| 1 | /** @file
|
|---|
| 2 | This driver produces security architectural protocol based on SecurityManagementLib.
|
|---|
| 3 |
|
|---|
| 4 | Copyright (c) 2006 - 2009, Intel Corporation. All rights reserved.<BR>
|
|---|
| 5 | This program and the accompanying materials
|
|---|
| 6 | are licensed and made available under the terms and conditions of the BSD License
|
|---|
| 7 | which accompanies this distribution. The full text of the license may be found at
|
|---|
| 8 | http://opensource.org/licenses/bsd-license.php
|
|---|
| 9 |
|
|---|
| 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|---|
| 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|---|
| 12 |
|
|---|
| 13 | **/
|
|---|
| 14 |
|
|---|
| 15 |
|
|---|
| 16 | #include <Uefi.h>
|
|---|
| 17 | #include <Protocol/Security.h>
|
|---|
| 18 | #include <Library/DebugLib.h>
|
|---|
| 19 | #include <Library/UefiBootServicesTableLib.h>
|
|---|
| 20 | #include <Library/UefiDriverEntryPoint.h>
|
|---|
| 21 | #include <Library/SecurityManagementLib.h>
|
|---|
| 22 |
|
|---|
| 23 | //
|
|---|
| 24 | // Handle for the Security Architectural Protocol instance produced by this driver
|
|---|
| 25 | //
|
|---|
| 26 | EFI_HANDLE mSecurityArchProtocolHandle = NULL;
|
|---|
| 27 |
|
|---|
| 28 | /**
|
|---|
| 29 | The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific
|
|---|
| 30 | policy from the DXE core response to an attempt to use a file that returns a
|
|---|
| 31 | given status for the authentication check from the section extraction protocol.
|
|---|
| 32 |
|
|---|
| 33 | The possible responses in a given SAP implementation may include locking
|
|---|
| 34 | flash upon failure to authenticate, attestation logging for all signed drivers,
|
|---|
| 35 | and other exception operations. The File parameter allows for possible logging
|
|---|
| 36 | within the SAP of the driver.
|
|---|
| 37 |
|
|---|
| 38 | If File is NULL, then EFI_INVALID_PARAMETER is returned.
|
|---|
| 39 |
|
|---|
| 40 | If the file specified by File with an authentication status specified by
|
|---|
| 41 | AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
|
|---|
| 42 |
|
|---|
| 43 | If the file specified by File with an authentication status specified by
|
|---|
| 44 | AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
|
|---|
| 45 | then EFI_ACCESS_DENIED is returned.
|
|---|
| 46 |
|
|---|
| 47 | If the file specified by File with an authentication status specified by
|
|---|
| 48 | AuthenticationStatus is not safe for the DXE Core to use right now, but it
|
|---|
| 49 | might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
|
|---|
| 50 | returned.
|
|---|
| 51 |
|
|---|
| 52 | @param This The EFI_SECURITY_ARCH_PROTOCOL instance.
|
|---|
| 53 | @param AuthenticationStatus
|
|---|
| 54 | This is the authentication type returned from the Section
|
|---|
| 55 | Extraction protocol. See the Section Extraction Protocol
|
|---|
| 56 | Specification for details on this type.
|
|---|
| 57 | @param File This is a pointer to the device path of the file that is
|
|---|
| 58 | being dispatched. This will optionally be used for logging.
|
|---|
| 59 |
|
|---|
| 60 | @retval EFI_SUCCESS Do nothing and return success.
|
|---|
| 61 | @retval EFI_INVALID_PARAMETER File is NULL.
|
|---|
| 62 | **/
|
|---|
| 63 | EFI_STATUS
|
|---|
| 64 | EFIAPI
|
|---|
| 65 | SecurityStubAuthenticateState (
|
|---|
| 66 | IN CONST EFI_SECURITY_ARCH_PROTOCOL *This,
|
|---|
| 67 | IN UINT32 AuthenticationStatus,
|
|---|
| 68 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File
|
|---|
| 69 | )
|
|---|
| 70 | {
|
|---|
| 71 | return ExecuteSecurityHandlers (AuthenticationStatus, File);
|
|---|
| 72 | }
|
|---|
| 73 |
|
|---|
| 74 | //
|
|---|
| 75 | // Security Architectural Protocol instance produced by this driver
|
|---|
| 76 | //
|
|---|
| 77 | EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {
|
|---|
| 78 | SecurityStubAuthenticateState
|
|---|
| 79 | };
|
|---|
| 80 |
|
|---|
| 81 | /**
|
|---|
| 82 | Installs Security Architectural Protocol.
|
|---|
| 83 |
|
|---|
| 84 | @param ImageHandle The image handle of this driver.
|
|---|
| 85 | @param SystemTable A pointer to the EFI System Table.
|
|---|
| 86 |
|
|---|
| 87 | @retval EFI_SUCCESS Install the sample Security Architectural Protocol successfully.
|
|---|
| 88 |
|
|---|
| 89 | **/
|
|---|
| 90 | EFI_STATUS
|
|---|
| 91 | EFIAPI
|
|---|
| 92 | SecurityStubInitialize (
|
|---|
| 93 | IN EFI_HANDLE ImageHandle,
|
|---|
| 94 | IN EFI_SYSTEM_TABLE *SystemTable
|
|---|
| 95 | )
|
|---|
| 96 | {
|
|---|
| 97 | EFI_STATUS Status;
|
|---|
| 98 |
|
|---|
| 99 | //
|
|---|
| 100 | // Make sure the Security Architectural Protocol is not already installed in the system
|
|---|
| 101 | //
|
|---|
| 102 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);
|
|---|
| 103 |
|
|---|
| 104 | //
|
|---|
| 105 | // Install the Security Architectural Protocol onto a new handle
|
|---|
| 106 | //
|
|---|
| 107 | Status = gBS->InstallMultipleProtocolInterfaces (
|
|---|
| 108 | &mSecurityArchProtocolHandle,
|
|---|
| 109 | &gEfiSecurityArchProtocolGuid,
|
|---|
| 110 | &mSecurityStub,
|
|---|
| 111 | NULL
|
|---|
| 112 | );
|
|---|
| 113 | ASSERT_EFI_ERROR (Status);
|
|---|
| 114 |
|
|---|
| 115 | return EFI_SUCCESS;
|
|---|
| 116 | }
|
|---|
