This patch makes Pkcs7VerifyDxe check that it has not already been installed before installing its protocols. This prevents the case where loading it as an external driver (either manually, through Driver#### variables, etc.) will refuse to add a second provider of the API.
v2 - return EFI_ABORTED as per Michael Kinney's feedback. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Peter Jones <pjo...@redhat.com> --- SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c index 07fdf55..e5ec1b4 100644 --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -1030,8 +1030,17 @@ Pkcs7VerifyDriverEntry ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - EFI_HANDLE Handle; + EFI_STATUS Status; + EFI_HANDLE Handle; + EFI_PKCS7_VERIFY_PROTOCOL Useless; + + // + // Avoid loading a second copy if this is built as an external module. + // + Status = gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (VOID **) &Useless); + if (!EFI_ERROR (Status)) { + return EFI_ABORTED; + } // // Install UEFI Pkcs7 Verification Protocol -- 2.10.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel