From 0f8b02980ed25b9a2310a4d2172de9a172c9262d Mon Sep 17 00:00:00 2001 From: li-elvin Date: Tue, 17 Jul 2012 09:25:26 +0000 Subject: [PATCH] Added secure boot in CSM module entrypoint, if UEFI secure boot is enabled, CSM module cannot be started. Signed-off-by: Li Elvin Reviewed-by: Fu Siyuan git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13537 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Csm/LegacyBiosDxe/LegacyBios.c | 15 +++++++++++++++ .../Csm/LegacyBiosDxe/LegacyBiosDxe.inf | 4 ++-- .../Csm/LegacyBiosDxe/LegacyBiosInterface.h | 1 + 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c index c90231af07..0381098c8a 100644 --- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c +++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c @@ -695,6 +695,7 @@ LegacyBiosInstall ( UINT32 MemorySize; EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor; UINT64 Length; + UINT8 *SecureBoot; // // Load this driver's image to memory @@ -704,6 +705,20 @@ LegacyBiosInstall ( return Status; } + // + // When UEFI Secure Boot is enabled, CSM module will not start any more. + // + SecureBoot = NULL; + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); + if ((SecureBoot != NULL) && (*SecureBoot == SECURE_BOOT_MODE_ENABLE)) { + FreePool (SecureBoot); + return EFI_SECURITY_VIOLATION; + } + + if (SecureBoot != NULL) { + FreePool (SecureBoot); + } + Private = &mPrivateData; ZeroMem (Private, sizeof (LEGACY_BIOS_INSTANCE)); diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf index 4b6635e6bf..ea8cb6bd08 100644 --- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf +++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf @@ -3,7 +3,7 @@ # # This driver installs Legacy Bios Protocol to support CSM module work in EFI system. # -# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -142,5 +142,5 @@ gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdHighPmmMemorySize [Depex] - gEfiLegacyRegion2ProtocolGuid AND gEfiLegacyInterruptProtocolGuid AND gEfiLegacyBiosPlatformProtocolGuid AND gEfiLegacy8259ProtocolGuid AND gEfiGenericMemTestProtocolGuid AND gEfiCpuArchProtocolGuid AND gEfiTimerArchProtocolGuid + gEfiLegacyRegion2ProtocolGuid AND gEfiLegacyInterruptProtocolGuid AND gEfiLegacyBiosPlatformProtocolGuid AND gEfiLegacy8259ProtocolGuid AND gEfiGenericMemTestProtocolGuid AND gEfiCpuArchProtocolGuid AND gEfiTimerArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h index a42e847250..f2e4bbfffd 100644 --- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h +++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h @@ -24,6 +24,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include #include -- 2.39.2