SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus"

In the DxeImageVerificationHandler() function, the "VerifyStatus" variable
can only contain one of two values: EFI_SUCCESS and EFI_ACCESS_DENIED.
Furthermore, the variable is only consumed with EFI_ERROR().

Therefore, using the EFI_STATUS type for the variable is unnecessary.
Worse, given the complex meanings of the function's return values, using
EFI_STATUS for "VerifyStatus" is actively confusing.

Rename the variable to "IsVerified", and make it a simple BOOLEAN.

This patch is a no-op, regarding behavior.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-2-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]

1 files changed, 10 insertions, 10 deletions

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index a0a12b50dd..5afd723ada 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1563,7 +1563,7 @@ DxeImageVerificationHandler (
 {

   EFI_STATUS                           Status;

   EFI_IMAGE_DOS_HEADER                 *DosHdr;

-  EFI_STATUS                           VerifyStatus;

+  BOOLEAN                              IsVerified;

   EFI_SIGNATURE_LIST                   *SignatureList;

   UINTN                                SignatureListSize;

   EFI_SIGNATURE_DATA                   *Signature;

@@ -1588,7 +1588,7 @@ DxeImageVerificationHandler (
   PkcsCertData      = NULL;

   Action            = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;

   Status            = EFI_ACCESS_DENIED;

-  VerifyStatus      = EFI_ACCESS_DENIED;

+  IsVerified        = FALSE;

 

 

   //

@@ -1812,16 +1812,16 @@ DxeImageVerificationHandler (
     //

     if (IsForbiddenByDbx (AuthData, AuthDataSize)) {

       Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;

-      VerifyStatus = EFI_ACCESS_DENIED;

+      IsVerified = FALSE;

       break;

     }

 

     //

     // Check the digital signature against the valid certificate in allowed database (db).

     //

-    if (EFI_ERROR (VerifyStatus)) {

+    if (!IsVerified) {

       if (IsAllowedByDb (AuthData, AuthDataSize)) {

-        VerifyStatus = EFI_SUCCESS;

+        IsVerified = TRUE;

       }

     }

 

@@ -1831,11 +1831,11 @@ DxeImageVerificationHandler (
     if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {

       Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;

       DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));

-      VerifyStatus = EFI_ACCESS_DENIED;

+      IsVerified = FALSE;

       break;

-    } else if (EFI_ERROR (VerifyStatus)) {

+    } else if (!IsVerified) {

       if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {

-        VerifyStatus = EFI_SUCCESS;

+        IsVerified = TRUE;

       } else {

         DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is not allowed by DB and %s hash of image is not found in DB/DBX.\n", mHashTypeStr));

       }

@@ -1846,10 +1846,10 @@ DxeImageVerificationHandler (
     //

     // The Size in Certificate Table or the attribute certificate table is corrupted.

     //

-    VerifyStatus = EFI_ACCESS_DENIED;

+    IsVerified = FALSE;

   }

 

-  if (!EFI_ERROR (VerifyStatus)) {

+  if (IsVerified) {

     return EFI_SUCCESS;

   } else {

     Status = EFI_ACCESS_DENIED;