diff options
Diffstat (limited to 'SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c')
| -rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index 2458ee2ae1..8860daeafa 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -72,6 +72,25 @@ HASH_TABLE mHash[] = { };
/**
+ SecureBoot Hook for processing image verification.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Data Data pointer.
+
+**/
+VOID
+EFIAPI
+SecureBootHook (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINTN DataSize,
+ IN VOID *Data
+ );
+
+/**
Reads contents of a PE/COFF image in memory buffer.
Caution: This function may receive untrusted input.
@@ -846,6 +865,7 @@ IsSignatureFoundInDatabase ( // Find the signature in database.
//
IsFound = TRUE;
+ SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
break;
}
@@ -948,6 +968,7 @@ IsPkcsSignedDataVerifiedBySignatureList ( mImageDigestSize
);
if (VerifyStatus) {
+ SecureBootHook (VariableName, VendorGuid, CertList->SignatureSize, Cert);
goto Done;
}
Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
|