diff options
author | Nhi Pham <nhi@os.amperecomputing.com> | 2023-04-12 17:21:49 +0800 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-04-28 07:03:56 +0000 |
commit | d226811a6644c1746c0c92dbba3f85b7b4b6b476 (patch) | |
tree | e1ec5a29046ddf56632a84a72d05f5755b3c6ec8 | |
parent | 95ef765839a8d0de52095e3dec3584fc347b94b2 (diff) | |
download | edk2-d226811a6644c1746c0c92dbba3f85b7b4b6b476.tar.gz edk2-d226811a6644c1746c0c92dbba3f85b7b4b6b476.tar.bz2 edk2-d226811a6644c1746c0c92dbba3f85b7b4b6b476.zip |
SecurityPkg/DxeImageVerificationLib: Add AUTH_SIG_NOT_FOUND Action
Add the AUTH_SIG_NOT_FOUND Action to the Image Execution Info Table
when the Image is signed but signature is not allowed by DB and the
hash of image is not found in DB/DBX.
This is documented in the UEFI spec 2.10, table 32.5.
This issue is found by the SIE SCT with the error message as follows:
SecureBoot - TestImage1.bin in Image Execution Info Table with
SIG_NOT_FOUND. --FAILURE
B3A670AA-0FBA-48CA-9D01-0EE9700965A9
SctPkg/TestCase/UEFI/EFI/RuntimeServices/SecureBoot/BlackBoxTest/
ImageLoadingBBTest.c:1079:Status Success
Signed-off-by: Nhi Pham <nhi@os.amperecomputing.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
-rw-r--r-- | SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index b3d40c21e9..5d8dbd5468 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -1993,6 +1993,7 @@ DxeImageVerificationHandler ( if (!EFI_ERROR (DbStatus) && IsFound) {
IsVerified = TRUE;
} else {
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_NOT_FOUND;
DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is not allowed by DB and %s hash of image is not found in DB/DBX.\n", mHashTypeStr));
}
}
|