UEFI Spec HTTP Boot Device Path, after retrieving the boot resource information, the BootURI device path node will be updated to include the BootURI information. It means the device path on the child handle will be updated after the LoadFile() service is called.
To handle this case, SecurityManagementLib ExecuteSecurityHandlers API is updated as the below: 1) Get Device handle based on Device Path 2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer. 3) Retrieve DevicePath from Device handle Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming....@intel.com> --- .../DxeSecurityManagementLib.c | 22 ++++++++++++++++++++-- .../DxeSecurityManagementLib.inf | 8 ++++++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c index 6a50937..b96d786 100644 --- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c +++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c @@ -1,9 +1,9 @@ /** @file Provides generic security measurement functions for DXE module. -Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php @@ -11,14 +11,17 @@ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include <PiDxe.h> +#include <Protocol/LoadFile.h> #include <Library/DebugLib.h> #include <Library/DxeServicesLib.h> #include <Library/MemoryAllocationLib.h> #include <Library/SecurityManagementLib.h> +#include <Library/DevicePathLib.h> +#include <Library/UefiBootServicesTableLib.h> #define SECURITY_HANDLER_TABLE_SIZE 0x10 // // Secruity Operation on Image and none Image. @@ -217,10 +220,13 @@ ExecuteSecurityHandlers ( UINT32 Index; EFI_STATUS Status; UINT32 HandlerAuthenticationStatus; VOID *FileBuffer; UINTN FileSize; + EFI_HANDLE Handle; + EFI_DEVICE_PATH_PROTOCOL *Node; + EFI_DEVICE_PATH_PROTOCOL *FilePathToVerfiy; if (FilePath == NULL) { return EFI_INVALID_PARAMETER; } @@ -233,34 +239,43 @@ ExecuteSecurityHandlers ( Status = EFI_SUCCESS; FileBuffer = NULL; FileSize = 0; HandlerAuthenticationStatus = AuthenticationStatus; + FilePathToVerfiy = (EFI_DEVICE_PATH_PROTOCOL *) FilePath; // // Run security handler in same order to their registered list // for (Index = 0; Index < mNumberOfSecurityHandler; Index ++) { if ((mSecurityTable[Index].SecurityOperation & EFI_AUTH_OPERATION_IMAGE_REQUIRED) == EFI_AUTH_OPERATION_IMAGE_REQUIRED) { // // Try get file buffer when the handler requires image buffer. // if (FileBuffer == NULL) { + Node = FilePathToVerfiy; + Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle); // // Try to get image by FALSE boot policy for the exact boot file path. // FileBuffer = GetFileBufferByFilePath (FALSE, FilePath, &FileSize, &AuthenticationStatus); if (FileBuffer == NULL) { // // Try to get image by TRUE boot policy for the inexact boot file path. // FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus); } + if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) { + // + // LoadFile () may cause the device path of the Handle be updated. + // + FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node); + } } } Status = mSecurityTable[Index].SecurityHandler ( HandlerAuthenticationStatus, - FilePath, + FilePathToVerfiy, FileBuffer, FileSize ); if (EFI_ERROR (Status)) { break; @@ -268,10 +283,13 @@ ExecuteSecurityHandlers ( } if (FileBuffer != NULL) { FreePool (FileBuffer); } + if (FilePathToVerfiy != FilePath) { + FreePool (FilePathToVerfiy); + } return Status; } /** diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf index 60ac8e7..0f8a13b 100644 --- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf +++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf @@ -1,11 +1,11 @@ ## @file # Instance of SecurityManagementLib Library for DXE phase. # # This library provides generic security measurement functions for DXE module. # -# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php @@ -39,6 +39,10 @@ [LibraryClasses] MemoryAllocationLib DebugLib DxeServicesLib - + DevicePathLib + UefiBootServicesTableLib + +[Protocols] + gEfiLoadFileProtocolGuid ## SOMETIMES_CONSUMES -- 1.9.5.msysgit.0 ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
