]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg/SecurityManagementLib: Mark the File parameter as OPTIONAL
[mirror_edk2.git] / MdeModulePkg / Library / DxeSecurityManagementLib / DxeSecurityManagementLib.c
1 /** @file
2 Provides generic security measurement functions for DXE module.
3
4 Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
6
7 **/
8
9 #include <PiDxe.h>
10 #include <Protocol/LoadFile.h>
11 #include <Library/DebugLib.h>
12 #include <Library/DxeServicesLib.h>
13 #include <Library/MemoryAllocationLib.h>
14 #include <Library/SecurityManagementLib.h>
15 #include <Library/DevicePathLib.h>
16 #include <Library/UefiBootServicesTableLib.h>
17
18 #define SECURITY_HANDLER_TABLE_SIZE 0x10
19
20 //
21 // Secruity Operation on Image and none Image.
22 //
23 #define EFI_AUTH_IMAGE_OPERATION_MASK (EFI_AUTH_OPERATION_VERIFY_IMAGE \
24 | EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD \
25 | EFI_AUTH_OPERATION_MEASURE_IMAGE)
26 #define EFI_AUTH_NONE_IMAGE_OPERATION_MASK (EFI_AUTH_OPERATION_CONNECT_POLICY \
27 | EFI_AUTH_OPERATION_AUTHENTICATION_STATE)
28
29 typedef struct {
30 UINT32 SecurityOperation;
31 SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler;
32 } SECURITY_INFO;
33
34 typedef struct {
35 UINT32 Security2Operation;
36 SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler;
37 } SECURITY2_INFO;
38
39 UINT32 mCurrentAuthOperation = 0;
40 UINT32 mNumberOfSecurityHandler = 0;
41 UINT32 mMaxNumberOfSecurityHandler = 0;
42 SECURITY_INFO *mSecurityTable = NULL;
43
44 UINT32 mCurrentAuthOperation2 = 0;
45 UINT32 mNumberOfSecurity2Handler = 0;
46 UINT32 mMaxNumberOfSecurity2Handler = 0;
47 SECURITY2_INFO *mSecurity2Table = NULL;
48
49 /**
50 Reallocates more global memory to store the registered Handler list.
51
52 @retval RETURN_SUCCESS Reallocate memory successfully.
53 @retval RETURN_OUT_OF_RESOURCES No enough memory to allocated.
54 **/
55 RETURN_STATUS
56 EFIAPI
57 ReallocateSecurityHandlerTable (
58 VOID
59 )
60 {
61 //
62 // Reallocate memory for security info structure.
63 //
64 mSecurityTable = ReallocatePool (
65 mMaxNumberOfSecurityHandler * sizeof (SECURITY_INFO),
66 (mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE) * sizeof (SECURITY_INFO),
67 mSecurityTable
68 );
69
70 //
71 // No enough resource is allocated.
72 //
73 if (mSecurityTable == NULL) {
74 return RETURN_OUT_OF_RESOURCES;
75 }
76
77 //
78 // Increase max handler number
79 //
80 mMaxNumberOfSecurityHandler = mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE;
81 return RETURN_SUCCESS;
82 }
83
84 /**
85 Check whether an operation is valid according to the requirement of current operation,
86 which must make sure that the measure image operation is the last one.
87
88 @param CurrentAuthOperation Current operation.
89 @param CheckAuthOperation Operation to be checked.
90
91 @retval TRUE Operation is valid for current operation.
92 @retval FALSE Operation is invalid for current operation.
93 **/
94 BOOLEAN
95 CheckAuthenticationOperation (
96 IN UINT32 CurrentAuthOperation,
97 IN UINT32 CheckAuthOperation
98 )
99 {
100 //
101 // Make sure new auth operation can be recognized.
102 //
103 ASSERT ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK | EFI_AUTH_OPERATION_AUTHENTICATION_STATE | EFI_AUTH_OPERATION_IMAGE_REQUIRED)) == 0);
104
105 //
106 // When current operation includes measure image operation,
107 // only another measure image operation or none operation will be allowed.
108 //
109 if ((CurrentAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) {
110 if (((CheckAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) ||
111 ((CheckAuthOperation & EFI_AUTH_IMAGE_OPERATION_MASK) == EFI_AUTH_OPERATION_NONE)) {
112 return TRUE;
113 } else {
114 return FALSE;
115 }
116 }
117
118 //
119 // When current operation doesn't include measure image operation,
120 // any new operation will be allowed.
121 //
122 return TRUE;
123 }
124
125 /**
126 Register security measurement handler with its operation type. The different
127 handler with the same operation can all be registered.
128
129 If SecurityHandler is NULL, then ASSERT().
130 If no enough resources available to register new handler, then ASSERT().
131 If AuthenticationOperation is not recongnized, then ASSERT().
132 If the previous register handler can't be executed before the later register handler, then ASSERT().
133
134 @param[in] SecurityHandler Security measurement service handler to be registered.
135 @param[in] AuthenticationOperation Operation type is specified for the registered handler.
136
137 @retval EFI_SUCCESS The handlers were registered successfully.
138 **/
139 EFI_STATUS
140 EFIAPI
141 RegisterSecurityHandler (
142 IN SECURITY_FILE_AUTHENTICATION_STATE_HANDLER SecurityHandler,
143 IN UINT32 AuthenticationOperation
144 )
145 {
146 EFI_STATUS Status;
147
148 ASSERT (SecurityHandler != NULL);
149
150 //
151 // Make sure AuthenticationOperation is valid in the register order.
152 //
153 ASSERT (CheckAuthenticationOperation (mCurrentAuthOperation, AuthenticationOperation));
154 mCurrentAuthOperation = mCurrentAuthOperation | AuthenticationOperation;
155
156 //
157 // Check whether the handler lists is enough to store new handler.
158 //
159 if (mNumberOfSecurityHandler == mMaxNumberOfSecurityHandler) {
160 //
161 // Allocate more resources for new handler.
162 //
163 Status = ReallocateSecurityHandlerTable();
164 ASSERT_EFI_ERROR (Status);
165 }
166
167 //
168 // Register new handler into the handler list.
169 //
170 mSecurityTable[mNumberOfSecurityHandler].SecurityOperation = AuthenticationOperation;
171 mSecurityTable[mNumberOfSecurityHandler].SecurityHandler = SecurityHandler;
172 mNumberOfSecurityHandler ++;
173
174 return EFI_SUCCESS;
175 }
176
177 /**
178 Execute registered handlers until one returns an error and that error is returned.
179 If none of the handlers return an error, then EFI_SUCCESS is returned.
180
181 Before exectue handler, get the image buffer by file device path if a handler
182 requires the image file. And return the image buffer to each handler when exectue handler.
183
184 The handlers are executed in same order to their registered order.
185
186 @param[in] AuthenticationStatus
187 This is the authentication type returned from the Section
188 Extraction protocol. See the Section Extraction Protocol
189 Specification for details on this type.
190 @param[in] FilePath This is a pointer to the device path of the file that is
191 being dispatched. This will optionally be used for logging.
192
193 @retval EFI_SUCCESS The file specified by File did authenticate when more
194 than one security handler services were registered,
195 or the file did not authenticate when no security
196 handler service was registered. And the platform policy
197 dictates that the DXE Core may use File.
198 @retval EFI_INVALID_PARAMETER File is NULL.
199 @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
200 the platform policy dictates that File should be placed
201 in the untrusted state. A file may be promoted from
202 the untrusted to the trusted state at a future time
203 with a call to the Trust() DXE Service.
204 @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and
205 the platform policy dictates that File should not be
206 used for any purpose.
207 **/
208 EFI_STATUS
209 EFIAPI
210 ExecuteSecurityHandlers (
211 IN UINT32 AuthenticationStatus,
212 IN CONST EFI_DEVICE_PATH_PROTOCOL *FilePath
213 )
214 {
215 UINT32 Index;
216 EFI_STATUS Status;
217 UINT32 HandlerAuthenticationStatus;
218 VOID *FileBuffer;
219 UINTN FileSize;
220 EFI_HANDLE Handle;
221 EFI_DEVICE_PATH_PROTOCOL *Node;
222 EFI_DEVICE_PATH_PROTOCOL *FilePathToVerfiy;
223
224 if (FilePath == NULL) {
225 return EFI_INVALID_PARAMETER;
226 }
227
228 //
229 // Directly return successfully when no handler is registered.
230 //
231 if (mNumberOfSecurityHandler == 0) {
232 return EFI_SUCCESS;
233 }
234
235 Status = EFI_SUCCESS;
236 FileBuffer = NULL;
237 FileSize = 0;
238 HandlerAuthenticationStatus = AuthenticationStatus;
239 FilePathToVerfiy = (EFI_DEVICE_PATH_PROTOCOL *) FilePath;
240 //
241 // Run security handler in same order to their registered list
242 //
243 for (Index = 0; Index < mNumberOfSecurityHandler; Index ++) {
244 if ((mSecurityTable[Index].SecurityOperation & EFI_AUTH_OPERATION_IMAGE_REQUIRED) == EFI_AUTH_OPERATION_IMAGE_REQUIRED) {
245 //
246 // Try get file buffer when the handler requires image buffer.
247 //
248 if (FileBuffer == NULL) {
249 Node = FilePathToVerfiy;
250 Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);
251 //
252 // Try to get image by FALSE boot policy for the exact boot file path.
253 //
254 FileBuffer = GetFileBufferByFilePath (FALSE, FilePath, &FileSize, &AuthenticationStatus);
255 if (FileBuffer == NULL) {
256 //
257 // Try to get image by TRUE boot policy for the inexact boot file path.
258 //
259 FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus);
260 }
261 if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {
262 //
263 // LoadFile () may cause the device path of the Handle be updated.
264 //
265 FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node);
266 }
267 }
268 }
269 Status = mSecurityTable[Index].SecurityHandler (
270 HandlerAuthenticationStatus,
271 FilePathToVerfiy,
272 FileBuffer,
273 FileSize
274 );
275 if (EFI_ERROR (Status)) {
276 break;
277 }
278 }
279
280 if (FileBuffer != NULL) {
281 FreePool (FileBuffer);
282 }
283 if (FilePathToVerfiy != FilePath) {
284 FreePool (FilePathToVerfiy);
285 }
286
287 return Status;
288 }
289
290 /**
291 Reallocates more global memory to store the registered Securit2Handler list.
292
293 @retval RETURN_SUCCESS Reallocate memory successfully.
294 @retval RETURN_OUT_OF_RESOURCES No enough memory to allocated.
295 **/
296 RETURN_STATUS
297 EFIAPI
298 ReallocateSecurity2HandlerTable (
299 VOID
300 )
301 {
302 //
303 // Reallocate memory for security info structure.
304 //
305 mSecurity2Table = ReallocatePool (
306 mMaxNumberOfSecurity2Handler * sizeof (SECURITY2_INFO),
307 (mMaxNumberOfSecurity2Handler + SECURITY_HANDLER_TABLE_SIZE) * sizeof (SECURITY2_INFO),
308 mSecurity2Table
309 );
310
311 //
312 // No enough resource is allocated.
313 //
314 if (mSecurity2Table == NULL) {
315 return RETURN_OUT_OF_RESOURCES;
316 }
317
318 //
319 // Increase max handler number
320 //
321 mMaxNumberOfSecurity2Handler = mMaxNumberOfSecurity2Handler + SECURITY_HANDLER_TABLE_SIZE;
322 return RETURN_SUCCESS;
323 }
324
325 /**
326 Check whether an operation is valid according to the requirement of current operation,
327 which must make sure that the measure image operation is the last one.
328
329 If AuthenticationOperation is not recongnized, return FALSE.
330 If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, return FALSE.
331 If AuthenticationOperation includes security operation and authentication operation, return FALSE.
332 If the previous register handler can't be executed before the later register handler, return FALSE.
333
334 @param CurrentAuthOperation Current operation.
335 @param CheckAuthOperation Operation to be checked.
336
337 @retval TRUE Operation is valid for current operation.
338 @retval FALSE Operation is invalid for current operation.
339 **/
340 BOOLEAN
341 CheckAuthentication2Operation (
342 IN UINT32 CurrentAuthOperation,
343 IN UINT32 CheckAuthOperation
344 )
345 {
346 //
347 // Make sure new auth operation can be recognized.
348 //
349 if (CheckAuthOperation == EFI_AUTH_OPERATION_NONE) {
350 return FALSE;
351 }
352 if ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK |
353 EFI_AUTH_NONE_IMAGE_OPERATION_MASK |
354 EFI_AUTH_OPERATION_IMAGE_REQUIRED)) != 0) {
355 return FALSE;
356 }
357
358 //
359 // When current operation includes measure image operation,
360 // only another measure image or none image operation will be allowed.
361 //
362 if ((CurrentAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) {
363 if (((CheckAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) ||
364 ((CheckAuthOperation & EFI_AUTH_IMAGE_OPERATION_MASK) == 0)) {
365 return TRUE;
366 } else {
367 return FALSE;
368 }
369 }
370
371 //
372 // Any other operation will be allowed.
373 //
374 return TRUE;
375 }
376
377 /**
378 Register security measurement handler with its operation type. Different
379 handlers with the same operation can all be registered.
380
381 If Security2Handler is NULL, then ASSERT().
382 If no enough resources available to register new handler, then ASSERT().
383 If AuthenticationOperation is not recongnized, then ASSERT().
384 If AuthenticationOperation is EFI_AUTH_OPERATION_NONE, then ASSERT().
385 If the previous register handler can't be executed before the later register handler, then ASSERT().
386
387 @param[in] Security2Handler The security measurement service handler to be registered.
388 @param[in] AuthenticationOperation The operation type is specified for the registered handler.
389
390 @retval EFI_SUCCESS The handlers were registered successfully.
391 **/
392 EFI_STATUS
393 EFIAPI
394 RegisterSecurity2Handler (
395 IN SECURITY2_FILE_AUTHENTICATION_HANDLER Security2Handler,
396 IN UINT32 AuthenticationOperation
397 )
398 {
399 EFI_STATUS Status;
400
401 ASSERT (Security2Handler != NULL);
402
403 //
404 // Make sure AuthenticationOperation is valid in the register order.
405 //
406 ASSERT (CheckAuthentication2Operation (mCurrentAuthOperation2, AuthenticationOperation));
407 mCurrentAuthOperation2 = mCurrentAuthOperation2 | AuthenticationOperation;
408
409 //
410 // Check whether the handler lists is enough to store new handler.
411 //
412 if (mNumberOfSecurity2Handler == mMaxNumberOfSecurity2Handler) {
413 //
414 // Allocate more resources for new handler.
415 //
416 Status = ReallocateSecurity2HandlerTable();
417 ASSERT_EFI_ERROR (Status);
418 }
419
420 //
421 // Register new handler into the handler list.
422 //
423 mSecurity2Table[mNumberOfSecurity2Handler].Security2Operation = AuthenticationOperation;
424 mSecurity2Table[mNumberOfSecurity2Handler].Security2Handler = Security2Handler;
425 mNumberOfSecurity2Handler ++;
426
427 return EFI_SUCCESS;
428 }
429
430 /**
431 Execute registered handlers based on input AuthenticationOperation until
432 one returns an error and that error is returned.
433
434 If none of the handlers return an error, then EFI_SUCCESS is returned.
435 The handlers those satisfy AuthenticationOperation will only be executed.
436 The handlers are executed in same order to their registered order.
437
438 @param[in] AuthenticationOperation
439 The operation type specifies which handlers will be executed.
440 @param[in] AuthenticationStatus
441 The authentication status for the input file.
442 @param[in] File This is a pointer to the device path of the file that is
443 being dispatched. This will optionally be used for logging.
444 @param[in] FileBuffer A pointer to the buffer with the UEFI file image
445 @param[in] FileSize The size of File buffer.
446 @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
447
448 @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
449 FileBuffer did authenticate, and the platform policy dictates
450 that the DXE Foundation may use the file.
451 @retval EFI_SUCCESS The device path specified by NULL device path DevicePath
452 and non-NULL FileBuffer did authenticate, and the platform
453 policy dictates that the DXE Foundation may execute the image in
454 FileBuffer.
455 @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
456 UEFI device drivers on the device path specified by DevicePath.
457 @retval EFI_SECURITY_VIOLATION The file specified by File or FileBuffer did not
458 authenticate, and the platform policy dictates that
459 the file should be placed in the untrusted state.
460 @retval EFI_SECURITY_VIOLATION FileBuffer FileBuffer is NULL and the user has no
461 permission to start UEFI device drivers on the device path specified
462 by DevicePath.
463 @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
464 drivers from the device path specified by DevicePath. The
465 image has been added into the list of the deferred images.
466 @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and
467 the platform policy dictates that the DXE
468 Foundation may not use File.
469 @retval EFI_INVALID_PARAMETER File and FileBuffer are both NULL.
470 **/
471 EFI_STATUS
472 EFIAPI
473 ExecuteSecurity2Handlers (
474 IN UINT32 AuthenticationOperation,
475 IN UINT32 AuthenticationStatus,
476 IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL
477 IN VOID *FileBuffer,
478 IN UINTN FileSize,
479 IN BOOLEAN BootPolicy
480 )
481 {
482 UINT32 Index;
483 EFI_STATUS Status;
484
485 //
486 // Invalid case if File and FileBuffer are both NULL.
487 //
488 if (File == NULL && FileBuffer == NULL) {
489 return EFI_INVALID_PARAMETER;
490 }
491
492 //
493 // Directly return successfully when no handler is registered.
494 //
495 if (mNumberOfSecurity2Handler == 0) {
496 return EFI_SUCCESS;
497 }
498
499 //
500 // Run security handler in same order to their registered list
501 //
502 for (Index = 0; Index < mNumberOfSecurity2Handler; Index ++) {
503 //
504 // If FileBuffer is not NULL, the input is Image, which will be handled by EFI_AUTH_IMAGE_OPERATION_MASK operation.
505 // If FileBuffer is NULL, the input is not Image, which will be handled by EFI_AUTH_NONE_IMAGE_OPERATION_MASK operation.
506 // Other cases are ignored.
507 //
508 if ((FileBuffer != NULL && (mSecurity2Table[Index].Security2Operation & EFI_AUTH_IMAGE_OPERATION_MASK) != 0) ||
509 (FileBuffer == NULL && (mSecurity2Table[Index].Security2Operation & EFI_AUTH_NONE_IMAGE_OPERATION_MASK) != 0)) {
510 //
511 // Execute registered handlers based on input AuthenticationOperation
512 //
513 if ((mSecurity2Table[Index].Security2Operation & AuthenticationOperation) != 0) {
514 Status = mSecurity2Table[Index].Security2Handler (
515 AuthenticationStatus,
516 File,
517 FileBuffer,
518 FileSize,
519 BootPolicy
520 );
521 if (EFI_ERROR (Status)) {
522 return Status;
523 }
524 }
525 }
526 }
527
528 return EFI_SUCCESS;
529 }
EFI Development Kit II mirror for PVE