Discussion:
[edk2] [Patch 2/3] MdeModulePkg: UefiBootManagerLib to handle LoadFile DevicePath
Liming Gao
2015-06-30 06:12:28 UTC
Permalink
UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.

To handle this case, UefiBootManagerLib BmGetLoadOptionBuffer API
is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer.
3) Retrieve DevicePath from Device handle

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <***@intel.com>
---
MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
index 2d3d57b..1b769fb 100644
--- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
+++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
@@ -1491,13 +1491,22 @@ BmGetLoadOptionBuffer (

//
// Directly reads the load option when it doesn't reside in simple file system instance (LoadFile/LoadFile2),
// or it directly points to a file in simple file system instance.
//
+ Node = FilePath;
+ Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);
FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, FileSize, &AuthenticationStatus);
if (FileBuffer != NULL) {
- *FullPath = DuplicateDevicePath (FilePath);
+ if (EFI_ERROR (Status)) {
+ *FullPath = DuplicateDevicePath (FilePath);
+ } else {
+ //
+ // LoadFile () may cause the device path of the Handle be updated.
+ //
+ *FullPath = AppendDevicePath (DevicePathFromHandle (Handle), Node);
+ }
}

return FileBuffer;
}
--
1.9.5.msysgit.0
Liming Gao
2015-06-30 06:12:27 UTC
Permalink
UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.

To handle this case, SecurityManagementLib ExecuteSecurityHandlers API
is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer.
3) Retrieve DevicePath from Device handle

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <***@intel.com>
---
.../DxeSecurityManagementLib.c | 22 ++++++++++++++++++++--
.../DxeSecurityManagementLib.inf | 8 ++++++--
2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
index 6a50937..b96d786 100644
--- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
+++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.c
@@ -1,9 +1,9 @@
/** @file
Provides generic security measurement functions for DXE module.

-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php

@@ -11,14 +11,17 @@ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/

#include <PiDxe.h>
+#include <Protocol/LoadFile.h>
#include <Library/DebugLib.h>
#include <Library/DxeServicesLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/SecurityManagementLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/UefiBootServicesTableLib.h>

#define SECURITY_HANDLER_TABLE_SIZE 0x10

//
// Secruity Operation on Image and none Image.
@@ -217,10 +220,13 @@ ExecuteSecurityHandlers (
UINT32 Index;
EFI_STATUS Status;
UINT32 HandlerAuthenticationStatus;
VOID *FileBuffer;
UINTN FileSize;
+ EFI_HANDLE Handle;
+ EFI_DEVICE_PATH_PROTOCOL *Node;
+ EFI_DEVICE_PATH_PROTOCOL *FilePathToVerfiy;

if (FilePath == NULL) {
return EFI_INVALID_PARAMETER;
}

@@ -233,34 +239,43 @@ ExecuteSecurityHandlers (

Status = EFI_SUCCESS;
FileBuffer = NULL;
FileSize = 0;
HandlerAuthenticationStatus = AuthenticationStatus;
+ FilePathToVerfiy = (EFI_DEVICE_PATH_PROTOCOL *) FilePath;
//
// Run security handler in same order to their registered list
//
for (Index = 0; Index < mNumberOfSecurityHandler; Index ++) {
if ((mSecurityTable[Index].SecurityOperation & EFI_AUTH_OPERATION_IMAGE_REQUIRED) == EFI_AUTH_OPERATION_IMAGE_REQUIRED) {
//
// Try get file buffer when the handler requires image buffer.
//
if (FileBuffer == NULL) {
+ Node = FilePathToVerfiy;
+ Status = gBS->LocateDevicePath (&gEfiLoadFileProtocolGuid, &Node, &Handle);
//
// Try to get image by FALSE boot policy for the exact boot file path.
//
FileBuffer = GetFileBufferByFilePath (FALSE, FilePath, &FileSize, &AuthenticationStatus);
if (FileBuffer == NULL) {
//
// Try to get image by TRUE boot policy for the inexact boot file path.
//
FileBuffer = GetFileBufferByFilePath (TRUE, FilePath, &FileSize, &AuthenticationStatus);
}
+ if ((FileBuffer != NULL) && (!EFI_ERROR (Status))) {
+ //
+ // LoadFile () may cause the device path of the Handle be updated.
+ //
+ FilePathToVerfiy = AppendDevicePath (DevicePathFromHandle (Handle), Node);
+ }
}
}
Status = mSecurityTable[Index].SecurityHandler (
HandlerAuthenticationStatus,
- FilePath,
+ FilePathToVerfiy,
FileBuffer,
FileSize
);
if (EFI_ERROR (Status)) {
break;
@@ -268,10 +283,13 @@ ExecuteSecurityHandlers (
}

if (FileBuffer != NULL) {
FreePool (FileBuffer);
}
+ if (FilePathToVerfiy != FilePath) {
+ FreePool (FilePathToVerfiy);
+ }

return Status;
}

/**
diff --git a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
index 60ac8e7..0f8a13b 100644
--- a/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
+++ b/MdeModulePkg/Library/DxeSecurityManagementLib/DxeSecurityManagementLib.inf
@@ -1,11 +1,11 @@
## @file
# Instance of SecurityManagementLib Library for DXE phase.
#
# This library provides generic security measurement functions for DXE module.
#
-# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
@@ -39,6 +39,10 @@

[LibraryClasses]
MemoryAllocationLib
DebugLib
DxeServicesLib
-
+ DevicePathLib
+ UefiBootServicesTableLib
+
+[Protocols]
+ gEfiLoadFileProtocolGuid ## SOMETIMES_CONSUMES
--
1.9.5.msysgit.0
Liming Gao
2015-06-30 06:12:29 UTC
Permalink
UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.

To handle this case, DxeCore LoadImage() service is updated as the below:
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File Buffer.
3) Retrieve DevicePath from Device handle

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <***@intel.com>
---
MdeModulePkg/Core/Dxe/Image/Image.c | 61 +++++++++++++++++++++++++------------
1 file changed, 41 insertions(+), 20 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c
index ea6b2c6..5355940 100644
--- a/MdeModulePkg/Core/Dxe/Image/Image.c
+++ b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -1053,12 +1053,15 @@ CoreLoadImageCommon (
EFI_STATUS SecurityStatus;
EFI_HANDLE DeviceHandle;
UINT32 AuthenticationStatus;
EFI_DEVICE_PATH_PROTOCOL *OriginalFilePath;
EFI_DEVICE_PATH_PROTOCOL *HandleFilePath;
+ EFI_DEVICE_PATH_PROTOCOL *InputFilePath;
+ EFI_DEVICE_PATH_PROTOCOL *Node;
UINTN FilePathSize;
BOOLEAN ImageIsFromFv;
+ BOOLEAN ImageIsFromLoadFile;

SecurityStatus = EFI_SUCCESS;

ASSERT (gEfiCurrentTpl < TPL_NOTIFY);
ParentImage = NULL;
@@ -1077,15 +1080,17 @@ CoreLoadImageCommon (
}

ZeroMem (&FHand, sizeof (IMAGE_FILE_HANDLE));
FHand.Signature = IMAGE_FILE_HANDLE_SIGNATURE;
OriginalFilePath = FilePath;
+ InputFilePath = FilePath;
HandleFilePath = FilePath;
DeviceHandle = NULL;
Status = EFI_SUCCESS;
AuthenticationStatus = 0;
- ImageIsFromFv = FALSE;
+ ImageIsFromFv = FALSE;
+ ImageIsFromLoadFile = FALSE;

//
// If the caller passed a copy of the file, then just use it
//
if (SourceBuffer != NULL) {
@@ -1102,10 +1107,37 @@ CoreLoadImageCommon (
}
} else {
if (FilePath == NULL) {
return EFI_INVALID_PARAMETER;
}
+
+ //
+ // Try to get the image device handle by checking the match protocol.
+ //
+ Node = NULL;
+ Status = CoreLocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &HandleFilePath, &DeviceHandle);
+ if (!EFI_ERROR (Status)) {
+ ImageIsFromFv = TRUE;
+ } else {
+ HandleFilePath = FilePath;
+ Status = CoreLocateDevicePath (&gEfiSimpleFileSystemProtocolGuid, &HandleFilePath, &DeviceHandle);
+ if (EFI_ERROR (Status)) {
+ if (!BootPolicy) {
+ HandleFilePath = FilePath;
+ Status = CoreLocateDevicePath (&gEfiLoadFile2ProtocolGuid, &HandleFilePath, &DeviceHandle);
+ }
+ if (EFI_ERROR (Status)) {
+ HandleFilePath = FilePath;
+ Status = CoreLocateDevicePath (&gEfiLoadFileProtocolGuid, &HandleFilePath, &DeviceHandle);
+ if (!EFI_ERROR (Status)) {
+ ImageIsFromLoadFile = TRUE;
+ Node = HandleFilePath;
+ }
+ }
+ }
+ }
+
//
// Get the source file buffer by its device path.
//
FHand.Source = GetFileBufferByFilePath (
BootPolicy,
@@ -1114,30 +1146,16 @@ CoreLoadImageCommon (
&AuthenticationStatus
);
if (FHand.Source == NULL) {
Status = EFI_NOT_FOUND;
} else {
- //
- // Try to get the image device handle by checking the match protocol.
- //
FHand.FreeBuffer = TRUE;
- Status = CoreLocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &HandleFilePath, &DeviceHandle);
- if (!EFI_ERROR (Status)) {
- ImageIsFromFv = TRUE;
- } else {
- HandleFilePath = FilePath;
- Status = CoreLocateDevicePath (&gEfiSimpleFileSystemProtocolGuid, &HandleFilePath, &DeviceHandle);
- if (EFI_ERROR (Status)) {
- if (!BootPolicy) {
- HandleFilePath = FilePath;
- Status = CoreLocateDevicePath (&gEfiLoadFile2ProtocolGuid, &HandleFilePath, &DeviceHandle);
- }
- if (EFI_ERROR (Status)) {
- HandleFilePath = FilePath;
- Status = CoreLocateDevicePath (&gEfiLoadFileProtocolGuid, &HandleFilePath, &DeviceHandle);
- }
- }
+ if (ImageIsFromLoadFile) {
+ //
+ // LoadFile () may cause the device path of the Handle be updated.
+ //
+ OriginalFilePath = AppendDevicePath (DevicePathFromHandle (DeviceHandle), Node);
}
}
}

if (EFI_ERROR (Status)) {
@@ -1335,10 +1353,13 @@ Done:
// If we allocated the Source buffer, free it
//
if (FHand.FreeBuffer) {
CoreFreePool (FHand.Source);
}
+ if (OriginalFilePath != InputFilePath) {
+ CoreFreePool (OriginalFilePath);
+ }

//
// There was an error. If there's an Image structure, free it
//
if (EFI_ERROR (Status)) {
--
1.9.5.msysgit.0
Ni, Ruiyu
2015-07-01 07:02:48 UTC
Permalink
-----Original Message-----
Sent: Tuesday, June 30, 2015 2:12 PM
Subject: [edk2] [Patch 0/3] Update driver to handle LoadFile device path
UEFI Spec HTTP Boot Device Path, after retrieving the boot resource
information, the BootURI device path node will be updated to include
the BootURI information. It means the device path on the child handle
will be updated after the LoadFile() service is called.
To handle this case, DxeCore, DxeSecurityManagementLib and
UefiBootManagerLib
1) Get Device handle based on Device Path
2) Call LoadFile() service (GetFileBufferByFilePath() API) to get Load File
Buffer.
3) Retrieve DevicePath from Device handle
MdeModulePkg: SecurityManagementLib to handle LoadFile DevicePath
MdeModulePkg: UefiBootManagerLib to handle LoadFile DevicePath
MdeModulePkg: Update DxeCore to handle LoadFile DevicePath
MdeModulePkg/Core/Dxe/Image/Image.c | 61
+++++++++++++++-------
.../DxeSecurityManagementLib.c | 22 +++++++-
.../DxeSecurityManagementLib.inf | 8 ++-
MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 11 +++-
4 files changed, 77 insertions(+), 25 deletions(-)
--
1.9.5.msysgit.0
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
https://lists.sourceforge.net/lists/listinfo/edk2-devel
Loading...