/** @file\r
- This driver implements one sample platform security service, which does \r
- nothing and always return EFI_SUCCESS.\r
- \r
- Copyright (c) 2006 - 2008, Intel Corporation \r
- All rights reserved. This program and the accompanying materials \r
- are licensed and made available under the terms and conditions of the BSD License \r
- which accompanies this distribution. The full text of the license may be found at \r
- http://opensource.org/licenses/bsd-license.php \r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+ This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.\r
+\r
+ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
\r
-#include "SecurityStub.h"\r
+#include <Uefi.h>\r
+#include <Protocol/Security.h>\r
+#include <Protocol/Security2.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiDriverEntryPoint.h>\r
+#include <Library/SecurityManagementLib.h>\r
+#include "Defer3rdPartyImageLoad.h"\r
\r
//\r
// Handle for the Security Architectural Protocol instance produced by this driver\r
//\r
EFI_HANDLE mSecurityArchProtocolHandle = NULL;\r
\r
-//\r
-// Security Architectural Protocol instance produced by this driver\r
-//\r
-EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = { \r
- SecurityStubAuthenticateState \r
-};\r
-\r
-\r
/**\r
- The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific \r
- policy from the DXE core response to an attempt to use a file that returns a \r
- given status for the authentication check from the section extraction protocol. \r
+ The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific\r
+ policy from the DXE core response to an attempt to use a file that returns a\r
+ given status for the authentication check from the section extraction protocol.\r
\r
- The possible responses in a given SAP implementation may include locking \r
- flash upon failure to authenticate, attestation logging for all signed drivers, \r
- and other exception operations. The File parameter allows for possible logging \r
+ The possible responses in a given SAP implementation may include locking\r
+ flash upon failure to authenticate, attestation logging for all signed drivers,\r
+ and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
+ If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use under any circumstances, \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r
then EFI_ACCESS_DENIED is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use right now, but it \r
- might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use right now, but it\r
+ might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
@param This The EFI_SECURITY_ARCH_PROTOCOL instance.\r
- @param AuthenticationStatus \r
+ @param AuthenticationStatus\r
This is the authentication type returned from the Section\r
Extraction protocol. See the Section Extraction Protocol\r
Specification for details on this type.\r
@param File This is a pointer to the device path of the file that is\r
being dispatched. This will optionally be used for logging.\r
\r
- @retval EFI_SUCCESS Do nothing and return.\r
+ @retval EFI_SUCCESS Do nothing and return success.\r
@retval EFI_INVALID_PARAMETER File is NULL.\r
**/\r
EFI_STATUS\r
IN CONST EFI_DEVICE_PATH_PROTOCOL *File\r
)\r
{\r
- if (File == NULL) {\r
- return EFI_INVALID_PARAMETER;\r
+ EFI_STATUS Status;\r
+\r
+ Status = ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_AUTHENTICATION_STATE,\r
+ AuthenticationStatus,\r
+ File,\r
+ NULL,\r
+ 0,\r
+ FALSE\r
+ );\r
+ if (Status == EFI_SUCCESS) {\r
+ Status = ExecuteSecurityHandlers (AuthenticationStatus, File);\r
}\r
\r
- return EFI_SUCCESS;\r
+ return Status;\r
}\r
\r
+/**\r
+ The DXE Foundation uses this service to measure and/or verify a UEFI image.\r
+\r
+ This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI\r
+ Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation\r
+ invokes the FileAuthentication() with a DevicePath and corresponding image in\r
+ FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the\r
+ appropriate PCR. The image verification logic will confirm the integrity and provenance of the\r
+ image in FileBuffer of length FileSize . The origin of the image will be DevicePath in\r
+ these cases.\r
+ If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected\r
+ in order to support the User Identification policy.\r
+\r
+ @param This The EFI_SECURITY2_ARCH_PROTOCOL instance.\r
+ @param File A pointer to the device path of the file that is\r
+ being dispatched. This will optionally be used for logging.\r
+ @param FileBuffer A pointer to the buffer with the UEFI file image.\r
+ @param FileSize The size of the file.\r
+ @param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If\r
+ FileAuthentication() is invoked not from the LoadImage(),\r
+ BootPolicy must be set to FALSE.\r
+\r
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
+ FileBuffer did authenticate, and the platform policy dictates\r
+ that the DXE Foundation may use the file.\r
+ @retval EFI_SUCCESS The device path specified by NULL device path DevicePath\r
+ and non-NULL FileBuffer did authenticate, and the platform\r
+ policy dictates that the DXE Foundation may execute the image in\r
+ FileBuffer.\r
+ @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r
+ UEFI device drivers on the device path specified by DevicePath.\r
+ @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the file should be\r
+ placed in the untrusted state. The image has been added to the file\r
+ execution table.\r
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the DXE\r
+ Foundation many not use File.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r
+ permission to start UEFI device drivers on the device path specified\r
+ by DevicePath.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r
+ drivers from the device path specified by DevicePath. The\r
+ image has been added into the list of the deferred images.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+Security2StubAuthenticate (\r
+ IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,\r
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
+ IN VOID *FileBuffer,\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ if (FileBuffer != NULL) {\r
+ Status = Defer3rdPartyImageLoad (File, BootPolicy);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+\r
+ return ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_VERIFY_IMAGE |\r
+ EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD |\r
+ EFI_AUTH_OPERATION_MEASURE_IMAGE |\r
+ EFI_AUTH_OPERATION_CONNECT_POLICY,\r
+ 0,\r
+ File,\r
+ FileBuffer,\r
+ FileSize,\r
+ BootPolicy\r
+ );\r
+}\r
+\r
+//\r
+// Security2 and Security Architectural Protocol instance produced by this driver\r
+//\r
+EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {\r
+ SecurityStubAuthenticateState\r
+};\r
+\r
+EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = {\r
+ Security2StubAuthenticate\r
+};\r
\r
/**\r
- The user Entry Point installs SAP. The user code starts with this function\r
- as the real entry point for the image goes into a library that calls this \r
- function.\r
+ Installs Security2 and Security Architectural Protocol.\r
+\r
+ @param ImageHandle The image handle of this driver.\r
+ @param SystemTable A pointer to the EFI System Table.\r
\r
- @param ImageHandle The firmware allocated handle for the EFI image. \r
- @param SystemTable A pointer to the EFI System Table.\r
- \r
@retval EFI_SUCCESS Install the sample Security Architectural Protocol successfully.\r
\r
**/\r
//\r
// Make sure the Security Architectural Protocol is not already installed in the system\r
//\r
+ ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurity2ArchProtocolGuid);\r
ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);\r
\r
//\r
//\r
Status = gBS->InstallMultipleProtocolInterfaces (\r
&mSecurityArchProtocolHandle,\r
+ &gEfiSecurity2ArchProtocolGuid,\r
+ &mSecurity2Stub,\r
&gEfiSecurityArchProtocolGuid,\r
&mSecurityStub,\r
NULL\r
);\r
ASSERT_EFI_ERROR (Status);\r
\r
+ Defer3rdPartyImageLoadInitialize ();\r
+\r
return EFI_SUCCESS;\r
}\r