MdeModulePkg/SecurityStubDxe: Defer 3rd party image before EndOfDxe

The images not from FV are treated as 3rd party images. They will be deferred to dispatch when they are dispatched before EndOfDxe event. It's a new feature in the BS.LoadImage() path which can disallow executing 3rd party images before EndOfDxe and re-execute them after EndOfDxe (through EfiBootManagerDispatchDeferredImages introduced in next commit). Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao B Zhang <chao.b.zhang@intel.com> Reviewed-by: Sunny Wang <sunnywang@hpe.com>
2016-10-31 16:31:44 +08:00
parent 83155d7eb4
commit 8be37a5cee
4 changed files with 468 additions and 2 deletions
--- a/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+++ b/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
@@ -1,7 +1,7 @@
 ## @file
 #  This driver produces security2 and security architectural protocol based on SecurityManagementLib.
 #
-#  Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+#  Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
 #  This program and the accompanying materials
 #  are licensed and made available under the terms and conditions of the BSD License
 #  which accompanies this distribution. The full text of the license may be found at
@@ -29,6 +29,8 @@

 [Sources]
  SecurityStub.c
+  Defer3rdPartyImageLoad.c
+  Defer3rdPartyImageLoad.h

 [Packages]
  MdePkg/MdePkg.dec
@@ -40,9 +42,13 @@
  DebugLib
  SecurityManagementLib

+[Guids]
+  gEfiEndOfDxeEventGroupGuid                    ## CONSUMES ## Event
+
 [Protocols]
  gEfiSecurityArchProtocolGuid                  ## PRODUCES
  gEfiSecurity2ArchProtocolGuid                 ## PRODUCES
+  gEfiDeferredImageLoadProtocolGuid             ## PRODUCES

 [Depex]
  TRUE