From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5AEFD1A1E3E for ; Thu, 29 Sep 2016 11:48:08 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga105.jf.intel.com with ESMTP; 29 Sep 2016 11:48:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,268,1473145200"; d="scan'208";a="885187341" Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7]) by orsmga003.jf.intel.com with ESMTP; 29 Sep 2016 11:48:08 -0700 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.161]) by ORSMSX109.amr.corp.intel.com ([169.254.11.11]) with mapi id 14.03.0248.002; Thu, 29 Sep 2016 11:48:07 -0700 From: "Kinney, Michael D" To: Peter Jones , "edk2-devel@ml01.01.org" , "Zhang, Chao B" , "Kinney, Michael D" Thread-Topic: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice. Thread-Index: AQHSGmqk92OjLgQPeUmZfJPkvQKoWKCQpp5QgACMTYD//5iREIAAeFkA//+LHwA= Date: Thu, 29 Sep 2016 18:48:06 +0000 Message-ID: References: <20160929184534.13871-1-pjones@redhat.com> In-Reply-To: <20160929184534.13871-1-pjones@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_IC x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTRmZTBkOTctZTBkYS00YmI0LWJlMjMtYmIzNzIxYzczZWFkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6Inl6RmVGVEJYUndcL24zXC9VXC9mZ1VYK2VIWkRCWnAyMnpyUE1yTXpGOTlyMDQ9In0= x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Subject: Re: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2016 18:48:08 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Kinney > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Pe= ter Jones > Sent: Thursday, September 29, 2016 11:46 AM > To: edk2-devel@ml01.01.org > Cc: Peter Jones > Subject: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to instal= l protocols > twice. >=20 > This patch makes Pkcs7VerifyDxe check that it has not already been > installed before installing its protocols. This prevents the case where > loading it as an external driver (either manually, through Driver#### > variables, etc.) will refuse to add a second provider of the API. >=20 > v2 - return EFI_ABORTED as per Michael Kinney's feedback. >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Peter Jones > --- > SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 13 +++++++++++= -- > 1 file changed, 11 insertions(+), 2 deletions(-) >=20 > diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > index 07fdf55..e5ec1b4 100644 > --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c > @@ -1030,8 +1030,17 @@ Pkcs7VerifyDriverEntry ( > IN EFI_SYSTEM_TABLE *SystemTable > ) > { > - EFI_STATUS Status; > - EFI_HANDLE Handle; > + EFI_STATUS Status; > + EFI_HANDLE Handle; > + EFI_PKCS7_VERIFY_PROTOCOL Useless; > + > + // > + // Avoid loading a second copy if this is built as an external module. > + // > + Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (V= OID **) > &Useless); > + if (!EFI_ERROR (Status)) { > + return EFI_ABORTED; > + } >=20 > // > // Install UEFI Pkcs7 Verification Protocol > -- > 2.10.0 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel