2 EFI PEI Core Security services
4 Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
18 EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList
= {
19 EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
,
20 &gEfiPeiSecurity2PpiGuid
,
21 SecurityPpiNotifyCallback
25 Initialize the security services.
27 @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
28 @param OldCoreData Pointer to the old core data.
29 NULL if being run in non-permament memory mode.
33 InitializeSecurityServices (
34 IN EFI_PEI_SERVICES
**PeiServices
,
35 IN PEI_CORE_INSTANCE
*OldCoreData
38 if (OldCoreData
== NULL
) {
39 PeiServicesNotifyPpi (&mNotifyList
);
46 Provide a callback for when the security PPI is installed.
47 This routine will cache installed security PPI into PeiCore's private data.
49 @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
50 @param NotifyDescriptor The descriptor for the notification event.
51 @param Ppi Pointer to the PPI in question.
53 @return Always success
58 SecurityPpiNotifyCallback (
59 IN EFI_PEI_SERVICES
**PeiServices
,
60 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
64 PEI_CORE_INSTANCE
*PrivateData
;
67 // Get PEI Core private data
69 PrivateData
= PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices
);
72 // If there isn't a security PPI installed, use the one from notification
74 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
75 PrivateData
->PrivateSecurityPpi
= (EFI_PEI_SECURITY2_PPI
*)Ppi
;
81 Provide a callout to the security verification service.
83 @param PrivateData PeiCore's private data structure
84 @param VolumeHandle Handle of FV
85 @param FileHandle Handle of PEIM's ffs
86 @param AuthenticationStatus Authentication status
88 @retval EFI_SUCCESS Image is OK
89 @retval EFI_SECURITY_VIOLATION Image is illegal
90 @retval EFI_NOT_FOUND If security PPI is not installed.
94 IN PEI_CORE_INSTANCE
*PrivateData
,
95 IN EFI_PEI_FV_HANDLE VolumeHandle
,
96 IN EFI_PEI_FILE_HANDLE FileHandle
,
97 IN UINT32 AuthenticationStatus
101 BOOLEAN DeferExection
;
104 if (PrivateData
->PrivateSecurityPpi
== NULL
) {
105 Status
= EFI_NOT_FOUND
;
108 // Check to see if the image is OK
110 Status
= PrivateData
->PrivateSecurityPpi
->AuthenticationState (
111 (CONST EFI_PEI_SERVICES
**) &PrivateData
->Ps
,
112 PrivateData
->PrivateSecurityPpi
,
113 AuthenticationStatus
,
119 Status
= EFI_SECURITY_VIOLATION
;
127 Verify a Firmware volume.
129 @param CurrentFvAddress Pointer to the current Firmware Volume under consideration
131 @retval EFI_SUCCESS Firmware Volume is legal
136 IN EFI_FIRMWARE_VOLUME_HEADER
*CurrentFvAddress
140 // Right now just pass the test. Future can authenticate and/or check the
141 // FV-header or other metric for goodness of binary.