sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add PI1.2.1 SAP2 support and UEFI231B mantis 896

Browse Source 
1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2

Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Guo Dong <dong.guo@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
lgao4
2012-08-22 02:33:00 +00:00
parent bc2dfdbcfc
commit 5db28a6753
3 changed files with 59 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@@ -141,6 +141,10 @@ GetImageType (
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
if (File == NULL) {
return IMAGE_UNKNOWN;
}
//
// First check to see if File is from a Firmware Volume
//
@@ -1034,19 +1038,23 @@ VerifyCertPkcsSignedData (
being dispatched. This will optionally be used for logging.
@param[in] FileBuffer File buffer matches the input file device path.
@param[in] FileSize Size of File buffer matches the input file device path.
@param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
@retval EFI_SUCCESS The file specified by File did authenticate, and the
platform policy dictates that the DXE Core may use File.
@retval EFI_INVALID_PARAMETER Input argument is incorrect.
@retval EFI_SUCCESS The file specified by DevicePath and non-NULL
FileBuffer did authenticate, and the platform policy dictates
that the DXE Foundation may use the file.
@retval EFI_SUCCESS The device path specified by NULL device path DevicePath
and non-NULL FileBuffer did authenticate, and the platform
policy dictates that the DXE Foundation may execute the image in
FileBuffer.
@retval EFI_OUT_RESOURCE Fail to allocate memory.
@retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
the platform policy dictates that File should be placed
in the untrusted state. A file may be promoted from
the untrusted to the trusted state at a future time
with a call to the Trust() DXE Service.
@retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and
the platform policy dictates that File should not be
used for any purpose.
in the untrusted state. The image has been added to the file
execution table.
@retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
authenticate, and the platform policy dictates that the DXE
Foundation many not use File.
**/
EFI_STATUS
@@ -1055,7 +1063,8 @@ DxeImageVerificationHandler (
IN UINT32 AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *File,
IN VOID *FileBuffer,
IN UINTN FileSize
IN UINTN FileSize,
IN BOOLEAN BootPolicy
)
{
EFI_STATUS Status;
@@ -1073,10 +1082,6 @@ DxeImageVerificationHandler (
UINT32 NumberOfRvaAndSizes;
UINT32 CertSize;
if (File == NULL) {
return EFI_INVALID_PARAMETER;
}
SignatureList = NULL;
SignatureListSize = 0;
WinCertificate = NULL;
@@ -1326,6 +1331,7 @@ Done:
// Policy decides to defer or reject the image; add its information in image executable information table.
//
AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);
Status = EFI_SECURITY_VIOLATION;
}
if (SignatureList != NULL) {
@@ -1410,7 +1416,7 @@ DxeImageVerificationLibConstructor (
&Registration
);
return RegisterSecurityHandler (
return RegisterSecurity2Handler (
DxeImageVerificationHandler,
EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
);