Add PI1.2.1 SAP2 support and UEFI231B mantis 896

1. Update three Security Handlers to depend on new SecurityManagementLib APIs to register Security service for SAP2 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Guo Dong <dong.guo@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13661 6f19259b-4bc3-4df7-8a09-765794883524
author: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524> 2012-08-22 02:33:00 +0000
committer: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524> 2012-08-22 02:33:00 +0000
commit: 5db28a6753d307cdfb1cfdeb2f63739a9f959837 (patch)
tree: bb5fbb9a0b62a1b10ba8ab9db06b6231b1627728 /SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
parent: bc2dfdbcfc11dc785f0cc0ad2f519a63b98f88bc (diff)
download: edk2-platforms-5db28a6753d307cdfb1cfdeb2f63739a9f959837.tar.xz
1 files changed, 22 insertions, 16 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 402540eb1b..c86ce1f312 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -141,6 +141,10 @@ GetImageType (
   EFI_DEVICE_PATH_PROTOCOL          *TempDevicePath;
   EFI_BLOCK_IO_PROTOCOL             *BlockIo;
 
+  if (File == NULL) {
+    return IMAGE_UNKNOWN;
+  }
+
   //
   // First check to see if File is from a Firmware Volume
   //
@@ -1034,19 +1038,23 @@ VerifyCertPkcsSignedData (
                            being dispatched. This will optionally be used for logging.
   @param[in]    FileBuffer File buffer matches the input file device path.
   @param[in]    FileSize   Size of File buffer matches the input file device path.
-
-  @retval EFI_SUCCESS            The file specified by File did authenticate, and the
-                                 platform policy dictates that the DXE Core may use File.
-  @retval EFI_INVALID_PARAMETER  Input argument is incorrect.
+  @param[in]    BootPolicy A boot policy that was used to call LoadImage() UEFI service.
+
+  @retval EFI_SUCCESS            The file specified by DevicePath and non-NULL
+                                 FileBuffer did authenticate, and the platform policy dictates
+                                 that the DXE Foundation may use the file.
+  @retval EFI_SUCCESS            The device path specified by NULL device path DevicePath
+                                 and non-NULL FileBuffer did authenticate, and the platform
+                                 policy dictates that the DXE Foundation may execute the image in
+                                 FileBuffer.
   @retval EFI_OUT_RESOURCE       Fail to allocate memory.
   @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
                                  the platform policy dictates that File should be placed
-                                 in the untrusted state. A file may be promoted from
-                                 the untrusted to the trusted state at a future time
-                                 with a call to the Trust() DXE Service.
-  @retval EFI_ACCESS_DENIED      The file specified by File did not authenticate, and
-                                 the platform policy dictates that File should not be
-                                 used for any purpose.
+                                 in the untrusted state. The image has been added to the file
+                                 execution table.
+  @retval EFI_ACCESS_DENIED      The file specified by File and FileBuffer did not
+                                 authenticate, and the platform policy dictates that the DXE
+                                 Foundation many not use File.
 
 **/
 EFI_STATUS
@@ -1055,7 +1063,8 @@ DxeImageVerificationHandler (
   IN  UINT32                           AuthenticationStatus,
   IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,
   IN  VOID                             *FileBuffer,
-  IN  UINTN                            FileSize
+  IN  UINTN                            FileSize,
+  IN  BOOLEAN                          BootPolicy
   )
 {
   EFI_STATUS                           Status;
@@ -1073,10 +1082,6 @@ DxeImageVerificationHandler (
   UINT32                               NumberOfRvaAndSizes;
   UINT32                               CertSize;
 
-  if (File == NULL) {
-    return EFI_INVALID_PARAMETER;
-  }
-
   SignatureList     = NULL;
   SignatureListSize = 0;
   WinCertificate    = NULL;
@@ -1326,6 +1331,7 @@ Done:
     // Policy decides to defer or reject the image; add its information in image executable information table.
     //
     AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);
+    Status = EFI_SECURITY_VIOLATION;
   }
 
   if (SignatureList != NULL) {
@@ -1410,7 +1416,7 @@ DxeImageVerificationLibConstructor (
     &Registration
     );
 
-  return RegisterSecurityHandler (
+  return RegisterSecurity2Handler (
           DxeImageVerificationHandler,
           EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
           );
author	lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>	2012-08-22 02:33:00 +0000
committer	lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>	2012-08-22 02:33:00 +0000
commit	5db28a6753d307cdfb1cfdeb2f63739a9f959837 (patch)
tree	bb5fbb9a0b62a1b10ba8ab9db06b6231b1627728 /SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
parent	bc2dfdbcfc11dc785f0cc0ad2f519a63b98f88bc (diff)
download	edk2-platforms-5db28a6753d307cdfb1cfdeb2f63739a9f959837.tar.xz