/** @file\r
Provides generic security measurement functions for DXE module.\r
\r
-Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
**/\r
\r
#include <PiDxe.h>\r
+#include <Protocol/LoadFile.h>\r
#include <Library/DebugLib.h>\r
#include <Library/DxeServicesLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/SecurityManagementLib.h>\r
+#include <Library/DevicePathLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
\r
#define SECURITY_HANDLER_TABLE_SIZE 0x10\r
\r
RETURN_STATUS\r
EFIAPI\r
ReallocateSecurityHandlerTable (\r
+ VOID\r
)\r
{\r
//\r
//\r
// Make sure new auth operation can be recognized.\r
//\r
- ASSERT ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK | EFI_AUTH_OPERATION_IMAGE_REQUIRED)) == 0);\r
+ ASSERT ((CheckAuthOperation & ~(EFI_AUTH_IMAGE_OPERATION_MASK | EFI_AUTH_OPERATION_AUTHENTICATION_STATE | EFI_AUTH_OPERATION_IMAGE_REQUIRED)) == 0);\r
\r
//\r
// When current operation includes measure image operation, \r
UINT32 HandlerAuthenticationStatus;\r
VOID *FileBuffer;\r
UINTN FileSize;\r
+ EFI_HANDLE Handle;\r
+ EFI_DEVICE_PATH_PROTOCOL *Node;\r
+ EFI_DEVICE_PATH_PROTOCOL *FilePathToVerfiy;\r
\r
if (FilePath == NULL) {\r
return EFI_INVALID_PARAMETER;\r
FileBuffer = NULL;\r
FileSize = 0;\r
HandlerAuthenticationStatus = AuthenticationStatus;\r
+ FilePathToVerfiy = (EFI_DEVICE_PATH_PROTOCOL *) FilePath;\r
//\r
// Run security handler in same order to their registered list\r
//\r
// Try get file buffer when the handler requires image buffer.\r
//\r
if (FileBuffer == NULL) {\r
+ Node = FilePathToVerfiy;\r
+ Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);\r
//\r
// Try to get image by FALSE boot policy for the exact boot file path.\r
//\r
//\r
FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus);\r
}\r
+ if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {\r
+ //\r
+ // LoadFile () may cause the device path of the Handle be updated.\r
+ //\r
+ FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node);\r
+ }\r
}\r
}\r
Status = mSecurityTable[Index].SecurityHandler (\r
HandlerAuthenticationStatus,\r
- FilePath,\r
+ FilePathToVerfiy,\r
FileBuffer,\r
FileSize\r
);\r
if (FileBuffer != NULL) {\r
FreePool (FileBuffer);\r
}\r
+ if (FilePathToVerfiy != FilePath) {\r
+ FreePool (FilePathToVerfiy);\r
+ }\r
\r
return Status;\r
}\r
RETURN_STATUS\r
EFIAPI\r
ReallocateSecurity2HandlerTable (\r
+ VOID\r
)\r
{\r
//\r