MdeModulePkg/Universal/SecurityStubDxe/SecurityStub.c

   1 /** @file
   2   This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.
   3
   4   Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
   5   This program and the accompanying materials
   6   are licensed and made available under the terms and conditions of the BSD License
   7   which accompanies this distribution.  The full text of the license may be found at
   8   http://opensource.org/licenses/bsd-license.php
   9
  10   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  11   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  12
  13 **/
  14
  15
  16 #include <Uefi.h>
  17 #include <Protocol/Security.h>
  18 #include <Protocol/Security2.h>
  19 #include <Library/DebugLib.h>
  20 #include <Library/UefiBootServicesTableLib.h>
  21 #include <Library/UefiDriverEntryPoint.h>
  22 #include <Library/SecurityManagementLib.h>
  23
  24 //
  25 // Handle for the Security Architectural Protocol instance produced by this driver
  26 //
  27 EFI_HANDLE                  mSecurityArchProtocolHandle = NULL;
  28
  29 /**
  30   The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific
  31   policy from the DXE core response to an attempt to use a file that returns a
  32   given status for the authentication check from the section extraction protocol.
  33
  34   The possible responses in a given SAP implementation may include locking
  35   flash upon failure to authenticate, attestation logging for all signed drivers,
  36   and other exception operations.  The File parameter allows for possible logging
  37   within the SAP of the driver.
  38
  39   If File is NULL, then EFI_INVALID_PARAMETER is returned.
  40
  41   If the file specified by File with an authentication status specified by
  42   AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
  43
  44   If the file specified by File with an authentication status specified by
  45   AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
  46   then EFI_ACCESS_DENIED is returned.
  47
  48   If the file specified by File with an authentication status specified by
  49   AuthenticationStatus is not safe for the DXE Core to use right now, but it
  50   might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
  51   returned.
  52
  53   @param  This             The EFI_SECURITY_ARCH_PROTOCOL instance.
  54   @param  AuthenticationStatus
  55                            This is the authentication type returned from the Section
  56                            Extraction protocol. See the Section Extraction Protocol
  57                            Specification for details on this type.
  58   @param  File             This is a pointer to the device path of the file that is
  59                            being dispatched. This will optionally be used for logging.
  60
  61   @retval EFI_SUCCESS            Do nothing and return success.
  62   @retval EFI_INVALID_PARAMETER  File is NULL.
  63 **/
  64 EFI_STATUS
  65 EFIAPI
  66 SecurityStubAuthenticateState (
  67   IN CONST EFI_SECURITY_ARCH_PROTOCOL  *This,
  68   IN UINT32                            AuthenticationStatus,
  69   IN CONST EFI_DEVICE_PATH_PROTOCOL    *File
  70   )
  71 {
  72   return ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_AUTHENTICATION_STATE,
  73                                    AuthenticationStatus,
  74                                    File,
  75                                    NULL,
  76                                    0,
  77                                    FALSE
  78                                    );
  79 }
  80
  81 /**
  82   The DXE Foundation uses this service to measure and/or verify a UEFI image.
  83
  84   This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI
  85   Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation
  86   invokes the FileAuthentication() with a DevicePath and corresponding image in
  87   FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the
  88   appropriate PCR. The image verification logic will confirm the integrity and provenance of the
  89   image in FileBuffer of length FileSize . The origin of the image will be DevicePath in
  90   these cases.
  91   If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected
  92   in order to support the User Identification policy.
  93
  94   @param  This             The EFI_SECURITY2_ARCH_PROTOCOL instance.
  95   @param  File             A pointer to the device path of the file that is
  96                            being dispatched. This will optionally be used for logging.
  97   @param  FileBuffer       A pointer to the buffer with the UEFI file image.
  98   @param  FileSize         The size of the file.
  99   @param  BootPolicy       A boot policy that was used to call LoadImage() UEFI service. If
 100                            FileAuthentication() is invoked not from the LoadImage(),
 101                            BootPolicy must be set to FALSE.
 102
 103   @retval EFI_SUCCESS             The file specified by DevicePath and non-NULL
 104                                   FileBuffer did authenticate, and the platform policy dictates
 105                                   that the DXE Foundation may use the file.
 106   @retval EFI_SUCCESS             The device path specified by NULL device path DevicePath
 107                                   and non-NULL FileBuffer did authenticate, and the platform
 108                                   policy dictates that the DXE Foundation may execute the image in
 109                                   FileBuffer.
 110   @retval EFI_SUCCESS             FileBuffer is NULL and current user has permission to start
 111                                   UEFI device drivers on the device path specified by DevicePath.
 112   @retval EFI_SECURITY_VIOLATION  The file specified by DevicePath and FileBuffer did not
 113                                   authenticate, and the platform policy dictates that the file should be
 114                                   placed in the untrusted state. The image has been added to the file
 115                                   execution table.
 116   @retval EFI_ACCESS_DENIED       The file specified by File and FileBuffer did not
 117                                   authenticate, and the platform policy dictates that the DXE
 118                                   Foundation many not use File.
 119   @retval EFI_SECURITY_VIOLATION  FileBuffer is NULL and the user has no
 120                                   permission to start UEFI device drivers on the device path specified
 121                                   by DevicePath.
 122   @retval EFI_SECURITY_VIOLATION  FileBuffer is not NULL and the user has no permission to load
 123                                   drivers from the device path specified by DevicePath. The
 124                                   image has been added into the list of the deferred images.
 125 **/
 126 EFI_STATUS
 127 EFIAPI
 128 Security2StubAuthenticate (
 129   IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,
 130   IN CONST EFI_DEVICE_PATH_PROTOCOL    *File,
 131   IN VOID                              *FileBuffer,
 132   IN UINTN                             FileSize,
 133   IN BOOLEAN                           BootPolicy
 134   )
 135 {
 136   return ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_VERIFY_IMAGE |
 137                                    EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD |
 138                                    EFI_AUTH_OPERATION_MEASURE_IMAGE |
 139                                    EFI_AUTH_OPERATION_CONNECT_POLICY,
 140                                    0,
 141                                    File,
 142                                    FileBuffer,
 143                                    FileSize,
 144                                    BootPolicy
 145                                    );
 146 }
 147
 148 //
 149 // Security2 and Security Architectural Protocol instance produced by this driver
 150 //
 151 EFI_SECURITY_ARCH_PROTOCOL  mSecurityStub = {
 152   SecurityStubAuthenticateState
 153 };
 154
 155 EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = {
 156   Security2StubAuthenticate
 157 };
 158
 159 /**
 160   Installs Security2 and Security Architectural Protocol.
 161
 162   @param  ImageHandle  The image handle of this driver.
 163   @param  SystemTable  A pointer to the EFI System Table.
 164
 165   @retval EFI_SUCCESS   Install the sample Security Architectural Protocol successfully.
 166
 167 **/
 168 EFI_STATUS
 169 EFIAPI
 170 SecurityStubInitialize (
 171   IN EFI_HANDLE        ImageHandle,
 172   IN EFI_SYSTEM_TABLE  *SystemTable
 173   )
 174 {
 175   EFI_STATUS  Status;
 176
 177   //
 178   // Make sure the Security Architectural Protocol is not already installed in the system
 179   //
 180   ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurity2ArchProtocolGuid);
 181   ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);
 182
 183   //
 184   // Install the Security Architectural Protocol onto a new handle
 185   //
 186   Status = gBS->InstallMultipleProtocolInterfaces (
 187                   &mSecurityArchProtocolHandle,
 188                   &gEfiSecurity2ArchProtocolGuid,
 189                   &mSecurity2Stub,
 190                   &gEfiSecurityArchProtocolGuid,
 191                   &mSecurityStub,
 192                   NULL
 193                   );
 194   ASSERT_EFI_ERROR (Status);
 195
 196   return EFI_SUCCESS;
 197 }