From 0c3a1db40f982d243b8e2c67ee4e8109a0737d34 Mon Sep 17 00:00:00 2001 From: lzeng14 Date: Tue, 29 May 2012 05:22:01 +0000 Subject: [PATCH] Update DxeCore and FwVolDxe drivers to inherit authentication status for the FV image, if the image came from an FV image file and section in another firmware volume. Signed-off-by: Star Zeng Reviewed-by: Liming Gao Reviewed-by: Chao Zhang git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13368 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Universal/FirmwareVolume/FwVolDxe/FwVol.c | 106 ++++++++++++++++++ .../FirmwareVolume/FwVolDxe/FwVolDriver.h | 3 +- .../FirmwareVolume/FwVolDxe/FwVolRead.c | 13 ++- MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c | 3 +- MdeModulePkg/Core/Dxe/DxeMain.h | 18 ++- MdeModulePkg/Core/Dxe/FwVol/FwVol.c | 11 +- MdeModulePkg/Core/Dxe/FwVol/FwVolDriver.h | 1 + MdeModulePkg/Core/Dxe/FwVol/FwVolRead.c | 9 +- MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c | 38 ++++++- MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.h | 3 +- 10 files changed, 195 insertions(+), 10 deletions(-) diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c index c3878968d4..1365a5277d 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c @@ -174,6 +174,109 @@ FreeFvDeviceResource ( return ; } +/** + + Firmware volume inherits authentication status from the FV image file and section(in another firmware volume) + where it came from. + + @param FvDevice A pointer to the FvDevice. + +**/ +VOID +FwVolInheritAuthenticationStatus ( + IN FV_DEVICE *FvDevice + ) +{ + EFI_STATUS Status; + EFI_FIRMWARE_VOLUME_HEADER *CachedFvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *CachedFvExtHeader; + EFI_FIRMWARE_VOLUME2_PROTOCOL *ParentFvProtocol; + UINTN Key; + EFI_GUID FileNameGuid; + EFI_FV_FILETYPE FileType; + EFI_FV_FILE_ATTRIBUTES FileAttributes; + UINTN FileSize; + EFI_SECTION_TYPE SectionType; + UINT32 AuthenticationStatus; + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + UINTN BufferSize; + + CachedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) FvDevice->CachedFv; + + if (FvDevice->Fv.ParentHandle != NULL) { + // + // By Parent Handle, find out the FV image file and section(in another firmware volume) where the firmware volume came from + // + Status = gBS->HandleProtocol (FvDevice->Fv.ParentHandle, &gEfiFirmwareVolume2ProtocolGuid, (VOID **) &ParentFvProtocol); + if (!EFI_ERROR (Status) && (ParentFvProtocol != NULL)) { + Key = 0; + do { + FileType = EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE; + Status = ParentFvProtocol->GetNextFile ( + ParentFvProtocol, + &Key, + &FileType, + &FileNameGuid, + &FileAttributes, + &FileSize + ); + if (EFI_ERROR (Status)) { + return; + } + + SectionType = EFI_SECTION_FIRMWARE_VOLUME_IMAGE; + FvHeader = NULL; + BufferSize = 0; + Status = ParentFvProtocol->ReadSection ( + ParentFvProtocol, + &FileNameGuid, + SectionType, + 0, + (VOID **) &FvHeader, + &BufferSize, + &AuthenticationStatus + ); + if (!EFI_ERROR (Status)) { + if ((FvHeader->FvLength == CachedFvHeader->FvLength) && + (FvHeader->ExtHeaderOffset == CachedFvHeader->ExtHeaderOffset)) { + if (FvHeader->ExtHeaderOffset !=0) { + // + // Both FVs contain extension header, then compare their FV Name GUID + // + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) FvHeader + FvHeader->ExtHeaderOffset); + CachedFvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) CachedFvHeader + CachedFvHeader->ExtHeaderOffset); + if (CompareGuid (&FvExtHeader->FvName, &CachedFvExtHeader->FvName)) { + // + // Found the FV image section where the firmware volume came from, + // and then inherit authentication status from it. + // + FvDevice->AuthenticationStatus = AuthenticationStatus; + FreePool ((VOID *) FvHeader); + return; + } + } else { + // + // Both FVs don't contain extension header, then compare their whole FV Image. + // + if (CompareMem ((VOID *) FvHeader, (VOID *) CachedFvHeader, FvHeader->FvLength) == 0) { + // + // Found the FV image section where the firmware volume came from + // and then inherit authentication status from it. + // + FvDevice->AuthenticationStatus = AuthenticationStatus; + FreePool ((VOID *) FvHeader); + return; + } + } + } + FreePool ((VOID *) FvHeader); + } + } while (TRUE); + } + } +} + /** Check if an FV is consistent and allocate cache for it. @@ -612,6 +715,7 @@ FwVolDriverInit ( FvDevice->Fv.KeySize = KEYSIZE; FvDevice->Fv.GetInfo = FvGetVolumeInfo; FvDevice->Fv.SetInfo = FvSetVolumeInfo; + FvDevice->Fv.ParentHandle = Fvb->ParentHandle; Status = FvCheck (FvDevice); if (EFI_ERROR (Status)) { @@ -622,6 +726,8 @@ FwVolDriverInit ( continue; } + FwVolInheritAuthenticationStatus (FvDevice); + if (Reinstall) { // // Reinstall an New FV protocol diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h index 2de65f511d..e424f9572d 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h @@ -1,7 +1,7 @@ /** @file Common defines and definitions for a FwVolDxe driver. - Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions @@ -94,6 +94,7 @@ typedef struct { FFS_FILE_LIST_ENTRY *CurrentFfsFile; BOOLEAN IsFfs3Fv; + UINT32 AuthenticationStatus; } FV_DEVICE; #define FV_DEVICE_FROM_THIS(a) CR (a, FV_DEVICE, Fv, FV_DEVICE_SIGNATURE) diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c index 1e8ba91581..8e2706bb8a 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c @@ -1,7 +1,7 @@ /** @file Implements functions to read firmware file. - Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions @@ -510,6 +510,7 @@ FvReadFileSection ( ) { EFI_STATUS Status; + FV_DEVICE *FvDevice; EFI_FV_ATTRIBUTES FvAttributes; EFI_FV_FILETYPE FileType; EFI_FV_FILE_ATTRIBUTES FileAttributes; @@ -522,6 +523,8 @@ FvReadFileSection ( return EFI_INVALID_PARAMETER; } + FvDevice = FV_DEVICE_FROM_THIS (This); + Status = This->GetVolumeAttributes (This, &FvAttributes); if (EFI_ERROR (Status)) { return Status; @@ -607,6 +610,14 @@ FvReadFileSection ( AuthenticationStatus ); } + + if (!EFI_ERROR (Status)) { + // + // Inherit the authentication status. + // + *AuthenticationStatus |= FvDevice->AuthenticationStatus; + } + // // Handle AuthenticationStatus if necessary // diff --git a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c index 476c8b39ad..3a7e0db37e 100644 --- a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c @@ -26,7 +26,7 @@ Depex - Dependency Expresion. SOR - Schedule On Request - Don't schedule if this bit is set. -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -1039,6 +1039,7 @@ CoreProcessFvImageFile ( (EFI_PHYSICAL_ADDRESS) (UINTN) AlignedBuffer, (UINT64)BufferSize, FvHandle, + AuthenticationStatus, NULL ); } diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h index 4ec895c0a2..dedb84047f 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -2429,6 +2429,19 @@ FwVolBlockDriverInit ( IN EFI_SYSTEM_TABLE *SystemTable ); +/** + + Get FVB authentication status + + @param FvbProtocol FVB protocol. + + @return Authentication status. + +**/ +UINT32 +GetFvbAuthenticationStatus ( + IN EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol + ); /** This routine produces a firmware volume block protocol on a given @@ -2437,8 +2450,10 @@ FwVolBlockDriverInit ( @param BaseAddress base address of the firmware volume image @param Length length of the firmware volume image @param ParentHandle handle of parent firmware volume, if this image - came from an FV image file in another firmware + came from an FV image file and section in another firmware volume (ala capsules) + @param AuthenticationStatus Authentication status inherited, if this image + came from an FV image file and section in another firmware volume. @param FvProtocol Firmware volume block protocol produced. @retval EFI_VOLUME_CORRUPTED Volume corrupted. @@ -2452,6 +2467,7 @@ ProduceFVBProtocolOnBuffer ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, IN EFI_HANDLE ParentHandle, + IN UINT32 AuthenticationStatus, OUT EFI_HANDLE *FvProtocol OPTIONAL ); diff --git a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c index 1cee6a9ba0..9355e52ab0 100644 --- a/MdeModulePkg/Core/Dxe/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Dxe/FwVol/FwVol.c @@ -45,6 +45,8 @@ FV_DEVICE mFvDevice = { NULL, NULL, { NULL, NULL }, + 0, + FALSE, 0 }; @@ -638,8 +640,15 @@ NotifyFwVolBlock ( FvDevice->Fvb = Fvb; FvDevice->Handle = Handle; FvDevice->FwVolHeader = FwVolHeader; - FvDevice->Fv.ParentHandle = Fvb->ParentHandle; FvDevice->IsFfs3Fv = CompareGuid (&FwVolHeader->FileSystemGuid, &gEfiFirmwareFileSystem3Guid); + FvDevice->Fv.ParentHandle = Fvb->ParentHandle; + + if (Fvb->ParentHandle != NULL) { + // + // Inherit the authentication status from FVB. + // + FvDevice->AuthenticationStatus = GetFvbAuthenticationStatus (Fvb); + } if (!EFI_ERROR (FvCheck (FvDevice))) { // diff --git a/MdeModulePkg/Core/Dxe/FwVol/FwVolDriver.h b/MdeModulePkg/Core/Dxe/FwVol/FwVolDriver.h index 31d15120eb..4986792edd 100644 --- a/MdeModulePkg/Core/Dxe/FwVol/FwVolDriver.h +++ b/MdeModulePkg/Core/Dxe/FwVol/FwVolDriver.h @@ -44,6 +44,7 @@ typedef struct { UINT8 ErasePolarity; BOOLEAN IsFfs3Fv; + UINT32 AuthenticationStatus; } FV_DEVICE; #define FV_DEVICE_FROM_THIS(a) CR(a, FV_DEVICE, Fv, FV2_DEVICE_SIGNATURE) diff --git a/MdeModulePkg/Core/Dxe/FwVol/FwVolRead.c b/MdeModulePkg/Core/Dxe/FwVol/FwVolRead.c index fc1a2e5fae..b5a0d874f0 100644 --- a/MdeModulePkg/Core/Dxe/FwVol/FwVolRead.c +++ b/MdeModulePkg/Core/Dxe/FwVol/FwVolRead.c @@ -1,7 +1,7 @@ /** @file Implements functions to read firmware file -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -484,6 +484,13 @@ FvReadFileSection ( FvDevice->IsFfs3Fv ); + if (!EFI_ERROR (Status)) { + // + // Inherit the authentication status. + // + *AuthenticationStatus |= FvDevice->AuthenticationStatus; + } + // // Close of stream defered to close of FfsHeader list to allow SEP to cache data // diff --git a/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c b/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c index f44310f8ef..523738d52d 100644 --- a/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c +++ b/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c @@ -4,7 +4,7 @@ It consumes FV HOBs and creates read-only Firmare Volume Block protocol instances for each of them. -Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -81,6 +81,7 @@ EFI_FW_VOL_BLOCK_DEVICE mFwVolBlock = { 0, NULL, 0, + 0, 0 }; @@ -402,7 +403,31 @@ FwVolBlockGetBlockSize ( return EFI_SUCCESS; } +/** + + Get FVB authentication status + + @param FvbProtocol FVB protocol. + @return Authentication status. + +**/ +UINT32 +GetFvbAuthenticationStatus ( + IN EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol + ) +{ + EFI_FW_VOL_BLOCK_DEVICE *FvbDevice; + UINT32 AuthenticationStatus; + + AuthenticationStatus = 0; + FvbDevice = BASE_CR (FvbProtocol, EFI_FW_VOL_BLOCK_DEVICE, FwVolBlockInstance); + if (FvbDevice->Signature == FVB_DEVICE_SIGNATURE) { + AuthenticationStatus = FvbDevice->AuthenticationStatus; + } + + return AuthenticationStatus; +} /** This routine produces a firmware volume block protocol on a given @@ -411,8 +436,10 @@ FwVolBlockGetBlockSize ( @param BaseAddress base address of the firmware volume image @param Length length of the firmware volume image @param ParentHandle handle of parent firmware volume, if this image - came from an FV image file in another firmware + came from an FV image file and section in another firmware volume (ala capsules) + @param AuthenticationStatus Authentication status inherited, if this image + came from an FV image file and section in another firmware volume. @param FvProtocol Firmware volume block protocol produced. @retval EFI_VOLUME_CORRUPTED Volume corrupted. @@ -426,6 +453,7 @@ ProduceFVBProtocolOnBuffer ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINT64 Length, IN EFI_HANDLE ParentHandle, + IN UINT32 AuthenticationStatus, OUT EFI_HANDLE *FvProtocol OPTIONAL ) { @@ -473,6 +501,9 @@ ProduceFVBProtocolOnBuffer ( FvbDev->BaseAddress = BaseAddress; FvbDev->FvbAttributes = FwVolHeader->Attributes; FvbDev->FwVolBlockInstance.ParentHandle = ParentHandle; + if (ParentHandle != NULL) { + FvbDev->AuthenticationStatus = AuthenticationStatus; + } // // Init the block caching fields of the device @@ -587,7 +618,7 @@ FwVolBlockDriverInit ( // // Produce an FVB protocol for it // - ProduceFVBProtocolOnBuffer (FvHob.FirmwareVolume->BaseAddress, FvHob.FirmwareVolume->Length, NULL, NULL); + ProduceFVBProtocolOnBuffer (FvHob.FirmwareVolume->BaseAddress, FvHob.FirmwareVolume->Length, NULL, 0, NULL); FvHob.Raw = GET_NEXT_HOB (FvHob); } @@ -629,6 +660,7 @@ CoreProcessFirmwareVolume ( (EFI_PHYSICAL_ADDRESS) (UINTN) FvHeader, (UINT64)Size, NULL, + 0, FVProtocolHandle ); // diff --git a/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.h b/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.h index d269ccfbe6..7ad4e35ecb 100644 --- a/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.h +++ b/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.h @@ -2,7 +2,7 @@ Firmware Volume Block protocol functions. Consumes FV hobs and creates appropriate block protocols. -Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -47,6 +47,7 @@ typedef struct { LBA_CACHE *LbaCache; UINT32 FvbAttributes; EFI_PHYSICAL_ADDRESS BaseAddress; + UINT32 AuthenticationStatus; } EFI_FW_VOL_BLOCK_DEVICE; -- 2.39.2