SF.net SVN: edk2:[15817] trunk/edk2/MdeModulePkg/Core/Pei

Sun, 17 Aug 2014 22:44:17 -0700 

Revision: 15817
          http://sourceforge.net/p/edk2/code/15817
Author:   lgao4
Date:     2014-08-18 05:43:06 +0000 (Mon, 18 Aug 2014)
Log Message:
-----------
Update PeiCore to follow PI spec to retrieve GUIDED section data when 
ExtractionPpi is not found.
Enhance PeiCore Security Policy to check AuthenticationStatus when SecurityPpi 
is not found.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <[email protected]>
Reviewed-by: Zeng, Star <[email protected]>

Modified Paths:
--------------
    trunk/edk2/MdeModulePkg/Core/Pei/FwVol/FwVol.c
    trunk/edk2/MdeModulePkg/Core/Pei/Security/Security.c

Modified: trunk/edk2/MdeModulePkg/Core/Pei/FwVol/FwVol.c
===================================================================
--- trunk/edk2/MdeModulePkg/Core/Pei/FwVol/FwVol.c      2014-08-18 04:59:01 UTC 
(rev 15816)
+++ trunk/edk2/MdeModulePkg/Core/Pei/FwVol/FwVol.c      2014-08-18 05:43:06 UTC 
(rev 15817)
@@ -735,6 +735,7 @@
   BOOLEAN                                 SectionCached;
   VOID                                    *TempOutputBuffer;
   UINT32                                  TempAuthenticationStatus;
+  UINT16                                  GuidedSectionAttributes;
 
   PrivateData   = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);
   *OutputBuffer = NULL;
@@ -834,9 +835,11 @@
         Authentication = 0;
         if (Section->Type == EFI_SECTION_GUID_DEFINED) {
           if (IS_SECTION2 (Section)) {
-            SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION2 
*)Section)->SectionDefinitionGuid;
+            SectionDefinitionGuid   = &((EFI_GUID_DEFINED_SECTION2 
*)Section)->SectionDefinitionGuid;
+            GuidedSectionAttributes = ((EFI_GUID_DEFINED_SECTION2 
*)Section)->Attributes;
           } else {
-            SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION 
*)Section)->SectionDefinitionGuid;
+            SectionDefinitionGuid   = &((EFI_GUID_DEFINED_SECTION 
*)Section)->SectionDefinitionGuid;
+            GuidedSectionAttributes = ((EFI_GUID_DEFINED_SECTION 
*)Section)->Attributes;
           }
           if (VerifyGuidedSectionGuid (SectionDefinitionGuid, 
&GuidSectionPpi)) {
             Status = GuidSectionPpi->ExtractSection (
@@ -846,6 +849,21 @@
                                        &PpiOutputSize,
                                        &Authentication
                                        );
+          } else if ((GuidedSectionAttributes & 
EFI_GUIDED_SECTION_PROCESSING_REQUIRED) == 0) {
+            //
+            // Figure out the proper authentication status for GUIDED section 
without processing required
+            //
+            Status = EFI_SUCCESS;
+            if ((GuidedSectionAttributes & 
EFI_GUIDED_SECTION_AUTH_STATUS_VALID) == EFI_GUIDED_SECTION_AUTH_STATUS_VALID) {
+              Authentication |= EFI_AUTH_STATUS_IMAGE_SIGNED | 
EFI_AUTH_STATUS_NOT_TESTED;
+            }
+            if (IS_SECTION2 (Section)) {
+              PpiOutputSize = SECTION2_SIZE (Section) - 
((EFI_GUID_DEFINED_SECTION2 *) Section)->DataOffset;
+              PpiOutput     = (UINT8 *) Section + ((EFI_GUID_DEFINED_SECTION2 
*) Section)->DataOffset;
+            } else {
+              PpiOutputSize = SECTION_SIZE (Section) - 
((EFI_GUID_DEFINED_SECTION *) Section)->DataOffset;
+              PpiOutput     = (UINT8 *) Section + ((EFI_GUID_DEFINED_SECTION 
*) Section)->DataOffset;
+            }
           }
         } else if (Section->Type == EFI_SECTION_COMPRESSION) {
           Status = PeiServicesLocatePpi (&gEfiPeiDecompressPpiGuid, 0, NULL, 
(VOID **) &DecompressPpi);

Modified: trunk/edk2/MdeModulePkg/Core/Pei/Security/Security.c
===================================================================
--- trunk/edk2/MdeModulePkg/Core/Pei/Security/Security.c        2014-08-18 
04:59:01 UTC (rev 15816)
+++ trunk/edk2/MdeModulePkg/Core/Pei/Security/Security.c        2014-08-18 
05:43:06 UTC (rev 15817)
@@ -1,7 +1,7 @@
 /** @file
   EFI PEI Core Security services
   
-Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials                          
 are licensed and made available under the terms and conditions of the BSD 
License         
 which accompanies this distribution.  The full text of the license may be 
found at        
@@ -100,9 +100,16 @@
   EFI_STATUS                      Status;
   BOOLEAN                         DeferExection;
 
-
+  Status = EFI_NOT_FOUND;
   if (PrivateData->PrivateSecurityPpi == NULL) {
-    Status = EFI_NOT_FOUND;
+    //
+    // Check AuthenticationStatus first.
+    //
+    if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {
+      if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | 
EFI_AUTH_STATUS_NOT_TESTED)) != 0) {
+        Status = EFI_SECURITY_VIOLATION;
+      }
+    }
   } else {
     //
     // Check to see if the image is OK

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to