2 Implement defer image load services for user identification in UEFI2.2.
4 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "DxeDeferImageLoadLib.h"
18 // Handle for the Deferred Image Load Protocol instance produced by this driver.
20 EFI_HANDLE mDeferredImageHandle
= NULL
;
21 BOOLEAN mIsProtocolInstalled
= FALSE
;
22 EFI_USER_MANAGER_PROTOCOL
*mUserManager
= NULL
;
23 DEFERRED_IMAGE_TABLE mDeferredImage
= {
24 0, // Deferred image count
25 NULL
// The deferred image info
28 EFI_DEFERRED_IMAGE_LOAD_PROTOCOL gDeferredImageLoad
= {
35 @param[in] File This is a pointer to the device path of the file
36 that is being dispatched.
38 @return UINT32 Image Type
43 IN CONST EFI_DEVICE_PATH_PROTOCOL
*File
47 EFI_HANDLE DeviceHandle
;
48 EFI_DEVICE_PATH_PROTOCOL
*TempDevicePath
;
49 EFI_BLOCK_IO_PROTOCOL
*BlockIo
;
52 // First check to see if File is from a Firmware Volume
55 TempDevicePath
= (EFI_DEVICE_PATH_PROTOCOL
*)File
;
56 Status
= gBS
->LocateDevicePath (
57 &gEfiFirmwareVolume2ProtocolGuid
,
61 if (!EFI_ERROR (Status
)) {
62 Status
= gBS
->OpenProtocol (
64 &gEfiFirmwareVolume2ProtocolGuid
,
68 EFI_OPEN_PROTOCOL_TEST_PROTOCOL
70 if (!EFI_ERROR (Status
)) {
76 // Next check to see if File is from a Block I/O device
79 TempDevicePath
= (EFI_DEVICE_PATH_PROTOCOL
*)File
;
80 Status
= gBS
->LocateDevicePath (
81 &gEfiBlockIoProtocolGuid
,
85 if (!EFI_ERROR (Status
)) {
87 Status
= gBS
->OpenProtocol (
89 &gEfiBlockIoProtocolGuid
,
93 EFI_OPEN_PROTOCOL_GET_PROTOCOL
95 if (!EFI_ERROR (Status
) && BlockIo
!= NULL
) {
96 if (BlockIo
->Media
!= NULL
) {
97 if (BlockIo
->Media
->RemovableMedia
) {
99 // Block I/O is present and specifies the media is removable
101 return IMAGE_FROM_REMOVABLE_MEDIA
;
104 // Block I/O is present and specifies the media is not removable
106 return IMAGE_FROM_FIXED_MEDIA
;
113 // File is not in a Firmware Volume or on a Block I/O device, so check to see if
114 // the device path supports the Simple File System Protocol.
117 TempDevicePath
= (EFI_DEVICE_PATH_PROTOCOL
*)File
;
118 Status
= gBS
->LocateDevicePath (
119 &gEfiSimpleFileSystemProtocolGuid
,
123 if (!EFI_ERROR (Status
)) {
125 // Simple File System is present without Block I/O, so assume media is fixed.
127 return IMAGE_FROM_FIXED_MEDIA
;
131 // File is not from an FV, Block I/O or Simple File System, so the only options
132 // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC.
134 TempDevicePath
= (EFI_DEVICE_PATH_PROTOCOL
*)File
;
135 while (!IsDevicePathEndType (TempDevicePath
)) {
136 switch (DevicePathType (TempDevicePath
)) {
138 case MEDIA_DEVICE_PATH
:
139 if (DevicePathSubType (TempDevicePath
) == MEDIA_RELATIVE_OFFSET_RANGE_DP
) {
140 return IMAGE_FROM_OPTION_ROM
;
144 case MESSAGING_DEVICE_PATH
:
145 if (DevicePathSubType(TempDevicePath
) == MSG_MAC_ADDR_DP
) {
146 return IMAGE_FROM_REMOVABLE_MEDIA
;
153 TempDevicePath
= NextDevicePathNode (TempDevicePath
);
155 return IMAGE_UNKNOWN
;
160 Get current user's access right.
162 @param[out] AccessControl Points to the user's access control data, the
163 caller should free data buffer.
164 @param[in] AccessType The type of user access control.
166 @retval EFI_SUCCESS Get current user access control successfully
167 @retval others Fail to get current user access control
172 OUT EFI_USER_INFO_ACCESS_CONTROL
**AccessControl
,
177 EFI_USER_INFO_HANDLE UserInfo
;
180 EFI_USER_INFO_ACCESS_CONTROL
*Access
;
181 EFI_USER_PROFILE_HANDLE CurrentUser
;
183 EFI_USER_MANAGER_PROTOCOL
*UserManager
;
186 Status
= gBS
->LocateProtocol (
187 &gEfiUserManagerProtocolGuid
,
189 (VOID
**) &UserManager
191 if (EFI_ERROR (Status
)) {
192 return EFI_NOT_FOUND
;
196 // Get current user access information.
198 UserManager
->Current (UserManager
, &CurrentUser
);
205 // Get next user information.
207 Status
= UserManager
->GetNextInfo (UserManager
, CurrentUser
, &UserInfo
);
208 if (EFI_ERROR (Status
)) {
212 Status
= UserManager
->GetInfo (
219 if (Status
== EFI_BUFFER_TOO_SMALL
) {
223 Info
= AllocateZeroPool (InfoSize
);
224 ASSERT (Info
!= NULL
);
225 Status
= UserManager
->GetInfo (
234 if (EFI_ERROR (Status
)) {
238 ASSERT (Info
!= NULL
);
239 if (Info
->InfoType
!= EFI_USER_INFO_ACCESS_POLICY_RECORD
) {
244 // Get specified access information.
247 while (CheckLen
< Info
->InfoSize
- sizeof (EFI_USER_INFO
)) {
248 Access
= (EFI_USER_INFO_ACCESS_CONTROL
*) ((UINT8
*) (Info
+ 1) + CheckLen
);
249 if (Access
->Type
== AccessType
) {
250 *AccessControl
= AllocateZeroPool (Access
->Size
);
251 ASSERT (*AccessControl
!= NULL
);
252 CopyMem (*AccessControl
, Access
, Access
->Size
);
256 CheckLen
+= Access
->Size
;
263 return EFI_NOT_FOUND
;
267 Get file name from device path.
269 The file name may contain one or more device path node. Save the file name in a
270 buffer if file name is found. The caller is responsible to free the buffer.
272 @param[in] DevicePath A pointer to a device path.
273 @param[out] FileName The callee allocated buffer to save the file name if file name is found.
274 @param[out] FileNameOffset The offset of file name in device path if file name is found.
276 @retval UINTN The file name length. 0 means file name is not found.
281 IN CONST EFI_DEVICE_PATH_PROTOCOL
*DevicePath
,
282 OUT UINT8
**FileName
,
283 OUT UINTN
*FileNameOffset
287 EFI_DEVICE_PATH_PROTOCOL
*TmpDevicePath
;
288 EFI_DEVICE_PATH_PROTOCOL
*RootDevicePath
;
292 CHAR16 FirstNodeChar
;
295 // Get the length of DevicePath before file name.
298 RootDevicePath
= (EFI_DEVICE_PATH_PROTOCOL
*)DevicePath
;
299 while (!IsDevicePathEnd (RootDevicePath
)) {
300 if ((DevicePathType(RootDevicePath
) == MEDIA_DEVICE_PATH
) && (DevicePathSubType(RootDevicePath
) == MEDIA_FILEPATH_DP
)) {
303 Length
+= DevicePathNodeLength (RootDevicePath
);
304 RootDevicePath
= NextDevicePathNode (RootDevicePath
);
307 *FileNameOffset
= Length
;
313 // Get the file name length.
316 TmpDevicePath
= RootDevicePath
;
317 while (!IsDevicePathEnd (TmpDevicePath
)) {
318 if ((DevicePathType(TmpDevicePath
) != MEDIA_DEVICE_PATH
) || (DevicePathSubType(TmpDevicePath
) != MEDIA_FILEPATH_DP
)) {
321 Length
+= DevicePathNodeLength (TmpDevicePath
) - sizeof (EFI_DEVICE_PATH_PROTOCOL
);
322 TmpDevicePath
= NextDevicePathNode (TmpDevicePath
);
328 *FileName
= AllocateZeroPool (Length
);
329 ASSERT (*FileName
!= NULL
);
332 // Copy the file name to the buffer.
336 TmpDevicePath
= RootDevicePath
;
337 while (!IsDevicePathEnd (TmpDevicePath
)) {
338 if ((DevicePathType(TmpDevicePath
) != MEDIA_DEVICE_PATH
) || (DevicePathSubType(TmpDevicePath
) != MEDIA_FILEPATH_DP
)) {
342 FirstNodeChar
= (CHAR16
) ReadUnaligned16 ((UINT16
*)((UINT8
*)TmpDevicePath
+ sizeof (EFI_DEVICE_PATH_PROTOCOL
)));
343 NodeStr
= (CHAR8
*)TmpDevicePath
+ sizeof (EFI_DEVICE_PATH_PROTOCOL
);
344 NodeStrLength
= DevicePathNodeLength (TmpDevicePath
) - sizeof (EFI_DEVICE_PATH_PROTOCOL
) - sizeof(CHAR16
);
346 if ((FirstNodeChar
== '\\') && (LastNodeChar
== '\\')) {
348 // Skip separator "\" when there are two separators.
350 NodeStr
+= sizeof (CHAR16
);
351 NodeStrLength
-= sizeof (CHAR16
);
352 } else if ((FirstNodeChar
!= '\\') && (LastNodeChar
!= '\\')) {
354 // Add separator "\" when there is no separator.
356 WriteUnaligned16 ((UINT16
*)(*FileName
+ Length
), '\\');
357 Length
+= sizeof (CHAR16
);
359 CopyMem (*FileName
+ Length
, NodeStr
, NodeStrLength
);
360 Length
+= NodeStrLength
;
362 LastNodeChar
= (CHAR16
) ReadUnaligned16 ((UINT16
*) (NodeStr
+ NodeStrLength
- sizeof(CHAR16
)));
363 TmpDevicePath
= NextDevicePathNode (TmpDevicePath
);
371 Check whether the DevicePath2 is identical with DevicePath1, or identical with
372 DevicePath1's child device path.
374 If DevicePath2 is identical with DevicePath1, or with DevicePath1's child device
375 path, then TRUE returned. Otherwise, FALSE is returned.
377 If DevicePath1 is NULL, then ASSERT().
378 If DevicePath2 is NULL, then ASSERT().
380 @param[in] DevicePath1 A pointer to a device path.
381 @param[in] DevicePath2 A pointer to a device path.
383 @retval TRUE Two device paths are identical , or DevicePath2 is
384 DevicePath1's child device path.
385 @retval FALSE Two device paths are not identical, and DevicePath2
386 is not DevicePath1's child device path.
391 IN CONST EFI_DEVICE_PATH_PROTOCOL
*DevicePath1
,
392 IN CONST EFI_DEVICE_PATH_PROTOCOL
*DevicePath2
395 UINTN DevicePathSize
;
400 UINTN FileNameOffset1
;
401 UINTN FileNameOffset2
;
402 BOOLEAN DevicePathEqual
;
406 DevicePathEqual
= TRUE
;
408 ASSERT (DevicePath1
!= NULL
);
409 ASSERT (DevicePath2
!= NULL
);
410 if (IsDevicePathEnd (DevicePath1
)) {
415 // The file name may contain one or more device path node.
416 // To compare the file name, copy file name to a buffer and compare the buffer.
418 FileNameSize1
= GetFileName (DevicePath1
, &FileName1
, &FileNameOffset1
);
419 if (FileNameSize1
!= 0) {
420 FileNameSize2
= GetFileName (DevicePath2
, &FileName2
, &FileNameOffset2
);
421 if (FileNameOffset1
!= FileNameOffset2
) {
422 DevicePathEqual
= FALSE
;
425 if (CompareMem (DevicePath1
, DevicePath2
, FileNameOffset1
) != 0) {
426 DevicePathEqual
= FALSE
;
429 if (FileNameSize1
> FileNameSize2
) {
430 DevicePathEqual
= FALSE
;
433 if (CompareMem (FileName1
, FileName2
, FileNameSize1
) != 0) {
434 DevicePathEqual
= FALSE
;
437 DevicePathEqual
= TRUE
;
441 DevicePathSize
= GetDevicePathSize (DevicePath1
);
442 if (DevicePathSize
> GetDevicePathSize (DevicePath2
)) {
447 // Exclude the end of device path node.
449 DevicePathSize
-= sizeof (EFI_DEVICE_PATH_PROTOCOL
);
450 if (CompareMem (DevicePath1
, DevicePath2
, DevicePathSize
) != 0) {
451 DevicePathEqual
= FALSE
;
455 if (FileName1
!= NULL
) {
456 FreePool (FileName1
);
458 if (FileName2
!= NULL
) {
459 FreePool (FileName2
);
461 return DevicePathEqual
;
466 Check whether the image pointed to by DevicePath is in the device path list
467 specified by AccessType.
469 @param[in] DevicePath Points to device path.
470 @param[in] AccessType The type of user access control.
472 @retval TURE The DevicePath is in the specified List.
473 @retval FALSE The DevicePath is not in the specified List.
478 IN CONST EFI_DEVICE_PATH_PROTOCOL
*DevicePath
,
483 EFI_USER_INFO_ACCESS_CONTROL
*Access
;
484 EFI_DEVICE_PATH_PROTOCOL
*Path
;
487 Status
= GetAccessControl (&Access
, AccessType
);
488 if (EFI_ERROR (Status
)) {
493 while (OffSet
< Access
->Size
- sizeof (EFI_USER_INFO_ACCESS_CONTROL
)) {
494 Path
= (EFI_DEVICE_PATH_PROTOCOL
*)((UINT8
*)(Access
+ 1) + OffSet
);
495 if (CheckDevicePath (Path
, DevicePath
)) {
497 // The device path is found in list.
502 OffSet
+= GetDevicePathSize (Path
);
511 Check whether the image pointed to by DevicePath is permitted to load.
513 @param[in] DevicePath Points to device path
515 @retval TURE The image pointed by DevicePath is permitted to load.
516 @retval FALSE The image pointed by DevicePath is forbidden to load.
521 IN CONST EFI_DEVICE_PATH_PROTOCOL
*DevicePath
524 if (IsDevicePathInList (DevicePath
, EFI_USER_INFO_ACCESS_PERMIT_LOAD
)) {
526 // This access control overrides any restrictions put in place by the
527 // EFI_USER_INFO_ACCESS_FORBID_LOAD record.
532 if (IsDevicePathInList (DevicePath
, EFI_USER_INFO_ACCESS_FORBID_LOAD
)) {
534 // The device path is found in the forbidden list.
544 Check the image pointed by DevicePath is a boot option or not.
546 @param[in] DevicePath Points to device path.
548 @retval TURE The image pointed by DevicePath is a boot option.
549 @retval FALSE The image pointed by DevicePath is not a boot option.
554 IN CONST EFI_DEVICE_PATH_PROTOCOL
*DevicePath
558 UINT16
*BootOrderList
;
559 UINTN BootOrderListSize
;
564 EFI_DEVICE_PATH_PROTOCOL
*OptionDevicePath
;
569 BootOrderListSize
= 0;
570 BootOrderList
= NULL
;
571 Status
= gRT
->GetVariable (
573 &gEfiGlobalVariableGuid
,
578 if (Status
== EFI_BUFFER_TOO_SMALL
) {
579 BootOrderList
= AllocateZeroPool (BootOrderListSize
);
580 ASSERT (BootOrderList
!= NULL
);
581 Status
= gRT
->GetVariable (
583 &gEfiGlobalVariableGuid
,
590 if (EFI_ERROR (Status
)) {
598 for (Index
= 0; Index
< BootOrderListSize
/ sizeof (UINT16
); Index
++) {
600 // Try to find the DevicePath in BootOption
602 UnicodeSPrint (StrTemp
, sizeof (StrTemp
), L
"Boot%04x", Index
);
603 GetEfiGlobalVariable2 (StrTemp
, (VOID
**)&OptionBuffer
, NULL
);
604 if (OptionBuffer
== NULL
) {
609 // Check whether the image is forbidden.
612 OptionPtr
= OptionBuffer
;
616 OptionPtr
+= sizeof (UINT32
);
619 // Skip device path length.
621 OptionPtr
+= sizeof (UINT16
);
624 // Skip descript string
626 OptionPtr
+= StrSize ((UINT16
*) OptionPtr
);
629 // Now OptionPtr points to Device Path.
631 OptionDevicePath
= (EFI_DEVICE_PATH_PROTOCOL
*) OptionPtr
;
633 if (CheckDevicePath (DevicePath
, OptionDevicePath
)) {
634 FreePool (OptionBuffer
);
638 FreePool (OptionBuffer
);
642 if (BootOrderList
!= NULL
) {
643 FreePool (BootOrderList
);
651 Add the image info to a deferred image list.
653 @param[in] ImageDevicePath A pointer to the device path of a image.
654 @param[in] Image Points to the first byte of the image, or NULL if the
655 image is not available.
656 @param[in] ImageSize The size of the image, or 0 if the image is not available.
660 PutDefferedImageInfo (
661 IN CONST EFI_DEVICE_PATH_PROTOCOL
*ImageDevicePath
,
666 DEFERRED_IMAGE_INFO
*CurImageInfo
;
670 // Expand memory for the new deferred image.
672 if (mDeferredImage
.Count
== 0) {
673 mDeferredImage
.ImageInfo
= AllocatePool (sizeof (DEFERRED_IMAGE_INFO
));
674 ASSERT (mDeferredImage
.ImageInfo
!= NULL
);
676 CurImageInfo
= AllocatePool ((mDeferredImage
.Count
+ 1) * sizeof (DEFERRED_IMAGE_INFO
));
677 ASSERT (CurImageInfo
!= NULL
);
681 mDeferredImage
.ImageInfo
,
682 mDeferredImage
.Count
* sizeof (DEFERRED_IMAGE_INFO
)
684 FreePool (mDeferredImage
.ImageInfo
);
685 mDeferredImage
.ImageInfo
= CurImageInfo
;
687 mDeferredImage
.Count
++;
690 // Save the deferred image information.
692 CurImageInfo
= &mDeferredImage
.ImageInfo
[mDeferredImage
.Count
- 1];
693 PathSize
= GetDevicePathSize (ImageDevicePath
);
694 CurImageInfo
->ImageDevicePath
= AllocateZeroPool (PathSize
);
695 ASSERT (CurImageInfo
->ImageDevicePath
!= NULL
);
696 CopyMem (CurImageInfo
->ImageDevicePath
, ImageDevicePath
, PathSize
);
698 CurImageInfo
->Image
= Image
;
699 CurImageInfo
->ImageSize
= ImageSize
;
700 CurImageInfo
->BootOption
= IsBootOption (ImageDevicePath
);
705 Returns information about a deferred image.
707 This function returns information about a single deferred image. The deferred images are
708 numbered consecutively, starting with 0. If there is no image which corresponds to
709 ImageIndex, then EFI_NOT_FOUND is returned. All deferred images may be returned by
710 iteratively calling this function until EFI_NOT_FOUND is returned.
711 Image may be NULL and ImageSize set to 0 if the decision to defer execution was made
712 because of the location of the executable image, rather than its actual contents.
714 @param[in] This Points to this instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL.
715 @param[in] ImageIndex Zero-based index of the deferred index.
716 @param[out] ImageDevicePath On return, points to a pointer to the device path of the image.
717 The device path should not be freed by the caller.
718 @param[out] Image On return, points to the first byte of the image or NULL if the
719 image is not available. The image should not be freed by the caller
720 unless LoadImage() has been successfully called.
721 @param[out] ImageSize On return, the size of the image, or 0 if the image is not available.
722 @param[out] BootOption On return, points to TRUE if the image was intended as a boot option
723 or FALSE if it was not intended as a boot option.
725 @retval EFI_SUCCESS Image information returned successfully.
726 @retval EFI_NOT_FOUND ImageIndex does not refer to a valid image.
727 @retval EFI_INVALID_PARAMETER ImageDevicePath is NULL or Image is NULL or ImageSize is NULL or
733 GetDefferedImageInfo (
734 IN EFI_DEFERRED_IMAGE_LOAD_PROTOCOL
*This
,
736 OUT EFI_DEVICE_PATH_PROTOCOL
**ImageDevicePath
,
738 OUT UINTN
*ImageSize
,
739 OUT BOOLEAN
*BootOption
742 DEFERRED_IMAGE_INFO
*ReqImageInfo
;
745 // Check the parameter.
748 if ((This
== NULL
) || (ImageSize
== NULL
) || (Image
== NULL
)) {
749 return EFI_INVALID_PARAMETER
;
752 if ((ImageDevicePath
== NULL
) || (BootOption
== NULL
)) {
753 return EFI_INVALID_PARAMETER
;
756 if (ImageIndex
>= mDeferredImage
.Count
) {
757 return EFI_NOT_FOUND
;
761 // Get the request deferred image.
763 ReqImageInfo
= &mDeferredImage
.ImageInfo
[ImageIndex
];
765 *ImageDevicePath
= ReqImageInfo
->ImageDevicePath
;
766 *Image
= ReqImageInfo
->Image
;
767 *ImageSize
= ReqImageInfo
->ImageSize
;
768 *BootOption
= ReqImageInfo
->BootOption
;
775 Provides the service of deferring image load based on platform policy control,
776 and installs Deferred Image Load Protocol.
778 @param[in] AuthenticationStatus This is the authentication status returned from the
779 security measurement services for the input file.
780 @param[in] File This is a pointer to the device path of the file that
781 is being dispatched. This will optionally be used for
783 @param[in] FileBuffer File buffer matches the input file device path.
784 @param[in] FileSize Size of File buffer matches the input file device path.
785 @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
787 @retval EFI_SUCCESS FileBuffer is NULL and current user has permission to start
788 UEFI device drivers on the device path specified by DevicePath.
789 @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
790 FileBuffer did authenticate, and the platform policy dictates
791 that the DXE Foundation may use the file.
792 @retval EFI_SECURITY_VIOLATION FileBuffer is NULL and the user has no
793 permission to start UEFI device drivers on the device path specified
795 @retval EFI_SECURITY_VIOLATION FileBuffer is not NULL and the user has no permission to load
796 drivers from the device path specified by DevicePath. The
797 image has been added into the list of the deferred images.
798 @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
799 authenticate, and the platform policy dictates that the DXE
800 Foundation many not use File.
805 DxeDeferImageLoadHandler (
806 IN UINT32 AuthenticationStatus
,
807 IN CONST EFI_DEVICE_PATH_PROTOCOL
*File
,
810 IN BOOLEAN BootPolicy
814 EFI_USER_PROFILE_HANDLE CurrentUser
;
819 // Ignore if File is NULL.
826 // Check whether user has a logon.
829 if (mUserManager
!= NULL
) {
830 mUserManager
->Current (mUserManager
, &CurrentUser
);
831 if (CurrentUser
!= NULL
) {
833 // The user is logon; verify the FilePath by current user access policy.
835 if (!VerifyDevicePath (File
)) {
836 DEBUG ((EFI_D_ERROR
, "[Security] The image is forbidden to load!\n"));
837 return EFI_SECURITY_VIOLATION
;
844 // Still no user logon.
845 // Check the file type and get policy setting.
847 FileType
= GetFileType (File
);
848 Policy
= PcdGet32 (PcdDeferImageLoadPolicy
);
849 if ((Policy
& FileType
) == FileType
) {
851 // This file type is secure to load.
856 DEBUG ((EFI_D_ERROR
, "[Security] No user identified, the image is deferred to load!\n"));
857 PutDefferedImageInfo (File
, FileBuffer
, FileSize
);
860 // Install the Deferred Image Load Protocol onto a new handle.
862 if (!mIsProtocolInstalled
) {
863 Status
= gBS
->InstallMultipleProtocolInterfaces (
864 &mDeferredImageHandle
,
865 &gEfiDeferredImageLoadProtocolGuid
,
869 ASSERT_EFI_ERROR (Status
);
870 mIsProtocolInstalled
= TRUE
;
873 return EFI_ACCESS_DENIED
;
877 Locate user manager protocol when user manager is installed.
879 @param[in] Event The Event that is being processed, not used.
880 @param[in] Context Event Context, not used.
885 FindUserManagerProtocol (
890 gBS
->LocateProtocol (
891 &gEfiUserManagerProtocolGuid
,
893 (VOID
**) &mUserManager
900 Register security handler for deferred image load.
902 @param[in] ImageHandle ImageHandle of the loaded driver.
903 @param[in] SystemTable Pointer to the EFI System Table.
905 @retval EFI_SUCCESS The handlers were registered successfully.
909 DxeDeferImageLoadLibConstructor (
910 IN EFI_HANDLE ImageHandle
,
911 IN EFI_SYSTEM_TABLE
*SystemTable
917 // Register user manager notification function.
919 EfiCreateProtocolNotifyEvent (
920 &gEfiUserManagerProtocolGuid
,
922 FindUserManagerProtocol
,
927 return RegisterSecurity2Handler (
928 DxeDeferImageLoadHandler
,
929 EFI_AUTH_OPERATION_DEFER_IMAGE_LOAD