MdeModulePkg/SecurityStubDxe: Defer 3rd party image before EndOfDxe
The images not from FV are treated as 3rd party images. They will be deferred to dispatch when they are dispatched before EndOfDxe event. It's a new feature in the BS.LoadImage() path which can disallow executing 3rd party images before EndOfDxe and re-execute them after EndOfDxe (through EfiBootManagerDispatchDeferredImages introduced in next commit). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com> Reviewed-by: Sunny Wang <sunnywang@hpe.com>
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
This driver produces Security2 and Security architectural protocol based on SecurityManagementLib.
|
||||
|
||||
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
@@ -20,6 +20,7 @@
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Library/UefiDriverEntryPoint.h>
|
||||
#include <Library/SecurityManagementLib.h>
|
||||
#include "Defer3rdPartyImageLoad.h"
|
||||
|
||||
//
|
||||
// Handle for the Security Architectural Protocol instance produced by this driver
|
||||
@@ -140,6 +141,15 @@ Security2StubAuthenticate (
|
||||
IN BOOLEAN BootPolicy
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
|
||||
if (FileBuffer != NULL) {
|
||||
Status = Defer3rdPartyImageLoad (File, BootPolicy);
|
||||
if (EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
|
||||
return ExecuteSecurity2Handlers (EFI_AUTH_OPERATION_VERIFY_IMAGE |
|
||||
EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD |
|
||||
EFI_AUTH_OPERATION_MEASURE_IMAGE |
|
||||
@@ -200,5 +210,7 @@ SecurityStubInitialize (
|
||||
);
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
|
||||
Defer3rdPartyImageLoadInitialize ();
|
||||
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
Reference in New Issue
Block a user