1. Update DxeCore to get correct AuthenticationStatus and invoke gSecurity after...

[mirror_edk2.git] / MdeModulePkg / Core / Dxe / Dispatcher / Dispatcher.c

diff --git a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c
index 45a236a7b8a79ce46b6475eb1aa9d060de796db5..75d6267f6143d6f1c191ae9fcc7d13caac116a4a 100644 (file)
--- a/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c
+++ b/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c
@@ -26,7 +26,7 @@
   Depex - Dependency Expresion.\r
   SOR   - Schedule On Request - Don't schedule if this bit is set.\r
 \r
-Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -984,6 +984,7 @@ CoreProcessFvImageFile (
   UINTN                               BufferSize;\r
   EFI_FIRMWARE_VOLUME_HEADER          *FvHeader;\r
   UINT32                              FvAlignment;\r
+  EFI_DEVICE_PATH_PROTOCOL            *FvFileDevicePath;\r
 \r
   //\r
   // Read the first (and only the first) firmware volume section\r
@@ -1004,6 +1005,32 @@ CoreProcessFvImageFile (
                  &AuthenticationStatus\r
                  );\r
   if (!EFI_ERROR (Status)) {\r
+     //\r
+    // Evaluate the authentication status of the Firmware Volume through\r
+    // Security Architectural Protocol\r
+    //\r
+    if (gSecurity != NULL) {\r
+      FvFileDevicePath = CoreFvToDevicePath (Fv, FvHandle, DriverName);\r
+      Status = gSecurity->FileAuthenticationState (\r
+                            gSecurity,\r
+                            AuthenticationStatus,\r
+                            FvFileDevicePath\r
+                            );\r
+      if (FvFileDevicePath != NULL) {\r
+        FreePool (FvFileDevicePath);\r
+      }\r
+\r
+      if (Status != EFI_SUCCESS) {\r
+        //\r
+        // Security check failed. The firmware volume should not be used for any purpose.\r
+        //\r
+        if (Buffer != NULL) {\r
+          FreePool (Buffer);\r
+        }\r
+        return Status;\r
+      }\r
+    }\r
+\r
     //\r
     // FvImage should be at its required alignment.\r
     //\r
@@ -1087,7 +1114,6 @@ CoreFwVolEventProtocolNotify (
 {\r
   EFI_STATUS                    Status;\r
   EFI_STATUS                    GetNextFileStatus;\r
-  EFI_STATUS                    SecurityStatus;\r
   EFI_FIRMWARE_VOLUME2_PROTOCOL *Fv;\r
   EFI_DEVICE_PATH_PROTOCOL      *FvDevicePath;\r
   EFI_HANDLE                    FvHandle;\r
@@ -1159,24 +1185,6 @@ CoreFwVolEventProtocolNotify (
       continue;\r
     }\r
 \r
-    //\r
-    // Evaluate the authentication status of the Firmware Volume through\r
-    // Security Architectural Protocol\r
-    //\r
-    if (gSecurity != NULL) {\r
-      SecurityStatus = gSecurity->FileAuthenticationState (\r
-                                    gSecurity,\r
-                                    0,\r
-                                    FvDevicePath\r
-                                    );\r
-      if (SecurityStatus != EFI_SUCCESS) {\r
-        //\r
-        // Security check failed. The firmware volume should not be used for any purpose.\r
-        //\r
-        continue;\r
-      }\r
-    }\r
-\r
     //\r
     // Discover Drivers in FV and add them to the Discovered Driver List.\r
     // Process EFI_FV_FILETYPE_DRIVER type and then EFI_FV_FILETYPE_COMBINED_PEIM_DRIVER\r