Add ImageAuthenticationStatusLib to SAP to check Authentication Status returned from
authorczhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>
Thu, 13 Sep 2012 08:34:32 +0000 (08:34 +0000)
committerczhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>
Thu, 13 Sep 2012 08:34:32 +0000 (08:34 +0000)
Section Extraction Protocol

Signed-off-by: Chao Zhang<chao.b.zhang@intel.com>
Reviewed-by  : Gao Liming<liming.gao@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13729 6f19259b-4bc3-4df7-8a09-765794883524

SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c [new file with mode: 0644]
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf [new file with mode: 0644]
SecurityPkg/SecurityPkg.dsc

diff --git a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
new file mode 100644 (file)
index 0000000..9d31036
--- /dev/null
@@ -0,0 +1,76 @@
+/** @file\r
+  Implement image authentication status check in UEFI2.3.1.\r
+\r
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution.  The full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+#include <Library/SecurityManagementLib.h>\r
+\r
+\r
+/**\r
+  Check image authentication status returned from Section Extraction Protocol\r
+  \r
+  @param[in]    AuthenticationStatus  This is the authentication status returned from \r
+                             the Section Extraction Protocol when reading the input file.\r
+  @param[in]    File       This is a pointer to the device path of the file that is\r
+                           being dispatched. This will optionally be used for logging.\r
+  @param[in]    FileBuffer File buffer matches the input file device path.\r
+  @param[in]    FileSize   Size of File buffer matches the input file device path.\r
+  @param[in]    BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
+\r
+  @retval EFI_SUCCESS            The input file specified by File did authenticate, and the\r
+                                 platform policy dictates that the DXE Core may use File.\r
+  @retval EFI_ACCESS_DENIED      The file specified by File and FileBuffer did not\r
+                                 authenticate, and the platform policy dictates that the DXE\r
+                                 Foundation many not use File.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+DxeImageAuthenticationStatusHandler (\r
+  IN  UINT32                           AuthenticationStatus,\r
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,\r
+  IN  VOID                             *FileBuffer,\r
+  IN  UINTN                            FileSize,\r
+  IN  BOOLEAN                          BootPolicy\r
+  )\r
+{\r
+  if (AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) {\r
+    if (AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) {\r
+      return EFI_ACCESS_DENIED;\r
+    }\r
+  }\r
+\r
+  return EFI_SUCCESS;\r
+}\r
+\r
+\r
+/**\r
+  Register image authenticaion status check handler.\r
+\r
+  @param  ImageHandle   ImageHandle of the loaded driver.\r
+  @param  SystemTable   Pointer to the EFI System Table.\r
+\r
+  @retval EFI_SUCCESS   The handlers were registered successfully.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+DxeImageAuthenticationStatusLibConstructor (\r
+  IN EFI_HANDLE        ImageHandle,\r
+  IN EFI_SYSTEM_TABLE  *SystemTable\r
+  )\r
+{\r
+  return RegisterSecurity2Handler (\r
+           DxeImageAuthenticationStatusHandler,\r
+           EFI_AUTH_OPERATION_AUTHENTICATION_STATE\r
+           );\r
+}\r
diff --git a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
new file mode 100644 (file)
index 0000000..4360800
--- /dev/null
@@ -0,0 +1,39 @@
+## @file\r
+#  The library instance provides security service of image authentication \r
+#  status check in UEFI2.3.1.\r
+#  Authentication Status Library module supports UEFI2.3.1\r
+#\r
+# Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions of the BSD License\r
+# which accompanies this distribution. The full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 0x00010005\r
+  BASE_NAME                      = DxeImageAuthenticationStatusLib   \r
+  FILE_GUID                      = EB92D1DE-7C36-4680-BB88-A67E96049F72\r
+  MODULE_TYPE                    = DXE_DRIVER\r
+  VERSION_STRING                 = 1.0\r
+  LIBRARY_CLASS                  = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER \r
+  CONSTRUCTOR                    = DxeImageAuthenticationStatusLibConstructor\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+  DxeImageAuthenticationStatusLib.c\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  MdeModulePkg/MdeModulePkg.dec\r
+\r
+[LibraryClasses]\r
+  SecurityManagementLib\r
index 4ef646a..5f3b8d7 100644 (file)
@@ -88,6 +88,7 @@
   SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf\r
   SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
   SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf\r
+  SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf\r
   SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf\r
   SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf\r
   SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf\r