MdeModulePkg/SecurityStubDxe: Defer 3rd party image before EndOfDxe

The images not from FV are treated as 3rd party images. They will
be deferred to dispatch when they are dispatched before EndOfDxe
event.
It's a new feature in the BS.LoadImage() path which can disallow
executing 3rd party images before EndOfDxe and re-execute them
after EndOfDxe (through EfiBootManagerDispatchDeferredImages
introduced in next commit).

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
This commit is contained in:
Ruiyu Ni
2016-10-31 16:31:44 +08:00
parent 83155d7eb4
commit 8be37a5cee
4 changed files with 468 additions and 2 deletions

View File

@@ -1,7 +1,7 @@
## @file
# This driver produces security2 and security architectural protocol based on SecurityManagementLib.
#
# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -29,6 +29,8 @@
[Sources]
SecurityStub.c
Defer3rdPartyImageLoad.c
Defer3rdPartyImageLoad.h
[Packages]
MdePkg/MdePkg.dec
@@ -40,9 +42,13 @@
DebugLib
SecurityManagementLib
[Guids]
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
[Protocols]
gEfiSecurityArchProtocolGuid ## PRODUCES
gEfiSecurity2ArchProtocolGuid ## PRODUCES
gEfiDeferredImageLoadProtocolGuid ## PRODUCES
[Depex]
TRUE