diff options
author | Gao, Liming <liming.gao@intel.com> | 2014-08-18 05:43:06 +0000 |
---|---|---|
committer | lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524> | 2014-08-18 05:43:06 +0000 |
commit | 9d8de12c31628da255155a544641ae7473581f04 (patch) | |
tree | 4919231a76303131fe9d5986602f234299ca331b /MdeModulePkg/Core/Pei/Security | |
parent | 03af27533236a08309b60ba1f3236234f3de46bc (diff) | |
download | edk2-platforms-9d8de12c31628da255155a544641ae7473581f04.tar.xz |
Update PeiCore to follow PI spec to retrieve GUIDED section data when ExtractionPpi is not found.
Enhance PeiCore Security Policy to check AuthenticationStatus when SecurityPpi is not found.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Zeng, Star <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15817 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg/Core/Pei/Security')
-rw-r--r-- | MdeModulePkg/Core/Pei/Security/Security.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/MdeModulePkg/Core/Pei/Security/Security.c b/MdeModulePkg/Core/Pei/Security/Security.c index f08926766a..763126057d 100644 --- a/MdeModulePkg/Core/Pei/Security/Security.c +++ b/MdeModulePkg/Core/Pei/Security/Security.c @@ -1,7 +1,7 @@ /** @file
EFI PEI Core Security services
-Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -100,9 +100,16 @@ VerifyPeim ( EFI_STATUS Status;
BOOLEAN DeferExection;
-
+ Status = EFI_NOT_FOUND;
if (PrivateData->PrivateSecurityPpi == NULL) {
- Status = EFI_NOT_FOUND;
+ //
+ // Check AuthenticationStatus first.
+ //
+ if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {
+ if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {
+ Status = EFI_SECURITY_VIOLATION;
+ }
+ }
} else {
//
// Check to see if the image is OK
|