2 EFI PEI Core Security services
4 Copyright (c) 2006, Intel Corporation
5 All rights reserved. This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
19 Provide a callback for when the security PPI is installed.
21 @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
22 @param NotifyDescriptor The descriptor for the notification event.
23 @param Ppi Pointer to the PPI in question.
25 @return Always success
30 SecurityPpiNotifyCallback (
31 IN EFI_PEI_SERVICES
**PeiServices
,
32 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
36 STATIC EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList
= {
37 EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
,
38 &gEfiPeiSecurity2PpiGuid
,
39 SecurityPpiNotifyCallback
43 Initialize the security services.
45 @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
46 @param OldCoreData Pointer to the old core data.
47 NULL if being run in non-permament memory mode.
51 InitializeSecurityServices (
52 IN EFI_PEI_SERVICES
**PeiServices
,
53 IN PEI_CORE_INSTANCE
*OldCoreData
56 if (OldCoreData
== NULL
) {
57 PeiServicesNotifyPpi (&mNotifyList
);
64 Provide a callback for when the security PPI is installed.
66 @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
67 @param NotifyDescriptor The descriptor for the notification event.
68 @param Ppi Pointer to the PPI in question.
70 @return Always success
75 SecurityPpiNotifyCallback (
76 IN EFI_PEI_SERVICES
**PeiServices
,
77 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
81 PEI_CORE_INSTANCE
*PrivateData
;
84 // Get PEI Core private data
86 PrivateData
= PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices
);
89 // If there isn't a security PPI installed, use the one from notification
91 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
92 PrivateData
->PrivateSecurityPpi
= (EFI_PEI_SECURITY2_PPI
*)Ppi
;
99 Provide a callout to the security verification service.
102 @param PrivateData PeiCore's private data structure
103 @param VolumeHandle Handle of FV
104 @param FileHandle Handle of PEIM's ffs
106 @retval EFI_SUCCESS Image is OK
107 @retval EFI_SECURITY_VIOLATION Image is illegal
112 IN PEI_CORE_INSTANCE
*PrivateData
,
113 IN EFI_PEI_FV_HANDLE VolumeHandle
,
114 IN EFI_PEI_FILE_HANDLE FileHandle
118 UINT32 AuthenticationStatus
;
119 BOOLEAN DeferExection
;
122 // Set a default authentication state
124 AuthenticationStatus
= 0;
126 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
127 Status
= EFI_NOT_FOUND
;
130 // Check to see if the image is OK
132 Status
= PrivateData
->PrivateSecurityPpi
->AuthenticationState (
133 (CONST EFI_PEI_SERVICES
**) &PrivateData
->PS
,
134 PrivateData
->PrivateSecurityPpi
,
135 AuthenticationStatus
,
141 Status
= EFI_SECURITY_VIOLATION
;
149 Verify a Firmware volume.
151 @param CurrentFvAddress - Pointer to the current Firmware Volume under consideration
153 @retval EFI_SUCCESS Firmware Volume is legal
154 @retval EFI_SECURITY_VIOLATION Firmware Volume fails integrity test
159 IN EFI_FIRMWARE_VOLUME_HEADER
*CurrentFvAddress
163 // Right now just pass the test. Future can authenticate and/or check the
164 // FV-header or other metric for goodness of binary.