DevPath = ShellInfoObject.NewEfiShellProtocol->GetDevicePathFromFilePath(CmdFilePathName);\r
Status = gBS->LoadImage(FALSE, gImageHandle, DevPath, NULL, 0, &CmdFileImgHandle);\r
if(EFI_ERROR(Status)) {\r
+ //\r
+ // With EFI_SECURITY_VIOLATION retval, the Image was loaded and an ImageHandle was created\r
+ // with a valid EFI_LOADED_IMAGE_PROTOCOL, but the image can not be started right now.\r
+ // If the caller doesn't have the option to defer the execution of an image, we should\r
+ // unload image for the EFI_SECURITY_VIOLATION to avoid the resource leak.\r
+ //\r
+ if (Status == EFI_SECURITY_VIOLATION) {\r
+ gBS->UnloadImage (CmdFileImgHandle);\r
+ }\r
*HelpText = NULL;\r
goto Done;\r
}\r