From 56e88e9e5f980e30f28d907e0ff442e4dc8dc5de Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 1 Aug 2017 10:59:00 +0800
Subject: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols
 twice

This patch makes Pkcs7VerifyDxe check that it has not already been
installed before installing its protocols.  This prevents the case
where loading it as an external driver (either manually, through
Driver#### variables, etc.) will refuse to add a second provider of
the API.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
---
 .../Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c     | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
index d9013212c1..0da549a6bd 100644
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@@ -1457,8 +1457,17 @@ Pkcs7VerifyDriverEntry (
   IN EFI_SYSTEM_TABLE    *SystemTable
   )
 {
-  EFI_STATUS    Status;
-  EFI_HANDLE    Handle;
+  EFI_STATUS                 Status;
+  EFI_HANDLE                 Handle;
+  EFI_PKCS7_VERIFY_PROTOCOL  Useless;
+
+  //
+  // Avoid loading a second copy if this is built as an external module
+  //
+  Status = gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (VOID **)&Useless);
+  if (!EFI_ERROR (Status)) {
+    return EFI_ABORTED;
+  }
 
   //
   // Install UEFI Pkcs7 Verification Protocol