summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Tcg
diff options
context:
space:
mode:
authorZhang, Chao B <chao.b.zhang@intel.com>2017-03-03 13:56:10 +0800
committerZhang, Chao B <chao.b.zhang@intel.com>2017-03-06 09:58:36 +0800
commit400b0940c8295f4cba44da3fa3e589f663f60de2 (patch)
tree1728d2ee4f5ddda1b0090bc2c8132ee3f21e46a2 /SecurityPkg/Tcg
parentfe13f92b6f194a03b9044453af462221db8bcaca (diff)
downloadedk2-400b0940c8295f4cba44da3fa3e589f663f60de2.tar.gz
edk2-400b0940c8295f4cba44da3fa3e589f663f60de2.tar.bz2
edk2-400b0940c8295f4cba44da3fa3e589f663f60de2.zip
SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7]
Measure DBT into PCR[7] in initial measurement phase if present and not empty by following TCG PC Client PFP 00.49. The previous patch according to 00.21 is removed 1404e3a1508473643efba89af34bd133ab082dd5 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg/Tcg')
-rw-r--r--SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c19
1 files changed, 18 insertions, 1 deletions
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 1d2ac9afb5..53de6668ad 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -115,7 +115,6 @@ VARIABLE_TYPE mVariableType[] = {
{EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},
{EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},
{EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},
- {EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid},
};
EFI_HANDLE mImageHandle;
@@ -2137,6 +2136,24 @@ MeasureAllSecureVariables (
}
}
+ //
+ // Measure DBT if present and not empty
+ //
+ Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize);
+ if (!EFI_ERROR(Status)) {
+ Status = MeasureVariable (
+ 7,
+ EV_EFI_VARIABLE_DRIVER_CONFIG,
+ EFI_IMAGE_SECURITY_DATABASE2,
+ &gEfiImageSecurityDatabaseGuid,
+ Data,
+ DataSize
+ );
+ FreePool(Data);
+ } else {
+ DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));
+ }
+
return EFI_SUCCESS;
}