From ac28bbb7ea3a1c88aa47c086e92fab78a75c351d Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Fri, 5 Jun 2020 09:40:36 +0100
Subject: [efi] Work around UEFI specification bug in LoadImage for SAN boot

As described in the previous commit, work around a UEFI specification
bug that necessitates calling UnloadImage if the return value from
LoadImage is EFI_SECURITY_VIOLATION.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/interface/efi/efi_block.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/interface/efi/efi_block.c b/src/interface/efi/efi_block.c
index 91f830a..64d1e19 100644
--- a/src/interface/efi/efi_block.c
+++ b/src/interface/efi/efi_block.c
@@ -594,11 +594,14 @@ static int efi_block_boot_image ( struct san_device *sandev, EFI_HANDLE handle,
 	       sandev->drive, efi_devpath_text ( boot_path ) );
 
 	/* Try loading boot image from this device */
+	*image = NULL;
 	if ( ( efirc = bs->LoadImage ( FALSE, efi_image_handle, boot_path,
 				       NULL, 0, image ) ) != 0 ) {
 		rc = -EEFI ( efirc );
 		DBGC ( sandev, "EFIBLK %#02x could not load image: %s\n",
 		       sandev->drive, strerror ( rc ) );
+		if ( efirc == EFI_SECURITY_VIOLATION )
+			bs->UnloadImage ( *image );
 		goto err_load_image;
 	}
 
-- 
cgit v1.1