DEFERRED_3RD_PARTY_IMAGE_INFO *ImageInfo; ///< deferred 3rd party image item\r
} DEFERRED_3RD_PARTY_IMAGE_TABLE;\r
\r
+BOOLEAN mImageLoadedAfterEndOfDxe = FALSE;\r
BOOLEAN mEndOfDxe = FALSE;\r
DEFERRED_3RD_PARTY_IMAGE_TABLE mDeferred3rdPartyImage = {\r
0, // Deferred image count\r
mEndOfDxe = TRUE;\r
}\r
\r
+/**\r
+ Event notification for gEfiDxeSmmReadyToLockProtocolGuid event.\r
+\r
+ This function reports failure if any deferred image is loaded before\r
+ this callback.\r
+ Platform should publish ReadyToLock protocol immediately after signaling\r
+ of the End of DXE Event.\r
+\r
+ @param Event The Event that is being processed, not used.\r
+ @param Context Event Context, not used.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+DxeSmmReadyToLock (\r
+ IN EFI_EVENT Event,\r
+ IN VOID *Context\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ VOID *Interface;\r
+\r
+ Status = gBS->LocateProtocol (&gEfiDxeSmmReadyToLockProtocolGuid, NULL, &Interface);\r
+ if (EFI_ERROR (Status)) {\r
+ return;\r
+ }\r
+\r
+ gBS->CloseEvent (Event);\r
+\r
+ if (mImageLoadedAfterEndOfDxe) {\r
+ //\r
+ // Platform should not dispatch the 3rd party images after signaling EndOfDxe event\r
+ // but before publishing DxeSmmReadyToLock protocol.\r
+ //\r
+ DEBUG ((\r
+ DEBUG_ERROR,\r
+ "[Security] 3rd party images must be dispatched after DxeSmmReadyToLock Protocol installation!\n"\r
+ ));\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_UNRECOVERED,\r
+ (EFI_SOFTWARE_DXE_BS_DRIVER | EFI_SW_EC_ILLEGAL_SOFTWARE_STATE)\r
+ );\r
+ ASSERT (FALSE);\r
+ CpuDeadLoop ();\r
+ }\r
+}\r
+\r
/**\r
Defer the 3rd party image load and installs Deferred Image Load Protocol.\r
\r
);\r
\r
if (mEndOfDxe) {\r
+ mImageLoadedAfterEndOfDxe = TRUE;\r
//\r
// The image might be first time loaded after EndOfDxe,\r
// So ImageInfo can be NULL.\r
EFI_STATUS Status;\r
EFI_HANDLE Handle;\r
EFI_EVENT Event;\r
+ VOID *Registration;\r
\r
Handle = NULL;\r
Status = gBS->InstallMultipleProtocolInterfaces (\r
&Event\r
);\r
ASSERT_EFI_ERROR (Status);\r
+\r
+ EfiCreateProtocolNotifyEvent (\r
+ &gEfiDxeSmmReadyToLockProtocolGuid,\r
+ TPL_CALLBACK,\r
+ DxeSmmReadyToLock,\r
+ NULL,\r
+ &Registration\r
+ );\r
}\r
#ifndef _DEFER_3RD_PARTY_IMAGE_LOAD_H_\r
#define _DEFER_3RD_PARTY_IMAGE_LOAD_H_\r
\r
-#include <Uefi.h>\r
+#include <PiDxe.h>\r
#include <Guid/EventGroup.h>\r
#include <Protocol/DeferredImageLoad.h>\r
#include <Protocol/FirmwareVolume2.h>\r
+#include <Protocol/DxeSmmReadyToLock.h>\r
\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/DevicePathLib.h>\r
#include <Library/DebugLib.h>\r
+#include <Library/UefiLib.h>\r
+#include <Library/ReportStatusCodeLib.h>\r
\r
/**\r
Returns information about a deferred image.\r