraction interface and installs it on a new handle.
207 @param ImageHandle A handle for the image that is initializing this driver
208 @param SystemTable A pointer to the EFI system table
210 @retval EFI_SUCCESS Driver initialized successfully
211 @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources
216 InitializeSectionExtraction (
217 IN EFI_HANDLE ImageHandle
,
218 IN EFI_SYSTEM_TABLE
*SystemTable
222 EFI_GUID
*ExtractHandlerGuidTable
;
223 UINTN ExtractHandlerNumber
;
226 // Get custom extract guided section method guid list
228 ExtractHandlerNumber
= ExtractGuidedSectionGetGuidList (&ExtractHandlerGuidTable
);
230 Status
= EFI_SUCCESS
;
232 // Install custom guided extraction protocol
234 while (ExtractHandlerNumber
-- > 0) {
235 Status
= CoreInstallProtocolInterface (
236 &mSectionExtractionHandle
,
237 &ExtractHandlerGuidTable
[ExtractHandlerNumber
],
238 EFI_NATIVE_INTERFACE
,
239 &mCustomGuidedSectionExtractionProtocol
241 ASSERT_EFI_ERROR (Status
);
249 Check if a stream is valid.
251 @param SectionStream The section stream to be checked
252 @param SectionStreamLength The length of section stream
254 @return A boolean value indicating the validness of the section stream.
258 IsValidSectionStream (
259 IN VOID
*SectionStream
,
260 IN UINTN SectionStreamLength
265 EFI_COMMON_SECTION_HEADER
*SectionHeader
;
266 EFI_COMMON_SECTION_HEADER
*NextSectionHeader
;
269 SectionHeader
= (EFI_COMMON_SECTION_HEADER
*)SectionStream
;
271 while (TotalLength
< SectionStreamLength
) {
272 SectionLength
= SECTION_SIZE (SectionHeader
);
273 TotalLength
+= SectionLength
;
275 if (TotalLength
== SectionStreamLength
) {
280 // Move to the next byte following the section...
282 SectionHeader
= (EFI_COMMON_SECTION_HEADER
*) ((UINT8
*) SectionHeader
+ SectionLength
);
285 // Figure out where the next section begins
287 NextSectionHeader
= ALIGN_POINTER(SectionHeader
, 4);
288 TotalLength
+= (UINTN
) NextSectionHeader
- (UINTN
) SectionHeader
;
289 SectionHeader
= NextSectionHeader
;
298 Worker function. Constructor for section streams.
300 @param SectionStreamLength Size in bytes of the section stream.
301 @param SectionStream Buffer containing the new section stream.
302 @param AllocateBuffer Indicates whether the stream buffer is to be
303 copied or the input buffer is to be used in
304 place. AuthenticationStatus- Indicates the
305 default authentication status for the new
307 @param AuthenticationStatus A pointer to a caller-allocated UINT32 that
308 indicates the authentication status of the
309 output buffer. If the input section's
310 GuidedSectionHeader.Attributes field
311 has the EFI_GUIDED_SECTION_AUTH_STATUS_VALID
312 bit as clear, AuthenticationStatus must return
313 zero. Both local bits (19:16) and aggregate
314 bits (3:0) in AuthenticationStatus are returned
315 by ExtractSection(). These bits reflect the
316 status of the extraction operation. The bit
317 pattern in both regions must be the same, as
318 the local and aggregate authentication statuses
319 have equivalent meaning at this level. If the
320 function returns anything other than
321 EFI_SUCCESS, the value of *AuthenticationStatus
323 @param SectionStreamHandle A pointer to a caller allocated section stream
326 @retval EFI_SUCCESS Stream was added to stream database.
327 @retval EFI_OUT_OF_RESOURCES memory allocation failed.
331 OpenSectionStreamEx (
332 IN UINTN SectionStreamLength
,
333 IN VOID
*SectionStream
,
334 IN BOOLEAN AllocateBuffer
,
335 IN UINT32 AuthenticationStatus
,
336 OUT UINTN
*SectionStreamHandle
339 CORE_SECTION_STREAM_NODE
*NewStream
;
343 // Allocate a new stream
345 NewStream
= AllocatePool (sizeof (CORE_SECTION_STREAM_NODE
));
346 if (NewStream
== NULL
) {
347 return EFI_OUT_OF_RESOURCES
;
350 if (AllocateBuffer
) {
352 // if we're here, we're double buffering, allocate the buffer and copy the
355 if (SectionStreamLength
> 0) {
356 NewStream
->StreamBuffer
= AllocatePool (SectionStreamLength
);
357 if (NewStream
->StreamBuffer
== NULL
) {
358 CoreFreePool (NewStream
);
359 return EFI_OUT_OF_RESOURCES
;
362 // Copy in stream data
364 CopyMem (NewStream
->StreamBuffer
, SectionStream
, SectionStreamLength
);
367 // It's possible to have a zero length section stream.
369 NewStream
->StreamBuffer
= NULL
;
373 // If were here, the caller has supplied the buffer (it's an internal call)
374 // so just assign the buffer. This happens when we open section streams
375 // as a result of expanding an encapsulating section.
377 NewStream
->StreamBuffer
= SectionStream
;
381 // Initialize the rest of the section stream
383 NewStream
->Signature
= CORE_SECTION_STREAM_SIGNATURE
;
384 NewStream
->StreamHandle
= (UINTN
) NewStream
;
385 NewStream
->StreamLength
= SectionStreamLength
;
386 InitializeListHead (&NewStream
->Children
);
387 NewStream
->AuthenticationStatus
= AuthenticationStatus
;
390 // Add new stream to stream list
392 OldTpl
= CoreRaiseTpl (TPL_NOTIFY
);
393 InsertTailList (&mStreamRoot
, &NewStream
->Link
);
394 CoreRestoreTpl (OldTpl
);
396 *SectionStreamHandle
= NewStream
->StreamHandle
;
403 SEP member function. This function creates and returns a new section stream
404 handle to represent the new section stream.
406 @param SectionStreamLength Size in bytes of the section stream.
407 @param SectionStream Buffer containing the new section stream.
408 @param SectionStreamHandle A pointer to a caller allocated UINTN that on
409 output contains the new section stream handle.
411 @retval EFI_SUCCESS The section stream is created successfully.
412 @retval EFI_OUT_OF_RESOURCES memory allocation failed.
413 @retval EFI_INVALID_PARAMETER Section stream does not end concident with end
420 IN UINTN SectionStreamLength
,
421 IN VOID
*SectionStream
,
422 OUT UINTN
*SectionStreamHandle
426 // Check to see section stream looks good...
428 if (!IsValidSectionStream (SectionStream
, SectionStreamLength
)) {
429 return EFI_INVALID_PARAMETER
;
432 return OpenSectionStreamEx (
444 Worker function. Determine if the input stream:child matches the input type.
446 @param Stream Indicates the section stream associated with the
448 @param Child Indicates the child to check
449 @param SearchType Indicates the type of section to check against
451 @param SectionDefinitionGuid Indicates the GUID to check against if the type
452 is EFI_SECTION_GUID_DEFINED
454 @retval TRUE The child matches
455 @retval FALSE The child doesn't match
460 IN CORE_SECTION_STREAM_NODE
*Stream
,
461 IN CORE_SECTION_CHILD_NODE
*Child
,
462 IN EFI_SECTION_TYPE SearchType
,
463 IN EFI_GUID
*SectionDefinitionGuid
466 EFI_GUID_DEFINED_SECTION
*GuidedSection
;
468 if (SearchType
== EFI_SECTION_ALL
) {
471 if (Child
->Type
!= SearchType
) {
474 if (SearchType
!= EFI_SECTION_GUID_DEFINED
) {
477 GuidedSection
= (EFI_GUID_DEFINED_SECTION
* )(Stream
->StreamBuffer
+ Child
->OffsetInStream
);
478 return CompareGuid (&GuidedSection
->SectionDefinitionGuid
, SectionDefinitionGuid
);
483 Worker function. Constructor for new child nodes.
485 @param Stream Indicates the section stream in which to add the
487 @param ChildOffset Indicates the offset in Stream that is the
488 beginning of the child section.
489 @param ChildNode Indicates the Callee allocated and initialized
492 @retval EFI_SUCCESS Child node was found and returned.
493 EFI_OUT_OF_RESOURCES- Memory allocation failed.
494 @retval EFI_PROTOCOL_ERROR Encapsulation sections produce new stream
495 handles when the child node is created. If the
496 section type is GUID defined, and the extraction
497 GUID does not exist, and producing the stream
498 requires the GUID, then a protocol error is
499 generated and no child is produced. Values
500 returned by OpenSectionStreamEx.
505 IN CORE_SECTION_STREAM_NODE
*Stream
,
506 IN UINT32 ChildOffset
,
507 OUT CORE_SECTION_CHILD_NODE
**ChildNode
511 EFI_COMMON_SECTION_HEADER
*SectionHeader
;
512 EFI_COMPRESSION_SECTION
*CompressionHeader
;
513 EFI_GUID_DEFINED_SECTION
*GuidedHeader
;
514 EFI_DECOMPRESS_PROTOCOL
*Decompress
;
515 EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL
*GuidedExtraction
;
516 VOID
*NewStreamBuffer
;
519 UINTN NewStreamBufferSize
;
520 UINT32 AuthenticationStatus
;
521 UINT32 SectionLength
;
523 CORE_SECTION_CHILD_NODE
*Node
;
525 SectionHeader
= (EFI_COMMON_SECTION_HEADER
*) (Stream
->StreamBuffer
+ ChildOffset
);
528 // Allocate a new node
530 *ChildNode
= AllocatePool (sizeof (CORE_SECTION_CHILD_NODE
));
533 return EFI_OUT_OF_RESOURCES
;
539 Node
->Signature
= CORE_SECTION_CHILD_SIGNATURE
;
540 Node
->Type
= SectionHeader
->Type
;
541 Node
->Size
= SECTION_SIZE (SectionHeader
);
542 Node
->OffsetInStream
= ChildOffset
;
543 Node
->EncapsulatedStreamHandle
= NULL_STREAM_HANDLE
;
544 Node
->EncapsulationGuid
= NULL
;
547 // If it's an encapsulating section, then create the new section stream also
549 switch (Node
->Type
) {
550 case EFI_SECTION_COMPRESSION
:
552 // Get the CompressionSectionHeader
554 ASSERT (Node
->Size
>= sizeof (EFI_COMPRESSION_SECTION
));
556 CompressionHeader
= (EFI_COMPRESSION_SECTION
*) SectionHeader
;
559 // Allocate space for the new stream
561 if (CompressionHeader
->UncompressedLength
> 0) {
562 NewStreamBufferSize
= CompressionHeader
->UncompressedLength
;
563 NewStreamBuffer
= AllocatePool (NewStreamBufferSize
);
564 if (NewStreamBuffer
== NULL
) {
566 return EFI_OUT_OF_RESOURCES
;
569 if (CompressionHeader
->CompressionType
== EFI_NOT_COMPRESSED
) {
571 // stream is not actually compressed, just encapsulated. So just copy it.
573 CopyMem (NewStreamBuffer
, CompressionHeader
+ 1, NewStreamBufferSize
);
574 } else if (CompressionHeader
->CompressionType
== EFI_STANDARD_COMPRESSION
) {
576 // Only support the EFI_SATNDARD_COMPRESSION algorithm.
580 // Decompress the stream
582 Status
= CoreLocateProtocol (&gEfiDecompressProtocolGuid
, NULL
, (VOID
**)&Decompress
);
584 ASSERT_EFI_ERROR (Status
);
586 Status
= Decompress
->GetInfo (
588 CompressionHeader
+ 1,
589 Node
->Size
- sizeof (EFI_COMPRESSION_SECTION
),
590 (UINT32
*)&NewStreamBufferSize
,
593 ASSERT_EFI_ERROR (Status
);
594 ASSERT (NewStreamBufferSize
== CompressionHeader
->UncompressedLength
);
596 ScratchBuffer
= AllocatePool (ScratchSize
);
597 if (ScratchBuffer
== NULL
) {
599 CoreFreePool (NewStreamBuffer
);
600 return EFI_OUT_OF_RESOURCES
;
603 Status
= Decompress
->Decompress (
605 CompressionHeader
+ 1,
606 Node
->Size
- sizeof (EFI_COMPRESSION_SECTION
),
608 (UINT32
)NewStreamBufferSize
,
612 ASSERT_EFI_ERROR (Status
);
613 CoreFreePool (ScratchBuffer
);
616 NewStreamBuffer
= NULL
;
617 NewStreamBufferSize
= 0;
620 Status
= OpenSectionStreamEx (
624 Stream
->AuthenticationStatus
,
625 &Node
->EncapsulatedStreamHandle
627 if (EFI_ERROR (Status
)) {
629 CoreFreePool (NewStreamBuffer
);
634 case EFI_SECTION_GUID_DEFINED
:
635 GuidedHeader
= (EFI_GUID_DEFINED_SECTION
*) SectionHeader
;
636 Node
->EncapsulationGuid
= &GuidedHeader
->SectionDefinitionGuid
;
637 Status
= CoreLocateProtocol (Node
->EncapsulationGuid
, NULL
, (VOID
**)&GuidedExtraction
);
638 if (!EFI_ERROR (Status
)) {
640 // NewStreamBuffer is always allocated by ExtractSection... No caller
643 Status
= GuidedExtraction
->ExtractSection (
647 &NewStreamBufferSize
,
648 &AuthenticationStatus
650 if (EFI_ERROR (Status
)) {
651 CoreFreePool (*ChildNode
);
652 return EFI_PROTOCOL_ERROR
;
656 // Make sure we initialize the new stream with the correct
657 // authentication status for both aggregate and local status fields.
659 if ((GuidedHeader
->Attributes
& EFI_GUIDED_SECTION_AUTH_STATUS_VALID
) != 0) {
661 // OR in the parent stream's aggregate status.
663 AuthenticationStatus
|= Stream
->AuthenticationStatus
& EFI_AUTH_STATUS_ALL
;
666 // since there's no authentication data contributed by the section,
667 // just inherit the full value from our immediate parent.
669 AuthenticationStatus
= Stream
->AuthenticationStatus
;
672 Status
= OpenSectionStreamEx (
676 AuthenticationStatus
,
677 &Node
->EncapsulatedStreamHandle
679 if (EFI_ERROR (Status
)) {
680 CoreFreePool (*ChildNode
);
681 CoreFreePool (NewStreamBuffer
);
686 // There's no GUIDed section extraction protocol available.
688 if ((GuidedHeader
->Attributes
& EFI_GUIDED_SECTION_PROCESSING_REQUIRED
) != 0) {
690 // If the section REQUIRES an extraction protocol, then we're toast
692 CoreFreePool (*ChildNode
);
693 return EFI_PROTOCOL_ERROR
;
697 // Figure out the proper authentication status
699 AuthenticationStatus
= Stream
->AuthenticationStatus
;
701 SectionLength
= SECTION_SIZE (GuidedHeader
);
702 Status
= OpenSectionStreamEx (
703 SectionLength
- GuidedHeader
->DataOffset
,
704 (UINT8
*) GuidedHeader
+ GuidedHeader
->DataOffset
,
706 AuthenticationStatus
,
707 &Node
->EncapsulatedStreamHandle
709 if (EFI_ERROR (Status
)) {
720 // Nothing to do if it's a leaf
726 // Last, add the new child node to the stream
728 InsertTailList (&Stream
->Children
, &Node
->Link
);
735 Worker function Recursively searches / builds section stream database
736 looking for requested section.
738 @param SourceStream Indicates the section stream in which to do the
740 @param SearchType Indicates the type of section to search for.
741 @param SectionInstance Indicates which instance of section to find.
742 This is an in/out parameter to deal with
744 @param SectionDefinitionGuid Guid of section definition
745 @param FoundChild Output indicating the child node that is found.
746 @param FoundStream Output indicating which section stream the child
747 was found in. If this stream was generated as a
748 result of an encapsulation section, the
749 streamhandle is visible within the SEP driver
751 @param AuthenticationStatus Indicates the authentication status of the found section.
753 @retval EFI_SUCCESS Child node was found and returned.
754 EFI_OUT_OF_RESOURCES- Memory allocation failed.
755 @retval EFI_NOT_FOUND Requested child node does not exist.
756 @retval EFI_PROTOCOL_ERROR a required GUIDED section extraction protocol
762 IN CORE_SECTION_STREAM_NODE
*SourceStream
,
763 IN EFI_SECTION_TYPE SearchType
,
764 IN OUT UINTN
*SectionInstance
,
765 IN EFI_GUID
*SectionDefinitionGuid
,
766 OUT CORE_SECTION_CHILD_NODE
**FoundChild
,
767 OUT CORE_SECTION_STREAM_NODE
**FoundStream
,
768 OUT UINT32
*AuthenticationStatus
771 CORE_SECTION_CHILD_NODE
*CurrentChildNode
;
772 CORE_SECTION_CHILD_NODE
*RecursedChildNode
;
773 CORE_SECTION_STREAM_NODE
*RecursedFoundStream
;
774 UINT32 NextChildOffset
;
775 EFI_STATUS ErrorStatus
;
778 CurrentChildNode
= NULL
;
779 ErrorStatus
= EFI_NOT_FOUND
;
781 if (SourceStream
->StreamLength
== 0) {
782 return EFI_NOT_FOUND
;
785 if (IsListEmpty (&SourceStream
->Children
) &&
786 SourceStream
->StreamLength
>= sizeof (EFI_COMMON_SECTION_HEADER
)) {
788 // This occurs when a section stream exists, but no child sections
789 // have been parsed out yet. Therefore, extract the first child and add it
790 // to the list of children so we can get started.
791 // Section stream may contain an array of zero or more bytes.
792 // So, its size should be >= the size of commen section header.
794 Status
= CreateChildNode (SourceStream
, 0, &CurrentChildNode
);
795 if (EFI_ERROR (Status
)) {
801 // At least one child has been parsed out of the section stream. So, walk
802 // through the sections that have already been parsed out looking for the
803 // requested section, if necessary, continue parsing section stream and
804 // adding children until either the requested section is found, or we run
807 CurrentChildNode
= CHILD_SECTION_NODE_FROM_LINK (GetFirstNode(&SourceStream
->Children
));
810 if (ChildIsType (SourceStream
, CurrentChildNode
, SearchType
, SectionDefinitionGuid
)) {
812 // The type matches, so check the instance count to see if it's the one we want
814 (*SectionInstance
)--;
815 if (*SectionInstance
== 0) {
819 *FoundChild
= CurrentChildNode
;
820 *FoundStream
= SourceStream
;
821 *AuthenticationStatus
= SourceStream
->AuthenticationStatus
;
826 if (CurrentChildNode
->EncapsulatedStreamHandle
!= NULL_STREAM_HANDLE
) {
828 // If the current node is an encapsulating node, recurse into it...
830 Status
= FindChildNode (
831 (CORE_SECTION_STREAM_NODE
*)CurrentChildNode
->EncapsulatedStreamHandle
,
834 SectionDefinitionGuid
,
836 &RecursedFoundStream
,
840 // If the status is not EFI_SUCCESS, just save the error code and continue
841 // to find the request child node in the rest stream.
843 if (*SectionInstance
== 0) {
844 ASSERT_EFI_ERROR (Status
);
845 *FoundChild
= RecursedChildNode
;
846 *FoundStream
= RecursedFoundStream
;
849 ErrorStatus
= Status
;
853 if (!IsNodeAtEnd (&SourceStream
->Children
, &CurrentChildNode
->Link
)) {
855 // We haven't found the child node we're interested in yet, but there's
856 // still more nodes that have already been parsed so get the next one
857 // and continue searching..
859 CurrentChildNode
= CHILD_SECTION_NODE_FROM_LINK (GetNextNode (&SourceStream
->Children
, &CurrentChildNode
->Link
));
862 // We've exhausted children that have already been parsed, so see if
863 // there's any more data and continue parsing out more children if there
866 NextChildOffset
= CurrentChildNode
->OffsetInStream
+ CurrentChildNode
->Size
;
868 // Round up to 4 byte boundary
870 NextChildOffset
+= 3;
871 NextChildOffset
&= ~(UINTN
) 3;
872 if (NextChildOffset
<= SourceStream
->StreamLength
- sizeof (EFI_COMMON_SECTION_HEADER
)) {
874 // There's an unparsed child remaining in the stream, so create a new child node
876 Status
= CreateChildNode (SourceStream
, NextChildOffset
, &CurrentChildNode
);
877 if (EFI_ERROR (Status
)) {
881 ASSERT (EFI_ERROR (ErrorStatus
));
890 Worker function. Search stream database for requested stream handle.
892 @param SearchHandle Indicates which stream to look for.
893 @param FoundStream Output pointer to the found stream.
895 @retval EFI_SUCCESS StreamHandle was found and *FoundStream contains
897 @retval EFI_NOT_FOUND SearchHandle was not found in the stream
903 IN UINTN SearchHandle
,
904 OUT CORE_SECTION_STREAM_NODE
**FoundStream
907 CORE_SECTION_STREAM_NODE
*StreamNode
;
909 if (!IsListEmpty (&mStreamRoot
)) {
910 StreamNode
= STREAM_NODE_FROM_LINK (GetFirstNode (&mStreamRoot
));
912 if (StreamNode
->StreamHandle
== SearchHandle
) {
913 *FoundStream
= StreamNode
;
915 } else if (IsNodeAtEnd (&mStreamRoot
, &StreamNode
->Link
)) {
918 StreamNode
= STREAM_NODE_FROM_LINK (GetNextNode (&mStreamRoot
, &StreamNode
->Link
));
923 return EFI_NOT_FOUND
;
928 SEP member function. Retrieves requested section from section stream.
930 @param SectionStreamHandle The section stream from which to extract the
932 @param SectionType A pointer to the type of section to search for.
933 @param SectionDefinitionGuid If the section type is EFI_SECTION_GUID_DEFINED,
934 then SectionDefinitionGuid indicates which of
935 these types of sections to search for.
936 @param SectionInstance Indicates which instance of the requested
938 @param Buffer Double indirection to buffer. If *Buffer is
939 non-null on input, then the buffer is caller
940 allocated. If Buffer is NULL, then the buffer
941 is callee allocated. In either case, the
942 requried buffer size is returned in *BufferSize.
943 @param BufferSize On input, indicates the size of *Buffer if
944 *Buffer is non-null on input. On output,
945 indicates the required size (allocated size if
946 callee allocated) of *Buffer.
947 @param AuthenticationStatus A pointer to a caller-allocated UINT32 that
948 indicates the authentication status of the
949 output buffer. If the input section's
950 GuidedSectionHeader.Attributes field
951 has the EFI_GUIDED_SECTION_AUTH_STATUS_VALID
952 bit as clear, AuthenticationStatus must return
953 zero. Both local bits (19:16) and aggregate
954 bits (3:0) in AuthenticationStatus are returned
955 by ExtractSection(). These bits reflect the
956 status of the extraction operation. The bit
957 pattern in both regions must be the same, as
958 the local and aggregate authentication statuses
959 have equivalent meaning at this level. If the
960 function returns anything other than
961 EFI_SUCCESS, the value of *AuthenticationStatus
964 @retval EFI_SUCCESS Section was retrieved successfully
965 @retval EFI_PROTOCOL_ERROR A GUID defined section was encountered in the
966 section stream with its
967 EFI_GUIDED_SECTION_PROCESSING_REQUIRED bit set,
968 but there was no corresponding GUIDed Section
969 Extraction Protocol in the handle database.
970 *Buffer is unmodified.
971 @retval EFI_NOT_FOUND An error was encountered when parsing the
972 SectionStream. This indicates the SectionStream
973 is not correctly formatted.
974 @retval EFI_NOT_FOUND The requested section does not exist.
975 @retval EFI_OUT_OF_RESOURCES The system has insufficient resources to process
977 @retval EFI_INVALID_PARAMETER The SectionStreamHandle does not exist.
978 @retval EFI_WARN_TOO_SMALL The size of the caller allocated input buffer is
979 insufficient to contain the requested section.
980 The input buffer is filled and section contents
987 IN UINTN SectionStreamHandle
,
988 IN EFI_SECTION_TYPE
*SectionType
,
989 IN EFI_GUID
*SectionDefinitionGuid
,
990 IN UINTN SectionInstance
,
992 IN OUT UINTN
*BufferSize
,
993 OUT UINT32
*AuthenticationStatus
996 CORE_SECTION_STREAM_NODE
*StreamNode
;
999 CORE_SECTION_CHILD_NODE
*ChildNode
;
1000 CORE_SECTION_STREAM_NODE
*ChildStreamNode
;
1002 UINT32 ExtractedAuthenticationStatus
;
1008 OldTpl
= CoreRaiseTpl (TPL_NOTIFY
);
1009 Instance
= SectionInstance
+ 1;
1012 // Locate target stream
1014 Status
= FindStreamNode (SectionStreamHandle
, &StreamNode
);
1015 if (EFI_ERROR (Status
)) {
1016 Status
= EFI_INVALID_PARAMETER
;
1017 goto GetSection_Done
;
1021 // Found the stream, now locate and return the appropriate section
1023 if (SectionType
== NULL
) {
1025 // SectionType == NULL means return the WHOLE section stream...
1027 CopySize
= StreamNode
->StreamLength
;
1028 CopyBuffer
= StreamNode
->StreamBuffer
;
1029 *AuthenticationStatus
= StreamNode
->AuthenticationStatus
;
1032 // There's a requested section type, so go find it and return it...
1034 Status
= FindChildNode (
1038 SectionDefinitionGuid
,
1041 &ExtractedAuthenticationStatus
1043 if (EFI_ERROR (Status
)) {
1044 goto GetSection_Done
;
1046 CopySize
= ChildNode
->Size
- sizeof (EFI_COMMON_SECTION_HEADER
);
1047 CopyBuffer
= ChildStreamNode
->StreamBuffer
+ ChildNode
->OffsetInStream
+ sizeof (EFI_COMMON_SECTION_HEADER
);
1048 *AuthenticationStatus
= ExtractedAuthenticationStatus
;
1051 SectionSize
= CopySize
;
1052 if (*Buffer
!= NULL
) {
1054 // Caller allocated buffer. Fill to size and return required size...
1056 if (*BufferSize
< CopySize
) {
1057 Status
= EFI_WARN_BUFFER_TOO_SMALL
;
1058 CopySize
= *BufferSize
;
1062 // Callee allocated buffer. Allocate buffer and return size.
1064 *Buffer
= AllocatePool (CopySize
);
1065 if (*Buffer
== NULL
) {
1066 Status
= EFI_OUT_OF_RESOURCES
;
1067 goto GetSection_Done
;
1070 CopyMem (*Buffer
, CopyBuffer
, CopySize
);
1071 *BufferSize
= SectionSize
;
1074 CoreRestoreTpl (OldTpl
);
1081 Worker function. Destructor for child nodes.
1083 @param ChildNode Indicates the node to destroy
1088 IN CORE_SECTION_CHILD_NODE
*ChildNode
1091 ASSERT (ChildNode
->Signature
== CORE_SECTION_CHILD_SIGNATURE
);
1093 // Remove the child from it's list
1095 RemoveEntryList (&ChildNode
->Link
);
1097 if (ChildNode
->EncapsulatedStreamHandle
!= NULL_STREAM_HANDLE
) {
1099 // If it's an encapsulating section, we close the resulting section stream.
1100 // CloseSectionStream will free all memory associated with the stream.
1102 CloseSectionStream (ChildNode
->EncapsulatedStreamHandle
);
1105 // Last, free the child node itself
1107 CoreFreePool (ChildNode
);
1112 SEP member function. Deletes an existing section stream
1114 @param StreamHandleToClose Indicates the stream to close
1116 @retval EFI_SUCCESS The section stream is closed sucessfully.
1117 @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
1118 @retval EFI_INVALID_PARAMETER Section stream does not end concident with end
1124 CloseSectionStream (
1125 IN UINTN StreamHandleToClose
1128 CORE_SECTION_STREAM_NODE
*StreamNode
;
1132 CORE_SECTION_CHILD_NODE
*ChildNode
;
1134 OldTpl
= CoreRaiseTpl (TPL_NOTIFY
);
1137 // Locate target stream
1139 Status
= FindStreamNode (StreamHandleToClose
, &StreamNode
);
1140 if (!EFI_ERROR (Status
)) {
1142 // Found the stream, so close it
1144 RemoveEntryList (&StreamNode
->Link
);
1145 while (!IsListEmpty (&StreamNode
->Children
)) {
1146 Link
= GetFirstNode (&StreamNode
->Children
);
1147 ChildNode
= CHILD_SECTION_NODE_FROM_LINK (Link
);
1148 FreeChildNode (ChildNode
);
1150 CoreFreePool (StreamNode
->StreamBuffer
);
1151 CoreFreePool (StreamNode
);
1152 Status
= EFI_SUCCESS
;
1154 Status
= EFI_INVALID_PARAMETER
;
1157 CoreRestoreTpl (OldTpl
);
1163 The ExtractSection() function processes the input section and
1164 allocates a buffer from the pool in which it returns the section
1165 contents. If the section being extracted contains
1166 authentication information (the section's
1167 GuidedSectionHeader.Attributes field has the
1168 EFI_GUIDED_SECTION_AUTH_STATUS_VALID bit set), the values
1169 returned in AuthenticationStatus must reflect the results of
1170 the authentication operation. Depending on the algorithm and
1171 size of the encapsulated data, the time that is required to do
1172 a full authentication may be prohibitively long for some
1173 classes of systems. To indicate this, use
1174 EFI_SECURITY_POLICY_PROTOCOL_GUID, which may be published by
1175 the security policy driver (see the Platform Initialization
1176 Driver Execution Environment Core Interface Specification for
1177 more details and the GUID definition). If the
1178 EFI_SECURITY_POLICY_PROTOCOL_GUID exists in the handle
1179 database, then, if possible, full authentication should be
1180 skipped and the section contents simply returned in the
1181 OutputBuffer. In this case, the
1182 EFI_AUTH_STATUS_PLATFORM_OVERRIDE bit AuthenticationStatus
1183 must be set on return. ExtractSection() is callable only from
1184 TPL_NOTIFY and below. Behavior of ExtractSection() at any
1185 EFI_TPL above TPL_NOTIFY is undefined. Type EFI_TPL is
1186 defined in RaiseTPL() in the UEFI 2.0 specification.
1189 @param This Indicates the
1190 EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL instance.
1191 @param InputSection Buffer containing the input GUIDed section
1192 to be processed. OutputBuffer OutputBuffer
1193 is allocated from boot services pool
1194 memory and contains the new section
1195 stream. The caller is responsible for
1196 freeing this buffer.
1197 @param OutputBuffer *OutputBuffer is allocated from boot services
1198 pool memory and contains the new section stream.
1199 The caller is responsible for freeing this buffer.
1200 @param OutputSize A pointer to a caller-allocated UINTN in
1201 which the size of OutputBuffer allocation
1202 is stored. If the function returns
1203 anything other than EFI_SUCCESS, the value
1204 of OutputSize is undefined.
1206 @param AuthenticationStatus A pointer to a caller-allocated
1207 UINT32 that indicates the
1208 authentication status of the
1209 output buffer. If the input
1211 GuidedSectionHeader.Attributes
1213 EFI_GUIDED_SECTION_AUTH_STATUS_VAL
1214 bit as clear, AuthenticationStatus
1215 must return zero. Both local bits
1216 (19:16) and aggregate bits (3:0)
1217 in AuthenticationStatus are
1218 returned by ExtractSection().
1219 These bits reflect the status of
1220 the extraction operation. The bit
1221 pattern in both regions must be
1222 the same, as the local and
1223 aggregate authentication statuses
1224 have equivalent meaning at this
1225 level. If the function returns
1226 anything other than EFI_SUCCESS,
1227 the value of AuthenticationStatus
1231 @retval EFI_SUCCESS The InputSection was successfully
1232 processed and the section contents were
1235 @retval EFI_OUT_OF_RESOURCES The system has insufficient
1236 resources to process the
1239 @retval EFI_INVALID_PARAMETER The GUID in InputSection does
1240 not match this instance of the
1241 GUIDed Section Extraction
1247 CustomGuidedSectionExtract (
1248 IN CONST EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL
*This
,
1249 IN CONST VOID
*InputSection
,
1250 OUT VOID
**OutputBuffer
,
1251 OUT UINTN
*OutputSize
,
1252 OUT UINT32
*AuthenticationStatus
1256 VOID
*ScratchBuffer
;
1257 VOID
*AllocatedOutputBuffer
;
1258 UINT32 OutputBufferSize
;
1259 UINT32 ScratchBufferSize
;
1260 UINT16 SectionAttribute
;
1263 // Init local variable
1265 ScratchBuffer
= NULL
;
1266 AllocatedOutputBuffer
= NULL
;
1269 // Call GetInfo to get the size and attribute of input guided section data.
1271 Status
= ExtractGuidedSectionGetInfo (
1278 if (EFI_ERROR (Status
)) {
1279 DEBUG ((DEBUG_ERROR
, "GetInfo from guided section Failed - %r\n", Status
));
1283 if (ScratchBufferSize
> 0) {
1285 // Allocate scratch buffer
1287 ScratchBuffer
= AllocatePool (ScratchBufferSize
);
1288 if (ScratchBuffer
== NULL
) {
1289 return EFI_OUT_OF_RESOURCES
;
1293 if (OutputBufferSize
> 0) {
1295 // Allocate output buffer
1297 AllocatedOutputBuffer
= AllocatePool (OutputBufferSize
);
1298 if (AllocatedOutputBuffer
== NULL
) {
1299 FreePool (ScratchBuffer
);
1300 return EFI_OUT_OF_RESOURCES
;
1302 *OutputBuffer
= AllocatedOutputBuffer
;
1306 // Call decode function to extract raw data from the guided section.
1308 Status
= ExtractGuidedSectionDecode (
1312 AuthenticationStatus
1314 if (EFI_ERROR (Status
)) {
1318 if (AllocatedOutputBuffer
!= NULL
) {
1319 CoreFreePool (AllocatedOutputBuffer
);
1321 if (ScratchBuffer
!= NULL
) {
1322 CoreFreePool (ScratchBuffer
);
1324 DEBUG ((DEBUG_ERROR
, "Extract guided section Failed - %r\n", Status
));
1328 if (*OutputBuffer
!= AllocatedOutputBuffer
) {
1330 // OutputBuffer was returned as a different value,
1331 // so copy section contents to the allocated memory buffer.
1333 CopyMem (AllocatedOutputBuffer
, *OutputBuffer
, OutputBufferSize
);
1334 *OutputBuffer
= AllocatedOutputBuffer
;
1338 // Set real size of output buffer.
1340 *OutputSize
= (UINTN
) OutputBufferSize
;
1343 // Free unused scratch buffer.
1345 if (ScratchBuffer
!= NULL
) {
1346 CoreFreePool (ScratchBuffer
);