MdeModulePkg: SecurityManagementLib to handle LoadFile DevicePath

UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.

To handle this case, SecurityManagementLib ExecuteSecurityHandlers API
is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer.
3) Retrieve DevicePath from Device handle

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17797 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
index 6a50937adea560edbf999922408537e5b6e86fd9..b96d78664d772af269a2e00d4044009a9ab3cde1 100644 (file)
--- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
+++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
@@ -1,7 +1,7 @@
 /** @file\r
   Provides generic security measurement functions for DXE module.\r
 \r
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -13,10 +13,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/\r
 \r
 #include <PiDxe.h>\r
+#include <Protocol/LoadFile.h>\r
 #include <Library/DebugLib.h>\r
 #include <Library/DxeServicesLib.h>\r
 #include <Library/MemoryAllocationLib.h>\r
 #include <Library/SecurityManagementLib.h>\r
+#include <Library/DevicePathLib.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
 \r
 #define SECURITY_HANDLER_TABLE_SIZE   0x10\r
 \r
@@ -219,6 +222,9 @@ ExecuteSecurityHandlers (
   UINT32        HandlerAuthenticationStatus;\r
   VOID          *FileBuffer;\r
   UINTN         FileSize;\r
+  EFI_HANDLE    Handle;\r
+  EFI_DEVICE_PATH_PROTOCOL        *Node;\r
+  EFI_DEVICE_PATH_PROTOCOL        *FilePathToVerfiy;\r
   \r
   if (FilePath == NULL) {\r
     return EFI_INVALID_PARAMETER;\r
@@ -235,6 +241,7 @@ ExecuteSecurityHandlers (
   FileBuffer                  = NULL;\r
   FileSize                    = 0;\r
   HandlerAuthenticationStatus = AuthenticationStatus;\r
+  FilePathToVerfiy            = (EFI_DEVICE_PATH_PROTOCOL *) FilePath;\r
   //\r
   // Run security handler in same order to their registered list\r
   //\r
@@ -244,6 +251,8 @@ ExecuteSecurityHandlers (
       // Try get file buffer when the handler requires image buffer.\r
       //\r
       if (FileBuffer == NULL) {\r
+        Node   = FilePathToVerfiy;\r
+        Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);\r
         //\r
         // Try to get image by FALSE boot policy for the exact boot file path.\r
         //\r
@@ -254,11 +263,17 @@ ExecuteSecurityHandlers (
           //\r
           FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus);\r
         }\r
+        if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {\r
+          //\r
+          // LoadFile () may cause the device path of the Handle be updated.\r
+          //\r
+          FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node);\r
+        }\r
       }\r
     }\r
     Status = mSecurityTable[Index].SecurityHandler (\r
                HandlerAuthenticationStatus,\r
-               FilePath,\r
+               FilePathToVerfiy,\r
                FileBuffer,\r
                FileSize\r
                );\r
@@ -270,6 +285,9 @@ ExecuteSecurityHandlers (
   if (FileBuffer != NULL) {\r
     FreePool (FileBuffer);\r
   }\r
+  if (FilePathToVerfiy != FilePath) {\r
+    FreePool (FilePathToVerfiy);\r
+  }\r
 \r
   return Status;\r
 }\r

diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
index 60ac8e79f2e428f02e77859b1b90bd206c31bbce..0f8a13b99db690092bcc9f17e77a14557b0df7a6 100644 (file)
--- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
+++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
@@ -3,7 +3,7 @@
 #\r
 # This library provides generic security measurement functions for DXE module.\r
 #\r
-#  Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
+#  Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>\r
 #\r
 #  This program and the accompanying materials\r
 #  are licensed and made available under the terms and conditions of the BSD License\r
@@ -41,4 +41,8 @@
   MemoryAllocationLib\r
   DebugLib\r
   DxeServicesLib\r
-  \r
+  DevicePathLib\r
+  UefiBootServicesTableLib\r
+\r
+[Protocols]\r
+  gEfiLoadFileProtocolGuid                      ## SOMETIMES_CONSUMES\r