pdated code per coding standard. Changed comments, converted all \ to / and removed...
[mirror_edk2.git] / MdeModulePkg / Universal / Security / SecurityStub / Dxe / SecurityStub.c
1 /** @file
2 This driver supports platform security service.
3
4 Copyright (c) 2006 - 2007, Intel Corporation
5 All rights reserved. This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15
16 #include "SecurityStub.h"
17
18 //
19 // Handle for the Security Architectural Protocol instance produced by this driver
20 //
21 EFI_HANDLE mSecurityArchProtocolHandle = NULL;
22
23 //
24 // Security Architectural Protocol instance produced by this driver
25 //
26 EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {
27 SecurityStubAuthenticateState
28 };
29
30
31 /**
32 The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific
33 policy from the DXE core response to an attempt to use a file that returns a
34 given status for the authentication check from the section extraction protocol.
35
36 The possible responses in a given SAP implementation may include locking
37 flash upon failure to authenticate, attestation logging for all signed drivers,
38 and other exception operations. The File parameter allows for possible logging
39 within the SAP of the driver.
40
41 If File is NULL, then EFI_INVALID_PARAMETER is returned.
42
43 If the file specified by File with an authentication status specified by
44 AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
45
46 If the file specified by File with an authentication status specified by
47 AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
48 then EFI_ACCESS_DENIED is returned.
49
50 If the file specified by File with an authentication status specified by
51 AuthenticationStatus is not safe for the DXE Core to use right now, but it
52 might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
53 returned.
54
55 @param This The EFI_SECURITY_ARCH_PROTOCOL instance.
56 @param AuthenticationStatus
57 This is the authentication type returned from the Section
58 Extraction protocol. See the Section Extraction Protocol
59 Specification for details on this type.
60 @param File This is a pointer to the device path of the file that is
61 being dispatched. This will optionally be used for logging.
62
63 @retval EFI_SUCCESS The file specified by File did authenticate, and the
64 platform policy dictates that the DXE Core may use File.
65 @retval EFI_INVALID_PARAMETER Driver is NULL.
66 @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
67 the platform policy dictates that File should be placed
68 in the untrusted state. A file may be promoted from
69 the untrusted to the trusted state at a future time
70 with a call to the Trust() DXE Service.
71 @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and
72 the platform policy dictates that File should not be
73 used for any purpose.
74
75 **/
76 EFI_STATUS
77 EFIAPI
78 SecurityStubAuthenticateState (
79 IN EFI_SECURITY_ARCH_PROTOCOL *This,
80 IN UINT32 AuthenticationStatus,
81 IN EFI_DEVICE_PATH_PROTOCOL *File
82 )
83 {
84 if (File == NULL) {
85 return EFI_INVALID_PARAMETER;
86 }
87
88 return EFI_SUCCESS;
89 }
90
91
92 /**
93 The user Entry Point for DXE driver. The user code starts with this function
94 as the real entry point for the image goes into a library that calls this
95 function.
96
97 @param[in] ImageHandle The firmware allocated handle for the EFI image.
98 @param[in] SystemTable A pointer to the EFI System Table.
99
100 @retval EFI_SUCCESS The entry point is executed successfully.
101 @retval other Some error occurs when executing this entry point.
102
103 **/
104 EFI_STATUS
105 EFIAPI
106 SecurityStubInitialize (
107 IN EFI_HANDLE ImageHandle,
108 IN EFI_SYSTEM_TABLE *SystemTable
109 )
110 {
111 EFI_STATUS Status;
112
113 //
114 // Make sure the Security Architectural Protocol is not already installed in the system
115 //
116 ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);
117
118 //
119 // Install the Security Architectural Protocol onto a new handle
120 //
121 Status = gBS->InstallMultipleProtocolInterfaces (
122 &mSecurityArchProtocolHandle,
123 &gEfiSecurityArchProtocolGuid,
124 &mSecurityStub,
125 NULL
126 );
127 ASSERT_EFI_ERROR (Status);
128
129 return Status;
130 }