/** @file\r
Implement defer image load services for user identification in UEFI2.2.\r
\r
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
// Try to find the DevicePath in BootOption\r
//\r
UnicodeSPrint (StrTemp, sizeof (StrTemp), L"Boot%04x", Index);\r
- OptionBuffer = GetEfiGlobalVariable (StrTemp);\r
+ GetEfiGlobalVariable2 (StrTemp, (VOID**)&OptionBuffer, NULL);\r
if (OptionBuffer == NULL) {\r
continue;\r
}\r
logging.\r
@param[in] FileBuffer File buffer matches the input file device path.\r
@param[in] FileSize Size of File buffer matches the input file device path.\r
-\r
- @retval EFI_SUCCESS The file specified by File did authenticate, and the\r
- platform policy dictates that the DXE Core may use File.\r
- @retval EFI_INVALID_PARAMETER File is NULL.\r
- @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and\r
- the platform policy dictates that File should be placed\r
- in the untrusted state. A file may be promoted from\r
- the untrusted to the trusted state at a future time\r
- with a call to the Trust() DXE Service.\r
- @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and\r
- the platform policy dictates that File should not be\r
- used for any purpose.\r
+ @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
+\r
+ @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start\r
+ UEFI device drivers on the device path specified by DevicePath.\r
+ @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
+ FileBuffer did authenticate, and the platform policy dictates\r
+ that the DXE Foundation may use the file.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no\r
+ permission to start UEFI device drivers on the device path specified\r
+ by DevicePath.\r
+ @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load\r
+ drivers from the device path specified by DevicePath. The\r
+ image has been added into the list of the deferred images.\r
+ @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not\r
+ authenticate, and the platform policy dictates that the DXE\r
+ Foundation many not use File.\r
\r
**/\r
EFI_STATUS\r
IN UINT32 AuthenticationStatus,\r
IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
IN VOID *FileBuffer,\r
- IN UINTN FileSize\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
)\r
-\r
{\r
EFI_STATUS Status;\r
EFI_USER_PROFILE_HANDLE CurrentUser;\r
UINT32 Policy;\r
UINT32 FileType;\r
\r
+ //\r
+ // Ignore if File is NULL.\r
+ //\r
if (File == NULL) {\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_SUCCESS;\r
}\r
\r
//\r
//\r
if (!VerifyDevicePath (File)) {\r
DEBUG ((EFI_D_ERROR, "[Security] The image is forbidden to load!\n"));\r
- return EFI_ACCESS_DENIED;\r
+ return EFI_SECURITY_VIOLATION;\r
}\r
return EFI_SUCCESS;\r
}\r
}\r
\r
DEBUG ((EFI_D_ERROR, "[Security] No user identified, the image is deferred to load!\n"));\r
- PutDefferedImageInfo (File, NULL, 0);\r
+ PutDefferedImageInfo (File, FileBuffer, FileSize);\r
\r
//\r
// Install the Deferred Image Load Protocol onto a new handle.\r
&Registration\r
);\r
\r
- return RegisterSecurityHandler (\r
+ return RegisterSecurity2Handler (\r
DxeDeferImageLoadHandler,\r
EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD \r
); \r