// DXE Architecture Protocols\r
//\r
EFI_SECURITY_ARCH_PROTOCOL *mSecurity = NULL;\r
+EFI_SECURITY2_ARCH_PROTOCOL *mSecurity2 = NULL;\r
\r
//\r
// The global variable is defined for Loading modules at fixed address feature to track the SMM code\r
}\r
\r
//\r
- // If the Security Architectural Protocol has not been located yet, then attempt to locate it\r
+ // If the Security2 and Security Architectural Protocol has not been located yet, then attempt to locate it\r
//\r
+ if (mSecurity2 == NULL) {\r
+ gBS->LocateProtocol (&gEfiSecurity2ArchProtocolGuid, NULL, (VOID**)&mSecurity2);\r
+ }\r
if (mSecurity == NULL) {\r
gBS->LocateProtocol (&gEfiSecurityArchProtocolGuid, NULL, (VOID**)&mSecurity);\r
}\r
-\r
//\r
- // Verify the Authentication Status through the Security Architectural Protocol\r
+ // When Security2 is installed, Security Architectural Protocol must be published.\r
//\r
- if ((mSecurity != NULL) && (OriginalFilePath != NULL)) {\r
- SecurityStatus = mSecurity->FileAuthenticationState (\r
- mSecurity,\r
- AuthenticationStatus,\r
- OriginalFilePath\r
- );\r
- if (EFI_ERROR (SecurityStatus) && SecurityStatus != EFI_SECURITY_VIOLATION) {\r
- Status = SecurityStatus;\r
- return Status;\r
- }\r
- }\r
- \r
+ ASSERT (mSecurity2 == NULL || mSecurity != NULL);\r
+\r
//\r
// Pull out just the file portion of the DevicePath for the LoadedImage FilePath\r
//\r
return Status;\r
}\r
\r
+ //\r
+ // Verify File Authentication through the Security2 Architectural Protocol\r
+ //\r
+ if (mSecurity2 != NULL) {\r
+ SecurityStatus = mSecurity2->FileAuthentication (\r
+ mSecurity2,\r
+ OriginalFilePath,\r
+ Buffer,\r
+ Size,\r
+ FALSE\r
+ );\r
+ }\r
+\r
+ //\r
+ // Verify the Authentication Status through the Security Architectural Protocol\r
+ // Only on images that have been read using Firmware Volume protocol.\r
+ // All SMM images are from FV protocol. \r
+ //\r
+ if (!EFI_ERROR (SecurityStatus) && (mSecurity != NULL)) {\r
+ SecurityStatus = mSecurity->FileAuthenticationState (\r
+ mSecurity,\r
+ AuthenticationStatus,\r
+ OriginalFilePath\r
+ );\r
+ }\r
+\r
+ if (EFI_ERROR (SecurityStatus) && SecurityStatus != EFI_SECURITY_VIOLATION) {\r
+ Status = SecurityStatus;\r
+ return Status;\r
+ }\r
+ \r
//\r
// Initialize ImageContext\r
//\r