edk2[17797] MdeModulePkg: SecurityManagementLib to handle LoadFile DevicePath

lgao4 Wed, 01 Jul 2015 21:28:06 -0700

Revision: 17797
          http://sourceforge.net/p/edk2/code/17797
Author:   lgao4
Date:     2015-07-02 04:27:32 +0000 (Thu, 02 Jul 2015)
Log Message:
-----------
MdeModulePkg: SecurityManagementLib to handle LoadFile DevicePath


UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.

To handle this case, SecurityManagementLib ExecuteSecurityHandlers API
is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File 
Buffer.
3) Retrieve DevicePath from Device handle

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <[email protected]>
Reviewed-by: Ruiyu Ni <[email protected]>

Modified Paths:
--------------
    
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
    
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf

Modified: 
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
===================================================================
--- 
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
 2015-07-02 03:42:34 UTC (rev 17796)
+++ 
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
 2015-07-02 04:27:32 UTC (rev 17797)
@@ -1,7 +1,7 @@
 /** @file
   Provides generic security measurement functions for DXE module.
 
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD 
License
 which accompanies this distribution.  The full text of the license may be 
found at
@@ -13,10 +13,13 @@
 **/
 
 #include <PiDxe.h>
+#include <Protocol/LoadFile.h>
 #include <Library/DebugLib.h>
 #include <Library/DxeServicesLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/SecurityManagementLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/UefiBootServicesTableLib.h>
 
 #define SECURITY_HANDLER_TABLE_SIZE   0x10
 
@@ -219,6 +222,9 @@
   UINT32        HandlerAuthenticationStatus;
   VOID          *FileBuffer;
   UINTN         FileSize;
+  EFI_HANDLE    Handle;
+  EFI_DEVICE_PATH_PROTOCOL        *Node;
+  EFI_DEVICE_PATH_PROTOCOL        *FilePathToVerfiy;
   
   if (FilePath == NULL) {
     return EFI_INVALID_PARAMETER;
@@ -235,6 +241,7 @@
   FileBuffer                  = NULL;
   FileSize                    = 0;
   HandlerAuthenticationStatus = AuthenticationStatus;
+  FilePathToVerfiy            = (EFI_DEVICE_PATH_PROTOCOL *) FilePath;
   //
   // Run security handler in same order to their registered list
   //
@@ -244,6 +251,8 @@
       // Try get file buffer when the handler requires image buffer.
       //
       if (FileBuffer == NULL) {
+        Node   = FilePathToVerfiy;
+        Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, 
&Handle);
         //
         // Try to get image by FALSE boot policy for the exact boot file path.
         //
@@ -254,11 +263,17 @@
           //
           FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, 
&AuthenticationStatus);
         }
+        if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {
+          //
+          // LoadFile () may cause the device path of the Handle be updated.
+          //
+          FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), 
Node);
+        }
       }
     }
     Status = mSecurityTable[Index].SecurityHandler (
                HandlerAuthenticationStatus,
-               FilePath,
+               FilePathToVerfiy,
                FileBuffer,
                FileSize
                );
@@ -270,6 +285,9 @@
   if (FileBuffer != NULL) {
     FreePool (FileBuffer);
   }
+  if (FilePathToVerfiy != FilePath) {
+    FreePool (FilePathToVerfiy);
+  }
 
   return Status;
 }

Modified: 
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
===================================================================
--- 
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
       2015-07-02 03:42:34 UTC (rev 17796)
+++ 
trunk/edk2/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
       2015-07-02 04:27:32 UTC (rev 17797)
@@ -3,7 +3,7 @@
 #
 # This library provides generic security measurement functions for DXE module.
 #
-#  Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
 #
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD 
License
@@ -41,4 +41,8 @@
   MemoryAllocationLib
   DebugLib
   DxeServicesLib
-  
+  DevicePathLib
+  UefiBootServicesTableLib
+
+[Protocols]
+  gEfiLoadFileProtocolGuid                      ## SOMETIMES_CONSUMES


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

edk2[17797] MdeModulePkg: SecurityManagementLib to handle LoadFile DevicePath

Reply via email to