From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <michael.d.kinney@intel.com>
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5AEFD1A1E3E
 for <edk2-devel@ml01.01.org>; Thu, 29 Sep 2016 11:48:08 -0700 (PDT)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by orsmga105.jf.intel.com with ESMTP; 29 Sep 2016 11:48:08 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,268,1473145200"; d="scan'208";a="885187341"
Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7])
 by orsmga003.jf.intel.com with ESMTP; 29 Sep 2016 11:48:08 -0700
Received: from orsmsx113.amr.corp.intel.com ([169.254.9.161]) by
 ORSMSX109.amr.corp.intel.com ([169.254.11.11]) with mapi id 14.03.0248.002;
 Thu, 29 Sep 2016 11:48:07 -0700
From: "Kinney, Michael D" <michael.d.kinney@intel.com>
To: Peter Jones <pjones@redhat.com>, "edk2-devel@ml01.01.org"
 <edk2-devel@ml01.01.org>, "Zhang, Chao B" <chao.b.zhang@intel.com>, "Kinney,
 Michael D" <michael.d.kinney@intel.com>
Thread-Topic: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to
 install protocols twice.
Thread-Index: AQHSGmqk92OjLgQPeUmZfJPkvQKoWKCQpp5QgACMTYD//5iREIAAeFkA//+LHwA=
Date: Thu, 29 Sep 2016 18:48:06 +0000
Message-ID: <E92EE9817A31E24EB0585FDF735412F56481DCE4@ORSMSX113.amr.corp.intel.com>
References: <E92EE9817A31E24EB0585FDF735412F56481DCC7@ORSMSX113.amr.corp.intel.com>
 <20160929184534.13871-1-pjones@redhat.com>
In-Reply-To: <20160929184534.13871-1-pjones@redhat.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ctpclassification: CTP_IC
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTRmZTBkOTctZTBkYS00YmI0LWJlMjMtYmIzNzIxYzczZWFkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6Inl6RmVGVEJYUndcL24zXC9VXC9mZ1VYK2VIWkRCWnAyMnpyUE1yTXpGOTlyMDQ9In0=
x-originating-ip: [10.22.254.140]
MIME-Version: 1.0
Subject: Re: [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to install protocols twice.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 18:48:08 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Michael Kinney <michael.d.kinney@intel.com>

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Pe=
ter Jones
> Sent: Thursday, September 29, 2016 11:46 AM
> To: edk2-devel@ml01.01.org
> Cc: Peter Jones <pjones@redhat.com>
> Subject: [edk2] [PATCH] Pkcs7VerifyDxe: Don't allow Pkcs7Verify to instal=
l protocols
> twice.
>=20
> This patch makes Pkcs7VerifyDxe check that it has not already been
> installed before installing its protocols.  This prevents the case where
> loading it as an external driver (either manually, through Driver####
> variables, etc.) will refuse to add a second provider of the API.
>=20
> v2 - return EFI_ABORTED as per Michael Kinney's feedback.
>=20
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Peter Jones <pjones@redhat.com>
> ---
>  SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c | 13 +++++++++++=
--
>  1 file changed, 11 insertions(+), 2 deletions(-)
>=20
> diff --git a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> index 07fdf55..e5ec1b4 100644
> --- a/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> +++ b/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c
> @@ -1030,8 +1030,17 @@ Pkcs7VerifyDriverEntry (
>    IN EFI_SYSTEM_TABLE    *SystemTable
>    )
>  {
> -  EFI_STATUS    Status;
> -  EFI_HANDLE    Handle;
> +  EFI_STATUS                Status;
> +  EFI_HANDLE                Handle;
> +  EFI_PKCS7_VERIFY_PROTOCOL Useless;
> +
> +  //
> +  // Avoid loading a second copy if this is built as an external module.
> +  //
> +  Status =3D gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (V=
OID **)
> &Useless);
> +  if (!EFI_ERROR (Status)) {
> +    return EFI_ABORTED;
> +  }
>=20
>    //
>    // Install UEFI Pkcs7 Verification Protocol
> --
> 2.10.0
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel