Update code to always publish EFI_IMAGE_EXECUTION_INFO_TABLE.
authorDong, Guo <guo.dong@intel.com>
Wed, 25 Jun 2014 02:02:22 +0000 (02:02 +0000)
committergdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>
Wed, 25 Jun 2014 02:02:22 +0000 (02:02 +0000)
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dong, Guo <guo.dong@intel.com>
Reviewed-by: Fu, Siyuan <siyuan.fu@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
Reviewed-by: Zhang, Chao B <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15585 6f19259b-4bc3-4df7-8a09-765794883524

SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c

index 2210c95..9f2bd68 100644 (file)
@@ -12,7 +12,7 @@
   DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept\r
   untrusted PE/COFF image and validate its data structure within this image buffer before use.\r
 \r
-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 which accompanies this distribution.  The full text of the license may be found at\r
@@ -768,7 +768,7 @@ AddImageExeInfo (
   NewImageExeInfoTable->NumberOfImages++;\r
   ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize);\r
   //\r
-  // Update new item's infomation.\r
+  // Update new item's information.\r
   //\r
   WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action);\r
   WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize);\r
@@ -1377,6 +1377,41 @@ Done:
   return Status;\r
 }\r
 \r
+/**\r
+  On Ready To Boot Services Event notification handler.\r
+\r
+  Add the image execution information table if it is not in system configuration table.\r
+\r
+  @param[in]  Event     Event whose notification function is being invoked\r
+  @param[in]  Context   Pointer to the notification function's context\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+OnReadyToBoot (\r
+  IN      EFI_EVENT               Event,\r
+  IN      VOID                    *Context\r
+  )\r
+{\r
+  EFI_IMAGE_EXECUTION_INFO_TABLE  *ImageExeInfoTable;\r
+  UINTN                           ImageExeInfoTableSize;\r
+\r
+  EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);\r
+  if (ImageExeInfoTable != NULL) {\r
+    return;\r
+  }\r
+\r
+  ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);\r
+  ImageExeInfoTable     = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize);\r
+  if (ImageExeInfoTable == NULL) {\r
+    return ;\r
+  }\r
+\r
+  ImageExeInfoTable->NumberOfImages = 0;  \r
+  gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable);\r
+\r
+}\r
+\r
 /**\r
   Register security measurement handler.\r
 \r
@@ -1392,6 +1427,18 @@ DxeImageVerificationLibConstructor (
   IN EFI_SYSTEM_TABLE  *SystemTable\r
   )\r
 {\r
+  EFI_EVENT            Event;\r
+\r
+  //\r
+  // Register the event to publish the image execution table.\r
+  //\r
+  EfiCreateEventReadyToBootEx (\r
+    TPL_CALLBACK,\r
+    OnReadyToBoot, \r
+    NULL, \r
+    &Event\r
+    ); \r
+\r
   return RegisterSecurity2Handler (\r
           DxeImageVerificationHandler,\r
           EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r