summaryrefslogtreecommitdiffstats
path: root/IntelFrameworkModulePkg
diff options
context:
space:
mode:
authorlzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524>2012-05-29 05:22:01 +0000
committerlzeng14 <lzeng14@6f19259b-4bc3-4df7-8a09-765794883524>2012-05-29 05:22:01 +0000
commit0c3a1db40f982d243b8e2c67ee4e8109a0737d34 (patch)
treeef0b32272e5084335145413bc693f7715c7945e8 /IntelFrameworkModulePkg
parentb504f51998e839691e0d8c68f3f3093907575594 (diff)
downloadedk2-0c3a1db40f982d243b8e2c67ee4e8109a0737d34.tar.gz
edk2-0c3a1db40f982d243b8e2c67ee4e8109a0737d34.tar.bz2
edk2-0c3a1db40f982d243b8e2c67ee4e8109a0737d34.zip
Update DxeCore and FwVolDxe drivers to inherit authentication status for the FV image, if the image came from an FV image file and section in another firmware volume.
Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13368 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'IntelFrameworkModulePkg')
-rw-r--r--IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c106
-rw-r--r--IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h3
-rw-r--r--IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c13
3 files changed, 120 insertions, 2 deletions
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c
index c3878968d4..1365a5277d 100644
--- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c
+++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c
@@ -175,6 +175,109 @@ FreeFvDeviceResource (
}
/**
+
+ Firmware volume inherits authentication status from the FV image file and section(in another firmware volume)
+ where it came from.
+
+ @param FvDevice A pointer to the FvDevice.
+
+**/
+VOID
+FwVolInheritAuthenticationStatus (
+ IN FV_DEVICE *FvDevice
+ )
+{
+ EFI_STATUS Status;
+ EFI_FIRMWARE_VOLUME_HEADER *CachedFvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *CachedFvExtHeader;
+ EFI_FIRMWARE_VOLUME2_PROTOCOL *ParentFvProtocol;
+ UINTN Key;
+ EFI_GUID FileNameGuid;
+ EFI_FV_FILETYPE FileType;
+ EFI_FV_FILE_ATTRIBUTES FileAttributes;
+ UINTN FileSize;
+ EFI_SECTION_TYPE SectionType;
+ UINT32 AuthenticationStatus;
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+ UINTN BufferSize;
+
+ CachedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) FvDevice->CachedFv;
+
+ if (FvDevice->Fv.ParentHandle != NULL) {
+ //
+ // By Parent Handle, find out the FV image file and section(in another firmware volume) where the firmware volume came from
+ //
+ Status = gBS->HandleProtocol (FvDevice->Fv.ParentHandle, &gEfiFirmwareVolume2ProtocolGuid, (VOID **) &ParentFvProtocol);
+ if (!EFI_ERROR (Status) && (ParentFvProtocol != NULL)) {
+ Key = 0;
+ do {
+ FileType = EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE;
+ Status = ParentFvProtocol->GetNextFile (
+ ParentFvProtocol,
+ &Key,
+ &FileType,
+ &FileNameGuid,
+ &FileAttributes,
+ &FileSize
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ SectionType = EFI_SECTION_FIRMWARE_VOLUME_IMAGE;
+ FvHeader = NULL;
+ BufferSize = 0;
+ Status = ParentFvProtocol->ReadSection (
+ ParentFvProtocol,
+ &FileNameGuid,
+ SectionType,
+ 0,
+ (VOID **) &FvHeader,
+ &BufferSize,
+ &AuthenticationStatus
+ );
+ if (!EFI_ERROR (Status)) {
+ if ((FvHeader->FvLength == CachedFvHeader->FvLength) &&
+ (FvHeader->ExtHeaderOffset == CachedFvHeader->ExtHeaderOffset)) {
+ if (FvHeader->ExtHeaderOffset !=0) {
+ //
+ // Both FVs contain extension header, then compare their FV Name GUID
+ //
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) FvHeader + FvHeader->ExtHeaderOffset);
+ CachedFvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) CachedFvHeader + CachedFvHeader->ExtHeaderOffset);
+ if (CompareGuid (&FvExtHeader->FvName, &CachedFvExtHeader->FvName)) {
+ //
+ // Found the FV image section where the firmware volume came from,
+ // and then inherit authentication status from it.
+ //
+ FvDevice->AuthenticationStatus = AuthenticationStatus;
+ FreePool ((VOID *) FvHeader);
+ return;
+ }
+ } else {
+ //
+ // Both FVs don't contain extension header, then compare their whole FV Image.
+ //
+ if (CompareMem ((VOID *) FvHeader, (VOID *) CachedFvHeader, FvHeader->FvLength) == 0) {
+ //
+ // Found the FV image section where the firmware volume came from
+ // and then inherit authentication status from it.
+ //
+ FvDevice->AuthenticationStatus = AuthenticationStatus;
+ FreePool ((VOID *) FvHeader);
+ return;
+ }
+ }
+ }
+ FreePool ((VOID *) FvHeader);
+ }
+ } while (TRUE);
+ }
+ }
+}
+
+/**
Check if an FV is consistent and allocate cache for it.
@param FvDevice A pointer to the FvDevice to be checked.
@@ -612,6 +715,7 @@ FwVolDriverInit (
FvDevice->Fv.KeySize = KEYSIZE;
FvDevice->Fv.GetInfo = FvGetVolumeInfo;
FvDevice->Fv.SetInfo = FvSetVolumeInfo;
+ FvDevice->Fv.ParentHandle = Fvb->ParentHandle;
Status = FvCheck (FvDevice);
if (EFI_ERROR (Status)) {
@@ -622,6 +726,8 @@ FwVolDriverInit (
continue;
}
+ FwVolInheritAuthenticationStatus (FvDevice);
+
if (Reinstall) {
//
// Reinstall an New FV protocol
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h
index 2de65f511d..e424f9572d 100644
--- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h
+++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h
@@ -1,7 +1,7 @@
/** @file
Common defines and definitions for a FwVolDxe driver.
- Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -94,6 +94,7 @@ typedef struct {
FFS_FILE_LIST_ENTRY *CurrentFfsFile;
BOOLEAN IsFfs3Fv;
+ UINT32 AuthenticationStatus;
} FV_DEVICE;
#define FV_DEVICE_FROM_THIS(a) CR (a, FV_DEVICE, Fv, FV_DEVICE_SIGNATURE)
diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c
index 1e8ba91581..8e2706bb8a 100644
--- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c
+++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c
@@ -1,7 +1,7 @@
/** @file
Implements functions to read firmware file.
- Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
@@ -510,6 +510,7 @@ FvReadFileSection (
)
{
EFI_STATUS Status;
+ FV_DEVICE *FvDevice;
EFI_FV_ATTRIBUTES FvAttributes;
EFI_FV_FILETYPE FileType;
EFI_FV_FILE_ATTRIBUTES FileAttributes;
@@ -522,6 +523,8 @@ FvReadFileSection (
return EFI_INVALID_PARAMETER;
}
+ FvDevice = FV_DEVICE_FROM_THIS (This);
+
Status = This->GetVolumeAttributes (This, &FvAttributes);
if (EFI_ERROR (Status)) {
return Status;
@@ -607,6 +610,14 @@ FvReadFileSection (
AuthenticationStatus
);
}
+
+ if (!EFI_ERROR (Status)) {
+ //
+ // Inherit the authentication status.
+ //
+ *AuthenticationStatus |= FvDevice->AuthenticationStatus;
+ }
+
//
// Handle AuthenticationStatus if necessary
//