SF.net SVN: edk2:[13729] trunk/edk2/SecurityPkg

Thu, 13 Sep 2012 01:34:47 -0700 

Revision: 13729
          http://edk2.svn.sourceforge.net/edk2/?rev=13729&view=rev
Author:   czhang46
Date:     2012-09-13 08:34:32 +0000 (Thu, 13 Sep 2012)
Log Message:
-----------
Add ImageAuthenticationStatusLib to SAP to check Authentication Status returned 
from 
Section Extraction Protocol

Signed-off-by: Chao Zhang<[email protected]>
Reviewed-by  : Gao Liming<[email protected]>

Modified Paths:
--------------
    trunk/edk2/SecurityPkg/SecurityPkg.dsc

Added Paths:
-----------
    trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/
    
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
    
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf

Added: 
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
===================================================================
--- 
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
                            (rev 0)
+++ 
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
    2012-09-13 08:34:32 UTC (rev 13729)
@@ -0,0 +1,76 @@
+/** @file
+  Implement image authentication status check in UEFI2.3.1.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD 
License
+which accompanies this distribution.  The full text of the license may be 
found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Library/SecurityManagementLib.h>
+
+
+/**
+  Check image authentication status returned from Section Extraction Protocol
+  
+  @param[in]    AuthenticationStatus  This is the authentication status 
returned from 
+                             the Section Extraction Protocol when reading the 
input file.
+  @param[in]    File       This is a pointer to the device path of the file 
that is
+                           being dispatched. This will optionally be used for 
logging.
+  @param[in]    FileBuffer File buffer matches the input file device path.
+  @param[in]    FileSize   Size of File buffer matches the input file device 
path.
+  @param[in]    BootPolicy A boot policy that was used to call LoadImage() 
UEFI service.
+
+  @retval EFI_SUCCESS            The input file specified by File did 
authenticate, and the
+                                 platform policy dictates that the DXE Core 
may use File.
+  @retval EFI_ACCESS_DENIED      The file specified by File and FileBuffer did 
not
+                                 authenticate, and the platform policy 
dictates that the DXE
+                                 Foundation many not use File.
+
+**/
+EFI_STATUS
+EFIAPI
+DxeImageAuthenticationStatusHandler (
+  IN  UINT32                           AuthenticationStatus,
+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File,
+  IN  VOID                             *FileBuffer,
+  IN  UINTN                            FileSize,
+  IN  BOOLEAN                          BootPolicy
+  )
+{
+  if (AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) {
+    if (AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | 
EFI_AUTH_STATUS_NOT_TESTED)) {
+      return EFI_ACCESS_DENIED;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+
+/**
+  Register image authenticaion status check handler.
+
+  @param  ImageHandle   ImageHandle of the loaded driver.
+  @param  SystemTable   Pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS   The handlers were registered successfully.
+**/
+EFI_STATUS
+EFIAPI
+DxeImageAuthenticationStatusLibConstructor (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  return RegisterSecurity2Handler (
+           DxeImageAuthenticationStatusHandler,
+           EFI_AUTH_OPERATION_AUTHENTICATION_STATE
+           );
+}

Added: 
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
===================================================================
--- 
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
                          (rev 0)
+++ 
trunk/edk2/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
  2012-09-13 08:34:32 UTC (rev 13729)
@@ -0,0 +1,39 @@
+## @file
+#  The library instance provides security service of image authentication 
+#  status check in UEFI2.3.1.
+#  Authentication Status Library module supports UEFI2.3.1
+#
+# Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD 
License
+# which accompanies this distribution. The full text of the license may be 
found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = DxeImageAuthenticationStatusLib   
+  FILE_GUID                      = EB92D1DE-7C36-4680-BB88-A67E96049F72
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER 
DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER 
+  CONSTRUCTOR                    = DxeImageAuthenticationStatusLibConstructor
+
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  DxeImageAuthenticationStatusLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  SecurityManagementLib

Modified: trunk/edk2/SecurityPkg/SecurityPkg.dsc
===================================================================
--- trunk/edk2/SecurityPkg/SecurityPkg.dsc      2012-09-12 10:20:34 UTC (rev 
13728)
+++ trunk/edk2/SecurityPkg/SecurityPkg.dsc      2012-09-13 08:34:32 UTC (rev 
13729)
@@ -88,6 +88,7 @@
   SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
   SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
   SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf
+  
SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf
   
SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf
   
SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf
   
SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

Reply via email to