QuarkPlatformPkg/Platform/Pei/PlatformInit/PeiFvSecurity.c

   1 /** @file
   2 EFI PEI Platform Security services
   3
   4 Copyright (c) 2013 Intel Corporation.
   5
   6 SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9
  10 #include "PeiFvSecurity.h"
  11
  12 EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoSecurityList = {
  13     (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
  14     &gEfiPeiFirmwareVolumeInfoPpiGuid,
  15     FirmwareVolmeInfoPpiNotifySecurityCallback
  16 };
  17
  18 /**
  19   Callback function to perform FV security checking on a FV Info PPI.
  20
  21   @param PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation
  22   @param NotifyDescriptor  Address of the notification descriptor data structure.
  23   @param Ppi               Address of the PPI that was installed.
  24
  25   @retval EFI_SUCCESS
  26
  27 **/
  28 EFI_STATUS
  29 EFIAPI
  30 FirmwareVolmeInfoPpiNotifySecurityCallback (
  31   IN EFI_PEI_SERVICES              **PeiServices,
  32   IN EFI_PEI_NOTIFY_DESCRIPTOR     *NotifyDescriptor,
  33   IN VOID                          *Ppi
  34   )
  35 {
  36   EFI_STATUS  Status;
  37   EFI_PEI_FIRMWARE_VOLUME_INFO_PPI      *FvInfoPpi;
  38   EFI_PEI_FIRMWARE_VOLUME_PPI           *FvPpi;
  39
  40   FvInfoPpi = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;
  41
  42   //
  43   // Locate the corresponding FV_PPI according to founded FV's format guid
  44   //
  45   Status = PeiServicesLocatePpi (
  46              &FvInfoPpi->FvFormat,
  47              0,
  48              NULL,
  49              (VOID**)&FvPpi
  50              );
  51   ASSERT_EFI_ERROR (Status);
  52
  53   //
  54   // Only authenticate parent Firmware Volume (child firmware volumes are covered by the parent)
  55   //
  56   if ((VOID *)FvInfoPpi->ParentFvName == NULL && (VOID *)FvInfoPpi->ParentFileName == NULL) {
  57     Status = PeiSecurityVerifyFv ((EFI_FIRMWARE_VOLUME_HEADER*) FvInfoPpi->FvInfo);
  58     ASSERT_EFI_ERROR (Status);
  59   }
  60
  61   return EFI_SUCCESS;
  62 }
  63
  64 /**
  65   Authenticates the Firmware Volume
  66
  67   @param CurrentFvAddress   Pointer to the current Firmware Volume under consideration
  68
  69   @retval EFI_SUCCESS       Firmware Volume is legal
  70
  71 **/
  72 EFI_STATUS
  73 PeiSecurityVerifyFv (
  74   IN EFI_FIRMWARE_VOLUME_HEADER  *CurrentFvAddress
  75   )
  76 {
  77   EFI_STATUS  Status;
  78
  79   //
  80   // Call Security library to authenticate the Firmware Volume
  81   //
  82   DEBUG ((DEBUG_INFO, "PeiSecurityVerifyFv - CurrentFvAddress=0x%8x\n", (UINT32)CurrentFvAddress));
  83   Status = EFI_SUCCESS;
  84
  85   return Status;
  86 }
  87
  88 /**
  89
  90   Entry point for the PEI Security PEIM
  91   Sets up a notification to perform PEI security checking
  92
  93   @param  FfsHeader    Not used.
  94   @param  PeiServices  General purpose services available to every PEIM.
  95
  96   @return EFI_SUCCESS  PEI Security notification installed successfully.
  97           All others: PEI Security notification failed to install.
  98
  99 **/
 100 EFI_STATUS
 101 PeiInitializeFvSecurity (
 102   VOID
 103   )
 104 {
 105   EFI_STATUS  Status;
 106
 107   Status = PeiServicesNotifyPpi (&mNotifyOnFvInfoSecurityList);
 108
 109   return Status;
 110 }
 111