diff options
author | lzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-05-29 05:22:01 +0000 |
---|---|---|
committer | lzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-05-29 05:22:01 +0000 |
commit | 0c3a1db40f982d243b8e2c67ee4e8109a0737d34 (patch) | |
tree | ef0b32272e5084335145413bc693f7715c7945e8 /IntelFrameworkModulePkg | |
parent | b504f51998e839691e0d8c68f3f3093907575594 (diff) | |
download | edk2-0c3a1db40f982d243b8e2c67ee4e8109a0737d34.tar.gz edk2-0c3a1db40f982d243b8e2c67ee4e8109a0737d34.tar.bz2 edk2-0c3a1db40f982d243b8e2c67ee4e8109a0737d34.zip |
Update DxeCore and FwVolDxe drivers to inherit authentication status for the FV image, if the image came from an FV image file and section in another firmware volume.
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13368 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'IntelFrameworkModulePkg')
3 files changed, 120 insertions, 2 deletions
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c index c3878968d4..1365a5277d 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c @@ -175,6 +175,109 @@ FreeFvDeviceResource ( }
/**
+
+ Firmware volume inherits authentication status from the FV image file and section(in another firmware volume)
+ where it came from.
+
+ @param FvDevice A pointer to the FvDevice.
+
+**/
+VOID
+FwVolInheritAuthenticationStatus (
+ IN FV_DEVICE *FvDevice
+ )
+{
+ EFI_STATUS Status;
+ EFI_FIRMWARE_VOLUME_HEADER *CachedFvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *CachedFvExtHeader;
+ EFI_FIRMWARE_VOLUME2_PROTOCOL *ParentFvProtocol;
+ UINTN Key;
+ EFI_GUID FileNameGuid;
+ EFI_FV_FILETYPE FileType;
+ EFI_FV_FILE_ATTRIBUTES FileAttributes;
+ UINTN FileSize;
+ EFI_SECTION_TYPE SectionType;
+ UINT32 AuthenticationStatus;
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+ UINTN BufferSize;
+
+ CachedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) FvDevice->CachedFv;
+
+ if (FvDevice->Fv.ParentHandle != NULL) {
+ //
+ // By Parent Handle, find out the FV image file and section(in another firmware volume) where the firmware volume came from
+ //
+ Status = gBS->HandleProtocol (FvDevice->Fv.ParentHandle, &gEfiFirmwareVolume2ProtocolGuid, (VOID **) &ParentFvProtocol);
+ if (!EFI_ERROR (Status) && (ParentFvProtocol != NULL)) {
+ Key = 0;
+ do {
+ FileType = EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE;
+ Status = ParentFvProtocol->GetNextFile (
+ ParentFvProtocol,
+ &Key,
+ &FileType,
+ &FileNameGuid,
+ &FileAttributes,
+ &FileSize
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ SectionType = EFI_SECTION_FIRMWARE_VOLUME_IMAGE;
+ FvHeader = NULL;
+ BufferSize = 0;
+ Status = ParentFvProtocol->ReadSection (
+ ParentFvProtocol,
+ &FileNameGuid,
+ SectionType,
+ 0,
+ (VOID **) &FvHeader,
+ &BufferSize,
+ &AuthenticationStatus
+ );
+ if (!EFI_ERROR (Status)) {
+ if ((FvHeader->FvLength == CachedFvHeader->FvLength) &&
+ (FvHeader->ExtHeaderOffset == CachedFvHeader->ExtHeaderOffset)) {
+ if (FvHeader->ExtHeaderOffset !=0) {
+ //
+ // Both FVs contain extension header, then compare their FV Name GUID
+ //
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) FvHeader + FvHeader->ExtHeaderOffset);
+ CachedFvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) CachedFvHeader + CachedFvHeader->ExtHeaderOffset);
+ if (CompareGuid (&FvExtHeader->FvName, &CachedFvExtHeader->FvName)) {
+ //
+ // Found the FV image section where the firmware volume came from,
+ // and then inherit authentication status from it.
+ //
+ FvDevice->AuthenticationStatus = AuthenticationStatus;
+ FreePool ((VOID *) FvHeader);
+ return;
+ }
+ } else {
+ //
+ // Both FVs don't contain extension header, then compare their whole FV Image.
+ //
+ if (CompareMem ((VOID *) FvHeader, (VOID *) CachedFvHeader, FvHeader->FvLength) == 0) {
+ //
+ // Found the FV image section where the firmware volume came from
+ // and then inherit authentication status from it.
+ //
+ FvDevice->AuthenticationStatus = AuthenticationStatus;
+ FreePool ((VOID *) FvHeader);
+ return;
+ }
+ }
+ }
+ FreePool ((VOID *) FvHeader);
+ }
+ } while (TRUE);
+ }
+ }
+}
+
+/**
Check if an FV is consistent and allocate cache for it.
@param FvDevice A pointer to the FvDevice to be checked.
@@ -612,6 +715,7 @@ FwVolDriverInit ( FvDevice->Fv.KeySize = KEYSIZE;
FvDevice->Fv.GetInfo = FvGetVolumeInfo;
FvDevice->Fv.SetInfo = FvSetVolumeInfo;
+ FvDevice->Fv.ParentHandle = Fvb->ParentHandle;
Status = FvCheck (FvDevice);
if (EFI_ERROR (Status)) {
@@ -622,6 +726,8 @@ FwVolDriverInit ( continue;
}
+ FwVolInheritAuthenticationStatus (FvDevice);
+
if (Reinstall) {
//
// Reinstall an New FV protocol
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h index 2de65f511d..e424f9572d 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h @@ -1,7 +1,7 @@ /** @file
Common defines and definitions for a FwVolDxe driver.
- Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -94,6 +94,7 @@ typedef struct { FFS_FILE_LIST_ENTRY *CurrentFfsFile;
BOOLEAN IsFfs3Fv;
+ UINT32 AuthenticationStatus;
} FV_DEVICE;
#define FV_DEVICE_FROM_THIS(a) CR (a, FV_DEVICE, Fv, FV_DEVICE_SIGNATURE)
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c index 1e8ba91581..8e2706bb8a 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c @@ -1,7 +1,7 @@ /** @file
Implements functions to read firmware file.
- Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -510,6 +510,7 @@ FvReadFileSection ( )
{
EFI_STATUS Status;
+ FV_DEVICE *FvDevice;
EFI_FV_ATTRIBUTES FvAttributes;
EFI_FV_FILETYPE FileType;
EFI_FV_FILE_ATTRIBUTES FileAttributes;
@@ -522,6 +523,8 @@ FvReadFileSection ( return EFI_INVALID_PARAMETER;
}
+ FvDevice = FV_DEVICE_FROM_THIS (This);
+
Status = This->GetVolumeAttributes (This, &FvAttributes);
if (EFI_ERROR (Status)) {
return Status;
@@ -607,6 +610,14 @@ FvReadFileSection ( AuthenticationStatus
);
}
+
+ if (!EFI_ERROR (Status)) {
+ //
+ // Inherit the authentication status.
+ //
+ *AuthenticationStatus |= FvDevice->AuthenticationStatus;
+ }
+
//
// Handle AuthenticationStatus if necessary
//
|