diff options
Diffstat (limited to 'MdeModulePkg')
| -rw-r--r-- | MdeModulePkg/Core/Pei/FwVol/FwVol.c | 22 | ||||
| -rw-r--r-- | MdeModulePkg/Core/Pei/Security/Security.c | 13 |
2 files changed, 30 insertions, 5 deletions
diff --git a/MdeModulePkg/Core/Pei/FwVol/FwVol.c b/MdeModulePkg/Core/Pei/FwVol/FwVol.c index a347129..357f097 100644 --- a/MdeModulePkg/Core/Pei/FwVol/FwVol.c +++ b/MdeModulePkg/Core/Pei/FwVol/FwVol.c @@ -735,6 +735,7 @@ ProcessSection ( BOOLEAN SectionCached;
VOID *TempOutputBuffer;
UINT32 TempAuthenticationStatus;
+ UINT16 GuidedSectionAttributes;
PrivateData = PEI_CORE_INSTANCE_FROM_PS_THIS (PeiServices);
*OutputBuffer = NULL;
@@ -834,9 +835,11 @@ ProcessSection ( Authentication = 0;
if (Section->Type == EFI_SECTION_GUID_DEFINED) {
if (IS_SECTION2 (Section)) {
- SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION2 *)Section)->SectionDefinitionGuid;
+ SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION2 *)Section)->SectionDefinitionGuid;
+ GuidedSectionAttributes = ((EFI_GUID_DEFINED_SECTION2 *)Section)->Attributes;
} else {
- SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION *)Section)->SectionDefinitionGuid;
+ SectionDefinitionGuid = &((EFI_GUID_DEFINED_SECTION *)Section)->SectionDefinitionGuid;
+ GuidedSectionAttributes = ((EFI_GUID_DEFINED_SECTION *)Section)->Attributes;
}
if (VerifyGuidedSectionGuid (SectionDefinitionGuid, &GuidSectionPpi)) {
Status = GuidSectionPpi->ExtractSection (
@@ -846,6 +849,21 @@ ProcessSection ( &PpiOutputSize,
&Authentication
);
+ } else if ((GuidedSectionAttributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) == 0) {
+ //
+ // Figure out the proper authentication status for GUIDED section without processing required
+ //
+ Status = EFI_SUCCESS;
+ if ((GuidedSectionAttributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) == EFI_GUIDED_SECTION_AUTH_STATUS_VALID) {
+ Authentication |= EFI_AUTH_STATUS_IMAGE_SIGNED | EFI_AUTH_STATUS_NOT_TESTED;
+ }
+ if (IS_SECTION2 (Section)) {
+ PpiOutputSize = SECTION2_SIZE (Section) - ((EFI_GUID_DEFINED_SECTION2 *) Section)->DataOffset;
+ PpiOutput = (UINT8 *) Section + ((EFI_GUID_DEFINED_SECTION2 *) Section)->DataOffset;
+ } else {
+ PpiOutputSize = SECTION_SIZE (Section) - ((EFI_GUID_DEFINED_SECTION *) Section)->DataOffset;
+ PpiOutput = (UINT8 *) Section + ((EFI_GUID_DEFINED_SECTION *) Section)->DataOffset;
+ }
}
} else if (Section->Type == EFI_SECTION_COMPRESSION) {
Status = PeiServicesLocatePpi (&gEfiPeiDecompressPpiGuid, 0, NULL, (VOID **) &DecompressPpi);
diff --git a/MdeModulePkg/Core/Pei/Security/Security.c b/MdeModulePkg/Core/Pei/Security/Security.c index f089267..7631260 100644 --- a/MdeModulePkg/Core/Pei/Security/Security.c +++ b/MdeModulePkg/Core/Pei/Security/Security.c @@ -1,7 +1,7 @@ /** @file
EFI PEI Core Security services
-Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -100,9 +100,16 @@ VerifyPeim ( EFI_STATUS Status;
BOOLEAN DeferExection;
-
+ Status = EFI_NOT_FOUND;
if (PrivateData->PrivateSecurityPpi == NULL) {
- Status = EFI_NOT_FOUND;
+ //
+ // Check AuthenticationStatus first.
+ //
+ if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) {
+ if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) {
+ Status = EFI_SECURITY_VIOLATION;
+ }
+ }
} else {
//
// Check to see if the image is OK
|