+++ /dev/null
-/*++\r
-\r
-Copyright (c) 2006, Intel Corporation \r
-All rights reserved. This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php \r
- \r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
-\r
-Module Name:\r
-\r
- Security.c\r
-\r
-Abstract:\r
-\r
- EFI PEI Core Security services\r
-\r
---*/\r
-\r
-#include <PeiMain.h>\r
-\r
-STATIC\r
-EFI_STATUS\r
-EFIAPI\r
-SecurityPpiNotifyCallback (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
- IN VOID *Ppi\r
- );\r
-\r
-static EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList = {\r
- EFI_PEI_PPI_DESCRIPTOR_NOTIFY_DISPATCH | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
- &gEfiPeiSecurityPpiGuid,\r
- SecurityPpiNotifyCallback\r
-};\r
-\r
-VOID\r
-InitializeSecurityServices (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN PEI_CORE_INSTANCE *OldCoreData\r
- )\r
-/*++\r
-\r
-Routine Description:\r
-\r
- Initialize the security services.\r
-\r
-Arguments:\r
-\r
- PeiServices - The PEI core services table.\r
- OldCoreData - Pointer to the old core data.\r
- NULL if being run in non-permament memory mode.\r
-Returns:\r
-\r
- None\r
-\r
---*/\r
-{\r
- if (OldCoreData == NULL) {\r
- PeiServicesNotifyPpi (&mNotifyList);\r
- }\r
- return;\r
-}\r
-\r
-STATIC\r
-EFI_STATUS\r
-EFIAPI\r
-SecurityPpiNotifyCallback (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
- IN VOID *Ppi\r
- )\r
-/*++\r
-\r
-Routine Description:\r
-\r
- Provide a callback for when the security PPI is installed.\r
-\r
-Arguments:\r
-\r
- PeiServices - The PEI core services table.\r
- NotifyDescriptor - The descriptor for the notification event.\r
- Ppi - Pointer to the PPI in question.\r
-\r
-Returns:\r
-\r
- EFI_SUCCESS - The function is successfully processed.\r
-\r
---*/\r
-{\r
- PEI_CORE_INSTANCE *PrivateData;\r
-\r
- //\r
- // Get PEI Core private data\r
- //\r
- PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);\r
- \r
- //\r
- // If there isn't a security PPI installed, use the one from notification\r
- //\r
- if (PrivateData->PrivateSecurityPpi == NULL) {\r
- PrivateData->PrivateSecurityPpi = (EFI_PEI_SECURITY_PPI *)Ppi;\r
- }\r
- return EFI_SUCCESS;\r
-}\r
-\r
-EFI_STATUS\r
-VerifyPeim (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN EFI_FFS_FILE_HEADER *CurrentPeimAddress\r
- )\r
-/*++\r
-\r
-Routine Description:\r
-\r
- Provide a callout to the security verification service.\r
-\r
-Arguments:\r
-\r
- PeiServices - The PEI core services table.\r
- CurrentPeimAddress - Pointer to the Firmware File under investigation.\r
-\r
-Returns:\r
-\r
- EFI_SUCCESS - Image is OK\r
- EFI_SECURITY_VIOLATION - Image is illegal\r
-\r
---*/\r
-{\r
- PEI_CORE_INSTANCE *PrivateData;\r
- EFI_STATUS Status;\r
- UINT32 AuthenticationStatus;\r
- BOOLEAN StartCrisisRecovery;\r
-\r
- //\r
- // Set a default authentication state\r
- //\r
- AuthenticationStatus = 0;\r
-\r
- //\r
- // get security PPI instance from PEI private data\r
- //\r
- PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);\r
-\r
- if (PrivateData->PrivateSecurityPpi == NULL) {\r
- Status = EFI_NOT_FOUND;\r
- } else {\r
- //\r
- // Check to see if the image is OK\r
- //\r
- Status = PrivateData->PrivateSecurityPpi->AuthenticationState (\r
- PeiServices,\r
- PrivateData->PrivateSecurityPpi,\r
- AuthenticationStatus,\r
- CurrentPeimAddress,\r
- &StartCrisisRecovery\r
- );\r
- if (StartCrisisRecovery) {\r
- Status = EFI_SECURITY_VIOLATION;\r
- }\r
- }\r
- return Status;\r
-}\r
-\r
-\r
-EFI_STATUS\r
-VerifyFv (\r
- IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress\r
- )\r
-/*++\r
-\r
-Routine Description:\r
-\r
- Verify a Firmware volume\r
-\r
-Arguments:\r
-\r
- CurrentFvAddress - Pointer to the current Firmware Volume under consideration\r
-\r
-Returns:\r
-\r
- EFI_SUCCESS - Firmware Volume is legal\r
- EFI_SECURITY_VIOLATION - Firmware Volume fails integrity test\r
-\r
---*/\r
-{\r
- //\r
- // Right now just pass the test. Future can authenticate and/or check the\r
- // FV-header or other metric for goodness of binary.\r
- //\r
- return EFI_SUCCESS;\r
-}\r