From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qin.long@intel.com>
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A1A9A1A1E3E
 for <edk2-devel@ml01.01.org>; Thu, 29 Sep 2016 18:06:23 -0700 (PDT)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by fmsmga102.fm.intel.com with ESMTP; 29 Sep 2016 18:06:23 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,417,1473145200"; d="scan'208";a="14749927"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
 by fmsmga006.fm.intel.com with ESMTP; 29 Sep 2016 18:06:23 -0700
Received: from fmsmsx157.amr.corp.intel.com (10.18.116.73) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 29 Sep 2016 18:06:23 -0700
Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by
 FMSMSX157.amr.corp.intel.com (10.18.116.73) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 29 Sep 2016 18:06:22 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.234]) by
 shsmsx102.ccr.corp.intel.com ([169.254.2.15]) with mapi id 14.03.0248.002;
 Fri, 30 Sep 2016 09:06:18 +0800
From: "Long, Qin" <qin.long@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>, Peter Jones
 <pjones@redhat.com>, "edk2-devel@ml01.01.org" <edk2-devel@ml01.01.org>,
 "Zhang, Chao B" <chao.b.zhang@intel.com>, "Kinney, Michael D"
 <michael.d.kinney@intel.com>
Thread-Topic: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to
 install protocols twice.
Thread-Index: AQHSGmqoJvXSaQtUxkqHQXaFYzoxSaCQI1+AgAAUF4CAAA7hgIAAAgkAgAAAtgCAAO+IwA==
Date: Fri, 30 Sep 2016 01:06:18 +0000
Message-ID: <BF2CCE9263284D428840004653A28B6E51535609@SHSMSX103.ccr.corp.intel.com>
References: <E92EE9817A31E24EB0585FDF735412F56481DCC7@ORSMSX113.amr.corp.intel.com>
 <20160929184534.13871-1-pjones@redhat.com>
 <E92EE9817A31E24EB0585FDF735412F56481DCE4@ORSMSX113.amr.corp.intel.com>
In-Reply-To: <E92EE9817A31E24EB0585FDF735412F56481DCE4@ORSMSX113.amr.corp.intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2016 01:06:23 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

The update looks good to me.=20

Reviewed-by: Qin Long <qin.long@intel.com>



> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Kinney, Michael D
> Sent: Friday, September 30, 2016 2:48 AM
> To: Peter Jones <pjones@redhat.com>; edk2-devel@ml01.01.org; Zhang,
> Chao B <chao.b.zhang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>
> Subject: Re: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to
> install protocols twice.
>=20
> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>
>=20
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> > Peter Jones
> > Sent: Thursday, September 29, 2016 11:46 AM
> > To: edk2-devel@ml01.01.org
> > Cc: Peter Jones <pjones@redhat.com>
> > Subject: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to
> > install protocols twice.
> >
> > This patch makes Pkcs7VerifyDxe check that it has not already been
> > installed before installing its protocols.  This prevents the case
> > where loading it as an external driver (either manually, through
> > Driver#### variables, etc.) will refuse to add a second provider of the=
 API.
> >
> > v2 - return EFI_ABORTED as per Michael Kinney's feedback.
> >
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Peter Jones <pjones@redhat.com>
> > ---
> >  SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 13
> > +++++++++++--
> >  1 file changed, 11 insertions(+), 2 deletions(-)
> >
> > diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> > b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> > index 07fdf55..e5ec1b4 100644
> > --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> > +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> > @@ -1030,8 +1030,17 @@ Pkcs7VerifyDriverEntry (
> >    IN EFI_SYSTEM_TABLE    *SystemTable
> >    )
> >  {
> > -  EFI_STATUS    Status;
> > -  EFI_HANDLE    Handle;
> > +  EFI_STATUS                Status;
> > +  EFI_HANDLE                Handle;
> > +  EFI_PKCS7_VERIFY_PROTOCOL Useless;
> > +
> > +  //
> > +  // Avoid loading a second copy if this is built as an external modul=
e.
> > +  //
> > +  Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL,
> > + (VOID **)
> > &Useless);
> > +  if (!EFI_ERROR (Status)) {
> > +    return EFI_ABORTED;
> > +  }
> >
> >    //
> >    // Install UEFI Pkcs7 Verification Protocol
> > --
> > 2.10.0
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel