Add PI1.2.1 SAP2 support and UEFI231B mantis 896

[mirror_edk2.git] / MdeModulePkg / Core / PiSmmCore / Dispatcher.c

diff --git a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
index 5edf184b927d7d6b8c343aec23fa7ac3ab5a47d0..8a9d99b1581c99123ccaf14660d629a33a12dff9 100644 (file)
--- a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
+++ b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
@@ -120,6 +120,7 @@ FV_FILEPATH_DEVICE_PATH  mFvDevicePath;
 // DXE Architecture Protocols\r
 //\r
 EFI_SECURITY_ARCH_PROTOCOL  *mSecurity = NULL;\r
+EFI_SECURITY2_ARCH_PROTOCOL *mSecurity2 = NULL;\r
 \r
 //\r
 // The global variable is defined for Loading modules at fixed address feature to track the SMM code\r
@@ -349,27 +350,19 @@ SmmLoadImage (
   }\r
 \r
   //\r
-  // If the Security Architectural Protocol has not been located yet, then attempt to locate it\r
+  // If the Security2 and Security Architectural Protocol has not been located yet, then attempt to locate it\r
   //\r
+  if (mSecurity2 == NULL) {\r
+    gBS->LocateProtocol (&gEfiSecurity2ArchProtocolGuid, NULL, (VOID**)&mSecurity2);\r
+  }\r
   if (mSecurity == NULL) {\r
     gBS->LocateProtocol (&gEfiSecurityArchProtocolGuid, NULL, (VOID**)&mSecurity);\r
   }\r
-\r
   //\r
-  // Verify the Authentication Status through the Security Architectural Protocol\r
+  // When Security2 is installed, Security Architectural Protocol must be published.\r
   //\r
-  if ((mSecurity != NULL) && (OriginalFilePath != NULL)) {\r
-    SecurityStatus = mSecurity->FileAuthenticationState (\r
-                                  mSecurity,\r
-                                  AuthenticationStatus,\r
-                                  OriginalFilePath\r
-                                  );\r
-    if (EFI_ERROR (SecurityStatus) && SecurityStatus != EFI_SECURITY_VIOLATION) {\r
-      Status = SecurityStatus;\r
-      return Status;\r
-    }\r
-  }\r
-  \r
+  ASSERT (mSecurity2 == NULL || mSecurity != NULL);\r
+\r
   //\r
   // Pull out just the file portion of the DevicePath for the LoadedImage FilePath\r
   //\r
@@ -417,6 +410,37 @@ SmmLoadImage (
     return Status;\r
   }\r
 \r
+  //\r
+  // Verify File Authentication through the Security2 Architectural Protocol\r
+  //\r
+  if (mSecurity2 != NULL) {\r
+    SecurityStatus = mSecurity2->FileAuthentication (\r
+                                  mSecurity2,\r
+                                  OriginalFilePath,\r
+                                  Buffer,\r
+                                  Size,\r
+                                  FALSE\r
+                                  );\r
+  }\r
+\r
+  //\r
+  // Verify the Authentication Status through the Security Architectural Protocol\r
+  // Only on images that have been read using Firmware Volume protocol.\r
+  // All SMM images are from FV protocol. \r
+  //\r
+  if (!EFI_ERROR (SecurityStatus) && (mSecurity != NULL)) {\r
+    SecurityStatus = mSecurity->FileAuthenticationState (\r
+                                  mSecurity,\r
+                                  AuthenticationStatus,\r
+                                  OriginalFilePath\r
+                                  );\r
+  }\r
+\r
+  if (EFI_ERROR (SecurityStatus) && SecurityStatus != EFI_SECURITY_VIOLATION) {\r
+    Status = SecurityStatus;\r
+    return Status;\r
+  }\r
+  \r
   //\r
   // Initialize ImageContext\r
   //\r