From cd98f3050246e64f149d9a13032bc1608421811e Mon Sep 17 00:00:00 2001
From: lgao4 <lgao4@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Thu, 26 Nov 2009 01:31:48 +0000
Subject: Add new SecurityManagementLib, and update SecurityStub driver to use
 this lib.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9488 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../DxeSecurityManagementLib.c                     | 251 +++++++++++++++++++++
 .../DxeSecurityManagementLib.inf                   |  43 ++++
 2 files changed, 294 insertions(+)
 create mode 100644 MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
 create mode 100644 MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf

(limited to 'MdeModulePkg/Library/DxeSecurityManagementLib')

diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
new file mode 100644
index 0000000000..1ff1bf6dfe
--- /dev/null
+++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
@@ -0,0 +1,251 @@
+/** @file
+  Provides generic security measurement functions for DXE module.
+
+Copyright (c) 2009 Intel Corporation
+All rights reserved. This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Library/DebugLib.h>
+#include <Library/DxeServicesLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/SecurityManagementLib.h>
+
+#define SECURITY_HANDLER_TABLE_SIZE   0x10
+
+#define EFI_AUTH_OPERATION_MASK       EFI_AUTH_OPERATION_VERIFY_IMAGE \
+                                      | EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD \
+                                      | EFI_AUTH_OPERATION_MEASURE_IMAGE
+
+typedef struct {
+  UINT32  SecurityOperation;
+  SECURITY_FILE_AUTHENTICATION_STATE_HANDLER  SecurityHandler;
+} SECURITY_INFO;
+
+UINT32  mCurrentAuthOperation       = 0;
+UINT32  mNumberOfSecurityHandler    = 0;
+UINT32  mMaxNumberOfSecurityHandler = 0;
+SECURITY_INFO  *mSecurityTable      = NULL;
+
+/**
+  Reallocates more global memory to store the registered Handler list.
+
+  @retval  RETURN_SUCCESS            Reallocate memory successfully.
+  @retval  RETURN_OUT_OF_RESOURCES   No enough memory to allocated.
+**/
+RETURN_STATUS
+EFIAPI
+ReallocateSecurityHandlerTable (
+  )
+{
+  //
+  // Reallocate memory for security info structure.
+  //
+  mSecurityTable = ReallocatePool (
+                     mMaxNumberOfSecurityHandler * sizeof (SECURITY_INFO), 
+                     (mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE) * sizeof (SECURITY_INFO), 
+                     mSecurityTable
+                     );
+
+  //
+  // No enough resource is allocated.
+  //
+  if (mSecurityTable == NULL) {
+    return RETURN_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Increase max handler number
+  //
+  mMaxNumberOfSecurityHandler = mMaxNumberOfSecurityHandler + SECURITY_HANDLER_TABLE_SIZE;
+  return RETURN_SUCCESS;
+}
+
+/**
+ Check whether an operation is valid according to the requirement of current operation, 
+ which must make sure that the measure image operation is the last one.
+
+ @param CurrentAuthOperation  Current operation.
+ @param CheckAuthOperation    Operation to be checked.
+
+ @retval  TRUE   Operation is valid for current operation.
+ @retval  FALSE  Operation is invalid for current operation.
+**/
+BOOLEAN
+CheckAuthenticationOperation (
+  IN  UINT32    CurrentAuthOperation,
+  IN  UINT32    CheckAuthOperation
+  )
+{ 
+  //
+  // Make sure new auth operation can be recognized.
+  //
+  ASSERT ((CheckAuthOperation & ~(EFI_AUTH_OPERATION_MASK | EFI_AUTH_OPERATION_IMAGE_REQUIRED)) == 0);
+  
+  //
+  // When current operation includes measure image operation, 
+  // only another measure image operation or none operation will be allowed.
+  //
+  if ((CurrentAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) {
+    if (((CheckAuthOperation & EFI_AUTH_OPERATION_MEASURE_IMAGE) == EFI_AUTH_OPERATION_MEASURE_IMAGE) ||
+        ((CheckAuthOperation & EFI_AUTH_OPERATION_MASK) == EFI_AUTH_OPERATION_NONE)) {
+      return TRUE;
+    } else {
+      return FALSE;
+    }
+  }
+  
+  //
+  // When current operation doesn't include measure image operation, 
+  // any new operation will be allowed.
+  //
+  return TRUE;
+}
+
+/**
+  Register security measurement handler with its operation type. The different
+  handler with the same operation can all be registered.
+
+  If SecurityHandler is NULL, then ASSERT().
+  If no enough resources available to register new handler, then ASSERT().
+  If AuthenticationOperation is not recongnized, then ASSERT().
+  If the previous register handler can't be executed before the later register handler, then ASSERT().
+
+  @param[in]  SecurityHandler           Security measurement service handler to be registered.
+  @param[in]  AuthenticationOperation   Operation type is specified for the registered handler.
+
+  @retval EFI_SUCCESS              The handlers were registered successfully.
+**/
+EFI_STATUS
+EFIAPI
+RegisterSecurityHandler (
+  IN  SECURITY_FILE_AUTHENTICATION_STATE_HANDLER  SecurityHandler,
+  IN  UINT32                                      AuthenticationOperation
+  )
+{
+  EFI_STATUS  Status;
+
+  ASSERT (SecurityHandler != NULL);
+
+  //
+  // Make sure AuthenticationOperation is valid in the register order.
+  //
+  ASSERT (CheckAuthenticationOperation (mCurrentAuthOperation, AuthenticationOperation));
+  mCurrentAuthOperation = mCurrentAuthOperation | AuthenticationOperation;
+
+  //
+  // Check whether the handler lists is enough to store new handler.
+  //
+  if (mNumberOfSecurityHandler == mMaxNumberOfSecurityHandler) {
+    //
+    // Allocate more resources for new handler.
+    //
+    Status = ReallocateSecurityHandlerTable();
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  //
+  // Register new handler into the handler list.
+  //
+  mSecurityTable[mNumberOfSecurityHandler].SecurityOperation = AuthenticationOperation;
+  mSecurityTable[mNumberOfSecurityHandler].SecurityHandler   = SecurityHandler;
+  mNumberOfSecurityHandler ++;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Execute registered handlers until one returns an error and that error is returned.
+  If none of the handlers return an error, then EFI_SUCCESS is returned.
+
+  Before exectue handler, get the image buffer by file device path if a handler 
+  requires the image file. And return the image buffer to each handler when exectue handler.
+
+  The handlers are executed in same order to their registered order.
+
+  @param[in]  AuthenticationStatus 
+                           This is the authentication type returned from the Section
+                           Extraction protocol. See the Section Extraction Protocol
+                           Specification for details on this type.
+  @param[in]  FilePath     This is a pointer to the device path of the file that is
+                           being dispatched. This will optionally be used for logging.
+
+  @retval EFI_SUCCESS            The file specified by File did authenticate when more
+                                 than one security handler services were registered, 
+                                 or the file did not authenticate when no security 
+                                 handler service was registered. And the platform policy 
+                                 dictates that the DXE Core may use File.
+  @retval EFI_INVALID_PARAMETER  File is NULL.
+  @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
+                                 the platform policy dictates that File should be placed
+                                 in the untrusted state. A file may be promoted from
+                                 the untrusted to the trusted state at a future time
+                                 with a call to the Trust() DXE Service.
+  @retval EFI_ACCESS_DENIED      The file specified by File did not authenticate, and
+                                 the platform policy dictates that File should not be
+                                 used for any purpose.
+**/
+EFI_STATUS
+EFIAPI
+ExecuteSecurityHandlers (
+  IN  UINT32                            AuthenticationStatus,
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL    *FilePath
+  )
+{
+  UINT32        Index;
+  EFI_STATUS    Status;
+  UINT32        HandlerAuthenticationStatus;
+  VOID          *FileBuffer;
+  UINTN         FileSize;
+  
+  if (FilePath == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
+  // Directly return successfully when no handler is registered.
+  //
+  if (mNumberOfSecurityHandler == 0) {
+    return EFI_SUCCESS;
+  }
+  
+  Status                      = EFI_SUCCESS;
+  FileBuffer                  = NULL;
+  FileSize                    = 0;
+  HandlerAuthenticationStatus = AuthenticationStatus;
+  //
+  // Run security handler in same order to their registered list
+  //
+  for (Index = 0; Index < mNumberOfSecurityHandler; Index ++) {
+    if ((mSecurityTable[Index].SecurityOperation & EFI_AUTH_OPERATION_IMAGE_REQUIRED) == EFI_AUTH_OPERATION_IMAGE_REQUIRED) {
+      //
+      // Try get file buffer when the handler requires image buffer.
+      //
+      if (FileBuffer == NULL) {
+        FileBuffer = GetFileBufferByFilePath (FALSE, FilePath, &FileSize, &AuthenticationStatus);
+      }
+    }
+    Status = mSecurityTable[Index].SecurityHandler (
+               HandlerAuthenticationStatus,
+               FilePath,
+               FileBuffer,
+               FileSize
+               );
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+  }
+
+  if (FileBuffer != NULL) {
+    FreePool (FileBuffer);
+  }
+
+  return Status;
+}
diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
new file mode 100644
index 0000000000..7b65d4a3b1
--- /dev/null
+++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
@@ -0,0 +1,43 @@
+#/** @file
+# Instance of SecurityManagementLib Library for DXE phase.
+#
+# This library provides generic security measurement functions for DXE module.
+#
+#  Copyright (c) 2009, Intel Corporation.
+#
+#  All rights reserved. This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
+#**/
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeSecurityManagementLib
+  FILE_GUID                      = 7F61122C-19DF-47c3-BA0D-6C1149E30FA1
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = SecurityManagementLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER 
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  DxeSecurityManagementLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  MemoryAllocationLib
+  DebugLib
+  DxeServicesLib
+  
-- 
cgit v1.2.3