diff options
author | li-elvin <li-elvin@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-17 09:25:26 +0000 |
---|---|---|
committer | li-elvin <li-elvin@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-07-17 09:25:26 +0000 |
commit | 0f8b02980ed25b9a2310a4d2172de9a172c9262d (patch) | |
tree | 0c906b1b4da831c7d443736c8ad6ea0b1124a5e8 | |
parent | 05a643f91dae02580187ec24440ec798197b913a (diff) | |
download | edk2-platforms-0f8b02980ed25b9a2310a4d2172de9a172c9262d.tar.xz |
Added secure boot in CSM module entrypoint, if UEFI secure boot is enabled, CSM module cannot be started.
Signed-off-by: Li Elvin <elvin.li@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13537 6f19259b-4bc3-4df7-8a09-765794883524
3 files changed, 18 insertions, 2 deletions
diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c index c90231af07..0381098c8a 100644 --- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c +++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBios.c @@ -695,6 +695,7 @@ LegacyBiosInstall ( UINT32 MemorySize;
EFI_GCD_MEMORY_SPACE_DESCRIPTOR Descriptor;
UINT64 Length;
+ UINT8 *SecureBoot;
//
// Load this driver's image to memory
@@ -704,6 +705,20 @@ LegacyBiosInstall ( return Status;
}
+ //
+ // When UEFI Secure Boot is enabled, CSM module will not start any more.
+ //
+ SecureBoot = NULL;
+ GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
+ if ((SecureBoot != NULL) && (*SecureBoot == SECURE_BOOT_MODE_ENABLE)) {
+ FreePool (SecureBoot);
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ if (SecureBoot != NULL) {
+ FreePool (SecureBoot);
+ }
+
Private = &mPrivateData;
ZeroMem (Private, sizeof (LEGACY_BIOS_INSTANCE));
diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf index 4b6635e6bf..ea8cb6bd08 100644 --- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf +++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosDxe.inf @@ -3,7 +3,7 @@ #
# This driver installs Legacy Bios Protocol to support CSM module work in EFI system.
#
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions
@@ -142,5 +142,5 @@ gEfiIntelFrameworkModulePkgTokenSpaceGuid.PcdHighPmmMemorySize
[Depex]
- gEfiLegacyRegion2ProtocolGuid AND gEfiLegacyInterruptProtocolGuid AND gEfiLegacyBiosPlatformProtocolGuid AND gEfiLegacy8259ProtocolGuid AND gEfiGenericMemTestProtocolGuid AND gEfiCpuArchProtocolGuid AND gEfiTimerArchProtocolGuid
+ gEfiLegacyRegion2ProtocolGuid AND gEfiLegacyInterruptProtocolGuid AND gEfiLegacyBiosPlatformProtocolGuid AND gEfiLegacy8259ProtocolGuid AND gEfiGenericMemTestProtocolGuid AND gEfiCpuArchProtocolGuid AND gEfiTimerArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid
diff --git a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h index a42e847250..f2e4bbfffd 100644 --- a/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h +++ b/IntelFrameworkModulePkg/Csm/LegacyBiosDxe/LegacyBiosInterface.h @@ -24,6 +24,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Guid/DxeServices.h>
#include <Guid/LegacyBios.h>
#include <Guid/StatusCodeDataTypeId.h>
+#include <Guid/ImageAuthentication.h>
#include <Protocol/BlockIo.h>
#include <Protocol/LoadedImage.h>
|