From 0c3a1db40f982d243b8e2c67ee4e8109a0737d34 Mon Sep 17 00:00:00 2001 From: lzeng14 Date: Tue, 29 May 2012 05:22:01 +0000 Subject: Update DxeCore and FwVolDxe drivers to inherit authentication status for the FV image, if the image came from an FV image file and section in another firmware volume. Signed-off-by: Star Zeng Reviewed-by: Liming Gao Reviewed-by: Chao Zhang git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13368 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Universal/FirmwareVolume/FwVolDxe/FwVol.c | 106 +++++++++++++++++++++ .../FirmwareVolume/FwVolDxe/FwVolDriver.h | 3 +- .../Universal/FirmwareVolume/FwVolDxe/FwVolRead.c | 13 ++- 3 files changed, 120 insertions(+), 2 deletions(-) (limited to 'IntelFrameworkModulePkg') diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c index c3878968d4..1365a5277d 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVol.c @@ -174,6 +174,109 @@ FreeFvDeviceResource ( return ; } +/** + + Firmware volume inherits authentication status from the FV image file and section(in another firmware volume) + where it came from. + + @param FvDevice A pointer to the FvDevice. + +**/ +VOID +FwVolInheritAuthenticationStatus ( + IN FV_DEVICE *FvDevice + ) +{ + EFI_STATUS Status; + EFI_FIRMWARE_VOLUME_HEADER *CachedFvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *CachedFvExtHeader; + EFI_FIRMWARE_VOLUME2_PROTOCOL *ParentFvProtocol; + UINTN Key; + EFI_GUID FileNameGuid; + EFI_FV_FILETYPE FileType; + EFI_FV_FILE_ATTRIBUTES FileAttributes; + UINTN FileSize; + EFI_SECTION_TYPE SectionType; + UINT32 AuthenticationStatus; + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + UINTN BufferSize; + + CachedFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) FvDevice->CachedFv; + + if (FvDevice->Fv.ParentHandle != NULL) { + // + // By Parent Handle, find out the FV image file and section(in another firmware volume) where the firmware volume came from + // + Status = gBS->HandleProtocol (FvDevice->Fv.ParentHandle, &gEfiFirmwareVolume2ProtocolGuid, (VOID **) &ParentFvProtocol); + if (!EFI_ERROR (Status) && (ParentFvProtocol != NULL)) { + Key = 0; + do { + FileType = EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE; + Status = ParentFvProtocol->GetNextFile ( + ParentFvProtocol, + &Key, + &FileType, + &FileNameGuid, + &FileAttributes, + &FileSize + ); + if (EFI_ERROR (Status)) { + return; + } + + SectionType = EFI_SECTION_FIRMWARE_VOLUME_IMAGE; + FvHeader = NULL; + BufferSize = 0; + Status = ParentFvProtocol->ReadSection ( + ParentFvProtocol, + &FileNameGuid, + SectionType, + 0, + (VOID **) &FvHeader, + &BufferSize, + &AuthenticationStatus + ); + if (!EFI_ERROR (Status)) { + if ((FvHeader->FvLength == CachedFvHeader->FvLength) && + (FvHeader->ExtHeaderOffset == CachedFvHeader->ExtHeaderOffset)) { + if (FvHeader->ExtHeaderOffset !=0) { + // + // Both FVs contain extension header, then compare their FV Name GUID + // + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) FvHeader + FvHeader->ExtHeaderOffset); + CachedFvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *) ((UINTN) CachedFvHeader + CachedFvHeader->ExtHeaderOffset); + if (CompareGuid (&FvExtHeader->FvName, &CachedFvExtHeader->FvName)) { + // + // Found the FV image section where the firmware volume came from, + // and then inherit authentication status from it. + // + FvDevice->AuthenticationStatus = AuthenticationStatus; + FreePool ((VOID *) FvHeader); + return; + } + } else { + // + // Both FVs don't contain extension header, then compare their whole FV Image. + // + if (CompareMem ((VOID *) FvHeader, (VOID *) CachedFvHeader, FvHeader->FvLength) == 0) { + // + // Found the FV image section where the firmware volume came from + // and then inherit authentication status from it. + // + FvDevice->AuthenticationStatus = AuthenticationStatus; + FreePool ((VOID *) FvHeader); + return; + } + } + } + FreePool ((VOID *) FvHeader); + } + } while (TRUE); + } + } +} + /** Check if an FV is consistent and allocate cache for it. @@ -612,6 +715,7 @@ FwVolDriverInit ( FvDevice->Fv.KeySize = KEYSIZE; FvDevice->Fv.GetInfo = FvGetVolumeInfo; FvDevice->Fv.SetInfo = FvSetVolumeInfo; + FvDevice->Fv.ParentHandle = Fvb->ParentHandle; Status = FvCheck (FvDevice); if (EFI_ERROR (Status)) { @@ -622,6 +726,8 @@ FwVolDriverInit ( continue; } + FwVolInheritAuthenticationStatus (FvDevice); + if (Reinstall) { // // Reinstall an New FV protocol diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h index 2de65f511d..e424f9572d 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolDriver.h @@ -1,7 +1,7 @@ /** @file Common defines and definitions for a FwVolDxe driver. - Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions @@ -94,6 +94,7 @@ typedef struct { FFS_FILE_LIST_ENTRY *CurrentFfsFile; BOOLEAN IsFfs3Fv; + UINT32 AuthenticationStatus; } FV_DEVICE; #define FV_DEVICE_FROM_THIS(a) CR (a, FV_DEVICE, Fv, FV_DEVICE_SIGNATURE) diff --git a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c index 1e8ba91581..8e2706bb8a 100644 --- a/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c +++ b/IntelFrameworkModulePkg/Universal/FirmwareVolume/FwVolDxe/FwVolRead.c @@ -1,7 +1,7 @@ /** @file Implements functions to read firmware file. - Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions @@ -510,6 +510,7 @@ FvReadFileSection ( ) { EFI_STATUS Status; + FV_DEVICE *FvDevice; EFI_FV_ATTRIBUTES FvAttributes; EFI_FV_FILETYPE FileType; EFI_FV_FILE_ATTRIBUTES FileAttributes; @@ -522,6 +523,8 @@ FvReadFileSection ( return EFI_INVALID_PARAMETER; } + FvDevice = FV_DEVICE_FROM_THIS (This); + Status = This->GetVolumeAttributes (This, &FvAttributes); if (EFI_ERROR (Status)) { return Status; @@ -607,6 +610,14 @@ FvReadFileSection ( AuthenticationStatus ); } + + if (!EFI_ERROR (Status)) { + // + // Inherit the authentication status. + // + *AuthenticationStatus |= FvDevice->AuthenticationStatus; + } + // // Handle AuthenticationStatus if necessary // -- cgit v1.2.3