From c79351059ee7ee24ebed312413cb5e57076c5b56 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Fri, 11 Oct 2013 03:54:13 +0000 Subject: [PATCH] 1. Enable use-cases in PEI using SecurityPPI co-equal to the use-cases in DXE using the Security Arch Protocol 2. Add support to find section by instance rather than only 0 at PEI phase. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Liming Gao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14763 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 71 +-- MdeModulePkg/Core/Pei/FwVol/FwVol.c | 553 ++++++++++++++---- MdeModulePkg/Core/Pei/FwVol/FwVol.h | 77 ++- MdeModulePkg/Core/Pei/Image/Image.c | 14 +- MdeModulePkg/Core/Pei/PeiMain.h | 62 +- MdeModulePkg/Core/Pei/PeiMain.inf | 5 +- MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 6 +- MdeModulePkg/Core/Pei/Security/Security.c | 13 +- MdePkg/Include/Library/PeiServicesLib.h | 90 +++ MdePkg/Include/Pi/PiPeiCis.h | 92 ++- MdePkg/Include/Ppi/FirmwareVolume.h | 76 ++- MdePkg/Include/Ppi/FirmwareVolumeInfo2.h | 72 +++ MdePkg/Include/Ppi/Security2.h | 4 +- .../Library/PeiServicesLib/PeiServicesLib.c | 222 +++++-- .../Library/PeiServicesLib/PeiServicesLib.inf | 3 +- MdePkg/MdePkg.dec | 3 + SecurityPkg/Tcg/TcgPei/TcgPei.c | 6 + SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 + 18 files changed, 1139 insertions(+), 231 deletions(-) create mode 100644 MdePkg/Include/Ppi/FirmwareVolumeInfo2.h diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c index b0e4b6d12a..f4392b78dd 100644 --- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c +++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c @@ -764,8 +764,14 @@ PeiDispatcher ( // // For Fv type file, Produce new FV PPI and FV hob // - Status = ProcessFvFile (&Private->Fv[FvCount], PeimFileHandle); - AuthenticationState = 0; + Status = ProcessFvFile (Private, &Private->Fv[FvCount], PeimFileHandle); + if (Status == EFI_SUCCESS) { + // + // PEIM_STATE_NOT_DISPATCHED move to PEIM_STATE_DISPATCHED + // + Private->Fv[FvCount].PeimState[PeimCount]++; + Private->PeimDispatchOnThisPass = TRUE; + } } else { // // For PEIM driver, Load its entry point @@ -777,50 +783,45 @@ PeiDispatcher ( &EntryPoint, &AuthenticationState ); - } - - if (Status == EFI_SUCCESS) { - // - // The PEIM has its dependencies satisfied, and its entry point - // has been found, so invoke it. - // - PERF_START (PeimFileHandle, "PEIM", NULL, 0); - - ExtendedData.Handle = (EFI_HANDLE)PeimFileHandle; - - REPORT_STATUS_CODE_WITH_EXTENDED_DATA ( - EFI_PROGRESS_CODE, - (EFI_SOFTWARE_PEI_CORE | EFI_SW_PC_INIT_BEGIN), - (VOID *)(&ExtendedData), - sizeof (ExtendedData) - ); - - Status = VerifyPeim (Private, CoreFvHandle->FvHandle, PeimFileHandle); - if (Status != EFI_SECURITY_VIOLATION && (AuthenticationState == 0)) { + if (Status == EFI_SUCCESS) { // - // PEIM_STATE_NOT_DISPATCHED move to PEIM_STATE_DISPATCHED + // The PEIM has its dependencies satisfied, and its entry point + // has been found, so invoke it. // - Private->Fv[FvCount].PeimState[PeimCount]++; + PERF_START (PeimFileHandle, "PEIM", NULL, 0); - if (FvFileInfo.FileType != EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE) { + ExtendedData.Handle = (EFI_HANDLE)PeimFileHandle; + + REPORT_STATUS_CODE_WITH_EXTENDED_DATA ( + EFI_PROGRESS_CODE, + (EFI_SOFTWARE_PEI_CORE | EFI_SW_PC_INIT_BEGIN), + (VOID *)(&ExtendedData), + sizeof (ExtendedData) + ); + + Status = VerifyPeim (Private, CoreFvHandle->FvHandle, PeimFileHandle, AuthenticationState); + if (Status != EFI_SECURITY_VIOLATION) { + // + // PEIM_STATE_NOT_DISPATCHED move to PEIM_STATE_DISPATCHED + // + Private->Fv[FvCount].PeimState[PeimCount]++; // // Call the PEIM entry point for PEIM driver // PeimEntryPoint = (EFI_PEIM_ENTRY_POINT2)(UINTN)EntryPoint; PeimEntryPoint (PeimFileHandle, (const EFI_PEI_SERVICES **) PeiServices); + Private->PeimDispatchOnThisPass = TRUE; } - Private->PeimDispatchOnThisPass = TRUE; - } - - REPORT_STATUS_CODE_WITH_EXTENDED_DATA ( - EFI_PROGRESS_CODE, - (EFI_SOFTWARE_PEI_CORE | EFI_SW_PC_INIT_END), - (VOID *)(&ExtendedData), - sizeof (ExtendedData) - ); - PERF_END (PeimFileHandle, "PEIM", NULL, 0); + REPORT_STATUS_CODE_WITH_EXTENDED_DATA ( + EFI_PROGRESS_CODE, + (EFI_SOFTWARE_PEI_CORE | EFI_SW_PC_INIT_END), + (VOID *)(&ExtendedData), + sizeof (ExtendedData) + ); + PERF_END (PeimFileHandle, "PEIM", NULL, 0); + } } if (Private->SwitchStackSignal) { diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.c b/MdeModulePkg/Core/Pei/FwVol/FwVol.c index e505c707b0..ec855a8df4 100644 --- a/MdeModulePkg/Core/Pei/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.c @@ -14,10 +14,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "FwVol.h" -EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoList = { - (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), - &gEfiPeiFirmwareVolumeInfoPpiGuid, - FirmwareVolmeInfoPpiNotifyCallback +EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoList[] = { + { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, + &gEfiPeiFirmwareVolumeInfoPpiGuid, + FirmwareVolmeInfoPpiNotifyCallback + }, + { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiPeiFirmwareVolumeInfo2PpiGuid, + FirmwareVolmeInfoPpiNotifyCallback + } }; PEI_FW_VOL_INSTANCE mPeiFfs2FwVol = { @@ -29,7 +36,11 @@ PEI_FW_VOL_INSTANCE mPeiFfs2FwVol = { PeiFfsFvPpiFindFileByName, PeiFfsFvPpiGetFileInfo, PeiFfsFvPpiGetVolumeInfo, - PeiFfsFvPpiFindSectionByType + PeiFfsFvPpiFindSectionByType, + PeiFfsFvPpiGetFileInfo2, + PeiFfsFvPpiFindSectionByType2, + EFI_PEI_FIRMWARE_VOLUME_PPI_SIGNATURE, + EFI_PEI_FIRMWARE_VOLUME_PPI_REVISION } }; @@ -42,7 +53,11 @@ PEI_FW_VOL_INSTANCE mPeiFfs3FwVol = { PeiFfsFvPpiFindFileByName, PeiFfsFvPpiGetFileInfo, PeiFfsFvPpiGetVolumeInfo, - PeiFfsFvPpiFindSectionByType + PeiFfsFvPpiFindSectionByType, + PeiFfsFvPpiGetFileInfo2, + PeiFfsFvPpiFindSectionByType2, + EFI_PEI_FIRMWARE_VOLUME_PPI_SIGNATURE, + EFI_PEI_FIRMWARE_VOLUME_PPI_REVISION } }; @@ -461,6 +476,7 @@ PeiInitializeFv ( PrivateData->Fv[PrivateData->FvCount].FvHeader = BfvHeader; PrivateData->Fv[PrivateData->FvCount].FvPpi = FvPpi; PrivateData->Fv[PrivateData->FvCount].FvHandle = FvHandle; + PrivateData->Fv[PrivateData->FvCount].AuthenticationStatus = 0; DEBUG (( EFI_D_INFO, "The %dth FV start address is 0x%11p, size is 0x%08x, handle is 0x%p\n", @@ -472,18 +488,18 @@ PeiInitializeFv ( PrivateData->FvCount ++; // - // Post a call-back for the FvInfoPPI services to expose + // Post a call-back for the FvInfoPPI and FvInfo2PPI services to expose // additional Fvs to PeiCore. // - Status = PeiServicesNotifyPpi (&mNotifyOnFvInfoList); + Status = PeiServicesNotifyPpi (mNotifyOnFvInfoList); ASSERT_EFI_ERROR (Status); } /** - Process Firmware Volum Information once FvInfoPPI install. + Process Firmware Volum Information once FvInfoPPI or FvInfo2PPI install. The FV Info will be registered into PeiCore private data structure. - And search the inside FV image, if found, the new FV INFO PPI will be installed. + And search the inside FV image, if found, the new FV INFO(2) PPI will be installed. @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation @param NotifyDescriptor Address of the notification descriptor data structure. @@ -501,7 +517,7 @@ FirmwareVolmeInfoPpiNotifyCallback ( IN VOID *Ppi ) { - EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *FvInfoPpi; + EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI FvInfo2Ppi; EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; PEI_CORE_INSTANCE *PrivateData; EFI_STATUS Status; @@ -519,14 +535,25 @@ FirmwareVolmeInfoPpiNotifyCallback ( ASSERT (FALSE); } - FvInfoPpi = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi; + if (CompareGuid (NotifyDescriptor->Guid, &gEfiPeiFirmwareVolumeInfo2PpiGuid)) { + // + // It is FvInfo2PPI. + // + CopyMem (&FvInfo2Ppi, Ppi, sizeof (EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI)); + } else { + // + // It is FvInfoPPI. + // + CopyMem (&FvInfo2Ppi, Ppi, sizeof (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI)); + FvInfo2Ppi.AuthenticationStatus = 0; + } // // Locate the corresponding FV_PPI according to founded FV's format guid // Status = PeiServicesLocatePpi ( - &FvInfoPpi->FvFormat, - 0, + &FvInfo2Ppi.FvFormat, + 0, NULL, (VOID**)&FvPpi ); @@ -534,7 +561,7 @@ FirmwareVolmeInfoPpiNotifyCallback ( // // Process new found FV and get FV handle. // - Status = FvPpi->ProcessVolume (FvPpi, FvInfoPpi->FvInfo, FvInfoPpi->FvInfoSize, &FvHandle); + Status = FvPpi->ProcessVolume (FvPpi, FvInfo2Ppi.FvInfo, FvInfo2Ppi.FvInfoSize, &FvHandle); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "Fail to process new found FV, FV may be corrupted!\n")); return Status; @@ -545,7 +572,7 @@ FirmwareVolmeInfoPpiNotifyCallback ( // for (FvIndex = 0; FvIndex < PrivateData->FvCount; FvIndex ++) { if (PrivateData->Fv[FvIndex].FvHandle == FvHandle) { - DEBUG ((EFI_D_INFO, "The Fv %p has already been processed!\n", FvInfoPpi->FvInfo)); + DEBUG ((EFI_D_INFO, "The Fv %p has already been processed!\n", FvInfo2Ppi.FvInfo)); return EFI_SUCCESS; } } @@ -553,15 +580,16 @@ FirmwareVolmeInfoPpiNotifyCallback ( // // Update internal PEI_CORE_FV array. // - PrivateData->Fv[PrivateData->FvCount].FvHeader = (EFI_FIRMWARE_VOLUME_HEADER*) FvInfoPpi->FvInfo; + PrivateData->Fv[PrivateData->FvCount].FvHeader = (EFI_FIRMWARE_VOLUME_HEADER*) FvInfo2Ppi.FvInfo; PrivateData->Fv[PrivateData->FvCount].FvPpi = FvPpi; PrivateData->Fv[PrivateData->FvCount].FvHandle = FvHandle; + PrivateData->Fv[PrivateData->FvCount].AuthenticationStatus = FvInfo2Ppi.AuthenticationStatus; DEBUG (( EFI_D_INFO, "The %dth FV start address is 0x%11p, size is 0x%08x, handle is 0x%p\n", (UINT32) PrivateData->FvCount, - (VOID *) FvInfoPpi->FvInfo, - FvInfoPpi->FvInfoSize, + (VOID *) FvInfo2Ppi.FvInfo, + FvInfo2Ppi.FvInfoSize, FvHandle )); PrivateData->FvCount ++; @@ -594,13 +622,13 @@ FirmwareVolmeInfoPpiNotifyCallback ( } DEBUG ((EFI_D_INFO, "Found firmware volume Image File %p in FV[%d] %p\n", FileHandle, PrivateData->FvCount - 1, FvHandle)); - ProcessFvFile (&PrivateData->Fv[PrivateData->FvCount - 1], FileHandle); + ProcessFvFile (PrivateData, &PrivateData->Fv[PrivateData->FvCount - 1], FileHandle); } } while (FileHandle != NULL); } else { - DEBUG ((EFI_D_ERROR, "Fail to process FV %p because no corresponding EFI_FIRMWARE_VOLUME_PPI is found!\n", FvInfoPpi->FvInfo)); + DEBUG ((EFI_D_ERROR, "Fail to process FV %p because no corresponding EFI_FIRMWARE_VOLUME_PPI is found!\n", FvInfo2Ppi.FvInfo)); - AddUnknownFormatFvInfo (PrivateData, &FvInfoPpi->FvFormat, FvInfoPpi->FvInfo, FvInfoPpi->FvInfoSize); + AddUnknownFormatFvInfo (PrivateData, &FvInfo2Ppi); } return EFI_SUCCESS; @@ -662,10 +690,12 @@ VerifyGuidedSectionGuid ( @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. @param SectionType Filter to find only section of this type. + @param SectionInstance Pointer to the filter to find the specific instance of section. @param Section From where to search. @param SectionSize The file size to search. @param OutputBuffer A pointer to the discovered section, if successful. NULL if section not found + @param AuthenticationStatus Updated upon return to point to the authentication status for this section. @param IsFfs3Fv Indicates the FV format. @return EFI_NOT_FOUND The match section is not found. @@ -676,9 +706,11 @@ EFI_STATUS ProcessSection ( IN CONST EFI_PEI_SERVICES **PeiServices, IN EFI_SECTION_TYPE SectionType, + IN OUT UINTN *SectionInstance, IN EFI_COMMON_SECTION_HEADER *Section, IN UINTN SectionSize, OUT VOID **OutputBuffer, + OUT UINT32 *AuthenticationStatus, IN BOOLEAN IsFfs3Fv ) { @@ -693,6 +725,9 @@ ProcessSection ( UINT32 Authentication; PEI_CORE_INSTANCE *PrivateData; EFI_GUID *SectionDefinitionGuid; + BOOLEAN SectionCached; + VOID *TempOutputBuffer; + UINT32 TempAuthenticationStatus; PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices); *OutputBuffer = NULL; @@ -721,82 +756,132 @@ ProcessSection ( } if (Section->Type == SectionType) { - if (IS_SECTION2 (Section)) { - *OutputBuffer = (VOID *)((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER2)); + // + // The type matches, so check the instance count to see if it's the one we want. + // + (*SectionInstance)--; + if (*SectionInstance == 0) { + // + // Got it! + // + if (IS_SECTION2 (Section)) { + *OutputBuffer = (VOID *)((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER2)); + } else { + *OutputBuffer = (VOID *)((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER)); + } + return EFI_SUCCESS; } else { - *OutputBuffer = (VOID *)((UINT8 *) Section + sizeof (EFI_COMMON_SECTION_HEADER)); + if (IS_SECTION2 (Section)) { + SectionLength = SECTION2_SIZE (Section); + } else { + SectionLength = SECTION_SIZE (Section); + } + // + // SectionLength is adjusted it is 4 byte aligned. + // Go to the next section + // + SectionLength = GET_OCCUPIED_SIZE (SectionLength, 4); + ASSERT (SectionLength != 0); + ParsedLength += SectionLength; + Section = (EFI_COMMON_SECTION_HEADER *)((UINT8 *)Section + SectionLength); + continue; } - return EFI_SUCCESS; } else if ((Section->Type == EFI_SECTION_GUID_DEFINED) || (Section->Type == EFI_SECTION_COMPRESSION)) { // // Check the encapsulated section is extracted into the cache data. // + SectionCached = FALSE; for (Index = 0; Index < PrivateData->CacheSection.AllSectionCount; Index ++) { if (Section == PrivateData->CacheSection.Section[Index]) { + SectionCached = TRUE; PpiOutput = PrivateData->CacheSection.SectionData[Index]; PpiOutputSize = PrivateData->CacheSection.SectionSize[Index]; + Authentication = PrivateData->CacheSection.AuthenticationStatus[Index]; // // Search section directly from the cache data. // - return ProcessSection ( - PeiServices, - SectionType, - PpiOutput, - PpiOutputSize, - OutputBuffer, - IsFfs3Fv + TempAuthenticationStatus = 0; + Status = ProcessSection ( + PeiServices, + SectionType, + SectionInstance, + PpiOutput, + PpiOutputSize, + &TempOutputBuffer, + &TempAuthenticationStatus, + IsFfs3Fv ); + if (!EFI_ERROR (Status)) { + *OutputBuffer = TempOutputBuffer; + *AuthenticationStatus = TempAuthenticationStatus | Authentication; + return EFI_SUCCESS; + } } } - - Status = EFI_NOT_FOUND; - if (Section->Type == EFI_SECTION_GUID_DEFINED) { - if (IS_SECTION2 (Section)) { - SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION2 *)Section)->SectionDefinitionGuid; - } else { - SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION *)Section)->SectionDefinitionGuid; - } - if (VerifyGuidedSectionGuid (SectionDefinitionGuid, &GuidSectionPpi)) { - Status = GuidSectionPpi->ExtractSection ( - GuidSectionPpi, - Section, - &PpiOutput, - &PpiOutputSize, - &Authentication - ); + + // + // If SectionCached is TRUE, the section data has been cached and scanned. + // + if (!SectionCached) { + Status = EFI_NOT_FOUND; + Authentication = 0; + if (Section->Type == EFI_SECTION_GUID_DEFINED) { + if (IS_SECTION2 (Section)) { + SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION2 *)Section)->SectionDefinitionGuid; + } else { + SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION *)Section)->SectionDefinitionGuid; + } + if (VerifyGuidedSectionGuid (SectionDefinitionGuid, &GuidSectionPpi)) { + Status = GuidSectionPpi->ExtractSection ( + GuidSectionPpi, + Section, + &PpiOutput, + &PpiOutputSize, + &Authentication + ); + } + } else if (Section->Type == EFI_SECTION_COMPRESSION) { + Status = PeiServicesLocatePpi (&gEfiPeiDecompressPpiGuid, 0, NULL, (VOID **) &DecompressPpi); + if (!EFI_ERROR (Status)) { + Status = DecompressPpi->Decompress ( + DecompressPpi, + (CONST EFI_COMPRESSION_SECTION*) Section, + &PpiOutput, + &PpiOutputSize + ); + } } - } else if (Section->Type == EFI_SECTION_COMPRESSION) { - Status = PeiServicesLocatePpi (&gEfiPeiDecompressPpiGuid, 0, NULL, (VOID **) &DecompressPpi); + if (!EFI_ERROR (Status)) { - Status = DecompressPpi->Decompress ( - DecompressPpi, - (CONST EFI_COMPRESSION_SECTION*) Section, - &PpiOutput, - &PpiOutputSize - ); - } - } - - if (!EFI_ERROR (Status)) { - // - // Update cache section data. - // - if (PrivateData->CacheSection.AllSectionCount < CACHE_SETION_MAX_NUMBER) { - PrivateData->CacheSection.AllSectionCount ++; + // + // Update cache section data. + // + if (PrivateData->CacheSection.AllSectionCount < CACHE_SETION_MAX_NUMBER) { + PrivateData->CacheSection.AllSectionCount ++; + } + PrivateData->CacheSection.Section [PrivateData->CacheSection.SectionIndex] = Section; + PrivateData->CacheSection.SectionData [PrivateData->CacheSection.SectionIndex] = PpiOutput; + PrivateData->CacheSection.SectionSize [PrivateData->CacheSection.SectionIndex] = PpiOutputSize; + PrivateData->CacheSection.AuthenticationStatus [PrivateData->CacheSection.SectionIndex] = Authentication; + PrivateData->CacheSection.SectionIndex = (PrivateData->CacheSection.SectionIndex + 1)%CACHE_SETION_MAX_NUMBER; + + TempAuthenticationStatus = 0; + Status = ProcessSection ( + PeiServices, + SectionType, + SectionInstance, + PpiOutput, + PpiOutputSize, + &TempOutputBuffer, + &TempAuthenticationStatus, + IsFfs3Fv + ); + if (!EFI_ERROR (Status)) { + *OutputBuffer = TempOutputBuffer; + *AuthenticationStatus = TempAuthenticationStatus | Authentication; + return EFI_SUCCESS; + } } - PrivateData->CacheSection.Section [PrivateData->CacheSection.SectionIndex] = Section; - PrivateData->CacheSection.SectionData [PrivateData->CacheSection.SectionIndex] = PpiOutput; - PrivateData->CacheSection.SectionSize [PrivateData->CacheSection.SectionIndex] = PpiOutputSize; - PrivateData->CacheSection.SectionIndex = (PrivateData->CacheSection.SectionIndex + 1)%CACHE_SETION_MAX_NUMBER; - - return ProcessSection ( - PeiServices, - SectionType, - PpiOutput, - PpiOutputSize, - OutputBuffer, - IsFfs3Fv - ); } } @@ -851,6 +936,49 @@ PeiFfsFindSectionData ( return CoreFvHandle->FvPpi->FindSectionByType (CoreFvHandle->FvPpi, SectionType, FileHandle, SectionData); } +/** + Searches for the next matching section within the specified file. + + @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param SectionType The value of the section type to find. + @param SectionInstance Section instance to find. + @param FileHandle Handle of the firmware file to search. + @param SectionData A pointer to the discovered section, if successful. + @param AuthenticationStatus A pointer to the authentication status for this section. + + @retval EFI_SUCCESS The section was found. + @retval EFI_NOT_FOUND The section was not found. + +**/ +EFI_STATUS +EFIAPI +PeiFfsFindSectionData3 ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_SECTION_TYPE SectionType, + IN UINTN SectionInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus + ) +{ + PEI_CORE_FV_HANDLE *CoreFvHandle; + + CoreFvHandle = FileHandleToVolume (FileHandle); + if ((CoreFvHandle == NULL) || (CoreFvHandle->FvPpi == NULL)) { + return EFI_NOT_FOUND; + } + + if ((CoreFvHandle->FvPpi->Signature == EFI_PEI_FIRMWARE_VOLUME_PPI_SIGNATURE) && + (CoreFvHandle->FvPpi->Revision == EFI_PEI_FIRMWARE_VOLUME_PPI_REVISION)) { + return CoreFvHandle->FvPpi->FindSectionByType2 (CoreFvHandle->FvPpi, SectionType, SectionInstance, FileHandle, SectionData, AuthenticationStatus); + } + // + // The old FvPpi doesn't support to find section by section instance + // and return authentication status, so return EFI_UNSUPPORTED. + // + return EFI_UNSUPPORTED; +} + /** Searches for the next matching file in the firmware volume. @@ -1009,6 +1137,48 @@ PeiFfsGetFileInfo ( return CoreFvHandle->FvPpi->GetFileInfo (CoreFvHandle->FvPpi, FileHandle, FileInfo); } +/** + Returns information about a specific file. + + @param FileHandle Handle of the file. + @param FileInfo Upon exit, points to the file's information. + + @retval EFI_INVALID_PARAMETER If FileInfo is NULL. + @retval EFI_INVALID_PARAMETER If FileHandle does not represent a valid file. + @retval EFI_SUCCESS File information returned. + +**/ +EFI_STATUS +EFIAPI +PeiFfsGetFileInfo2 ( + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo + ) +{ + PEI_CORE_FV_HANDLE *CoreFvHandle; + + if ((FileHandle == NULL) || (FileInfo == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Retrieve the FirmwareVolume which the file resides in. + // + CoreFvHandle = FileHandleToVolume (FileHandle); + if ((CoreFvHandle == NULL) || (CoreFvHandle->FvPpi == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((CoreFvHandle->FvPpi->Signature == EFI_PEI_FIRMWARE_VOLUME_PPI_SIGNATURE) && + (CoreFvHandle->FvPpi->Revision == EFI_PEI_FIRMWARE_VOLUME_PPI_REVISION)) { + return CoreFvHandle->FvPpi->GetFileInfo2 (CoreFvHandle->FvPpi, FileHandle, FileInfo); + } + // + // The old FvPpi doesn't support to return file info with authentication status, + // so return EFI_UNSUPPORTED. + // + return EFI_UNSUPPORTED; +} /** Returns information about the specified volume. @@ -1050,19 +1220,22 @@ PeiFfsGetVolumeInfo ( } /** - Get Fv image from the FV type file, then install FV INFO ppi, Build FV hob. + Get Fv image from the FV type file, then install FV INFO(2) ppi, Build FV hob. + @param PrivateData PeiCore's private data structure @param ParentFvCoreHandle Pointer of EFI_CORE_FV_HANDLE to parent Fv image that contain this Fv image. @param ParentFvFileHandle File handle of a Fv type file that contain this Fv image. @retval EFI_NOT_FOUND FV image can't be found. @retval EFI_SUCCESS Successfully to process it. @retval EFI_OUT_OF_RESOURCES Can not allocate page when aligning FV image + @retval EFI_SECURITY_VIOLATION Image is illegal @retval Others Can not find EFI_SECTION_FIRMWARE_VOLUME_IMAGE section **/ EFI_STATUS ProcessFvFile ( + IN PEI_CORE_INSTANCE *PrivateData, IN PEI_CORE_FV_HANDLE *ParentFvCoreHandle, IN EFI_PEI_FILE_HANDLE ParentFvFileHandle ) @@ -1077,6 +1250,7 @@ ProcessFvFile ( EFI_FIRMWARE_VOLUME_HEADER *FvHeader; EFI_FV_FILE_INFO FileInfo; UINT64 FvLength; + UINT32 AuthenticationStatus; // // Check if this EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE file has already @@ -1100,17 +1274,34 @@ ProcessFvFile ( // // Find FvImage in FvFile // - Status = ParentFvPpi->FindSectionByType ( - ParentFvPpi, - EFI_SECTION_FIRMWARE_VOLUME_IMAGE, - ParentFvFileHandle, - (VOID **)&FvHeader - ); - + AuthenticationStatus = 0; + if ((ParentFvPpi->Signature == EFI_PEI_FIRMWARE_VOLUME_PPI_SIGNATURE) && + (ParentFvPpi->Revision == EFI_PEI_FIRMWARE_VOLUME_PPI_REVISION)) { + Status = ParentFvPpi->FindSectionByType2 ( + ParentFvPpi, + EFI_SECTION_FIRMWARE_VOLUME_IMAGE, + 0, + ParentFvFileHandle, + (VOID **)&FvHeader, + &AuthenticationStatus + ); + } else { + Status = ParentFvPpi->FindSectionByType ( + ParentFvPpi, + EFI_SECTION_FIRMWARE_VOLUME_IMAGE, + ParentFvFileHandle, + (VOID **)&FvHeader + ); + } if (EFI_ERROR (Status)) { return Status; } + Status = VerifyPeim (PrivateData, ParentFvHandle, ParentFvFileHandle, AuthenticationStatus); + if (Status == EFI_SECURITY_VIOLATION) { + return Status; + } + // // If EFI_FVB2_WEAK_ALIGNMENT is set in the volume header then the first byte of the volume // can be aligned on any power-of-two boundary. A weakly aligned volume can not be moved from @@ -1146,14 +1337,15 @@ ProcessFvFile ( ASSERT_EFI_ERROR (Status); // - // Install FvPpi and Build FvHob + // Install FvInfo2 Ppi and Build FvHob // - PeiServicesInstallFvInfoPpi ( + PeiServicesInstallFvInfo2Ppi ( &FvHeader->FileSystemGuid, (VOID**) FvHeader, (UINT32) FvHeader->FvLength, &ParentFvImageInfo.FvName, - &FileInfo.FileName + &FileInfo.FileName, + AuthenticationStatus ); // @@ -1409,12 +1601,6 @@ PeiFfsFvPpiGetFileInfo ( } FileHeader = (EFI_FFS_FILE_HEADER *)FileHandle; - CopyMem (&FileInfo->FileName, &FileHeader->Name, sizeof(EFI_GUID)); - FileInfo->FileType = FileHeader->Type; - FileInfo->FileAttributes = FfsAttributes2FvFileAttributes (FileHeader->Attributes); - if ((CoreFvHandle->FvHeader->Attributes & EFI_FVB2_MEMORY_MAPPED) == EFI_FVB2_MEMORY_MAPPED) { - FileInfo->FileAttributes |= EFI_FV_FILE_ATTRIB_MEMORY_MAPPED; - } if (IS_FFS_FILE2 (FileHeader)) { ASSERT (FFS_FILE2_SIZE (FileHeader) > 0x00FFFFFF); if (!FwVolInstance->IsFfs3Fv) { @@ -1427,9 +1613,65 @@ PeiFfsFvPpiGetFileInfo ( FileInfo->BufferSize = FFS_FILE_SIZE (FileHeader) - sizeof (EFI_FFS_FILE_HEADER); FileInfo->Buffer = (UINT8 *) FileHeader + sizeof (EFI_FFS_FILE_HEADER); } - return EFI_SUCCESS; -} - + CopyMem (&FileInfo->FileName, &FileHeader->Name, sizeof(EFI_GUID)); + FileInfo->FileType = FileHeader->Type; + FileInfo->FileAttributes = FfsAttributes2FvFileAttributes (FileHeader->Attributes); + if ((CoreFvHandle->FvHeader->Attributes & EFI_FVB2_MEMORY_MAPPED) == EFI_FVB2_MEMORY_MAPPED) { + FileInfo->FileAttributes |= EFI_FV_FILE_ATTRIB_MEMORY_MAPPED; + } + return EFI_SUCCESS; +} + +/** + Returns information about a specific file. + + This function returns information about a specific + file, including its file name, type, attributes, starting + address, size and authentication status. + + @param This Points to this instance of the + EFI_PEI_FIRMWARE_VOLUME_PPI. + @param FileHandle Handle of the file. + @param FileInfo Upon exit, points to the file's + information. + + @retval EFI_SUCCESS File information returned. + @retval EFI_INVALID_PARAMETER If FileHandle does not + represent a valid file. + @retval EFI_INVALID_PARAMETER If FileInfo is NULL. + +**/ +EFI_STATUS +EFIAPI +PeiFfsFvPpiGetFileInfo2 ( + IN CONST EFI_PEI_FIRMWARE_VOLUME_PPI *This, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo + ) +{ + EFI_STATUS Status; + PEI_CORE_FV_HANDLE *CoreFvHandle; + + if ((FileHandle == NULL) || (FileInfo == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Retrieve the FirmwareVolume which the file resides in. + // + CoreFvHandle = FileHandleToVolume (FileHandle); + if (CoreFvHandle == NULL) { + return EFI_INVALID_PARAMETER; + } + + Status = PeiFfsFvPpiGetFileInfo (This, FileHandle, (EFI_FV_FILE_INFO *) FileInfo); + if (!EFI_ERROR (Status)) { + FileInfo->AuthenticationStatus = CoreFvHandle->AuthenticationStatus; + } + + return Status; +} + /** This function returns information about the firmware volume. @@ -1515,13 +1757,67 @@ PeiFfsFvPpiFindSectionByType ( OUT VOID **SectionData ) { + UINT32 AuthenticationStatus; + return PeiFfsFvPpiFindSectionByType2 (This, SearchType, 0, FileHandle, SectionData, &AuthenticationStatus); +} + +/** + Find the next matching section in the firmware file. + + This service enables PEI modules to discover sections + of a given instance and type within a valid file. + + @param This Points to this instance of the + EFI_PEI_FIRMWARE_VOLUME_PPI. + @param SearchType A filter to find only sections of this + type. + @param SearchInstance A filter to find the specific instance + of sections. + @param FileHandle Handle of firmware file in which to + search. + @param SectionData Updated upon return to point to the + section found. + @param AuthenticationStatus Updated upon return to point to the + authentication status for this section. + + @retval EFI_SUCCESS Section was found. + @retval EFI_NOT_FOUND Section of the specified type was not + found. SectionData contains NULL. +**/ +EFI_STATUS +EFIAPI +PeiFfsFvPpiFindSectionByType2 ( + IN CONST EFI_PEI_FIRMWARE_VOLUME_PPI *This, + IN EFI_SECTION_TYPE SearchType, + IN UINTN SearchInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus + ) +{ + EFI_STATUS Status; EFI_FFS_FILE_HEADER *FfsFileHeader; UINT32 FileSize; EFI_COMMON_SECTION_HEADER *Section; PEI_FW_VOL_INSTANCE *FwVolInstance; + PEI_CORE_FV_HANDLE *CoreFvHandle; + UINTN Instance; + UINT32 ExtractedAuthenticationStatus; + + if (SectionData == NULL) { + return EFI_NOT_FOUND; + } FwVolInstance = PEI_FW_VOL_INSTANCE_FROM_FV_THIS (This); + // + // Retrieve the FirmwareVolume which the file resides in. + // + CoreFvHandle = FileHandleToVolume (FileHandle); + if (CoreFvHandle == NULL) { + return EFI_NOT_FOUND; + } + FfsFileHeader = (EFI_FFS_FILE_HEADER *)(FileHandle); if (IS_FFS_FILE2 (FfsFileHeader)) { @@ -1537,15 +1833,26 @@ PeiFfsFvPpiFindSectionByType ( FileSize = FFS_FILE_SIZE (FfsFileHeader) - sizeof (EFI_FFS_FILE_HEADER); } - return ProcessSection ( - GetPeiServicesTablePointer (), - SearchType, - Section, - FileSize, - SectionData, - FwVolInstance->IsFfs3Fv - ); -} + Instance = SearchInstance + 1; + ExtractedAuthenticationStatus = 0; + Status = ProcessSection ( + GetPeiServicesTablePointer (), + SearchType, + &Instance, + Section, + FileSize, + SectionData, + &ExtractedAuthenticationStatus, + FwVolInstance->IsFfs3Fv + ); + if (!EFI_ERROR (Status)) { + // + // Inherit the authentication status. + // + *AuthenticationStatus = ExtractedAuthenticationStatus | CoreFvHandle->AuthenticationStatus; + } + return Status; +} /** Convert the handle of FV to pointer of corresponding PEI_CORE_FV_HANDLE. @@ -1732,26 +2039,22 @@ PeiReinitializeFv ( Report the information for a new discoveried FV in unknown third-party format. If the EFI_PEI_FIRMWARE_VOLUME_PPI has not been installed for third-party FV format, but - the FV in this format has been discoveried, then this FV's information will be cached into + the FV in this format has been discoveried, then this FV's information will be cached into PEI_CORE_INSTANCE's UnknownFvInfo array. Also a notification would be installed for unknown third-party FV format guid, if EFI_PEI_FIRMWARE_VOLUME_PPI is installed later by platform's PEIM, the original unknown third-party FV will be processed by using new installed EFI_PEI_FIRMWARE_VOLUME_PPI. @param PrivateData Point to instance of PEI_CORE_INSTANCE - @param Format Point to the unknown third-party format guid. - @param FvInfo Point to FvInfo buffer. - @param FvInfoSize The size of FvInfo buffer. + @param FvInfo2Ppi Point to FvInfo2 PPI. @retval EFI_OUT_OF_RESOURCES The FV info array in PEI_CORE_INSTANCE has no more spaces. @retval EFI_SUCCESS Success to add the information for unknown FV. **/ EFI_STATUS AddUnknownFormatFvInfo ( - IN PEI_CORE_INSTANCE *PrivateData, - IN EFI_GUID *Format, - IN VOID *FvInfo, - IN UINT32 FvInfoSize + IN PEI_CORE_INSTANCE *PrivateData, + IN EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI *FvInfo2Ppi ) { PEI_CORE_UNKNOW_FORMAT_FV_INFO *NewUnknownFv; @@ -1763,9 +2066,10 @@ AddUnknownFormatFvInfo ( NewUnknownFv = &PrivateData->UnknownFvInfo[PrivateData->UnknownFvInfoCount]; PrivateData->UnknownFvInfoCount ++; - CopyGuid (&NewUnknownFv->FvFormat, Format); - NewUnknownFv->FvInfo = FvInfo; - NewUnknownFv->FvInfoSize = FvInfoSize; + CopyGuid (&NewUnknownFv->FvFormat, &FvInfo2Ppi->FvFormat); + NewUnknownFv->FvInfo = FvInfo2Ppi->FvInfo; + NewUnknownFv->FvInfoSize = FvInfo2Ppi->FvInfoSize; + NewUnknownFv->AuthenticationStatus = FvInfo2Ppi->AuthenticationStatus; NewUnknownFv->NotifyDescriptor.Flags = (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST); NewUnknownFv->NotifyDescriptor.Guid = &NewUnknownFv->FvFormat; NewUnknownFv->NotifyDescriptor.Notify = ThirdPartyFvPpiNotifyCallback; @@ -1784,6 +2088,7 @@ AddUnknownFormatFvInfo ( @param Format Point to given FV format guid @param FvInfo On return, the pointer of FV information buffer @param FvInfoSize On return, the size of FV information buffer. + @param AuthenticationStatus On return, the authentication status of FV information buffer. @retval EFI_NOT_FOUND The FV is not found for new installed EFI_PEI_FIRMWARE_VOLUME_PPI @retval EFI_SUCCESS Success to find a FV which could be processed by new installed EFI_PEI_FIRMWARE_VOLUME_PPI. @@ -1793,7 +2098,8 @@ FindUnknownFormatFvInfo ( IN PEI_CORE_INSTANCE *PrivateData, IN EFI_GUID *Format, OUT VOID **FvInfo, - OUT UINT32 *FvInfoSize + OUT UINT32 *FvInfoSize, + OUT UINT32 *AuthenticationStatus ) { UINTN Index; @@ -1812,6 +2118,7 @@ FindUnknownFormatFvInfo ( *FvInfo = PrivateData->UnknownFvInfo[Index].FvInfo; *FvInfoSize = PrivateData->UnknownFvInfo[Index].FvInfoSize; + *AuthenticationStatus = PrivateData->UnknownFvInfo[Index].AuthenticationStatus; // // Remove an entry from UnknownFvInfo array. @@ -1848,6 +2155,7 @@ ThirdPartyFvPpiNotifyCallback ( EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; VOID *FvInfo; UINT32 FvInfoSize; + UINT32 AuthenticationStatus; EFI_STATUS Status; EFI_PEI_FV_HANDLE FvHandle; BOOLEAN IsProcessed; @@ -1859,7 +2167,7 @@ ThirdPartyFvPpiNotifyCallback ( FvPpi = (EFI_PEI_FIRMWARE_VOLUME_PPI*) Ppi; do { - Status = FindUnknownFormatFvInfo (PrivateData, NotifyDescriptor->Guid, &FvInfo, &FvInfoSize); + Status = FindUnknownFormatFvInfo (PrivateData, NotifyDescriptor->Guid, &FvInfo, &FvInfoSize, &AuthenticationStatus); if (EFI_ERROR (Status)) { return EFI_SUCCESS; } @@ -1901,6 +2209,7 @@ ThirdPartyFvPpiNotifyCallback ( PrivateData->Fv[PrivateData->FvCount].FvHeader = (EFI_FIRMWARE_VOLUME_HEADER*) FvInfo; PrivateData->Fv[PrivateData->FvCount].FvPpi = FvPpi; PrivateData->Fv[PrivateData->FvCount].FvHandle = FvHandle; + PrivateData->Fv[PrivateData->FvCount].AuthenticationStatus = AuthenticationStatus; DEBUG (( EFI_D_INFO, "The %dth FV start address is 0x%11p, size is 0x%08x, handle is 0x%p\n", @@ -1939,7 +2248,7 @@ ThirdPartyFvPpiNotifyCallback ( } DEBUG ((EFI_D_INFO, "Found firmware volume Image File %p in FV[%d] %p\n", FileHandle, PrivateData->FvCount - 1, FvHandle)); - ProcessFvFile (&PrivateData->Fv[PrivateData->FvCount - 1], FileHandle); + ProcessFvFile (PrivateData, &PrivateData->Fv[PrivateData->FvCount - 1], FileHandle); } } while (FileHandle != NULL); } while (TRUE); diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.h b/MdeModulePkg/Core/Pei/FwVol/FwVol.h index ed40130175..1daeb6d97b 100644 --- a/MdeModulePkg/Core/Pei/FwVol/FwVol.h +++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.h @@ -159,6 +159,40 @@ PeiFfsFvPpiFindSectionByType ( OUT VOID **SectionData ); +/** + Find the next matching section in the firmware file. + + This service enables PEI modules to discover sections + of a given instance and type within a valid file. + + @param This Points to this instance of the + EFI_PEI_FIRMWARE_VOLUME_PPI. + @param SearchType A filter to find only sections of this + type. + @param SearchInstance A filter to find the specific instance + of sections. + @param FileHandle Handle of firmware file in which to + search. + @param SectionData Updated upon return to point to the + section found. + @param AuthenticationStatus Updated upon return to point to the + authentication status for this section. + + @retval EFI_SUCCESS Section was found. + @retval EFI_NOT_FOUND Section of the specified type was not + found. SectionData contains NULL. +**/ +EFI_STATUS +EFIAPI +PeiFfsFvPpiFindSectionByType2 ( + IN CONST EFI_PEI_FIRMWARE_VOLUME_PPI *This, + IN EFI_SECTION_TYPE SearchType, + IN UINTN SearchInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus + ); + /** Returns information about a specific file. @@ -186,6 +220,33 @@ PeiFfsFvPpiGetFileInfo ( OUT EFI_FV_FILE_INFO *FileInfo ); +/** + Returns information about a specific file. + + This function returns information about a specific + file, including its file name, type, attributes, starting + address, size and authentication status. + + @param This Points to this instance of the + EFI_PEI_FIRMWARE_VOLUME_PPI. + @param FileHandle Handle of the file. + @param FileInfo Upon exit, points to the file's + information. + + @retval EFI_SUCCESS File information returned. + @retval EFI_INVALID_PARAMETER If FileHandle does not + represent a valid file. + @retval EFI_INVALID_PARAMETER If FileInfo is NULL. + +**/ +EFI_STATUS +EFIAPI +PeiFfsFvPpiGetFileInfo2 ( + IN CONST EFI_PEI_FIRMWARE_VOLUME_PPI *This, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo + ); + /** This function returns information about the firmware volume. @@ -250,7 +311,7 @@ FindFileEx ( /** Report the information for a new discoveried FV in unknown format. - If the EFI_PEI_FIRMWARE_VOLUME_PPI has not been install for specifical FV format, but + If the EFI_PEI_FIRMWARE_VOLUME_PPI has not been installed for specifical FV format, but the FV in this FV format has been discoveried, then the information of this FV will be cached into PEI_CORE_INSTANCE's UnknownFvInfo array. Also a notification would be installed for unknown FV format guid, if EFI_PEI_FIRMWARE_VOLUME_PPI @@ -258,19 +319,15 @@ FindFileEx ( using new installed EFI_PEI_FIRMWARE_VOLUME_PPI. @param PrivateData Point to instance of PEI_CORE_INSTANCE - @param Format Point to the unknown FV format guid. - @param FvInfo Point to FvInfo buffer. - @param FvInfoSize The size of FvInfo buffer. + @param FvInfo2Ppi Point to FvInfo2 PPI. @retval EFI_OUT_OF_RESOURCES The FV info array in PEI_CORE_INSTANCE has no more spaces. @retval EFI_SUCCESS Success to add the information for unknown FV. **/ EFI_STATUS AddUnknownFormatFvInfo ( - IN PEI_CORE_INSTANCE *PrivateData, - IN EFI_GUID *Format, - IN VOID *FvInfo, - IN UINT32 FvInfoSize + IN PEI_CORE_INSTANCE *PrivateData, + IN EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI *FvInfo2Ppi ); /** @@ -283,6 +340,7 @@ AddUnknownFormatFvInfo ( @param Format Point to given FV format guid @param FvInfo On return, the pointer of FV information buffer in given FV format guid @param FvInfoSize On return, the size of FV information buffer. + @param AuthenticationStatus On return, the authentication status of FV information buffer. @retval EFI_NOT_FOUND The FV is not found for new installed EFI_PEI_FIRMWARE_VOLUME_PPI @retval EFI_SUCCESS Success to find a FV which could be processed by new installed EFI_PEI_FIRMWARE_VOLUME_PPI. @@ -292,7 +350,8 @@ FindUnknownFormatFvInfo ( IN PEI_CORE_INSTANCE *PrivateData, IN EFI_GUID *Format, OUT VOID **FvInfo, - OUT UINT32 *FvInfoSize + OUT UINT32 *FvInfoSize, + OUT UINT32 *AuthenticationStatus ); /** diff --git a/MdeModulePkg/Core/Pei/Image/Image.c b/MdeModulePkg/Core/Pei/Image/Image.c index 7a1d815b2b..cab08fed91 100644 --- a/MdeModulePkg/Core/Pei/Image/Image.c +++ b/MdeModulePkg/Core/Pei/Image/Image.c @@ -540,23 +540,27 @@ PeiLoadImageLoadImage ( // Try to find a first exe section (if PcdPeiCoreImageLoaderSearchTeSectionFirst // is true, TE will be searched first). // - Status = PeiServicesFfsFindSectionData ( + Status = PeiServicesFfsFindSectionData3 ( SearchType1, + 0, FileHandle, - &Pe32Data + &Pe32Data, + AuthenticationState ); // // If we didn't find a first exe section, try to find the second exe section. // if (EFI_ERROR (Status)) { - Status = PeiServicesFfsFindSectionData ( + Status = PeiServicesFfsFindSectionData3 ( SearchType2, + 0, FileHandle, - &Pe32Data + &Pe32Data, + AuthenticationState ); if (EFI_ERROR (Status)) { // - // PEI core only carry the loader function fro TE and PE32 executables + // PEI core only carry the loader function for TE and PE32 executables // If this two section does not exist, just return. // return Status; diff --git a/MdeModulePkg/Core/Pei/PeiMain.h b/MdeModulePkg/Core/Pei/PeiMain.h index 193704de19..6a9feb03c2 100644 --- a/MdeModulePkg/Core/Pei/PeiMain.h +++ b/MdeModulePkg/Core/Pei/PeiMain.h @@ -1,7 +1,7 @@ /** @file Definition of Pei Core Structures and Services -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -22,6 +22,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include #include #include @@ -110,12 +111,14 @@ typedef struct { UINT8 PeimState[FixedPcdGet32 (PcdPeiCoreMaxPeimPerFv)]; EFI_PEI_FILE_HANDLE FvFileHandles[FixedPcdGet32 (PcdPeiCoreMaxPeimPerFv)]; BOOLEAN ScanFv; + UINT32 AuthenticationStatus; } PEI_CORE_FV_HANDLE; typedef struct { EFI_GUID FvFormat; VOID *FvInfo; UINT32 FvInfoSize; + UINT32 AuthenticationStatus; EFI_PEI_NOTIFY_DESCRIPTOR NotifyDescriptor; } PEI_CORE_UNKNOW_FORMAT_FV_INFO; @@ -124,6 +127,7 @@ typedef struct { EFI_COMMON_SECTION_HEADER* Section[CACHE_SETION_MAX_NUMBER]; VOID* SectionData[CACHE_SETION_MAX_NUMBER]; UINTN SectionSize[CACHE_SETION_MAX_NUMBER]; + UINT32 AuthenticationStatus[CACHE_SETION_MAX_NUMBER]; UINTN AllSectionCount; UINTN SectionIndex; } CACHE_SECTION_DATA; @@ -583,23 +587,23 @@ VerifyFv ( ); /** - Provide a callout to the security verification service. - @param PrivateData PeiCore's private data structure @param VolumeHandle Handle of FV @param FileHandle Handle of PEIM's ffs + @param AuthenticationStatus Authentication status @retval EFI_SUCCESS Image is OK @retval EFI_SECURITY_VIOLATION Image is illegal - + @retval EFI_NOT_FOUND If security PPI is not installed. **/ EFI_STATUS VerifyPeim ( IN PEI_CORE_INSTANCE *PrivateData, IN EFI_PEI_FV_HANDLE VolumeHandle, - IN EFI_PEI_FILE_HANDLE FileHandle + IN EFI_PEI_FILE_HANDLE FileHandle, + IN UINT32 AuthenticationStatus ); /** @@ -714,6 +718,31 @@ PeiFfsFindSectionData ( OUT VOID **SectionData ); +/** + Searches for the next matching section within the specified file. + + @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param SectionType The value of the section type to find. + @param SectionInstance Section instance to find. + @param FileHandle Handle of the firmware file to search. + @param SectionData A pointer to the discovered section, if successful. + @param AuthenticationStatus A pointer to the authentication status for this section. + + @retval EFI_SUCCESS The section was found. + @retval EFI_NOT_FOUND The section was not found. + +**/ +EFI_STATUS +EFIAPI +PeiFfsFindSectionData3 ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_SECTION_TYPE SectionType, + IN UINTN SectionInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus + ); + /** Search the firmware volumes by index @@ -967,6 +996,24 @@ PeiFfsGetFileInfo ( OUT EFI_FV_FILE_INFO *FileInfo ); +/** + Returns information about a specific file. + + @param FileHandle Handle of the file. + @param FileInfo Upon exit, points to the file's information. + + @retval EFI_INVALID_PARAMETER If FileInfo is NULL. + @retval EFI_INVALID_PARAMETER If FileHandle does not represent a valid file. + @retval EFI_SUCCESS File information returned. + +**/ +EFI_STATUS +EFIAPI +PeiFfsGetFileInfo2 ( + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo + ); + /** Returns information about the specified volume. @@ -1061,19 +1108,22 @@ SecurityPpiNotifyCallback ( ); /** - Get Fv image from the FV type file, then install FV INFO ppi, Build FV hob. + Get Fv image from the FV type file, then install FV INFO(2) ppi, Build FV hob. + @param PrivateData PeiCore's private data structure @param ParentFvCoreHandle Pointer of EFI_CORE_FV_HANDLE to parent Fv image that contain this Fv image. @param ParentFvFileHandle File handle of a Fv type file that contain this Fv image. @retval EFI_NOT_FOUND FV image can't be found. @retval EFI_SUCCESS Successfully to process it. @retval EFI_OUT_OF_RESOURCES Can not allocate page when aligning FV image + @retval EFI_SECURITY_VIOLATION Image is illegal @retval Others Can not find EFI_SECTION_FIRMWARE_VOLUME_IMAGE section **/ EFI_STATUS ProcessFvFile ( + IN PEI_CORE_INSTANCE *PrivateData, IN PEI_CORE_FV_HANDLE *ParentFvCoreHandle, IN EFI_PEI_FILE_HANDLE ParentFvFileHandle ); diff --git a/MdeModulePkg/Core/Pei/PeiMain.inf b/MdeModulePkg/Core/Pei/PeiMain.inf index 7cfce0b31a..26d1c49d5d 100644 --- a/MdeModulePkg/Core/Pei/PeiMain.inf +++ b/MdeModulePkg/Core/Pei/PeiMain.inf @@ -76,11 +76,12 @@ [Ppis] gEfiPeiStatusCodePpiGuid ## SOMETIMES_CONSUMES (PeiReportStatusService is not ready if this PPI doesn't exist) - gEfiPeiResetPpiGuid ## SOMETIMES_CONSUMES (PeiResetService is not ready if this PPI doesn't exist) + gEfiPeiResetPpiGuid ## SOMETIMES_CONSUMES (PeiResetService is not ready if this PPI doesn't exist) gEfiDxeIplPpiGuid ## CONSUMES gEfiPeiMemoryDiscoveredPpiGuid ## PRODUCES gEfiPeiDecompressPpiGuid ## CONSUMES - gEfiPeiFirmwareVolumeInfoPpiGuid ## NOTIFY ## SOMETIMES_PRODUCES (Produce FvInfoPpi if the encapsulated FvImage is found) + gEfiPeiFirmwareVolumeInfoPpiGuid ## NOTIFY ## SOMETIMES_PRODUCES (Produce FvInfoPpi if the encapsulated FvImage is found) + gEfiPeiFirmwareVolumeInfo2PpiGuid ## NOTIFY ## SOMETIMES_PRODUCES (Produce FvInfo2Ppi if the encapsulated FvImage is found) gEfiPeiLoadFilePpiGuid ## PRODUCES ## SOMETIMES_CONSUMES (The default load PeImage logic will be used when this PPI doesn't exist) gEfiPeiSecurity2PpiGuid ## NOTIFY gEfiTemporaryRamSupportPpiGuid ## CONSUMES diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c index 2f63e4c6a1..bf000229aa 100644 --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c @@ -1,7 +1,7 @@ /** @file Pei Core Main Entry Point -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -61,7 +61,9 @@ EFI_PEI_SERVICES gPs = { PeiFfsFindFileByName, PeiFfsGetFileInfo, PeiFfsGetVolumeInfo, - PeiRegisterForShadow + PeiRegisterForShadow, + PeiFfsFindSectionData3, + PeiFfsGetFileInfo2 }; /** diff --git a/MdeModulePkg/Core/Pei/Security/Security.c b/MdeModulePkg/Core/Pei/Security/Security.c index a7515ec220..f08926766a 100644 --- a/MdeModulePkg/Core/Pei/Security/Security.c +++ b/MdeModulePkg/Core/Pei/Security/Security.c @@ -1,7 +1,7 @@ /** @file EFI PEI Core Security services -Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -78,13 +78,12 @@ SecurityPpiNotifyCallback ( } /** - Provide a callout to the security verification service. - @param PrivateData PeiCore's private data structure @param VolumeHandle Handle of FV @param FileHandle Handle of PEIM's ffs + @param AuthenticationStatus Authentication status @retval EFI_SUCCESS Image is OK @retval EFI_SECURITY_VIOLATION Image is illegal @@ -94,17 +93,13 @@ EFI_STATUS VerifyPeim ( IN PEI_CORE_INSTANCE *PrivateData, IN EFI_PEI_FV_HANDLE VolumeHandle, - IN EFI_PEI_FILE_HANDLE FileHandle + IN EFI_PEI_FILE_HANDLE FileHandle, + IN UINT32 AuthenticationStatus ) { EFI_STATUS Status; - UINT32 AuthenticationStatus; BOOLEAN DeferExection; - // - // Set a default authentication state - // - AuthenticationStatus = 0; if (PrivateData->PrivateSecurityPpi == NULL) { Status = EFI_NOT_FOUND; diff --git a/MdePkg/Include/Library/PeiServicesLib.h b/MdePkg/Include/Library/PeiServicesLib.h index 358c9cddf5..2b51d374c9 100644 --- a/MdePkg/Include/Library/PeiServicesLib.h +++ b/MdePkg/Include/Library/PeiServicesLib.h @@ -220,6 +220,30 @@ PeiServicesFfsFindSectionData ( OUT VOID **SectionData ); +/** + This service enables PEIMs to discover sections of a given instance and type within a valid FFS file. + + @param SectionType The value of the section type to find. + @param SectionInstance Section instance to find. + @param FileHandle A pointer to the file header that contains the set + of sections to be searched. + @param SectionData A pointer to the discovered section, if successful. + @param AuthenticationStatus A pointer to the authentication status for this section. + + @retval EFI_SUCCESS The section was found. + @retval EFI_NOT_FOUND The section was not found. + +**/ +EFI_STATUS +EFIAPI +PeiServicesFfsFindSectionData3 ( + IN EFI_SECTION_TYPE SectionType, + IN UINTN SectionInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus + ); + /** This service enables PEIMs to register the permanent memory configuration that has been initialized with the PEI Foundation. @@ -348,6 +372,31 @@ PeiServicesFfsGetFileInfo ( OUT EFI_FV_FILE_INFO *FileInfo ); +/** + This service is a wrapper for the PEI Service FfsGetFileInfo2(), except the pointer to the PEI Services + Table has been removed. See the Platform Initialization Pre-EFI Initialization Core Interface + Specification for details. + + @param FileHandle Handle of the file. + + @param FileInfo Upon exit, points to the file's + information. + + @retval EFI_SUCCESS File information returned. + + @retval EFI_INVALID_PARAMETER If FileHandle does not + represent a valid file. + + @retval EFI_INVALID_PARAMETER If FileInfo is NULL. + +**/ +EFI_STATUS +EFIAPI +PeiServicesFfsGetFileInfo2 ( + IN CONST EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo + ); + /** This service is a wrapper for the PEI Service FfsGetVolumeInfo(), except the pointer to the PEI Services Table has been removed. See the Platform Initialization Pre-EFI Initialization Core Interface @@ -431,4 +480,45 @@ PeiServicesInstallFvInfoPpi ( IN CONST EFI_GUID *ParentFileName OPTIONAL ); +/** + Install a EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI instance so the PEI Core will be notified about a new firmware volume. + + This function allocates, initializes, and installs a new EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI using + the parameters passed in to initialize the fields of the EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI instance. + If the resources can not be allocated for EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI, then ASSERT(). + If the EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI can not be installed, then ASSERT(). + + @param FvFormat Unique identifier of the format of the memory-mapped + firmware volume. This parameter is optional and + may be NULL. If NULL is specified, the + EFI_FIRMWARE_FILE_SYSTEM2_GUID format is assumed. + @param FvInfo Points to a buffer which allows the + EFI_PEI_FIRMWARE_VOLUME_PPI to process the volume. + The format of this buffer is specific to the FvFormat. + For memory-mapped firmware volumes, this typically + points to the first byte of the firmware volume. + @param FvInfoSize The size, in bytes, of FvInfo. For memory-mapped + firmware volumes, this is typically the size of + the firmware volume. + @param ParentFvName If the new firmware volume originated from a file + in a different firmware volume, then this parameter + specifies the GUID name of the originating firmware + volume. Otherwise, this parameter must be NULL. + @param ParentFileName If the new firmware volume originated from a file + in a different firmware volume, then this parameter + specifies the GUID file name of the originating + firmware file. Otherwise, this parameter must be NULL. + @param AuthenticationStatus Authentication Status +**/ +VOID +EFIAPI +PeiServicesInstallFvInfo2Ppi ( + IN CONST EFI_GUID *FvFormat, OPTIONAL + IN CONST VOID *FvInfo, + IN UINT32 FvInfoSize, + IN CONST EFI_GUID *ParentFvName, OPTIONAL + IN CONST EFI_GUID *ParentFileName, OPTIONAL + IN UINT32 AuthenticationStatus + ); + #endif diff --git a/MdePkg/Include/Pi/PiPeiCis.h b/MdePkg/Include/Pi/PiPeiCis.h index c3d147ac1b..f2da20a236 100644 --- a/MdePkg/Include/Pi/PiPeiCis.h +++ b/MdePkg/Include/Pi/PiPeiCis.h @@ -1,7 +1,7 @@ /** @file PI PEI master include file. This file should match the PI spec. -Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. The full text of the license may be found at @@ -395,6 +395,38 @@ EFI_STATUS OUT VOID **SectionData ); +/** + Searches for the next matching section within the specified file. + + This service enables PEI modules to discover the section of a given type within a valid file. + This service will search within encapsulation sections (compression and GUIDed) as well. It will + search inside of a GUIDed section or a compressed section, but may not, for example, search a + GUIDed section inside a GUIDes section. + This service will not search within compression sections or GUIDed sections that require + extraction if memory is not present. + + @param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param SectionType The value of the section type to find. + @param SectionInstance Section instance to find. + @param FileHandle Handle of the firmware file to search. + @param SectionData A pointer to the discovered section, if successful. + @param AuthenticationStatus A pointer to the authentication status for this section. + + @retval EFI_SUCCESS The section was found. + @retval EFI_NOT_FOUND The section was not found. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_PEI_FFS_FIND_SECTION_DATA3)( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_SECTION_TYPE SectionType, + IN UINTN SectionInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus + ); + /** This function registers the found memory configuration with the PEI Foundation. @@ -608,6 +640,38 @@ typedef struct { UINT32 BufferSize; } EFI_FV_FILE_INFO; +/// +/// The information with authentication status of the FV file. +/// +typedef struct { + /// + /// Name of the file. + /// + EFI_GUID FileName; + /// + /// File type. + /// + EFI_FV_FILETYPE FileType; + /// + /// Attributes of the file. + /// + EFI_FV_FILE_ATTRIBUTES FileAttributes; + /// + /// Points to the file's data (not the header). + /// Not valid if EFI_FV_FILE_ATTRIB_MEMORY_MAPPED + /// is zero. + /// + VOID *Buffer; + /// + /// Size of the file's data. + /// + UINT32 BufferSize; + /// + /// Authentication status for this file. + /// + UINT32 AuthenticationStatus; +} EFI_FV_FILE_INFO2; + /** Returns information about a specific file. @@ -633,6 +697,30 @@ EFI_STATUS OUT EFI_FV_FILE_INFO *FileInfo ); +/** + Returns information about a specific file. + + This function returns information about a specific file, + including its file name, type, attributes, starting address, size and authentication status. + If the firmware volume is not memory mapped, then the Buffer member will be NULL. + + @param FileHandle The handle of the file. + @param FileInfo Upon exit, points to the file's + information. + + @retval EFI_SUCCESS File information was returned. + @retval EFI_INVALID_PARAMETER FileHandle does not + represent a valid file. + @retval EFI_INVALID_PARAMETER FileInfo is NULL. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_PEI_FFS_GET_FILE_INFO2)( + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo + ); + /// /// The information of the FV volume. /// @@ -813,6 +901,8 @@ struct _EFI_PEI_SERVICES { EFI_PEI_FFS_GET_FILE_INFO FfsGetFileInfo; EFI_PEI_FFS_GET_VOLUME_INFO FfsGetVolumeInfo; EFI_PEI_REGISTER_FOR_SHADOW RegisterForShadow; + EFI_PEI_FFS_FIND_SECTION_DATA3 FindSectionData3; + EFI_PEI_FFS_GET_FILE_INFO2 FfsGetFileInfo2; }; diff --git a/MdePkg/Include/Ppi/FirmwareVolume.h b/MdePkg/Include/Ppi/FirmwareVolume.h index c8fc77b151..d8998fad17 100644 --- a/MdePkg/Include/Ppi/FirmwareVolume.h +++ b/MdePkg/Include/Ppi/FirmwareVolume.h @@ -1,7 +1,7 @@ /** @file This file provides functions for accessing a memory-mapped firmware volume of a specific format. - Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -153,6 +153,33 @@ EFI_STATUS OUT EFI_FV_FILE_INFO *FileInfo ); +/** + Returns information about a specific file. + + This function returns information about a specific + file, including its file name, type, attributes, starting + address, size and authentication status. + + @param This Points to this instance of the + EFI_PEI_FIRMWARE_VOLUME_PPI. + @param FileHandle Handle of the file. + @param FileInfo Upon exit, points to the file's + information. + + @retval EFI_SUCCESS File information returned. + @retval EFI_INVALID_PARAMETER If FileHandle does not + represent a valid file. + @retval EFI_INVALID_PARAMETER If FileInfo is NULL. + +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_PEI_FV_GET_FILE_INFO2)( + IN CONST EFI_PEI_FIRMWARE_VOLUME_PPI *This, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo +); + /** This function returns information about the firmware volume. @@ -203,6 +230,43 @@ EFI_STATUS OUT VOID **SectionData ); +/** + Find the next matching section in the firmware file. + + This service enables PEI modules to discover sections + of a given instance and type within a valid file. + + @param This Points to this instance of the + EFI_PEI_FIRMWARE_VOLUME_PPI. + @param SearchType A filter to find only sections of this + type. + @param SearchInstance A filter to find the specific instance + of sections. + @param FileHandle Handle of firmware file in which to + search. + @param SectionData Updated upon return to point to the + section found. + @param AuthenticationStatus Updated upon return to point to the + authentication status for this section. + + @retval EFI_SUCCESS Section was found. + @retval EFI_NOT_FOUND Section of the specified type was not + found. SectionData contains NULL. +**/ +typedef +EFI_STATUS +(EFIAPI *EFI_PEI_FV_FIND_SECTION2)( + IN CONST EFI_PEI_FIRMWARE_VOLUME_PPI *This, + IN EFI_SECTION_TYPE SearchType, + IN UINTN SearchInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus +); + +#define EFI_PEI_FIRMWARE_VOLUME_PPI_SIGNATURE SIGNATURE_32 ('P', 'F', 'V', 'P') +#define EFI_PEI_FIRMWARE_VOLUME_PPI_REVISION 0x00010030 + /// /// This PPI provides functions for accessing a memory-mapped firmware volume of a specific format. /// @@ -213,6 +277,16 @@ struct _EFI_PEI_FIRMWARE_VOLUME_PPI { EFI_PEI_FV_GET_FILE_INFO GetFileInfo; EFI_PEI_FV_GET_INFO GetVolumeInfo; EFI_PEI_FV_FIND_SECTION FindSectionByType; + EFI_PEI_FV_GET_FILE_INFO2 GetFileInfo2; + EFI_PEI_FV_FIND_SECTION2 FindSectionByType2; + /// + /// Signature is used to keep backward-compatibility, set to {'P','F','V','P'}. + /// + UINT32 Signature; + /// + /// Revision for further extension. + /// + UINT32 Revision; }; extern EFI_GUID gEfiPeiFirmwareVolumePpiGuid; diff --git a/MdePkg/Include/Ppi/FirmwareVolumeInfo2.h b/MdePkg/Include/Ppi/FirmwareVolumeInfo2.h new file mode 100644 index 0000000000..6cb66b3c38 --- /dev/null +++ b/MdePkg/Include/Ppi/FirmwareVolumeInfo2.h @@ -0,0 +1,72 @@ +/** @file + This file provides location, format and authentication status of a firmware volume. + + Copyright (c) 2013, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + @par Revision Reference: + This PPI is introduced in PI Version 1.3 errata. + +**/ + +#ifndef __EFI_PEI_FIRMWARE_VOLUME_INFO2_H__ +#define __EFI_PEI_FIRMWARE_VOLUME_INFO2_H__ + + + +#define EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI_GUID \ +{ 0xea7ca24b, 0xded5, 0x4dad, { 0xa3, 0x89, 0xbf, 0x82, 0x7e, 0x8f, 0x9b, 0x38 } } + +typedef struct _EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI; + +/// +/// This PPI describes the location and format of a firmware volume. +/// The FvFormat can be EFI_FIRMWARE_FILE_SYSTEM2_GUID or the GUID for +/// a user-defined format. The EFI_FIRMWARE_FILE_SYSTEM2_GUID is +/// the PI Firmware Volume format. +/// +struct _EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI { + /// + /// Unique identifier of the format of the memory-mapped firmware volume. + /// + EFI_GUID FvFormat; + /// + /// Points to a buffer which allows the EFI_PEI_FIRMWARE_VOLUME_PPI to process + /// the volume. The format of this buffer is specific to the FvFormat. + /// For memory-mapped firmware volumes, this typically points to the first byte + /// of the firmware volume. + /// + VOID *FvInfo; + /// + /// Size of the data provided by FvInfo. For memory-mapped firmware volumes, + /// this is typically the size of the firmware volume. + /// + UINT32 FvInfoSize; + /// + /// If the firmware volume originally came from a firmware file, then these + /// point to the parent firmware volume name and firmware volume file. + /// If it did not originally come from a firmware file, these should be NULL. + /// + EFI_GUID *ParentFvName; + /// + /// If the firmware volume originally came from a firmware file, then these + /// point to the parent firmware volume name and firmware volume file. + /// If it did not originally come from a firmware file, these should be NULL. + /// + EFI_GUID *ParentFileName; + /// + /// Authentication Status. + /// + UINT32 AuthenticationStatus; +}; + +extern EFI_GUID gEfiPeiFirmwareVolumeInfo2PpiGuid; + +#endif + diff --git a/MdePkg/Include/Ppi/Security2.h b/MdePkg/Include/Ppi/Security2.h index eed56d7535..f7aabfca37 100644 --- a/MdePkg/Include/Ppi/Security2.h +++ b/MdePkg/Include/Ppi/Security2.h @@ -5,7 +5,7 @@ policy to the PEI Foundation, namely the case of a PEIM's authentication state being returned during the PEI section extraction process. - Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -75,7 +75,7 @@ EFI_STATUS IN CONST EFI_PEI_SECURITY2_PPI *This, IN UINT32 AuthenticationStatus, IN EFI_PEI_FV_HANDLE FvHandle, - IN EFI_PEI_FV_HANDLE FileHandle, + IN EFI_PEI_FILE_HANDLE FileHandle, IN OUT BOOLEAN *DeferExecution ); diff --git a/MdePkg/Library/PeiServicesLib/PeiServicesLib.c b/MdePkg/Library/PeiServicesLib/PeiServicesLib.c index 835325cc38..e10dd8800f 100644 --- a/MdePkg/Library/PeiServicesLib/PeiServicesLib.c +++ b/MdePkg/Library/PeiServicesLib/PeiServicesLib.c @@ -1,7 +1,7 @@ /** @file Implementation for PEI Services Library. - Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -16,6 +16,7 @@ #include #include +#include #include #include @@ -24,15 +25,6 @@ #include #include - -GLOBAL_REMOVE_IF_UNREFERENCED CONST EFI_PEI_PPI_DESCRIPTOR mPpiListTemplate[] = { - { - (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), - &gEfiPeiFirmwareVolumeInfoPpiGuid, - NULL - } -}; - /** This service enables a given PEIM to register an interface into the PEI Foundation. @@ -309,6 +301,36 @@ PeiServicesFfsFindSectionData ( return (*PeiServices)->FfsFindSectionData (PeiServices, SectionType, FileHandle, SectionData); } +/** + This service enables PEIMs to discover sections of a given instance and type within a valid FFS file. + + @param SectionType The value of the section type to find. + @param SectionInstance Section instance to find. + @param FileHandle A pointer to the file header that contains the set + of sections to be searched. + @param SectionData A pointer to the discovered section, if successful. + @param AuthenticationStatus A pointer to the authentication status for this section. + + @retval EFI_SUCCESS The section was found. + @retval EFI_NOT_FOUND The section was not found. + +**/ +EFI_STATUS +EFIAPI +PeiServicesFfsFindSectionData3 ( + IN EFI_SECTION_TYPE SectionType, + IN UINTN SectionInstance, + IN EFI_PEI_FILE_HANDLE FileHandle, + OUT VOID **SectionData, + OUT UINT32 *AuthenticationStatus + ) +{ + CONST EFI_PEI_SERVICES **PeiServices; + + PeiServices = GetPeiServicesTablePointer (); + return (*PeiServices)->FindSectionData3 (PeiServices, SectionType, SectionInstance, FileHandle, SectionData, AuthenticationStatus); +} + /** This service enables PEIMs to register the permanent memory configuration that has been initialized with the PEI Foundation. @@ -459,6 +481,30 @@ PeiServicesFfsGetFileInfo ( return (*GetPeiServicesTablePointer())->FfsGetFileInfo (FileHandle, FileInfo); } +/** + This service is a wrapper for the PEI Service FfsGetFileInfo2(), except the pointer to the PEI Services + Table has been removed. See the Platform Initialization Pre-EFI Initialization Core Interface + Specification for details. + + @param FileHandle The handle of the file. + @param FileInfo Upon exit, points to the file's + information. + + @retval EFI_SUCCESS File information returned. + @retval EFI_INVALID_PARAMETER If FileHandle does not + represent a valid file. + @retval EFI_INVALID_PARAMETER FileInfo is NULL. + +**/ +EFI_STATUS +EFIAPI +PeiServicesFfsGetFileInfo2 ( + IN CONST EFI_PEI_FILE_HANDLE FileHandle, + OUT EFI_FV_FILE_INFO2 *FileInfo + ) +{ + return (*GetPeiServicesTablePointer())->FfsGetFileInfo2 (FileHandle, FileInfo); +} /** This service is a wrapper for the PEI Service FfsFindByName(), except the pointer to the PEI Services @@ -522,43 +568,46 @@ PeiServicesFfsGetVolumeInfo ( } /** - Install a EFI_PEI_FIRMWARE_VOLUME_INFO_PPI instance so the PEI Core will be notified about a new firmware volume. - - This function allocates, initializes, and installs a new EFI_PEI_FIRMWARE_VOLUME_INFO_PPI using - the parameters passed in to initialize the fields of the EFI_PEI_FIRMWARE_VOLUME_INFO_PPI instance. - If the resources can not be allocated for EFI_PEI_FIRMWARE_VOLUME_INFO_PPI, then ASSERT(). - If the EFI_PEI_FIRMWARE_VOLUME_INFO_PPI can not be installed, then ASSERT(). + Install a EFI_PEI_FIRMWARE_VOLUME_INFO(2)_PPI instance so the PEI Core will be notified about a new firmware volume. - - @param FvFormat Unique identifier of the format of the memory-mapped - firmware volume. This parameter is optional and - may be NULL. If NULL is specified, the + This function allocates, initializes, and installs a new EFI_PEI_FIRMWARE_VOLUME_INFO(2)_PPI using + the parameters passed in to initialize the fields of the EFI_PEI_FIRMWARE_VOLUME_INFO(2)_PPI instance. + If the resources can not be allocated for EFI_PEI_FIRMWARE_VOLUME_INFO(2)_PPI, then ASSERT(). + If the EFI_PEI_FIRMWARE_VOLUME_INFO(2)_PPI can not be installed, then ASSERT(). + + @param InstallFvInfoPpi Install FvInfo Ppi if it is TRUE. Otherwise, install FvInfo2 Ppi. + @param FvFormat Unique identifier of the format of the memory-mapped + firmware volume. This parameter is optional and + may be NULL. If NULL is specified, the EFI_FIRMWARE_FILE_SYSTEM2_GUID format is assumed. - @param FvInfo Points to a buffer which allows the - EFI_PEI_FIRMWARE_VOLUME_PPI to process the volume. - The format of this buffer is specific to the FvFormat. - For memory-mapped firmware volumes, this typically + @param FvInfo Points to a buffer which allows the + EFI_PEI_FIRMWARE_VOLUME_PPI to process the volume. + The format of this buffer is specific to the FvFormat. + For memory-mapped firmware volumes, this typically points to the first byte of the firmware volume. - @param FvInfoSize The size, in bytes, of FvInfo. For memory-mapped - firmware volumes, this is typically the size of + @param FvInfoSize The size, in bytes, of FvInfo. For memory-mapped + firmware volumes, this is typically the size of the firmware volume. - @param ParentFvName If the new firmware volume originated from a file - in a different firmware volume, then this parameter + @param ParentFvName If the new firmware volume originated from a file + in a different firmware volume, then this parameter specifies the GUID name of the originating firmware volume. Otherwise, this parameter must be NULL. - @param ParentFileName If the new firmware volume originated from a file - in a different firmware volume, then this parameter - specifies the GUID file name of the originating + @param ParentFileName If the new firmware volume originated from a file + in a different firmware volume, then this parameter + specifies the GUID file name of the originating firmware file. Otherwise, this parameter must be NULL. + @param AuthenticationStatus Authentication Status, it will be ignored if InstallFvInfoPpi is TRUE. **/ VOID EFIAPI -PeiServicesInstallFvInfoPpi ( +InternalPeiServicesInstallFvInfoPpi ( + IN BOOLEAN InstallFvInfoPpi, IN CONST EFI_GUID *FvFormat, OPTIONAL IN CONST VOID *FvInfo, IN UINT32 FvInfoSize, IN CONST EFI_GUID *ParentFvName, OPTIONAL - IN CONST EFI_GUID *ParentFileName OPTIONAL + IN CONST EFI_GUID *ParentFileName, OPTIONAL + IN UINT32 AuthenticationStatus ) { EFI_STATUS Status; @@ -566,11 +615,24 @@ PeiServicesInstallFvInfoPpi ( EFI_PEI_PPI_DESCRIPTOR *FvInfoPpiDescriptor; EFI_GUID *ParentFvNameValue; EFI_GUID *ParentFileNameValue; + EFI_GUID *PpiGuid; ParentFvNameValue = NULL; ParentFileNameValue = NULL; - FvInfoPpi = AllocateZeroPool (sizeof (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI)); - ASSERT(FvInfoPpi != NULL); + if (InstallFvInfoPpi) { + // + // To install FvInfo Ppi. + // + FvInfoPpi = AllocateZeroPool (sizeof (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI)); + PpiGuid = &gEfiPeiFirmwareVolumeInfoPpiGuid; + } else { + // + // To install FvInfo2 Ppi. + // + FvInfoPpi = AllocateZeroPool (sizeof (EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI)); + ((EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI *) FvInfoPpi)->AuthenticationStatus = AuthenticationStatus; + PpiGuid = &gEfiPeiFirmwareVolumeInfo2PpiGuid; + } if (FvFormat != NULL) { CopyGuid (&FvInfoPpi->FvFormat, FvFormat); @@ -590,12 +652,100 @@ PeiServicesInstallFvInfoPpi ( FvInfoPpi->ParentFileName = ParentFileNameValue; } - FvInfoPpiDescriptor = AllocateCopyPool (sizeof(EFI_PEI_PPI_DESCRIPTOR), mPpiListTemplate); + FvInfoPpiDescriptor = AllocatePool (sizeof (EFI_PEI_PPI_DESCRIPTOR)); ASSERT (FvInfoPpiDescriptor != NULL); + FvInfoPpiDescriptor->Guid = PpiGuid; + FvInfoPpiDescriptor->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; FvInfoPpiDescriptor->Ppi = (VOID *) FvInfoPpi; Status = PeiServicesInstallPpi (FvInfoPpiDescriptor); ASSERT_EFI_ERROR (Status); } +/** + Install a EFI_PEI_FIRMWARE_VOLUME_INFO_PPI instance so the PEI Core will be notified about a new firmware volume. + + This function allocates, initializes, and installs a new EFI_PEI_FIRMWARE_VOLUME_INFO_PPI using + the parameters passed in to initialize the fields of the EFI_PEI_FIRMWARE_VOLUME_INFO_PPI instance. + If the resources can not be allocated for EFI_PEI_FIRMWARE_VOLUME_INFO_PPI, then ASSERT(). + If the EFI_PEI_FIRMWARE_VOLUME_INFO_PPI can not be installed, then ASSERT(). + + @param FvFormat Unique identifier of the format of the memory-mapped + firmware volume. This parameter is optional and + may be NULL. If NULL is specified, the + EFI_FIRMWARE_FILE_SYSTEM2_GUID format is assumed. + @param FvInfo Points to a buffer which allows the + EFI_PEI_FIRMWARE_VOLUME_PPI to process the volume. + The format of this buffer is specific to the FvFormat. + For memory-mapped firmware volumes, this typically + points to the first byte of the firmware volume. + @param FvInfoSize The size, in bytes, of FvInfo. For memory-mapped + firmware volumes, this is typically the size of + the firmware volume. + @param ParentFvName If the new firmware volume originated from a file + in a different firmware volume, then this parameter + specifies the GUID name of the originating firmware + volume. Otherwise, this parameter must be NULL. + @param ParentFileName If the new firmware volume originated from a file + in a different firmware volume, then this parameter + specifies the GUID file name of the originating + firmware file. Otherwise, this parameter must be NULL. +**/ +VOID +EFIAPI +PeiServicesInstallFvInfoPpi ( + IN CONST EFI_GUID *FvFormat, OPTIONAL + IN CONST VOID *FvInfo, + IN UINT32 FvInfoSize, + IN CONST EFI_GUID *ParentFvName, OPTIONAL + IN CONST EFI_GUID *ParentFileName OPTIONAL + ) +{ + InternalPeiServicesInstallFvInfoPpi (TRUE, FvFormat, FvInfo, FvInfoSize, ParentFvName, ParentFileName, 0); +} + +/** + Install a EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI instance so the PEI Core will be notified about a new firmware volume. + + This function allocates, initializes, and installs a new EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI using + the parameters passed in to initialize the fields of the EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI instance. + If the resources can not be allocated for EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI, then ASSERT(). + If the EFI_PEI_FIRMWARE_VOLUME_INFO2_PPI can not be installed, then ASSERT(). + + @param FvFormat Unique identifier of the format of the memory-mapped + firmware volume. This parameter is optional and + may be NULL. If NULL is specified, the + EFI_FIRMWARE_FILE_SYSTEM2_GUID format is assumed. + @param FvInfo Points to a buffer which allows the + EFI_PEI_FIRMWARE_VOLUME_PPI to process the volume. + The format of this buffer is specific to the FvFormat. + For memory-mapped firmware volumes, this typically + points to the first byte of the firmware volume. + @param FvInfoSize The size, in bytes, of FvInfo. For memory-mapped + firmware volumes, this is typically the size of + the firmware volume. + @param ParentFvName If the new firmware volume originated from a file + in a different firmware volume, then this parameter + specifies the GUID name of the originating firmware + volume. Otherwise, this parameter must be NULL. + @param ParentFileName If the new firmware volume originated from a file + in a different firmware volume, then this parameter + specifies the GUID file name of the originating + firmware file. Otherwise, this parameter must be NULL. + @param AuthenticationStatus Authentication Status +**/ +VOID +EFIAPI +PeiServicesInstallFvInfo2Ppi ( + IN CONST EFI_GUID *FvFormat, OPTIONAL + IN CONST VOID *FvInfo, + IN UINT32 FvInfoSize, + IN CONST EFI_GUID *ParentFvName, OPTIONAL + IN CONST EFI_GUID *ParentFileName, OPTIONAL + IN UINT32 AuthenticationStatus + ) +{ + InternalPeiServicesInstallFvInfoPpi (FALSE, FvFormat, FvInfo, FvInfoSize, ParentFvName, ParentFileName, AuthenticationStatus); +} + diff --git a/MdePkg/Library/PeiServicesLib/PeiServicesLib.inf b/MdePkg/Library/PeiServicesLib/PeiServicesLib.inf index cd70de7800..1806042a24 100644 --- a/MdePkg/Library/PeiServicesLib/PeiServicesLib.inf +++ b/MdePkg/Library/PeiServicesLib/PeiServicesLib.inf @@ -1,7 +1,7 @@ ## @file # PEI Services Library implementation. # -# Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.
+# Copyright (c) 2007 - 2013, Intel Corporation. All rights reserved.
# # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -43,6 +43,7 @@ [Ppis] gEfiPeiFirmwareVolumeInfoPpiGuid ## PRODUCES + gEfiPeiFirmwareVolumeInfo2PpiGuid ## PRODUCES diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 916e538774..6f9dcf9550 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -696,6 +696,9 @@ ## Include/Ppi/I2cMaster.h gEfiPeiI2cMasterPpiGuid = { 0xb3bfab9b, 0x9f9c, 0x4e8b, { 0xad, 0x37, 0x7f, 0x8c, 0x51, 0xfc, 0x62, 0x80 }} + ## Include/Ppi/FirmwareVolumeInfo2.h + gEfiPeiFirmwareVolumeInfo2PpiGuid = { 0xea7ca24b, 0xded5, 0x4dad, { 0xa3, 0x89, 0xbf, 0x82, 0x7e, 0x8f, 0x9b, 0x38 } } + [Protocols] # # Protocols defined in PI1.0. diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index 7ff869d0fc..ae905f7653 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -17,6 +17,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include #include #include @@ -122,6 +123,11 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { &gEfiPeiFirmwareVolumeInfoPpiGuid, FirmwareVolmeInfoPpiNotifyCallback }, + { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, + &gEfiPeiFirmwareVolumeInfo2PpiGuid, + FirmwareVolmeInfoPpiNotifyCallback + }, { (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), &gEfiEndOfPeiSignalPpiGuid, diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index d022962478..48a3e64362 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -57,6 +57,7 @@ [Ppis] gPeiLockPhysicalPresencePpiGuid gEfiPeiFirmwareVolumeInfoPpiGuid + gEfiPeiFirmwareVolumeInfo2PpiGuid gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid gPeiTpmInitializedPpiGuid gEfiEndOfPeiSignalPpiGuid -- 2.39.2