diff options
| author | Umang Patel <umang.patel@intel.com> | 2023-03-21 17:02:34 -0700 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-03-27 16:25:51 +0000 |
| commit | 144028626e0072c2c4fdfcc0fe1b72de319bdd2f (patch) | |
| tree | 6d5ed63c68c45920af4347688d7d66daf00bd49f /SecurityPkg | |
| parent | c8e631588b9591489d0219db1d14664e10367ecd (diff) | |
| download | edk2-144028626e0072c2c4fdfcc0fe1b72de319bdd2f.tar.gz | |
SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi
If FirmwareVolumeShadow PPI is available, then use it to
shadow FVs to memory. Otherwise fallback to CopyMem().
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Patel Umang <umang.patel@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Diffstat (limited to 'SecurityPkg')
| -rw-r--r-- | SecurityPkg/FvReportPei/FvReportPei.c | 37 | ||||
| -rw-r--r-- | SecurityPkg/FvReportPei/FvReportPei.h | 1 | ||||
| -rw-r--r-- | SecurityPkg/FvReportPei/FvReportPei.inf | 1 |
3 files changed, 32 insertions, 7 deletions
diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c index 846605cda1..6288dde16b 100644 --- a/SecurityPkg/FvReportPei/FvReportPei.c +++ b/SecurityPkg/FvReportPei/FvReportPei.c @@ -114,12 +114,13 @@ VerifyHashedFv ( IN EFI_BOOT_MODE BootMode
)
{
- UINTN FvIndex;
- CONST HASH_ALG_INFO *AlgInfo;
- UINT8 *HashValue;
- UINT8 *FvHashValue;
- VOID *FvBuffer;
- EFI_STATUS Status;
+ UINTN FvIndex;
+ CONST HASH_ALG_INFO *AlgInfo;
+ UINT8 *HashValue;
+ UINT8 *FvHashValue;
+ VOID *FvBuffer;
+ EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI *FvShadowPpi;
+ EFI_STATUS Status;
if ((HashInfo == NULL) ||
(HashInfo->HashSize == 0) ||
@@ -191,8 +192,30 @@ VerifyHashedFv ( // Copy FV to permanent memory to avoid potential TOC/TOU.
//
FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));
+
ASSERT (FvBuffer != NULL);
- CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length);
+ Status = PeiServicesLocatePpi (
+ &gEdkiiPeiFirmwareVolumeShadowPpiGuid,
+ 0,
+ NULL,
+ (VOID **)&FvShadowPpi
+ );
+
+ if (!EFI_ERROR (Status)) {
+ Status = FvShadowPpi->FirmwareVolumeShadow (
+ (EFI_PHYSICAL_ADDRESS)FvInfo[FvIndex].Base,
+ FvBuffer,
+ (UINTN)FvInfo[FvIndex].Length
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ CopyMem (
+ FvBuffer,
+ (CONST VOID *)(UINTN)FvInfo[FvIndex].Base,
+ (UINTN)FvInfo[FvIndex].Length
+ );
+ }
if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) {
Status = EFI_ABORTED;
diff --git a/SecurityPkg/FvReportPei/FvReportPei.h b/SecurityPkg/FvReportPei/FvReportPei.h index 92504a3c51..07ffb2f576 100644 --- a/SecurityPkg/FvReportPei/FvReportPei.h +++ b/SecurityPkg/FvReportPei/FvReportPei.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <IndustryStandard/Tpm20.h>
#include <Ppi/FirmwareVolumeInfoStoredHashFv.h>
+#include <Ppi/FirmwareVolumeShadowPpi.h>
#include <Library/PeiServicesLib.h>
#include <Library/PcdLib.h>
diff --git a/SecurityPkg/FvReportPei/FvReportPei.inf b/SecurityPkg/FvReportPei/FvReportPei.inf index 4084068897..4246fb75eb 100644 --- a/SecurityPkg/FvReportPei/FvReportPei.inf +++ b/SecurityPkg/FvReportPei/FvReportPei.inf @@ -46,6 +46,7 @@ [Ppis]
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## PRODUCES
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid ## CONSUMES
+ gEdkiiPeiFirmwareVolumeShadowPpiGuid ## CONSUMES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass
|