blob: d0246be2e0bd55ff690ebbffda1729fcba0ccc78 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
/** @file
EFI PEI Platform Security services
Copyright (c) 2013 Intel Corporation.
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include "PeiFvSecurity.h"
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyOnFvInfoSecurityList = {
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEfiPeiFirmwareVolumeInfoPpiGuid,
FirmwareVolmeInfoPpiNotifySecurityCallback
};
/**
Callback function to perform FV security checking on a FV Info PPI.
@param PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation
@param NotifyDescriptor Address of the notification descriptor data structure.
@param Ppi Address of the PPI that was installed.
@retval EFI_SUCCESS
**/
EFI_STATUS
EFIAPI
FirmwareVolmeInfoPpiNotifySecurityCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
)
{
EFI_STATUS Status;
EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *FvInfoPpi;
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
FvInfoPpi = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;
//
// Locate the corresponding FV_PPI according to founded FV's format guid
//
Status = PeiServicesLocatePpi (
&FvInfoPpi->FvFormat,
0,
NULL,
(VOID**)&FvPpi
);
ASSERT_EFI_ERROR (Status);
//
// Only authenticate parent Firmware Volume (child firmware volumes are covered by the parent)
//
if ((VOID *)FvInfoPpi->ParentFvName == NULL && (VOID *)FvInfoPpi->ParentFileName == NULL) {
Status = PeiSecurityVerifyFv ((EFI_FIRMWARE_VOLUME_HEADER*) FvInfoPpi->FvInfo);
ASSERT_EFI_ERROR (Status);
}
return EFI_SUCCESS;
}
/**
Authenticates the Firmware Volume
@param CurrentFvAddress Pointer to the current Firmware Volume under consideration
@retval EFI_SUCCESS Firmware Volume is legal
**/
EFI_STATUS
PeiSecurityVerifyFv (
IN EFI_FIRMWARE_VOLUME_HEADER *CurrentFvAddress
)
{
EFI_STATUS Status;
//
// Call Security library to authenticate the Firmware Volume
//
DEBUG ((DEBUG_INFO, "PeiSecurityVerifyFv - CurrentFvAddress=0x%8x\n", (UINT32)CurrentFvAddress));
Status = EFI_SUCCESS;
return Status;
}
/**
Entry point for the PEI Security PEIM
Sets up a notification to perform PEI security checking
@param FfsHeader Not used.
@param PeiServices General purpose services available to every PEIM.
@return EFI_SUCCESS PEI Security notification installed successfully.
All others: PEI Security notification failed to install.
**/
EFI_STATUS
PeiInitializeFvSecurity (
VOID
)
{
EFI_STATUS Status;
Status = PeiServicesNotifyPpi (&mNotifyOnFvInfoSecurityList);
return Status;
}
|
