From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pjones@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 07A5E1A1E3E
 for <edk2-devel@ml01.01.org>; Thu, 29 Sep 2016 11:45:43 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
 (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 86803C7F1B
 for <edk2-devel@ml01.01.org>; Thu, 29 Sep 2016 18:45:42 +0000 (UTC)
Received: from trillian.internal.datastacks.com (ovpn-112-7.phx2.redhat.com
 [10.3.112.7])
 by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 u8TIjcY2021597; Thu, 29 Sep 2016 14:45:40 -0400
From: Peter Jones <pjones@redhat.com>
To: edk2-devel@ml01.01.org
Cc: Peter Jones <pjones@redhat.com>
Date: Thu, 29 Sep 2016 14:45:34 -0400
Message-Id: <20160929184534.13871-1-pjones@redhat.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F56481DCC7@ORSMSX113.amr.corp.intel.com>
References: <E92EE9817A31E24EB0585FDF735412F56481DCC7@ORSMSX113.amr.corp.intel.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.27]); Thu, 29 Sep 2016 18:45:42 +0000 (UTC)
Subject: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 18:45:43 -0000

This patch makes Pkcs7VerifyDxe check that it has not already been
installed before installing its protocols.  This prevents the case where
loading it as an external driver (either manually, through Driver####
variables, etc.) will refuse to add a second provider of the API.

v2 - return EFI_ABORTED as per Michael Kinney's feedback.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Peter Jones <pjones@redhat.com>
---
 SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
index 07fdf55..e5ec1b4 100644
--- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
+++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
@@ -1030,8 +1030,17 @@ Pkcs7VerifyDriverEntry (
   IN EFI_SYSTEM_TABLE    *SystemTable
   )
 {
-  EFI_STATUS    Status;
-  EFI_HANDLE    Handle;
+  EFI_STATUS                Status;
+  EFI_HANDLE                Handle;
+  EFI_PKCS7_VERIFY_PROTOCOL Useless;
+
+  //
+  // Avoid loading a second copy if this is built as an external module.
+  //
+  Status = gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (VOID **) &Useless);
+  if (!EFI_ERROR (Status)) {
+    return EFI_ABORTED;
+  }
 
   //
   // Install UEFI Pkcs7 Verification Protocol
-- 
2.10.0