diff options
author | Zhang, Chao B <chao.b.zhang@intel.com> | 2017-03-03 13:56:10 +0800 |
---|---|---|
committer | Zhang, Chao B <chao.b.zhang@intel.com> | 2017-03-06 09:58:36 +0800 |
commit | 400b0940c8295f4cba44da3fa3e589f663f60de2 (patch) | |
tree | 1728d2ee4f5ddda1b0090bc2c8132ee3f21e46a2 /SecurityPkg/Tcg | |
parent | fe13f92b6f194a03b9044453af462221db8bcaca (diff) | |
download | edk2-400b0940c8295f4cba44da3fa3e589f663f60de2.tar.gz edk2-400b0940c8295f4cba44da3fa3e589f663f60de2.tar.bz2 edk2-400b0940c8295f4cba44da3fa3e589f663f60de2.zip |
SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7]
Measure DBT into PCR[7] in initial measurement phase if present and
not empty by following TCG PC Client PFP 00.49.
The previous patch according to 00.21 is removed
1404e3a1508473643efba89af34bd133ab082dd5
Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg/Tcg')
-rw-r--r-- | SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 1d2ac9afb5..53de6668ad 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -115,7 +115,6 @@ VARIABLE_TYPE mVariableType[] = { {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},
{EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},
{EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},
- {EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid},
};
EFI_HANDLE mImageHandle;
@@ -2137,6 +2136,24 @@ MeasureAllSecureVariables ( }
}
+ //
+ // Measure DBT if present and not empty
+ //
+ Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize);
+ if (!EFI_ERROR(Status)) {
+ Status = MeasureVariable (
+ 7,
+ EV_EFI_VARIABLE_DRIVER_CONFIG,
+ EFI_IMAGE_SECURITY_DATABASE2,
+ &gEfiImageSecurityDatabaseGuid,
+ Data,
+ DataSize
+ );
+ FreePool(Data);
+ } else {
+ DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));
+ }
+
return EFI_SUCCESS;
}
|