Add PI1.2.1 SAP2 support and UEFI231B mantis 896
1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Guo Dong <dong.guo@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
@@ -141,6 +141,10 @@ GetImageType (
|
||||
EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
|
||||
EFI_BLOCK_IO_PROTOCOL *BlockIo;
|
||||
|
||||
if (File == NULL) {
|
||||
return IMAGE_UNKNOWN;
|
||||
}
|
||||
|
||||
//
|
||||
// First check to see if File is from a Firmware Volume
|
||||
//
|
||||
@@ -1034,19 +1038,23 @@ VerifyCertPkcsSignedData (
|
||||
being dispatched. This will optionally be used for logging.
|
||||
@param[in] FileBuffer File buffer matches the input file device path.
|
||||
@param[in] FileSize Size of File buffer matches the input file device path.
|
||||
@param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
|
||||
|
||||
@retval EFI_SUCCESS The file specified by File did authenticate, and the
|
||||
platform policy dictates that the DXE Core may use File.
|
||||
@retval EFI_INVALID_PARAMETER Input argument is incorrect.
|
||||
@retval EFI_SUCCESS The file specified by DevicePath and non-NULL
|
||||
FileBuffer did authenticate, and the platform policy dictates
|
||||
that the DXE Foundation may use the file.
|
||||
@retval EFI_SUCCESS The device path specified by NULL device path DevicePath
|
||||
and non-NULL FileBuffer did authenticate, and the platform
|
||||
policy dictates that the DXE Foundation may execute the image in
|
||||
FileBuffer.
|
||||
@retval EFI_OUT_RESOURCE Fail to allocate memory.
|
||||
@retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
|
||||
the platform policy dictates that File should be placed
|
||||
in the untrusted state. A file may be promoted from
|
||||
the untrusted to the trusted state at a future time
|
||||
with a call to the Trust() DXE Service.
|
||||
@retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and
|
||||
the platform policy dictates that File should not be
|
||||
used for any purpose.
|
||||
in the untrusted state. The image has been added to the file
|
||||
execution table.
|
||||
@retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
|
||||
authenticate, and the platform policy dictates that the DXE
|
||||
Foundation many not use File.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
@@ -1055,7 +1063,8 @@ DxeImageVerificationHandler (
|
||||
IN UINT32 AuthenticationStatus,
|
||||
IN CONST EFI_DEVICE_PATH_PROTOCOL *File,
|
||||
IN VOID *FileBuffer,
|
||||
IN UINTN FileSize
|
||||
IN UINTN FileSize,
|
||||
IN BOOLEAN BootPolicy
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
@@ -1073,10 +1082,6 @@ DxeImageVerificationHandler (
|
||||
UINT32 NumberOfRvaAndSizes;
|
||||
UINT32 CertSize;
|
||||
|
||||
if (File == NULL) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
SignatureList = NULL;
|
||||
SignatureListSize = 0;
|
||||
WinCertificate = NULL;
|
||||
@@ -1326,6 +1331,7 @@ Done:
|
||||
// Policy decides to defer or reject the image; add its information in image executable information table.
|
||||
//
|
||||
AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);
|
||||
Status = EFI_SECURITY_VIOLATION;
|
||||
}
|
||||
|
||||
if (SignatureList != NULL) {
|
||||
@@ -1410,7 +1416,7 @@ DxeImageVerificationLibConstructor (
|
||||
&Registration
|
||||
);
|
||||
|
||||
return RegisterSecurityHandler (
|
||||
return RegisterSecurity2Handler (
|
||||
DxeImageVerificationHandler,
|
||||
EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
|
||||
);
|
||||
|
Reference in New Issue
Block a user