Revision: 13537
http://edk2.svn.sourceforge.net/edk2/?rev=13537&view=rev
Author: li-elvin
Date: 2012-07-17 09:25:26 +0000 (Tue, 17 Jul 2012)
Log Message:
-----------
Added secure boot in CSM module entrypoint, if UEFI secure boot is enabled, CSM
module cannot be started.
Signed-off-by: Li Elvin <[email protected]>
Reviewed-by: Fu Siyuan <[email protected]>
Modified Paths:
--------------
trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c
trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf
trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h
Modified: trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c
===================================================================
--- trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c
2012-07-17 08:38:58 UTC (rev 13536)
+++ trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c
2012-07-17 09:25:26 UTC (rev 13537)
@@ -695,6 +695,7 @@
UINT32 MemorySize;
EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor;
UINT64 Length;
+ UINT8 *SecureBoot;
//
// Load this driver's image to memory
@@ -704,6 +705,20 @@
return Status;
}
+ //
+ // When UEFI Secure Boot is enabled, CSM module will not start any more.
+ //
+ SecureBoot = NULL;
+ GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
+ if ((SecureBoot != NULL) && (*SecureBoot == SECURE_BOOT_MODE_ENABLE)) {
+ FreePool (SecureBoot);
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ if (SecureBoot != NULL) {
+ FreePool (SecureBoot);
+ }
+
Private = &mPrivateData;
ZeroMem (Private, sizeof (LEGACY_BIOS_INSTANCE));
Modified: trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf
===================================================================
--- trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf
2012-07-17 08:38:58 UTC (rev 13536)
+++ trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf
2012-07-17 09:25:26 UTC (rev 13537)
@@ -3,7 +3,7 @@
#
# This driver installs Legacy Bios Protocol to support CSM module work in EFI
system.
#
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions
@@ -142,5 +142,5 @@
gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdHighPmmMemorySize
[Depex]
- gEfiLegacyRegion2ProtocolGuid AND gEfiLegacyInterruptProtocolGuid AND
gEfiLegacyBiosPlatformProtocolGuid AND gEfiLegacy8259ProtocolGuid AND
gEfiGenericMemTestProtocolGuid AND gEfiCpuArchProtocolGuid AND
gEfiTimerArchProtocolGuid
+ gEfiLegacyRegion2ProtocolGuid AND gEfiLegacyInterruptProtocolGuid AND
gEfiLegacyBiosPlatformProtocolGuid AND gEfiLegacy8259ProtocolGuid AND
gEfiGenericMemTestProtocolGuid AND gEfiCpuArchProtocolGuid AND
gEfiTimerArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid
Modified:
trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h
===================================================================
--- trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h
2012-07-17 08:38:58 UTC (rev 13536)
+++ trunk/edk2/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h
2012-07-17 09:25:26 UTC (rev 13537)
@@ -24,6 +24,7 @@
#include <Guid/DxeServices.h>
#include <Guid/LegacyBios.h>
#include <Guid/StatusCodeDataTypeId.h>
+#include <Guid/ImageAuthentication.h>
#include <Protocol/BlockIo.h>
#include <Protocol/LoadedImage.h>
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
