1/** @file 2 Implement image authentication status check in UEFI2.3.1. 3 4Copyright (c) 2012, Intel Corporation. All rights reserved.<BR> 5This program and the accompanying materials 6are licensed and made available under the terms and conditions of the BSD License 7which accompanies this distribution. The full text of the license may be found at 8http://opensource.org/licenses/bsd-license.php 9 10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 12 13**/ 14 15#include <PiDxe.h> 16#include <Library/SecurityManagementLib.h> 17 18 19/** 20 Check image authentication status returned from Section Extraction Protocol 21 22 @param[in] AuthenticationStatus This is the authentication status returned from 23 the Section Extraction Protocol when reading the input file. 24 @param[in] File This is a pointer to the device path of the file that is 25 being dispatched. This will optionally be used for logging. 26 @param[in] FileBuffer File buffer matches the input file device path. 27 @param[in] FileSize Size of File buffer matches the input file device path. 28 @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service. 29 30 @retval EFI_SUCCESS The input file specified by File did authenticate, and the 31 platform policy dictates that the DXE Core may use File. 32 @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not 33 authenticate, and the platform policy dictates that the DXE 34 Foundation many not use File. 35 36**/ 37EFI_STATUS 38EFIAPI 39DxeImageAuthenticationStatusHandler ( 40 IN UINT32 AuthenticationStatus, 41 IN CONST EFI_DEVICE_PATH_PROTOCOL *File, 42 IN VOID *FileBuffer, 43 IN UINTN FileSize, 44 IN BOOLEAN BootPolicy 45 ) 46{ 47 if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) { 48 if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) { 49 return EFI_ACCESS_DENIED; 50 } 51 } 52 53 return EFI_SUCCESS; 54} 55 56 57/** 58 Register image authenticaion status check handler. 59 60 @param ImageHandle ImageHandle of the loaded driver. 61 @param SystemTable Pointer to the EFI System Table. 62 63 @retval EFI_SUCCESS The handlers were registered successfully. 64**/ 65EFI_STATUS 66EFIAPI 67DxeImageAuthenticationStatusLibConstructor ( 68 IN EFI_HANDLE ImageHandle, 69 IN EFI_SYSTEM_TABLE *SystemTable 70 ) 71{ 72 return RegisterSecurity2Handler ( 73 DxeImageAuthenticationStatusHandler, 74 EFI_AUTH_OPERATION_AUTHENTICATION_STATE 75 ); 76} 77