/** @file\r
This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.\r
- \r
- Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
- This program and the accompanying materials \r
- are licensed and made available under the terms and conditions of the BSD License \r
- which accompanies this distribution. The full text of the license may be found at \r
- http://opensource.org/licenses/bsd-license.php \r
\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. \r
+ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
-\r
#include <Uefi.h>\r
#include <Protocol/Security.h>\r
#include <Protocol/Security2.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Library/UefiDriverEntryPoint.h>\r
#include <Library/SecurityManagementLib.h>\r
+#include "Defer3rdPartyImageLoad.h"\r
\r
//\r
// Handle for the Security Architectural Protocol instance produced by this driver\r
//\r
-EFI_HANDLE mSecurityArchProtocolHandle = NULL;\r
+EFI_HANDLE mSecurityArchProtocolHandle = NULL;\r
\r
/**\r
- The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific \r
- policy from the DXE core response to an attempt to use a file that returns a \r
- given status for the authentication check from the section extraction protocol. \r
+ The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific\r
+ policy from the DXE core response to an attempt to use a file that returns a\r
+ given status for the authentication check from the section extraction protocol.\r
\r
- The possible responses in a given SAP implementation may include locking \r
- flash upon failure to authenticate, attestation logging for all signed drivers, \r
- and other exception operations. The File parameter allows for possible logging \r
+ The possible responses in a given SAP implementation may include locking\r
+ flash upon failure to authenticate, attestation logging for all signed drivers,\r
+ and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
+ If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use under any circumstances, \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r
then EFI_ACCESS_DENIED is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use right now, but it \r
- might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use right now, but it\r
+ might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
@param This The EFI_SECURITY_ARCH_PROTOCOL instance.\r
- @param AuthenticationStatus \r
+ @param AuthenticationStatus\r
This is the authentication type returned from the Section\r
Extraction protocol. See the Section Extraction Protocol\r
Specification for details on this type.\r
IN CONST EFI_DEVICE_PATH_PROTOCOL *File\r
)\r
{\r
- return ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_AUTHENTICATION_STATE, \r
- AuthenticationStatus, \r
- File,\r
- NULL, \r
- 0, \r
- FALSE\r
- );\r
+ EFI_STATUS Status;\r
+\r
+ Status = ExecuteSecurity2Handlers (\r
+ EFI_AUTH_OPERATION_AUTHENTICATION_STATE,\r
+ AuthenticationStatus,\r
+ File,\r
+ NULL,\r
+ 0,\r
+ FALSE\r
+ );\r
+ if (Status == EFI_SUCCESS) {\r
+ Status = ExecuteSecurityHandlers (AuthenticationStatus, File);\r
+ }\r
+\r
+ return Status;\r
}\r
\r
/**\r
these cases.\r
If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected\r
in order to support the User Identification policy.\r
- \r
+\r
@param This The EFI_SECURITY2_ARCH_PROTOCOL instance.\r
@param File A pointer to the device path of the file that is\r
being dispatched. This will optionally be used for logging.\r
@param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If\r
FileAuthentication() is invoked not from the LoadImage(),\r
BootPolicy must be set to FALSE.\r
- \r
+\r
@retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
FileBuffer did authenticate, and the platform policy dictates\r
that the DXE Foundation may use the file.\r
EFI_STATUS\r
EFIAPI\r
Security2StubAuthenticate (\r
- IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,\r
- IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
- IN VOID *FileBuffer,\r
- IN UINTN FileSize,\r
- IN BOOLEAN BootPolicy\r
+ IN CONST EFI_SECURITY2_ARCH_PROTOCOL *This,\r
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,\r
+ IN VOID *FileBuffer,\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
)\r
{\r
- return ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_VERIFY_IMAGE | \r
- EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD | \r
- EFI_AUTH_OPERATION_MEASURE_IMAGE |\r
- EFI_AUTH_OPERATION_CONNECT_POLICY, \r
- 0, \r
- File,\r
- FileBuffer, \r
- FileSize, \r
- BootPolicy\r
- );\r
+ EFI_STATUS Status;\r
+\r
+ if (FileBuffer != NULL) {\r
+ Status = Defer3rdPartyImageLoad (File, BootPolicy);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+\r
+ return ExecuteSecurity2Handlers (\r
+ EFI_AUTH_OPERATION_VERIFY_IMAGE |\r
+ EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD |\r
+ EFI_AUTH_OPERATION_MEASURE_IMAGE |\r
+ EFI_AUTH_OPERATION_CONNECT_POLICY,\r
+ 0,\r
+ File,\r
+ FileBuffer,\r
+ FileSize,\r
+ BootPolicy\r
+ );\r
}\r
\r
//\r
// Security2 and Security Architectural Protocol instance produced by this driver\r
//\r
-EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = { \r
- SecurityStubAuthenticateState \r
+EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {\r
+ SecurityStubAuthenticateState\r
};\r
\r
-EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = { \r
- Security2StubAuthenticate \r
+EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = {\r
+ Security2StubAuthenticate\r
};\r
\r
/**\r
\r
@param ImageHandle The image handle of this driver.\r
@param SystemTable A pointer to the EFI System Table.\r
- \r
+\r
@retval EFI_SUCCESS Install the sample Security Architectural Protocol successfully.\r
\r
**/\r
);\r
ASSERT_EFI_ERROR (Status);\r
\r
+ Defer3rdPartyImageLoadInitialize ();\r
+\r
return EFI_SUCCESS;\r
}\r
projects / mirror_edk2.git / blobdiff