MdeModulePkg/SecurityStubDxe: Report failure if image is load earlier

The 3rd party image should be loaded after EndOfDxe event signal and
DxeSmmReadyToLock protocol installation. But non-SMM platform doesn't
published DxeSmmReadyToLock protocol.
So the SecurityStubDxe can only depend on EndOfDxe event.

This patch enhances the SecurityStubDxe to listen on
DxeSmmReadyToLock protocol installation and if any 3rd party image
is loaded before DxeSmmReadyToLock, it reports failure.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Sunny Wang <sunnywang@hpe.com>
This commit is contained in:
Ruiyu Ni
2016-11-01 16:42:21 +08:00
parent 048bcba1bc
commit e048823f57
3 changed files with 65 additions and 1 deletions

View File

@@ -15,16 +15,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef _DEFER_3RD_PARTY_IMAGE_LOAD_H_
#define _DEFER_3RD_PARTY_IMAGE_LOAD_H_
#include <Uefi.h>
#include <PiDxe.h>
#include <Guid/EventGroup.h>
#include <Protocol/DeferredImageLoad.h>
#include <Protocol/FirmwareVolume2.h>
#include <Protocol/DxeSmmReadyToLock.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiLib.h>
#include <Library/ReportStatusCodeLib.h>
/**
Returns information about a deferred image.