\r
Depex - Dependency Expresion.\r
\r
- Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2014, Hewlett-Packard Development Company, L.P.\r
+ Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials are licensed and made available \r
under the terms and conditions of the BSD License which accompanies this \r
distribution. The full text of the license may be found at \r
// DXE Architecture Protocols\r
//\r
EFI_SECURITY_ARCH_PROTOCOL *mSecurity = NULL;\r
+EFI_SECURITY2_ARCH_PROTOCOL *mSecurity2 = NULL;\r
\r
//\r
// The global variable is defined for Loading modules at fixed address feature to track the SMM code\r
EFI_DEVICE_PATH_PROTOCOL *HandleFilePath;\r
EFI_FIRMWARE_VOLUME2_PROTOCOL *Fv;\r
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
+ UINT64 Tick;\r
+\r
+ Tick = 0;\r
+ PERF_CODE (\r
+ Tick = GetPerformanceCounter ();\r
+ );\r
\r
Buffer = NULL;\r
Size = 0;\r
}\r
\r
//\r
- // If the Security Architectural Protocol has not been located yet, then attempt to locate it\r
+ // If the Security2 and Security Architectural Protocol has not been located yet, then attempt to locate it\r
//\r
+ if (mSecurity2 == NULL) {\r
+ gBS->LocateProtocol (&gEfiSecurity2ArchProtocolGuid, NULL, (VOID**)&mSecurity2);\r
+ }\r
if (mSecurity == NULL) {\r
gBS->LocateProtocol (&gEfiSecurityArchProtocolGuid, NULL, (VOID**)&mSecurity);\r
}\r
-\r
//\r
- // Verify the Authentication Status through the Security Architectural Protocol\r
+ // When Security2 is installed, Security Architectural Protocol must be published.\r
//\r
- if ((mSecurity != NULL) && (OriginalFilePath != NULL)) {\r
- SecurityStatus = mSecurity->FileAuthenticationState (\r
- mSecurity,\r
- AuthenticationStatus,\r
- OriginalFilePath\r
- );\r
- if (EFI_ERROR (SecurityStatus) && SecurityStatus != EFI_SECURITY_VIOLATION) {\r
- Status = SecurityStatus;\r
- return Status;\r
- }\r
- }\r
- \r
+ ASSERT (mSecurity2 == NULL || mSecurity != NULL);\r
+\r
//\r
// Pull out just the file portion of the DevicePath for the LoadedImage FilePath\r
//\r
\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
}\r
return Status;\r
}\r
\r
+ //\r
+ // Verify File Authentication through the Security2 Architectural Protocol\r
+ //\r
+ if (mSecurity2 != NULL) {\r
+ SecurityStatus = mSecurity2->FileAuthentication (\r
+ mSecurity2,\r
+ OriginalFilePath,\r
+ Buffer,\r
+ Size,\r
+ FALSE\r
+ );\r
+ }\r
+\r
+ //\r
+ // Verify the Authentication Status through the Security Architectural Protocol\r
+ // Only on images that have been read using Firmware Volume protocol.\r
+ // All SMM images are from FV protocol. \r
+ //\r
+ if (!EFI_ERROR (SecurityStatus) && (mSecurity != NULL)) {\r
+ SecurityStatus = mSecurity->FileAuthenticationState (\r
+ mSecurity,\r
+ AuthenticationStatus,\r
+ OriginalFilePath\r
+ );\r
+ }\r
+\r
+ if (EFI_ERROR (SecurityStatus) && SecurityStatus != EFI_SECURITY_VIOLATION) {\r
+ Status = SecurityStatus;\r
+ return Status;\r
+ }\r
+ \r
//\r
// Initialize ImageContext\r
//\r
Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
}\r
return Status;\r
}\r
//\r
// allocate the memory to load the SMM driver\r
//\r
- PageCount = (UINTN)EFI_SIZE_TO_PAGES(ImageContext.ImageSize + ImageContext.SectionAlignment);\r
+ PageCount = (UINTN)EFI_SIZE_TO_PAGES((UINTN)ImageContext.ImageSize + ImageContext.SectionAlignment);\r
DstBuffer = (UINTN)(-1);\r
\r
Status = SmmAllocatePages (\r
);\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
} \r
return Status;\r
} \r
ImageContext.ImageAddress = (EFI_PHYSICAL_ADDRESS)DstBuffer;\r
}\r
} else {\r
- PageCount = (UINTN)EFI_SIZE_TO_PAGES(ImageContext.ImageSize + ImageContext.SectionAlignment);\r
+ PageCount = (UINTN)EFI_SIZE_TO_PAGES((UINTN)ImageContext.ImageSize + ImageContext.SectionAlignment);\r
DstBuffer = (UINTN)(-1);\r
\r
Status = SmmAllocatePages (\r
);\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
}\r
return Status;\r
}\r
// Align buffer on section boundry\r
//\r
ImageContext.ImageAddress += ImageContext.SectionAlignment - 1;\r
- ImageContext.ImageAddress &= ~(ImageContext.SectionAlignment - 1);\r
+ ImageContext.ImageAddress &= ~((EFI_PHYSICAL_ADDRESS)(ImageContext.SectionAlignment - 1));\r
\r
//\r
// Load the image to our new buffer\r
Status = PeCoffLoaderLoadImage (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
}\r
SmmFreePages (DstBuffer, PageCount);\r
return Status;\r
Status = PeCoffLoaderRelocateImage (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
}\r
SmmFreePages (DstBuffer, PageCount);\r
return Status;\r
Status = gBS->AllocatePool (EfiBootServicesData, sizeof (EFI_LOADED_IMAGE_PROTOCOL), (VOID **)&DriverEntry->LoadedImage);\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
}\r
SmmFreePages (DstBuffer, PageCount);\r
return Status;\r
}\r
\r
+ ZeroMem (DriverEntry->LoadedImage, sizeof (EFI_LOADED_IMAGE_PROTOCOL));\r
//\r
// Fill in the remaining fields of the Loaded Image Protocol instance.\r
// Note: ImageBase is an SMRAM address that can not be accessed outside of SMRAM if SMRAM window is closed.\r
Status = gBS->AllocatePool (EfiBootServicesData, GetDevicePathSize (FilePath), (VOID **)&DriverEntry->LoadedImage->FilePath);\r
if (EFI_ERROR (Status)) {\r
if (Buffer != NULL) {\r
- Status = gBS->FreePool (Buffer);\r
+ gBS->FreePool (Buffer);\r
}\r
SmmFreePages (DstBuffer, PageCount);\r
return Status;\r
NULL\r
);\r
\r
+ PERF_START (DriverEntry->ImageHandle, "LoadImage:", NULL, Tick);\r
+ PERF_END (DriverEntry->ImageHandle, "LoadImage:", NULL, 0);\r
+\r
//\r
// Print the load address and the PDB file name if it is available\r
//\r
// used the UEFI Boot Services AllocatePool() function\r
//\r
Status = gBS->FreePool(Buffer);\r
+ if (!EFI_ERROR (Status) && EFI_ERROR (SecurityStatus)) {\r
+ Status = SecurityStatus;\r
+ }\r
return Status; \r
}\r
\r
//\r
// For each SMM driver, pass NULL as ImageHandle\r
//\r
+ RegisterSmramProfileImage (DriverEntry, TRUE);\r
+ PERF_START (DriverEntry->ImageHandle, "StartImage:", NULL, 0);\r
Status = ((EFI_IMAGE_ENTRY_POINT)(UINTN)DriverEntry->ImageEntryPoint)(DriverEntry->ImageHandle, gST);\r
+ PERF_END (DriverEntry->ImageHandle, "StartImage:", NULL, 0);\r
if (EFI_ERROR(Status)){\r
+ UnregisterSmramProfileImage (DriverEntry, TRUE);\r
SmmFreePages(DriverEntry->ImageBuffer, DriverEntry->NumberOfPage);\r
}\r
\r
UINTN HandleCount;\r
EFI_HANDLE *HandleBuffer;\r
EFI_STATUS GetNextFileStatus;\r
- EFI_STATUS SecurityStatus;\r
EFI_FIRMWARE_VOLUME2_PROTOCOL *Fv;\r
EFI_DEVICE_PATH_PROTOCOL *FvDevicePath;\r
EFI_HANDLE FvHandle;\r
continue;\r
}\r
\r
- //\r
- // If the Security Architectural Protocol has not been located yet, then attempt to locate it\r
- //\r
- if (mSecurity == NULL) {\r
- gBS->LocateProtocol (&gEfiSecurityArchProtocolGuid, NULL, (VOID**)&mSecurity);\r
- }\r
-\r
- //\r
- // Evaluate the authentication status of the Firmware Volume through\r
- // Security Architectural Protocol\r
- //\r
- if (mSecurity != NULL) {\r
- SecurityStatus = mSecurity->FileAuthenticationState (\r
- mSecurity,\r
- 0,\r
- FvDevicePath\r
- );\r
- if (SecurityStatus != EFI_SUCCESS) {\r
- //\r
- // Security check failed. The firmware volume should not be used for any purpose.\r
- //\r
- continue;\r
- }\r
- }\r
-\r
//\r
// Discover Drivers in FV and add them to the Discovered Driver List.\r
// Process EFI_FV_FILETYPE_SMM type and then EFI_FV_FILETYPE_COMBINED_SMM_DXE\r
projects / mirror_edk2.git / blobdiff