efi_loader: image_loader: support image authentication

[oweals/u-boot.git] / lib / efi_loader / efi_boottime.c

diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
index 3b79a88a480f6a7e294c2b1a65beff0b23fa0f4e..a3f11eaf6228db0c925654b6f2912b5a801adcf7 100644 (file)
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -1882,12 +1882,12 @@ efi_status_t EFIAPI efi_load_image(bool boot_policy,
        efi_dp_split_file_path(file_path, &dp, &fp);
        ret = efi_setup_loaded_image(dp, fp, image_obj, &info);
        if (ret == EFI_SUCCESS)
-               ret = efi_load_pe(*image_obj, dest_buffer, info);
+               ret = efi_load_pe(*image_obj, dest_buffer, source_size, info);
        if (!source_buffer)
                /* Release buffer to which file was loaded */
                efi_free_pages((uintptr_t)dest_buffer,
                               efi_size_in_pages(source_size));
-       if (ret == EFI_SUCCESS) {
+       if (ret == EFI_SUCCESS || ret == EFI_SECURITY_VIOLATION) {
                info->system_table = &systab;
                info->parent_handle = parent_image;
        } else {
@@ -2885,10 +2885,16 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle,
 
        EFI_ENTRY("%p, %p, %p", image_handle, exit_data_size, exit_data);
 
+       if (!efi_search_obj(image_handle))
+               return EFI_EXIT(EFI_INVALID_PARAMETER);
+
        /* Check parameters */
        if (image_obj->header.type != EFI_OBJECT_TYPE_LOADED_IMAGE)
                return EFI_EXIT(EFI_INVALID_PARAMETER);
 
+       if (image_obj->auth_status != EFI_IMAGE_AUTH_PASSED)
+               return EFI_EXIT(EFI_SECURITY_VIOLATION);
+
        ret = EFI_CALL(efi_open_protocol(image_handle, &efi_guid_loaded_image,
                                         &info, NULL, NULL,
                                         EFI_OPEN_PROTOCOL_GET_PROTOCOL));