+++ /dev/null
-/** @file\r
-EFI PEI Platform Security services\r
-\r
-Copyright (c) 2013 Intel Corporation.\r
-\r
-SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-#include "PeiFvSecurity.h"\r
-\r
-EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoSecurityList = {\r
- (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
- &gEfiPeiFirmwareVolumeInfoPpiGuid,\r
- FirmwareVolmeInfoPpiNotifySecurityCallback\r
-};\r
-\r
-/**\r
- Callback function to perform FV security checking on a FV Info PPI.\r
-\r
- @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
- @param NotifyDescriptor Address of the notification descriptor data structure.\r
- @param Ppi Address of the PPI that was installed.\r
-\r
- @retval EFI_SUCCESS\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-FirmwareVolmeInfoPpiNotifySecurityCallback (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
- IN VOID *Ppi\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *FvInfoPpi;\r
- EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
-\r
- FvInfoPpi = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;\r
-\r
- //\r
- // Locate the corresponding FV_PPI according to founded FV's format guid\r
- //\r
- Status = PeiServicesLocatePpi (\r
- &FvInfoPpi->FvFormat,\r
- 0,\r
- NULL,\r
- (VOID**)&FvPpi\r
- );\r
- ASSERT_EFI_ERROR (Status);\r
-\r
- //\r
- // Only authenticate parent Firmware Volume (child firmware volumes are covered by the parent)\r
- //\r
- if ((VOID *)FvInfoPpi->ParentFvName == NULL && (VOID *)FvInfoPpi->ParentFileName == NULL) {\r
- Status = PeiSecurityVerifyFv ((EFI_FIRMWARE_VOLUME_HEADER*) FvInfoPpi->FvInfo);\r
- ASSERT_EFI_ERROR (Status);\r
- }\r
-\r
- return EFI_SUCCESS;\r
-}\r
-\r
-/**\r
- Authenticates the Firmware Volume\r
-\r
- @param CurrentFvAddress Pointer to the current Firmware Volume under consideration\r
-\r
- @retval EFI_SUCCESS Firmware Volume is legal\r
-\r
-**/\r
-EFI_STATUS\r
-PeiSecurityVerifyFv (\r
- IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- //\r
- // Call Security library to authenticate the Firmware Volume\r
- //\r
- DEBUG ((DEBUG_INFO, "PeiSecurityVerifyFv - CurrentFvAddress=0x%8x\n", (UINT32)CurrentFvAddress));\r
- Status = EFI_SUCCESS;\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
-\r
- Entry point for the PEI Security PEIM\r
- Sets up a notification to perform PEI security checking\r
-\r
- @param FfsHeader Not used.\r
- @param PeiServices General purpose services available to every PEIM.\r
-\r
- @return EFI_SUCCESS PEI Security notification installed successfully.\r
- All others: PEI Security notification failed to install.\r
-\r
-**/\r
-EFI_STATUS\r
-PeiInitializeFvSecurity (\r
- VOID\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- Status = PeiServicesNotifyPpi (&mNotifyOnFvInfoSecurityList);\r
-\r
- return Status;\r
-}\r
-\r