SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.c File Reference


Functions

UINT32 GetFileType (IN CONST EFI_DEVICE_PATH_PROTOCOL *File)
EFI_STATUS GetAccessControl (OUT EFI_USER_INFO_ACCESS_CONTROL **AccessControl, IN UINT32 AccessType)
UINTN GetFileName (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath, OUT UINT8 **FileName, OUT UINTN *FileNameOffset)
BOOLEAN CheckDevicePath (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath1, IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath2)
BOOLEAN IsDevicePathInList (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath, IN UINT32 AccessType)
BOOLEAN VerifyDevicePath (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
BOOLEAN IsBootOption (IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
VOID PutDefferedImageInfo (IN CONST EFI_DEVICE_PATH_PROTOCOL *ImageDevicePath, IN VOID *Image, IN UINTN ImageSize)
EFI_STATUS EFIAPI GetDefferedImageInfo (IN EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *This, IN UINTN ImageIndex, OUT EFI_DEVICE_PATH_PROTOCOL **ImageDevicePath, OUT VOID **Image, OUT UINTN *ImageSize, OUT BOOLEAN *BootOption)
EFI_STATUS EFIAPI DxeDeferImageLoadHandler (IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *File, IN VOID *FileBuffer, IN UINTN FileSize, IN BOOLEAN BootPolicy)
VOID EFIAPI FindUserManagerProtocol (IN EFI_EVENT Event, IN VOID *Context)
EFI_STATUS EFIAPI DxeDeferImageLoadLibConstructor (IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)

Variables

EFI_HANDLE mDeferredImageHandle = NULL
BOOLEAN mIsProtocolInstalled = FALSE
EFI_USER_MANAGER_PROTOCOL * mUserManager = NULL
DEFERRED_IMAGE_TABLE mDeferredImage
EFI_DEFERRED_IMAGE_LOAD_PROTOCOL gDeferredImageLoad

Detailed Description

Implement defer image load services for user identification in UEFI2.2.

Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

BOOLEAN CheckDevicePath ( IN CONST EFI_DEVICE_PATH_PROTOCOL *  DevicePath1,
IN CONST EFI_DEVICE_PATH_PROTOCOL *  DevicePath2 
)

Check whether the DevicePath2 is identical with DevicePath1, or identical with DevicePath1's child device path.

If DevicePath2 is identical with DevicePath1, or with DevicePath1's child device path, then TRUE returned. Otherwise, FALSE is returned.

If DevicePath1 is NULL, then ASSERT(). If DevicePath2 is NULL, then ASSERT().

Parameters:
[in] DevicePath1 A pointer to a device path.
[in] DevicePath2 A pointer to a device path.
Return values:
TRUE Two device paths are identical , or DevicePath2 is DevicePath1's child device path.
FALSE Two device paths are not identical, and DevicePath2 is not DevicePath1's child device path.

References BOOLEAN(), GetFileName(), TRUE, and UINTN().

Referenced by IsBootOption(), and IsDevicePathInList().

EFI_STATUS EFIAPI DxeDeferImageLoadHandler ( IN UINT32  AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *  File,
IN VOID *  FileBuffer,
IN UINTN  FileSize,
IN BOOLEAN  BootPolicy 
)

Provides the service of deferring image load based on platform policy control, and installs Deferred Image Load Protocol.

Parameters:
[in] AuthenticationStatus This is the authentication status returned from the security measurement services for the input file.
[in] File This is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging.
[in] FileBuffer File buffer matches the input file device path.
[in] FileSize Size of File buffer matches the input file device path.
[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
Return values:
EFI_SUCCESS FileBuffer is NULL and current user has permission to start UEFI device drivers on the device path specified by DevicePath.
EFI_SUCCESS The file specified by DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may use the file.
EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no permission to start UEFI device drivers on the device path specified by DevicePath.
EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load drivers from the device path specified by DevicePath. The image has been added into the list of the deferred images.
EFI_ACCESS_DENIED The file specified by File and FileBuffer did not authenticate, and the platform policy dictates that the DXE Foundation many not use File.

References EFI_STATUS(), gDeferredImageLoad, GetFileType(), mDeferredImageHandle, mIsProtocolInstalled, mUserManager, PutDefferedImageInfo(), TRUE, and VerifyDevicePath().

Referenced by DxeDeferImageLoadLibConstructor().

EFI_STATUS EFIAPI DxeDeferImageLoadLibConstructor ( IN EFI_HANDLE  ImageHandle,
IN EFI_SYSTEM_TABLE *  SystemTable 
)

Register security handler for deferred image load.

Parameters:
[in] ImageHandle ImageHandle of the loaded driver.
[in] SystemTable Pointer to the EFI System Table.
Return values:
EFI_SUCCESS The handlers were registered successfully.

References DxeDeferImageLoadHandler(), and FindUserManagerProtocol().

VOID EFIAPI FindUserManagerProtocol ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Locate user manager protocol when user manager is installed.

Parameters:
[in] Event The Event that is being processed, not used.
[in] Context Event Context, not used.

References mUserManager.

Referenced by DxeDeferImageLoadLibConstructor().

EFI_STATUS GetAccessControl ( OUT EFI_USER_INFO_ACCESS_CONTROL **  AccessControl,
IN UINT32  AccessType 
)

Get current user's access right.

Parameters:
[out] AccessControl Points to the user's access control data, the caller should free data buffer.
[in] AccessType The type of user access control.
Return values:
EFI_SUCCESS Get current user access control successfully
others Fail to get current user access control

References EFI_STATUS(), TRUE, and UINTN().

Referenced by IsDevicePathInList().

EFI_STATUS EFIAPI GetDefferedImageInfo ( IN EFI_DEFERRED_IMAGE_LOAD_PROTOCOL *  This,
IN UINTN  ImageIndex,
OUT EFI_DEVICE_PATH_PROTOCOL **  ImageDevicePath,
OUT VOID **  Image,
OUT UINTN *  ImageSize,
OUT BOOLEAN *  BootOption 
)

Returns information about a deferred image.

This function returns information about a single deferred image. The deferred images are numbered consecutively, starting with 0. If there is no image which corresponds to ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by iteratively calling this function until EFI_NOT_FOUND is returned. Image may be NULL and ImageSize set to 0 if the decision to defer execution was made because of the location of the executable image, rather than its actual contents.

Parameters:
[in] This Points to this instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL.
[in] ImageIndex Zero-based index of the deferred index.
[out] ImageDevicePath On return, points to a pointer to the device path of the image. The device path should not be freed by the caller.
[out] Image On return, points to the first byte of the image or NULL if the image is not available. The image should not be freed by the caller unless LoadImage() has been successfully called.
[out] ImageSize On return, the size of the image, or 0 if the image is not available.
[out] BootOption On return, points to TRUE if the image was intended as a boot option or FALSE if it was not intended as a boot option.
Return values:
EFI_SUCCESS Image information returned successfully.
EFI_NOT_FOUND ImageIndex does not refer to a valid image.
EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or BootOption is NULL.

References DEFERRED_IMAGE_INFO::BootOption, DEFERRED_IMAGE_TABLE::Count, DEFERRED_IMAGE_INFO::Image, DEFERRED_IMAGE_INFO::ImageDevicePath, DEFERRED_IMAGE_TABLE::ImageInfo, and DEFERRED_IMAGE_INFO::ImageSize.

UINTN GetFileName ( IN CONST EFI_DEVICE_PATH_PROTOCOL *  DevicePath,
OUT UINT8 **  FileName,
OUT UINTN *  FileNameOffset 
)

Get file name from device path.

The file name may contain one or more device path node. Save the file name in a buffer if file name is found. The caller is responsible to free the buffer.

Parameters:
[in] DevicePath A pointer to a device path.
[out] FileName The callee allocated buffer to save the file name if file name is found.
[out] FileNameOffset The offset of file name in device path if file name is found.
Return values:
UINTN The file name length. 0 means file name is not found.

References UINTN().

Referenced by CheckDevicePath().

UINT32 GetFileType ( IN CONST EFI_DEVICE_PATH_PROTOCOL *  File  ) 

Get the image type.

Parameters:
[in] File This is a pointer to the device path of the file that is being dispatched.
Returns:
UINT32 Image Type

References EFI_STATUS(), IMAGE_FROM_FIXED_MEDIA, IMAGE_FROM_FV, IMAGE_FROM_OPTION_ROM, IMAGE_FROM_REMOVABLE_MEDIA, and IMAGE_UNKNOWN.

Referenced by DxeDeferImageLoadHandler().

BOOLEAN IsBootOption ( IN CONST EFI_DEVICE_PATH_PROTOCOL *  DevicePath  ) 

Check the image pointed by DevicePath is a boot option or not.

Parameters:
[in] DevicePath Points to device path.
Return values:
TURE The image pointed by DevicePath is a boot option.
FALSE The image pointed by DevicePath is not a boot option.

References CheckDevicePath(), EFI_STATUS(), TRUE, and UINTN().

Referenced by PutDefferedImageInfo().

BOOLEAN IsDevicePathInList ( IN CONST EFI_DEVICE_PATH_PROTOCOL *  DevicePath,
IN UINT32  AccessType 
)

Check whether the image pointed to by DevicePath is in the device path list specified by AccessType.

Parameters:
[in] DevicePath Points to device path.
[in] AccessType The type of user access control.
Return values:
TURE The DevicePath is in the specified List.
FALSE The DevicePath is not in the specified List.

References CheckDevicePath(), EFI_STATUS(), GetAccessControl(), TRUE, and UINTN().

Referenced by VerifyDevicePath().

VOID PutDefferedImageInfo ( IN CONST EFI_DEVICE_PATH_PROTOCOL *  ImageDevicePath,
IN VOID *  Image,
IN UINTN  ImageSize 
)

Add the image info to a deferred image list.

Parameters:
[in] ImageDevicePath A pointer to the device path of a image.
[in] Image Points to the first byte of the image, or NULL if the image is not available.
[in] ImageSize The size of the image, or 0 if the image is not available.

References DEFERRED_IMAGE_INFO::BootOption, DEFERRED_IMAGE_TABLE::Count, DEFERRED_IMAGE_INFO::Image, DEFERRED_IMAGE_INFO::ImageDevicePath, DEFERRED_IMAGE_TABLE::ImageInfo, DEFERRED_IMAGE_INFO::ImageSize, IsBootOption(), and UINTN().

Referenced by DxeDeferImageLoadHandler().

BOOLEAN VerifyDevicePath ( IN CONST EFI_DEVICE_PATH_PROTOCOL *  DevicePath  ) 

Check whether the image pointed to by DevicePath is permitted to load.

Parameters:
[in] DevicePath Points to device path
Return values:
TURE The image pointed by DevicePath is permitted to load.
FALSE The image pointed by DevicePath is forbidden to load.

References IsDevicePathInList(), and TRUE.

Referenced by DxeDeferImageLoadHandler().


Variable Documentation

EFI_DEFERRED_IMAGE_LOAD_PROTOCOL gDeferredImageLoad

Initial value:

Referenced by DxeDeferImageLoadHandler().

Initial value:

 {
  0,       
  NULL     
}

EFI_HANDLE mDeferredImageHandle = NULL

BOOLEAN mIsProtocolInstalled = FALSE

EFI_USER_MANAGER_PROTOCOL* mUserManager = NULL


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1