SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi

If FirmwareVolumeShadow PPI is available, then use it to
shadow FVs to memory.  Otherwise fallback to CopyMem().

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Patel Umang <umang.patel@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c
index 846605cda1e416c55575130242a0f82da2af13bb..6288dde16b2aa56fc5ee73380b118338ee0a0abc 100644 (file)
--- a/SecurityPkg/FvReportPei/FvReportPei.c
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@@ -114,12 +114,13 @@ VerifyHashedFv (
   IN EFI_BOOT_MODE   BootMode\r
   )\r
 {\r
-  UINTN                FvIndex;\r
-  CONST HASH_ALG_INFO  *AlgInfo;\r
-  UINT8                *HashValue;\r
-  UINT8                *FvHashValue;\r
-  VOID                 *FvBuffer;\r
-  EFI_STATUS           Status;\r
+  UINTN                                 FvIndex;\r
+  CONST HASH_ALG_INFO                   *AlgInfo;\r
+  UINT8                                 *HashValue;\r
+  UINT8                                 *FvHashValue;\r
+  VOID                                  *FvBuffer;\r
+  EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI  *FvShadowPpi;\r
+  EFI_STATUS                            Status;\r
 \r
   if ((HashInfo == NULL) ||\r
       (HashInfo->HashSize == 0) ||\r
@@ -191,8 +192,30 @@ VerifyHashedFv (
     // Copy FV to permanent memory to avoid potential TOC/TOU.\r
     //\r
     FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));\r
+\r
     ASSERT (FvBuffer != NULL);\r
-    CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length);\r
+    Status = PeiServicesLocatePpi (\r
+               &gEdkiiPeiFirmwareVolumeShadowPpiGuid,\r
+               0,\r
+               NULL,\r
+               (VOID **)&FvShadowPpi\r
+               );\r
+\r
+    if (!EFI_ERROR (Status)) {\r
+      Status = FvShadowPpi->FirmwareVolumeShadow (\r
+                              (EFI_PHYSICAL_ADDRESS)FvInfo[FvIndex].Base,\r
+                              FvBuffer,\r
+                              (UINTN)FvInfo[FvIndex].Length\r
+                              );\r
+    }\r
+\r
+    if (EFI_ERROR (Status)) {\r
+      CopyMem (\r
+        FvBuffer,\r
+        (CONST VOID *)(UINTN)FvInfo[FvIndex].Base,\r
+        (UINTN)FvInfo[FvIndex].Length\r
+        );\r
+    }\r
 \r
     if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) {\r
       Status = EFI_ABORTED;\r

diff --git a/SecurityPkg/FvReportPei/FvReportPei.h b/SecurityPkg/FvReportPei/FvReportPei.h
index 92504a3c51e18228c46860941e8c8bfb3fc26eb4..07ffb2f5768cf90c911fda6a886e86ac8e968ce3 100644 (file)
--- a/SecurityPkg/FvReportPei/FvReportPei.h
+++ b/SecurityPkg/FvReportPei/FvReportPei.h
@@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <IndustryStandard/Tpm20.h>\r
 \r
 #include <Ppi/FirmwareVolumeInfoStoredHashFv.h>\r
+#include <Ppi/FirmwareVolumeShadowPpi.h>\r
 \r
 #include <Library/PeiServicesLib.h>\r
 #include <Library/PcdLib.h>\r

diff --git a/SecurityPkg/FvReportPei/FvReportPei.inf b/SecurityPkg/FvReportPei/FvReportPei.inf
index 40840688976574757fff5aa4278140a19cfac2f0..4246fb75ebaa25996642c582a4bdc7d9d2f940e4 100644 (file)
--- a/SecurityPkg/FvReportPei/FvReportPei.inf
+++ b/SecurityPkg/FvReportPei/FvReportPei.inf
@@ -46,6 +46,7 @@
 [Ppis]\r
   gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid   ## PRODUCES\r
   gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid  ## CONSUMES\r
+  gEdkiiPeiFirmwareVolumeShadowPpiGuid            ## CONSUMES\r
 \r
 [Pcd]\r
   gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass\r