/** @file Implement image authentication status check in UEFI2.3.1. Copyright (c) 2012, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include <PiDxe.h> #include <Library/SecurityManagementLib.h> /** Check image authentication status returned from Section Extraction Protocol @param[in] AuthenticationStatus This is the authentication status returned from the Section Extraction Protocol when reading the input file. @param[in] File This is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging. @param[in] FileBuffer File buffer matches the input file device path. @param[in] FileSize Size of File buffer matches the input file device path. @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service. @retval EFI_SUCCESS The input file specified by File did authenticate, and the platform policy dictates that the DXE Core may use File. @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not authenticate, and the platform policy dictates that the DXE Foundation many not use File. **/ EFI_STATUS EFIAPI DxeImageAuthenticationStatusHandler ( IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *File, IN VOID *FileBuffer, IN UINTN FileSize, IN BOOLEAN BootPolicy ) { if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) { if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) { return EFI_ACCESS_DENIED; } } return EFI_SUCCESS; } /** Register image authenticaion status check handler. @param ImageHandle ImageHandle of the loaded driver. @param SystemTable Pointer to the EFI System Table. @retval EFI_SUCCESS The handlers were registered successfully. **/ EFI_STATUS EFIAPI DxeImageAuthenticationStatusLibConstructor ( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable ) { return RegisterSecurity2Handler ( DxeImageAuthenticationStatusHandler, EFI_AUTH_OPERATION_AUTHENTICATION_STATE ); }