From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com []) by mx.groups.io with SMTP id smtpd.web12.2209.1587022437519145375 for ; Thu, 16 Apr 2020 00:33:58 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: guomin.jiang@intel.com) IronPort-SDR: 6/1b3GiGrkCnmqUV+rdb90SS6CROlCVppw9l71gDutwqUKj7N0CGKAq89dZ0owe+UUkiD2ZZiR Enk8ltPeujZQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Apr 2020 00:33:57 -0700 IronPort-SDR: ggD/5/h/AMJVC+EfwULmFmTMFh3skqG6rNd8xOw0wF47vo4OI8kEVDXATpd+E1pWNQtt/Uwxf2 OLjG581/mm6w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,390,1580803200"; d="scan'208";a="288803532" Received: from guominji-mobl.ccr.corp.intel.com ([10.238.5.173]) by fmsmga002.fm.intel.com with ESMTP; 16 Apr 2020 00:33:56 -0700 From: "Guomin Jiang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Chao Zhang Subject: [PATCH v2 1/6] SecurityPkg/TPM: measure UEFI images without associated device paths again Date: Thu, 16 Apr 2020 15:33:49 +0800 Message-Id: <20200416073354.2232-2-guomin.jiang@intel.com> X-Mailer: git-send-email 2.25.1.windows.1 In-Reply-To: <20200416073354.2232-1-guomin.jiang@intel.com> References: <20200416073354.2232-1-guomin.jiang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2652 DxeTpm2MeasureBootHandler() and DxeTpmMeasureBootHandler() functions may receive a FileBuffer argument that is not associated with any particular device path (e.g., because the UEFI image has not been loaded from any particular device path). Therefore rejecting (File=3D=3DNULL) at the top of the function is invalid. Fixes: 4b026f0d5af36faf3a3629a3ad49c51b5b3be12f Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Guomin Jiang --- .../DxeTpm2MeasureBootLib.c | 20 +++++++++---------- .../DxeTpmMeasureBootLib.c | 20 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLi= b.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c index f0e95e5ec0..92eac71580 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c @@ -384,8 +384,6 @@ Finish: and other exception operations. The File parameter allows for possible = logging=0D within the SAP of the driver.=0D =0D - If File is NULL, then EFI_ACCESS_DENIED is returned.=0D -=0D If the file specified by File with an authentication status specified by= =0D AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS i= s returned.=0D =0D @@ -398,6 +396,8 @@ Finish: might be possible to use it at a future time, then EFI_SECURITY_VIOLATIO= N is=0D returned.=0D =0D + If check image specified by FileBuffer and File is NULL meanwhile, retur= n EFI_ACCESS_DENIED.=0D +=0D @param[in] AuthenticationStatus This is the authentication status = returned=0D from the securitymeasurement servi= ces for the=0D input file.=0D @@ -416,7 +416,7 @@ EFI_STATUS EFIAPI=0D DxeTpm2MeasureBootHandler (=0D IN UINT32 AuthenticationStatus,=0D - IN CONST EFI_DEVICE_PATH_PROTOCOL *File,=0D + IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL=0D IN VOID *FileBuffer,=0D IN UINTN FileSize,=0D IN BOOLEAN BootPolicy=0D @@ -435,13 +435,6 @@ DxeTpm2MeasureBootHandler ( EFI_PHYSICAL_ADDRESS FvAddress;=0D UINT32 Index;=0D =0D - //=0D - // Check for invalid parameters.=0D - //=0D - if (File =3D=3D NULL) {=0D - return EFI_ACCESS_DENIED;=0D - }=0D -=0D Status =3D gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &= Tcg2Protocol);=0D if (EFI_ERROR (Status)) {=0D //=0D @@ -615,6 +608,13 @@ DxeTpm2MeasureBootHandler ( //=0D Status =3D PeCoffLoaderGetImageInfo (&ImageContext);=0D if (EFI_ERROR (Status)) {=0D + //=0D + // Check for invalid parameters.=0D + //=0D + if (File =3D=3D NULL) {=0D + Status =3D EFI_ACCESS_DENIED;=0D + }=0D +=0D //=0D // The information can't be got from the invalid PeImage=0D //=0D diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.= c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index d499371e7a..d990eb2ad3 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -678,8 +678,6 @@ Finish: and other exception operations. The File parameter allows for possible = logging=0D within the SAP of the driver.=0D =0D - If File is NULL, then EFI_ACCESS_DENIED is returned.=0D -=0D If the file specified by File with an authentication status specified by= =0D AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS i= s returned.=0D =0D @@ -692,6 +690,8 @@ Finish: might be possible to use it at a future time, then EFI_SECURITY_VIOLATIO= N is=0D returned.=0D =0D + If check image specified by FileBuffer and File is NULL meanwhile, retur= n EFI_ACCESS_DENIED.=0D +=0D @param[in] AuthenticationStatus This is the authentication status = returned=0D from the securitymeasurement servi= ces for the=0D input file.=0D @@ -710,7 +710,7 @@ EFI_STATUS EFIAPI=0D DxeTpmMeasureBootHandler (=0D IN UINT32 AuthenticationStatus,=0D - IN CONST EFI_DEVICE_PATH_PROTOCOL *File,=0D + IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL=0D IN VOID *FileBuffer,=0D IN UINTN FileSize,=0D IN BOOLEAN BootPolicy=0D @@ -732,13 +732,6 @@ DxeTpmMeasureBootHandler ( EFI_PHYSICAL_ADDRESS FvAddress;=0D UINT32 Index;=0D =0D - //=0D - // Check for invalid parameters.=0D - //=0D - if (File =3D=3D NULL) {=0D - return EFI_ACCESS_DENIED;=0D - }=0D -=0D Status =3D gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &T= cgProtocol);=0D if (EFI_ERROR (Status)) {=0D //=0D @@ -912,6 +905,13 @@ DxeTpmMeasureBootHandler ( //=0D Status =3D PeCoffLoaderGetImageInfo (&ImageContext);=0D if (EFI_ERROR (Status)) {=0D + //=0D + // Check for invalid parameters.=0D + //=0D + if (File =3D=3D NULL) {=0D + return EFI_ACCESS_DENIED;=0D + }=0D +=0D //=0D // The information can't be got from the invalid PeImage=0D //=0D --=20 2.25.1.windows.1