diff options
| author | Liming Gao <liming.gao@intel.com> | 2015-07-02 04:27:32 +0000 |
|---|---|---|
| committer | lgao4 <lgao4@Edk2> | 2015-07-02 04:27:32 +0000 |
| commit | 2b75e8cd093afeb1377dbdaa80a24e96e49f099b (patch) | |
| tree | a3e549abef885cdf015e3f160280a405d4859ccb /MdeModulePkg/Library/DxeSecurityManagementLib | |
| parent | 5015bee226c293c32c9ef2cc7669826edb5a0aed (diff) | |
| download | edk2-2b75e8cd093afeb1377dbdaa80a24e96e49f099b.tar.gz edk2-2b75e8cd093afeb1377dbdaa80a24e96e49f099b.tar.bz2 edk2-2b75e8cd093afeb1377dbdaa80a24e96e49f099b.zip | |
MdeModulePkg: SecurityManagementLib to handle LoadFile DevicePath
UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.
To handle this case, SecurityManagementLib ExecuteSecurityHandlers API
is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer.
3) Retrieve DevicePath from Device handle
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17797 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdeModulePkg/Library/DxeSecurityManagementLib')
| -rw-r--r-- | MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c | 22 | ||||
| -rw-r--r-- | MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf | 8 |
2 files changed, 26 insertions, 4 deletions
diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c index 6a50937ade..b96d78664d 100644 --- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c +++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c @@ -1,7 +1,7 @@ /** @file
Provides generic security measurement functions for DXE module.
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -13,10 +13,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
#include <PiDxe.h>
+#include <Protocol/LoadFile.h>
#include <Library/DebugLib.h>
#include <Library/DxeServicesLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/SecurityManagementLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/UefiBootServicesTableLib.h>
#define SECURITY_HANDLER_TABLE_SIZE 0x10
@@ -219,6 +222,9 @@ ExecuteSecurityHandlers ( UINT32 HandlerAuthenticationStatus;
VOID *FileBuffer;
UINTN FileSize;
+ EFI_HANDLE Handle;
+ EFI_DEVICE_PATH_PROTOCOL *Node;
+ EFI_DEVICE_PATH_PROTOCOL *FilePathToVerfiy;
if (FilePath == NULL) {
return EFI_INVALID_PARAMETER;
@@ -235,6 +241,7 @@ ExecuteSecurityHandlers ( FileBuffer = NULL;
FileSize = 0;
HandlerAuthenticationStatus = AuthenticationStatus;
+ FilePathToVerfiy = (EFI_DEVICE_PATH_PROTOCOL *) FilePath;
//
// Run security handler in same order to their registered list
//
@@ -244,6 +251,8 @@ ExecuteSecurityHandlers ( // Try get file buffer when the handler requires image buffer.
//
if (FileBuffer == NULL) {
+ Node = FilePathToVerfiy;
+ Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);
//
// Try to get image by FALSE boot policy for the exact boot file path.
//
@@ -254,11 +263,17 @@ ExecuteSecurityHandlers ( //
FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus);
}
+ if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {
+ //
+ // LoadFile () may cause the device path of the Handle be updated.
+ //
+ FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node);
+ }
}
}
Status = mSecurityTable[Index].SecurityHandler (
HandlerAuthenticationStatus,
- FilePath,
+ FilePathToVerfiy,
FileBuffer,
FileSize
);
@@ -270,6 +285,9 @@ ExecuteSecurityHandlers ( if (FileBuffer != NULL) {
FreePool (FileBuffer);
}
+ if (FilePathToVerfiy != FilePath) {
+ FreePool (FilePathToVerfiy);
+ }
return Status;
}
diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf index 60ac8e79f2..0f8a13b99d 100644 --- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf +++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf @@ -3,7 +3,7 @@ #
# This library provides generic security measurement functions for DXE module.
#
-# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -41,4 +41,8 @@ MemoryAllocationLib
DebugLib
DxeServicesLib
-
+ DevicePathLib
+ UefiBootServicesTableLib
+
+[Protocols]
+ gEfiLoadFileProtocolGuid ## SOMETIMES_CONSUMES
|