From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pjones@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 67FB61A1E40
 for <edk2-devel@ml01.01.org>; Thu, 29 Sep 2016 10:45:09 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
 (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id D8BCD33885C
 for <edk2-devel@ml01.01.org>; Thu, 29 Sep 2016 17:45:08 +0000 (UTC)
Received: from trillian.internal.datastacks.com (ovpn-112-7.phx2.redhat.com
 [10.3.112.7])
 by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 u8THj5PH029142; Thu, 29 Sep 2016 13:45:06 -0400
From: Peter Jones <pjones@redhat.com>
To: edk2-devel@ml01.01.org
Cc: Peter Jones <pjones@redhat.com>
Date: Thu, 29 Sep 2016 13:45:01 -0400
Message-Id: <20160929174501.12323-1-pjones@redhat.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F56481DC1E@ORSMSX113.amr.corp.intel.com>
References: <E92EE9817A31E24EB0585FDF735412F56481DC1E@ORSMSX113.amr.corp.intel.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.29]); Thu, 29 Sep 2016 17:45:08 +0000 (UTC)
Subject: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 17:45:09 -0000

This patch makes Pkcs7VerifyDxe check that it has not already been
installed before installing its protocols.  This prevents the case where
loading it as an external driver (either manually, through Driver####
variables, etc.) will refuse to add a second provider of the API.

v2 - return EFI_ABORTED as per Michael Kinney's feedback.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Peter Jones <pjones@redhat.com>
---
 SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
index 07fdf55..7927c58 100644
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@@ -1030,8 +1030,16 @@ Pkcs7VerifyDriverEntry (
   IN EFI_SYSTEM_TABLE    *SystemTable
   )
 {
-  EFI_STATUS    Status;
-  EFI_HANDLE    Handle;
+  EFI_STATUS                Status;
+  EFI_HANDLE                Handle;
+  EFI_PKCS7_VERIFY_PROTOCOL Useless;
+
+  //
+  // Avoid loading a second copy if this is built as an external module.
+  //
+  Status = gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (VOID **) &Useless);
+  if (Status != EFI_NOT_FOUND)
+	  return EFI_ABORTED;
 
   //
   // Install UEFI Pkcs7 Verification Protocol
-- 
2.10.0