3 Copyright (c) 2006, Intel Corporation
4 All rights reserved. This program and the accompanying materials
5 are licensed and made available under the terms and conditions of the BSD License
6 which accompanies this distribution. The full text of the license may be found at
7 http://opensource.org/licenses/bsd-license.php
9 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
10 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
18 EFI PEI Core Security services
27 SecurityPpiNotifyCallback (
28 IN EFI_PEI_SERVICES
**PeiServices
,
29 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
33 static EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList
= {
34 EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
,
35 &gEfiPeiSecurity2PpiGuid
,
36 SecurityPpiNotifyCallback
40 InitializeSecurityServices (
41 IN EFI_PEI_SERVICES
**PeiServices
,
42 IN PEI_CORE_INSTANCE
*OldCoreData
48 Initialize the security services.
52 PeiServices - The PEI core services table.
53 OldCoreData - Pointer to the old core data.
54 NULL if being run in non-permament memory mode.
61 if (OldCoreData
== NULL
) {
62 PeiServicesNotifyPpi (&mNotifyList
);
70 SecurityPpiNotifyCallback (
71 IN EFI_PEI_SERVICES
**PeiServices
,
72 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
79 Provide a callback for when the security PPI is installed.
83 PeiServices - The PEI core services table.
84 NotifyDescriptor - The descriptor for the notification event.
85 Ppi - Pointer to the PPI in question.
89 EFI_SUCCESS - The function is successfully processed.
93 PEI_CORE_INSTANCE
*PrivateData
;
96 // Get PEI Core private data
98 PrivateData
= PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices
);
101 // If there isn't a security PPI installed, use the one from notification
103 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
104 PrivateData
->PrivateSecurityPpi
= (EFI_PEI_SECURITY2_PPI
*)Ppi
;
111 IN PEI_CORE_INSTANCE
*PrivateData
,
112 IN EFI_PEI_FV_HANDLE VolumeHandle
,
113 IN EFI_PEI_FILE_HANDLE FileHandle
119 Provide a callout to the security verification service.
123 PeiServices - The PEI core services table.
124 CurrentPeimAddress - Pointer to the Firmware File under investigation.
128 EFI_SUCCESS - Image is OK
129 EFI_SECURITY_VIOLATION - Image is illegal
134 UINT32 AuthenticationStatus
;
135 BOOLEAN DeferExection
;
138 // Set a default authentication state
140 AuthenticationStatus
= 0;
142 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
143 Status
= EFI_NOT_FOUND
;
146 // Check to see if the image is OK
148 Status
= PrivateData
->PrivateSecurityPpi
->AuthenticationState (
149 (CONST EFI_PEI_SERVICES
**) &PrivateData
->PS
,
150 PrivateData
->PrivateSecurityPpi
,
151 AuthenticationStatus
,
157 Status
= EFI_SECURITY_VIOLATION
;
166 IN EFI_FIRMWARE_VOLUME_HEADER
*CurrentFvAddress
172 Verify a Firmware volume
176 CurrentFvAddress - Pointer to the current Firmware Volume under consideration
180 EFI_SUCCESS - Firmware Volume is legal
181 EFI_SECURITY_VIOLATION - Firmware Volume fails integrity test
186 // Right now just pass the test. Future can authenticate and/or check the
187 // FV-header or other metric for goodness of binary.