1 | /** @file
2 | This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.
3 |
4 | Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
5 | SPDX-License-Identifier: BSD-2-Clause-Patent
6 |
7 | **/
8 |
9 | #include <Uefi.h>
10 | #include <Protocol/Security.h>
11 | #include <Protocol/Security2.h>
12 | #include <Library/DebugLib.h>
13 | #include <Library/UefiBootServicesTableLib.h>
14 | #include <Library/UefiDriverEntryPoint.h>
15 | #include <Library/SecurityManagementLib.h>
16 | #include "Defer3rdPartyImageLoad.h"
17 |
18 | //
19 | // Handle for the Security Architectural Protocol instance produced by this driver
20 | //
21 | EFI_HANDLE mSecurityArchProtocolHandle = NULL;
22 |
23 | /**
24 | The EFI_SECURITY_ARCH_PROTOCOL (SAP) is used to abstract platform-specific
25 | policy from the DXE core response to an attempt to use a file that returns a
26 | given status for the authentication check from the section extraction protocol.
27 |
28 | The possible responses in a given SAP implementation may include locking
29 | flash upon failure to authenticate, attestation logging for all signed drivers,
30 | and other exception operations. The File parameter allows for possible logging
31 | within the SAP of the driver.
32 |
33 | If File is NULL, then EFI_INVALID_PARAMETER is returned.
34 |
35 | If the file specified by File with an authentication status specified by
36 | AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
37 |
38 | If the file specified by File with an authentication status specified by
39 | AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
40 | then EFI_ACCESS_DENIED is returned.
41 |
42 | If the file specified by File with an authentication status specified by
43 | AuthenticationStatus is not safe for the DXE Core to use right now, but it
44 | might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
45 | returned.
46 |
47 | @param This The EFI_SECURITY_ARCH_PROTOCOL instance.
48 | @param AuthenticationStatus
49 | This is the authentication type returned from the Section
50 | Extraction protocol. See the Section Extraction Protocol
51 | Specification for details on this type.
52 | @param File This is a pointer to the device path of the file that is
53 | being dispatched. This will optionally be used for logging.
54 |
55 | @retval EFI_SUCCESS Do nothing and return success.
56 | @retval EFI_INVALID_PARAMETER File is NULL.
57 | **/
60 | SecurityStubAuthenticateState (
62 | IN UINT32 AuthenticationStatus,
64 | )
65 | {
66 | EFI_STATUS Status;
67 |
68 | Status = ExecuteSecurity2Handlers (
70 | AuthenticationStatus,
71 | File,
72 | NULL,
73 | 0,
74 | FALSE
75 | );
76 | if (Status == EFI_SUCCESS) {
77 | Status = ExecuteSecurityHandlers (AuthenticationStatus, File);
78 | }
79 |
80 | return Status;
81 | }
82 |
83 | /**
84 | The DXE Foundation uses this service to measure and/or verify a UEFI image.
85 |
86 | This service abstracts the invocation of Trusted Computing Group (TCG) measured boot, UEFI
87 | Secure boot, and UEFI User Identity infrastructure. For the former two, the DXE Foundation
88 | invokes the FileAuthentication() with a DevicePath and corresponding image in
89 | FileBuffer memory. The TCG measurement code will record the FileBuffer contents into the
90 | appropriate PCR. The image verification logic will confirm the integrity and provenance of the
91 | image in FileBuffer of length FileSize . The origin of the image will be DevicePath in
92 | these cases.
93 | If the FileBuffer is NULL, the interface will determine if the DevicePath can be connected
94 | in order to support the User Identification policy.
95 |
96 | @param This The EFI_SECURITY2_ARCH_PROTOCOL instance.
97 | @param File A pointer to the device path of the file that is
98 | being dispatched. This will optionally be used for logging.
99 | @param FileBuffer A pointer to the buffer with the UEFI file image.
100 | @param FileSize The size of the file.
101 | @param BootPolicy A boot policy that was used to call LoadImage() UEFI service. If
102 | FileAuthentication() is invoked not from the LoadImage(),
103 | BootPolicy must be set to FALSE.
104 |
105 | @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
106 | FileBuffer did authenticate, and the platform policy dictates
107 | that the DXE Foundation may use the file.
108 | @retval EFI_SUCCESS The device path specified by NULL device path DevicePath
109 | and non-NULL FileBuffer did authenticate, and the platform
110 | policy dictates that the DXE Foundation may execute the image in
111 | FileBuffer.
112 | @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
113 | UEFI device drivers on the device path specified by DevicePath.
114 | @retval EFI_SECURITY_VIOLATION The file specified by DevicePath and FileBuffer did not
115 | authenticate, and the platform policy dictates that the file should be
116 | placed in the untrusted state. The image has been added to the file
117 | execution table.
118 | @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
119 | authenticate, and the platform policy dictates that the DXE
120 | Foundation many not use File.
121 | @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no
122 | permission to start UEFI device drivers on the device path specified
123 | by DevicePath.
124 | @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
125 | drivers from the device path specified by DevicePath. The
126 | image has been added into the list of the deferred images.
127 | **/
129 | EFIAPI
130 | Security2StubAuthenticate (
133 | IN VOID *FileBuffer,
134 | IN UINTN FileSize,
135 | IN BOOLEAN BootPolicy
136 | )
137 | {
138 | EFI_STATUS Status;
139 |
140 | if (FileBuffer != NULL) {
141 | Status = Defer3rdPartyImageLoad (File, BootPolicy);
142 | if (EFI_ERROR (Status)) {
143 | return Status;
144 | }
145 | }
146 |
147 | return ExecuteSecurity2Handlers (
152 | 0,
153 | File,
154 | FileBuffer,
155 | FileSize,
156 | BootPolicy
157 | );
158 | }
159 |
160 | //
161 | // Security2 and Security Architectural Protocol instance produced by this driver
162 | //
163 | EFI_SECURITY_ARCH_PROTOCOL mSecurityStub = {
164 | SecurityStubAuthenticateState
165 | };
166 |
167 | EFI_SECURITY2_ARCH_PROTOCOL mSecurity2Stub = {
168 | Security2StubAuthenticate
169 | };
170 |
171 | /**
172 | Installs Security2 and Security Architectural Protocol.
173 |
174 | @param ImageHandle The image handle of this driver.
175 | @param SystemTable A pointer to the EFI System Table.
176 |
177 | @retval EFI_SUCCESS Install the sample Security Architectural Protocol successfully.
178 |
179 | **/
181 | EFIAPI
182 | SecurityStubInitialize (
183 | IN EFI_HANDLE ImageHandle,
184 | IN EFI_SYSTEM_TABLE *SystemTable
185 | )
186 | {
187 | EFI_STATUS Status;
188 |
189 | //
190 | // Make sure the Security Architectural Protocol is not already installed in the system
191 | //
192 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurity2ArchProtocolGuid);
193 | ASSERT_PROTOCOL_ALREADY_INSTALLED (NULL, &gEfiSecurityArchProtocolGuid);
194 |
195 | //
196 | // Install the Security Architectural Protocol onto a new handle
197 | //
198 | Status = gBS->InstallMultipleProtocolInterfaces (
199 | &mSecurityArchProtocolHandle,
200 | &gEfiSecurity2ArchProtocolGuid,
201 | &mSecurity2Stub,
202 | &gEfiSecurityArchProtocolGuid,
203 | &mSecurityStub,
204 | NULL
205 | );
206 | ASSERT_EFI_ERROR (Status);
207 |
208 | Defer3rdPartyImageLoadInitialize ();
209 |
210 | return EFI_SUCCESS;
211 | }